Headless `claude -p` returns 400 when a connector tool has a top-level anyOf/oneOf/allOf in input_schema

Resolved 💬 0 comments Opened May 31, 2026 by p-romeo Closed Jun 2, 2026

Summary

A claude.ai account connector ("Taskrabbit Booking Assistance") publishes tool schemas with a top-level anyOf in input_schema. When the Claude Code CLI runs headless (claude -p) with tools enabled, it eagerly sends the full connector tool list to the Messages API, which rejects the entire request:

API Error: 400 tools.<n>.custom.input_schema: input_schema does not support oneOf, allOf, or anyOf at the top level

Impact

One malformed connector breaks every headless MCP-enabled request, not just calls to that connector. It is intermittent: the failing tool index moves (observed 167–173) because connector load order races, so the error points at a different index each run, which makes it hard to diagnose.

Interactive Claude Code is unaffected because it lazy-loads/defers MCP tools, so the malformed schema is only sent if the tool is actually invoked. The eager headless path has no such protection.

Offending tools (captured from the CLI's outgoing request)

  • mcp__claude_ai_Taskrabbit_Booking_Assistance__check_service_availability
  • mcp__claude_ai_Taskrabbit_Booking_Assistance__list_supported_services

Both have an input_schema whose top level is {"anyOf": [...]} instead of {"type": "object", ...}.

Repro

  1. Enable the "Taskrabbit Booking Assistance" connector on the account.
  2. Run: echo "hi" | claude -p --tools Read,Grep,Glob
  3. Intermittently returns 400 ... input_schema does not support oneOf, allOf, or anyOf at the top level.

(After removing the connector, 3/3 of the same headless calls succeed.)

Suggested fixes (either or both)

  1. Validate/sanitize connector tool schemas at registration in the connectors gateway: reject or wrap a top-level anyOf/oneOf/allOf (e.g. wrap as {"type":"object","properties":{...}}, or drop the tool) so a single bad connector cannot poison every request.
  2. Make the CLI's headless path defensive: skip or sanitize tools with invalid schemas before sending and surface a warning, rather than letting the whole request 400.

Environment

Claude Code CLI on Linux (WSL2); account-level claude.ai connectors.

View original on GitHub ↗