Objective
Implement JSON Schema if/then constraints for conditional field requirements that are currently only enforced at compile time.
Context
Several fields have requirements that depend on other fields' values (e.g., MCP containers need network configuration in strict mode), but these aren't enforced in the schema. Users discover these requirements only through compile errors.
Conditional Requirements to Implement
-
MCP containers in strict mode require network
- If
strict: true and tools.(tool).container is present
- Then
tools.(tool).network must be specified
- Code:
pkg/workflow/strict_mode_validation.go
-
Write permissions require safe-outputs in strict mode
- If
strict: true and permissions has write scopes
- Then
safe-outputs must be configured
- Code:
pkg/workflow/strict_mode_validation.go:68
-
Sandbox-runtime requires feature flag
- If
sandbox-runtime is specified
- Then specific feature flag must be enabled
- Code:
pkg/workflow/compiler_parse.go
-
UV packages require network access
- If
runtime.uv packages are specified
- Then network configuration must allow PyPI access
- Code:
pkg/workflow/bundler_validation.go
Approach
Use JSON Schema if/then for each conditional:
{
"if": {
"properties": {
"strict": { "const": true },
"tools": {
"patternProperties": {
".*": {
"required": ["container"]
}
}
}
}
},
"then": {
"properties": {
"tools": {
"patternProperties": {
".*": {
"required": ["network"]
}
}
}
}
}
}Files to Modify
pkg/parser/schemas/frontmatter.json - Add if/then constraints- After changes, run
make build to rebuild with embedded schema
Acceptance Criteria
Testing
Create test workflows violating each conditional and verify schema validation catches them.
Related to #7575
AI generated by Plan Command for discussion #7569
Objective
Implement JSON Schema
if/thenconstraints for conditional field requirements that are currently only enforced at compile time.Context
Several fields have requirements that depend on other fields' values (e.g., MCP containers need network configuration in strict mode), but these aren't enforced in the schema. Users discover these requirements only through compile errors.
Conditional Requirements to Implement
MCP containers in strict mode require network
strict: trueandtools.(tool).containeris presenttools.(tool).networkmust be specifiedpkg/workflow/strict_mode_validation.goWrite permissions require safe-outputs in strict mode
strict: trueandpermissionshas write scopessafe-outputsmust be configuredpkg/workflow/strict_mode_validation.go:68Sandbox-runtime requires feature flag
sandbox-runtimeis specifiedpkg/workflow/compiler_parse.goUV packages require network access
runtime.uvpackages are specifiedpkg/workflow/bundler_validation.goApproach
Use JSON Schema
if/thenfor each conditional:{ "if": { "properties": { "strict": { "const": true }, "tools": { "patternProperties": { ".*": { "required": ["container"] } } } } }, "then": { "properties": { "tools": { "patternProperties": { ".*": { "required": ["network"] } } } } } }Files to Modify
pkg/parser/schemas/frontmatter.json- Addif/thenconstraintsmake buildto rebuild with embedded schemaAcceptance Criteria
Testing
Create test workflows violating each conditional and verify schema validation catches them.
Related to #7575