lintai docs

Appearance

Rule Reference

SEC316lintai-ai-securitystabletool_jsonwarn

OpenAI strict schema: missing additionalProperties false

OpenAI strict tool schema omits recursive additionalProperties: false

Provider
lintai-ai-security
Surface
tool_json
Scope
per_file
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

basemembership
mcpmembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks OpenAI strict tool schemas for recursive object locking with additionalProperties: false.

Deterministic signal basis

ToolJsonSignals recursive schema walk over OpenAI function.parameters when strict mode is enabled.

Malicious corpus
tool-json-openai-strict-additional-properties
Benign corpus
tool-json-openai-strict-locked
structured evidence required remediation reviewed
Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC314Tool descriptor: missing machine fieldsMCP-style tool descriptor is missing required machine fieldstool_jsonstable
SEC315Tool descriptors: duplicate tool namesMCP-style tool descriptor collection contains duplicate tool namestool_jsonstable
SEC317OpenAI strict schema: properties not all requiredOpenAI strict tool schema does not require every declared propertytool_jsonstable
SEC318Anthropic strict schema: missing additionalProperties falseAnthropic strict tool input schema omits additionalProperties: falsetool_jsonstable

Why It Matters

When OpenAI strict mode is enabled, leaving object nodes open weakens the schema contract and can allow undeclared fields into supposedly locked tool inputs.

What Triggers

SEC316 applies to OpenAI-style strict tool schemas and triggers when an object node in the strict schema omits additionalProperties: false.

Example that triggers:

json
[
  {
    "type": "function",
    "function": {
      "name": "weather",
      "strict": true,
      "parameters": {
        "type": "object",
        "properties": { "city": { "type": "string" } },
        "required": ["city"]
      }
    }
  }
]

False Positives

This is a structural schema-walk rule over strict OpenAI tool definitions. It is not a prose or naming heuristic.

Remediation

Lock every object node in the strict schema with additionalProperties: false.