Advanced9 min

Input & Output Validation

Validating what goes into and comes out of your agent: schema validation, PII detection, content filtering, and ensuring agent outputs meet business rules.

Quick Reference

→Input validation: check message length, format, language, and content policy compliance before the agent processes it
→Output validation: verify the agent's response matches expected schema, contains no PII, and adheres to brand guidelines
→Use Pydantic models or Zod schemas to validate structured agent outputs at the boundary between agent and application
→PII detection: scan inputs and outputs for personal data (emails, phone numbers, SSNs) and redact or block as needed
→Business rule validation: check that agent actions (tool calls, responses) comply with domain-specific constraints

Validation Strategy

Validate at every boundary

Agent systems have multiple trust boundaries: user-to-agent, agent-to-tool, tool-to-agent, and agent-to-user. Each boundary needs validation rules because data crossing any boundary can be malformed, malicious, or non-compliant.

Boundary	Direction	Validation Focus	Failure Mode
API entry	User -> Agent	Message length, format, content policy	Malformed requests crash the agent or waste tokens
Tool arguments	Agent -> Tool	Schema conformance, safe parameter values	SQL injection, path traversal, excessive API calls
Tool results	Tool -> Agent	Truncation, PII scrubbing, injection scanning	Indirect prompt injection, PII leakage into context
Agent response	Agent -> User	Schema validation, PII detection, business rules	Invalid JSON, exposed PII, hallucinated data
Memory write	Agent -> Store	Size limits, PII filtering, format checks	Unbounded memory growth, PII persisted in state

Input validation prevents bad data from reaching the agent. Output validation prevents bad data from reaching the user. Both are required -- input validation alone cannot catch errors the LLM introduces, and output validation alone cannot prevent token waste from malformed inputs.

▸Fail fast on input: reject malformed requests at the API boundary before spending tokens
▸Fail safe on output: if validation fails, return a structured error rather than an unvalidated response
▸Log all validation failures with full context for debugging and rule improvement
▸Validate intermediate steps too -- tool call arguments and results, not just the final response

Input Validation

Input validation runs at the API boundary before the agent processes the message. It enforces structural constraints (length, format) and content policies (language, prohibited content). Use Pydantic models to define and enforce schemas declaratively.

Output Schema Validation

Never trust LLM JSON output without validation

LLMs frequently produce almost-valid JSON: trailing commas, unescaped quotes, missing closing braces. Always parse and validate structured outputs against a schema before passing them downstream.

Sign in to read this article

This is a premium article. Sign in with your Google account to continue.