Skip to content

MCP Spec Compliant Strict JSON Schema Validation (Draft 2020-12) for Registration#2645

Merged
crivetimihai merged 2 commits intomainfrom
2348_improve_validation_settings
Feb 7, 2026
Merged

MCP Spec Compliant Strict JSON Schema Validation (Draft 2020-12) for Registration#2645
crivetimihai merged 2 commits intomainfrom
2348_improve_validation_settings

Conversation

@kevalmahajan
Copy link
Copy Markdown
Member

@kevalmahajan kevalmahajan commented Feb 2, 2026
edited
Loading

🐛 Bug-fix PR

Closes #2348

📌 Summary

Fixed an issue where invalid JSON schemas for tools and prompts were being silently persisted with only a warning log, leading to potential runtime errors in downstream components.

Key Changes:

  1. Strict Validation: processing is now halted when an invalid schema is detected. This prevents broken data(json) from entering the database.
  2. MCP Spec Compliance: The default JSON Schema version for payloads missing the $schema field is now explicitly set to Draft 2020-12, as mandated by the MCP Schema Specification.
  3. Configuration: A new setting JSON_SCHEMA_VALIDATION_STRICT has been added (defaults to True) to control this behavior, with valid documentation.

🔁 Reproduction Steps

  1. Attempt to register a tool or prompt with a syntactically invalid JSON schema (e.g., {"type": "object", "properties": {"p": {"type": "UNKNOWN_TYPE"}}}).
  2. Before: Request succeeds (200 OK), and a warning is logged.
  3. After: Request fails (400 Bad Request) with a clear error message: Invalid tool input schema: ....

🐞 Root Cause

  1. Swallowed Exceptions: The validate_tool_schema and validate_prompt_schema database listeners caught jsonschema.exceptions.SchemaError but effectively ignored it by only logging a warning and allowing the transaction to commit.
  2. Ambiguous Default: The validator selection logic did not explicitly enforce the MCP-required default (Draft 2020-12) for schemaless inputs, leading to potential inconsistencies.

💡 Fix Description

  • Config: Introduced json_schema_validation_strict in Settings to allow opting out of strict mode (for legacy compatibility).
  • Logic: Updated mcpgateway/db.py to:
    • Check settings.json_schema_validation_strict. If True, SchemaError is caught and re-raised as ValueError, aborting the DB transaction.
    • Explicitly instantiate jsonschema.Draft202012Validator if $schema is missing.
  • Tests: Added reproduction tests verifying both strict and lenient behaviors, and confirming the default validator version.

Note on Configuration: JSON_SCHEMA_VALIDATION_STRICT is distinct from the existing VALIDATION_STRICT setting.

  • VALIDATION_STRICT: Controls general API input validation (middleware level) for request bodies/parameters.
  • JSON_SCHEMA_VALIDATION_STRICT: Specifically controls whether invalid JSON Schemas (defined inside Tool/Prompt inputs) cause a hard failure/exception during registration or are just logged as warnings.

🧪 Verification

Check Command Status
Lint suite make lint
Unit tests make test
Coverage ≥ 80 % make coverage
Manual regression no longer fails steps / screenshots

📐 MCP Compliance (if relevant)

  • Matches current MCP spec
  • No breaking change to MCP clients

✅ Checklist

  • Code formatted (make black isort pre-commit)
  • No secrets/credentials committed

@kevalmahajan kevalmahajan force-pushed the 2348_improve_validation_settings branch from a0511c6 to 97532ac Compare February 2, 2026 07:31
@crivetimihai crivetimihai added this to the Release 1.0.0-RC1 milestone Feb 3, 2026
@crivetimihai
Copy link
Copy Markdown
Member

crivetimihai commented Feb 4, 2026

Good spec compliance improvement. Defaulting to Draft 2020-12 when $schema is missing matches the MCP spec, and the strict/permissive toggle via JSON_SCHEMA_VALIDATION_STRICT gives a clean migration path. CI is all green.

LGTM — ready to merge.

@crivetimihai crivetimihai self-assigned this Feb 4, 2026
kevalmahajan and others added 2 commits February 7, 2026 17:14
@kevalmahajan @crivetimihai
feat: add strict JSON Schema validation (Draft 2020-12) for tool and …
802307c 
…prompt registration

Closes #2348

Add JSON_SCHEMA_VALIDATION_STRICT config option (default: true) to reject invalid
JSON schemas during tool/prompt registration. When enabled, invalid schemas cause
a 400 error instead of being silently persisted with a warning log.

Default to Draft 2020-12 validator when $schema field is missing, per MCP spec.

Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
@crivetimihai
fix: remove unrelated changes, fix typo, add missing test coverage
f1d6ee1 
- Remove unrelated VALIDATION_STRICT=true additions from docker-compose files
- Remove unrelated comment on existing validation_strict field in config.py
- Fix typo in configuration.md ("may valid schemas may" -> "may")
- Restore trailing newline in config.schema.json files
- Add tests for non-strict mode (json_schema_validation_strict=False)
- Add test for Draft 2020-12 default validator selection

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
@crivetimihai crivetimihai force-pushed the 2348_improve_validation_settings branch from 97532ac to f1d6ee1 Compare February 7, 2026 17:15
@crivetimihai crivetimihai merged commit 72b5e6e into main Feb 7, 2026
51 checks passed
@crivetimihai crivetimihai deleted the 2348_improve_validation_settings branch February 7, 2026 17:52
kcostell06 pushed a commit to kcostell06/mcp-context-forge that referenced this pull request Feb 24, 2026
@kevalmahajan @crivetimihai
MCP Spec Compliant Strict JSON Schema Validation (Draft 2020-12) for …
e518682 
…Registration (IBM#2645)

* feat: add strict JSON Schema validation (Draft 2020-12) for tool and prompt registration

Closes IBM#2348

Add JSON_SCHEMA_VALIDATION_STRICT config option (default: true) to reject invalid
JSON schemas during tool/prompt registration. When enabled, invalid schemas cause
a 400 error instead of being silently persisted with a warning log.

Default to Draft 2020-12 validator when $schema field is missing, per MCP spec.

Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: remove unrelated changes, fix typo, add missing test coverage

- Remove unrelated VALIDATION_STRICT=true additions from docker-compose files
- Remove unrelated comment on existing validation_strict field in config.py
- Fix typo in configuration.md ("may valid schemas may" -> "may")
- Restore trailing newline in config.schema.json files
- Add tests for non-strict mode (json_schema_validation_strict=False)
- Add test for Draft 2020-12 default validator selection

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@crivetimihai crivetimihai crivetimihai approved these changes

@madhav165 madhav165 Awaiting requested review from madhav165 madhav165 is a code owner

Assignees

@crivetimihai crivetimihai

Labels

None yet

Projects

None yet

Milestone

Release 1.0.0-RC1

Development

Successfully merging this pull request may close these issues.

[BUG]: Schema validation behavior change may cause runtime errors

2 participants

@kevalmahajan @crivetimihai