[BUG] [v0.0.7] mcp add allows newline in command args, corrupting config.toml

[EnthusiasticTech]

Project

cortex

Description

cortex mcp add allows newline characters in stdio command arguments. These newlines are written into config.toml without escaping, which corrupts the TOML and breaks subsequent MCP operations.

Reference: cortex-cli/src/mcp_cmd/validation.rs validate_command_args only checks for null bytes, not control characters/newlines. handlers.rs writes args with only backslash/quote escaping.

Error Message

After writing config, later commands such as cortex mcp list or cortex mcp get <name> fail to parse config.toml.

Debug Logs

N/A

System Information

Bounty Version: 0.1.0
OS: Ubuntu 24.04 LTS
CPU: AMD EPYC-Genoa Processor (8 cores)
RAM: 15 GB

Screenshots

No response

Steps to Reproduce

1. Run:

   cortex mcp add newline-test -- printf $'hello\nworld'

2. Inspect ~/.cortex/config.toml and observe the args = ["hello line is split by a literal newline.
3. Run: cortex mcp list (or any command that reads the config).
4. Observe a TOML parse error.

Expected Behavior

Newlines in command arguments should be rejected or safely escaped so the config remains valid.

Actual Behavior

Newlines are accepted and written directly into TOML, corrupting the config.

Additional Context

This is similar to the existing newline handling issue for env values, but affects command arguments.

[hechibing]

I’d like to work on this bounty.

[hechibing]

Implemented fix in Cortex repo and opened PR: CortexLM/cortex#146

What changed:

• reject control characters (including newline/carriage return) in validate_command_args
• add regression tests for newline and carriage return arguments

Validation run:

• cargo check -p cortex-cli
• cargo test -p cortex-cli test_validate_command_args -- --nocapture