fix(output-binary): resolve all verify WARN findings

Security: escape $tokenFlag and SchemaPath in templates.
Wiring: add enum constraint to output.format in JSON Schema.
Tests: strengthen panic tests with value assertions, verify
intermediate YAML keys in round-trips, harden whitespace mimeType
assertion, add null to schema rejection table, require os.Stdout.Stat()
specifically, verify comment context for string schemas, and replace
fragile string-index return block isolation with line-based parsing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: MacAttak

internal/codegen/cli_go.go

@@ -725,7 +725,7 @@ func init() {
 	{{$goName}}Cmd.Flags().StringVar(&{{$goName}}FlagOutput, "output", "", "Output file path for binary data")
 {{- end}}
 {{- if $hasAuth}}
-	{{$goName}}Cmd.Flags().StringVar(&{{$goName}}Token, "{{$tokenFlag}}", "", "Auth token (overrides {{$tokenEnv | esc}} env var)")
+	{{$goName}}Cmd.Flags().StringVar(&{{$goName}}Token, "{{$tokenFlag | esc}}", "", "Auth token (overrides {{$tokenEnv | esc}} env var)")
 {{- end}}
 	rootCmd.AddCommand({{$goName}}Cmd)
 }
@@ -833,7 +833,7 @@ var {{.GoName}}Cmd = &cobra.Command{
 			token = os.Getenv("{{$tokenEnv | esc}}")
 		}
 		if token == "" {
-			return fmt.Errorf("auth required: set {{$tokenEnv | esc}} or pass --{{$tokenFlag}}")
+			return fmt.Errorf("auth required: set {{$tokenEnv | esc}} or pass --{{$tokenFlag | esc}}")
 		}
 		_ = token // passed to the entrypoint via environment
 {{- end}}

internal/codegen/cli_go_output_test.go

@@ -252,10 +252,8 @@ func TestGoCLI_BinaryOutput_TTYDetection_HasStatCall(t *testing.T) {
 	files := generateCLI(t, manifestBinaryTool())
 	content := fileContent(t, files, "internal/commands/screenshot.go")
 
-	assert.True(t,
-		strings.Contains(content, "os.Stdout.Stat()") ||
-			strings.Contains(content, "Stat()"),
-		"binary tool RunE must call os.Stdout.Stat() for TTY detection")
+	assert.Contains(t, content, "os.Stdout.Stat()",
+		"binary tool RunE must call os.Stdout.Stat() specifically for TTY detection")
 }
 
 func TestGoCLI_BinaryOutput_TTYDetection_ChecksModeCharDevice(t *testing.T) {

internal/codegen/mcp_typescript.go

@@ -577,7 +577,7 @@ import { validateRequest } from "../auth/middleware.js";
 // Tool: {{.ToolName}}
 // Description: {{.Description}}
 {{- if .SchemaPath}}
-// Output schema: {{.SchemaPath}} (resolved at build time)
+// Output schema: {{.SchemaPath | esc}} (resolved at build time)
 {{- end}}
 
 // Input schema for {{.ToolName}}

internal/codegen/mcp_typescript_output_test.go

@@ -239,8 +239,8 @@ func TestTSMCP_OutputSchema_StringSchemaEmitsComment(t *testing.T) {
 	files := generateTSMCP(t, m)
 	content := fileContent(t, files, "src/tools/get_data.ts")
 
-	assert.Contains(t, content, "schemas/output.json",
-		"string schema path must appear in generated code (as a comment)")
+	assert.Contains(t, content, "// Output schema: schemas/output.json",
+		"string schema path must appear inside a // comment line")
 }
 
 func TestTSMCP_OutputSchema_StringSchemaDoesNotEmitInlineOutputSchema(t *testing.T) {
@@ -376,26 +376,36 @@ func TestTSMCP_BinaryOutput_DoesNotReturnTextType(t *testing.T) {
 	files := generateTSMCP(t, m)
 	content := fileContent(t, files, "src/tools/screenshot.ts")
 
-	// The handler function body is between handle_screenshot and the export.
-	// We need to check the handler's return, not the entire file.
+	// Isolate the handler function body (from handle_screenshot to the next
+	// top-level function declaration or export). This is more robust than
+	// trying to find "return {" and guessing closing braces.
 	handlerIdx := strings.Index(content, "handle_screenshot")
 	require.Greater(t, handlerIdx, 0, "handle_screenshot must exist")
 	afterHandler := content[handlerIdx:]
 
-	// Look for the return statement area. A binary tool must NOT have
-	// { type: "text", text: "..." } as its return.
-	// Allow "text" in comments or descriptions, but NOT in the return content array.
-	returnIdx := strings.Index(afterHandler, "return {")
-	require.Greater(t, returnIdx, 0, "handler must have a return statement")
-	returnBlock := afterHandler[returnIdx:]
-	// Take just the return block (up to the next function or end of handler)
-	endIdx := strings.Index(returnBlock, "}\n}")
-	if endIdx > 0 {
-		returnBlock = returnBlock[:endIdx+3]
+	// The handler ends at the next top-level declaration (export/function/const at col 0).
+	// Split into lines and collect until we hit a line starting with a
+	// top-level keyword after the handler signature.
+	lines := strings.Split(afterHandler, "\n")
+	var handlerLines []string
+	started := false
+	for _, line := range lines {
+		if !started {
+			started = true
+			handlerLines = append(handlerLines, line)
+			continue
+		}
+		// Stop at next top-level declaration
+		trimmed := strings.TrimSpace(line)
+		if strings.HasPrefix(trimmed, "export ") || strings.HasPrefix(trimmed, "/**") {
+			break
+		}
+		handlerLines = append(handlerLines, line)
 	}
 
-	assert.NotContains(t, returnBlock, `type: "text"`,
-		"binary tool return block must NOT contain type: \"text\"")
+	handlerBody := strings.Join(handlerLines, "\n")
+	assert.NotContains(t, handlerBody, `type: "text"`,
+		"binary tool handler must NOT contain type: \"text\"")
 }
 
 func TestTSMCP_BinaryOutput_IncludesBase64Encoding(t *testing.T) {

internal/manifest/types_output_test.go

@@ -752,7 +752,12 @@ func TestOutput_RoundTrip_AllFields(t *testing.T) {
 	marshalled, err := yaml.Marshal(original)
 	require.NoError(t, err)
 
-	roundTripped, err := Parse(strings.NewReader(string(marshalled)))
+	yamlStr := string(marshalled)
+	assert.Contains(t, yamlStr, "schema:", "intermediate YAML must contain schema key")
+	assert.Contains(t, yamlStr, "mimeType:", "intermediate YAML must contain mimeType key")
+	assert.Contains(t, yamlStr, "format:", "intermediate YAML must contain format key")
+
+	roundTripped, err := Parse(strings.NewReader(yamlStr))
 	require.NoError(t, err)
 
 	if diff := cmp.Diff(original, roundTripped); diff != "" {
@@ -779,7 +784,12 @@ func TestOutput_RoundTrip_InlineSchemaWithMimeType(t *testing.T) {
 	marshalled, err := yaml.Marshal(original)
 	require.NoError(t, err)
 
-	roundTripped, err := Parse(strings.NewReader(string(marshalled)))
+	yamlStr := string(marshalled)
+	assert.Contains(t, yamlStr, "schema:", "intermediate YAML must contain schema key")
+	assert.Contains(t, yamlStr, "mimeType:", "intermediate YAML must contain mimeType key")
+	assert.Contains(t, yamlStr, "type: object", "intermediate YAML must contain inline schema type")
+
+	roundTripped, err := Parse(strings.NewReader(yamlStr))
 	require.NoError(t, err)
 
 	if diff := cmp.Diff(original, roundTripped); diff != "" {
@@ -1250,16 +1260,24 @@ func TestOutput_Schema_IntegerValueDoesNotPanic(t *testing.T) {
       format: json
       schema: 42
 `
-	// This should not panic. Whether it parses successfully or errors is
-	// implementation-dependent, but it must not crash.
+	// Must not panic. Parse may succeed (storing int in any) or error —
+	// either is acceptable, but we assert the outcome explicitly.
+	var parsed *Toolkit
+	var parseErr error
 	func() {
 		defer func() {
 			if r := recover(); r != nil {
-				t.Errorf("Parse panicked on integer schema: %v", r)
+				t.Fatalf("Parse panicked on integer schema: %v", r)
 			}
 		}()
-		_, _ = Parse(strings.NewReader(input))
+		parsed, parseErr = Parse(strings.NewReader(input))
 	}()
+	if parseErr != nil {
+		return // error is an acceptable outcome
+	}
+	require.Len(t, parsed.Tools, 1)
+	assert.Equal(t, 42, parsed.Tools[0].Output.Schema,
+		"integer schema should be stored as-is in the any field")
 }
 
 func TestOutput_Schema_BooleanValueDoesNotPanic(t *testing.T) {
@@ -1270,14 +1288,22 @@ func TestOutput_Schema_BooleanValueDoesNotPanic(t *testing.T) {
       format: json
       schema: true
 `
+	var parsed *Toolkit
+	var parseErr error
 	func() {
 		defer func() {
 			if r := recover(); r != nil {
-				t.Errorf("Parse panicked on boolean schema: %v", r)
+				t.Fatalf("Parse panicked on boolean schema: %v", r)
 			}
 		}()
-		_, _ = Parse(strings.NewReader(input))
+		parsed, parseErr = Parse(strings.NewReader(input))
 	}()
+	if parseErr != nil {
+		return
+	}
+	require.Len(t, parsed.Tools, 1)
+	assert.Equal(t, true, parsed.Tools[0].Output.Schema,
+		"boolean schema should be stored as-is in the any field")
 }
 
 func TestOutput_Schema_ArrayValueDoesNotPanic(t *testing.T) {
@@ -1290,12 +1316,20 @@ func TestOutput_Schema_ArrayValueDoesNotPanic(t *testing.T) {
         - item1
         - item2
 `
+	var parsed *Toolkit
+	var parseErr error
 	func() {
 		defer func() {
 			if r := recover(); r != nil {
-				t.Errorf("Parse panicked on array schema: %v", r)
+				t.Fatalf("Parse panicked on array schema: %v", r)
 			}
 		}()
-		_, _ = Parse(strings.NewReader(input))
+		parsed, parseErr = Parse(strings.NewReader(input))
 	}()
+	if parseErr != nil {
+		return
+	}
+	require.Len(t, parsed.Tools, 1)
+	assert.IsType(t, []any{}, parsed.Tools[0].Output.Schema,
+		"array schema should be stored as []any in the any field")
 }

internal/manifest/validate_output_test.go

@@ -921,25 +921,17 @@ func TestValidateOutput_MultipleTools_ErrorReferencesCorrectIndex(t *testing.T)
 // ---------------------------------------------------------------------------
 
 func TestValidateOutput_BinaryWithWhitespaceMimeType(t *testing.T) {
-	// A mimeType that is only whitespace should be treated as empty/missing.
-	// This catches implementations that only check `mimeType == ""` without
-	// trimming. Note: this depends on whether the implementation trims.
-	// If the implementation does NOT trim, this test documents that "   " is
-	// accepted (and the test should be adjusted). Either way, the test forces
-	// a conscious decision.
+	// A mimeType that is only whitespace must be treated as empty/missing.
+	// The implementation uses strings.TrimSpace, so "   " is rejected.
 	tk := validToolkitWithOutput(Output{
 		Format:   "binary",
 		MimeType: "   ",
 	})
 
 	errs := Validate(tk)
-	// We check for the error — a robust implementation should reject whitespace-only.
 	ve := findErrorByRule(errs, "binary-requires-mimetype")
-	// If this assertion fails, it means whitespace-only mimeType is accepted.
-	// Adjust the test if that is the intended behavior.
-	if ve != nil {
-		assert.Equal(t, SeverityError, ve.Severity,
-			"Whitespace-only mimeType should be rejected as missing")
-	}
-	// At minimum, we ensure no panic or unexpected error type.
+	require.NotNil(t, ve,
+		"whitespace-only mimeType must trigger binary-requires-mimetype")
+	assert.Equal(t, SeverityError, ve.Severity,
+		"whitespace-only mimeType should be rejected as missing")
 }

schema_output_test.go

@@ -486,6 +486,7 @@ func TestSchemaOutput_OutputAsNonObject_Fails(t *testing.T) {
 		{name: "number", value: `42`},
 		{name: "array", value: `["json"]`},
 		{name: "boolean", value: `true`},
+		{name: "null", value: `null`},
 	}
 	for _, tc := range wrongTypes {
 		t.Run(tc.name, func(t *testing.T) {

schemas/toolwright.schema.json

@@ -91,7 +91,7 @@
           "output": {
             "type": "object",
             "properties": {
-              "format": { "type": "string" },
+              "format": { "type": "string", "enum": ["json", "text", "binary"] },
               "schema": {
                 "oneOf": [
                   { "type": "string" },