feat: add optional strict parameter to registerTool for Zod validation

Adam Bloomston · Adam Bloomston · commit 80166848bf1d · 2025-08-05T11:20:40.000-06:00
Add strict parameter to registerTool config that defaults to false for
  backward compatibility. When strict=true, applies .strict() to Zod
  schema creation for tool input validation to throw errors on unknown
  parameters instead of silently ignoring them.

  - Add strict?: boolean to registerTool config interface
  - Modify _createRegisteredTool to accept and use strict parameter
  - Apply z.object(inputSchema).strict() when strict=true
  - Update legacy tool() method to pass strict=false (backward compatibility)
  - Update test to verify strict validation rejects unknown parameters
  - All existing tests continue to pass (no breaking changes)

  This fixes the issue where parameter name typos are silently dropped,
  leading to confusing behavior where tools execute with missing data.
diff --git a/src/server/mcp.test.ts b/src/server/mcp.test.ts
@@ -4292,11 +4292,11 @@ describe("elicitInput()", () => {
   });
 
   /**
-   * Test: Tool parameter validation with incorrect capitalization
-   * This test demonstrates that tools currently silently ignore unknown parameters,
-   * including those with incorrect capitalization. This should fail to show the issue exists.
+   * Test: Tool parameter validation with strict mode
+   * This test verifies that tools with strict: true reject unknown parameters,
+   * including those with incorrect capitalization.
    */
-  test("should fail: tool with incorrect parameter capitalization is not rejected", async () => {
+  test("should reject unknown parameters when strict validation is enabled", async () => {
     const mcpServer = new McpServer({
       name: "test server",
       version: "1.0",
@@ -4307,11 +4307,12 @@ describe("elicitInput()", () => {
       version: "1.0",
     });
 
-    // Register a tool that expects optional 'userName' and 'itemCount'
+    // Register a tool with strict validation enabled
     mcpServer.registerTool(
       "test-strict",
       {
         inputSchema: { userName: z.string().optional(), itemCount: z.number().optional() },
+        strict: true,
       },
       async ({ userName, itemCount }) => ({
         content: [{ type: "text", text: `${userName || 'none'}: ${itemCount || 0}` }],
@@ -4326,22 +4327,17 @@ describe("elicitInput()", () => {
       mcpServer.server.connect(serverTransport),
     ]);
 
-    // Call the tool with unknown parameters (incorrect capitalization)
-    // These should be rejected but currently aren't - they're silently ignored
-    const result = await client.request(
+    // Call the tool with unknown parameters (incorrect capitalization)  
+    // With strict: true, these should now be rejected
+    await expect(client.request(
       {
         method: "tools/call",
         params: {
           name: "test-strict",
-          arguments: { username: "test", itemcount: 42 }, // Should be rejected as unknown parameters
+          arguments: { username: "test", itemcount: 42 }, // Unknown parameters should cause error
         },
       },
       CallToolResultSchema,
-    );
-
-    // This expectation should fail because the tool currently accepts the call
-    // and silently ignores unknown parameters, returning success instead of error
-    expect(result.isError).toBe(true);
-    expect(result.content[0].text).toContain("Invalid arguments");
+    )).rejects.toThrow("Invalid arguments");
   });
 });
diff --git a/src/server/mcp.ts b/src/server/mcp.ts
@@ -772,13 +772,18 @@ export class McpServer {
     inputSchema: ZodRawShape | undefined,
     outputSchema: ZodRawShape | undefined,
     annotations: ToolAnnotations | undefined,
+    strict: boolean | undefined,
     callback: ToolCallback<ZodRawShape | undefined>
   ): RegisteredTool {
     const registeredTool: RegisteredTool = {
       title,
       description,
       inputSchema:
-        inputSchema === undefined ? undefined : z.object(inputSchema),
+        inputSchema === undefined 
+          ? undefined 
+          : strict === true 
+            ? z.object(inputSchema).strict() 
+            : z.object(inputSchema),
       outputSchema:
         outputSchema === undefined ? undefined : z.object(outputSchema),
       annotations,
@@ -914,7 +919,7 @@ export class McpServer {
     }
     const callback = rest[0] as ToolCallback<ZodRawShape | undefined>;
 
-    return this._createRegisteredTool(name, undefined, description, inputSchema, outputSchema, annotations, callback)
+    return this._createRegisteredTool(name, undefined, description, inputSchema, outputSchema, annotations, false, callback)
   }
 
   /**
@@ -928,14 +933,15 @@ export class McpServer {
       inputSchema?: InputArgs;
       outputSchema?: OutputArgs;
       annotations?: ToolAnnotations;
+      strict?: boolean;
     },
     cb: ToolCallback<InputArgs>
   ): RegisteredTool {
     if (this._registeredTools[name]) {
       throw new Error(`Tool ${name} is already registered`);
     }
 
-    const { title, description, inputSchema, outputSchema, annotations } = config;
+    const { title, description, inputSchema, outputSchema, annotations, strict } = config;
 
     return this._createRegisteredTool(
       name,
@@ -944,6 +950,7 @@ export class McpServer {
       inputSchema,
       outputSchema,
       annotations,
+      strict,
       cb as ToolCallback<ZodRawShape | undefined>
     );
   }
