Shadow Validation

trigger

"Zod schemas for every simple route. Hand-rolled validation for the critical route. The abstraction covers the easy cases and skips the hard one."

what it is

The LLM builds a good validation abstraction (Zod schemas via parseValidBody) and applies it to the easy cases (contact, newsletter, reactions, winner-vote). The most complex, highest-risk route — the bout engine — retains its original hand-rolled validation that skips UNSAFE_PATTERN checks, length limits, and sanitization. The new system's guarantees don't reach the critical path. Validation looks comprehensive because there are Zod schemas for everything, but the one that matters bypasses them.

what it signals

High apparent coverage ratio masking a gap on the critical path. When the LLM migrates to a new pattern, check whether the hardest case was migrated or left behind.

instead

Start the migration with the most complex route, not the simplest. Or leave a TODO with a ticket. The LLM pattern is to apply the new system where it's easy, producing false confidence.

refs

• wake:lib/api-schemas.ts vs wake:lib/bout-engine.ts
• The bout payload skips UNSAFE_PATTERN, length limits, sanitization