feat: add new user-agent-extra flag

cmd/root.go

@@ -384,6 +384,7 @@ func NewCommand(opts ...Option) *Command {
 	// TODO: Insecure by default. Might consider updating this for v1.0.0
 	flags.StringSliceVar(&cmd.cfg.AllowedOrigins, "allowed-origins", []string{"*"}, "Specifies a list of origins permitted to access this server. Defaults to '*'.")
 	flags.StringSliceVar(&cmd.cfg.AllowedHosts, "allowed-hosts", []string{"*"}, "Specifies a list of hosts permitted to access this server. Defaults to '*'.")
+	flags.StringSliceVar(&cmd.cfg.UserAgentExtra, "user-agent-extra", []string{}, "Appends additional metadata to the User-Agent.")
 
 	// wrap RunE command so that we have access to original Command object
 	cmd.RunE = func(*cobra.Command, []string) error { return run(cmd) }

cmd/root_test.go

@@ -70,6 +70,9 @@ func withDefaults(c server.ServerConfig) server.ServerConfig {
 	if c.AllowedHosts == nil {
 		c.AllowedHosts = []string{"*"}
 	}
+	if c.UserAgentExtra == nil {
+		c.UserAgentExtra = []string{}
+	}
 	return c
 }
 
@@ -230,6 +233,13 @@ func TestServerConfigFlags(t *testing.T) {
 				AllowedHosts: []string{"http://foo.com", "http://bar.com"},
 			}),
 		},
+		{
+			desc: "user agent extra",
+			args: []string{"--user-agent-extra", "foo,bar"},
+			want: withDefaults(server.ServerConfig{
+				UserAgentExtra: []string{"foo", "bar"},
+			}),
+		},
 	}
 	for _, tc := range tcs {
 		t.Run(tc.desc, func(t *testing.T) {

docs/en/reference/cli.md

@@ -27,6 +27,7 @@ description: >
 |              | `--ui`                     | Launches the Toolbox UI web server.                                                                                                                                              |             |
 |              | `--allowed-origins`        | Specifies a list of origins permitted to access this server for CORs access.                                                                                                     | `*`         |
 |              | `--allowed-hosts`          | Specifies a list of hosts permitted to access this server to prevent DNS rebinding attacks.                                                                                      | `*`         |
+|              | `--user-agent-extra`       | Appends additional metadata to the User-Agent.                                                                                                                                   |             |
 | `-v`         | `--version`                | version for toolbox                                                                                                                                                              |             |
 
 ## Examples

internal/server/config.go

@@ -16,7 +16,6 @@ package server
 import (
 	"context"
 	"fmt"
-	"regexp"
 	"strings"
 
 	yaml "github.com/goccy/go-yaml"
@@ -65,12 +64,14 @@ type ServerConfig struct {
 	Stdio bool
 	// DisableReload indicates if the user has disabled dynamic reloading for Toolbox.
 	DisableReload bool
-	// UI indicates if Toolbox UI endpoints (/ui) are available
+	// UI indicates if Toolbox UI endpoints (/ui) are available.
 	UI bool
 	// Specifies a list of origins permitted to access this server.
 	AllowedOrigins []string
-	// Specifies a list of hosts permitted to access this server
+	// Specifies a list of hosts permitted to access this server.
 	AllowedHosts []string
+	// UserAgentExtra specifies additional metadata to append to the User-Agent string.
+	UserAgentExtra []string
 }
 
 type logFormat string
@@ -140,10 +141,6 @@ func (c *SourceConfigs) UnmarshalYAML(ctx context.Context, unmarshal func(interf
 	}
 
 	for name, u := range raw {
-		err := NameValidation(name)
-		if err != nil {
-			return err
-		}
 		// Unmarshal to a general type that ensure it capture all fields
 		var v map[string]any
 		if err := u.Unmarshal(&v); err != nil {
@@ -188,10 +185,6 @@ func (c *AuthServiceConfigs) UnmarshalYAML(ctx context.Context, unmarshal func(i
 	}
 
 	for name, u := range raw {
-		err := NameValidation(name)
-		if err != nil {
-			return err
-		}
 		var v map[string]any
 		if err := u.Unmarshal(&v); err != nil {
 			return fmt.Errorf("unable to unmarshal %q: %w", name, err)
@@ -235,10 +228,6 @@ func (c *EmbeddingModelConfigs) UnmarshalYAML(ctx context.Context, unmarshal fun
 	}
 
 	for name, u := range raw {
-		err := NameValidation(name)
-		if err != nil {
-			return err
-		}
 		// Unmarshal to a general type that ensure it capture all fields
 		var v map[string]any
 		if err := u.Unmarshal(&v); err != nil {
@@ -283,10 +272,6 @@ func (c *ToolConfigs) UnmarshalYAML(ctx context.Context, unmarshal func(interfac
 	}
 
 	for name, u := range raw {
-		err := NameValidation(name)
-		if err != nil {
-			return err
-		}
 		var v map[string]any
 		if err := u.Unmarshal(&v); err != nil {
 			return fmt.Errorf("unable to unmarshal %q: %w", name, err)
@@ -340,10 +325,6 @@ func (c *ToolsetConfigs) UnmarshalYAML(ctx context.Context, unmarshal func(inter
 	}
 
 	for name, toolList := range raw {
-		err := NameValidation(name)
-		if err != nil {
-			return err
-		}
 		(*c)[name] = tools.ToolsetConfig{Name: name, ToolNames: toolList}
 	}
 	return nil
@@ -363,10 +344,6 @@ func (c *PromptConfigs) UnmarshalYAML(ctx context.Context, unmarshal func(interf
 	}
 
 	for name, u := range raw {
-		err := NameValidation(name)
-		if err != nil {
-			return err
-		}
 		var v map[string]any
 		if err := u.Unmarshal(&v); err != nil {
 			return fmt.Errorf("unable to unmarshal prompt %q: %w", name, err)
@@ -414,31 +391,7 @@ func (c *PromptsetConfigs) UnmarshalYAML(ctx context.Context, unmarshal func(int
 	}
 
 	for name, promptList := range raw {
-		err := NameValidation(name)
-		if err != nil {
-			return err
-		}
 		(*c)[name] = prompts.PromptsetConfig{Name: name, PromptNames: promptList}
 	}
 	return nil
 }
-
-// Tools naming validation is added in the MCP v2025-11-25, but we'll be
-// implementing it across Toolbox
-// Tool names SHOULD be between 1 and 128 characters in length (inclusive).
-// Tool names SHOULD be considered case-sensitive.
-// The following SHOULD be the only allowed characters: uppercase and lowercase ASCII letters (A-Z, a-z), digits (0-9), underscore (_), hyphen (-), and dot (.)
-// Tool names SHOULD NOT contain spaces, commas, or other special characters.
-// Tool names SHOULD be unique within a server.
-func NameValidation(name string) error {
-	strLen := len(name)
-	if strLen < 1 || strLen > 128 {
-		return fmt.Errorf("resource name SHOULD be between 1 and 128 characters in length (inclusive)")
-	}
-	validChars := regexp.MustCompile("^[a-zA-Z0-9_.-]+$")
-	isValid := validChars.MatchString(name)
-	if !isValid {
-		return fmt.Errorf("invalid character for resource name; only uppercase and lowercase ASCII letters (A-Z, a-z), digits (0-9), underscore (_), hyphen (-), and dot (.) is allowed")
-	}
-	return nil
-}

internal/server/server.go

@@ -64,7 +64,11 @@ func InitializeConfigs(ctx context.Context, cfg ServerConfig) (
 	map[string]prompts.Promptset,
 	error,
 ) {
-	ctx = util.WithUserAgent(ctx, cfg.Version)
+	metadataStr := cfg.Version
+	if len(cfg.UserAgentExtra) > 0 {
+		metadataStr += "+" + strings.Join(cfg.UserAgentExtra, ".")
+	}
+	ctx = util.WithUserAgent(ctx, metadataStr)
 	instrumentation, err := util.InstrumentationFromContext(ctx)
 	if err != nil {
 		panic(err)

internal/server/server_test.go

@@ -200,62 +200,3 @@ func TestUpdateServer(t *testing.T) {
 		t.Errorf("error updating server, promptset (-want +got):\n%s", diff)
 	}
 }
-
-func TestNameValidation(t *testing.T) {
-	testCases := []struct {
-		desc         string
-		resourceName string
-		errStr       string
-	}{
-		{
-			desc:         "names with 0 length",
-			resourceName: "",
-			errStr:       "resource name SHOULD be between 1 and 128 characters in length (inclusive)",
-		},
-		{
-			desc:         "names with allowed length",
-			resourceName: "foo",
-		},
-		{
-			desc:         "names with 128 length",
-			resourceName: strings.Repeat("a", 128),
-		},
-		{
-			desc:         "names with more than 128 length",
-			resourceName: strings.Repeat("a", 129),
-			errStr:       "resource name SHOULD be between 1 and 128 characters in length (inclusive)",
-		},
-		{
-			desc:         "names with space",
-			resourceName: "foo bar",
-			errStr:       "invalid character for resource name; only uppercase and lowercase ASCII letters (A-Z, a-z), digits (0-9), underscore (_), hyphen (-), and dot (.) is allowed",
-		},
-		{
-			desc:         "names with commas",
-			resourceName: "foo,bar",
-			errStr:       "invalid character for resource name; only uppercase and lowercase ASCII letters (A-Z, a-z), digits (0-9), underscore (_), hyphen (-), and dot (.) is allowed",
-		},
-		{
-			desc:         "names with other special character",
-			resourceName: "foo!",
-			errStr:       "invalid character for resource name; only uppercase and lowercase ASCII letters (A-Z, a-z), digits (0-9), underscore (_), hyphen (-), and dot (.) is allowed",
-		},
-		{
-			desc:         "names with allowed special character",
-			resourceName: "foo_.-bar6",
-		},
-	}
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			err := server.NameValidation(tc.resourceName)
-			if err != nil {
-				if tc.errStr != err.Error() {
-					t.Fatalf("unexpected error: %s", err)
-				}
-			}
-			if err == nil && tc.errStr != "" {
-				t.Fatalf("expect error: %s", tc.errStr)
-			}
-		})
-	}
-}