Audit — R93 B4 Consensus Schema Regex Messages

Round: R93 debug-sweep (fix #4 of 6) Branch: feature/r93-b4-consensus-regex-msgs Base SHA: fbc8808a β task: 3cfa2d18-6820-4cd7-be77-7e85c1143279

§1. Goal

Surface useful error messages when a caller passes a malformed string to a consensus tool. Today Zod’s .regex() default emits the generic literal "Invalid", which gives the caller no hint about the expected format.

§2. Live reproduction 

mcp__colibri__consensus_finality {round_id:"00000000-0000-0000-0000-000000000000"}
  → MCP error -32602: Input validation error:
    "validation":"regex", "code":"invalid_string", "message":"Invalid", "path":["round_id"]

round_id is the decimal-string identifier allocated by consensus_propose (e.g. "1", "2"). The schema accepts only positive decimal integers via /^[1-9][0-9]*$/. UUIDs (and most other strings) fail. The current error tells the caller nothing about the right format.

§3. Affected schemas

src/domains/consensus/tools.ts:103-113 declares 4 regex constants:

Name Regex Used by
HEX_64_RE /^[0-9a-f]{64}$/ merkle_root_hex, rule_version_hash_hex in propose / vote / vrf_eval output (32-byte hex)
HEX_EVEN_NONEMPTY_RE /^([0-9a-f]{2})+$/ seed_hex, input_hex, priv_key_hex of vrf_eval
HEX_EVEN_OR_EMPTY_RE /^([0-9a-f]{2})*$/ evidence field in consensus_finality output
DECIMAL_POSITIVE_RE /^[1-9][0-9]*$/ round_id in vote + finality input

§6 input schemas (lines 196-248) and §7 output schemas (lines 254-288) call .regex(<RE>) 9 times across these constants.

§4. Test coverage

rg "Invalid|validation.*regex|toBe\('Invalid'\)" src/__tests__/domains/consensus/ returns zero matches. No test asserts on the generic "Invalid" string. Adding descriptive messages will not break existing tests.

§5. Constraints

  • MUST keep the regex constants unchanged (existing usage relies on them being just regexes).
  • MUST keep .regex(RE) semantics intact — only the second message arg is added.
  • MUST preserve the strict-input-schema posture: a malformed input still returns INVALID_PARAMS (Pattern A per R93 B3 docs).

Proceeding to contract + packet (compact for XS scope).

Back to top

Colibri — documentation-first MCP runtime. Apache 2.0 + Commons Clause.

This site uses Just the Docs, a documentation theme for Jekyll.