|
30 | 30 | logger = get_logger(__name__) |
31 | 31 |
|
32 | 32 |
|
33 | | -class ExternalSchemaRefError(ValueError): |
34 | | - """A tool schema contains a `$ref` that is not a same-document reference.""" |
| 33 | +class ExternalSchemaRefError(Exception): |
| 34 | + """A tool schema contains a `$ref` that is not a same-document reference. |
| 35 | +
|
| 36 | + Deliberately not a `ValueError`: schema generation treats a `ValueError` as |
| 37 | + an unserializable type and degrades gracefully, but an external `$ref` is a |
| 38 | + hard error that must surface at tool registration. |
| 39 | + """ |
35 | 40 |
|
36 | 41 |
|
37 | 42 | class StrictJsonSchema(GenerateJsonSchema): |
38 | 43 | """Render tool schemas, raising on pydantic warnings and external `$ref`s. |
39 | 44 |
|
40 | 45 | Warnings (e.g. a non-serializable type) become errors so they surface at tool |
41 | 46 | registration instead of silently producing a degenerate schema. External |
42 | | - `$ref`s -- which pydantic never emits itself, but a user can inject via |
43 | | - `Field(json_schema_extra=...)` -- are an SSRF / fetch-DoS vector and are |
| 47 | + `$ref`s, which pydantic never emits itself but a user can inject via |
| 48 | + `Field(json_schema_extra=...)`, are an SSRF / fetch-DoS vector and are |
44 | 49 | rejected for the same reason (SEP-2106). |
45 | 50 |
|
46 | 51 | See: https://modelcontextprotocol.io/seps/2106-json-schema-2020-12#security-implications |
@@ -433,9 +438,6 @@ def _try_create_model_and_schema( |
433 | 438 | # Use StrictJsonSchema to raise exceptions instead of warnings |
434 | 439 | try: |
435 | 440 | schema = model.model_json_schema(schema_generator=StrictJsonSchema) |
436 | | - except ExternalSchemaRefError: |
437 | | - # SEP-2106: an external $ref is a hard error, not an unserializable type. |
438 | | - raise |
439 | 441 | except ( |
440 | 442 | PydanticUserError, |
441 | 443 | TypeError, |
|
0 commit comments