# Schema Validation
Strict JSON schema enforcement acts as the first hard boundary against malformed or injected inputs. Unknown fields are rejected, type mismatches blocked, and payload size and depth are limited.
How It Works
Strict Mode
Unknown fields are rejected — no extra properties allowed
Depth & Size Limits
Max 10 levels deep, max 1MB payload to prevent DoS
Type Safety
Type mismatches and missing required fields are rejected
Define a Schema
typescript
1import { createStrictSchema, validateToolInput } from '@solongate/core';2import { z } from 'zod';34// Define a strict schema (unknown fields rejected)5const fileReadSchema = createStrictSchema({6 path: z.string().min(1),7 encoding: z.enum(['utf-8', 'ascii', 'binary']).optional(),8});910// Validate input11const result = validateToolInput(fileReadSchema, {12 path: '/data/report.txt',13 encoding: 'utf-8',14});1516if (result.valid) {17 console.log('Sanitized:', result.sanitized);18} else {19 console.error('Errors:', result.errors);20}2122// Unknown fields are REJECTED23const bad = validateToolInput(fileReadSchema, {24 path: '/data/report.txt',25 malicious: 'extra field', // This causes validation failure26});27// bad.valid === false28// bad.errors === ["malicious: Unrecognized key(s) in object: 'malicious'"]
Depth and Size Limits
Before schema validation runs, two pre-checks protect against resource exhaustion:
maxDepth: 10Deeply nested objects are rejected to prevent stack overflow and DoS attacksmaxSize: 1 MBOversized payloads are rejected before parsing to prevent memory exhaustiontypescript
1// Custom limits2const result = validateToolInput(schema, input, {3 maxDepth: 5, // Stricter nesting limit4 maxSizeBytes: 512 * 1024, // 512KB limit5});67// Depth exceeded8// result.errors === ["Input depth 8 exceeds maximum 5"]910// Size exceeded11// result.errors === ["Input size 600000 bytes exceeds maximum 524288 bytes"]
Tool Registry
Use the Tool Registry for centralized schema management across all your tools.
typescript
1import { ToolRegistry } from '@solongate/core';2import { z } from 'zod';34const registry = new ToolRegistry();56// Register tools with their schemas7registry.register('file_read', {8 description: 'Read file contents',9 inputSchema: z.object({10 path: z.string(),11 }).strict(),12});1314registry.register('file_write', {15 description: 'Write file contents',16 inputSchema: z.object({17 path: z.string(),18 content: z.string(),19 }).strict(),20});2122// Validate input for a registered tool23const result = registry.validateInput('file_read', {24 path: '/data/file.txt',25});2627// List all registered tools28const tools = registry.listTools();29// ['file_read', 'file_write']
Validation Response
| Field | Type | Description |
|---|---|---|
| valid | boolean | Whether the input passed all checks |
| errors | string[] | List of validation error messages |
| sanitized | object | null | Validated and cleaned data (null if invalid) |