Perform unified schema validation for tool parameters

Author: radare

src/Makefile

@@ -17,6 +17,7 @@ SRC += dsltest.c
 SRC += prompts.c
 SRC += plugin.c
 SRC += jsonrpc.c
+SRC += validation.c
 INC += utils.inc.c
 INC += r2api.inc.c
 OBJS:=$(subst .c,.o,$(SRC))

src/tools.c

@@ -3,6 +3,7 @@
 #include <r_core.h>
 #include "r2mcp.h"
 #include "tools.h"
+#include "validation.h"
 #include "utils.inc.c"
 #include "jsonrpc.h"
 
@@ -1020,6 +1021,25 @@ char *tools_call(ServerState *ss, const char *tool_name, RJson *tool_args) {
 		goto cleanup;
 	}
 
+	// Find the tool spec and validate arguments against schema
+	ToolSpec *found_tool = NULL;
+	for (size_t i = 0; tool_specs[i].name; i++) {
+		ToolSpec *t = &tool_specs[i];
+		if (!strcmp (tool_name, t->name)) {
+			found_tool = t;
+			break;
+		}
+	}
+
+	if (found_tool && found_tool->schema_json) {
+		ValidationResult vr = validate_arguments (tool_args, found_tool->schema_json);
+		if (!vr.valid) {
+			result = jsonrpc_error_response (-32602, vr.error_message, NULL, NULL);
+			free (vr.error_message);
+			goto cleanup;
+		}
+	}
+
 	// Dispatch to tool functions
 	for (size_t i = 0; tool_specs[i].name; i++) {
 		ToolSpec *t = &tool_specs[i];

src/validation.c

@@ -0,0 +1,110 @@
+/* r2mcp - MIT - Copyright 2025-2026 - pancake */
+
+#include "validation.h"
+#include "jsonrpc.h"
+
+/* Check if a parameter exists and is a string */
+ValidationResult validate_required_string(RJson *args, const char *param_name) {
+	const RJson *field = r_json_get (args, param_name);
+	if (!field || field->type != R_JSON_STRING) {
+		char *msg = r_str_newf ("Missing required parameter '%s' (expected string)", param_name);
+		return (ValidationResult){ false, msg };
+	}
+	return (ValidationResult){ true, NULL };
+}
+
+/* Check if a parameter exists and is numeric (integer or double) */
+ValidationResult validate_required_number(RJson *args, const char *param_name) {
+	const RJson *field = r_json_get (args, param_name);
+	if (!field || (field->type != R_JSON_INTEGER && field->type != R_JSON_DOUBLE)) {
+		char *msg = r_str_newf ("Missing required parameter '%s' (expected number)", param_name);
+		return (ValidationResult){ false, msg };
+	}
+	return (ValidationResult){ true, NULL };
+}
+
+/* Check if a parameter exists and is a boolean */
+ValidationResult validate_required_boolean(RJson *args, const char *param_name) {
+	const RJson *field = r_json_get (args, param_name);
+	if (!field || field->type != R_JSON_BOOLEAN) {
+		char *msg = r_str_newf ("Missing required parameter '%s' (expected boolean)", param_name);
+		return (ValidationResult){ false, msg };
+	}
+	return (ValidationResult){ true, NULL };
+}
+
+/* Check if a parameter exists with any valid type */
+ValidationResult validate_required_param(RJson *args, const char *param_name) {
+	const RJson *field = r_json_get (args, param_name);
+	if (!field) {
+		char *msg = r_str_newf ("Missing required parameter '%s'", param_name);
+		return (ValidationResult){ false, msg };
+	}
+	return (ValidationResult){ true, NULL };
+}
+
+/* Parse JSON Schema to extract required properties */
+static RList *parse_required_properties(const char *schema_json) {
+	if (!schema_json || !*schema_json) {
+		return NULL;
+	}
+	
+	/* We need a non-modifiable copy for parsing */
+	char *schema_copy = strdup (schema_json);
+	if (!schema_copy) {
+		return NULL;
+	}
+	
+	RJson *schema = r_json_parse (schema_copy);
+	if (!schema || schema->type != R_JSON_OBJECT) {
+		free (schema_copy);
+		return NULL;
+	}
+	
+	RList *required = NULL;
+	const RJson *required_json = r_json_get (schema, "required");
+	if (required_json && required_json->type == R_JSON_ARRAY) {
+		required = r_list_newf (free);
+		const RJson *item = required_json->children.first;
+		while (item) {
+			if (item->type == R_JSON_STRING && item->str_value) {
+				r_list_append (required, strdup (item->str_value));
+			}
+			item = item->next;
+		}
+	}
+	
+	r_json_free (schema);
+	free (schema_copy);
+	return required;
+}
+
+/* Validate arguments against JSON Schema */
+ValidationResult validate_arguments(RJson *args, const char *schema_json) {
+	if (!schema_json || !*schema_json) {
+		/* No schema defined - allow all arguments */
+		return (ValidationResult){ true, NULL };
+	}
+	
+	/* Parse schema to get required properties */
+	RList *required = parse_required_properties (schema_json);
+	if (!required) {
+		/* Schema couldn't be parsed - allow all arguments */
+		return (ValidationResult){ true, NULL };
+	}
+	
+	/* Check each required parameter exists */
+	RListIter *it;
+	const char *param;
+	r_list_foreach (required, it, param) {
+		const RJson *field = r_json_get (args, param);
+		if (!field) {
+			char *msg = r_str_newf ("Missing required parameter '%s'", param);
+			r_list_free (required);
+			return (ValidationResult){ false, msg };
+		}
+	}
+	
+	r_list_free (required);
+	return (ValidationResult){ true, NULL };
+}

src/validation.h

@@ -0,0 +1,28 @@
+/* r2mcp - MIT - Copyright 2025-2026 - pancake */
+#ifndef VALIDATION_H
+#define VALIDATION_H
+
+#include <r_core.h>
+#include "r2mcp.h"
+
+/* Validation result - caller must free error_message if not NULL */
+typedef struct {
+	bool valid;
+	char *error_message;
+} ValidationResult;
+
+/* Validate tool arguments against the JSON schema in ToolSpec.
+ * Returns ValidationResult with valid=true if args match schema.
+ * error_message is set if validation fails (caller must free). */
+ValidationResult validate_arguments(RJson *args, const char *schema_json);
+
+/* Helper: Check if a required string parameter exists and is a string */
+ValidationResult validate_required_string(RJson *args, const char *param_name);
+
+/* Helper: Check if a required numeric parameter exists and is numeric */
+ValidationResult validate_required_number(RJson *args, const char *param_name);
+
+/* Helper: Check if a required boolean parameter exists and is a boolean */
+ValidationResult validate_required_boolean(RJson *args, const char *param_name);
+
+#endif