Skip to content

feat: allow users to add constraints and validators to ToolParam #222

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
bcallender wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat: allow users to add constraints and validators to ToolParam #222

bcallender wants to merge 3 commits into from

Conversation

@bcallender
Copy link
Contributor

@bcallender bcallender commented Sep 18, 2025
edited
Loading

TL;DR

Added parameter constraints and validators to tool parameters to enable better validation of user inputs.

What changed?

  • Added NumericConstraint and ToolParameterConstraints message types to the protocol buffer definitions
  • Added constraints field to ToolParameter message to support numeric bounds (gt, ge, lt, le), multiple_of, min/max length, and regex pattern validation
  • Added validator_names field to ToolParameter to support custom validators
  • Implemented a validator registry system with a ParamValidator protocol
  • Added a RegexValidator implementation with comprehensive regex validation
  • Updated serialization/deserialization to handle the new constraint fields
  • Modified the Pydantic model generation to apply constraints and validators
  • Updated the MCP demo setup to use regex validators for query parameters

How to test?

  1. Create a tool with parameter constraints:
tool = ToolParam(
    name="min_age",
    description="Filter `users` by minimum age.",
    constraints=ToolParamConstraints(gt=0, lt=120)
)
  1. Create a tool with a regex validator:
tool = ToolParam(
    name="search_query",
    description="Regex pattern for querying user profile information",
    validator_names=["regex"]
)
  1. Verify that invalid inputs are rejected with appropriate error messages when using the tool.

Why make this change?

This change enhances the tool parameter system by adding robust validation capabilities. By supporting both declarative constraints (like min/max values, length limits) and custom validators, we can ensure that user inputs meet specific requirements before executing tool functions. This improves error handling, security, and user experience by providing immediate feedback on invalid inputs rather than failing during execution.

@bcallender Graphite App
Copy link
Contributor Author

bcallender commented Sep 18, 2025
edited
Loading

This stack of pull requests is managed by Graphite. Learn more about stacking.

@bcallender bcallender mentioned this pull request Sep 18, 2025
Merged
@bcallender bcallender force-pushed the bc-automated-tool-creation branch from 979a81e to 343929d Compare September 18, 2025 20:24
@bcallender bcallender force-pushed the feat/tool-param-validators branch from 80d2d98 to 71fdd1d Compare September 18, 2025 20:24
@bcallender bcallender force-pushed the bc-automated-tool-creation branch from 343929d to 392169d Compare September 18, 2025 22:59
@bcallender bcallender force-pushed the feat/tool-param-validators branch from 71fdd1d to 92e2cde Compare September 18, 2025 22:59
@bcallender bcallender force-pushed the bc-automated-tool-creation branch from 392169d to f5ebd6d Compare September 18, 2025 23:29
@bcallender bcallender force-pushed the feat/tool-param-validators branch from 92e2cde to a9d001c Compare September 18, 2025 23:29
@bcallender bcallender force-pushed the bc-automated-tool-creation branch from f5ebd6d to 581a62a Compare September 19, 2025 16:43
@bcallender bcallender force-pushed the feat/tool-param-validators branch from a9d001c to d0f2c71 Compare September 19, 2025 16:43
@bcallender bcallender force-pushed the bc-automated-tool-creation branch from 581a62a to 3214073 Compare September 19, 2025 17:23
@bcallender bcallender force-pushed the feat/tool-param-validators branch from d0f2c71 to 03488ff Compare September 19, 2025 17:23
@bcallender bcallender mentioned this pull request Sep 21, 2025
Closed
@bcallender bcallender force-pushed the bc-automated-tool-creation branch 2 times, most recently from cddc32b to 99b3991 Compare September 22, 2025 00:05
@bcallender bcallender force-pushed the feat/tool-param-validators branch 2 times, most recently from e2b688c to 7f7c9f3 Compare September 22, 2025 00:20
@bcallender bcallender force-pushed the bc-automated-tool-creation branch from 99b3991 to 52be67d Compare September 22, 2025 17:00
@bcallender bcallender force-pushed the feat/tool-param-validators branch from 7f7c9f3 to 133cc79 Compare September 22, 2025 17:00
@bcallender bcallender force-pushed the bc-automated-tool-creation branch from 52be67d to 17e9bbf Compare September 22, 2025 17:26
@bcallender bcallender force-pushed the feat/tool-param-validators branch from 133cc79 to 5cf647b Compare September 22, 2025 17:27
@bcallender bcallender force-pushed the bc-automated-tool-creation branch from 17e9bbf to da184da Compare September 22, 2025 17:31
@bcallender bcallender force-pushed the feat/tool-param-validators branch from 5cf647b to 60bd917 Compare September 22, 2025 17:31
@bcallender bcallender force-pushed the bc-automated-tool-creation branch from da184da to 5d9d16a Compare September 22, 2025 18:46
@bcallender bcallender force-pushed the feat/tool-param-validators branch from 60bd917 to 3ea2993 Compare September 22, 2025 18:46
@bcallender bcallender force-pushed the bc-automated-tool-creation branch from 5d9d16a to 95058fe Compare September 22, 2025 19:18
@bcallender bcallender force-pushed the feat/tool-param-validators branch from 3ea2993 to 507902a Compare September 22, 2025 19:18
@bcallender bcallender force-pushed the bc-automated-tool-creation branch from 95058fe to 1cddcec Compare September 22, 2025 21:41
@bcallender bcallender force-pushed the feat/tool-param-validators branch from c74b8cc to 5d5f1bb Compare September 22, 2025 21:41
@bcallender bcallender force-pushed the bc-automated-tool-creation branch from 1cddcec to 97d0650 Compare September 22, 2025 22:11
@bcallender bcallender force-pushed the feat/tool-param-validators branch from 3257fef to 088602e Compare September 23, 2025 17:53
@bcallender bcallender force-pushed the bc-automated-tool-creation branch from 03ce63e to 2090362 Compare September 23, 2025 17:55
@bcallender bcallender force-pushed the feat/tool-param-validators branch from 088602e to 00c5bb6 Compare September 23, 2025 17:55
@bcallender bcallender force-pushed the bc-automated-tool-creation branch from 2090362 to 57c7ef1 Compare September 23, 2025 17:56
@bcallender bcallender force-pushed the feat/tool-param-validators branch from 00c5bb6 to 9d0212c Compare September 23, 2025 17:57
@bcallender bcallender force-pushed the bc-automated-tool-creation branch from 57c7ef1 to d41f806 Compare September 23, 2025 17:58
@bcallender bcallender force-pushed the feat/tool-param-validators branch 5 times, most recently from 3a55e47 to 63bbe0b Compare September 23, 2025 22:40
@bcallender bcallender force-pushed the bc-automated-tool-creation branch from e101741 to 87d5ce7 Compare September 23, 2025 22:56
@bcallender bcallender force-pushed the feat/tool-param-validators branch from 63bbe0b to ed2b8e8 Compare September 23, 2025 22:56
@bcallender bcallender force-pushed the bc-automated-tool-creation branch from 87d5ce7 to 9e7cb49 Compare September 23, 2025 22:57
@bcallender bcallender force-pushed the feat/tool-param-validators branch from ed2b8e8 to 9fbcb00 Compare September 23, 2025 22:58
Base automatically changed from bc-automated-tool-creation to main September 23, 2025 23:19
@bcallender bcallender force-pushed the feat/tool-param-validators branch 2 times, most recently from b6cf999 to 492d074 Compare September 25, 2025 22:45
@bcallender bcallender force-pushed the feat/tool-param-validators branch from 492d074 to 79f4513 Compare October 4, 2025 04:14
@bcallender bcallender force-pushed the feat/tool-param-validators branch from 79f4513 to afc439c Compare October 22, 2025 23:10
@bcallender bcallender force-pushed the feat/tool-param-validators branch from afc439c to 3a3a04f Compare November 3, 2025 18:41
@bcallender bcallender force-pushed the feat/tool-param-validators branch 3 times, most recently from 64adca2 to f3f1bfc Compare November 20, 2025 02:00
YoungVor
YoungVor approved these changes Dec 3, 2025
View reviewed changes
Copy link
Contributor

@YoungVor YoungVor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Had a few questions and nits

src/fenic/core/mcp/_validators.py
if len(query) > MAX_REGEX_LENGTH:
raise ValidationError(f"Regex too long (>{MAX_REGEX_LENGTH} characters)")

# Strip inline flags at start like (?i), (?m), combined, to avoid duplication
Copy link
Contributor

@YoungVor YoungVor Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is it right to simply strip this? Wouldn't that change the behavior of what your matching silently?

src/fenic/core/mcp/_validators.py
- Balanced (), [], {}
- Quantifiers {m,n} limited to reasonable bounds
- Limit number of alternations '|'
- Disallow backreferences (\\1, \\2, ...)
Copy link
Contributor

@YoungVor YoungVor Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

According to opus, you can also have 'named' backrefs that you aren't catching in the backreference check, but the exotic construct check might catch it

src/fenic/core/mcp/_validators.py
raise ValidationError("Unsupported inline regex construct")

# Heuristic ReDoS guard: forbid nested quantifiers like (.+)+, (.*)+, (?:.+){2,}
if re.search(r"\((?:[^()]*[+*])[^()]*\)\s*[+*]", query):
Copy link
Contributor

@YoungVor YoungVor Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TIL about ReDoS :D

Opus mentions overlapping alternation as another form of ReDoS, but its not possible to catch every case. For e.g.: "(a|ab)+"

Is there a timeout for the regex validator?

src/fenic/core/mcp/_tools.py
if param.allowed_values:
literal_values = tuple(param.allowed_values)

def _infer_base_type(p: BoundToolParam):
Copy link
Contributor

@YoungVor YoungVor Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: _infer_param_base_type, or similar

src/fenic/core/mcp/_tools.py
annotated_type = TypingAnnotated[base_type, AfterValidator(validate_param)]
if param.has_default:
model_fields[param.name] = (
Optional[annotated_type],
Copy link
Contributor

@YoungVor YoungVor Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I vaguely remember there being some reason for this - but 'optional' is a different concept than 'default'.. why not allow an optional param without a default?

tests/core/mcp/test_validators.py
@pytest.mark.parametrize(
"pattern",
[
r"(.+)+", # nested quantifier
Copy link
Contributor

@YoungVor YoungVor Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Opus recommended a few more tests:

@pytest.mark.parametrize(
    "pattern,expected_error_substring",
    [
        # Empty/whitespace
        ("   ", "empty"),
        
        # Too long
        ("a" * 300, "too long"),
        
        # Unbalanced brackets
        ("(", "parentheses"),
        (")", "parentheses"),
        ("[a-", "bracket"),
        ("]", "bracket"),
        ("a{1,2", "brace"),
        ("a}", "brace"),
        
        # Quantifier issues
        ("a{99999}", "Quantifier"),
        ("a{5,2}", "upper bound"),
        ("a{1,2,3}", "syntax"),
        
        # Alternation limit
        ("a|b|c|d|e|f|g|h|i|j|k|l|m|n|o|p|q|r|s|t|u|v|w|x|y|z|aa", "alternation"),
        
        # Backreferences
        (r"\1", "backreference"),
        (r"\5", "backreference"),
        (r"\9", "backreference"),
        
        # Unsupported constructs
        (r"(?<=a)b", "construct"),
        (r"(?<!a)b", "construct"),
        (r"(?=a)", "construct"),
        (r"(?!a)", "construct"),
        
        # ReDoS patterns
        (r"(.+)+", "Nested"),
        (r"(.*)+", "Nested"),
        (r".*.*", "greedy"),
        (r".+.+", "greedy"),
        (r"(.*){3}", "Nested"),
        (r"(.+){2,5}", "Nested"),
        (r"(?:.*){2}", "Nested"),
        (r"(?:.+){3}", "Nested"),
        
        # Invalid regex syntax
        ("[z-a]", ""),  # py_validate_regex catches
        ("*abc", ""),   # py_validate_regex catches
    ],
)```

tests/core/mcp/test_tools.py
with pytest.raises(PydValidationError, match=re.escape("Input should be greater than 0")):
Model(city_name="SF", age=0, user_names=["Alice", "Bob"])

with pytest.raises(PydValidationError, match=re.escape("Input should be a multiple of 2")):
Copy link
Contributor

@YoungVor YoungVor Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: good to include test to catch gt 120

@bcallender bcallender force-pushed the feat/tool-param-validators branch from f3f1bfc to f67e849 Compare December 4, 2025 00:33
@bcallender bcallender force-pushed the feat/tool-param-validators branch from f67e849 to 18dd4cf Compare December 4, 2025 03:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@YoungVor YoungVor YoungVor approved these changes

@rohitrastogi rohitrastogi Awaiting requested review from rohitrastogi

@german-typedef german-typedef Awaiting requested review from german-typedef

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bcallender @YoungVor