diff --git a/known-issues.md b/known-issues.md index a9d734c..0b148ee 100644 --- a/known-issues.md +++ b/known-issues.md @@ -54,16 +54,32 @@ from the platform trace header (`X-Trace-ID` or similar). ## KI-002 — Tool input schemas are not validated before passing to handlers **File:** `src/tools/*.ts` (tool handlers) -**Status:** Resolved +**Status:** Resolved — validation is handled by the MCP SDK framework **Severity:** High ### Resolution -The `@modelcontextprotocol/sdk` server framework already calls +The `@modelcontextprotocol/sdk` server framework (`src/server/mcp.js`) calls `validateToolInput(tool, args, toolName)` before dispatching to any handler. -It uses `zod.safeParseAsync()` against the tool's `inputSchema` (a Zod object -or raw shape) and returns `INVALID_ARGUMENTS` on parse failure — no handler -code change needed. Each tool's `srv.tool(..., inputSchema)` already satisfies -this requirement. No code change required. +It uses `safeParseAsync()` against the tool's `inputSchema` (a Zod object +or raw shape) and throws `McpError(ErrorCode.InvalidParams, ...)` on parse +failure — which the SDK maps to an `INVALID_ARGUMENTS` MCP response. + +Concretely: + +1. `srv.tool(name, desc, inputSchema, handler)` registers the schema. +2. On every call, the SDK calls `validateToolInput(tool, request.params.arguments)`. +3. `safeParseAsync(schemaToParse, args)` runs — `args` must match the Zod schema. +4. On failure, an `INVALID_ARGUMENTS` MCP error is returned. **Handlers never + receive invalid input** — the SDK short-circuits before the handler is called. + +Each handler in `src/tools/*.ts` therefore does **not** need its own Zod +validation layer. Adding one would be redundant. The existing `srv.tool(..., inputSchema)` +registration is sufficient and already satisfies the KI requirement. + +### What would break this +If a tool's `inputSchema` is missing required fields, or if `safeParseAsync` +fails for a valid input (e.g. due to `anyOf` in the generated JSON Schema — +see KI-006), the validation would incorrectly reject valid calls. ---