C
Claude Code Expert

Task 4.6

Output Validation

Output validation ensures Claude's responses meet quality, safety, and format requirements before they reach users or trigger downstream actions. This is a critical production concern because model outputs are probabilistic — they can vary in quality, occasionally contain errors, and may not always conform to expected formats.

Validation Layers

Output validation operates at multiple layers: format validation (is the JSON valid? are required fields present?), content validation (are values within expected ranges? do references exist?), quality validation (is the output relevant, accurate, and complete?), and safety validation (does the output contain harmful content, PII, or prompt leakage?).

Format and content validation can be fully automated with programmatic checks. Quality and safety validation often require a combination of rules-based checks and model-based evaluation.

Programmatic Validation

Programmatic validation uses code to check output properties. Common checks include: JSON schema validation (using libraries like zod or ajv), regex pattern matching (for expected formats), range checking (numeric values within bounds), reference validation (do cited sources exist?), and length constraints (minimum and maximum output length).

Programmatic validation is fast, deterministic, and reliable. It should be the first layer of validation for all production outputs.

Model-Based Evaluation

For quality checks that are hard to express programmatically, use a separate model call to evaluate the output. A dedicated 'evaluator' prompt can check: relevance (does the response answer the question?), accuracy (are stated facts correct?), completeness (are all requested elements present?), and tone (does the response match the desired communication style?).

Model-based evaluation adds latency and cost but catches issues that programmatic checks cannot. Use it for high-stakes outputs where quality is critical.

Key Concept

Validate at the Boundary

Output validation should happen at the boundary between the AI system and its consumers — before output reaches users, before tool results trigger actions, and before data is written to storage. This boundary is the last opportunity to catch and correct issues. Never pass unvalidated model output directly to users or downstream systems.

Exam Traps

EXAM TRAP

Skipping validation for 'simple' outputs

Even simple text responses can contain issues (PII leakage, harmful content, prompt injection). All outputs should pass through at least basic validation.

EXAM TRAP

Only validating format, not content

Valid JSON with incorrect values is still a bug. Content validation (value ranges, reference checks) is as important as format validation.

EXAM TRAP

Using model-based evaluation for everything

Model-based evaluation is expensive and adds latency. Use programmatic checks for format and content; reserve model-based evaluation for quality and nuance.

Check Your Understanding

A Claude-powered medical information system generates responses about medication dosages. What is the minimum validation that should be applied before showing responses to users?

Build Exercise

Build an Output Validation Pipeline

Intermediate45 minutes

What you'll learn

  • Implement multi-layer output validation
  • Use schema validation for structured output
  • Add content validation rules
  • Handle validation failures gracefully

  1. Create a schema validator using zod that validates Claude's JSON output against an expected schema. Test with valid and invalid outputs.

    WHY: Schema validation catches structural issues immediately and with zero ambiguity.

    YOU SHOULD SEE: Valid outputs pass; outputs with missing fields, wrong types, or extra fields are rejected with clear error messages.

  2. Add content validation rules: check that numeric values are within expected ranges, string fields match expected patterns, and enum values are valid.

    WHY: Content validation catches semantically incorrect values that are structurally valid.

    YOU SHOULD SEE: Values outside expected ranges are flagged even when the JSON is structurally valid.

  3. Add a safety validation layer that checks for PII patterns (emails, phone numbers, SSNs) and prompt leakage (system prompt content in output).

    WHY: Safety validation prevents accidental data exposure in production systems.

    YOU SHOULD SEE: Outputs containing PII or system prompt fragments are flagged and blocked.

  4. Implement the recovery flow: when validation fails, retry with a corrective prompt. After 2 retries, return a safe default response.

    WHY: Graceful recovery ensures the system always returns something useful, even when validation fails.

    YOU SHOULD SEE: Failed outputs trigger retries with feedback. After max retries, a safe default is returned.

Sources

Previous

Prompt Optimisation