Rejection schema reference

Every rejected MCP tool call returns the same JSON shape. Agents pattern-match on error_code and use the remediation hint as the next-action signal — no natural-language parsing required.

Shape

{
  "passed":      false,
  "error_code":  "INPUT_REJECTED_DANGEROUS_FLAG",
  "error":       "rejected MCP input testArgs[0]=\"--rootdir=/tmp\": flag \"--rootdir\" can load arbitrary code via the underlying test runner; not allowed from MCP input",
  "summary":     "Rejected unsafe MCP input",
  "remediation": "Remove the rejected flag from testArgs. The flag can load arbitrary code via the underlying test runner and is denied from MCP input. If you need it for trusted CLI use, run coverctl directly without MCP."
}

Codes

error_code	When emitted	Recovery hint
INPUT_REJECTED_DANGEROUS_FLAG	Test arg matches a denylist flag (e.g. --rootdir, -D, --require).	Remove the flag; run via terminal CLI for trusted use.
INPUT_REJECTED_SHELL_METACHAR	Field contains shell metacharacters (“ ` $ ;	& < > “, newline).
INPUT_REJECTED_CONTROL_CHARS	Field contains NUL or CR/LF bytes.	Strip control bytes.
INPUT_REJECTED_INVALID_TAGS	tags does not match [A-Za-z0-9_,]+.	Pass alphanumeric, comma-separated identifiers.
INPUT_REJECTED_INVALID_TIMEOUT	timeout is not Go duration syntax.	Use 30s, 10m, 1h30s, …
INPUT_REJECTED_INVALID_RUN_PATTERN	-run filter contains shell-injection markers.	Use plain regex; remove backtick / $(...) / ;.
INPUT_REJECTED_PATH_SCOPE	Path input resolves outside the working directory.	Use a path inside the project root.
OP_CONFIG_EXISTS	init called when .coverctl.yaml already exists.	Pass force: true to overwrite.
OP_DETECT_FAILED	Auto-detection found no language markers.	Pass language explicitly or run from a project root.
OP_INVALID_PATH	Path could not be cleaned/validated.	Use a path inside the working directory.
OP_FILE_WRITE_FAILED	Filesystem error creating or writing config.	Check permissions and disk space.
OP_RATE_LIMITED	pr-comment exceeded five calls per five minutes per PR.	Wait or coalesce updates.
OP_MODULE_ROOT_MISSING	Could not resolve Go module root from cwd.	Run from inside a Go module, pass --language for non-Go repos, or check for nested submodules.
INPUT_REJECTED_OTHER	Unclassified input rejection.	Inspect error for details.

Schema stability guarantee

The schema is append-only:

• New error_code constants may be added to handle previously unclassified failures.
• Existing codes will not be renamed or repurposed without a major-version bump.
• The five required fields (passed, error_code, error, summary, remediation) are permanent. Additional fields may be added.

This contract is what lets agents recover deterministically from rejection without guessing or hallucinating fixes.

Two anti-patterns to watch for in agents

• Threshold lowering as a “fix” — agents proposing edits to .coverctl.yaml to drop a domain’s min:. That’s not a fix; it’s hiding the regression.
• Ignoring rejection codes — retrying the same input after a structured rejection. The remediation field tells the agent what to change.

Code references

• internal/mcp/sanitize.go — rejection codes + remediation copy
• internal/mcp/runtime_errors.go — typed-error classifier
• internal/mcp/sanitize_test.go
• internal/eval/scenarios/ — adversarial regression suite