Skip to content

fix(server): no input validation for numeric parameters — speed, vol, pitch, n, sample_rate, bitrate #66

@alfonsodg

Description

@alfonsodg

Problem

Tool functions accept numeric parameters with documented valid ranges but perform zero validation before sending to the API. Invalid values are sent directly, resulting in cryptic API errors instead of clear user-facing messages.

Exact locations

minimax_mcp/server.py:

  • text_to_audio(): speed (0.5-2.0), vol (0-10), pitch (-12 to 12), sample_rate (enum), bitrate (enum), channel (1-2)
  • text_to_image(): n (1-9), aspect_ratio (enum)
  • music_generation(): sample_rate (enum), bitrate (enum)

Example

# This sends invalid data to the API with no local validation:
text_to_audio(text="hello", speed=999, vol=-50, pitch=100)

Impact

  • Users get opaque API errors instead of clear validation messages
  • Wastes API calls (and money) on requests that will fail
  • Docstrings document ranges but code does not enforce them

Proposed solution

Add validation at the start of each function:

VALID_SAMPLE_RATES = {8000, 16000, 22050, 24000, 32000, 44100}
VALID_BITRATES = {32000, 64000, 128000, 256000}
VALID_EMOTIONS = {"happy", "sad", "angry", "fearful", "disgusted", "surprised", "neutral"}
VALID_FORMATS = {"pcm", "mp3", "flac"}
VALID_ASPECT_RATIOS = {"1:1", "16:9", "4:3", "3:2", "2:3", "3:4", "9:16", "21:9"}

def _validate_range(name: str, value, min_val, max_val):
    if not (min_val <= value <= max_val):
        raise MinimaxValidationError(f"{name} must be between {min_val} and {max_val}, got {value}")

def _validate_enum(name: str, value, valid_values: set):
    if value not in valid_values:
        raise MinimaxValidationError(f"{name} must be one of {valid_values}, got {value}")

Move these constants to const.py alongside the defaults.

Acceptance criteria

  • All documented parameter ranges are validated before API calls
  • Clear error messages indicating the valid range/values
  • Constants for valid values defined in const.py

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions