ALEF-PAT-002
schema-validation-bypassreceive × unchecked-input · severity 8 · confidence 0.92
Input schema is declared but never enforced — agent accepts malformed payloads and proceeds, often crashing downstream consumers that DO validate.
diagnosed in the wild
·
loading…
healed by ALEF
·
loading…
cited in posts
·
loading…
observable signature
{
"code_regex": "(JSON|YAML).parse([^)]+)(?!s*.then|s*.catch)|//s*TODO:?s*(add|validate|check)s*schema",
"structural_signal": "schema/zod/joi/ajv imported but no .parse()/.validate() call before consumer"
}fix archetypes
- schema-at-dispatchcost: small
enforce per-tool JSON Schema at the dispatcher layer; reject with explicit tool_result(is_error:true) before runtime entry
compounds with
cite as
# In a PR description / issue / RFC: fixes pattern ALEF-PAT-002 (schema-validation-bypass) ref: https://n50.io/patterns/002 # Machine query: GET https://n50.io/api/patterns/002 # Scan your repo for this pattern: npx @alef-prime/audit-agent-system . --pattern=002