Skip to content

feat(server): default request validation to 'warn' in dev/test#765

Merged
bokelley merged 1 commit into
mainfrom
bokelley/request-validation-warn-default
Apr 22, 2026
Merged

feat(server): default request validation to 'warn' in dev/test#765
bokelley merged 1 commit into
mainfrom
bokelley/request-validation-warn-default

Conversation

@bokelley

Copy link
Copy Markdown
Contributor

Summary

Why

Symmetric defaults with responses, and prepares seller operators for upstream schema tightenings — notably adcp#2795, which introduces a required asset_type discriminator on creative assets. Buyer agents still on RC3 fixtures will lack it; surfacing that as a warning during handler development beats discovering it in a downstream VALIDATION_ERROR after deploy.

Opt-out

  • Per-server: validation: { requests: 'off' } on the createAdcpServer config.
  • Global: set NODE_ENV=production for the process.

Test plan

  • npm run build:lib passes
  • npm run test:lib passes (4391 tests, 0 failures, 6 skipped)
  • schema-validation-server.test.js — the renamed requests: "off" test now asserts explicit opt-out instead of relying on it being the default
  • prettier --check clean on modified files
  • Manual verification: construct a server without validation: under NODE_ENV=test, send a request that fails the schema, confirm a Schema validation warning (request) line appears in the logger and the handler still runs
  • Manual verification: set validation: { requests: 'off' } and confirm no warning fires
  • CI green

Refs: #694 (original intent), #727 A (response-side precedent), adcp#2795 (upstream asset_type discriminator this prepares for).

Flip createAdcpServer's request validation default from 'off' to 'warn'
when NODE_ENV !== 'production', mirroring the asymmetric default already
in place for responses ('strict' in dev/test, 'off' in production).

Production behaviour is unchanged: the default stays 'off' when
NODE_ENV === 'production', so prod request paths pay no AJV cost.

Warn mode logs a single Schema validation warning (request) line per
mismatched payload through the configured logger and still dispatches
to the handler — nothing is rejected. Keeps the two validation sides
symmetric and surfaces upstream schema tightenings (e.g. adcp#2795's
required asset_type discriminator) as diagnostics during handler
development instead of as a downstream VALIDATION_ERROR after deploy.

Opt out via validation: { requests: 'off' } or NODE_ENV=production.

Refs #694 (original intent for requests: 'warn'), #727 A (response-side
default precedent).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@bokelley bokelley merged commit 8f9260b into main Apr 22, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant