Design Question: Fail-Closed Transaction Construction Pattern (Server-Side) #3208
Description
Context: Looking for best practices + any “gotchas” the maintainers see in the wild.
I'm designing a server-side transaction construction boundary using xrpl.js and want to enforce a fail-closed pattern prior to submission.
Goal:
Ensure malformed, unintended, or bypassed transaction shapes are rejected deterministically before submission to rippled.
Questions:
- Are there recommended patterns for strict pre-submission validation beyond schema-level checks?
- Are there known failure surfaces in tx construction that are commonly missed when using xrpl.js?
- Any guidance for enforcing a single controlled submission boundary in multi-tenant systems?
This is a design question rather than a bug report. Happy to refine if there’s a more appropriate venue.