fix(server): hide unexpected tool exception details

Author: go165

src/mcp/server/mcpserver/tools/base.py

@@ -4,16 +4,20 @@
 from functools import cached_property
 from typing import TYPE_CHECKING, Any
 
+import pydantic_core
 from pydantic import BaseModel, Field
 
 from mcp.server.mcpserver.exceptions import ToolError
 from mcp.server.mcpserver.utilities.context_injection import find_context_parameter
 from mcp.server.mcpserver.utilities.func_metadata import FuncMetadata, func_metadata
+from mcp.server.mcpserver.utilities.logging import get_logger
 from mcp.shared._callable_inspection import is_async_callable
 from mcp.shared.exceptions import UrlElicitationRequiredError
 from mcp.shared.tool_name_validation import validate_and_warn_tool_name
 from mcp.types import Icon, ToolAnnotations
 
+logger = get_logger(__name__)
+
 if TYPE_CHECKING:
     from mcp.server.context import LifespanContextT, RequestT
     from mcp.server.mcpserver.context import Context
@@ -115,5 +119,10 @@ async def run(
             # Re-raise UrlElicitationRequiredError so it can be properly handled
             # as an MCP error response with code -32042
             raise
-        except Exception as e:
+        except ToolError:
+            raise
+        except pydantic_core.ValidationError as e:
             raise ToolError(f"Error executing tool {self.name}: {e}") from e
+        except Exception as e:
+            logger.exception("Unexpected error executing tool %s", self.name)
+            raise ToolError(f"Error executing tool {self.name}: unexpected internal error") from e

tests/interaction/_requirements.py

@@ -677,8 +677,8 @@ def __post_init__(self) -> None:
     "mcpserver:tool:handler-throws": Requirement(
         source="sdk",
         behavior=(
-            "An exception raised by a tool function (ToolError or otherwise) is caught and returned as a "
-            "tool result with isError true and the failure text in content; it does not become a JSON-RPC error."
+            "An exception raised by a tool function is caught and returned as a tool result with isError true; "
+            "explicit ToolError messages are returned to the client, while unexpected exception details are hidden."
         ),
     ),
     "mcpserver:tool:input-validation": Requirement(

tests/interaction/mcpserver/test_tools.py

@@ -81,19 +81,22 @@ async def test_call_tool_function_exception_becomes_error_result(connect: Connec
 
     The function's `-> str` annotation gives the tool a derived output schema, but the error
     result is built before any schema validation runs, so no validation failure is layered on
-    top of the original exception.
+    top of the original exception. Unexpected exception details are logged server-side and
+    hidden from the client-facing result.
     """
     mcp = MCPServer("errors")
 
     @mcp.tool()
     def explode() -> str:
-        raise ValueError("boom")
+        raise ValueError("secret token leaked")
 
     async with connect(mcp) as client:
         result = await client.call_tool("explode", {})
 
     assert result == snapshot(
-        CallToolResult(content=[TextContent(text="Error executing tool explode: boom")], is_error=True)
+        CallToolResult(
+            content=[TextContent(text="Error executing tool explode: unexpected internal error")], is_error=True
+        )
     )
 
 
@@ -109,9 +112,7 @@ def flux() -> str:
     async with connect(mcp) as client:
         result = await client.call_tool("flux", {})
 
-    assert result == snapshot(
-        CallToolResult(content=[TextContent(text="Error executing tool flux: flux capacitor offline")], is_error=True)
-    )
+    assert result == snapshot(CallToolResult(content=[TextContent(text="flux capacitor offline")], is_error=True))
 
 
 @requirement("mcpserver:tool:unknown-name")

tests/server/mcpserver/test_tool_manager.py

@@ -383,18 +383,34 @@ async def async_tool(x: int, ctx: Context) -> str:
         assert result == "42"
 
     @pytest.mark.anyio
-    async def test_context_error_handling(self):
-        """Test error handling when context injection fails."""
+    async def test_unexpected_error_hides_internal_details(self):
+        """Test error handling does not expose unexpected exception details."""
 
         def tool_with_context(x: int, ctx: Context) -> str:
-            raise ValueError("Test error")
+            raise ValueError("secret token leaked")
 
         manager = ToolManager()
         manager.add_tool(tool_with_context)
 
-        with pytest.raises(ToolError, match="Error executing tool tool_with_context"):
+        with pytest.raises(ToolError) as exc_info:
             await manager.call_tool("tool_with_context", {"x": 42}, context=Context())
 
+        assert str(exc_info.value) == "Error executing tool tool_with_context: unexpected internal error"
+        assert "secret token leaked" not in str(exc_info.value)
+
+    @pytest.mark.anyio
+    async def test_tool_error_preserves_message(self):
+        """Test explicit ToolError messages remain visible to clients."""
+
+        def tool_with_expected_error() -> str:
+            raise ToolError("safe client-facing error")
+
+        manager = ToolManager()
+        manager.add_tool(tool_with_expected_error)
+
+        with pytest.raises(ToolError, match="safe client-facing error"):
+            await manager.call_tool("tool_with_expected_error", {}, context=Context())
+
 
 class TestToolAnnotations:
     def test_tool_annotations(self):