Who owns the validation layer?

[MiguelsPizza]

Currently, inputSchema is purely a semantic hint for the agent. If the agent calls the tool incorrectly, it is up to the tool creators to validate and provide feedback to the caller. From my experience, this feedback is really important for SLM's (prompt API) that often miss-call tools on the first attempt and rely on the validation error feedback to self correct.

Considering that this is something every tool creator is going to have to maintain individually, it would be nice if the browser instead did the validation and returned validation errors in a structured way (prior art)

Related security work that could benefit from browser owned validation: #45, #73 and #9

[bwalderman]

Validating the input schema at the browser level makes sense as a default behavior. In the case of declarative <form> tools, it might even make sense to map input schema errors to HTML form validation errors that the user would then have a chance to correct.

I can see developers wanting to customize error behavior and the error message that ultimately gets sent back to the agent. Surfacing errors as an error event on the modelContext object with details about the tool call and the specific validation errors would give the developer a chance to intercept the error and do things like: log it, rethrow a more descriptive error, or maybe even attempt recovery and let the tool call proceed. If an error event isn't handled, the browser can just do the default behavior which would be to return the raw schema validation results back to the agent.

[johannhof]

I agree that this makes sense to do on browser side