The latest articles on DEV Community by Michael Truong (@michaeltruong). https://dev.to/michaeltruong https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3965775%2F868d43f8-59c8-45ca-93f1-3f2428fb222d.jpg https://dev.to/michaeltruong en Michael Truong Thu, 04 Jun 2026 05:27:30 +0000 https://dev.to/michaeltruong/schema-first-prompt-second-valid-json-wasnt-enough-3nhm https://dev.to/michaeltruong/schema-first-prompt-second-valid-json-wasnt-enough-3nhm <p>Over the last month I've been building <a href="https://codenames-ai.com/" rel="noopener noreferrer">Codenames AI</a>, a small web game where an LLM plays Codenames with you. The guesser never sees unrevealed card identities. The server sends the board state and a clue; the model returns structured guesses with confidence scores and short explanations.</p> <p>When I started, I assumed the hard part was prompting. I was half right. Getting <em>something</em> reasonable out of the model was fast. Making the system safe to expose to players was not.</p> <p>My first milestone felt responsible: <code>response_format: { type: "json_object" }</code> on the chat completion, plus Zod schemas for the response body. If the JSON didn't parse or failed Zod, retry. Ship it.</p> <p>Then I watched the model comply perfectly with the schema and still propose moves that would ruin a game.</p> <h2> Valid JSON, invalid game </h2> <p>Here's the distinction that mattered.</p> <p><strong>JSON schema (via Zod) answers:</strong> Did the model return the keys and types I asked for?</p> <p><strong>Domain validation answers:</strong> Is this output allowed on <em>this</em> board, for <em>this</em> clue, under <em>these</em> rules?</p> <p>Those are not the same questions.</p> <p>Three examples I hit while testing and running the game:</p> <p><strong>1. The model echoed the clue as a guess.</strong></p> <p>Codenames forbids guessing the clue word. The model would sometimes put it in <code>guesses[]</code> anyway—confidently, with a tidy explanation object. Zod was thrilled. The game was not.</p> <p><strong>2. The model hallucinated words that weren't on the board.</strong></p> <p>Perfect JSON. A guess list full of words that don't exist on the 25-card grid, or that were already revealed. Again, schema-valid.</p> <p><strong>3. The spymaster returned illegal clues.</strong></p> <p>Single-word clues can't match a codename, can't be a substring of one (or vice versa), and can't be near-miss spellings. The model regularly suggested clues that a human referee would reject. Valid JSON every time.</p> <p>I spent too long fixing these by adding sentences to the system prompt. That helped a little. It did not help enough.</p> <h2> What actually moved reliability </h2> <p>The bigger wins came from code paths I treated as boring infrastructure.</p> <p><strong>Sanitization before trust.</strong> After Zod parses the guess payload, we strip clue echoes, off-board words, revealed cards, and duplicates, then realign the explanation array with whatever survived. The model can return whatever explanation it wants; the server decides which guesses survive validation.</p> <p><strong>Deterministic validators with explicit error strings.</strong> Clue validation returns things like "Clue cannot be a substring of a board word"—not "invalid." Those strings go back into the next attempt as <code>rejectionFeedback</code>, alongside an exclude list of clue words that already failed, so the next attempt could avoid repeating the same violations.</p> <p><strong>Post-processing for uncertainty.</strong> Even valid guesses get filtered by a confidence threshold before the client plays them. If nothing clears the bar, the API returns an empty guess list—the AI Guesser passes the turn rather than firing a weak pick. That's a product decision, but it only works because the earlier layers stopped nonsense from masquerading as success.</p> <p>None of this required readers to know Codenames. It's the same shape as any LLM feature with invariants: inventory counts that can't go negative, user IDs that must exist, action enums that must match state machines.</p> <h2> Mistakes, surprises and tradeoffs </h2> <p><strong>Mistake:</strong> Treating structured output as the guardrail. It only enforced shape.</p> <p><strong>Surprise:</strong> Sanitization outperformed prompt engineering for the dumbest failures (echoed clue, off-board tokens). Cheap deterministic filters beat another paragraph of "IMPORTANT RULES."</p> <p><strong>Surprise:</strong> Retry feedback with the <em>reason</em> a clue failed worked better than "try again." The model stopped repeating substring violations faster when the server named the violation.</p> <p><strong>Tradeoff:</strong> Retries burn tokens. Logging validation errors per attempt was essential to know whether we had a prompt problem or a missing rule.</p> <p><strong>Tradeoff:</strong> Sanitization can mask drift. If you silently drop bad guesses, monitor what you're dropping or you'll quietly turn the validator into the thing making all the decisions.</p> <h2> What I'd do on the next project </h2> <ol> <li>Define the wire shape (JSON + schema).</li> <li>List domain invariants as pure functions with test cases</li> <li>Add sanitization for the failure modes observed in the first 50 live calls.</li> <li>Only then invest in prompt nuance—and feed validator messages into retries.</li> </ol> <p>Prompt engineering still matters for quality. It is not a substitute for enforcement when the user can lose a game—or money, or data—because the model followed the JSON spec and ignored reality.</p> <p><strong>Takeaway:</strong> If your LLM integration stops at "parse JSON, call it a day," you haven't finished the feature. You've finished the demo.</p> <p>If you'd like to see the project that inspired these lessons, you can try <a href="https://codenames-ai.com/" rel="noopener noreferrer">Codenames AI</a>.</p> ai webdev typescript node