@ai-sdk/mcp 2.0.0-beta.5 → 2.0.0-beta.66

package/src/tool/mcp-sse-transport.ts

@@ -2,19 +2,24 @@ import {
   EventSourceParserStream,
   withUserAgentSuffix,
   getRuntimeEnvironmentUserAgent,
+  type FetchFunction,
 } from '@ai-sdk/provider-utils';
 import { MCPClientError } from '../error/mcp-client-error';
-import { JSONRPCMessage, JSONRPCMessageSchema } from './json-rpc-message';
-import { MCPTransport } from './mcp-transport';
+import { parseJSONRPCMessage, type JSONRPCMessage } from './json-rpc-message';
+import type { MCPTransport } from './mcp-transport';
 import { VERSION } from '../version';
 import {
-  OAuthClientProvider,
   extractResourceMetadataUrl,
   UnauthorizedError,
   auth,
+  type OAuthClientProvider,
 } from './oauth';
 import { LATEST_PROTOCOL_VERSION } from './types';
 
+function isMessageEvent(event: string | undefined): boolean {
+  return event === undefined || event === 'message';
+}
+
 export class SseMCPTransport implements MCPTransport {
   private endpoint?: URL;
   private abortController?: AbortController;
@@ -26,23 +31,36 @@ export class SseMCPTransport implements MCPTransport {
   private headers?: Record<string, string>;
   private authProvider?: OAuthClientProvider;
   private resourceMetadataUrl?: URL;
+  private redirectMode: RequestRedirect;
+  private fetchFn: FetchFunction;
 
   onclose?: () => void;
   onerror?: (error: unknown) => void;
   onmessage?: (message: JSONRPCMessage) => void;
+  protocolVersion?: string;
 
   constructor({
     url,
     headers,
     authProvider,
+    redirect = 'error',
+    fetch: fetchFn,
   }: {
     url: string;
     headers?: Record<string, string>;
     authProvider?: OAuthClientProvider;
+    redirect?: 'follow' | 'error';
+    fetch?: FetchFunction;
   }) {
     this.url = new URL(url);
     this.headers = headers;
     this.authProvider = authProvider;
+    this.redirectMode = redirect;
+    this.fetchFn = fetchFn ?? globalThis.fetch;
+  }
+
+  setProtocolVersion(version: string): void {
+    this.protocolVersion = version;
   }
 
   private async commonHeaders(
@@ -51,7 +69,7 @@ export class SseMCPTransport implements MCPTransport {
     const headers: Record<string, string> = {
       ...this.headers,
       ...base,
-      'mcp-protocol-version': LATEST_PROTOCOL_VERSION,
+      'mcp-protocol-version': this.protocolVersion ?? LATEST_PROTOCOL_VERSION,
     };
 
     if (this.authProvider) {
@@ -81,9 +99,10 @@ export class SseMCPTransport implements MCPTransport {
           const headers = await this.commonHeaders({
             Accept: 'text/event-stream',
           });
-          const response = await fetch(this.url.href, {
+          const response = await this.fetchFn(this.url.href, {
             headers,
             signal: this.abortController?.signal,
+            redirect: this.redirectMode,
           });
 
           if (response.status === 401 && this.authProvider && !triedAuth) {
@@ -92,6 +111,7 @@ export class SseMCPTransport implements MCPTransport {
               const result = await auth(this.authProvider, {
                 serverUrl: this.url,
                 resourceMetadataUrl: this.resourceMetadataUrl,
+                fetchFn: this.fetchFn,
               });
               if (result !== 'AUTHORIZED') {
                 const error = new UnauthorizedError();
@@ -145,21 +165,28 @@ export class SseMCPTransport implements MCPTransport {
                 const { event, data } = value;
 
                 if (event === 'endpoint') {
-                  this.endpoint = new URL(data, this.url);
+                  if (this.endpoint) {
+                    continue;
+                  }
+
+                  const endpoint = new URL(data, this.url);
 
-                  if (this.endpoint.origin !== this.url.origin) {
+                  if (endpoint.origin !== this.url.origin) {
+                    this.connected = false;
+                    this.endpoint = undefined;
+                    this.sseConnection?.close();
+                    this.abortController?.abort();
                     throw new MCPClientError({
-                      message: `MCP SSE Transport Error: Endpoint origin does not match connection origin: ${this.endpoint.origin}`,
+                      message: `MCP SSE Transport Error: Endpoint origin does not match connection origin: ${endpoint.origin}`,
                     });
                   }
 
+                  this.endpoint = endpoint;
                   this.connected = true;
                   resolve();
-                } else if (event === 'message') {
+                } else if (isMessageEvent(event)) {
                   try {
-                    const message = JSONRPCMessageSchema.parse(
-                      JSON.parse(data),
-                    );
+                    const message = await parseJSONRPCMessage(data);
                     this.onmessage?.(message);
                   } catch (error) {
                     const e = new MCPClientError({
@@ -203,6 +230,7 @@ export class SseMCPTransport implements MCPTransport {
 
   async close(): Promise<void> {
     this.connected = false;
+    this.endpoint = undefined;
     this.sseConnection?.close();
     this.abortController?.abort();
     this.onclose?.();
@@ -227,9 +255,10 @@ export class SseMCPTransport implements MCPTransport {
           headers,
           body: JSON.stringify(message),
           signal: this.abortController?.signal,
+          redirect: this.redirectMode,
         };
 
-        const response = await fetch(endpoint, init);
+        const response = await this.fetchFn(endpoint.href, init);
 
         if (response.status === 401 && this.authProvider && !triedAuth) {
           this.resourceMetadataUrl = extractResourceMetadataUrl(response);
@@ -237,6 +266,7 @@ export class SseMCPTransport implements MCPTransport {
             const result = await auth(this.authProvider, {
               serverUrl: this.url,
               resourceMetadataUrl: this.resourceMetadataUrl,
+              fetchFn: this.fetchFn,
             });
             if (result !== 'AUTHORIZED') {
               const error = new UnauthorizedError();
@@ -267,6 +297,8 @@ export class SseMCPTransport implements MCPTransport {
   }
 }
 
-export function deserializeMessage(line: string): JSONRPCMessage {
-  return JSONRPCMessageSchema.parse(JSON.parse(line));
+export async function deserializeMessage(
+  line: string,
+): Promise<JSONRPCMessage> {
+  return parseJSONRPCMessage(line);
 }

package/src/tool/mcp-stdio/create-child-process.ts

@@ -1,6 +1,6 @@
-import { ChildProcess, spawn } from 'node:child_process';
+import { spawn, type ChildProcess } from 'node:child_process';
 import { getEnvironment } from './get-environment';
-import { StdioConfig } from './mcp-stdio-transport';
+import type { StdioConfig } from './mcp-stdio-transport';
 
 export function createChildProcess(
   config: StdioConfig,

package/src/tool/mcp-stdio/mcp-stdio-transport.ts

@@ -1,7 +1,7 @@
 import type { ChildProcess, IOType } from 'node:child_process';
-import { Stream } from 'node:stream';
-import { JSONRPCMessage, JSONRPCMessageSchema } from '../json-rpc-message';
-import { MCPTransport } from '../mcp-transport';
+import type { Stream } from 'node:stream';
+import { parseJSONRPCMessage, type JSONRPCMessage } from '../json-rpc-message';
+import type { MCPTransport } from '../mcp-transport';
 import { MCPClientError } from '../../error/mcp-client-error';
 import { createChildProcess } from './create-child-process';
 
@@ -68,7 +68,7 @@ export class StdioMCPTransport implements MCPTransport {
 
         this.process.stdout?.on('data', chunk => {
           this.readBuffer.append(chunk);
-          this.processReadBuffer();
+          void this.processReadBuffer();
         });
 
         this.process.stdout?.on('error', error => {
@@ -81,14 +81,15 @@ export class StdioMCPTransport implements MCPTransport {
     });
   }
 
-  private processReadBuffer() {
+  private async processReadBuffer() {
     while (true) {
-      try {
-        const message = this.readBuffer.readMessage();
-        if (message === null) {
-          break;
-        }
+      const line = this.readBuffer.readLine();
+      if (line === null) {
+        break;
+      }
 
+      try {
+        const message = await deserializeMessage(line);
         this.onmessage?.(message);
       } catch (error) {
         this.onerror?.(error as Error);
@@ -127,7 +128,7 @@ class ReadBuffer {
     this.buffer = this.buffer ? Buffer.concat([this.buffer, chunk]) : chunk;
   }
 
-  readMessage(): JSONRPCMessage | null {
+  readLine(): string | null {
     if (!this.buffer) return null;
 
     const index = this.buffer.indexOf('\n');
@@ -137,7 +138,7 @@ class ReadBuffer {
 
     const line = this.buffer.toString('utf8', 0, index);
     this.buffer = this.buffer.subarray(index + 1);
-    return deserializeMessage(line);
+    return line;
   }
 
   clear(): void {
@@ -149,6 +150,8 @@ function serializeMessage(message: JSONRPCMessage): string {
   return JSON.stringify(message) + '\n';
 }
 
-export function deserializeMessage(line: string): JSONRPCMessage {
-  return JSONRPCMessageSchema.parse(JSON.parse(line));
+export async function deserializeMessage(
+  line: string,
+): Promise<JSONRPCMessage> {
+  return parseJSONRPCMessage(line);
 }

package/src/tool/mcp-transport.ts

@@ -1,8 +1,9 @@
+import type { FetchFunction } from '@ai-sdk/provider-utils';
 import { MCPClientError } from '../error/mcp-client-error';
-import { JSONRPCMessage } from './json-rpc-message';
+import type { JSONRPCMessage } from './json-rpc-message';
 import { SseMCPTransport } from './mcp-sse-transport';
 import { HttpMCPTransport } from './mcp-http-transport';
-import { OAuthClientProvider } from './oauth';
+import type { OAuthClientProvider } from './oauth';
 
 /**
  * Transport interface for MCP (Model Context Protocol) communication.
@@ -39,6 +40,16 @@ export interface MCPTransport {
    * Event handler for received messages
    */
   onmessage?: (message: JSONRPCMessage) => void;
+
+  /**
+   * The protocol version negotiated during initialization.
+   */
+  protocolVersion?: string;
+
+  /**
+   * Set the protocol version negotiated during initialization.
+   */
+  setProtocolVersion?(version: string): void;
 }
 
 export type MCPTransportConfig = {
@@ -58,6 +69,21 @@ export type MCPTransportConfig = {
    * An optional OAuth client provider to use for authentication for MCP servers.
    */
   authProvider?: OAuthClientProvider;
+
+  /**
+   * Controls how HTTP redirects are handled for transport requests.
+   * - `'follow'`: Follow redirects automatically (standard fetch behavior).
+   * - `'error'`: Reject any redirect response with an error.
+   * @default 'error'
+   */
+  redirect?: 'follow' | 'error';
+
+  /**
+   * Optional custom fetch implementation to use for HTTP requests.
+   * Useful for runtimes that need a request-local fetch.
+   * @default globalThis.fetch
+   */
+  fetch?: FetchFunction;
 };
 
 export function createMcpTransport(config: MCPTransportConfig): MCPTransport {

package/src/tool/mock-mcp-transport.ts

@@ -1,15 +1,13 @@
 import { delay } from '@ai-sdk/provider-utils';
-import { JSONRPCMessage } from './json-rpc-message';
-import { MCPTransport } from './mcp-transport';
+import type { JSONRPCMessage } from './json-rpc-message';
+import type { MCPTransport } from './mcp-transport';
 import {
-  MCPTool,
-  MCPResource,
-  MCPPrompt,
-  GetPromptResult,
-  CallToolResult,
   LATEST_PROTOCOL_VERSION,
+  type MCPTool,
+  type MCPResource,
+  type MCPPrompt,
+  type CallToolResult,
 } from './types';
-
 const DEFAULT_TOOLS: MCPTool[] = [
   {
     name: 'mock-tool',
@@ -45,7 +43,7 @@ export class MockMCPTransport implements MCPTransport {
   onmessage?: (message: JSONRPCMessage) => void;
   onclose?: () => void;
   onerror?: (error: Error) => void;
-
+  protocolVersion?: string;
   constructor({
     overrideTools = DEFAULT_TOOLS,
     resources = [
@@ -122,6 +120,7 @@ export class MockMCPTransport implements MCPTransport {
         name?: string;
         title?: string;
         mimeType?: string;
+        _meta?: Record<string, unknown>;
       } & ({ text: string } | { blob: string })
     >;
     failOnInvalidToolParams?: boolean;

package/src/tool/oauth-types.ts

@@ -1,18 +1,4 @@
 import { z } from 'zod/v4';
-/**
- * OAuth 2.1 token response
- */
-export const OAuthTokensSchema = z
-  .object({
-    access_token: z.string(),
-    id_token: z.string().optional(), // Optional for OAuth 2.1, but necessary in OpenID Connect
-    token_type: z.string(),
-    expires_in: z.number().optional(),
-    scope: z.string().optional(),
-    refresh_token: z.string().optional(),
-  })
-  .strip();
-
 /**
  * Reusable URL validation that disallows javascript: scheme
  */
@@ -32,16 +18,32 @@ export const SafeUrlSchema = z
   })
   .refine(
     url => {
-      const u = new URL(url);
+      const parsedUrl = new URL(url);
       return (
-        u.protocol !== 'javascript:' &&
-        u.protocol !== 'data:' &&
-        u.protocol !== 'vbscript:'
+        parsedUrl.protocol !== 'javascript:' &&
+        parsedUrl.protocol !== 'data:' &&
+        parsedUrl.protocol !== 'vbscript:'
       );
     },
     { message: 'URL cannot use javascript:, data:, or vbscript: scheme' },
   );
 
+/**
+ * OAuth 2.1 token response
+ */
+export const OAuthTokensSchema = z
+  .object({
+    access_token: z.string(),
+    id_token: z.string().optional(), // Optional for OAuth 2.1, but necessary in OpenID Connect
+    token_type: z.string(),
+    expires_in: z.number().optional(),
+    scope: z.string().optional(),
+    refresh_token: z.string().optional(),
+    authorization_server: SafeUrlSchema.optional(),
+    token_endpoint: SafeUrlSchema.optional(),
+  })
+  .strip();
+
 export const OAuthProtectedResourceMetadataSchema = z
   .object({
     resource: z.string().url(),
@@ -118,6 +120,8 @@ export const OAuthClientInformationSchema = z
     client_secret: z.string().optional(),
     client_id_issued_at: z.number().optional(),
     client_secret_expires_at: z.number().optional(),
+    authorization_server: SafeUrlSchema.optional(),
+    token_endpoint: SafeUrlSchema.optional(),
   })
   .strip();