2026-03-30 | π Paranoid YAML Quoting π€
π The Problem
π Broken YAML frontmatter was intermittently appearing in blog posts, specifically due to image model properties that were not properly quoted. π€ When a YAML parser encounters an unquoted value starting with a special character like the at-sign or exclamation mark, it tries to interpret it as a YAML directive, tag, or anchor reference, and the entire frontmatter block breaks. π₯ This meant posts could fail to render, lose metadata, or produce corrupted files in the publishing pipeline.
π¬ Root Cause Analysis: The 5 Whys
1οΈβ£ Why is YAML frontmatter sometimes broken?
𧩠Because YAML values containing special characters, such as at-signs, exclamation marks, asterisks, ampersands, pipes, greater-than signs, question marks, percent signs, newlines, and tabs, were being written into frontmatter without proper quoting.
2οΈβ£ Why were these values not properly quoted?
π Because the Haskell function called quoteYamlValue used an incomplete allowlist of characters that trigger quoting. π΅οΈ It checked for colons, hashes, double quotes, single quotes, square brackets, curly braces, commas, at-signs, and backticks, but it missed exclamation marks, asterisks, ampersands, pipes, greater-than signs, question marks, percent signs, tabs, and newlines.
3οΈβ£ Why was the character list incomplete?
𧱠Because the function was built incrementally, adding characters one by one as problems were discovered in production, rather than being designed from a complete understanding of the YAML specification. π Evidence of this incremental approach is visible in the git history, where at-signs and backticks were added as recent patches after model names containing those characters caused breakage.
4οΈβ£ Why was the function not designed from the spec?
π§ Because the Haskell codebase had no YAML serialization library dependency. πͺ All YAML construction used manual string concatenation in the pattern of key, colon, space, value, which is inherently fragile. π€· Without a library to rely on, the quoting logic was hand-rolled.
5οΈβ£ Why was manual YAML construction used instead of a library?
ποΈ Because the surgical update pattern, where specific fields are modified while preserving the rest of the file, seemed simpler with line-by-line string manipulation. π‘ But this convenience sacrificed correctness. π― The TypeScript codebase, by contrast, used the js-yaml library with force quotes enabled and did not have this class of bugs.
π Key Findings
π¨ Critical Vulnerability: renderFrontmatter in SocialPosting
π΄ The renderFrontmatter function in SocialPosting.hs reconstructed frontmatter from a parsed map with zero quoting. π It used raw key-colon-value concatenation. π± Since parseFrontmatter strips quotes from values during parsing, any value that was originally safely quoted, like an image model name starting with an at-sign, would lose its quotes when re-serialized. π― This was the primary cause of the reported breakage.
β οΈ Unquoted URL in assembleFrontmatter
π‘ The assembleFrontmatter function in BlogPrompt.hs wrote URLs directly into YAML without any quoting function. π URLs contain colons, which are YAML key-value separators, so this was a latent bug waiting to happen with certain URL patterns.
π Duplicate Quoting Functions
π‘ Two separate quoting functions existed: quoteYamlValue in Frontmatter.hs and quoteForYaml in BlogPrompt.hs. π They had different behavior, different edge case handling, and neither was complete. π§Ή This duplication made the problem harder to see and harder to fix.
π οΈ The Fix
ποΈ Type-Driven YAML Value Representation
π― The core fix introduces a YamlValue algebraic data type that distinguishes between YAML scalars at the type level, mirroring the TypeScript pattern of string or boolean or null. 𧩠This sum type has two constructors: YamlText for string values that are always double-quoted, and YamlBool for native YAML booleans that render unquoted as true or false. π This follows the YAML 1.2 specification, which defines booleans as a distinct scalar type from strings. π The type system now makes it impossible to accidentally render a boolean as a quoted string or a string as an unquoted value.
π Proper Escape Sequences
π The new quoteYamlValue function unconditionally wraps every value in double quotes and properly escapes five categories of special content. πͺ Backslashes become escaped backslashes. π Double quotes become escaped double quotes. π Newlines become the two-character sequence backslash-n. π Carriage returns become backslash-r. βοΈ Tab characters become backslash-t. ποΈ Null bytes are removed entirely.
π§Ή Consolidated to a Single Module
π¦ The duplicate quoteForYaml function was removed. π All Haskell modules now import YamlValue, renderYamlValue, and quoteYamlValue from Automation.Frontmatter as the single source of truth. ποΈ BlogPrompt.hs, BlogSeries.hs, BlogImage.hs, InternalLinking.hs, and SocialPosting.hs all use the same types and functions. 𧩠Domain-driven design keeps all frontmatter concerns in one module, and modular design eliminates the duplication that previously let bugs hide.
π‘οΈ Line-Level Field Updates Preserve Existing Values
π§ The old renderFrontmatter function in SocialPosting.hs parsed frontmatter into a flat map, losing type information, and then re-rendered everything from scratch. π This turned the boolean value true into the string literal βtrueβ wrapped in quotes, so a field like share that should be a native boolean became a quoted string instead. π The fix replaces this full re-render with a targeted line-level field update that only modifies the specific field being changed, preserving all other fields exactly as they were. π― This means native boolean values remain untouched because the line is never modified.
π§Ό Enhanced Sanitization
π§Ή The sanitizeForYaml function, which pre-processes AI-generated text before YAML serialization, was updated to also handle carriage returns and tab characters, replacing them with spaces alongside newlines. π This change was applied in both the Haskell and TypeScript implementations.
π§ͺ Testing
π¬ We added comprehensive tests for the new behavior. π Property-based tests using QuickCheck verify that quoteYamlValue always produces output starting and ending with double quotes, never contains unescaped newlines, never contains unescaped carriage returns, never contains unescaped tabs, and never contains null bytes. 𧩠Edge case tests cover all YAML special indicator characters including exclamation marks, asterisks, ampersands, pipes, greater-than signs, question marks, and percent signs. ποΈ The YamlValue type tests verify that booleans render as native unquoted YAML true and false, while strings are always properly quoted. β All 665 Haskell tests and 1557 TypeScript tests pass.
π‘ Lessons Learned
- π Spec-based and principled programming ensures correctness by construction. ποΈ Designing from the YAML 1.2 specification, with a typed YamlValue ADT that distinguishes booleans from strings, eliminates entire categories of bugs at compile time rather than discovering them in production.
- 𧩠Domain-driven and modular design avoids duplication. π¦ Centralizing all frontmatter concerns, including the YamlValue type, rendering functions, and quoting logic, in a single Frontmatter module means there is one source of truth. π The previous duplication of quoteForYaml and quoteYamlValue with different behavior made bugs invisible.
- π Use proper libraries or proper types for serialization formats. π§ The TypeScript codebase uses js-yaml with typed values and had no quoting bugs. ποΈ On the Haskell side, introducing a sum type for YAML scalars achieves the same correctness without adding a library dependency.
- π When two codebases implement the same feature, compare their approaches. π― The TypeScript code already modeled values as string or boolean or null, which is the right abstraction. π Porting that insight to the Haskell code fixed the root cause.
- π§ͺ Property-based tests verify invariants that unit tests miss. π Instead of enumerating every special character, a property test says the output must always be quoted and never contain raw control characters.
π Book Recommendations
π Similar
- π§ Domain Modeling Made Functional by Scott Wlaschin is relevant because it demonstrates how algebraic data types and domain-driven design can encode business rules into the type system, eliminating entire categories of bugs by construction, exactly as this fix uses a YamlValue sum type to make incorrect YAML serialization unrepresentable.
- π§ͺ Growing Object-Oriented Software, Guided by Tests by Steve Freeman and Nat Pryce is relevant because it demonstrates the TDD red-green-refactor cycle used in this fix, where we first identified the failing scenario, then applied the minimal correct fix, then verified with comprehensive tests.
βοΈ Contrasting
- ποΈ A Philosophy of Software Design by John Ousterhout offers a contrasting view where complexity is managed through deep modules and minimal interfaces, whereas this fix deliberately expanded the interface by adding a YamlValue type to make the design more explicit and correct by construction.
π Related
- π Crafting Interpreters by Robert Nystrom explores parsing and serialization from first principles, which is directly related to understanding why YAML parsing is sensitive to unquoted special characters and how proper escaping works at the character level.