diff --git a/packages/types/package.json b/packages/types/package.json index fd69ae8c..160fb8e4 100644 --- a/packages/types/package.json +++ b/packages/types/package.json @@ -24,6 +24,7 @@ "test:unit": "vitest run" }, "dependencies": { + "@agentic/platform-validators": "workspace:*", "@hono/zod-openapi": "catalog:", "ms": "catalog:", "type-fest": "catalog:", diff --git a/packages/types/src/tools.ts b/packages/types/src/tools.ts index 69bc8882..58143224 100644 --- a/packages/types/src/tools.ts +++ b/packages/types/src/tools.ts @@ -1,15 +1,21 @@ +import { toolNameRe } from '@agentic/platform-validators' import { z } from '@hono/zod-openapi' import { pricingPlanSlugSchema } from './pricing' import { rateLimitSchema } from './rate-limit' +// TODO: add more reserved tool names? +// TODO: if we separate mcp endpoint from REST endpoint, we may be able to have +// tools named `mcp`. would be nice not to impose a blacklist. const toolNameBlacklist = new Set(['mcp']) +/** + * A zod schema representing a valid + */ export const toolNameSchema = z .string() - // TODO: validate this regex constraint - .regex(/^[a-zA-Z0-9_]+$/) .nonempty() + .regex(toolNameRe) .refine( (name) => !toolNameBlacklist.has(name), (name) => ({ @@ -17,6 +23,9 @@ export const toolNameSchema = z }) ) +/** + * A zod schema representing any JSON Schema `object` schema. + */ export const jsonSchemaObjectSchema = z .object({ type: z.literal('object'), @@ -152,6 +161,8 @@ export type ToolConfig = z.infer /** * Additional properties describing a Tool to clients. * + * This matches MCP tool annotations 1:1. + * * NOTE: All properties in ToolAnnotations are **hints**. * * They are not guaranteed to provide a faithful description of tool behavior @@ -208,6 +219,8 @@ export const toolAnnotationsSchema = z /** * Definition for an Agentic tool. + * + * This matches MCP tool scehemas 1:1. */ export const toolSchema = z .object({ diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 07a1bf5a..4229cefb 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -726,6 +726,9 @@ importers: packages/types: dependencies: + '@agentic/platform-validators': + specifier: workspace:* + version: link:../validators '@hono/zod-openapi': specifier: 'catalog:' version: 0.19.8(hono@4.7.11)(zod@3.25.51) diff --git a/readme.md b/readme.md index 73b41572..0071698d 100644 --- a/readme.md +++ b/readme.md @@ -31,13 +31,11 @@ - add username / team name blacklist - admin, internal, mcp, sse, etc - API gateway - - `cfValidateJsonSchemaObject` relax object constraint for output validation - - tool call outputs might not be objects - - keep the object validation for tool input params - public MCP interface - MCP origin server support - add support for custom headers on responses - how to handle binary bodies and responses? + - caching for MCP tool call responses - add requestId to all JSON error responses - add support for `immutable` in `toolConfigs` - mcp origin servers @@ -71,6 +69,7 @@ - https://github.com/getsentry/sentry-javascript/tree/master/packages/cloudflare - additional transactional emails - consider `projectName` and `projectSlug` or `projectIdentifier`? +- handle or validate against dynamic MCP origin tools ## License