feat: enhance MCP tool name validation with comprehensive pattern detection

.github/CODEOWNERS

@@ -26,20 +26,20 @@ NOTICE                                                         @awslabs/mcp-admi
 /src/amazon-qbusiness-anonymous-mcp-server                     @awslabs/mcp-admins @awslabs/mcp-maintainers  @abhjaw
 /src/amazon-qindex-mcp-server                                  @awslabs/mcp-admins @awslabs/mcp-maintainers  @tkoba-aws @akhileshamara
 /src/amazon-sns-sqs-mcp-server                                 @awslabs/mcp-admins @awslabs/mcp-maintainers  @kenliao94 @hashimsharkh
-/src/aurora-dsql-mcp-server                                    @awslabs/mcp-admins @awslabs/mcp-maintainers  @gxjx-x @imforster @wcmjunior @anwesham-lab @benjscho @pkale @amaksimo @mitchell-elholm
+/src/aurora-dsql-mcp-server                                    @awslabs/mcp-admins @awslabs/mcp-maintainers  @gxjx-x @anwesham-lab @benjscho @pkale @amaksimo @praba2210
 /src/aws-api-mcp-server                                        @awslabs/mcp-admins @awslabs/mcp-maintainers  @awslabs/aws-api-mcp @rshevchuk-git @PCManticore @iddv @arnewouters @bidesh
 /src/aws-appsync-mcp-server                                    @awslabs/mcp-admins @awslabs/mcp-maintainers  @phani-srikar @maxi114 @neelmurt
 /src/aws-bedrock-custom-model-import-mcp-server                @awslabs/mcp-admins @awslabs/mcp-maintainers  @krokoko
 /src/aws-bedrock-data-automation-mcp-server                    @awslabs/mcp-admins @awslabs/mcp-maintainers  @krokoko @theagenticguy
 /src/aws-dataprocessing-mcp-server                             @awslabs/mcp-admins @awslabs/mcp-maintainers  @naikvaib @LiyuanLD @ckha2000 @raghav1397 @chappidim @yuxiaorun
 /src/aws-diagram-mcp-server                                    @awslabs/mcp-admins @awslabs/mcp-maintainers  @MichaelWalker-git
 /src/aws-documentation-mcp-server                              @awslabs/mcp-admins @awslabs/mcp-maintainers  @Lavoiedavidw @JonLim @tuanknguyen @AadityaBhoota @artb30 @alexisareyn
-/src/aws-healthomics-mcp-server                                @awslabs/mcp-admins @awslabs/mcp-maintainers  @markjschreiber @WIIASD @a-li @alxawan
+/src/aws-healthomics-mcp-server                                @awslabs/mcp-admins @awslabs/mcp-maintainers  @markjschreiber @WIIASD @a-li @alxawan @sabeelmansuri
 /src/aws-iac-mcp-server                                        @awslabs/mcp-admins @awslabs/mcp-maintainers  @kdbrogan @vishaalmehrishi @aemada-aws @kumvprat
 /src/aws-iot-sitewise-mcp-server                               @awslabs/mcp-admins @awslabs/mcp-maintainers  @ychamare @ashuanand1226 @charlie-7 @ajain13
 /src/aws-knowledge-mcp-server                                  @awslabs/mcp-admins @awslabs/mcp-maintainers  @FaresYoussef94 @animebar @zdwheels @nihal712 @forerocf @deepankanbn @nzmdn @GuXiangTS
 /src/aws-location-mcp-server                                   @awslabs/mcp-admins @awslabs/mcp-maintainers  @scottschreckengaust @theagenticguy
-/src/aws-msk-mcp-server                                        @awslabs/mcp-admins @awslabs/mcp-maintainers  @dingyiheng # @elmoctarebnou
+/src/aws-msk-mcp-server                                        @awslabs/mcp-admins @awslabs/mcp-maintainers  @dingyiheng @mehbey @isaurab007
 /src/aws-network-mcp-server                                    @awslabs/mcp-admins @awslabs/mcp-maintainers  @juhala-aws @NetDevAutomate
 /src/aws-pricing-mcp-server                                    @awslabs/mcp-admins @awslabs/mcp-maintainers  @nspring00 @aytech-in @s12v
 /src/aws-serverless-mcp-server                                 @awslabs/mcp-admins @awslabs/mcp-maintainers  @bx9900
@@ -58,13 +58,14 @@ NOTICE                                                         @awslabs/mcp-admi
 /src/cost-explorer-mcp-server                                  @awslabs/mcp-admins @awslabs/mcp-maintainers
 /src/document-loader-mcp-server                                @awslabs/mcp-admins @awslabs/mcp-maintainers  @andywidjaja @hvital @HaoOliv
 /src/documentdb-mcp-server                                     @awslabs/mcp-admins @awslabs/mcp-maintainers  @theagenticguy
-/src/dynamodb-mcp-server                                       @awslabs/mcp-admins @awslabs/mcp-maintainers  @akeyesamzn @shetsa-amzn @LeeroyHannigan @amzn-erdemkemer
+/src/dynamodb-mcp-server                                       @awslabs/mcp-admins @awslabs/mcp-maintainers  @akeyesamzn @ysunio @LeeroyHannigan @amzn-erdemkemer
 /src/ecs-mcp-server                                            @awslabs/mcp-admins @awslabs/mcp-maintainers  @guitar80ep @matthewgoodman13 @nineonine @biagic @tusharbabbar @lewisct
 /src/eks-mcp-server                                            @awslabs/mcp-admins @awslabs/mcp-maintainers  @patrick-yu-amzn @srhsrhsrhsrh
 /src/elasticache-mcp-server                                    @awslabs/mcp-admins @awslabs/mcp-maintainers  @seaofawareness
 /src/finch-mcp-server                                          @awslabs/mcp-admins @awslabs/mcp-maintainers  @Shubhranshu153 @pendo324
 /src/frontend-mcp-server                                       @awslabs/mcp-admins @awslabs/mcp-maintainers  @jimini55
 /src/git-repo-research-mcp-server                              @awslabs/mcp-admins @awslabs/mcp-maintainers  @krokoko @theagenticguy
+/src/healthimaging-mcp-server                                  @awslabs/mcp-admins @awslabs/mcp-maintainers  @manish364
 /src/healthlake-mcp-server                                     @awslabs/mcp-admins @awslabs/mcp-maintainers  @aws-steve @awsri
 /src/iam-mcp-server                                            @awslabs/mcp-admins @awslabs/mcp-maintainers  @oshardik
 /src/lambda-tool-mcp-server                                    @awslabs/mcp-admins @awslabs/mcp-maintainers  @danilop @jsamuel1

.github/workflows/aws-api-mcp-upgrade-version.yml

@@ -40,7 +40,7 @@ jobs:
         with:
           token: ${{ secrets.BOT_GITHUB_TOKEN }}
       - name: Install uv
-        uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
+        uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0
       - name: Check and upgrade AWS CLI version
         id: upgrade
         working-directory: src/aws-api-mcp-server

.github/workflows/cfn_nag.yml

@@ -35,7 +35,7 @@ jobs:
           output_path: cfn_nag.sarif
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@b2ff80ddacba59b60f4e0cf3b699baaea3230cd9 # v4.31.9
+        uses: github/codeql-action/upload-sarif@c0fc915677567258ee3c194d03ffe7ae3dc8d741 # v4.31.9
 
         # Results are generated only on a success or failure
         # this is required since GitHub by default won't run the next step

.github/workflows/check-license-header.json

@@ -78,7 +78,10 @@
       "**/*.template",
       "**/*.properties",
       "**/*.xml",
-      "**/dist/**"
+      "**/dist/**",
+      "**/skills/*/scripts",
+      "**/skills/*/references",
+      "**/skills/*/mcp"
     ]
   }
 ]

.github/workflows/checkov.yml

@@ -28,14 +28,14 @@ jobs:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
 
       - name: Checkov GitHub Action
-        uses: bridgecrewio/checkov-action@5051a5cfc7e4c71d95199f81ffafbb490c7e6213 # v12.3079.0
+        uses: bridgecrewio/checkov-action@f99709f8ccc3496220c987b7d8729653237c23dc # v12.3086.0
         with:
           # This will add both a CLI output to the console and create a results.sarif file
           output_format: cli,sarif
           output_file_path: console,results.sarif
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@b2ff80ddacba59b60f4e0cf3b699baaea3230cd9 # v4.31.9
+        uses: github/codeql-action/upload-sarif@c0fc915677567258ee3c194d03ffe7ae3dc8d741 # v4.31.9
 
         # Results are generated only on a success or failure
         # this is required since GitHub by default won't run the next step

.github/workflows/codeql.yml

@@ -71,7 +71,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@b2ff80ddacba59b60f4e0cf3b699baaea3230cd9 # v4.31.9
+      uses: github/codeql-action/init@c0fc915677567258ee3c194d03ffe7ae3dc8d741 # v4.31.9
       with:
         languages: ${{ matrix.language }}
         build-mode: ${{ matrix.build-mode }}
@@ -99,6 +99,6 @@ jobs:
         exit 1
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@b2ff80ddacba59b60f4e0cf3b699baaea3230cd9 # v4.31.9
+      uses: github/codeql-action/analyze@c0fc915677567258ee3c194d03ffe7ae3dc8d741 # v4.31.9
       with:
         category: "/language:${{matrix.language}}"

.github/workflows/dependency-review-action.yml

@@ -12,7 +12,7 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 #v4.8.2
+        uses: actions/dependency-review-action@05fe4576374b728f0c523d6a13d64c25081e0803 #v4.8.3
         with:
           # https://github.com/actions/dependency-review-action/issues/944
           allow-dependencies-licenses: 'pkg:pypi/uv@0.8.10'

.github/workflows/powershell.yml

@@ -37,6 +37,6 @@ jobs:
           output: results.sarif
 
       - name: Upload SARIF results file
-        uses: github/codeql-action/upload-sarif@b2ff80ddacba59b60f4e0cf3b699baaea3230cd9 # v4.31.9
+        uses: github/codeql-action/upload-sarif@c0fc915677567258ee3c194d03ffe7ae3dc8d741 # v4.31.9
         with:
           sarif_file: results.sarif

.github/workflows/pre-commit-requirements.txt

@@ -1,5 +1,5 @@
 #
-# This file is autogenerated by pip-compile with Python 3.12
+# This file is autogenerated by pip-compile with Python 3.10
 # by the following command:
 #
 #    pip-compile --generate-hashes --output-file=.github/workflows/pre-commit-requirements.txt --strip-extras .github/workflows/pre-commit-requirements.in
@@ -87,6 +87,10 @@ pyyaml==6.0.2 \
     --hash=sha256:f753120cb8181e736c57ef7636e83f31b9c0d1722c516f7e86cf15b7aa57ff12 \
     --hash=sha256:ff3824dc5261f50c9b0dfb3be22b4567a6f938ccce4587b38952d85fd9e9afe4
     # via pre-commit
+typing-extensions==4.15.0 \
+    --hash=sha256:0cea48d173cc12fa28ecabc3b837ea3cf6f38c6d1136f85cbaaf598984861466 \
+    --hash=sha256:f0fa19c6845758ab08074a0cfa8b7aecb71c999ca73d62883bc25cc018c4e548
+    # via virtualenv
 virtualenv==20.36.1 \
     --hash=sha256:575a8d6b124ef88f6f51d56d656132389f961062a9177016a50e4f507bbcc19f \
     --hash=sha256:8befb5c81842c641f8ee658481e42641c68b5eab3521d8e092d18320902466ba

.github/workflows/pre-commit.yml

@@ -46,7 +46,7 @@ jobs:
         echo "vars.GITHUB_WORKSPACE=${{ vars.GITHUB_WORKSPACE }}"
         python -m pip install --require-hashes --requirement ${{ github.workspace }}/.github/workflows/pre-commit-requirements.txt
         python -m pip freeze --local
-    - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 #v5.0.2
+    - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 #v5.0.3
       with:
         path: ~/.cache/pre-commit
         key: pre-commit-3|${{ runner.os }}|${{ hashFiles(matrix.precommit) }}

.github/workflows/python.yml

@@ -78,7 +78,7 @@ jobs:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Install uv
-        uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
+        uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0
 
       - name: Set up Python
         uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
@@ -87,7 +87,7 @@ jobs:
           # cache: uv (not supported)
 
       - name: Cache GraphViz
-        uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 #v5.0.2
+        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 #v5.0.3
         id: cache-graphviz
         with:
           path: "~/graphviz"
@@ -132,6 +132,7 @@ jobs:
         run: |
           python3 scripts/verify_package_name.py src/${{ matrix.package }}
           uv run --script scripts/verify_awslabs_init.py src/${{ matrix.package }}
+          python3 scripts/verify_tool_names.py src/${{ matrix.package }} || true
 
       - name: Run tests
         working-directory: src/${{ matrix.package }}

.github/workflows/release-initiate-branch.yml

@@ -178,7 +178,7 @@ jobs:
           token: ${{ secrets.BOT_GITHUB_TOKEN }}
           ref: ${{ needs.create-branch.outputs.release-branch }}
       - name: Install uv
-        uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
+        uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0
       - name: Bump package version
         run: |
           set -euo pipefail

.github/workflows/release.yml

@@ -303,7 +303,7 @@ jobs:
       # Clear up space for specific large projects
       - name: Clear Up Space (Aggressively) for Specific Projects
         if: contains(fromJson('["core-mcp-server"]'), matrix.changed-directory)
-        uses: awslabs/mcp/.github/actions/clear-space-ubuntu-latest-agressively@16fbeff0b6ac1bb09b767aec95f5d89fd3b30cd2
+        uses: awslabs/mcp/.github/actions/clear-space-ubuntu-latest-agressively@11841059cfcc830c367325450a1898ebffef6e01
       #TODO: remove local action checkout when working...
       - name: Checkout repository
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
@@ -350,7 +350,7 @@ jobs:
 
           echo "::debug::Directory validated: $FULL_PATH"
       - name: Install uv
-        uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
+        uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0
       - name: Build package
         working-directory: ${{ env.SRC_DIRECTORY }}/${{ matrix.changed-directory }}
         run: |

.github/workflows/scorecard-analysis.yml

@@ -50,6 +50,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@b2ff80ddacba59b60f4e0cf3b699baaea3230cd9 # v4.31.9
+        uses: github/codeql-action/upload-sarif@c0fc915677567258ee3c194d03ffe7ae3dc8d741 # v4.31.9
         with:
           sarif_file: scorecard-results.sarif

.github/workflows/semgrep.yml

@@ -30,6 +30,6 @@ jobs:
           python -m pip install --require-hashes --requirement .github/workflows/semgrep-requirements.txt
       - run: semgrep scan --config auto --sarif-output semgrep.sarif.json --no-error --dryrun --verbose
       - name: Upload Semgrep scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@b2ff80ddacba59b60f4e0cf3b699baaea3230cd9 # v4.31.9
+        uses: github/codeql-action/upload-sarif@c0fc915677567258ee3c194d03ffe7ae3dc8d741 # v4.31.9
         with:
           sarif_file: semgrep.sarif.json

.github/workflows/stale.yml

@@ -12,7 +12,7 @@ jobs:
       issues: write
       pull-requests: write
     steps:
-      - uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # v10.1.1
+      - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
         with:
           days-before-stale: -1
           days-before-close: -1

.github/workflows/trivy.yml

@@ -46,7 +46,7 @@ jobs:
     steps:
       - name: Clear Up Space (Agressively) for Trivy Scans that Run Out of Space
         if: contains(toJson('["src/core-mcp-server"]'), matrix.dockerfile)
-        uses: awslabs/mcp/.github/actions/clear-space-ubuntu-latest-agressively@16fbeff0b6ac1bb09b767aec95f5d89fd3b30cd2
+        uses: awslabs/mcp/.github/actions/clear-space-ubuntu-latest-agressively@11841059cfcc830c367325450a1898ebffef6e01
 
       - name: Get Checkout Depth
         id: checkout-depth
@@ -122,14 +122,14 @@ jobs:
 
       - name: Run Trivy vulnerability scanner
         if: hashFiles(format('{0}/trivy-results.sarif', matrix.dockerfile)) == ''
-        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 #v0.33.1
+        uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 #v0.34.2
         with:
           image-ref: 'docker.io/${{ matrix.dockerfile }}:${{ github.sha }}'
           format: 'sarif'
           output: '${{ matrix.dockerfile }}/trivy-results.sarif'
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@b2ff80ddacba59b60f4e0cf3b699baaea3230cd9 # v4.31.9
+        uses: github/codeql-action/upload-sarif@c0fc915677567258ee3c194d03ffe7ae3dc8d741 # v4.31.9
         with:
           sarif_file: '${{ matrix.dockerfile }}/trivy-results.sarif'
 

.secrets.baseline

@@ -215,7 +215,7 @@
         "filename": "src/dynamodb-mcp-server/README.md",
         "hashed_secret": "37b5ecd16fe6c599c85077c7992427df62b2ab71",
         "is_verified": false,
-        "line_number": 260,
+        "line_number": 269,
         "is_secret": false
       }
     ],
@@ -962,5 +962,5 @@
       }
     ]
   },
-  "generated_at": "2026-01-15T14:59:02Z"
+  "generated_at": "2026-02-25T11:54:09Z"
 }

DESIGN_GUIDELINES.md

@@ -482,31 +482,61 @@ async def mcp_generate_image(
 
 Tool guidelines:
 
-1. Use descriptive tool names in `camelCase` or `snake_case` consistently
+1. Use descriptive tool names following the naming conventions below
 2. Include the Context parameter for error reporting
 3. Use detailed Field descriptions for all parameters
 4. Return structured responses using Pydantic models when possible
 5. Document the tool's purpose, inputs, and outputs comprehensively
 
 ### 🔤 Tool Naming Conventions
 
-To maintain consistency and compatibility, tool names must follow these rules:
+To maintain consistency and compatibility with the Model Context Protocol specification, tool names must follow these rules:
 
-- ✅ **Maximum of 64 characters** in total length
-- ✅ Must start with a letter
-- ✅ Use only lowercase letters and hyphens (`-`)
-- ❌ Avoid special characters (e.g., `@`, `$`, `!`)
+#### Required Rules:
+- ✅ **Maximum of 64 characters** for the fully qualified name (including `awslabs` prefix, server name, and tool name)
+- ✅ Must start with a letter (a-z, A-Z)
+- ✅ Use only alphanumeric characters, underscores (`_`), or hyphens (`-`)
+- ✅ Tool names are **case-sensitive** (per MCP specification)
+- ✅ Tool names should be **unique within their namespace**
+- ❌ No spaces, commas, or special characters (e.g., `@`, `$`, `!`)
 - ❌ Do not start with a number
 
+#### Naming Style Recommendations:
+
+We **recommend snake_case** as it aligns with official MCP reference implementations and Python conventions, but we accept other styles for team consistency:
+
+**✅ Recommended: snake_case**
+- `read_file`, `create_entities`, `get_current_time`
+- Used by official MCP servers (filesystem, memory, time)
+- Best for Python-based tools
+
+**✅ Accepted: kebab-case**
+- `batch-apply-update-action`, `connect-jump-host`
+- Common in CLI tools and web APIs
+
+**✅ Accepted: PascalCase**
+- `ExecuteQuery`, `KendraQueryTool`, `QBusinessQueryTool`
+- Familiar to developers from other languages
+
+**Important:** Stay consistent within your MCP server. Don't mix naming styles.
+
 #### ✅ Valid Examples:
-- `data-cleaner`
-- `csv-uploader`
-- `pdf-generator`
+- `read_file` (snake_case - recommended)
+- `create-bucket` (kebab-case - accepted)
+- `ExecuteQuery` (PascalCase - accepted)
+- `get_file_info` (snake_case with clear verb-noun pattern)
 
 #### ❌ Invalid Examples:
-- `123tool`
-- `tool!@#$`
-- `name-that-is-way-too-long-and-goes-beyond-the-sixty-four-character-limit-of-the-rule`
+- `123tool` (starts with number)
+- `tool!@#$` (special characters)
+- `read file` (contains space)
+- `name-that-is-way-too-long-and-goes-beyond-the-sixty-four-character-limit-including-server-prefix` (exceeds 64 chars)
+
+#### Best Practices:
+1. Use descriptive, action-oriented names (verb-noun pattern: `get_status`, `create_user`)
+2. Keep the fully qualified name under 64 characters (some MCP clients add prefixes/suffixes)
+3. Be consistent within your server - pick one style and stick to it
+4. Refer to the [MCP Tool Naming Specification (SEP-986)](https://modelcontextprotocol.io/community/seps/986-specify-format-for-tool-names.md) for official guidance
 
 ## Asynchronous Programming