lintai docs

Appearance

Rule Reference

SEC318lintai-ai-securitystabletool_jsonwarn

Anthropic strict schema: missing additionalProperties false

Anthropic strict tool input schema omits additionalProperties: false

Provider
lintai-ai-security
Surface
tool_json
Scope
per_file
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

basemembership
mcpmembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks Anthropic strict tool input_schema objects for explicit additionalProperties: false.

Deterministic signal basis

ToolJsonSignals recursive schema walk over Anthropic input_schema when strict mode is enabled.

Malicious corpus
tool-json-anthropic-strict-open-schema
Benign corpus
tool-json-anthropic-strict-locked
structured evidence required remediation reviewed
Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC314Tool descriptor: missing machine fieldsMCP-style tool descriptor is missing required machine fieldstool_jsonstable
SEC315Tool descriptors: duplicate tool namesMCP-style tool descriptor collection contains duplicate tool namestool_jsonstable
SEC316OpenAI strict schema: missing additionalProperties falseOpenAI strict tool schema omits recursive additionalProperties: falsetool_jsonstable
SEC317OpenAI strict schema: properties not all requiredOpenAI strict tool schema does not require every declared propertytool_jsonstable

Why It Matters

Anthropic strict tool schemas are meant to be locked down. If input_schema leaves object nodes open, the declared contract is less deterministic than it appears.

What Triggers

SEC318 applies to Anthropic-style strict tool definitions and triggers when input_schema omits additionalProperties: false on object nodes.

Example that triggers:

json
[
  {
    "name": "weather",
    "strict": true,
    "input_schema": {
      "type": "object",
      "properties": { "city": { "type": "string" } },
      "required": ["city"]
    }
  }
]

False Positives

This is a structural schema-locking rule over parsed Anthropic-style tool descriptors.

Remediation

Lock the strict input_schema with additionalProperties: false on every object node.