@ai-sdk/mcp 0.0.18 → 0.0.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +19 -0
- package/dist/index.js +17 -8
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +17 -8
- package/dist/index.mjs.map +1 -1
- package/package.json +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,24 @@
|
|
|
1
1
|
# @ai-sdk/mcp
|
|
2
2
|
|
|
3
|
+
## 0.0.19
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- d872a7a: fix(mcp): lock first sse endpoint received via event
|
|
8
|
+
- f4cd468: fix(mcp): prevent prototype-named tools from bypassing the `schemas` allowlist
|
|
9
|
+
|
|
10
|
+
When using `client.tools({ schemas })` to expose only an explicitly allowed
|
|
11
|
+
subset of an MCP server's tools, the allowlist check used the `in` operator,
|
|
12
|
+
which also matches inherited `Object.prototype` properties. A server-advertised
|
|
13
|
+
tool named `constructor`, `toString`, `__proto__`, etc. would pass the check
|
|
14
|
+
even though the developer never defined it in `schemas`, and was then exposed to
|
|
15
|
+
the model and executable. The check now uses `Object.hasOwn`, so only
|
|
16
|
+
explicitly defined tools are returned.
|
|
17
|
+
|
|
18
|
+
- Updated dependencies [9f67efe]
|
|
19
|
+
- Updated dependencies [eea9166]
|
|
20
|
+
- @ai-sdk/provider-utils@3.0.26
|
|
21
|
+
|
|
3
22
|
## 0.0.18
|
|
4
23
|
|
|
5
24
|
### Patch Changes
|
package/dist/index.js
CHANGED
|
@@ -1118,7 +1118,7 @@ var SseMCPTransport = class {
|
|
|
1118
1118
|
const stream = response.body.pipeThrough(new TextDecoderStream()).pipeThrough(new import_provider_utils3.EventSourceParserStream());
|
|
1119
1119
|
const reader = stream.getReader();
|
|
1120
1120
|
const processEvents = async () => {
|
|
1121
|
-
var _a4, _b4, _c2;
|
|
1121
|
+
var _a4, _b4, _c2, _d2, _e2;
|
|
1122
1122
|
try {
|
|
1123
1123
|
while (true) {
|
|
1124
1124
|
const { done, value } = await reader.read();
|
|
@@ -1133,24 +1133,32 @@ var SseMCPTransport = class {
|
|
|
1133
1133
|
}
|
|
1134
1134
|
const { event, data } = value;
|
|
1135
1135
|
if (event === "endpoint") {
|
|
1136
|
-
|
|
1137
|
-
|
|
1136
|
+
if (this.endpoint) {
|
|
1137
|
+
continue;
|
|
1138
|
+
}
|
|
1139
|
+
const endpoint = new URL(data, this.url);
|
|
1140
|
+
if (endpoint.origin !== this.url.origin) {
|
|
1141
|
+
this.connected = false;
|
|
1142
|
+
this.endpoint = void 0;
|
|
1143
|
+
(_a4 = this.sseConnection) == null ? void 0 : _a4.close();
|
|
1144
|
+
(_b4 = this.abortController) == null ? void 0 : _b4.abort();
|
|
1138
1145
|
throw new MCPClientError({
|
|
1139
|
-
message: `MCP SSE Transport Error: Endpoint origin does not match connection origin: ${
|
|
1146
|
+
message: `MCP SSE Transport Error: Endpoint origin does not match connection origin: ${endpoint.origin}`
|
|
1140
1147
|
});
|
|
1141
1148
|
}
|
|
1149
|
+
this.endpoint = endpoint;
|
|
1142
1150
|
this.connected = true;
|
|
1143
1151
|
resolve();
|
|
1144
1152
|
} else if (event === "message") {
|
|
1145
1153
|
try {
|
|
1146
1154
|
const message = await parseJSONRPCMessage(data);
|
|
1147
|
-
(
|
|
1155
|
+
(_c2 = this.onmessage) == null ? void 0 : _c2.call(this, message);
|
|
1148
1156
|
} catch (error) {
|
|
1149
1157
|
const e = new MCPClientError({
|
|
1150
1158
|
message: "MCP SSE Transport Error: Failed to parse message",
|
|
1151
1159
|
cause: error
|
|
1152
1160
|
});
|
|
1153
|
-
(
|
|
1161
|
+
(_d2 = this.onerror) == null ? void 0 : _d2.call(this, e);
|
|
1154
1162
|
}
|
|
1155
1163
|
}
|
|
1156
1164
|
}
|
|
@@ -1158,7 +1166,7 @@ var SseMCPTransport = class {
|
|
|
1158
1166
|
if (error instanceof Error && error.name === "AbortError") {
|
|
1159
1167
|
return;
|
|
1160
1168
|
}
|
|
1161
|
-
(
|
|
1169
|
+
(_e2 = this.onerror) == null ? void 0 : _e2.call(this, error);
|
|
1162
1170
|
reject(error);
|
|
1163
1171
|
}
|
|
1164
1172
|
};
|
|
@@ -1180,6 +1188,7 @@ var SseMCPTransport = class {
|
|
|
1180
1188
|
async close() {
|
|
1181
1189
|
var _a3, _b3, _c;
|
|
1182
1190
|
this.connected = false;
|
|
1191
|
+
this.endpoint = void 0;
|
|
1183
1192
|
(_a3 = this.sseConnection) == null ? void 0 : _a3.close();
|
|
1184
1193
|
(_b3 = this.abortController) == null ? void 0 : _b3.abort();
|
|
1185
1194
|
(_c = this.onclose) == null ? void 0 : _c.call(this);
|
|
@@ -1863,7 +1872,7 @@ var DefaultMCPClient = class {
|
|
|
1863
1872
|
try {
|
|
1864
1873
|
const listToolsResult = await this.listTools();
|
|
1865
1874
|
for (const { name: name3, description, inputSchema } of listToolsResult.tools) {
|
|
1866
|
-
if (schemas !== "automatic" && !(name3
|
|
1875
|
+
if (schemas !== "automatic" && !Object.prototype.hasOwnProperty.call(schemas, name3)) {
|
|
1867
1876
|
continue;
|
|
1868
1877
|
}
|
|
1869
1878
|
const self = this;
|