Skip to content

Sanitize hostile ability input schemas before tool conversion#46

Closed
dennisdornon wants to merge 1 commit into
mainfrom
fix/sanitize-hostile-input-schemas
Closed

Sanitize hostile ability input schemas before tool conversion#46
dennisdornon wants to merge 1 commit into
mainfrom
fix/sanitize-hostile-input-schemas

Conversation

@dennisdornon

@dennisdornon dennisdornon commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

What changed

convertInputSchema in src/tool-schema.ts now coerces a non-object properties field to {} and drops non-string entries from required before building the MCP tool definition. New src/tool-schema.test.ts pins the behavior with five regression tests (four failed before the fix).

Why

A PHP dashboard that registers an ability with an empty properties map serializes it as [], and the server passed that straight through to tools/list. Spec-compliant MCP clients validate the whole response, so one malformed ability took every tool offline: the official SDK rejects the payload with a zod error, and Claude Code showed the server as connected with zero usable tools. Two abilities on a dashboard experiment branch triggered this in practice.

This is the treat-remote-schemas-as-hostile rule applied to schema shape, not only to content.

Review focus

The coercion happens before the description backfill loop, so a malformed schema now yields a valid empty-input tool instead of poisoning the catalog. Check that you agree silently coercing (rather than dropping the ability) is the right failure mode; the ability is still callable and the dashboard-side schema bug stays visible in its own API output.

Verification

  • npm test (446 passing, includes the 5 new regressions), npm run lint (0 errors), npm run format:check, npm run build
  • Live: against the dashboard that served the malformed abilities, tools/list went from a client-side zod rejection to 71 valid tools, verified with the official MCP SDK client

https://claude.ai/code/session_01NnJiXybDffmpEsdwE1cnYT

Summary by CodeRabbit

  • Bug Fixes

    • Improved handling of malformed tool input schemas.
    • Invalid or non-object properties now default to an empty object.
    • Invalid required fields now default to an empty list, with non-string entries removed.
  • Tests

    • Added coverage for malformed and valid input-schema scenarios.

A PHP dashboard serializing an empty properties map as [] (seen live on
two experiment-branch abilities) invalidated the entire tools/list
response for spec-compliant MCP clients: the official SDK rejects the
payload, leaving the server connected with zero usable tools. Coerce
non-object properties to {} and drop malformed required entries, per
the treat-remote-schemas-as-hostile rule.

Claude-Session: https://claude.ai/code/session_01NnJiXybDffmpEsdwE1cnYT
@coderabbitai

coderabbitai Bot commented Jul 16, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e3740322-10fb-43ba-ad3d-fcd80b49129c

📥 Commits

Reviewing files that changed from the base of the PR and between a6d5efd and 261f973.

📒 Files selected for processing (2)
  • src/tool-schema.test.ts
  • src/tool-schema.ts

Walkthrough

convertInputSchema now sanitizes malformed properties and required fields before producing MCP tools. New Vitest coverage verifies coercion, filtering, and preservation of valid input schemas.

Changes

Input Schema Sanitization

Layer / File(s) Summary
Schema field sanitization
src/tool-schema.ts
convertInputSchema coerces non-object or array properties to {} and non-array or mixed-type required values to an array of strings.
Schema normalization tests
src/tool-schema.test.ts
Tests malformed properties and required values, filters non-string entries, and confirms valid schemas remain unchanged.

Estimated code review effort: 2 (Simple) | ~10 minutes

Possibly related PRs

  • mainwp/mainwp-mcp#28: Both changes modify MCP tool-schema generation and validation in src/tool-schema.ts.
🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main change: sanitizing hostile ability input schemas before converting them into tool definitions.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/sanitize-hostile-input-schemas

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint install timed out. The project may have too many dependencies for the sandbox.


Comment @coderabbitai help to get the list of available commands.

@dennisdornon

Copy link
Copy Markdown
Contributor Author

Closing: this fix ships inside the upcoming code-review-cleanup PR, where it was developed alongside its acceptance-test coverage. Splitting it out was unnecessary.

@dennisdornon
dennisdornon deleted the fix/sanitize-hostile-input-schemas branch July 16, 2026 14:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant