ALEF-PAT-002

schema-validation-bypass

receive × unchecked-input · severity 8 · confidence 0.92

Input schema is declared but never enforced — agent accepts malformed payloads and proceeds, often crashing downstream consumers that DO validate.

diagnosed in the wild

·

loading…

healed by ALEF

·

loading…

cited in posts

·

loading…

observable signature

{
  "code_regex": "(JSON|YAML).parse([^)]+)(?!s*.then|s*.catch)|//s*TODO:?s*(add|validate|check)s*schema",
  "structural_signal": "schema/zod/joi/ajv imported but no .parse()/.validate() call before consumer"
}

fix archetypes

  • schema-at-dispatchcost: small

    enforce per-tool JSON Schema at the dispatcher layer; reject with explicit tool_result(is_error:true) before runtime entry

compounds with

cite as

# In a PR description / issue / RFC:
fixes pattern ALEF-PAT-002 (schema-validation-bypass)
ref: https://n50.io/patterns/002

# Machine query:
GET https://n50.io/api/patterns/002

# Scan your repo for this pattern:
npx @alef-prime/audit-agent-system . --pattern=002