Validate live tool call arguments

1jehuang · 1jehuang · commit 115c61bea348 · 2026-05-03T12:11:18.000-07:00
diff --git a/crates/jcode-message-types/src/lib.rs b/crates/jcode-message-types/src/lib.rs
@@ -22,6 +22,22 @@ impl ToolCall {
         Self::normalize_input_to_object(input.clone())
     }
 
+    pub fn validation_error(&self) -> Option<String> {
+        if self.name.trim().is_empty() {
+            return Some("Invalid tool call: tool name must not be empty.".to_string());
+        }
+
+        if !self.input.is_object() {
+            return Some(format!(
+                "Invalid tool call for '{}': arguments must be a JSON object, got {}.",
+                self.name,
+                json_value_kind(&self.input)
+            ));
+        }
+
+        None
+    }
+
     pub fn intent_from_input(input: &serde_json::Value) -> Option<String> {
         input
             .get("intent")
@@ -36,6 +52,17 @@ impl ToolCall {
     }
 }
 
+fn json_value_kind(value: &serde_json::Value) -> &'static str {
+    match value {
+        serde_json::Value::Null => "null",
+        serde_json::Value::Bool(_) => "boolean",
+        serde_json::Value::Number(_) => "number",
+        serde_json::Value::String(_) => "string",
+        serde_json::Value::Array(_) => "array",
+        serde_json::Value::Object(_) => "object",
+    }
+}
+
 #[derive(Debug, Clone, serde::Serialize, serde::Deserialize, PartialEq, Eq)]
 pub struct InputShellResult {
     pub command: String,
diff --git a/src/agent/turn_loops.rs b/src/agent/turn_loops.rs
@@ -227,10 +227,9 @@ impl Agent {
                     StreamEvent::ToolUseEnd => {
                         if let Some(mut tool) = current_tool.take() {
                             // Parse the accumulated JSON
-                            let tool_input = ToolCall::normalize_input_to_object(
+                            let tool_input =
                                 serde_json::from_str::<serde_json::Value>(&current_tool_input)
-                                    .unwrap_or(serde_json::Value::Null),
-                            );
+                                    .unwrap_or(serde_json::Value::Null);
                             tool.input = tool_input.clone();
                             tool.intent = ToolCall::intent_from_input(&tool_input);
 
@@ -647,12 +646,37 @@ impl Agent {
             // Execute tools and add results
             let mut tool_results_dirty = false;
             for tc in tool_calls {
-                self.validate_tool_allowed(&tc.name)?;
-
                 let message_id = assistant_message_id
                     .clone()
                     .unwrap_or_else(|| self.session.id.clone());
 
+                if let Some(error_msg) = tc.validation_error() {
+                    logging::warn(&error_msg);
+                    Bus::global().publish(BusEvent::ToolUpdated(ToolEvent {
+                        session_id: self.session.id.clone(),
+                        message_id: message_id.clone(),
+                        tool_call_id: tc.id.clone(),
+                        tool_name: tc.name.clone(),
+                        status: ToolStatus::Error,
+                        title: None,
+                    }));
+                    if print_output {
+                        println!("\n  → {}", error_msg);
+                    }
+                    self.add_message(
+                        Role::User,
+                        vec![ContentBlock::ToolResult {
+                            tool_use_id: tc.id,
+                            content: error_msg,
+                            is_error: Some(true),
+                        }],
+                    );
+                    tool_results_dirty = true;
+                    continue;
+                }
+
+                self.validate_tool_allowed(&tc.name)?;
+
                 let is_native_tool = JCODE_NATIVE_TOOLS.contains(&tc.name.as_str());
 
                 // Check if SDK already executed this tool
diff --git a/src/agent/turn_streaming_broadcast.rs b/src/agent/turn_streaming_broadcast.rs
@@ -295,10 +295,9 @@ impl Agent {
                     }
                     StreamEvent::ToolUseEnd => {
                         if let Some(mut tool) = current_tool.take() {
-                            tool.input = ToolCall::normalize_input_to_object(
+                            tool.input =
                                 serde_json::from_str::<serde_json::Value>(&current_tool_input)
-                                    .unwrap_or(serde_json::Value::Null),
-                            );
+                                    .unwrap_or(serde_json::Value::Null);
                             tool.refresh_intent_from_input();
 
                             let _ = event_tx.send(ServerEvent::ToolExec {
@@ -713,12 +712,32 @@ impl Agent {
                 }
                 let tc = &tool_calls[tool_index];
 
-                self.validate_tool_allowed(&tc.name)?;
-
                 let message_id = assistant_message_id
                     .clone()
                     .unwrap_or_else(|| self.session.id.clone());
 
+                if let Some(error_msg) = tc.validation_error() {
+                    logging::warn(&error_msg);
+                    let _ = event_tx.send(ServerEvent::ToolDone {
+                        id: tc.id.clone(),
+                        name: tc.name.clone(),
+                        output: error_msg.clone(),
+                        error: Some(error_msg.clone()),
+                    });
+                    self.add_message(
+                        Role::User,
+                        vec![ContentBlock::ToolResult {
+                            tool_use_id: tc.id.clone(),
+                            content: error_msg,
+                            is_error: Some(true),
+                        }],
+                    );
+                    tool_results_dirty = true;
+                    continue;
+                }
+
+                self.validate_tool_allowed(&tc.name)?;
+
                 let is_native_tool = JCODE_NATIVE_TOOLS.contains(&tc.name.as_str());
 
                 // Check if SDK already executed this tool
diff --git a/src/agent/turn_streaming_mpsc.rs b/src/agent/turn_streaming_mpsc.rs
@@ -298,10 +298,9 @@ impl Agent {
                     }
                     StreamEvent::ToolUseEnd => {
                         if let Some(mut tool) = current_tool.take() {
-                            tool.input = ToolCall::normalize_input_to_object(
+                            tool.input =
                                 serde_json::from_str::<serde_json::Value>(&current_tool_input)
-                                    .unwrap_or(serde_json::Value::Null),
-                            );
+                                    .unwrap_or(serde_json::Value::Null);
                             tool.refresh_intent_from_input();
 
                             let _ = event_tx.send(ServerEvent::ToolExec {
@@ -743,12 +742,32 @@ impl Agent {
                 }
                 let tc = &tool_calls[tool_index];
 
-                self.validate_tool_allowed(&tc.name)?;
-
                 let message_id = assistant_message_id
                     .clone()
                     .unwrap_or_else(|| self.session.id.clone());
 
+                if let Some(error_msg) = tc.validation_error() {
+                    logging::warn(&error_msg);
+                    let _ = event_tx.send(ServerEvent::ToolDone {
+                        id: tc.id.clone(),
+                        name: tc.name.clone(),
+                        output: error_msg.clone(),
+                        error: Some(error_msg.clone()),
+                    });
+                    self.add_message(
+                        Role::User,
+                        vec![ContentBlock::ToolResult {
+                            tool_use_id: tc.id.clone(),
+                            content: error_msg,
+                            is_error: Some(true),
+                        }],
+                    );
+                    tool_results_dirty = true;
+                    continue;
+                }
+
+                self.validate_tool_allowed(&tc.name)?;
+
                 let is_native_tool = JCODE_NATIVE_TOOLS.contains(&tc.name.as_str());
 
                 if let Some((sdk_content, sdk_is_error)) = sdk_tool_results.remove(&tc.id) {
diff --git a/src/message/tests.rs b/src/message/tests.rs
@@ -88,6 +88,39 @@ fn tool_call_normalizes_non_object_input_to_empty_object() {
     );
 }
 
+#[test]
+fn tool_call_validation_rejects_empty_name_and_non_object_input() {
+    let empty_name = ToolCall {
+        id: "call_1".to_string(),
+        name: "".to_string(),
+        input: serde_json::json!({}),
+        intent: None,
+    };
+    assert_eq!(
+        empty_name.validation_error().as_deref(),
+        Some("Invalid tool call: tool name must not be empty.")
+    );
+
+    let primitive_args = ToolCall {
+        id: "call_2".to_string(),
+        name: "read".to_string(),
+        input: serde_json::json!(20),
+        intent: None,
+    };
+    assert_eq!(
+        primitive_args.validation_error().as_deref(),
+        Some("Invalid tool call for 'read': arguments must be a JSON object, got number.")
+    );
+
+    let valid = ToolCall {
+        id: "call_3".to_string(),
+        name: "read".to_string(),
+        input: serde_json::json!({"path":"README.md"}),
+        intent: None,
+    };
+    assert_eq!(valid.validation_error(), None);
+}
+
 #[test]
 fn sanitize_tool_id_hyphens_passthrough() {
     assert_eq!(sanitize_tool_id("call-abc-123"), "call-abc-123");
diff --git a/src/provider/openai/stream.rs b/src/provider/openai/stream.rs
@@ -151,12 +151,10 @@ pub(super) struct StreamingToolCallState {
 }
 
 fn normalize_openai_tool_arguments(raw_arguments: String) -> String {
-    let parsed = serde_json::from_str::<Value>(&raw_arguments);
-    let should_normalize = !matches!(parsed, Ok(Value::Object(_)));
-    if should_normalize {
+    if raw_arguments.trim().is_empty() {
         let total = NORMALIZED_NULL_TOOL_ARGUMENTS.fetch_add(1, Ordering::Relaxed) + 1;
         crate::logging::warn(&format!(
-            "[openai] Normalized non-object tool arguments to empty object (total={})",
+            "[openai] Normalized empty tool arguments to empty object (total={})",
             total
         ));
         "{}".to_string()
diff --git a/src/provider/openrouter_sse_stream.rs b/src/provider/openrouter_sse_stream.rs
@@ -4,13 +4,6 @@ fn truncated_stream_payload_context(data: &str) -> String {
     crate::util::truncate_str(&data.trim().replace('\n', "\\n"), 240).to_string()
 }
 
-fn normalize_tool_arguments(raw_arguments: String) -> String {
-    match serde_json::from_str::<Value>(&raw_arguments) {
-        Ok(Value::Object(_)) => raw_arguments,
-        _ => "{}".to_string(),
-    }
-}
-
 // ============================================================================
 // SSE Stream Parser
 // ============================================================================
@@ -363,15 +356,13 @@ impl OpenRouterStream {
                                 // Emit previous tool call if any
                                 if let Some(prev) = self.current_tool_call.take()
                                     && !prev.id.is_empty()
-                                    && !prev.name.is_empty()
                                 {
                                     self.pending.push_back(StreamEvent::ToolUseStart {
                                         id: prev.id,
                                         name: prev.name,
                                     });
-                                    self.pending.push_back(StreamEvent::ToolInputDelta(
-                                        normalize_tool_arguments(prev.arguments),
-                                    ));
+                                    self.pending
+                                        .push_back(StreamEvent::ToolInputDelta(prev.arguments));
                                     self.pending.push_back(StreamEvent::ToolUseEnd);
                                 }
 
@@ -408,15 +399,13 @@ impl OpenRouterStream {
                         // Emit any pending tool call
                         if let Some(tc) = self.current_tool_call.take()
                             && !tc.id.is_empty()
-                            && !tc.name.is_empty()
                         {
                             self.pending.push_back(StreamEvent::ToolUseStart {
                                 id: tc.id,
                                 name: tc.name,
                             });
-                            self.pending.push_back(StreamEvent::ToolInputDelta(
-                                normalize_tool_arguments(tc.arguments),
-                            ));
+                            self.pending
+                                .push_back(StreamEvent::ToolInputDelta(tc.arguments));
                             self.pending.push_back(StreamEvent::ToolUseEnd);
                         }
 
