Deduplicate shared config validation across TOML and stdin paths

[Copilot]

Server-level config validation had drift-prone duplication between the TOML loader and JSON stdin validation flow. The same auth, tool_response_filters, and gateway payload threshold rules were implemented in parallel, with parity enforced only by convention and comments.

• Shared validation helpers

  • Extracted validateCommonServerFields(...) to centralize per-server auth and tool_response_filters validation.
  • Extracted validateGatewayPayloadSizeThreshold(...) to centralize positive-integer validation for gateway payload threshold fields across both config formats.

• TOML path

  • Updated LoadFromFile to delegate shared per-server validation to the new helper.
  • Replaced inline payload_size_threshold validation with the shared gateway helper.

• JSON stdin path

  • Updated validateStandardServerConfig to use the shared per-server helper instead of revalidating auth and response filters inline.
  • Updated validateGatewayConfig to use the shared gateway payload-threshold helper.

• Regression coverage

  • Added a parity test asserting TOML loading and stdin validation produce the same error for the same invalid tool_response_filters input.

func validateCommonServerFields(name, serverType string, auth *AuthConfig, filters map[string]string, jsonPath string) error {
	if err := validateServerAuth(auth, serverType, name, jsonPath); err != nil {
		return err
	}
	return validateToolResponseFilters(filters, jsonPath+".tool_response_filters")
}

[Copilot]

Pull request overview

This PR reduces drift risk in configuration validation by centralizing shared validation logic used by both the TOML loader (LoadFromFile) and the JSON-stdin validation flow, and adds a regression test intended to ensure parity for invalid tool_response_filters.

Changes:

• Introduces validateCommonServerFields(...) to share per-server auth and tool_response_filters validation across TOML and stdin paths.
• Introduces validateGatewayPayloadSizeThreshold(...) and updates both config formats to use it for gateway payload threshold validation.
• Adds a parity regression test for invalid tool_response_filters jq expressions.

Show a summary per file

File	Description
internal/config/validation.go	Adds shared validation helpers and switches stdin gateway validation to use the shared payload threshold validator.
internal/config/config_core.go	Switches TOML load-time per-server validation and payload_size_threshold validation to the shared helpers.
internal/config/config_core_test.go	Adds a regression test intended to assert parity between TOML and stdin validation errors for invalid jq filters.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 3/3 changed files
• Comments generated: 1

[lpcox]

@copilot fix failing ci checks

[lpcox]

@copilot fix failing ci checks

[Copilot]

@copilot fix failing ci checks

Fixed in the latest commit. There were three separate issues causing CI failures:

1. Syntax error — TestLoadFromFile_ToolResponseFilter_InvalidJqExpressionMatchesStdinValidation was missing its closing }, which the Go parser reported as expected '(', found TestLoadFromFile_ToolResponseFilter_WhitespaceOnlyValue.

2. Duplicate TLS files — tls_config.go and tls_config_test.go were accidentally introduced alongside the existing tls.go/tls_test.go, redeclaring MinTLSVersion, NewServerTLSConfig, and NewClientTLSConfig. Removed the duplicates and restored tls_test.go to match main.

3. Nil interface bug in validateGatewayPayloadSizeThreshold — PositiveInteger returns *ValidationError. Returning it directly as error produced a non-nil interface even when the pointer was nil, causing valid thresholds (≥ 1) to be incorrectly flagged as errors. Fixed by explicitly returning nil when the concrete pointer is nil.

[Copilot]

@copilot fix failing ci checks

The CI failures have been resolved in commit ff1038d. All tests now pass:

Fixed issues:

1. ✅ Syntax error - Missing closing brace in test function TestLoadFromFile_ToolResponseFilter_InvalidJqExpressionMatchesStdinValidation
2. ✅ Duplicate TLS files - Removed tls_config.go and tls_config_test.go duplicates
3. ✅ Nil interface bug - Fixed validateGatewayPayloadSizeThreshold to explicitly return nil when validation succeeds

Verification:

• ✅ make lint - passes
• ✅ make test-unit - all tests pass
• ✅ make test-race - no race conditions
• ✅ make agent-finished - full verification succeeds

The workflow status shows "action_required" which indicates pending approvals or required checks, not test failures.