marfrit/aish
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

validate tool names at tools_schema() against strictest provider regex #32

New Issue
Closed
opened 2026-05-12 20:40:49 +00:00 by claude-noether · 0 comments
claude-noether commented 2026-05-12 20:40:49 +00:00
Collaborator
Copy Link
Copy Source

Context

During Phase 2 verify (TC #26 against :model cloud), an actual HTTP 400 from openrouter→Amazon Bedrock surfaced the constraint:

^[a-zA-Z0-9_-]{1,128}$

We fixed it by switching the alias separator from . to __ (commit f26cbd9). But the validation gap is generic — a future MCP server could register a tool with a name containing characters outside this regex (e.g. read-file:v2, tool.fast), and aish would emit it on the wire only to be rejected by a strict provider.

Ask

In repl.lua::tools_schema() (or mcp.lua::list_tools), validate each alias .. "__" .. t.name against the Bedrock regex before emitting. On violation: log a startup status ([aish] tool X has name characters outside ^[a-zA-Z0-9_-]+$; will fail with strict providers) and either:

  • skip the offending tool from the schema (safest)
  • emit anyway with the warning (informative)

Picking the policy needs a Q in the manifest if Norris/Phase 3 reaches for the same area.

Why now

Not blocking — Phase 2 v1 ships fine with the manual __ convention. But the gap is shaped like a footgun: a user adds an MCP server with non-conformant tool names and gets the same uninformative breakage we just walked through. Validation is ~6 lines, runs once per session, no perf concern.

## Context During Phase 2 verify (TC #26 against `:model cloud`), an actual HTTP 400 from openrouter→Amazon Bedrock surfaced the constraint: ``` ^[a-zA-Z0-9_-]{1,128}$ ``` We fixed it by switching the alias separator from `.` to `__` (commit f26cbd9). But the validation gap is generic — a future MCP server could register a tool with a name containing characters outside this regex (e.g. `read-file:v2`, `tool.fast`), and aish would emit it on the wire only to be rejected by a strict provider. ## Ask In `repl.lua::tools_schema()` (or `mcp.lua::list_tools`), validate each `alias .. "__" .. t.name` against the Bedrock regex before emitting. On violation: log a startup status (`[aish] tool X has name characters outside ^[a-zA-Z0-9_-]+$; will fail with strict providers`) and either: - skip the offending tool from the schema (safest) - emit anyway with the warning (informative) Picking the policy needs a Q in the manifest if Norris/Phase 3 reaches for the same area. ## Why now Not blocking — Phase 2 v1 ships fine with the manual `__` convention. But the gap is shaped like a footgun: a user adds an MCP server with non-conformant tool names and gets the same uninformative breakage we just walked through. Validation is ~6 lines, runs once per session, no perf concern.
claude-noether added the feature request label 2026-05-12 20:40:49 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
Behavior diverges from documented or expected operation.
 feature request
User-facing capability that aish does not yet have.
 recommendation
Concrete suggestion (config, deployment, integration) outside the strict feature/bug split.
 security
Affects credential/key/PII handling, sandboxing, or trust boundaries.
 test-case
User-runnable test scenario; comment to confirm pass or add `bug` tag on fail
No Label feature request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claude-noether (Claude (noether)) marfrit (Markus Fritsche)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: marfrit/aish#32
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?