template: warn on missing key access; add strict_templates opt-in (#372)

* Initial plan

* Fix template missingkey=zero: add Option C (warning) and Option A (strict mode)

Co-authored-by: intel352 <77607+intel352@users.noreply.github.com>
Agent-Logs-Url: https://github.com/GoCodeAlone/workflow/sessions/a9d0671f-a3b4-4962-9915-5e48a9e14c70

* template: fix step/trigger helpers in strict mode, remove template from warn log

Co-authored-by: intel352 <77607+intel352@users.noreply.github.com>
Agent-Logs-Url: https://github.com/GoCodeAlone/workflow/sessions/cf41e59f-d4e3-409b-9717-d16b8e2d68b4

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: intel352 <77607+intel352@users.noreply.github.com>
Co-authored-by: Jonathan Langevin <codingsloth@pm.me>

Author: Copilot

DOCUMENTATION.md

@@ -429,8 +429,36 @@ value: '{{ step "parse-request" "path_params" "id" }}'
 value: '{{ index .steps "parse-request" "path_params" "id" }}'
 ```
 
-`wfctl template validate --config workflow.yaml` lints template expressions and warns on undefined step references, forward references, and suggests the `step` function for hyphenated names.
+#### Missing Key Behaviour
 
+By default, template expressions that reference a missing map key (e.g. a typo in a step field name) resolve to the zero value silently — but the engine now logs a **WARN** message to make the problem visible:
+
+```
+WARN template resolved missing key to zero value pipeline=my-pipeline error="..."
+```
+
+To turn the warning into a hard error, set `strict_templates: true` on the pipeline:
+
+```yaml
+pipelines:
+  my-pipeline:
+    strict_templates: true   # any missing key access fails the pipeline step
+    steps:
+      - name: process
+        type: step.set
+        config:
+          values:
+            tenant: "{{ .steps.auth.affilate_id }}"   # typo: affilate_id instead of affiliate_id → step fails immediately
+```
+
+| Mode | `strict_templates` | Missing key result |
+|------|-------------------|--------------------|
+| Default | `false` | Zero value (`<no value>`) + WARN log |
+| Strict | `true` | Step returns an error |
+
+Strict mode applies to **both** direct dot-access (`{{ .steps.auth.field }}`) and the `step`/`trigger` helper functions (`{{ step "auth" "field" }}`). A missing key via either syntax will fail the step when `strict_templates: true` is set.
+
+`wfctl template validate --config workflow.yaml` lints template expressions and warns on undefined step references and forward references. Use `strict_templates: true` in the pipeline config to catch field-level typos at runtime.
 ### Infrastructure
 | Type | Description | Plugin |
 |------|-------------|--------|

config/pipeline.go

@@ -7,6 +7,11 @@ type PipelineConfig struct {
 	OnError      string                `json:"on_error,omitempty" yaml:"on_error,omitempty"`
 	Timeout      string                `json:"timeout,omitempty" yaml:"timeout,omitempty"`
 	Compensation []PipelineStepConfig  `json:"compensation,omitempty" yaml:"compensation,omitempty"`
+	// StrictTemplates causes the pipeline to return an error when any template
+	// expression references a missing map key, instead of silently using the zero
+	// value. Useful for catching typos in step field references at runtime.
+	// Default is false (missing keys produce a warning log and resolve to zero).
+	StrictTemplates bool `json:"strict_templates,omitempty" yaml:"strict_templates,omitempty"`
 }
 
 // PipelineTriggerConfig defines what starts a pipeline.

engine.go

@@ -93,7 +93,6 @@ type StdEngine struct {
 	// configHash is the SHA-256 hash of the last config built via BuildFromConfig.
 	// Format: "sha256:<hex>". Empty until BuildFromConfig is called.
 	configHash string
-
 }
 
 // App returns the underlying modular.Application.
@@ -142,7 +141,6 @@ func (e *StdEngine) SetPluginInstaller(installer *plugin.PluginInstaller) {
 	e.pluginInstaller = installer
 }
 
-
 // NewStdEngine creates a new workflow engine
 func NewStdEngine(app modular.Application, logger modular.Logger) *StdEngine {
 	e := &StdEngine{
@@ -854,11 +852,12 @@ func (e *StdEngine) configurePipelines(pipelineCfg map[string]any) error {
 		}
 
 		pipeline := &module.Pipeline{
-			Name:         pipelineName,
-			Steps:        steps,
-			OnError:      onError,
-			Timeout:      timeout,
-			Compensation: compSteps,
+			Name:            pipelineName,
+			Steps:           steps,
+			OnError:         onError,
+			Timeout:         timeout,
+			Compensation:    compSteps,
+			StrictTemplates: pipeCfg.StrictTemplates,
 		}
 
 		// Propagate the engine's logger to the pipeline so that execution logs

interfaces/iac_test.go

@@ -44,7 +44,7 @@ func (m *mockProvider) ResolveSizing(_ string, _ interfaces.Size, _ *interfaces.
 	return nil, nil
 }
 func (m *mockProvider) ResourceDriver(_ string) (interfaces.ResourceDriver, error) { return nil, nil }
-func (m *mockProvider) Close() error                                                { return nil }
+func (m *mockProvider) Close() error                                               { return nil }
 
 // mockDriver implements ResourceDriver
 type mockDriver struct{}
@@ -84,7 +84,7 @@ func (s *mockState) GetResource(_ context.Context, _ string) (*interfaces.Resour
 func (s *mockState) ListResources(_ context.Context) ([]interfaces.ResourceState, error) {
 	return nil, nil
 }
-func (s *mockState) DeleteResource(_ context.Context, _ string) error { return nil }
+func (s *mockState) DeleteResource(_ context.Context, _ string) error       { return nil }
 func (s *mockState) SavePlan(_ context.Context, _ interfaces.IaCPlan) error { return nil }
 func (s *mockState) GetPlan(_ context.Context, _ string) (*interfaces.IaCPlan, error) {
 	return nil, nil

interfaces/pipeline.go

@@ -57,6 +57,17 @@ type PipelineContext struct {
 
 	// Metadata holds execution metadata (pipeline name, trace ID, etc.)
 	Metadata map[string]any
+
+	// StrictTemplates causes template execution to return an error instead of
+	// the zero value when a template expression references a missing map key.
+	// When false (the default), missing keys resolve to the zero value with a
+	// warning logged via Logger. Enable via pipeline config: strict_templates: true.
+	StrictTemplates bool
+
+	// Logger is used to emit warnings when a template expression resolves a
+	// missing key to the zero value (non-strict mode). When nil, slog.Default()
+	// is used.
+	Logger *slog.Logger
 }
 
 // NewPipelineContext creates a PipelineContext initialized with trigger data.

module/iac_state_azure_test.go

@@ -13,9 +13,9 @@ import (
 
 // mockAzureClient is an in-memory implementation of AzureBlobClient for testing.
 type mockAzureClient struct {
-	mu      sync.Mutex
-	blobs   map[string][]byte  // name -> body
-	leases  map[string]string  // name -> leaseID (empty = not leased)
+	mu     sync.Mutex
+	blobs  map[string][]byte // name -> body
+	leases map[string]string // name -> leaseID (empty = not leased)
 }
 
 func newMockAzureClient() *mockAzureClient {

module/iac_state_gcs_test.go

@@ -14,9 +14,9 @@ import (
 // mockGCSClient is an in-memory implementation of GCSObjectClient for testing.
 type mockGCSClient struct {
 	mu         sync.Mutex
-	objects    map[string][]byte       // key -> body
-	generation map[string]int64        // key -> current generation
-	errOnPut   map[string]error        // key -> error to return on conditional Put
+	objects    map[string][]byte // key -> body
+	generation map[string]int64  // key -> current generation
+	errOnPut   map[string]error  // key -> error to return on conditional Put
 }
 
 func newMockGCSClient() *mockGCSClient {

module/infra_module_deploy_bridge_test.go

@@ -46,7 +46,7 @@ func (d *deployCapableDriver) Update(_ context.Context, image string) error {
 	d.updateCalled = true
 	return nil
 }
-func (d *deployCapableDriver) HealthCheck(_ context.Context, _ string) error { return d.healthErr }
+func (d *deployCapableDriver) HealthCheck(_ context.Context, _ string) error  { return d.healthErr }
 func (d *deployCapableDriver) CurrentImage(_ context.Context) (string, error) { return d.image, nil }
 func (d *deployCapableDriver) ReplicaCount(_ context.Context) (int, error)    { return d.replicas, nil }
 
@@ -93,9 +93,9 @@ func (d *deployCapableDriver) DestroyCanary(_ context.Context) error {
 
 type deployProviderMock struct {
 	*infraMockProvider
-	deployDriver    *deployCapableDriver
-	bgDriver        *deployCapableDriver
-	canaryDriver    *deployCapableDriver
+	deployDriver *deployCapableDriver
+	bgDriver     *deployCapableDriver
+	canaryDriver *deployCapableDriver
 }
 
 func (p *deployProviderMock) ProvideDeployDriver(_ string) DeployDriver {

module/infra_module_test.go

@@ -20,16 +20,16 @@ func newInfraMockApp() *infraMockApp {
 	return &infraMockApp{services: make(map[string]any)}
 }
 
-func (a *infraMockApp) RegisterConfigSection(string, modular.ConfigProvider)  {}
+func (a *infraMockApp) RegisterConfigSection(string, modular.ConfigProvider)    {}
 func (a *infraMockApp) GetConfigSection(string) (modular.ConfigProvider, error) { return nil, nil }
 func (a *infraMockApp) ConfigSections() map[string]modular.ConfigProvider {
 	return nil
 }
-func (a *infraMockApp) Logger() modular.Logger                    { return &noopLogger{} }
-func (a *infraMockApp) SetLogger(modular.Logger)                  {}
-func (a *infraMockApp) ConfigProvider() modular.ConfigProvider    { return nil }
-func (a *infraMockApp) SvcRegistry() modular.ServiceRegistry      { return a.services }
-func (a *infraMockApp) RegisterModule(modular.Module)             {}
+func (a *infraMockApp) Logger() modular.Logger                 { return &noopLogger{} }
+func (a *infraMockApp) SetLogger(modular.Logger)               {}
+func (a *infraMockApp) ConfigProvider() modular.ConfigProvider { return nil }
+func (a *infraMockApp) SvcRegistry() modular.ServiceRegistry   { return a.services }
+func (a *infraMockApp) RegisterModule(modular.Module)          {}
 func (a *infraMockApp) RegisterService(name string, svc any) error {
 	a.services[name] = svc
 	return nil
@@ -46,23 +46,23 @@ func (a *infraMockApp) GetService(name string, target any) error {
 	}
 	return nil
 }
-func (a *infraMockApp) Init() error                                            { return nil }
-func (a *infraMockApp) Start() error                                           { return nil }
-func (a *infraMockApp) Stop() error                                            { return nil }
-func (a *infraMockApp) Run() error                                             { return nil }
-func (a *infraMockApp) IsVerboseConfig() bool                                  { return false }
-func (a *infraMockApp) SetVerboseConfig(bool)                                  {}
-func (a *infraMockApp) Context() context.Context                               { return context.Background() }
-func (a *infraMockApp) GetServicesByModule(string) []string                    { return nil }
+func (a *infraMockApp) Init() error                         { return nil }
+func (a *infraMockApp) Start() error                        { return nil }
+func (a *infraMockApp) Stop() error                         { return nil }
+func (a *infraMockApp) Run() error                          { return nil }
+func (a *infraMockApp) IsVerboseConfig() bool               { return false }
+func (a *infraMockApp) SetVerboseConfig(bool)               {}
+func (a *infraMockApp) Context() context.Context            { return context.Background() }
+func (a *infraMockApp) GetServicesByModule(string) []string { return nil }
 func (a *infraMockApp) GetServiceEntry(string) (*modular.ServiceRegistryEntry, bool) {
 	return nil, false
 }
 func (a *infraMockApp) GetServicesByInterface(reflect.Type) []*modular.ServiceRegistryEntry {
 	return nil
 }
-func (a *infraMockApp) GetModule(string) modular.Module              { return nil }
-func (a *infraMockApp) GetAllModules() map[string]modular.Module     { return nil }
-func (a *infraMockApp) StartTime() time.Time                         { return time.Time{} }
+func (a *infraMockApp) GetModule(string) modular.Module                { return nil }
+func (a *infraMockApp) GetAllModules() map[string]modular.Module       { return nil }
+func (a *infraMockApp) StartTime() time.Time                           { return time.Time{} }
 func (a *infraMockApp) OnConfigLoaded(func(modular.Application) error) {}
 
 // infraMockProvider implements interfaces.IaCProvider for tests.
@@ -408,11 +408,11 @@ func TestInfraModule_ProvidesServices(t *testing.T) {
 
 func TestInfraModule_ResourceConfig_StripsStandardKeys(t *testing.T) {
 	m := NewInfraModule("db", "infra.database", map[string]any{
-		"provider": "aws",
-		"size":     "m",
+		"provider":  "aws",
+		"size":      "m",
 		"resources": map[string]any{"cpu": "2"},
-		"engine":   "postgres",
-		"version":  "16",
+		"engine":    "postgres",
+		"version":   "16",
 	})
 	cfg := m.ResourceConfig()
 	if _, ok := cfg["provider"]; ok {

module/pipeline_executor.go

@@ -40,6 +40,12 @@ type Pipeline struct {
 	// used by step.request_parse for path parameter extraction.
 	RoutePattern string
 
+	// StrictTemplates enables strict template key resolution: when true, any
+	// template expression that references a missing map key returns an error
+	// instead of silently resolving to the zero value. Corresponds to the
+	// pipeline config field strict_templates.
+	StrictTemplates bool
+
 	// EventRecorder is an optional recorder for execution events.
 	// When nil (the default), no events are recorded. Events are best-effort:
 	// recording failures are logged but never fail the pipeline.
@@ -121,11 +127,13 @@ func (p *Pipeline) Execute(ctx context.Context, triggerData map[string]any) (*Pi
 		}
 	}
 	pc := NewPipelineContext(triggerData, md)
+	pc.StrictTemplates = p.StrictTemplates
 
 	logger := p.Logger
 	if logger == nil {
 		logger = slog.Default()
 	}
+	pc.Logger = logger
 
 	logger.Info("Pipeline started", "pipeline", p.Name, "steps", len(p.Steps))