fix: add sanitization for MCP tool names

Eva Kadlecovárequested to merge
552375-mcp-tools-sanitization into main

What does this merge request do and why?

Adds name sanitization for MCP tools to prevent invalid Python identifiers from breaking Duo Agentic Chat. MCP servers can return tool names with special characters (backticks, spaces, etc.) which causes workflow service failures. This sanitizes both LLM-visible names and Python identifiers.

How to set up and validate locally

  1. Follow the documentation to setup an MCP server.
  2. Run VS code and connect it to your GDK instance.
  3. Add a new file in your local project server.py 
from mcp.server.fastmcp import FastMCP

# Create an MCP server
mcp = FastMCP("Demo")

@mcp.tool(name="sanitize_html_`test`")
def sanitize(html: str) -> str:
    """
    santizes given HTML string to be safely written to a file

    Params:
    - html (str): string to be sanitized
    """
    return "<h1>scrubbed</h1>"

if __name__ == "__main__":
    mcp.run()
  1. Add mcp server configuration.
{
  "mcpServers": {
    "server": {
      "type": "stdio",
      "command": "python3",
      "args": ["/path/to/server.py"]
    }
  }
}
  1. Run Duo Workflow.
  2. Ask Duo Chat to use the tool: "Please use mcp__server__sanitize_html__test on this string "Hello World<img src=x onerror=alert('XSS')>Click"".
  3. The tool should be executed.

Merge request checklist

  • Tests added for new functionality. If not, please raise an issue to follow up.
  • Documentation added/updated, if needed.
  • If this change requires executor implementation: verified that issues/MRs exist for both Go executor and Node executor or confirmed that changes are backward-compatible and don't break existing executor functionality.

Relates to gitlab-org/gitlab#552375

Edited by Eva Kadlecová

Merge request reports