Context Minimization
Reduce untrusted input to a strictly formatted interface (typed fields, max lengths, allow-listed enums) before it reaches any LLM.
Problem
Free-form untrusted input is the primary vector for prompt injection. Even with prompt-level instructions to ignore embedded instructions, sufficiently long or cleverly worded untrusted text dominates the model's attention. Without a structural constraint on what reaches the model, every input is a potential injection.
Solution
Define a typed schema per input class (e.g. {customer_id: UUID, ticket_text: str[max=1000], category: enum}). Validate untrusted input against the schema at the system boundary; reject inputs that don't fit. The LLM prompt only ever sees the typed fields, never the raw input form. For tasks that legitimately need free-form (summarize this), apply length caps and use sub-agent isolation per llm-map-reduce-isolation. Pair with input-output-guardrails and action-selector-pattern.
When to use
- Untrusted input has predictable structure that can be typed.
- Engineering team can invest in per-input-class schemas.
- Task does not require verbatim reasoning over arbitrary user prose.
Open the full interactive page →
Diagram, neighbourhood map, code examples, related patterns and full provenance.