`_resolve_params_pydantic_model` resolves base-class annotation, breaking subclass-extended request validation

[bokelley]

Summary

When a seller's DecisioningPlatform subclass overrides a tool method with a more-specific request annotation, the SDK's _resolve_params_pydantic_model resolves the base class's annotation, not the subclass's. The seller's extended schema (e.g. with extra="forbid" for strict-extra rejection) is silently bypassed at the wire boundary.

Repro

Salesagent has its own GetProductsRequest extending the library's, with extra="forbid" in dev mode to catch unknown fields:

# src/core/schemas/product.py
from adcp.types import GetProductsWholesaleRequest as LibraryGetProductsRequest

class GetProductsRequest(LibraryGetProductsRequest):
    model_config = ConfigDict(extra=get_pydantic_extra_mode())  # "forbid" in dev
    buying_mode: str | None = Field(None, ...)  # widened
    ...

The subclass platform method:

# core/platforms/mock.py
class MockSellerPlatform(DecisioningPlatform):
    async def get_products(
        self,
        req: GetProductsRequest,  # ← salesagent's strict-extra subclass
        ctx: RequestContext[Any],
    ) -> dict[str, Any]:
        return await _delegate_get_products(req, ctx)

Annotations resolve correctly via typing.get_type_hints:

hints: {'req': <class 'src.core.schemas.product.GetProductsRequest'>, ...}

But when the SDK builds the tool caller via create_tool_caller(handler, "get_products", ...), _resolve_params_pydantic_model(method) returns the library's type:

[DEBUG SDK] get_products: params_model=<class 'adcp.types.generated_poc.media_buy.get_products_request.GetProductsRequest'>

Library's GetProductsRequest has extra="allow", so calls with unknown fields slip through validation untouched. The seller's intended strict-extra contract is silently bypassed.

Impact

Any seller who extends a library request type to add stricter validation (forbid extra fields, narrow union types, custom validators) finds those rules silently bypassed at the MCP wire boundary. Tests that rely on the wire layer rejecting unknown fields (e.g. salesagent's test_unknown_field_rejected) fail with no obvious cause — the validation simply doesn't run.

Suspected cause

_resolve_params_pydantic_model likely walks the platform's base class methods (because that's how it gets the catalog of advertised tools and their canonical signatures) instead of the subclass's actual override. The base-class signature uses the library type; the subclass override uses the seller's extended type.

Suggested fix

When iterating advertised tools to build callers, look up getattr(handler, method_name) (which is the subclass-bound method) and use that method's annotations for the params model resolution — not the base class's signature. The base class's role is to advertise; the subclass's role is to type-narrow.

Reproduction repo: https://github.com/bokelley/salesagent (hits this on 4.5.0; salesagent test tests/integration/test_mcp_unknown_field_handling.py::TestMcpDevMode::test_unknown_field_rejected).

[bokelley]

Triage

Classification: Bug
Bucket(s): handlers (dispatch layer — note: no handlers label exists in this repo; applying bug instead)
Status: drafting-pr
Milestone: omit

What the experts said:

• code-reviewer (Step 4): no blockers; noted double-validator assumption deserves a docstring comment, missing graceful-degradation test for get_type_hints failure — both addressed
• dx-expert (Step 4): BLOCKER — pydantic.ValidationError from re-validation would surface as INTERNAL_ERROR / terminal; fixed in implementation (raises AdcpError("INVALID_REQUEST", recovery="correctable") directly)
• code-reviewer (pre-PR): BLOCKER — on_failure not called before try block, causing proposal reservation leak on create_media_buy subclass validation failure; fixed; BLOCKER — VAR_POSITIONAL/VAR_KEYWORD parameters not guarded; fixed
• dx-expert (pre-PR): same on_failure blocker; docs paragraph for DecisioningPlatform subclass behavior added to handler-authoring.md

My take: The root cause is that _invoke_platform_method holds a BaseModel instance already typed as the library's permissive type and never consults the platform method's own annotation. The fix is minimal and non-breaking: coercion only fires when the annotation is a strict Python subclass of the passed type, so all existing callers are unaffected. Three iterations of expert review converged with no remaining blockers.

Drafting PR on claude/issue-596-subclass-params-validation.

---

Triaged by Claude Code. Session: https://claude.ai/code/session_01GUtwfX2NfFEVUuZZBCA5qP

---

Generated by Claude Code