@ai-sdk/mcp 2.0.0-canary.65 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +83 -0
- package/package.json +5 -5
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,88 @@
|
|
|
1
1
|
# @ai-sdk/mcp
|
|
2
2
|
|
|
3
|
+
## 2.0.0
|
|
4
|
+
|
|
5
|
+
### Major Changes
|
|
6
|
+
|
|
7
|
+
- 23fa161: fix(mcp): setting redirect: error for MCP transport
|
|
8
|
+
- ef992f8: Remove CommonJS exports from all packages. All packages are now ESM-only (`"type": "module"`). Consumers using `require()` must switch to ESM `import` syntax.
|
|
9
|
+
- 8359612: Start v7 pre-release
|
|
10
|
+
|
|
11
|
+
### Patch Changes
|
|
12
|
+
|
|
13
|
+
- b79094c: Add `resource_link` content type to `CallToolResultSchema` and `PromptMessageSchema` per MCP spec. Fixes hard rejection when MCP servers return `resource_link` content parts with zod ≥ 4.4.x.
|
|
14
|
+
- 78e0023: fix(mcp): await addClientAuthentication in token exchange and refresh
|
|
15
|
+
- b567a6c: dependency updates
|
|
16
|
+
- e33ad0b: fix(mcp): add optional hook to validate authorization servers
|
|
17
|
+
- e3ea484: fix(mcp): bypass outputSchema validation when tool returns isError
|
|
18
|
+
- 93afb28: feat(mcp): expose server instructions to be accessible through client
|
|
19
|
+
- a00d1d3: feat(mcp): allow custom fetch for HTTP and SSE transports
|
|
20
|
+
- a98bf66: feat(mcp): surface 'serverInfo' exposed from the MCP server
|
|
21
|
+
- 2a150f8: fix(mcp): lock first sse endpoint received via event
|
|
22
|
+
- 2655da8: fix(mcp): use negotiated protocol version in transport request headers
|
|
23
|
+
- 9f0e36c: trigger release for all packages after provenance setup
|
|
24
|
+
- f7bc0b4: feat(mcp): expose `statusCode`, `url`, and `responseBody` on `MCPClientError` for HTTP transport failures
|
|
25
|
+
|
|
26
|
+
`MCPClientError` now carries structured HTTP context when it originates from the
|
|
27
|
+
streamable HTTP transport. This lets downstream consumers (e.g. agent frameworks
|
|
28
|
+
that need to decide whether to fall back from streamable HTTP to legacy SSE
|
|
29
|
+
transport per the MCP spec) branch on the actual response status without parsing
|
|
30
|
+
the error message string.
|
|
31
|
+
|
|
32
|
+
Fields are optional — they remain `undefined` for stdio transport errors and for
|
|
33
|
+
non-response failures (network errors, aborts).
|
|
34
|
+
|
|
35
|
+
- dcefad3: fix(mcp): respond to ping requests with an empty result per JSON-RPC spec (closes #6282)
|
|
36
|
+
- b44b051: fix(mcp): prevent prototype-named tools from bypassing the `schemas` allowlist
|
|
37
|
+
|
|
38
|
+
When using `client.tools({ schemas })` to expose only an explicitly allowed
|
|
39
|
+
subset of an MCP server's tools, the allowlist check used the `in` operator,
|
|
40
|
+
which also matches inherited `Object.prototype` properties. A server-advertised
|
|
41
|
+
tool named `constructor`, `toString`, `__proto__`, etc. would pass the check
|
|
42
|
+
even though the developer never defined it in `schemas`, and was then exposed to
|
|
43
|
+
the model and executable. The check now uses `Object.hasOwn`, so only
|
|
44
|
+
explicitly defined tools are returned.
|
|
45
|
+
|
|
46
|
+
- f634bac: feat(mcp): add new McpProviderMetadata type
|
|
47
|
+
- b9b3899: changeset for #13384
|
|
48
|
+
- 1e89d62: fix(mcp): strip trailing slash from OAuth resource parameter
|
|
49
|
+
- 3e0b82f: fix(mcp): support official sdk protocol version negotiation
|
|
50
|
+
- 1451759: feat(mcp): deprecate name and use clientName for MCPClient
|
|
51
|
+
- 7fc6bd6: Raise minimum supported Node.js version to 22. Supported versions: 22, 24, and 26.
|
|
52
|
+
- 08d2129: feat(mcp): propagate the server name through dynamic tool parts
|
|
53
|
+
- 58c9eb1: feat(mcp): add `redirect` option to `MCPTransportConfig` for controlling HTTP redirect behavior
|
|
54
|
+
- 0c4c275: trigger initial canary release
|
|
55
|
+
- 611f621: feat(mcp): feat(mcp): add support for MCP Apps
|
|
56
|
+
- 9ecd8ae: fix(mcp): add MCP protocol version 2025-11-25 to supported versions
|
|
57
|
+
- 6c17a9f: fix(mcp): deduplicate auth refresh on http transport
|
|
58
|
+
- 69254e0: feat(ai): add toolMetadata for tool specific metdata
|
|
59
|
+
- 258c093: chore: ensure consistent import handling and avoid import duplicates or cycles
|
|
60
|
+
- f0c6770: fix(mcp): prevent mcp oauth credential exfiltration during rediscovery
|
|
61
|
+
- 5463d0d: feat(provider): align tool result output content file part types with top-level message file part types
|
|
62
|
+
- b8396f0: trigger initial beta release
|
|
63
|
+
- b29e087: fix (mcp): handle SSE messages without explicit event fields
|
|
64
|
+
- 90e2d8a: chore: fix unused vars not being flagged by our lint tooling
|
|
65
|
+
- 024a6b4: fix(mcp): validate oauth metadata issuer during discovery
|
|
66
|
+
- 9b0bc8a: fix(mcp): prevent prototype pollution by using secureJsonParse
|
|
67
|
+
- ff5eba1: feat: roll `image-*` tool output types into their equivalent `file-*` types
|
|
68
|
+
|
|
69
|
+
## 2.0.0-beta.67
|
|
70
|
+
|
|
71
|
+
### Patch Changes
|
|
72
|
+
|
|
73
|
+
- Updated dependencies [0416e3e]
|
|
74
|
+
- @ai-sdk/provider@4.0.0-beta.20
|
|
75
|
+
- @ai-sdk/provider-utils@5.0.0-beta.50
|
|
76
|
+
|
|
77
|
+
## 2.0.0-beta.66
|
|
78
|
+
|
|
79
|
+
### Patch Changes
|
|
80
|
+
|
|
81
|
+
- b8396f0: trigger initial beta release
|
|
82
|
+
- Updated dependencies [b8396f0]
|
|
83
|
+
- @ai-sdk/provider-utils@5.0.0-beta.49
|
|
84
|
+
- @ai-sdk/provider@4.0.0-beta.19
|
|
85
|
+
|
|
3
86
|
## 2.0.0-canary.65
|
|
4
87
|
|
|
5
88
|
### Patch Changes
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@ai-sdk/mcp",
|
|
3
|
-
"version": "2.0.0
|
|
3
|
+
"version": "2.0.0",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"license": "Apache-2.0",
|
|
6
6
|
"sideEffects": false,
|
|
@@ -32,8 +32,8 @@
|
|
|
32
32
|
},
|
|
33
33
|
"dependencies": {
|
|
34
34
|
"pkce-challenge": "^5.0.1",
|
|
35
|
-
"@ai-sdk/provider": "4.0.0
|
|
36
|
-
"@ai-sdk/provider-utils": "5.0.0
|
|
35
|
+
"@ai-sdk/provider": "4.0.0",
|
|
36
|
+
"@ai-sdk/provider-utils": "5.0.0"
|
|
37
37
|
},
|
|
38
38
|
"devDependencies": {
|
|
39
39
|
"@types/node": "22.19.19",
|
|
@@ -41,8 +41,8 @@
|
|
|
41
41
|
"typescript": "5.8.3",
|
|
42
42
|
"vitest": "^4.1.6",
|
|
43
43
|
"zod": "3.25.76",
|
|
44
|
-
"@ai-
|
|
45
|
-
"@
|
|
44
|
+
"@vercel/ai-tsconfig": "0.0.0",
|
|
45
|
+
"@ai-sdk/test-server": "2.0.0"
|
|
46
46
|
},
|
|
47
47
|
"peerDependencies": {
|
|
48
48
|
"zod": "^3.25.76 || ^4.1.8"
|