Merge 3a81429e6d into 6b5596ec36

2026-05-13 07:46:47 +00:00 · 2026-05-13 01:27:48 +08:00 · 2026-05-13 01:27:48 +08:00 · 7ff01abb0c
commit 7ff01abb0c
parent 6b5596ec36 3a81429e6d
2 changed files with 39 additions and 3 deletions
--- a/packages/data-provider/specs/mcp.spec.ts
+++ b/packages/data-provider/specs/mcp.spec.ts
@ -1,6 +1,42 @@
-import { SSEOptionsSchema, MCPServerUserInputSchema } from '../src/mcp';
+import { MCPOptionsSchema, SSEOptionsSchema, MCPServerUserInputSchema } from '../src/mcp';
+
+describe('MCPOptionsSchema', () => {
+  describe('title validation', () => {
+    it('should accept hyphenated MCP server titles in config', () => {
+      const result = MCPOptionsSchema.safeParse({
+        type: 'sse',
+        url: 'https://example.com/mcp',
+        title: 'My-Test Server',
+      });
+
+      expect(result.success).toBe(true);
+    });
+
+    it('should still reject unsupported title characters', () => {
+      const result = MCPOptionsSchema.safeParse({
+        type: 'sse',
+        url: 'https://example.com/mcp',
+        title: 'My_Test Server',
+      });
+
+      expect(result.success).toBe(false);
+    });
+  });
+});

 describe('MCPServerUserInputSchema', () => {
+  describe('title validation', () => {
+    it('should accept hyphenated MCP server titles in user input', () => {
+      const result = MCPServerUserInputSchema.safeParse({
+        type: 'sse',
+        url: 'https://example.com/mcp',
+        title: 'My-Test Server',
+      });
+
+      expect(result.success).toBe(true);
+    });
+  });
+
  describe('env variable exfiltration prevention', () => {
    it('should confirm admin schema resolves env vars (attack vector baseline)', () => {
      process.env.FAKE_SECRET = 'leaked-secret-value';
--- a/packages/data-provider/src/mcp.ts
+++ b/packages/data-provider/src/mcp.ts
@ -3,10 +3,10 @@ import { TokenExchangeMethodEnum } from './types/agents';
 import { extractEnvVariable } from './utils';

 const BaseOptionsSchema = z.object({
-  /** Display name for the MCP server - only letters, numbers, and spaces allowed */
+  /** Display name for the MCP server - only letters, numbers, spaces, and hyphens allowed */
  title: z
    .string()
-    .regex(/^[a-zA-Z0-9 ]+$/, 'Title can only contain letters, numbers, and spaces')
+    .regex(/^[a-zA-Z0-9 -]+$/, 'Title can only contain letters, numbers, spaces, and hyphens')
    .optional(),
  /** Description of the MCP server */
  description: z.string().optional(),