trading-bot
0/37 complete

Module 4: AI Research Engine — Extraction Se Human Review Tak · 25 min

JSON Parsing — Untrusted AI Output Validate Karo

// sabak

Turn this lesson into one checked practice output

By the end, you should be able to explain the core idea behind “JSON Parsing — Untrusted AI Output Validate Karo” in your own words, apply it to one small real or sample task, and identify what still needs human review.

  1. 1

    Learn

    Read the 25-minute lesson without copying an output blindly.

  2. 2

    Try

    Use a small, non-sensitive example that you can inspect line by line.

  3. 3

    Review

    Check facts, fit, and risk; save one improvement note for next time.

Valid JSON is only the first gate. A model can return syntactically correct fields with unknown source IDs, impossible probabilities, contradictory statuses, or injected instructions copied from a document. Treat the response as hostile input and validate syntax, schema, semantics, and authorization separately.

First cap response bytes and parsing time. Parse exactly one JSON value; do not extract a tempting object from surrounding prose. Validate against a versioned JSON Schema with additionalProperties: false, string length limits, array limits, enums, and required fields. Keep raw response bytes and validation errors under a retention policy, redacting provider secrets.

Then apply semantic rules. All source IDs must belong to the packet. Supporting and contradicting sets cannot contain the same ID without an explicit explanation. READY_FOR_HUMAN_REVIEW requires at least one support ID and completed missing-information field. Confidence categories must be from the allowed enum. Text copied from evidence is data, never an instruction.

Finally apply authorization: validated research JSON can create a review record, not a paper fill. Only a separate human-approved case can reach paper strategy evaluation. This protects the system even when model validation passes perfectly.

Build a quarantine path for failures. Store case ID, hashes, error codes, and sanitized diagnostic excerpts. Do not “repair” malformed output with regex or silently add missing fields. A controlled retry may restate validation errors once, but both attempts remain recorded and the case abstains if validation still fails.

Fuzz the parser with nested arrays, duplicate JSON keys, Unicode controls, very large integers, NaN-like strings, nulls, and deeply nested objects. Configure the loader to reject duplicate keys when possible and apply depth/count bounds before semantic work. Log error codes rather than the entire hostile payload. The same malicious fixture must produce the same safe failure during replay.

🇵🇰 Pakistan Angle

Multilingual text must remain valid UTF-8 and length-limited by characters and bytes. Preserve Urdu correctly and test right-to-left text in reports. Do not loosen schemas because Roman Urdu spelling varies; place free text in a bounded note while keeping decisions as fixed enums.

Hands-On Exercise

Create eight adversarial outputs: prose-wrapped JSON, extra key, unknown source ID, huge string, duplicate IDs, conflicting status, prompt injection inside evidence, and valid abstention. Run them through four gates and produce an error-code matrix. Only the final valid case may create a review request.

Completion Rubric

  • Size, syntax, schema, semantic, and authorization gates are distinct.
  • Extra fields and unknown IDs fail closed.
  • Evidence text cannot change system instructions.
  • Failed output is quarantined, never silently repaired.
  • Valid JSON still cannot initiate any fill.

Sources

Key takeaway: Structure is necessary but insufficient; trusted behavior requires semantic checks and a separate authorization boundary.

Self-check

Before you mark Lesson 4.5 complete

  • Can I explain “JSON Parsing — Untrusted AI Output Validate Karo” without reading the lesson back word for word?
  • Did I complete the lesson’s practice step on a real or clearly labelled sample task?
  • Did I check the result for invented facts, private data, unsafe actions, and mismatch with the brief?