Skip to content

Fix critical validation gap for run volume parameters #324

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Fix critical validation gap for run volume parameters #324

wants to merge 2 commits into from
+123 −0

Conversation

cyberkunju
Copy link

Summary

The registry validator had a blind spot: while isConfigEnvValid() enforces that environment variable templates are namespaced with the server name, there was no equivalent guard for server.Run.Volumes. As a result, any volume mapping could reference parameters from a completely different server and still pass validation, only to explode later at runtime with an opaque Docker error.

Problem

Here’s the kind of misconfiguration we were silently accepting:

name: my-server
image: mcp/my-server
type: server
run:
  volumes:
    - '{{wrong-name.storage_path}}:/app/data'  # Wrong prefix!
config:
  parameters:
    type: object
    properties:
      storage_path:
        type: string

Because nothing double-checked server.Run.Volumes, {{wrong-name.storage_path}} skated by unchecked. When Docker spun up the container it couldn’t resolve that parameter and failed with a cryptic message.

Impact

More than twenty production servers rely on templated volumes today, including:

  • arxiv-mcp-server{{arxiv-mcp-server.storage_path}}:/app/papers
  • markdownify{{markdownify.paths|volume|into}}
  • aks{{aks.azure_dir}}:/home/mcp/.azure

Any typo in those prefixes would have slipped through CI and landed in the registry, leaving operators to discover the failure only after deployment.

Solution

  • Introduced isRunVolumesValid() to mirror the existing environment validation rules.
  • Enforce that every template is prefixed with the current server name, whether it’s a bare parameter ({{server.param}}) or a filtered expression ({{server.param|filter|into}}).
  • Emit clear, actionable error messages that call out the expected prefix versus what we actually saw.

Before

$ go run ./cmd/validate --name my-server
✅ Config env is valid
✅ License validation skipped
# Invalid volume parameter silently accepted!

After

$ go run ./cmd/validate --name my-server
✅ Config env is valid
2025/10/10 volume parameter must be prefixed with "my-server." but found "wrong-name.storage_path" in: "{{wrong-name.storage_path}}:/app/data"
exit status 1

Testing

  • New coverage: Unit tests spanning valid prefixes, filter expressions, and edge cases.
  • Stability fixes: Cleaned up existing tests to assert on the improved error handling.
  • Validation sweep: Confirmed arxiv-mcp-server, markdownify, and aks all pass with the new guardrails.

This closes the validation gap and surfaces configuration mistakes where they belong—in CI, not in production.

@cyberkunju cyberkunju requested a review from a team as a code owner October 10, 2025 19:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cyberkunju