fix: replace weak string-based stdio check with structured validation in ai-chat-node and chat pipeline

Author: jackieya

apps/application/chat_pipeline/step/chat_step/impl/base_chat_step.py

@@ -242,8 +242,11 @@ def _handle_mcp_request(self, mcp_source, mcp_servers, mcp_tool_ids, tool_ids,
         # 兼容老数据
         if not mcp_tool_ids:
             mcp_tool_ids = []
-        if mcp_source == 'custom' and mcp_servers and '"stdio"' not in mcp_servers:
+        if mcp_source == 'custom' and mcp_servers:
             mcp_servers_config = json.loads(mcp_servers)
+            for _srv_name, _srv_cfg in mcp_servers_config.items():
+                if isinstance(_srv_cfg, dict) and str(_srv_cfg.get('transport', '')).lower() == 'stdio':
+                    raise ValueError(f'stdio transport is not allowed for MCP server: {_srv_name}')
         elif mcp_tool_ids:
             mcp_tools = QuerySet(Tool).filter(id__in=mcp_tool_ids).values()
             for mcp_tool in mcp_tools:

apps/application/flow/step_node/ai_chat_step_node/impl/base_chat_node.py

@@ -234,8 +234,11 @@ def _handle_mcp_request(self, mcp_source, mcp_servers, mcp_tool_id, mcp_tool_ids
             mcp_tool_ids = []
         if mcp_tool_id:
             mcp_tool_ids = list(set(mcp_tool_ids + [mcp_tool_id]))
-        if mcp_source == 'custom' and mcp_servers and '"stdio"' not in mcp_servers:
+        if mcp_source == 'custom' and mcp_servers:
             mcp_servers_config = json.loads(mcp_servers)
+            for _srv_name, _srv_cfg in mcp_servers_config.items():
+                if isinstance(_srv_cfg, dict) and str(_srv_cfg.get('transport', '')).lower() == 'stdio':
+                    raise ValueError(f'stdio transport is not allowed for MCP server: {_srv_name}')
             mcp_servers_config = self.handle_variables(mcp_servers_config)
         elif mcp_tool_ids:
             mcp_tools = QuerySet(Tool).filter(id__in=mcp_tool_ids).values()