fix(core): sanitize and length-check MCP tool qualified names

[abhipatel12]

Summary

Fixes "Invalid function name" 400 errors from the Gemini API caused by MCP tool names exceeding character limits or containing invalid characters.

Details

The enforcement of qualified names (Server + Tool) for subagents (introduced in b7a8f0d) exposed a limitation in the naming sanitization logic. Server names containing spaces and long tool names combined to create function names that were either illegal or exceeded the 64-character limit enforced by the Gemini API.

This PR:

• Enhances generateValidName to handle digit-prefixes, colons, and strict 63-character length enforcement.
• Implements a middle-truncation strategy to preserve uniqueness in long names while staying within API limits.
• Ensures the entire qualified name is sanitized before being sent to the model.

Related Issues

Fixes a regression introduced in b7a8f0d.

How to Validate

Run the new regression tests:

npm test -w @google/gemini-cli-core -- src/tools/mcp-tool.test.ts

Expected result: 51 tests passed, including the new "MCP Tool Naming Regression Fixes" suite.

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses and resolves "Invalid function name" 400 errors encountered with the Gemini API. These errors stemmed from MCP tool qualified names exceeding character limits or containing disallowed characters, a regression introduced by previous changes. The solution involves refining the name sanitization logic to ensure all generated names comply with API requirements, thereby improving the robustness of tool integration.

Highlights

• Enhanced Name Sanitization: The generateValidName function has been significantly improved to correctly handle digit-prefixes, allow colons, and enforce a strict 63-character length limit for tool names.
• Middle-Truncation Strategy: A new middle-truncation strategy was implemented within generateValidName to preserve uniqueness for overly long names while ensuring they adhere to API length constraints.
• Comprehensive Qualified Name Sanitization: The entire qualified name for MCP tools, including both server and tool names, is now sanitized before being sent to the model, resolving issues caused by invalid characters or excessive length in combined names.
• New Regression Tests: A comprehensive suite of new regression tests has been added to validate the improved naming logic for both individual tool names and fully qualified names, covering various edge cases.

Changelog

• packages/core/src/tools/mcp-tool.test.ts
  • Added a new test suite "MCP Tool Naming Regression Fixes" to verify the generateValidName function's behavior for spaces, colons, digit prefixes, and middle truncation for long names.
  • Included tests for DiscoveredMCPTool's getFullyQualifiedName to ensure correct handling of spaces in server names, long server/tool names, and server names starting with digits.
• packages/core/src/tools/mcp-tool.ts
  • Modified the DiscoveredMCPTool constructor to apply generateValidName to the nameOverride or serverToolName argument.
  • Updated getFullyQualifiedName to apply generateValidName to the concatenated serverName and serverToolName, ensuring the entire qualified name is sanitized.
  • Enhanced the generateValidName utility function to allow colons (:) in valid characters, prepend an underscore (_) if the name starts with a non-alphabetic character or underscore, and add a final length check to strictly truncate names to 63 characters if they still exceed the limit after middle truncation.

Activity

• The author has marked the "Updated relevant documentation and README" checklist item as complete.
• The author has marked the "Added/updated tests" checklist item as complete.
• The author has validated the changes on MacOS using npm run.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request effectively addresses a critical bug causing "Invalid function name" errors from the Gemini API by sanitizing and length-checking the full MCP tool qualified names. However, the implementation introduces a significant security risk: sanitized tool names used by the LLM may mismatch the unsanitized names used for policy enforcement. This discrepancy, coupled with a fail-open error handling pattern in the policy engine, could lead to the bypass of security policies and user confirmation prompts for certain MCP tools. Additionally, there is a high-severity suggestion to remove a redundant block of code to improve maintainability.

[github-actions]

Size Change: +305 B (0%)

Total Size: 25.8 MB

ℹ️ View Unchanged

Filename	Size	Change
./bundle/gemini.js	25.3 MB	+305 B (0%)
./bundle/node_modules/@google/gemini-cli-devtools/dist/client/main.js	221 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/_client-assets.js	227 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/index.js	11.5 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/types.js	132 B	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B
./bundle/sandbox-macos-strict-open.sb	4.82 kB	0 B
./bundle/sandbox-macos-strict-proxied.sb	5.02 kB	0 B

_{compressed-size-action}

[kevin-ramdass]

Thanks!