toolvalidation

package
v1.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 29, 2026 License: MIT Imports: 8 Imported by: 0

Documentation

Overview

Package toolvalidation provides source-level (AST) validators for MCP tool registrations. It is intended to be consumed from _test.go files in any package that registers mcp.Tool literals (including downstream repositories such as github-mcp-server-remote) so the same guardrails apply everywhere without duplicating the parsing logic.

Index

Constants

View Source 
const MCPImportPath = "github.com/modelcontextprotocol/go-sdk/mcp"

MCPImportPath is the canonical module path of the MCP go-sdk. Source files that import this path under any alias (including the default `mcp`) are candidates for tool-literal validation.

Variables

This section is empty.

Functions

func FormatReadOnlyHintViolations 

func FormatReadOnlyHintViolations(violations []ReadOnlyHintViolation) string

FormatReadOnlyHintViolations renders a single multi-line error message suitable for passing to t.Fatal. Returns "" when violations is empty.

Types

type ReadOnlyHintViolation 

type ReadOnlyHintViolation struct {
	// File is the path to the offending source file, made relative to the
	// scan directory when possible.
	File string
	// Line is the 1-indexed line number of the offending literal.
	Line int
	// ToolName is the value of the Name field on the mcp.Tool literal, or
	// "<unknown>" when it cannot be statically extracted.
	ToolName string
	// Reason is a human-readable explanation of why the literal failed.
	Reason string
}

ReadOnlyHintViolation describes a single mcp.Tool composite literal that failed the ReadOnlyHint check.

func ScanReadOnlyHint 

func ScanReadOnlyHint(dir string) ([]ReadOnlyHintViolation, error)

ScanReadOnlyHint parses every non-test .go file in dir (a single package directory) and returns a violation for each mcp.Tool composite literal that does not explicitly set Annotations.ReadOnlyHint.

The Go runtime cannot distinguish an unset bool field from one explicitly set to false, so this AST-level check exists to prevent future tool registrations from silently defaulting ReadOnlyHint to false — which has triggered downstream agents to prompt for human approval on safe read operations.

Callers typically invoke this from a _test.go file: 

dir, _ := os.Getwd()
violations, err := toolvalidation.ScanReadOnlyHint(dir)

func (ReadOnlyHintViolation) String 

func (v ReadOnlyHintViolation) String() string

String renders a violation in the format used by FormatReadOnlyHintViolations: "<file>:<line> tool=<name>: <reason>".

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.