@ai-sdk/devtools 0.0.18 → 0.0.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -2,7 +2,6 @@
2
2
  import { serve } from "@hono/node-server";
3
3
  import { serveStatic } from "@hono/node-server/serve-static";
4
4
  import { Hono } from "hono";
5
- import { cors } from "hono/cors";
6
5
  import { streamSSE } from "hono/streaming";
7
6
  import path2 from "path";
8
7
  import fs2 from "fs";
@@ -120,8 +119,32 @@ var devEnv = process.env.AI_SDK_DEVTOOLS_DEV;
120
119
  var isDevMode = devEnv !== void 0 && devEnv !== "false" && devEnv !== "0";
121
120
  var projectRoot = path2.resolve(__dirname, "../..");
122
121
  var clientDir = path2.join(projectRoot, "dist/client");
122
+ var viewerPort = 4983;
123
123
  var app = new Hono();
124
- app.use("/*", cors());
124
+ var getAllowedHosts = () => /* @__PURE__ */ new Set([
125
+ `localhost:${viewerPort}`,
126
+ `127.0.0.1:${viewerPort}`,
127
+ `[::1]:${viewerPort}`
128
+ ]);
129
+ var getAllowedOrigins = () => /* @__PURE__ */ new Set([
130
+ `http://localhost:${viewerPort}`,
131
+ `http://127.0.0.1:${viewerPort}`,
132
+ `http://[::1]:${viewerPort}`,
133
+ "http://localhost:5173",
134
+ "http://127.0.0.1:5173",
135
+ "http://[::1]:5173"
136
+ ]);
137
+ app.use("/api/*", async (c, next) => {
138
+ const host = c.req.header("host");
139
+ if (!host || !getAllowedHosts().has(host)) {
140
+ return c.text("Forbidden", 403);
141
+ }
142
+ const origin = c.req.header("origin");
143
+ if (origin && !getAllowedOrigins().has(origin)) {
144
+ return c.text("Forbidden", 403);
145
+ }
146
+ await next();
147
+ });
125
148
  app.get("/api/runs", async (c) => {
126
149
  const runs = await getRuns();
127
150
  const runsWithMeta = await Promise.all(
@@ -269,10 +292,12 @@ app.get("*", async (c) => {
269
292
  }
270
293
  });
271
294
  var startViewer = (port = 4983) => {
295
+ viewerPort = port;
272
296
  const server = serve(
273
297
  {
274
298
  fetch: app.fetch,
275
- port
299
+ port,
300
+ hostname: "localhost"
276
301
  },
277
302
  () => {
278
303
  if (isDevMode) {
@@ -309,5 +334,6 @@ if (isDirectRun) {
309
334
  startViewer(port);
310
335
  }
311
336
  export {
337
+ app,
312
338
  startViewer
313
339
  };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@ai-sdk/devtools",
3
- "version": "0.0.18",
3
+ "version": "0.0.20",
4
4
  "type": "module",
5
5
  "main": "./dist/index.js",
6
6
  "module": "./dist/index.js",
@@ -26,7 +26,7 @@
26
26
  ],
27
27
  "dependencies": {
28
28
  "@hono/node-server": "^1.13.7",
29
- "hono": "^4.6.14",
29
+ "hono": "^4.12.25",
30
30
  "@ai-sdk/provider": "3.0.10"
31
31
  },
32
32
  "devDependencies": {
@@ -55,7 +55,7 @@
55
55
  "vaul": "^1.1.2",
56
56
  "vite": "^6.0.3",
57
57
  "zod": "3.25.76",
58
- "ai": "6.0.182"
58
+ "ai": "6.0.207"
59
59
  },
60
60
  "homepage": "https://ai-sdk.dev/docs",
61
61
  "repository": {
@@ -1,7 +1,6 @@
1
1
  import { serve } from '@hono/node-server';
2
2
  import { serveStatic } from '@hono/node-server/serve-static';
3
3
  import { Hono } from 'hono';
4
- import { cors } from 'hono/cors';
5
4
  import { streamSSE } from 'hono/streaming';
6
5
  import path from 'path';
7
6
  import fs from 'fs';
@@ -53,10 +52,40 @@ const projectRoot = path.resolve(__dirname, '../..');
53
52
  // Client directory: dist/client in both cases
54
53
  const clientDir = path.join(projectRoot, 'dist/client');
55
54
 
56
- const app = new Hono();
55
+ let viewerPort = 4983;
57
56
 
58
- // Enable CORS for development
59
- app.use('/*', cors());
57
+ export const app = new Hono();
58
+
59
+ const getAllowedHosts = () =>
60
+ new Set([
61
+ `localhost:${viewerPort}`,
62
+ `127.0.0.1:${viewerPort}`,
63
+ `[::1]:${viewerPort}`,
64
+ ]);
65
+
66
+ const getAllowedOrigins = () =>
67
+ new Set([
68
+ `http://localhost:${viewerPort}`,
69
+ `http://127.0.0.1:${viewerPort}`,
70
+ `http://[::1]:${viewerPort}`,
71
+ 'http://localhost:5173',
72
+ 'http://127.0.0.1:5173',
73
+ 'http://[::1]:5173',
74
+ ]);
75
+
76
+ app.use('/api/*', async (c, next) => {
77
+ const host = c.req.header('host');
78
+ if (!host || !getAllowedHosts().has(host)) {
79
+ return c.text('Forbidden', 403);
80
+ }
81
+
82
+ const origin = c.req.header('origin');
83
+ if (origin && !getAllowedOrigins().has(origin)) {
84
+ return c.text('Forbidden', 403);
85
+ }
86
+
87
+ await next();
88
+ });
60
89
 
61
90
  // API Routes
62
91
  app.get('/api/runs', async c => {
@@ -244,10 +273,13 @@ app.get('*', async c => {
244
273
  });
245
274
 
246
275
  export const startViewer = (port = 4983) => {
276
+ viewerPort = port;
277
+
247
278
  const server = serve(
248
279
  {
249
280
  fetch: app.fetch,
250
281
  port,
282
+ hostname: 'localhost',
251
283
  },
252
284
  () => {
253
285
  if (isDevMode) {