🔈

packages/types/package.json

@@ -24,6 +24,7 @@
     "test:unit": "vitest run"
   },
   "dependencies": {
+    "@agentic/platform-validators": "workspace:*",
     "@hono/zod-openapi": "catalog:",
     "ms": "catalog:",
     "type-fest": "catalog:",

packages/types/src/tools.ts

@@ -1,15 +1,21 @@
+import { toolNameRe } from '@agentic/platform-validators'
 import { z } from '@hono/zod-openapi'
 
 import { pricingPlanSlugSchema } from './pricing'
 import { rateLimitSchema } from './rate-limit'
 
+// TODO: add more reserved tool names?
+// TODO: if we separate mcp endpoint from REST endpoint, we may be able to have
+// tools named `mcp`. would be nice not to impose a blacklist.
 const toolNameBlacklist = new Set(['mcp'])
 
+/**
+ * A zod schema representing a valid
+ */
 export const toolNameSchema = z
   .string()
-  // TODO: validate this regex constraint
-  .regex(/^[a-zA-Z0-9_]+$/)
   .nonempty()
+  .regex(toolNameRe)
   .refine(
     (name) => !toolNameBlacklist.has(name),
     (name) => ({
@@ -17,6 +23,9 @@ export const toolNameSchema = z
     })
   )
 
+/**
+ * A zod schema representing any JSON Schema `object` schema.
+ */
 export const jsonSchemaObjectSchema = z
   .object({
     type: z.literal('object'),
@@ -152,6 +161,8 @@ export type ToolConfig = z.infer<typeof toolConfigSchema>
 /**
  * Additional properties describing a Tool to clients.
  *
+ * This matches MCP tool annotations 1:1.
+ *
  * NOTE: All properties in ToolAnnotations are **hints**.
  *
  * They are not guaranteed to provide a faithful description of tool behavior
@@ -208,6 +219,8 @@ export const toolAnnotationsSchema = z
 
 /**
  * Definition for an Agentic tool.
+ *
+ * This matches MCP tool scehemas 1:1.
  */
 export const toolSchema = z
   .object({

pnpm-lock.yaml

@@ -726,6 +726,9 @@ importers:
 
   packages/types:
     dependencies:
+      '@agentic/platform-validators':
+        specifier: workspace:*
+        version: link:../validators
       '@hono/zod-openapi':
         specifier: 'catalog:'
         version: 0.19.8(hono@4.7.11)(zod@3.25.51)

readme.md

@@ -31,13 +31,11 @@
 - add username / team name blacklist
   - admin, internal, mcp, sse, etc
 - API gateway
-  - `cfValidateJsonSchemaObject` relax object constraint for output validation
-    - tool call outputs might not be objects
-    - keep the object validation for tool input params
   - public MCP interface
   - MCP origin server support
   - add support for custom headers on responses
   - how to handle binary bodies and responses?
+  - caching for MCP tool call responses
 - add requestId to all JSON error responses
 - add support for `immutable` in `toolConfigs`
 - mcp origin servers
@@ -71,6 +69,7 @@
     - https://github.com/getsentry/sentry-javascript/tree/master/packages/cloudflare
 - additional transactional emails
 - consider `projectName` and `projectSlug` or `projectIdentifier`?
+- handle or validate against dynamic MCP origin tools
 
 ## License