lintai docs

Appearance

Rule Reference

SEC316lintai-ai-securitycompatqualitystabletool_jsonwarn

OpenAI strict schema: missing additionalProperties false

OpenAI strict tool schema omits recursive additionalProperties: false

Public lane
compat
Category
quality
Provider
lintai-ai-security
Scope
per-file
Surface
tool_json
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message only
How to read this lane

Config, schema, and policy contract review.

How to read this category

Contract, schema, or config correctness signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

compatsidecar lane
mcpsurface preset

Lifecycle

Stable Lifecycle Contract

State

stable

Graduation rationale

Checks OpenAI strict tool schemas for recursive object locking with additionalProperties: false.

Deterministic signal basis

ToolJsonSignals recursive schema walk over OpenAI function.parameters when strict mode is enabled.

Malicious corpus
tool-json-openai-strict-additional-properties
Benign corpus
tool-json-openai-strict-locked
structured evidence required remediation reviewed
Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC314Tool descriptor: missing machine fieldsMCP-style tool descriptor is missing required machine fieldscompatqualitytool_json
SEC315Tool descriptors: duplicate tool namesMCP-style tool descriptor collection contains duplicate tool namescompatqualitytool_json
SEC317OpenAI strict schema: properties not all requiredOpenAI strict tool schema does not require every declared propertycompatqualitytool_json
SEC318Anthropic strict schema: missing additionalProperties falseAnthropic strict tool input schema omits additionalProperties: falsecompatqualitytool_json

Why It Matters

When OpenAI strict mode is enabled, leaving object nodes open weakens the schema contract and can allow undeclared fields into supposedly locked tool inputs.

What Triggers

SEC316 applies to OpenAI-style strict tool schemas and triggers when an object node in the strict schema omits additionalProperties: false.

Example that triggers:

json
[
  {
    "type": "function",
    "function": {
      "name": "weather",
      "strict": true,
      "parameters": {
        "type": "object",
        "properties": { "city": { "type": "string" } },
        "required": ["city"]
      }
    }
  }
]

False Positives

This is a structural schema-walk rule over strict OpenAI tool definitions. It is not a prose or naming heuristic.

Remediation

Lock every object node in the strict schema with additionalProperties: false.