@ai-sdk/mcp 2.0.0-beta.1 → 2.0.0-beta.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +12 -0
- package/dist/index.d.mts +3 -0
- package/dist/index.d.ts +3 -0
- package/dist/index.js +14 -1
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +14 -1
- package/dist/index.mjs.map +1 -1
- package/dist/mcp-stdio/index.js.map +1 -1
- package/dist/mcp-stdio/index.mjs.map +1 -1
- package/package.json +1 -1
- package/src/tool/mock-mcp-transport.ts +2 -1
- package/src/tool/oauth.ts +17 -0
- package/src/tool/types.ts +2 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,17 @@
|
|
|
1
1
|
# @ai-sdk/mcp
|
|
2
2
|
|
|
3
|
+
## 2.0.0-beta.3
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- b9b3899: changeset for #13384
|
|
8
|
+
|
|
9
|
+
## 2.0.0-beta.2
|
|
10
|
+
|
|
11
|
+
### Patch Changes
|
|
12
|
+
|
|
13
|
+
- 9ecd8ae: fix(mcp): add MCP protocol version 2025-11-25 to supported versions
|
|
14
|
+
|
|
3
15
|
## 2.0.0-beta.1
|
|
4
16
|
|
|
5
17
|
### Patch Changes
|
package/dist/index.d.mts
CHANGED
|
@@ -182,6 +182,8 @@ interface OAuthClientProvider {
|
|
|
182
182
|
clientInformation(): OAuthClientInformation | undefined | Promise<OAuthClientInformation | undefined>;
|
|
183
183
|
saveClientInformation?(clientInformation: OAuthClientInformation): void | Promise<void>;
|
|
184
184
|
state?(): string | Promise<string>;
|
|
185
|
+
saveState?(state: string): void | Promise<void>;
|
|
186
|
+
storedState?(): string | undefined | Promise<string | undefined>;
|
|
185
187
|
validateResourceURL?(serverUrl: string | URL, resource?: string): Promise<URL | undefined>;
|
|
186
188
|
}
|
|
187
189
|
declare class UnauthorizedError extends Error {
|
|
@@ -190,6 +192,7 @@ declare class UnauthorizedError extends Error {
|
|
|
190
192
|
declare function auth(provider: OAuthClientProvider, options: {
|
|
191
193
|
serverUrl: string | URL;
|
|
192
194
|
authorizationCode?: string;
|
|
195
|
+
callbackState?: string;
|
|
193
196
|
scope?: string;
|
|
194
197
|
resourceMetadataUrl?: URL;
|
|
195
198
|
fetchFn?: FetchFunction;
|
package/dist/index.d.ts
CHANGED
|
@@ -182,6 +182,8 @@ interface OAuthClientProvider {
|
|
|
182
182
|
clientInformation(): OAuthClientInformation | undefined | Promise<OAuthClientInformation | undefined>;
|
|
183
183
|
saveClientInformation?(clientInformation: OAuthClientInformation): void | Promise<void>;
|
|
184
184
|
state?(): string | Promise<string>;
|
|
185
|
+
saveState?(state: string): void | Promise<void>;
|
|
186
|
+
storedState?(): string | undefined | Promise<string | undefined>;
|
|
185
187
|
validateResourceURL?(serverUrl: string | URL, resource?: string): Promise<URL | undefined>;
|
|
186
188
|
}
|
|
187
189
|
declare class UnauthorizedError extends Error {
|
|
@@ -190,6 +192,7 @@ declare class UnauthorizedError extends Error {
|
|
|
190
192
|
declare function auth(provider: OAuthClientProvider, options: {
|
|
191
193
|
serverUrl: string | URL;
|
|
192
194
|
authorizationCode?: string;
|
|
195
|
+
callbackState?: string;
|
|
193
196
|
scope?: string;
|
|
194
197
|
resourceMetadataUrl?: URL;
|
|
195
198
|
fetchFn?: FetchFunction;
|
package/dist/index.js
CHANGED
|
@@ -74,9 +74,10 @@ var import_v42 = require("zod/v4");
|
|
|
74
74
|
|
|
75
75
|
// src/tool/types.ts
|
|
76
76
|
var import_v4 = require("zod/v4");
|
|
77
|
-
var LATEST_PROTOCOL_VERSION = "2025-
|
|
77
|
+
var LATEST_PROTOCOL_VERSION = "2025-11-25";
|
|
78
78
|
var SUPPORTED_PROTOCOL_VERSIONS = [
|
|
79
79
|
LATEST_PROTOCOL_VERSION,
|
|
80
|
+
"2025-06-18",
|
|
80
81
|
"2025-03-26",
|
|
81
82
|
"2024-11-05"
|
|
82
83
|
];
|
|
@@ -948,6 +949,7 @@ async function selectResourceURL(serverUrl, provider, resourceMetadata) {
|
|
|
948
949
|
async function authInternal(provider, {
|
|
949
950
|
serverUrl,
|
|
950
951
|
authorizationCode,
|
|
952
|
+
callbackState,
|
|
951
953
|
scope,
|
|
952
954
|
resourceMetadataUrl,
|
|
953
955
|
fetchFn
|
|
@@ -1000,6 +1002,14 @@ async function authInternal(provider, {
|
|
|
1000
1002
|
clientInformation = fullInformation;
|
|
1001
1003
|
}
|
|
1002
1004
|
if (authorizationCode !== void 0) {
|
|
1005
|
+
if (provider.storedState) {
|
|
1006
|
+
const expectedState = await provider.storedState();
|
|
1007
|
+
if (expectedState !== void 0 && expectedState !== callbackState) {
|
|
1008
|
+
throw new Error(
|
|
1009
|
+
"OAuth state parameter mismatch - possible CSRF attack"
|
|
1010
|
+
);
|
|
1011
|
+
}
|
|
1012
|
+
}
|
|
1003
1013
|
const codeVerifier2 = await provider.codeVerifier();
|
|
1004
1014
|
const tokens2 = await exchangeAuthorization(authorizationServerUrl, {
|
|
1005
1015
|
metadata,
|
|
@@ -1038,6 +1048,9 @@ async function authInternal(provider, {
|
|
|
1038
1048
|
}
|
|
1039
1049
|
}
|
|
1040
1050
|
const state = provider.state ? await provider.state() : void 0;
|
|
1051
|
+
if (state && provider.saveState) {
|
|
1052
|
+
await provider.saveState(state);
|
|
1053
|
+
}
|
|
1041
1054
|
const { authorizationUrl, codeVerifier } = await startAuthorization(
|
|
1042
1055
|
authorizationServerUrl,
|
|
1043
1056
|
{
|