Skip to content

Validate required params in discussion read handlers#2741

Open
rodboev wants to merge 2 commits into
github:mainfrom
rodboev:pr/discussions-required-params
Open

Validate required params in discussion read handlers#2741
rodboev wants to merge 2 commits into
github:mainfrom
rodboev:pr/discussions-required-params

Conversation

@rodboev

@rodboev rodboev commented Jun 21, 2026

Copy link
Copy Markdown

Summary

Fixes get_discussion and get_discussion_comments, which accepted calls with missing required parameters and silently issued GraphQL queries with zero or empty values, by replacing mapstructure.WeakDecode with the RequiredParam/RequiredInt validation pattern already used by every write handler in the same file.

Why

Both read handlers declare a local struct and call mapstructure.WeakDecode(args, &params) (discussions.go:317 and discussions.go:425). WeakDecode populates struct fields from the args map using loose type coercion and leaves fields at their zero value when a key is absent. A call without owner silently sets it to "", which then reaches the GraphQL layer and produces a confusing API-level error rather than a clear MCP tool error naming the missing field.

PR #2718 replaced WeakDecode with RequiredParam/RequiredInt in every write handler in the same file. The read handlers were not included in that pass.

Fixes #2740 (filed alongside this PR)

What changed

  • pkg/github/discussions.go: replaced mapstructure.WeakDecode in get_discussion and get_discussion_comments handlers with RequiredParam[string]/RequiredInt calls; removed local params structs.
  • pkg/github/discussions_test.go: added missing-param error test cases for both handlers; removed Test_GetDiscussionWithStringNumber and Test_GetDiscussionCommentsWithStringNumber (WeakDecode string coercion no longer applies).

Tool parameters and schemas are unchanged.

MCP impact

  • No tool or API changes

Handler-only change — tool name, description, and InputSchema for get_discussion and get_discussion_comments are unchanged. Toolsnaps and generated docs are unaffected.

Prompts tested (tool changes only)

N/A (no tool schema or behavior changes for well-formed calls).

Security / limits

  • No security or limits impact

Both handlers read from a user-supplied args map and pass validated values to GraphQL queries. No new scopes, no data exposure changes.

Tool renaming

  • I am not renaming tools as part of this PR

Lint & tests

  • Linted locally with ./script/lint

Direct lint commands passed locally: gofmt -s -w pkg/github/discussions.go pkg/github/discussions_test.go produced no diff; golangci-lint run reported 0 issues.

  • Tested locally with ./script/test

./script/test was not run locally. go test -race ./... passed locally (all packages ok).

Docs

  • Not needed

No tool schema changed; script/generate-docs output is unaffected.

@rodboev rodboev requested a review from a team as a code owner June 21, 2026 03:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants