fix(core): relax tool name validation to support unprefixed MCP tools

[kevin-ramdass]

Summary

Relaxes the tool name validation logic in isValidToolName to accept any valid slug (alphanumeric with dashes/underscores). This fixes an issue where valid, unprefixed MCP tools were being rejected by the agent configuration validator.

Details

Previously, isValidToolName enforced a strict namespace__tool format for all non-built-in tools. However, the MCP runtime typically registers tools without a prefix by default (unless there is a name collision). This mismatch caused the static validator to reject valid tool names that the runtime was capable of executing, effectively blocking agents from using them.

This change aligns isValidToolName with the runtime's behavior by allowing any tool name that matches the standard slug pattern ^[a-z0-9-_]+$/i.

Related Issues

How to Validate

1. Ensure you have an MCP extension installed that provides a tool.
2. Create or modify an agent TOML file (e.g., ~/.gemini/agents/test.toml) to include this tool using its simple, unprefixed name:

   tools = ["simple_tool_name"]

3. Run the agent (restart of CLI may be required).
4. Expected: The agent loads successfully. Previously, this would fail with a Validation failed: tools.0: Invalid tool name error.

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[gemini-code-assist]

Summary of Changes

Hello @kevin-ramdass, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request updates the tool name validation logic within the core package to be more flexible. The primary goal is to enable proper recognition and usage of unprefixed tools, particularly those originating from the MCP runtime, which were previously being erroneously rejected due to overly strict validation rules. This ensures that agents can correctly utilize a broader range of valid tool names.

Highlights

• Relaxed Tool Name Validation: The isValidToolName function has been updated to accept any valid slug (alphanumeric with dashes/underscores), moving away from a strict namespace__tool format for non-built-in tools.
• Support for Unprefixed MCP Tools: This change specifically addresses an issue where valid, unprefixed tools from the MCP runtime were being incorrectly rejected by the agent configuration validator, aligning validation with runtime behavior.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Size Change: +55 B (0%)

Total Size: 22 MB

ℹ️ View Unchanged

Filename	Size	Change
./bundle/gemini.js	22 MB	+55 B (0%)
./bundle/sandbox-macos-permissive-closed.sb	1.03 kB	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-closed.sb	3.29 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B

_{compressed-size-action}

[gemini-code-assist]

Code Review

This pull request relaxes the tool name validation to support unprefixed tool names, which is a sensible change to align with the runtime behavior. The implementation is straightforward. However, I've identified a potential security vulnerability where tool names could be set to constructor or prototype, which could lead to prototype pollution. I've suggested a fix to the regex to prevent this. I also noted that the same vulnerability exists in another part of the function for namespaced tools, which should also be addressed.

[gemini-code-assist]

The current regex allows tool names like constructor and prototype. If these tool names are later used as keys in plain JavaScript objects, this could lead to prototype pollution vulnerabilities. It's safer to explicitly disallow these names in the regex.

Note that the same vulnerability exists for the namespaced tool validation on line 87. While that line is not part of this diff, it should also be updated to prevent this vulnerability for namespaced tools (e.g., server__constructor).

Suggested change

	const slugRegex = /^[a-z0-9-_]+$/i;
	const slugRegex = /^(?!(?:constructor|prototype)$)[a-z0-9-_]+$/i;