Skip to content

[Code Quality] Add validation for tools timeout and startup-timeout fields #12656

New issue
New issue
Open
Open
[Code Quality] Add validation for tools timeout and startup-timeout fields#12656
Labels
automationcode-qualitycookieIssue Monster Loves Cookies!mcptask-miningvalidation
@github-actions

Description

@github-actions
github-actions
bot
opened on Jan 30, 2026

Description

The tools.timeout and tools.startup-timeout fields have schema constraints (minimum: 1) but lack runtime validation. This allows zero or negative timeout values that could cause unexpected MCP server behavior and immediate failures.

Current Situation

Schema Constraints:

  • tools.timeout: minimum: 1 (seconds)
  • tools.startup-timeout: minimum: 1 (seconds)

Current Behavior:

  • Schema declares minimum value of 1
  • Fields are processed in pkg/workflow/tools*.go files
  • NO runtime validation for minimum constraint
  • Zero or negative values could pass through

Impact

tools.timeout = 0:

  • MCP operations might timeout immediately
  • Unpredictable behavior depending on underlying implementation

tools.startup-timeout = 0:

  • MCP servers fail to start (immediate timeout)
  • Container startup failures
  • Difficult-to-debug initialization issues

Suggested Changes

Add validation for both timeout fields where they are processed:

// Validate timeout (if present)
if config.Timeout != 0 {
    if err := validateIntRange(config.Timeout, 1, math.MaxInt32, "tools.timeout"); err != nil {
        return err
    }
}

// Validate startup-timeout (if present)
if config.StartupTimeout != 0 {
    if err := validateIntRange(config.StartupTimeout, 1, math.MaxInt32, "tools.startup-timeout"); err != nil {
        return err
    }
}

Files Affected

  • pkg/workflow/tools*.go (timeout field processing)
  • pkg/workflow/validation_helpers.go (validation helper already exists)
  • pkg/parser/schemas/main_workflow_schema.json (schema already correct)

Success Criteria

  • tools.timeout values < 1 are rejected with clear error message
  • tools.startup-timeout values < 1 are rejected with clear error message
  • Validation uses existing validateIntRange helper for consistency
  • Error messages clearly state the minimum allowed value (1 second)
  • Unit tests cover edge cases: 0, -1, 1, typical values (30, 60, 300)

Testing Scenarios

  1. Zero Timeout: timeout: 0 → Validation error
  2. Negative Timeout: timeout: -5 → Validation error
  3. Minimum Valid: timeout: 1 → Accepted
  4. Typical Values: timeout: 30, timeout: 60 → Accepted
  5. Omitted Field: No timeout specified → Default behavior (no validation error)

Source

Extracted from Schema Consistency Audit discussion #11412

Original Finding:

"tools.timeout - Schema: minimum: 1. Reality: No runtime check for positive integer. Risk: Timeout of 0 or negative values could cause unexpected behavior. tools.startup-timeout - Schema: minimum: 1. Reality: No runtime check. Risk: Startup timeout of 0 could cause immediate MCP server failures."

References:

AI generated by Discussion Task Miner - Code Quality Improvement Agent

  • expires on Feb 13, 2026, 1:34 AM UTC

Metadata

Metadata

Assignees

No one assigned

    Labels

    automationcode-qualitycookieIssue Monster Loves Cookies!mcptask-miningvalidation

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions