Input Validation at the Gate
Validate workflow input data against a declared schema before any node processes it. Catch missing fields, wrong types, and malformed payloads at the earliest possible point — before any API calls, database writes, or AI invocations.
The Problem
A payment processing workflow expects:
{ "userId": "user-123", "amount": 99.99, "currency": "USD" }Instead it receives:
{ "userId": null, "amount": "ninety-nine", "currency": "USD" }Without input validation:
- The payment node attempts to parse
"ninety-nine"as a number — throws an unhandled exception - The exception surfaces as a generic 500 error with no helpful context
- The audit log shows an error but not why the input was wrong
- The bug may have gone through integration testing unnoticed
The Solution
InputValidationGuard validates input against a JSON schema in the Pre phase. If validation fails and strictMode=true, the node never runs — the caller receives a structured error listing exactly which fields are wrong.
{
"guardRails": {
"individual": [
{
"name": "InputValidationGuard",
"enabled": true,
"order": 1,
"config": {
"schema": {
"type": "object",
"required": ["userId", "amount", "currency"],
"properties": {
"userId": { "type": "string" },
"amount": { "type": "number" },
"currency": { "type": "string" }
}
},
"strictMode": true
}
}
]
}
}What the caller receives
{
"IsAllowed": false,
"ErrorMessage": "Input validation failed",
"Metadata": {
"validation_errors": [
"Required field 'userId' is missing or null",
"Field 'amount': expected 'number', got 'string'"
]
}
}strictMode vs Warning Mode
| Mode | Result on failure | When to use |
|---|---|---|
strictMode: true |
Blocked — workflow stops; node never runs |
Production workflows where malformed input must never reach a node |
strictMode: false (default) |
Warning — workflow continues; violation logged |
Monitoring mode; catch issues without breaking existing flows during rollout |
JSON Type Mapping
The guard maps CLR types to JSON schema types:
| JSON schema type | Accepted CLR types |
|---|---|
"string" | string |
"number" | int, long, double, decimal, float |
"boolean" | bool |
"array" | List<object> or any IList |
"object" | IDictionary |
Combining Validation with PII Detection
Input validation and PII detection are complementary guards. Run validation first to ensure the payload structure is correct, then check for PII in the validated input:
"individual": [
// Step 1: Validate structure
{ "name": "InputValidationGuard", "order": 1,
"config": { "schema": {...}, "strictMode": true } },
// Step 2: Check for PII in validated input
{ "name": "PiiDetectionGuard", "order": 2,
"config": { "sensitivityLevel": "medium" } }
]This order ensures that if the structure is wrong, the PII scanner never runs on malformed data — avoiding false positives from unexpected field positions.
if (input.UserId == null) checks needed. The guard enforces the contract at the framework level.