fix(mcp): accept PostHog UUIDs in evaluation tool parameters#53382
Open
andrewm4894 wants to merge 3 commits intomasterfrom
Open
fix(mcp): accept PostHog UUIDs in evaluation tool parameters#53382andrewm4894 wants to merge 3 commits intomasterfrom
andrewm4894 wants to merge 3 commits intomasterfrom
Conversation
PostHog uses UUIDv7-style identifiers where the version nibble can be `0` (e.g. `019d5924-5d0e-0000-f0ff-...`). Zod's built-in `.uuid()` rejects these because it requires version 1-8 per RFC 9562. This made it impossible to update, delete, get, or run evaluations via MCP tools. Replace `z.string().uuid()` with a shared `posthogUuid()` helper that accepts any 8-4-4-4-12 hex string.
Contributor
Prompt To Fix All With AIThis is a comment left during a code review.
Path: services/mcp/src/tools/llmAnalytics/evaluations/run.ts
Line: 8
Comment:
**`target_event_id` not validated with `posthogUuid`**
`target_event_id` is described as a UUID, but it still uses `z.string()` with no format validation. Now that `posthogUuid()` is available and imported in this file, this field could use the same validator for consistency — especially since passing an incorrectly formatted value here would silently reach the API.
```suggestion
target_event_id: posthogUuid().describe('The UUID of the $ai_generation event to evaluate.'),
```
How can I resolve this? If you propose a fix, please make it concise.Reviews (1): Last reviewed commit: "fix(mcp): accept PostHog UUIDs in evalua..." | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
PostHog UUIDs don't pass Zod's strict RFC 9562 validation. Rather than rolling a custom regex, just use z.string() — the API handles invalid IDs with a 404, so client-side format validation adds no value.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
PostHog uses UUIDv7-style identifiers where the version nibble can be
0(e.g.019d5924-5d0e-0000-f0ff-8b13567dc212). Zod's built-in.uuid()validator rejects these because it requires version 1-8 per RFC 9562. This made it impossible to update, delete, get, or run evaluations via MCP tools — any evaluation ID returned byevaluation-createorevaluations-getwould fail validation when passed back to other tools.Changes
z.string().uuid()with plainz.string()in all 5 evaluation tool schemas (create, get, update, delete, run)How did you test this code?
pnpm tsc --noEmitpassespnpm vitest run— all 427 tests pass (1 pre-existing SSL cert failure unrelated to this change)vitest -uno
🤖 LLM context
Agent-authored PR. Discovered the bug while trying to use the MCP
evaluation-updateandevaluation-deletetools — every PostHog-generated UUID was rejected by Zod's strict UUID validation. Initially added a custom regex helper, then simplified to just dropping.uuid()entirely since the API handles validation.