feat(056): output-schema validation for proxied tool calls (Spec 054 Track A)

[Dumbris]

Summary

Implements Track A of the Spec 054 MCP-security-gateway umbrella, carved into its own feature (Spec 056). When an upstream tool declares an outputSchema, mcpproxy now validates the tool's structured response against that schema at the proxy boundary before it reaches the agent — closing the only completely-empty axis of the security story ("validated data out"). A buggy or compromised server can no longer inject malformed/oversized/unexpected structured data into the agent's context.

Spec/plan/tasks: specs/056-output-schema-validation/.

Behaviour (backward-compatible by default)

mode	violating structuredContent	conforming	no schema / text-only / error result
off	forward	forward	forward
warn (default)	forward + policy_decision audit	forward unchanged	forward
strict	block (error result) + audit	forward unchanged	forward (text-only governed by missing_structured_content)

• Lossless on success — conforming structuredContent is forwarded byte-for-byte (validate a read-only view, never strip-then-validate).
• Cheap byte-size + nesting-depth guards run before schema compilation (DoS bound).
• An uncompilable tool schema degrades to a no-op (logged once) — never blocks traffic.
• Honors the ContextForge #4042 trap: declared schema + text-only response does not hard-fail in warn.

Key changes

• internal/outputvalidation — new pure package: Validator with a per-tool compiled-schema sync.Map cache (santhosh-tekuri/jsonschema/v6), guards, Verdict. No server/storage deps.
• internal/config — OutputValidationConfig (mode/max_bytes/max_depth/missing_structured_content, nil-safe helpers, default warn) + ToolMetadata.OutputSchemaJSON.
• internal/upstream/core/client.go — capture RawOutputSchema/OutputSchema at discovery (FR-A1).
• internal/runtime/{stateview,supervisor} — propagate OutputSchemaJSON onto the in-memory snapshot for cheap call-time lookup (no per-call index query).
• internal/server — applyOutputValidation wired into both handleCallToolVariant forward sites; pure evaluateOutputValidation decision core; reuses emitActivityPolicyDecision. Identical in personal + server editions.
• OpenAPI spec regenerated for the new config model.

Design note: validation runs in mcp.go on forwardContentResult's output (its StructuredContent is untouched by truncation) rather than inside forwardContentResult, keeping that function pure. So the test coverage lives in internal/server/output_validation_test.go rather than a content_forward_test.go.

Testing

• Unit: internal/outputvalidation (19, validator + guards, -race); internal/config (8); internal/server output-validation (11 — every decision branch incl. #4042 trap, guard breach, uncompilable schema). golangci-lint clean on new files; both editions build.
• E2E (curl + CLI, fresh data-dir, committed stub MCP server e2e/stubs/outputschema):
  • strict → bad_output blocked: output schema validation failed: ... at '/id': got string, want integer, with a blocked policy_decision record (verified via GET /api/v1/activity?type=policy_decision)
  • strict → conforming passes; text_only (no structured, allow) passes
  • warn → bad_output forwarded unchanged ({"id":"not-an-int"}, isError:false) + a warning policy_decision record

Out of scope (other Spec 054 tracks)

Output sanitisation (B), per-tool ACLs (C), TOFU pinning of schemas/annotations (D), audit hash chain (E).

Related #521

[cloudflare-workers-and-pages]

Deploying mcpproxy-docs with    Cloudflare Pages

Latest commit:	45e0f47
Status:	✅  Deploy successful!
Preview URL:	https://10c0f4c3.mcpproxy-docs.pages.dev
Branch Preview URL:	https://056-output-schema-validation.mcpproxy-docs.pages.dev

View logs

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

❌ Patch coverage is 61.53846% with 95 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
internal/server/mcp.go	37.25%	26 Missing and 6 partials ⚠️
e2e/stubs/outputschema/main.go	0.00%	26 Missing ⚠️
internal/outputvalidation/validator.go	79.76%	13 Missing and 4 partials ⚠️
internal/upstream/core/client.go	0.00%	11 Missing ⚠️
internal/runtime/supervisor/supervisor.go	50.00%	5 Missing ⚠️
internal/outputvalidation/guards.go	80.00%	2 Missing and 2 partials ⚠️

📢 Thoughts on this report? Let us know!

[github-actions]

📦 Build Artifacts

Workflow Run: View Run
Branch: 056-output-schema-validation

Available Artifacts

• archive-darwin-amd64 (27 MB)
• archive-darwin-arm64 (25 MB)
• archive-linux-amd64 (16 MB)
• archive-linux-arm64 (14 MB)
• archive-windows-amd64 (27 MB)
• archive-windows-arm64 (24 MB)
• frontend-dist-pr (0 MB)
• installer-dmg-darwin-amd64 (21 MB)
• installer-dmg-darwin-arm64 (18 MB)

How to Download

Option 1: GitHub Web UI (easiest)

1. Go to the workflow run page linked above
2. Scroll to the bottom "Artifacts" section
3. Click on the artifact you want to download

Option 2: GitHub CLI

gh run download 26416222217 --repo smart-mcp-proxy/mcpproxy-go

Note: Artifacts expire in 14 days.