Fix: Disallow $ref in tool input schemas

Author: tylerrowsell

lib/mcp/tool/input_schema.rb

@@ -37,6 +37,7 @@ def validate_arguments(arguments)
       private
 
       def validate_schema!
+        check_for_refs!
         schema = to_h
         schema_reader = JSON::Schema::Reader.new(
           accept_uri: false,
@@ -48,6 +49,19 @@ def validate_schema!
           raise ArgumentError, "Invalid JSON Schema: #{errors.join(", ")}"
         end
       end
+
+      def check_for_refs!(obj = properties)
+        case obj
+        when Hash
+          if obj.key?("$ref") || obj.key?(:$ref)
+            raise ArgumentError, "Invalid JSON Schema: $ref is not allowed in tool input schemas"
+          end
+
+          obj.each_value { |value| check_for_refs!(value) }
+        when Array
+          obj.each { |item| check_for_refs!(item) }
+        end
+      end
     end
   end
 end

test/mcp/tool/input_schema_test.rb

@@ -61,6 +61,18 @@ class InputSchemaTest < ActiveSupport::TestCase
           end
         end
       end
+
+      test "rejects schemas with $ref references" do
+        assert_raises(ArgumentError) do
+          InputSchema.new(properties: { foo: { "$ref" => "#/definitions/bar" } }, required: [:foo])
+        end
+      end
+
+      test "rejects schemas with symbol $ref references" do
+        assert_raises(ArgumentError) do
+          InputSchema.new(properties: { foo: { :$ref => "#/definitions/bar" } }, required: [:foo])
+        end
+      end
     end
   end
 end

test/mcp/tool_test.rb

@@ -249,7 +249,7 @@ def call(message:, server_context: nil)
         properties: {
           foo: { "$ref" => "#/definitions/bar" },
         },
-        required: [],
+        required: ["foo"],
         definitions: {
           bar: { type: "string" },
         },