[MEDIUM] CloudBootstrap: XML parsing lacks schema validation

[0xbbjoker]

Summary

The LLM decision output is parsed via parseKeyValueXml() but there's no schema validation on the parsed result. Malformed or unexpected values pass through silently.

Affected Files

• lib/eliza/plugin-cloud-bootstrap/services/cloud-bootstrap-message-service.ts — XML parsing in runMultiStepCore

Impact

• Unknown action names pass through (not validated against registered actions before execution)
• Parameters may not be valid JSON (caught by try/catch but no structured error)
• isFinish parsed as string, not boolean (implicit conversion)
• Retry logic handles parse failures but not semantically invalid output

Recommended Fix

Add lightweight validation after parsing:

• Verify action is a known registered action name
• Verify parameters is valid JSON and matches expected schema
• Validate isFinish is explicitly "true" or "false"
• Log and handle invalid decisions as parse failures (trigger retry)

Effort estimate: Short (<4h)

Source

Identified by GPT Architect agent during comprehensive plan review (2026-02-06).