@ai-sdk/mcp 2.0.0-beta.2 → 2.0.0-beta.20

package/CHANGELOG.md

@@ -1,5 +1,138 @@
 # @ai-sdk/mcp
 
+## 2.0.0-beta.20
+
+### Patch Changes
+
+- Updated dependencies [34bd95d]
+- Updated dependencies [008271d]
+  - @ai-sdk/provider@4.0.0-beta.8
+  - @ai-sdk/provider-utils@5.0.0-beta.14
+
+## 2.0.0-beta.19
+
+### Patch Changes
+
+- Updated dependencies [b0c2869]
+- Updated dependencies [7e26e81]
+  - @ai-sdk/provider-utils@5.0.0-beta.13
+
+## 2.0.0-beta.18
+
+### Patch Changes
+
+- e3ea484: fix(mcp): bypass outputSchema validation when tool returns isError
+
+## 2.0.0-beta.17
+
+### Patch Changes
+
+- a00d1d3: feat(mcp): allow custom fetch for HTTP and SSE transports
+
+## 2.0.0-beta.16
+
+### Patch Changes
+
+- Updated dependencies [46d1149]
+  - @ai-sdk/provider-utils@5.0.0-beta.12
+
+## 2.0.0-beta.15
+
+### Patch Changes
+
+- Updated dependencies [6fd51c0]
+  - @ai-sdk/provider-utils@5.0.0-beta.11
+  - @ai-sdk/provider@4.0.0-beta.7
+
+## 2.0.0-beta.14
+
+### Patch Changes
+
+- 1e89d62: fix(mcp): strip trailing slash from OAuth resource parameter
+- Updated dependencies [c29a26f]
+  - @ai-sdk/provider-utils@5.0.0-beta.10
+  - @ai-sdk/provider@4.0.0-beta.6
+
+## 2.0.0-beta.13
+
+### Patch Changes
+
+- Updated dependencies [2e17091]
+  - @ai-sdk/provider-utils@5.0.0-beta.9
+
+## 2.0.0-beta.12
+
+### Patch Changes
+
+- Updated dependencies [986c6fd]
+- Updated dependencies [493295c]
+  - @ai-sdk/provider-utils@5.0.0-beta.8
+
+## 2.0.0-beta.11
+
+### Patch Changes
+
+- Updated dependencies [1f509d4]
+  - @ai-sdk/provider-utils@5.0.0-beta.7
+  - @ai-sdk/provider@4.0.0-beta.5
+
+## 2.0.0-beta.10
+
+### Patch Changes
+
+- Updated dependencies [3887c70]
+  - @ai-sdk/provider-utils@5.0.0-beta.6
+  - @ai-sdk/provider@4.0.0-beta.4
+
+## 2.0.0-beta.9
+
+### Patch Changes
+
+- Updated dependencies [776b617]
+  - @ai-sdk/provider-utils@5.0.0-beta.5
+  - @ai-sdk/provider@4.0.0-beta.3
+
+## 2.0.0-beta.8
+
+### Patch Changes
+
+- Updated dependencies [61753c3]
+  - @ai-sdk/provider-utils@5.0.0-beta.4
+
+## 2.0.0-beta.7
+
+### Major Changes
+
+- 23fa161: fix(mcp): setting redirect: error for MCP transport
+
+## 2.0.0-beta.6
+
+### Patch Changes
+
+- 58c9eb1: feat(mcp): add `redirect` option to `MCPTransportConfig` for controlling HTTP redirect behavior
+
+## 2.0.0-beta.5
+
+### Patch Changes
+
+- Updated dependencies [f7d4f01]
+  - @ai-sdk/provider-utils@5.0.0-beta.3
+  - @ai-sdk/provider@4.0.0-beta.2
+
+## 2.0.0-beta.4
+
+### Patch Changes
+
+- Updated dependencies [5c2a5a2]
+  - @ai-sdk/provider@4.0.0-beta.1
+  - @ai-sdk/provider-utils@5.0.0-beta.2
+
+## 2.0.0-beta.3
+
+### Patch Changes
+
+- b9b3899: fix(mcp): validate state param in oauth flow
+
 ## 2.0.0-beta.2
 
 ### Patch Changes
@@ -213,15 +346,15 @@
   This change replaces
 
   ```ts
-  import { experimental_createMCPClient } from 'ai';
-  import { Experimental_StdioMCPTransport } from 'ai/mcp-stdio';
+  import { experimental_createMCPClient } from "ai";
+  import { Experimental_StdioMCPTransport } from "ai/mcp-stdio";
   ```
 
   with
 
   ```ts
-  import { experimental_createMCPClient } from '@ai-sdk/mcp';
-  import { Experimental_StdioMCPTransport } from '@ai-sdk/mcp/mcp-stdio';
+  import { experimental_createMCPClient } from "@ai-sdk/mcp";
+  import { Experimental_StdioMCPTransport } from "@ai-sdk/mcp/mcp-stdio";
   ```
 
 ### Patch Changes
@@ -587,13 +720,13 @@
   This change replaces
 
   ```ts
-  import { experimental_createMCPClient } from 'ai';
-  import { Experimental_StdioMCPTransport } from 'ai/mcp-stdio';
+  import { experimental_createMCPClient } from "ai";
+  import { Experimental_StdioMCPTransport } from "ai/mcp-stdio";
   ```
 
   with
 
   ```ts
-  import { experimental_createMCPClient } from '@ai-sdk/mcp';
-  import { Experimental_StdioMCPTransport } from '@ai-sdk/mcp/mcp-stdio';
+  import { experimental_createMCPClient } from "@ai-sdk/mcp";
+  import { Experimental_StdioMCPTransport } from "@ai-sdk/mcp/mcp-stdio";
   ```

package/dist/index.d.mts

@@ -182,6 +182,8 @@ interface OAuthClientProvider {
     clientInformation(): OAuthClientInformation | undefined | Promise<OAuthClientInformation | undefined>;
     saveClientInformation?(clientInformation: OAuthClientInformation): void | Promise<void>;
     state?(): string | Promise<string>;
+    saveState?(state: string): void | Promise<void>;
+    storedState?(): string | undefined | Promise<string | undefined>;
     validateResourceURL?(serverUrl: string | URL, resource?: string): Promise<URL | undefined>;
 }
 declare class UnauthorizedError extends Error {
@@ -190,6 +192,7 @@ declare class UnauthorizedError extends Error {
 declare function auth(provider: OAuthClientProvider, options: {
     serverUrl: string | URL;
     authorizationCode?: string;
+    callbackState?: string;
     scope?: string;
     resourceMetadataUrl?: URL;
     fetchFn?: FetchFunction;
@@ -240,6 +243,19 @@ type MCPTransportConfig = {
      * An optional OAuth client provider to use for authentication for MCP servers.
      */
     authProvider?: OAuthClientProvider;
+    /**
+     * Controls how HTTP redirects are handled for transport requests.
+     * - `'follow'`: Follow redirects automatically (standard fetch behavior).
+     * - `'error'`: Reject any redirect response with an error.
+     * @default 'error'
+     */
+    redirect?: 'follow' | 'error';
+    /**
+     * Optional custom fetch implementation to use for HTTP requests.
+     * Useful for runtimes that need a request-local fetch.
+     * @default globalThis.fetch
+     */
+    fetch?: FetchFunction;
 };
 
 /** MCP tool metadata - keys should follow MCP _meta key format specification */

package/dist/index.d.ts

@@ -182,6 +182,8 @@ interface OAuthClientProvider {
     clientInformation(): OAuthClientInformation | undefined | Promise<OAuthClientInformation | undefined>;
     saveClientInformation?(clientInformation: OAuthClientInformation): void | Promise<void>;
     state?(): string | Promise<string>;
+    saveState?(state: string): void | Promise<void>;
+    storedState?(): string | undefined | Promise<string | undefined>;
     validateResourceURL?(serverUrl: string | URL, resource?: string): Promise<URL | undefined>;
 }
 declare class UnauthorizedError extends Error {
@@ -190,6 +192,7 @@ declare class UnauthorizedError extends Error {
 declare function auth(provider: OAuthClientProvider, options: {
     serverUrl: string | URL;
     authorizationCode?: string;
+    callbackState?: string;
     scope?: string;
     resourceMetadataUrl?: URL;
     fetchFn?: FetchFunction;
@@ -240,6 +243,19 @@ type MCPTransportConfig = {
      * An optional OAuth client provider to use for authentication for MCP servers.
      */
     authProvider?: OAuthClientProvider;
+    /**
+     * Controls how HTTP redirects are handled for transport requests.
+     * - `'follow'`: Follow redirects automatically (standard fetch behavior).
+     * - `'error'`: Reject any redirect response with an error.
+     * @default 'error'
+     */
+    redirect?: 'follow' | 'error';
+    /**
+     * Optional custom fetch implementation to use for HTTP requests.
+     * Useful for runtimes that need a request-local fetch.
+     * @default globalThis.fetch
+     */
+    fetch?: FetchFunction;
 };
 
 /** MCP tool metadata - keys should follow MCP _meta key format specification */

package/dist/index.js

@@ -28,8 +28,8 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // src/index.ts
-var src_exports = {};
-__export(src_exports, {
+var index_exports = {};
+__export(index_exports, {
   ElicitResultSchema: () => ElicitResultSchema,
   ElicitationRequestSchema: () => ElicitationRequestSchema,
   UnauthorizedError: () => UnauthorizedError,
@@ -37,7 +37,7 @@ __export(src_exports, {
   createMCPClient: () => createMCPClient,
   experimental_createMCPClient: () => createMCPClient
 });
-module.exports = __toCommonJS(src_exports);
+module.exports = __toCommonJS(index_exports);
 
 // src/tool/mcp-client.ts
 var import_provider_utils3 = require("@ai-sdk/provider-utils");
@@ -468,6 +468,13 @@ function resourceUrlFromServerUrl(url) {
   resourceURL.hash = "";
   return resourceURL;
 }
+function resourceUrlStripSlash(resource) {
+  const href = resource.href;
+  if (resource.pathname === "/" && href.endsWith("/")) {
+    return href.slice(0, -1);
+  }
+  return href;
+}
 function checkResourceAllowed({
   requestedResource,
   configuredResource
@@ -706,7 +713,10 @@ async function startAuthorization(authorizationServerUrl, {
     authorizationUrl.searchParams.append("prompt", "consent");
   }
   if (resource) {
-    authorizationUrl.searchParams.set("resource", resource.href);
+    authorizationUrl.searchParams.set(
+      "resource",
+      resourceUrlStripSlash(resource)
+    );
   }
   return { authorizationUrl, codeVerifier };
 }
@@ -815,7 +825,7 @@ async function exchangeAuthorization(authorizationServerUrl, {
     applyClientAuthentication(authMethod, clientInformation, headers, params);
   }
   if (resource) {
-    params.set("resource", resource.href);
+    params.set("resource", resourceUrlStripSlash(resource));
   }
   const response = await (fetchFn != null ? fetchFn : fetch)(tokenUrl, {
     method: "POST",
@@ -867,7 +877,7 @@ async function refreshAuthorization(authorizationServerUrl, {
     applyClientAuthentication(authMethod, clientInformation, headers, params);
   }
   if (resource) {
-    params.set("resource", resource.href);
+    params.set("resource", resourceUrlStripSlash(resource));
   }
   const response = await (fetchFn != null ? fetchFn : fetch)(tokenUrl, {
     method: "POST",
@@ -949,6 +959,7 @@ async function selectResourceURL(serverUrl, provider, resourceMetadata) {
 async function authInternal(provider, {
   serverUrl,
   authorizationCode,
+  callbackState,
   scope,
   resourceMetadataUrl,
   fetchFn
@@ -1001,6 +1012,14 @@ async function authInternal(provider, {
     clientInformation = fullInformation;
   }
   if (authorizationCode !== void 0) {
+    if (provider.storedState) {
+      const expectedState = await provider.storedState();
+      if (expectedState !== void 0 && expectedState !== callbackState) {
+        throw new Error(
+          "OAuth state parameter mismatch - possible CSRF attack"
+        );
+      }
+    }
     const codeVerifier2 = await provider.codeVerifier();
     const tokens2 = await exchangeAuthorization(authorizationServerUrl, {
       metadata,
@@ -1039,6 +1058,9 @@ async function authInternal(provider, {
     }
   }
   const state = provider.state ? await provider.state() : void 0;
+  if (state && provider.saveState) {
+    await provider.saveState(state);
+  }
   const { authorizationUrl, codeVerifier } = await startAuthorization(
     authorizationServerUrl,
     {
@@ -1060,12 +1082,16 @@ var SseMCPTransport = class {
   constructor({
     url,
     headers,
-    authProvider
+    authProvider,
+    redirect = "error",
+    fetch: fetchFn
   }) {
     this.connected = false;
     this.url = new URL(url);
     this.headers = headers;
     this.authProvider = authProvider;
+    this.redirectMode = redirect;
+    this.fetchFn = fetchFn != null ? fetchFn : globalThis.fetch;
   }
   async commonHeaders(base) {
     const headers = {
@@ -1097,16 +1123,18 @@ var SseMCPTransport = class {
           const headers = await this.commonHeaders({
             Accept: "text/event-stream"
           });
-          const response = await fetch(this.url.href, {
+          const response = await this.fetchFn(this.url.href, {
             headers,
-            signal: (_a3 = this.abortController) == null ? void 0 : _a3.signal
+            signal: (_a3 = this.abortController) == null ? void 0 : _a3.signal,
+            redirect: this.redirectMode
           });
           if (response.status === 401 && this.authProvider && !triedAuth) {
             this.resourceMetadataUrl = extractResourceMetadataUrl(response);
             try {
               const result = await auth(this.authProvider, {
                 serverUrl: this.url,
-                resourceMetadataUrl: this.resourceMetadataUrl
+                resourceMetadataUrl: this.resourceMetadataUrl,
+                fetchFn: this.fetchFn
               });
               if (result !== "AUTHORIZED") {
                 const error = new UnauthorizedError();
@@ -1218,15 +1246,17 @@ var SseMCPTransport = class {
           method: "POST",
           headers,
           body: JSON.stringify(message),
-          signal: (_a3 = this.abortController) == null ? void 0 : _a3.signal
+          signal: (_a3 = this.abortController) == null ? void 0 : _a3.signal,
+          redirect: this.redirectMode
         };
-        const response = await fetch(endpoint, init);
+        const response = await this.fetchFn(endpoint.href, init);
         if (response.status === 401 && this.authProvider && !triedAuth) {
           this.resourceMetadataUrl = extractResourceMetadataUrl(response);
           try {
             const result = await auth(this.authProvider, {
               serverUrl: this.url,
-              resourceMetadataUrl: this.resourceMetadataUrl
+              resourceMetadataUrl: this.resourceMetadataUrl,
+              fetchFn: this.fetchFn
             });
             if (result !== "AUTHORIZED") {
               const error = new UnauthorizedError();
@@ -1262,7 +1292,9 @@ var HttpMCPTransport = class {
   constructor({
     url,
     headers,
-    authProvider
+    authProvider,
+    redirect = "error",
+    fetch: fetchFn
   }) {
     this.inboundReconnectAttempts = 0;
     this.reconnectionOptions = {
@@ -1274,6 +1306,8 @@ var HttpMCPTransport = class {
     this.url = new URL(url);
     this.headers = headers;
     this.authProvider = authProvider;
+    this.redirectMode = redirect;
+    this.fetchFn = fetchFn != null ? fetchFn : globalThis.fetch;
   }
   async commonHeaders(base) {
     const headers = {
@@ -1311,10 +1345,11 @@ var HttpMCPTransport = class {
     try {
       if (this.sessionId && this.abortController && !this.abortController.signal.aborted) {
         const headers = await this.commonHeaders({});
-        await fetch(this.url, {
+        await this.fetchFn(this.url.href, {
           method: "DELETE",
           headers,
-          signal: this.abortController.signal
+          signal: this.abortController.signal,
+          redirect: this.redirectMode
         }).catch(() => void 0);
       }
     } catch (e) {
@@ -1334,9 +1369,10 @@ var HttpMCPTransport = class {
           method: "POST",
           headers,
           body: JSON.stringify(message),
-          signal: (_a3 = this.abortController) == null ? void 0 : _a3.signal
+          signal: (_a3 = this.abortController) == null ? void 0 : _a3.signal,
+          redirect: this.redirectMode
         };
-        const response = await fetch(this.url, init);
+        const response = await this.fetchFn(this.url.href, init);
         const sessionId = response.headers.get("mcp-session-id");
         if (sessionId) {
           this.sessionId = sessionId;
@@ -1346,7 +1382,8 @@ var HttpMCPTransport = class {
           try {
             const result = await auth(this.authProvider, {
               serverUrl: this.url,
-              resourceMetadataUrl: this.resourceMetadataUrl
+              resourceMetadataUrl: this.resourceMetadataUrl,
+              fetchFn: this.fetchFn
             });
             if (result !== "AUTHORIZED") {
               const error2 = new UnauthorizedError();
@@ -1480,10 +1517,11 @@ var HttpMCPTransport = class {
       if (resumeToken) {
         headers["last-event-id"] = resumeToken;
       }
-      const response = await fetch(this.url.href, {
+      const response = await this.fetchFn(this.url.href, {
         method: "GET",
         headers,
-        signal: (_a3 = this.abortController) == null ? void 0 : _a3.signal
+        signal: (_a3 = this.abortController) == null ? void 0 : _a3.signal,
+        redirect: this.redirectMode
       });
       const sessionId = response.headers.get("mcp-session-id");
       if (sessionId) {
@@ -1494,7 +1532,8 @@ var HttpMCPTransport = class {
         try {
           const result = await auth(this.authProvider, {
             serverUrl: this.url,
-            resourceMetadataUrl: this.resourceMetadataUrl
+            resourceMetadataUrl: this.resourceMetadataUrl,
+            fetchFn: this.fetchFn
           });
           if (result !== "AUTHORIZED") {
             const error = new UnauthorizedError();
@@ -1929,6 +1968,9 @@ var DefaultMCPClient = class {
         var _a4;
         (_a4 = options == null ? void 0 : options.abortSignal) == null ? void 0 : _a4.throwIfAborted();
         const result = await self.callTool({ name: name3, args, options });
+        if (result.isError) {
+          return result;
+        }
         if (outputSchema != null) {
           return self.extractStructuredContent(result, outputSchema, name3);
         }