@ai-sdk/mcp 1.0.48 → 1.0.49
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +19 -0
- package/dist/index.js +17 -8
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +17 -8
- package/dist/index.mjs.map +1 -1
- package/package.json +4 -4
- package/src/tool/mcp-client.ts +4 -1
- package/src/tool/mcp-sse-transport.ts +13 -3
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,24 @@
|
|
|
1
1
|
# @ai-sdk/mcp
|
|
2
2
|
|
|
3
|
+
## 1.0.49
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- 3e8d9ba: fix(mcp): lock first sse endpoint received via event
|
|
8
|
+
- 4fa7354: fix(mcp): prevent prototype-named tools from bypassing the `schemas` allowlist
|
|
9
|
+
|
|
10
|
+
When using `client.tools({ schemas })` to expose only an explicitly allowed
|
|
11
|
+
subset of an MCP server's tools, the allowlist check used the `in` operator,
|
|
12
|
+
which also matches inherited `Object.prototype` properties. A server-advertised
|
|
13
|
+
tool named `constructor`, `toString`, `__proto__`, etc. would pass the check
|
|
14
|
+
even though the developer never defined it in `schemas`, and was then exposed to
|
|
15
|
+
the model and executable. The check now uses `Object.hasOwn`, so only
|
|
16
|
+
explicitly defined tools are returned.
|
|
17
|
+
|
|
18
|
+
- Updated dependencies [bfa5864]
|
|
19
|
+
- Updated dependencies [f42aa79]
|
|
20
|
+
- @ai-sdk/provider-utils@4.0.29
|
|
21
|
+
|
|
3
22
|
## 1.0.48
|
|
4
23
|
|
|
5
24
|
### Patch Changes
|
package/dist/index.js
CHANGED
|
@@ -1365,7 +1365,7 @@ var SseMCPTransport = class {
|
|
|
1365
1365
|
const stream = response.body.pipeThrough(new TextDecoderStream()).pipeThrough(new import_provider_utils3.EventSourceParserStream());
|
|
1366
1366
|
const reader = stream.getReader();
|
|
1367
1367
|
const processEvents = async () => {
|
|
1368
|
-
var _a4, _b4, _c2;
|
|
1368
|
+
var _a4, _b4, _c2, _d2, _e2;
|
|
1369
1369
|
try {
|
|
1370
1370
|
while (true) {
|
|
1371
1371
|
const { done, value } = await reader.read();
|
|
@@ -1380,24 +1380,32 @@ var SseMCPTransport = class {
|
|
|
1380
1380
|
}
|
|
1381
1381
|
const { event, data } = value;
|
|
1382
1382
|
if (event === "endpoint") {
|
|
1383
|
-
|
|
1384
|
-
|
|
1383
|
+
if (this.endpoint) {
|
|
1384
|
+
continue;
|
|
1385
|
+
}
|
|
1386
|
+
const endpoint = new URL(data, this.url);
|
|
1387
|
+
if (endpoint.origin !== this.url.origin) {
|
|
1388
|
+
this.connected = false;
|
|
1389
|
+
this.endpoint = void 0;
|
|
1390
|
+
(_a4 = this.sseConnection) == null ? void 0 : _a4.close();
|
|
1391
|
+
(_b4 = this.abortController) == null ? void 0 : _b4.abort();
|
|
1385
1392
|
throw new MCPClientError({
|
|
1386
|
-
message: `MCP SSE Transport Error: Endpoint origin does not match connection origin: ${
|
|
1393
|
+
message: `MCP SSE Transport Error: Endpoint origin does not match connection origin: ${endpoint.origin}`
|
|
1387
1394
|
});
|
|
1388
1395
|
}
|
|
1396
|
+
this.endpoint = endpoint;
|
|
1389
1397
|
this.connected = true;
|
|
1390
1398
|
resolve();
|
|
1391
1399
|
} else if (event === "message") {
|
|
1392
1400
|
try {
|
|
1393
1401
|
const message = await parseJSONRPCMessage(data);
|
|
1394
|
-
(
|
|
1402
|
+
(_c2 = this.onmessage) == null ? void 0 : _c2.call(this, message);
|
|
1395
1403
|
} catch (error) {
|
|
1396
1404
|
const e = new MCPClientError({
|
|
1397
1405
|
message: "MCP SSE Transport Error: Failed to parse message",
|
|
1398
1406
|
cause: error
|
|
1399
1407
|
});
|
|
1400
|
-
(
|
|
1408
|
+
(_d2 = this.onerror) == null ? void 0 : _d2.call(this, e);
|
|
1401
1409
|
}
|
|
1402
1410
|
}
|
|
1403
1411
|
}
|
|
@@ -1405,7 +1413,7 @@ var SseMCPTransport = class {
|
|
|
1405
1413
|
if (error instanceof Error && error.name === "AbortError") {
|
|
1406
1414
|
return;
|
|
1407
1415
|
}
|
|
1408
|
-
(
|
|
1416
|
+
(_e2 = this.onerror) == null ? void 0 : _e2.call(this, error);
|
|
1409
1417
|
reject(error);
|
|
1410
1418
|
}
|
|
1411
1419
|
};
|
|
@@ -1427,6 +1435,7 @@ var SseMCPTransport = class {
|
|
|
1427
1435
|
async close() {
|
|
1428
1436
|
var _a3, _b3, _c;
|
|
1429
1437
|
this.connected = false;
|
|
1438
|
+
this.endpoint = void 0;
|
|
1430
1439
|
(_a3 = this.sseConnection) == null ? void 0 : _a3.close();
|
|
1431
1440
|
(_b3 = this.abortController) == null ? void 0 : _b3.abort();
|
|
1432
1441
|
(_c = this.onclose) == null ? void 0 : _c.call(this);
|
|
@@ -2199,7 +2208,7 @@ var DefaultMCPClient = class {
|
|
|
2199
2208
|
_meta
|
|
2200
2209
|
} of definitions.tools) {
|
|
2201
2210
|
const resolvedTitle = title != null ? title : annotations == null ? void 0 : annotations.title;
|
|
2202
|
-
if (schemas !== "automatic" && !(name3
|
|
2211
|
+
if (schemas !== "automatic" && !Object.prototype.hasOwnProperty.call(schemas, name3)) {
|
|
2203
2212
|
continue;
|
|
2204
2213
|
}
|
|
2205
2214
|
const self = this;
|