feat: add optional strict parameter to registerTool for Zod validation #846
+85
−3
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 3 commits
August 5, 2025 11:00
This test demonstrates the current issue where tools accept unknown parameters (e.g. incorrect capitalization) without validation errors. The test uses 'username' and 'itemcount' instead of the expected 'userName' and 'itemCount' parameters, which should be rejected but currently aren't. This test is expected to fail until strict validation is implemented.
Add strict parameter to registerTool config that defaults to false for backward compatibility. When strict=true, applies .strict() to Zod schema creation for tool input validation to throw errors on unknown parameters instead of silently ignoring them. - Add strict?: boolean to registerTool config interface - Modify _createRegisteredTool to accept and use strict parameter - Apply z.object(inputSchema).strict() when strict=true - Update legacy tool() method to pass strict=false (backward compatibility) - Update test to verify strict validation rejects unknown parameters - All existing tests continue to pass (no breaking changes) This fixes the issue where parameter name typos are silently dropped, leading to confusing behavior where tools execute with missing data.
Add Advanced Usage section explaining the strict parameter for registerTool: - Show examples of strict vs lenient validation - Explain when to use each mode (development vs production) - Document that strict parameter is only available in registerTool() - Note that legacy tool() method uses lenient validation for compatibility This helps developers understand when and how to use strict validation to catch parameter name typos and unexpected data.
ochafik
requested changes
Sep 15, 2025
| strict: true // Reject { username: "test", itemcount: 42 } | ||
| }, handler); | ||
|
|
||
| // Lenient validation for production - handles client variations gracefully |
There was a problem hiding this comment.
not sure about advising leniency in prod tbh, or maybe explain why (e.g. to allow some kind of forward compatibility maybe, although I'm struggling to imagine a valid use case)
There was a problem hiding this comment.
@ochafik I did this to maintain backwards compatibility for users of this sdk. Let me know which (or another) you'd like me to do:
- Revise this comment, maintaining backwards compatibility
- Do not maintain backwards compatibility, making strict the default
| @@ -774,14 +774,19 @@ export class McpServer { | |||
| inputSchema: ZodRawShape | undefined, | |||
| outputSchema: ZodRawShape | undefined, | |||
| annotations: ToolAnnotations | undefined, | |||
| strict: boolean | undefined, | |||
There was a problem hiding this comment.
I'd name this more explicitly, e.g. rejectUnexpectedInputs, given this isn't turning registerTool as fully strict (e.g. I'd expect structuredContent to be checked against outputSchema, and potentially content text to be checked against structuredContent)
There was a problem hiding this comment.
@ochafik would the variable name strictInputSchemaValidation work for you?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add optional
strictparameter toregisterTool()config that enables Zod's strict validation to reject unknown parameters instead of silently ignoring them.Motivation and Context
The MCP TypeScript SDK currently silently ignores unknown parameters in tool calls, which causes issues where parameter name typos are silently dropped, leading to confusing behavior where tools execute with missing data.
How Has This Been Tested?
Breaking Changes
None. The
strictparameter defaults tofalsefor backward compatibility. Existing code will continue to work unchanged.Types of changes
Checklist
Additional context
You should consider this PR in concert with #792 which makes changes that may be related.
Implementation Details:
strict?: booleantoregisterToolconfig interfacestrict=true, appliesz.object(inputSchema).strict()to reject unknown parametersstrict=false(default), maintains current lenient behaviorregisterTool()method - legacytool()method uses lenient validation for compatibilityUse Cases:
The feature follows existing patterns in the codebase and maintains full backward compatibility while solving a real pain point for developers.
LLM Disclosure
This PR was created with the assistance of Claude Code, Claude Haiku 3.5, Claude Sonnet 4.0, and Chat-GPT 4.1 nano.