@ai-sdk/mcp 1.0.47 → 1.0.49

package/CHANGELOG.md

@@ -1,5 +1,33 @@
 # @ai-sdk/mcp
 
+## 1.0.49
+
+### Patch Changes
+
+- 3e8d9ba: fix(mcp): lock first sse endpoint received via event
+- 4fa7354: fix(mcp): prevent prototype-named tools from bypassing the `schemas` allowlist
+
+  When using `client.tools({ schemas })` to expose only an explicitly allowed
+  subset of an MCP server's tools, the allowlist check used the `in` operator,
+  which also matches inherited `Object.prototype` properties. A server-advertised
+  tool named `constructor`, `toString`, `__proto__`, etc. would pass the check
+  even though the developer never defined it in `schemas`, and was then exposed to
+  the model and executable. The check now uses `Object.hasOwn`, so only
+  explicitly defined tools are returned.
+
+- Updated dependencies [bfa5864]
+- Updated dependencies [f42aa79]
+  - @ai-sdk/provider-utils@4.0.29
+
+## 1.0.48
+
+### Patch Changes
+
+- 26d93a4: fix(mcp): add optional hook to validate authorization servers
+- 3c9ad04: fix(mcp): support official sdk protocol version negotiation
+- Updated dependencies [942f2f8]
+  - @ai-sdk/provider-utils@4.0.28
+
 ## 1.0.47
 
 ### Patch Changes

package/dist/index.d.mts

@@ -191,6 +191,11 @@ interface OAuthClientProvider {
     saveClientInformation?(clientInformation: OAuthClientInformation): void | Promise<void>;
     authorizationServerInformation?(): OAuthAuthorizationServerInformation | undefined | Promise<OAuthAuthorizationServerInformation | undefined>;
     saveAuthorizationServerInformation?(authorizationServerInformation: OAuthAuthorizationServerInformation): void | Promise<void>;
+    /**
+     * Validates an authorization server URL discovered from MCP protected resource
+     * metadata before the client fetches its OAuth metadata.
+     */
+    validateAuthorizationServerURL?(serverUrl: string | URL, authorizationServerUrl: string | URL): void | Promise<void>;
     state?(): string | Promise<string>;
     saveState?(state: string): void | Promise<void>;
     storedState?(): string | undefined | Promise<string | undefined>;
@@ -242,6 +247,10 @@ interface MCPTransport {
      * The protocol version negotiated during initialization.
      */
     protocolVersion?: string;
+    /**
+     * Set the protocol version negotiated during initialization.
+     */
+    setProtocolVersion?(version: string): void;
 }
 type MCPTransportConfig = {
     type: 'sse' | 'http';

package/dist/index.d.ts

@@ -191,6 +191,11 @@ interface OAuthClientProvider {
     saveClientInformation?(clientInformation: OAuthClientInformation): void | Promise<void>;
     authorizationServerInformation?(): OAuthAuthorizationServerInformation | undefined | Promise<OAuthAuthorizationServerInformation | undefined>;
     saveAuthorizationServerInformation?(authorizationServerInformation: OAuthAuthorizationServerInformation): void | Promise<void>;
+    /**
+     * Validates an authorization server URL discovered from MCP protected resource
+     * metadata before the client fetches its OAuth metadata.
+     */
+    validateAuthorizationServerURL?(serverUrl: string | URL, authorizationServerUrl: string | URL): void | Promise<void>;
     state?(): string | Promise<string>;
     saveState?(state: string): void | Promise<void>;
     storedState?(): string | undefined | Promise<string | undefined>;
@@ -242,6 +247,10 @@ interface MCPTransport {
      * The protocol version negotiated during initialization.
      */
     protocolVersion?: string;
+    /**
+     * Set the protocol version negotiated during initialization.
+     */
+    setProtocolVersion?(version: string): void;
 }
 type MCPTransportConfig = {
     type: 'sse' | 'http';

package/dist/index.js

@@ -1105,7 +1105,7 @@ async function authInternal(provider, {
   resourceMetadataUrl,
   fetchFn
 }) {
-  var _a3;
+  var _a3, _b3;
   let resourceMetadata;
   let authorizationServerUrl;
   assertResourceMetadataUrlSameOrigin(serverUrl, resourceMetadataUrl);
@@ -1128,6 +1128,11 @@ async function authInternal(provider, {
     provider,
     resourceMetadata
   );
+  await ((_a3 = provider.validateAuthorizationServerURL) == null ? void 0 : _a3.call(
+    provider,
+    serverUrl,
+    authorizationServerUrl
+  ));
   const metadata = await discoverAuthorizationServerMetadata(
     authorizationServerUrl,
     {
@@ -1212,7 +1217,7 @@ async function authInternal(provider, {
         currentAuthorizationServerInformation
       });
     } else {
-      await ((_a3 = provider.invalidateCredentials) == null ? void 0 : _a3.call(provider, "tokens"));
+      await ((_b3 = provider.invalidateCredentials) == null ? void 0 : _b3.call(provider, "tokens"));
     }
     try {
       if (storedAuthorizationServerInformation) {
@@ -1288,6 +1293,9 @@ var SseMCPTransport = class {
     this.redirectMode = redirect;
     this.fetchFn = fetchFn != null ? fetchFn : globalThis.fetch;
   }
+  setProtocolVersion(version) {
+    this.protocolVersion = version;
+  }
   async commonHeaders(base) {
     var _a3;
     const headers = {
@@ -1357,7 +1365,7 @@ var SseMCPTransport = class {
           const stream = response.body.pipeThrough(new TextDecoderStream()).pipeThrough(new import_provider_utils3.EventSourceParserStream());
           const reader = stream.getReader();
           const processEvents = async () => {
-            var _a4, _b4, _c2;
+            var _a4, _b4, _c2, _d2, _e2;
             try {
               while (true) {
                 const { done, value } = await reader.read();
@@ -1372,24 +1380,32 @@ var SseMCPTransport = class {
                 }
                 const { event, data } = value;
                 if (event === "endpoint") {
-                  this.endpoint = new URL(data, this.url);
-                  if (this.endpoint.origin !== this.url.origin) {
+                  if (this.endpoint) {
+                    continue;
+                  }
+                  const endpoint = new URL(data, this.url);
+                  if (endpoint.origin !== this.url.origin) {
+                    this.connected = false;
+                    this.endpoint = void 0;
+                    (_a4 = this.sseConnection) == null ? void 0 : _a4.close();
+                    (_b4 = this.abortController) == null ? void 0 : _b4.abort();
                     throw new MCPClientError({
-                      message: `MCP SSE Transport Error: Endpoint origin does not match connection origin: ${this.endpoint.origin}`
+                      message: `MCP SSE Transport Error: Endpoint origin does not match connection origin: ${endpoint.origin}`
                     });
                   }
+                  this.endpoint = endpoint;
                   this.connected = true;
                   resolve();
                 } else if (event === "message") {
                   try {
                     const message = await parseJSONRPCMessage(data);
-                    (_a4 = this.onmessage) == null ? void 0 : _a4.call(this, message);
+                    (_c2 = this.onmessage) == null ? void 0 : _c2.call(this, message);
                   } catch (error) {
                     const e = new MCPClientError({
                       message: "MCP SSE Transport Error: Failed to parse message",
                       cause: error
                     });
-                    (_b4 = this.onerror) == null ? void 0 : _b4.call(this, e);
+                    (_d2 = this.onerror) == null ? void 0 : _d2.call(this, e);
                   }
                 }
               }
@@ -1397,7 +1413,7 @@ var SseMCPTransport = class {
               if (error instanceof Error && error.name === "AbortError") {
                 return;
               }
-              (_c2 = this.onerror) == null ? void 0 : _c2.call(this, error);
+              (_e2 = this.onerror) == null ? void 0 : _e2.call(this, error);
               reject(error);
             }
           };
@@ -1419,6 +1435,7 @@ var SseMCPTransport = class {
   async close() {
     var _a3, _b3, _c;
     this.connected = false;
+    this.endpoint = void 0;
     (_a3 = this.sseConnection) == null ? void 0 : _a3.close();
     (_b3 = this.abortController) == null ? void 0 : _b3.abort();
     (_c = this.onclose) == null ? void 0 : _c.call(this);
@@ -1503,6 +1520,9 @@ var HttpMCPTransport = class {
     this.redirectMode = redirect;
     this.fetchFn = fetchFn != null ? fetchFn : globalThis.fetch;
   }
+  setProtocolVersion(version) {
+    this.protocolVersion = version;
+  }
   async commonHeaders(base) {
     var _a3;
     const headers = {
@@ -1946,8 +1966,12 @@ var DefaultMCPClient = class {
       }
       this.serverCapabilities = result.capabilities;
       this._serverInfo = result.serverInfo;
+      if (this.transport.setProtocolVersion) {
+        this.transport.setProtocolVersion(result.protocolVersion);
+      } else {
+        this.transport.protocolVersion = result.protocolVersion;
+      }
       this._serverInstructions = result.instructions;
-      this.transport.protocolVersion = result.protocolVersion;
       await this.notification({
         method: "notifications/initialized"
       });
@@ -2184,7 +2208,7 @@ var DefaultMCPClient = class {
       _meta
     } of definitions.tools) {
       const resolvedTitle = title != null ? title : annotations == null ? void 0 : annotations.title;
-      if (schemas !== "automatic" && !(name3 in schemas)) {
+      if (schemas !== "automatic" && !Object.prototype.hasOwnProperty.call(schemas, name3)) {
         continue;
       }
       const self = this;