Merge pull request #320 from dgageot/more-validation

dgageot · web-flow · commit ebf5a1cfb967 · 2025-09-26T14:29:43.000+02:00
More validation
diff --git a/pkg/config/testdata/invalid_path_v2.yaml b/pkg/config/testdata/invalid_path_v2.yaml
@@ -0,0 +1,8 @@
+version: "2"
+
+agents:
+  root:
+    model: openai/gpt-4o
+    toolsets:
+      - type: mcp
+        path: invalid-tool-type
diff --git a/pkg/config/testdata/invalid_post_edit_v2.yaml b/pkg/config/testdata/invalid_post_edit_v2.yaml
@@ -0,0 +1,9 @@
+version: "2"
+
+agents:
+  root:
+    model: openai/gpt-4o
+    toolsets:
+      - type: mcp
+        post_edit:
+          - path: /path
diff --git a/pkg/config/testdata/missing_memory_path_v2.yaml b/pkg/config/testdata/missing_memory_path_v2.yaml
@@ -0,0 +1,7 @@
+version: "2"
+
+agents:
+  root:
+    model: openai/gpt-4o
+    toolsets:
+      - type: memory
diff --git a/pkg/config/v2/types.go b/pkg/config/v2/types.go
@@ -1,10 +1,5 @@
 package v2
 
-import (
-	"errors"
-	"strings"
-)
-
 // Config represents the entire configuration file
 type Config struct {
 	Version  string                 `json:"version,omitempty" yaml:"version,omitempty"`
@@ -72,58 +67,30 @@ type PostEditConfig struct {
 
 // Toolset represents a tool configuration
 type Toolset struct {
-	Type    string            `json:"type,omitempty" yaml:"type,omitempty"`
-	Ref     string            `json:"ref,omitempty" yaml:"ref,omitempty"`
-	Config  any               `json:"config,omitempty" yaml:"config,omitempty"`
-	Command string            `json:"command,omitempty" yaml:"command,omitempty"`
-	Remote  Remote            `json:"remote,omitempty" yaml:"remote,omitempty"`
-	Args    []string          `json:"args,omitempty" yaml:"args,omitempty"`
-	Tools   []string          `json:"tools,omitempty" yaml:"tools,omitempty"`
-	Env     map[string]string `json:"env,omitempty" yaml:"env,omitempty"`
-
-	// For the think tool
-	Shared bool `json:"shared,omitempty" yaml:"shared,omitempty"`
-	// For the memory tool
-	Path string `json:"path,omitempty" yaml:"path,omitempty"`
+	Type  string   `json:"type,omitempty" yaml:"type,omitempty"`
+	Tools []string `json:"tools,omitempty" yaml:"tools,omitempty"`
 
-	// For the script tool
-	Shell map[string]ScriptShellToolConfig `json:"shell,omitempty" yaml:"shell,omitempty"`
+	// For the `mcp` tool
+	Command string   `json:"command,omitempty" yaml:"command,omitempty"`
+	Args    []string `json:"args,omitempty" yaml:"args,omitempty"`
+	Ref     string   `json:"ref,omitempty" yaml:"ref,omitempty"`
+	Remote  Remote   `json:"remote,omitempty" yaml:"remote,omitempty"`
+	Config  any      `json:"config,omitempty" yaml:"config,omitempty"`
 
-	// For the filesystem tool - post-edit commands
-	PostEdit []PostEditConfig `json:"post_edit,omitempty" yaml:"post_edit,omitempty"`
-}
+	// For `shell`, `script` or `mcp` tools
+	Env map[string]string `json:"env,omitempty" yaml:"env,omitempty"`
 
-// Ensure that either Command, Remote or Ref is set, but not all empty
-func (t *Toolset) validate() error {
-	if len(t.Shell) > 0 && t.Type != "script" {
-		return errors.New("shell can only be used with type 'script'")
-	}
-	if t.Type != "mcp" {
-		return nil
-	}
+	// For the `todo` tool
+	Shared bool `json:"shared,omitempty" yaml:"shared,omitempty"`
 
-	count := 0
-	if t.Command != "" {
-		count++
-	}
-	if t.Remote.URL != "" {
-		count++
-	}
-	if t.Ref != "" {
-		count++
-	}
-	if count == 0 {
-		return errors.New("either command, remote or ref must be set")
-	}
-	if count > 1 {
-		return errors.New("either command, remote or ref must be set, but only one of those")
-	}
+	// For the `memory` tool
+	Path string `json:"path,omitempty" yaml:"path,omitempty"`
 
-	if t.Ref != "" && !strings.Contains(t.Ref, "docker:") {
-		return errors.New("only docker refs are supported for MCP tools, e.g., 'docker:context7'")
-	}
+	// For the `script` tool
+	Shell map[string]ScriptShellToolConfig `json:"shell,omitempty" yaml:"shell,omitempty"`
 
-	return nil
+	// For the `filesystem` tool - post-edit commands
+	PostEdit []PostEditConfig `json:"post_edit,omitempty" yaml:"post_edit,omitempty"`
 }
 
 func (t *Toolset) UnmarshalYAML(unmarshal func(any) error) error {
diff --git a/pkg/config/v2/validate.go b/pkg/config/v2/validate.go
@@ -0,0 +1,92 @@
+package v2
+
+import (
+	"errors"
+	"strings"
+)
+
+func (t *Config) UnmarshalYAML(unmarshal func(any) error) error {
+	type alias Config
+	var tmp alias
+	if err := unmarshal(&tmp); err != nil {
+		return err
+	}
+	*t = Config(tmp)
+	return t.validate()
+}
+
+func (t *Config) validate() error {
+	for _, agent := range t.Agents {
+		for i := range agent.Toolsets {
+			if err := agent.Toolsets[i].validate(); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+func (t *Toolset) validate() error {
+	// Attributes used on the wrong toolset type.
+	if len(t.Shell) > 0 && t.Type != "script" {
+		return errors.New("shell can only be used with type 'script'")
+	}
+	if t.Path != "" && t.Type != "memory" {
+		return errors.New("path can only be used with type 'memory'")
+	}
+	if len(t.PostEdit) > 0 && t.Type != "filesystem" {
+		return errors.New("post_edit can only be used with type 'filesystem'")
+	}
+	if len(t.Env) > 0 && (t.Type != "shell" && t.Type != "script" && t.Type != "mcp") {
+		return errors.New("env can only be used with type 'shell', 'script' or 'mcp'")
+	}
+	if t.Shared && t.Type != "todo" {
+		return errors.New("shared can only be used with type 'todo'")
+	}
+	if t.Command != "" && t.Type != "mcp" {
+		return errors.New("command can only be used with type 'mcp'")
+	}
+	if len(t.Args) > 0 && t.Type != "mcp" {
+		return errors.New("args can only be used with type 'mcp'")
+	}
+	if t.Ref != "" && t.Type != "mcp" {
+		return errors.New("ref can only be used with type 'mcp'")
+	}
+	if (t.Remote.URL != "" || t.Remote.TransportType != "" || len(t.Remote.Headers) > 0) && t.Type != "mcp" {
+		return errors.New("remote can only be used with type 'mcp'")
+	}
+	if t.Config != nil && t.Type != "mcp" {
+		return errors.New("config can only be used with type 'mcp'")
+	}
+
+	switch t.Type {
+	case "memory":
+		if t.Path == "" {
+			return errors.New("memory toolset requires a path to be set")
+		}
+	case "mcp":
+		count := 0
+		if t.Command != "" {
+			count++
+		}
+		if t.Remote.URL != "" {
+			count++
+		}
+		if t.Ref != "" {
+			count++
+		}
+		if count == 0 {
+			return errors.New("either command, remote or ref must be set")
+		}
+		if count > 1 {
+			return errors.New("either command, remote or ref must be set, but only one of those")
+		}
+
+		if t.Ref != "" && !strings.Contains(t.Ref, "docker:") {
+			return errors.New("only docker refs are supported for MCP tools, e.g., 'docker:context7'")
+		}
+	}
+
+	return nil
+}
diff --git a/pkg/config/validation_test.go b/pkg/config/validation_test.go
@@ -61,6 +61,8 @@ func TestValidatePathInDirectory(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
 			result, err := ValidatePathInDirectory(tt.path, tt.allowedDir)
 
 			if tt.expectError {
@@ -79,7 +81,7 @@ func TestValidatePathInDirectory(t *testing.T) {
 	}
 }
 
-func TestLoadConfigSecure(t *testing.T) {
+func TestValidateMemoryPath(t *testing.T) {
 	tmpDir, err := os.MkdirTemp("", "test_config_secure")
 	require.NoError(t, err)
 	defer os.RemoveAll(tmpDir)
@@ -106,3 +108,32 @@ agents:
 	require.Error(t, err)
 	require.Contains(t, err.Error(), "path validation failed")
 }
+
+func TestValidationErrors(t *testing.T) {
+	tests := []struct {
+		name string
+		path string
+	}{
+		{
+			name: "memory toolset missing path",
+			path: "testdata/missing_memory_path_v2.yaml",
+		},
+		{
+			name: "path in non memory toolset",
+			path: "testdata/invalid_path_v2.yaml",
+		},
+		{
+			name: "post_edit in non filesystem toolset",
+			path: "testdata/invalid_post_edit_v2.yaml",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			_, err := loadConfig(tt.path)
+			require.Error(t, err)
+		})
+	}
+}
