fix: ExecuteExtraTool 加 schema 预校验防止 deferred 工具崩溃

模型通过 ExecuteExtraTool 调 CronCreate 时把字段名拼成 schedule（而非 cron），raw params 透传到 validateInput，input.cron 为 undefined，触发 parseCronExpression 的 expr.trim() 抛 TypeError。所有参数组合同样崩溃，与具体参数无关。三层修复： - ExecuteTool.call 在调 validateInput 前先跑 targetTool.inputSchema. safeParse（鸭子类型跳过 MCP），失败时返回 formatZodValidationError 友好消息，成功时透传 parsed data 让 .default() 生效、strictObject 拦截多余字段。这是架构根治，覆盖所有 deferred 工具。 - CronCreateTool.validateInput 顶部加 typeof string 守卫，给模型精确字段错误消息。 - parseCronExpression 顶部加 typeof string 守卫，覆盖 cronToHuman 等所有调用者。新增 4 个测试覆盖：cron undefined 输入返回 null、ExecuteTool schema 验证拒绝错字段名且 validateInput 不被触达、.default() 透传、MCP-like 工具跳过 schema 校验。 Co-Authored-By: glm-5.2 <zai-org@claude-code-best.win>
2026-06-23 00:35:51 +00:00 · 2026-06-18 13:59:27 +08:00
parent b83395cdfe
commit 99b9c6a400
5 changed files with 233 additions and 1 deletions
--- a/packages/builtin-tools/src/tools/ExecuteTool/ExecuteTool.ts
+++ b/packages/builtin-tools/src/tools/ExecuteTool/ExecuteTool.ts
@@ -10,6 +10,7 @@ import {
 } from 'src/Tool.js'
 import { lazySchema } from 'src/utils/lazySchema.js'
 import { createUserMessage } from 'src/utils/messages.js'
+import { formatZodValidationError } from 'src/utils/toolErrors.js'
 import {
  extractDiscoveredToolNames,
  isSearchExtraToolsEnabledOptimistic,
@@ -121,6 +122,42 @@ export const ExecuteTool = buildTool({
      }
    }

+    // Schema-validate params against the target tool BEFORE delegating.
+    // ExecuteExtraTool passes raw params straight from the model to
+    // validateInput/call without re-running the target's zod schema, so a
+    // wrong field name (e.g. 'schedule' instead of 'cron') or a missing
+    // required field reaches the tool as undefined and the first
+    // .trim()/.length/.split() crashes with "undefined is not an object".
+    // CronCreateTool's .trim() crash was the reported symptom; centralizing
+    // the check here covers every deferred tool without relying on each one
+    // to defensively guard its own validateInput. Duck-typed so MCP tools
+    // (whose schema is inputJSONSchema, not zod) skip this branch.
+    const targetSchema = targetTool.inputSchema as
+      | { safeParse?: (data: unknown) => unknown }
+      | undefined
+    if (targetSchema?.safeParse) {
+      const parsed = targetSchema.safeParse(input.params) as
+        | { success: true; data: Record<string, unknown> }
+        | { success: false; error: z.ZodError }
+      if (!parsed.success) {
+        return {
+          data: {
+            result: null,
+            tool_name: input.tool_name,
+          },
+          newMessages: [
+            createUserMessage({
+              content: formatZodValidationError(input.tool_name, parsed.error),
+            }),
+          ],
+        }
+      }
+      // Use parsed params going forward — picks up .default() values and
+      // strips unknown keys for strictObject schemas so validateInput/call
+      // never see fields they don't expect.
+      input.params = parsed.data
+    }
+
    // Validate input before delegating — prevents crashes when the model
    // omits required params (e.g. TeamCreate without team_name →
    // sanitizeName(undefined).replace() TypeError).