Skip to content

fix: override tools/list handler to emit raw JSON Schema 2020-12 #1378

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
pcarleton wants to merge 5 commits into from
Closed

fix: override tools/list handler to emit raw JSON Schema 2020-12 #1378

pcarleton wants to merge 5 commits into from
+1,233 −2

Conversation

@pcarleton
Copy link
Member

@pcarleton pcarleton commented Jan 13, 2026

Summary

The Zod-to-JSON-Schema conversion strips $schema, $defs, and additionalProperties fields. This overrides the ListToolsRequestSchema handler in the conformance server to inject the raw JSON Schema for the SEP-1613 test tool.

Changes

  • Override tools/list handler to inject raw JSON Schema for the json_schema_2020_12_tool
  • This bypasses Zod-to-JSON-Schema conversion which strips JSON Schema 2020-12 features

Testing

All 31 server conformance tests pass, including the json-schema-2020-12 scenario (4/4 checks).

Related

@pcarleton
Add server conformance testing
a173c1d 
- Move conformance server to src/conformance/everything-server.ts
- Add scripts/run-server-conformance.sh to start server and run tests
- Add server conformance scripts to package.json
- Update GitHub Actions workflow with both client and server jobs
- Add src/conformance/README.md with usage instructions
- Add express, cors, and @modelcontextprotocol/server to root devDependencies
@pcarleton
Address code review feedback
025a7e4 
- Remove unused Tool type import
- Remove unused JSON_SCHEMA_2020_12_INPUT_SCHEMA constant
  (SEP-1613 test is pending - SDK validation supports the fields via PR #1135,
  but tool registration doesn't yet support generating raw JSON Schema)
- Remove emoji from console.log
- Alphabetize devDependencies in package.json
@pcarleton
Make server conformance script args more flexible
7a74bc0 
Pass through all arguments to conformance CLI instead of just suite name.
This allows passing --scenario, --suite, or any other flags.
@pcarleton
Add test:conformance:server:run script
8856303 
Runs the conformance server standalone for debugging.
@pcarleton
fix: override tools/list handler to emit raw JSON Schema 2020-12
1e63e17 
The Zod-to-JSON-Schema conversion strips $schema, $defs, and
additionalProperties fields. Override the ListToolsRequestSchema
handler to inject the raw JSON Schema for the SEP-1613 test tool.

This enables all server conformance tests to pass, including the
json-schema-2020-12 scenario that tests SEP-1613 compliance.
@pcarleton pcarleton requested a review from a team as a code owner January 13, 2026 09:39
@changeset-bot
Copy link

changeset-bot bot commented Jan 13, 2026

⚠️ No Changeset found

Latest commit: 1e63e17

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@pkg-pr-new
Copy link

pkg-pr-new bot commented Jan 13, 2026

Open in StackBlitz

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/client@1378

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/server@1378

commit: 1e63e17

github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 13, 2026
View reviewed changes
src/conformance/everything-server.ts
// Configure CORS to expose Mcp-Session-Id header for browser-based clients
app.use(
cors({
origin: '*',

Check warning

Code scanning / CodeQL

Permissive CORS configuration Medium

CORS Origin allows broad access due to
permissive or user controlled value
Loading
.
@pcarleton
Copy link
Member Author

pcarleton commented Jan 13, 2026

Closing - this server-side hack isn't the right approach. PR #1135 fixed the client side (preserving JSON Schema 2020-12 fields when parsing). The conformance test should be a client test instead, verifying that clients correctly preserve $schema, $defs, and additionalProperties when receiving tool definitions.

@pcarleton pcarleton closed this Jan 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pcarleton