Skip to content

fix: validate required MCP tool parameters (content, query, new_content)#222

Open
loveRhythm1990 wants to merge 2 commits into
matrixorigin:mainfrom
loveRhythm1990:lr90/interface
Open

fix: validate required MCP tool parameters (content, query, new_content)#222
loveRhythm1990 wants to merge 2 commits into
matrixorigin:mainfrom
loveRhythm1990:lr90/interface

Conversation

@loveRhythm1990

@loveRhythm1990 loveRhythm1990 commented Jun 29, 2026

Copy link
Copy Markdown
Collaborator

What type of PR is this?

  • feat (new feature)
  • fix (bug fix)
  • docs (documentation)
  • style (formatting, no code change)
  • refactor (code change that neither fixes a bug nor adds a feature)
  • perf (performance improvement)
  • test (adding or updating tests)
  • chore (maintenance, tooling)
  • build / ci (build or CI changes)

Which issue(s) this PR fixes

Fixes #216
Fixes #218

What this PR does / why we need it

Summary

MCP tools previously accepted missing or whitespace-only required arguments without validation:

  • memory_store could store empty memories (wasting DB writes and embedding calls)
  • memory_retrieve / memory_search could run with an empty query (undefined retrieval behavior)
  • memory_correct only checked is_empty() on new_content, allowing whitespace-only corrections

This PR adds consistent server-side validation at the MCP tool layer. Invalid input is rejected early with a clear tool text response (not a JSON-RPC error), matching existing patterns such as trust_tier validation.


What changed

MCP tools (memoria-mcp/src/tools.rs)

  • Introduce parse_required_str(args, key, err) — shared helper that trims input and rejects missing/blank values.
  • memory_store: validate content via parse_store_content() before store/embedding.
  • memory_retrieve / memory_search: validate query via parse_retrieve_query() before retrieval.
  • memory_correct: validate new_content via parse_required_str() (also fixes whitespace-only bypass).
  • Add inline unit tests for the parser helpers.

Tests

Layer File Coverage
Unit (mock service) memoria-mcp/tests/tools_unit.rs memory_store, memory_retrieve, memory_search reject invalid args
E2E (stdio MCP) memoria-mcp/tests/core_tools_e2e.rs Same validation against real DB; asserts no empty memories created
E2E (HTTP MCP) memoria-api/tests/api_e2e.rs POST /mcp tools/call for store/retrieve/search

Validation semantics

Tool Parameter Invalid inputs Response
memory_store content missing, "", whitespace-only "content is required"
memory_retrieve query missing, "", whitespace-only "query is required"
memory_search query missing, "", whitespace-only "query is required"
memory_correct new_content missing, "", whitespace-only "new_content is required"
  • Valid values are trimmed before use (e.g. " hello ""hello").
  • Errors are returned as MCP tool text (result.content[0].text), not JSON-RPC error objects — consistent with existing tool validation behavior.

Backward compatibility

  • No API schema changes; only stricter input validation.
  • Clients that previously sent empty content/query/new_content will now receive an explicit error instead of silent/no-op behavior.
  • No changes to REST /v1/memories endpoints in this PR (MCP layer only).

Test plan

  • cargo check -p memoria-mcp
  • cargo test -p memoria-mcp --test tools_unit
  • cargo test -p memoria-mcp --test core_tools_e2e (requires MatrixOne)
  • cargo test -p memoria-api --test api_e2e (requires MatrixOne)
  • make test (full integration suite)

Focused commands:

cargo test -p memoria-mcp --test tools_unit -- --nocapture
cargo test -p memoria-mcp --test core_tools_e2e -- test_store_rejects_empty_content test_retrieve_and_search_reject_missing_query
cargo test -p memoria-api --test api_e2e -- test_mcp_memory_store_rejects_empty_content test_mcp_memory_retrieve_and_search_reject_missing_query

@loveRhythm1990 loveRhythm1990 changed the title fix: parameters validation of mcp interface fix: validate required MCP tool parameters (content, query, new_content) Jun 29, 2026

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR tightens server-side validation for MCP tool calls so that required string arguments (content, query, new_content) cannot be missing, empty, or whitespace-only, preventing empty memory writes and undefined retrieval/search behavior.

Changes:

  • Added shared parsing helpers in memoria-mcp to validate required string arguments (and updated memory_store, memory_retrieve, memory_search, memory_correct to use them).
  • Added unit + E2E tests (stdio MCP + HTTP MCP) asserting invalid inputs are rejected and do not create empty memories.
  • Adjusted memory_correct call path to pass the validated new_content through as a borrowed string.

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 1 comment.

File Description
memoria/crates/memoria-mcp/src/tools.rs Adds required-string parsing helpers and applies them to MCP tool handlers; includes helper unit tests.
memoria/crates/memoria-mcp/tests/tools_unit.rs Adds unit tests ensuring store/retrieve/search reject missing/blank required args and don’t create records.
memoria/crates/memoria-mcp/tests/core_tools_e2e.rs Adds DB-backed E2E tests for rejecting blank content/query at the MCP tool layer.
memoria/crates/memoria-api/tests/api_e2e.rs Adds HTTP MCP E2E tests asserting validation returns tool text (not JSON-RPC error) and that no empty memories are created.
Comments suppressed due to low confidence (1)

memoria/crates/memoria-mcp/src/tools.rs:384

  • memory_store now returns tool-text (Ok(mcp_text)) for invalid/missing content, but trust_tier validation still returns a Rust error (which becomes a JSON-RPC error in memoria-mcp/src/server.rs). This means clients must handle two different error channels for “validation” failures in the same tool, and it also contradicts the PR description’s claim that validation uses tool text “matching trust_tier validation”. Consider standardizing (either return tool text for invalid trust_tier too, or document that trust_tier remains a JSON-RPC error).
            let memory_type = args["memory_type"].as_str().unwrap_or("semantic");
            let session_id = args["session_id"].as_str().map(String::from);
            let trust_tier = args["trust_tier"]
                .as_str()
                .map(TrustTier::from_str)
                .transpose()
                .map_err(|e| anyhow::anyhow!("{e}"))?;

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread memoria/crates/memoria-mcp/src/tools.rs

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 5 changed files in this pull request and generated 3 comments.

Comment thread memoria/crates/memoria-mcp/src/tools.rs
Comment thread memoria/crates/memoria-mcp/src/tools.rs
Comment thread memoria/crates/memoria-api/tests/api_e2e.rs Outdated

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 5 changed files in this pull request and generated 2 comments.

Comment thread memoria/crates/memoria-mcp/src/tools.rs
Comment thread memoria/crates/memoria-mcp/src/tools.rs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

memory_retrieve and memory_search missing required query validation memory_store accepts empty or missing content without validation

2 participants