Skip to content

Strict policy

strictPolicy is the highest‑enforcement built‑in policy preset.

It enables scanning, full analysis, severity escalation, and a comprehensive set of automatic rejections. This preset is designed for maximum safety, maximum scrutiny, and environments where correctness is more important than permissiveness.

Signature

export const strictPolicy: Policy

Behavior

Mode

Mode: strict

Strict mode enforces:

  • Full scanning.
  • Aggressive rejection of suspicious values.
  • Severity escalation.
  • Complete analysis tracing.
  • No structural exceptions.

It is the "fail fast, fail loudly" mode.

Scan configuration

Scan: true.

Scanning is fully enabled:

  • Deep structural inspection.
  • Containment detection.
  • Circular reference detection.
  • Depth checks.
  • Unsafe Unicode checks.

Strict mode assumes untrusted input and inspects accordingly.

Decision configuration

decide: {
    reject: [
        "value.was.contained",
        "object.has.circular-references",
        "number.not.finite",
        "number.not.number",
        "date.is.invalid",
        "string.has.unsafe-unicode",
        "array.is.deep",
        "object.is.deep",
    ],

    review: [
        "array.is.large",
        "object.has.many-keys",
        "string.is.long",
        "bigint.is.large",
    ],

    escalate: { "*": 1 },

    override: {},

    warn: [],
}

Reject list

These event codes automatically reject the boundary:

  • Containment violations.
  • Circular references.
  • Non‑finite numbers.
  • Invalid dates.
  • Unsafe Unicode.
  • Excessively deep arrays or objects.

Strict mode treats these as unsafe or malformed.

Review list

These event codes trigger human review:

  • Large arrays.
  • Objects with many keys.
  • Long strings.
  • Large BigInt values.

Strict mode flags potentially suspicious or resource‑intensive structures.

Escalation

Escalate: { "*": 1 }

All severities are escalated by one level:

  • Warnings → errors
  • Info → warnings

Strict mode never downgrades.

Overrides

None. Strict mode never softens severity.

Warn list

Empty. Strict mode does not auto‑warn.

Analysis configuration

analysis: {
    diff: true,
    explain: true,
    replay: true,
    telemetry: true,
}

All analysis features are enabled:

  • Diff: Structural diffs of values.
  • Explain: Reasoning traces.
  • Replay: Event replay logs.
  • Telemetry: Internal metrics.

Strict mode is fully observable and traceable.

Exception configuration

exception: {
    bigint: false,
    map: false,
    set: false,
}

No structural exceptions are allowed:

  • bigint must be explicitly permitted.

Strict mode rejects these unless the boundary or normalization rules explicitly allow them.

Design rationale

  • Provides maximum safety for untrusted or security‑sensitive environments.
  • Rejects malformed, ambiguous, or suspicious values early.
  • Escalates all severities to ensure nothing is silently ignored.
  • Enables full analysis tooling for debugging and auditing.
  • Ensures contributors cannot accidentally accept unsafe structures.

When to use

Use strictPolicy when:

  • Input comes from untrusted sources.
  • You need maximum correctness guarantees.
  • You want full visibility into pipeline behavior.
  • You want to enforce strict structural and semantic rules.
  • You are validating security‑sensitive or regulated data.