Skip to content

Add validation package with http and group subpackages#6

Merged
JAORMX merged 1 commit intomainfrom
add-validation-package
Feb 2, 2026
Merged

Add validation package with http and group subpackages#6
JAORMX merged 1 commit intomainfrom
add-validation-package

Conversation

@JAORMX
Copy link
Contributor

@JAORMX JAORMX commented Feb 2, 2026

Summary

  • Graduate the validation package from toolhive with a structured subpackage layout
  • Third Tier 1 package per THV-0032 RFC

validation/http

Security-focused HTTP validation per RFC 7230 and RFC 8707:

import "github.com/stacklok/toolhive-core/validation/http"

http.ValidateHeaderName("X-API-Key")           // RFC 7230 header names
http.ValidateHeaderValue("Bearer token")       // RFC 7230 header values
http.ValidateResourceURI("https://api.example.com")  // RFC 8707 resource URIs

Protects against:

  • CRLF injection attacks
  • Control character injection
  • Malformed URIs

validation/group

Group name validation for consistent naming conventions:

import "github.com/stacklok/toolhive-core/validation/group"

group.ValidateName("my-team-123")  // lowercase alphanumeric, dashes, underscores, spaces

Test plan

  • task lint passes
  • task license-check passes
  • task test passes with race detection

🤖 Generated with Claude Code

@JAORMX @claude
Add validation package with http and group subpackages
c7dfe4e 
Graduate the validation package from toolhive to toolhive-core with
a structured subpackage layout for better organization and extensibility.

validation/http:
- ValidateHeaderName: RFC 7230 HTTP header name validation
- ValidateHeaderValue: RFC 7230 HTTP header value validation
- ValidateResourceURI: RFC 8707 canonical URI validation for OAuth

validation/group:
- ValidateName: Group name validation (lowercase alphanumeric, dashes,
  underscores, spaces with strict whitespace rules)

Both subpackages include comprehensive documentation with usage examples
and thorough test coverage for security-sensitive validation logic.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@JAORMX JAORMX force-pushed the add-validation-package branch from b30f851 to c7dfe4e Compare February 2, 2026 14:02
@JAORMX JAORMX merged commit 79f1983 into main Feb 2, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rdimitrov rdimitrov rdimitrov approved these changes

@jhrozek jhrozek Awaiting requested review from jhrozek

@lujunsan lujunsan Awaiting requested review from lujunsan

@amirejaz amirejaz Awaiting requested review from amirejaz

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JAORMX @rdimitrov