* Validate that a value is a non-empty string within length bounds. * * The `maxLength` cap protects against MCP clients that ship huge * payloads (10MB+ query strings either by accident or maliciously). * Without this, a single oversized input can pin the FTS5 index or * exhaust memo
(
value: unknown,
name: string,
maxLength: number = MAX_INPUT_LENGTH
)
| 1119 | * exhaust memory before any real work runs. |
| 1120 | */ |
| 1121 | private validateString( |
| 1122 | value: unknown, |
| 1123 | name: string, |
| 1124 | maxLength: number = MAX_INPUT_LENGTH |
| 1125 | ): string | ToolResult { |
| 1126 | if (typeof value !== 'string' || value.length === 0) { |
| 1127 | return this.errorResult(`${name} must be a non-empty string`); |
| 1128 | } |
| 1129 | if (value.length > maxLength) { |
| 1130 | return this.errorResult( |
| 1131 | `${name} exceeds maximum length of ${maxLength} characters (got ${value.length})` |
| 1132 | ); |
| 1133 | } |
| 1134 | return value; |
| 1135 | } |
| 1136 | |
| 1137 | /** |
| 1138 | * Validate an optional path-like string input. Returns the value if |
no test coverage detected