Structured outputs & JSON mode
Anticipate failure modes
Structured outputs becomes useful when you can predict its behavior, measure it, and name its limits.
Before you start
Why this matters
Read this failure list once: confusing JSON mode with schema adherence, accepting a valid but invented account ID, silently coercing types, allowing unknown fields, changing a schema without versioning, executing before validation, recursive schemas unsupported by the provider, and retrying a tool action rather than only regeneration. Pick the failure that could pass a cheerful demo and explain why the demo would miss it.
1Learn the idea
Read
Failures are part of the design
Realistic failures include confusing JSON mode with schema adherence, accepting a valid but invented account ID, silently coercing types, allowing unknown fields, changing a schema without versioning, executing before validation, recursive schemas unsupported by the provider, and retrying a tool action rather than only regeneration.
Classify each failure as prevent, detect, contain, or recover. Prevention is strongest when a hard invariant is possible: schema validation, access control, data-split isolation, or admission limits. Detection needs an observable signal and owner. Containment limits blast radius with tenant boundaries, read-only tools, canaries, budgets, or circuit breakers. Recovery needs a tested fallback, rollback, re-index, or human queue.
Avoid a vague instruction such as “be careful.” Write a tripwire: a metric threshold, validation error, unexpected version, or forbidden action. Then state the response. If the response is “retry,” explain why the failure is transient and why retrying cannot duplicate a side effect or amplify overload.
Read
Apply it to a concrete case
An invoice extractor returns {invoice_id, currency, total_cents, due_date, confidence}. The schema requires integer cents and ISO dates; a business rule checks that line-item cents sum to total_cents before any payment workflow sees it.
The worked number is if 970 of 1,000 outputs parse and 930 pass the schema, parse rate = 97% but end-to-end schema-valid rate = 93%; report both. State the unit and denominator whenever you report it. A percentage without a denominator can conceal a tiny sample; a latency without a percentile can conceal slow users; a similarity score without a labeled task can conceal irrelevant neighbors. Compare the observed value with a threshold chosen before seeing the final test result.
Now test the tempting shortcut. Suppose the team optimizes only the most visible metric. The result may look better while the system becomes less trustworthy. The reason is concrete: Strict schemas simplify downstream code but can make partial answers harder. Large nested schemas consume tokens and reduce model reliability. Retries can repair transient failures but may duplicate side effects unless generation and execution are separate. This is why the decision record must include both the intended gain and the tolerated regression. If the tolerated regression is unknown, the change is not ready for a consequential workflow.
Read
Decision rules
- Prefer a measured baseline over a persuasive demo.
- Keep versions, inputs, and thresholds reproducible.
- Separate syntactic success from semantic correctness and authorization.
- Escalate or abstain when evidence falls outside the contract.
- Re-evaluate when data, traffic, models, providers, or user goals change.
These rules turn the topic into an engineering decision rather than a slogan. They also make disagreement productive: another person can challenge the assumptions, rerun the evaluation, and reach a documented conclusion.
Read
Rehearse one failure safely
Choose the failure with the largest combination of likelihood and impact. Inject it in a test environment without weakening production controls. Capture the first observable symptom, the alert that should fire, the component that contains the damage, and the recovery action. Then remove one safeguard and predict how the blast radius changes before running again. The lesson is not that every failure can be detected from model text. Strong designs enforce invariants outside the model and preserve enough evidence to distinguish bad input, component failure, policy refusal, and ordinary low-confidence output.