npm - @ai-sdk/mcp - Versions diffs - 1.0.47 → 1.0.48 - Mend

@ai-sdk/mcp 1.0.47 → 1.0.48

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/CHANGELOG.md +9 -0
package/dist/index.d.mts +9 -0
package/dist/index.d.ts +9 -0
package/dist/index.js +18 -3
package/dist/index.js.map +1 -1
package/dist/index.mjs +18 -3
package/dist/index.mjs.map +1 -1
package/dist/mcp-stdio/index.d.mts +4 -0
package/dist/mcp-stdio/index.d.ts +4 -0
package/package.json +4 -4
package/src/tool/mcp-client.ts +5 -1
package/src/tool/mcp-http-transport.ts +4 -0
package/src/tool/mcp-sse-transport.ts +4 -0
package/src/tool/mcp-transport.ts +5 -0
package/src/tool/oauth.ts +14 -0

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,14 @@
 # @ai-sdk/mcp
+## 1.0.48
+### Patch Changes
+- 26d93a4: fix(mcp): add optional hook to validate authorization servers
+- 3c9ad04: fix(mcp): support official sdk protocol version negotiation
+- Updated dependencies [942f2f8]
+  - @ai-sdk/provider-utils@4.0.28
 ## 1.0.47
 ### Patch Changes

package/dist/index.d.mts CHANGED Viewed

@@ -191,6 +191,11 @@ interface OAuthClientProvider {
     saveClientInformation?(clientInformation: OAuthClientInformation): void | Promise<void>;
     authorizationServerInformation?(): OAuthAuthorizationServerInformation | undefined | Promise<OAuthAuthorizationServerInformation | undefined>;
     saveAuthorizationServerInformation?(authorizationServerInformation: OAuthAuthorizationServerInformation): void | Promise<void>;
+    /**
+     * Validates an authorization server URL discovered from MCP protected resource
+     * metadata before the client fetches its OAuth metadata.
+     */
+    validateAuthorizationServerURL?(serverUrl: string | URL, authorizationServerUrl: string | URL): void | Promise<void>;
     state?(): string | Promise<string>;
     saveState?(state: string): void | Promise<void>;
     storedState?(): string | undefined | Promise<string | undefined>;
@@ -242,6 +247,10 @@ interface MCPTransport {
      * The protocol version negotiated during initialization.
      */
     protocolVersion?: string;
+    /**
+     * Set the protocol version negotiated during initialization.
+     */
+    setProtocolVersion?(version: string): void;
 }
 type MCPTransportConfig = {
     type: 'sse' | 'http';

package/dist/index.d.ts CHANGED Viewed

@@ -191,6 +191,11 @@ interface OAuthClientProvider {
     saveClientInformation?(clientInformation: OAuthClientInformation): void | Promise<void>;
     authorizationServerInformation?(): OAuthAuthorizationServerInformation | undefined | Promise<OAuthAuthorizationServerInformation | undefined>;
     saveAuthorizationServerInformation?(authorizationServerInformation: OAuthAuthorizationServerInformation): void | Promise<void>;
+    /**
+     * Validates an authorization server URL discovered from MCP protected resource
+     * metadata before the client fetches its OAuth metadata.
+     */
+    validateAuthorizationServerURL?(serverUrl: string | URL, authorizationServerUrl: string | URL): void | Promise<void>;
     state?(): string | Promise<string>;
     saveState?(state: string): void | Promise<void>;
     storedState?(): string | undefined | Promise<string | undefined>;
@@ -242,6 +247,10 @@ interface MCPTransport {
      * The protocol version negotiated during initialization.
      */
     protocolVersion?: string;
+    /**
+     * Set the protocol version negotiated during initialization.
+     */
+    setProtocolVersion?(version: string): void;
 }
 type MCPTransportConfig = {
     type: 'sse' | 'http';

package/dist/index.js CHANGED Viewed

@@ -1105,7 +1105,7 @@ async function authInternal(provider, {
   resourceMetadataUrl,
   fetchFn
 }) {
-  var _a3;
+  var _a3, _b3;
   let resourceMetadata;
   let authorizationServerUrl;
   assertResourceMetadataUrlSameOrigin(serverUrl, resourceMetadataUrl);
@@ -1128,6 +1128,11 @@ async function authInternal(provider, {
     provider,
     resourceMetadata
   );
+  await ((_a3 = provider.validateAuthorizationServerURL) == null ? void 0 : _a3.call(
+    provider,
+    serverUrl,
+    authorizationServerUrl
+  ));
   const metadata = await discoverAuthorizationServerMetadata(
     authorizationServerUrl,
     {
@@ -1212,7 +1217,7 @@ async function authInternal(provider, {
         currentAuthorizationServerInformation
       });
     } else {
-      await ((_a3 = provider.invalidateCredentials) == null ? void 0 : _a3.call(provider, "tokens"));
+      await ((_b3 = provider.invalidateCredentials) == null ? void 0 : _b3.call(provider, "tokens"));
     }
     try {
       if (storedAuthorizationServerInformation) {
@@ -1288,6 +1293,9 @@ var SseMCPTransport = class {
     this.redirectMode = redirect;
     this.fetchFn = fetchFn != null ? fetchFn : globalThis.fetch;
   }
+  setProtocolVersion(version) {
+    this.protocolVersion = version;
+  }
   async commonHeaders(base) {
     var _a3;
     const headers = {
@@ -1503,6 +1511,9 @@ var HttpMCPTransport = class {
     this.redirectMode = redirect;
     this.fetchFn = fetchFn != null ? fetchFn : globalThis.fetch;
   }
+  setProtocolVersion(version) {
+    this.protocolVersion = version;
+  }
   async commonHeaders(base) {
     var _a3;
     const headers = {
@@ -1946,8 +1957,12 @@ var DefaultMCPClient = class {
       }
       this.serverCapabilities = result.capabilities;
       this._serverInfo = result.serverInfo;
+      if (this.transport.setProtocolVersion) {
+        this.transport.setProtocolVersion(result.protocolVersion);
+      } else {
+        this.transport.protocolVersion = result.protocolVersion;
+      }
       this._serverInstructions = result.instructions;
-      this.transport.protocolVersion = result.protocolVersion;
       await this.notification({
         method: "notifications/initialized"
       });