feat(core): add draft-2020-12 JSON Schema support with lenient fallback

[afarber]

Summary

Add JSON Schema draft-2020-12 validation support for MCP servers (e.g., rmcp/Rust SDK), while keeping a lenient fallback for unknown future schema versions:

Schema Version	Validator	Behavior
draft-07 (default)	ajvDefault	Strict - rejects invalid data
draft-2020-12	ajv2020	Strict - rejects invalid data
Other/future versions	try-catch fallback	Lenient - logs warning, skips validation

Related Issues

Fixes #14970
Related to modelcontextprotocol/rust-sdk#587

How to Validate

1. Run unit tests: npm run test -- packages/core/src/utils/schemaValidator.test.ts
2. Build an rmcp MCP server (e.g., from https://github.com/modelcontextprotocol/rust-sdk):

     cd ~/rust-sdk
     cargo build --example servers_counter_stdio -p mcp-server-examples

3. Configure in ~/.gemini/settings.json:
   {"mcpServers": {"counter": {"command": "/path/to/servers_counter_stdio"}}}
4. Run gemini, then /mcp schema should show tools without errors
5. Invoke a tool like sum - should succeed instead of failing with schema error

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[gemini-code-assist]

Summary of Changes

Hello @afarber, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a robust solution to prevent tool invocation failures caused by the client-side JSON schema validator's inability to process newer or unsupported JSON Schema draft versions. By implementing a lenient validation approach, the system now gracefully handles schema compilation errors, effectively skipping client-side validation when a schema's version is not recognized. This ensures broader compatibility with evolving JSON Schema standards and maintains the functionality of tools interacting with updated MCP servers.

Highlights

• JSON Schema Version Compatibility: Addresses an issue where the client-side JSON validator (AJV) fails to process schemas using newer or unsupported JSON Schema draft versions (e.g., draft-2020-12) sent by updated MCP servers.
• Lenient Validation Strategy: Implements a try-catch block around schema compilation. If compilation fails due to an unsupported schema version or invalid references, client-side validation is skipped, preventing tool invocation failures.
• Broad Compatibility: Ensures compatibility with various JSON Schema versions (draft-04, 06, 07, 2019-09, 2020-12, and future versions) without requiring new dependencies.
• Consistent Behavior: Applies a lenient validation pattern similar to the existing LenientJsonSchemaValidator used for MCP output schemas, maintaining consistency in handling schema validation.
• New Test Cases: Adds comprehensive unit tests to verify that schemas with draft-2020-12, draft-07, unrecognized future $schema versions, and schemas using $defs are correctly handled by skipping client-side validation.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request intends to prevent crashes from unsupported JSON Schema versions by using a "try-catch" block for schema compilation, allowing tool calls to rely on server-side validation. However, this introduces a high-severity security bypass vulnerability in packages/core/src/utils/schemaValidator.ts. Silently skipping input validation on compilation failure could allow malicious data to reach downstream tools. It is strongly recommended to implement a fail-secure approach where compilation failures are treated as errors. Furthermore, adding a log message when validation is skipped would improve debuggability.

[gemini-code-assist]

Code Review

This pull request introduces a lenient validation approach to handle unsupported JSON Schema versions from MCP servers, where client-side validation is skipped if schema compilation fails. However, this change introduces a high-severity validation bypass vulnerability in packages/core/src/utils/schemaValidator.ts. By silently ignoring schema compilation errors, the current 'fail-open' implementation allows an attacker to bypass validation, potentially leading to serious security implications. A 'fail-secure' approach, where validation errors result in data rejection, is strongly recommended. Furthermore, the silent error handling hinders debugging and could mask other schema-related problems; logging is advised for improved visibility.

[gemini-code-assist]

Code Review

This pull request aims to address issues with tool invocations failing due to unsupported JSON Schema versions by wrapping schema compilation in a try-catch block to skip client-side validation for incompatible schemas. However, a high-severity security vulnerability has been identified: the current implementation in schemaValidator.ts introduces a security bypass flaw by 'failing open'. When schema compilation fails, the validator incorrectly reports success, allowing unvalidated data to pass through, which removes a critical layer of defense. This needs to be remediated by ensuring the function fails securely. Additionally, it's recommended to add logging to the catch block to aid in debugging and prevent other potential issues from being silently masked.

[afarber]

/gemini review

[gemini-code-assist]

Code Review

This pull request addresses tool invocation failures due to unsupported JSON Schema versions by implementing a try-catch block in SchemaValidator to skip validation and log a warning for problematic schemas. However, this approach introduces a high-severity validation bypass vulnerability. The current 'fail-open' mechanism, which allows parameter validation to be bypassed when an unsupported or malformed schema is encountered, is insecure. While the changes include comprehensive unit tests and align with existing lenient validation patterns, it is critical to revise this to a 'fail-closed' principle. This ensures that if a schema cannot be processed, validation explicitly fails, blocking the tool call and preventing potential security exploits.

[afarber]

Successfully smoke tested on macOS 26.1:

[eminence]

I did a quick test of this on Linux and it also resolved my schema validation issues when testing an MCP server written with the rmcp library

[LIHUA919]

LGTM

[eminence]

According to AVJ, it does support draft-2020-12, but you need to import it from a different package:

import Ajv2020 from "ajv/dist/2020"
const ajv = new Ajv2020()

So instead of skipping validation, can we detect if this schema is used and then use the right version of the AJV validator?

[jackwotherspoon]

@afarber looks like this fails to build and lint job is complaining?

Mind taking a look.

[afarber]

@jackwotherspoon I think now it's ready, thanks @Adib234

[sephriot]

@jackwotherspoon do you have any clue when this will get merged?