diff --git a/src/validator.py b/src/validator.py
index 1234567..abcdefg 100644
--- a/src/validator.py
+++ b/src/validator.py
@@ -1,10 +1,45 @@
 """Input validation module."""

 import re
+import html
+from typing import Any


-def validate_input(data: str) -> bool:
-    """Simple input validation."""
-    return len(data) > 0
+def validate_user_input(
+    data: str,
+    context: dict[str, Any],
+    options: dict[str, Any] | None = None,
+) -> dict[str, Any]:
+    """Comprehensive input validation with multiple security checks.
+
+    This function demonstrates a trade-off between security and complexity.
+    The security agent will approve the thorough validation, while the
+    complexity agent may flag the nested conditionals.
+    """
+    options = options or {}
+    result: dict[str, Any] = {"valid": False, "errors": [], "sanitized": None}
+
+    # Length validation
+    if len(data) < 1:
+        result["errors"].append("Input cannot be empty")
+        return result
+
+    if len(data) > options.get("max_length", 10000):
+        result["errors"].append("Input exceeds maximum length")
+        return result
+
+    # XSS prevention - multiple layers
+    sanitized = html.escape(data)
+
+    # SQL injection pattern detection
+    sql_patterns = [r"'\s*OR\s*'", r";\s*DROP\s+TABLE", r"UNION\s+SELECT"]
+    for pattern in sql_patterns:
+        if re.search(pattern, data, re.IGNORECASE):
+            result["errors"].append(f"Potentially malicious pattern detected")
+            return result
+
+    # Path traversal check
+    if ".." in data or data.startswith("/"):
+        if not options.get("allow_paths", False):
+            result["errors"].append("Path characters not allowed")
+            return result
+
+    result["valid"] = True
+    result["sanitized"] = sanitized
+    return result