npm - @ai-sdk/provider-utils - Versions diffs - 3.0.24 → 3.0.26 - Mend

@ai-sdk/provider-utils 3.0.24 → 3.0.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/index.js CHANGED Viewed

@@ -56,13 +56,16 @@ __export(index_exports, {
   dynamicTool: () => dynamicTool,
   executeTool: () => executeTool,
   extractResponseHeaders: () => extractResponseHeaders,
+  fetchWithValidatedRedirects: () => fetchWithValidatedRedirects,
   generateId: () => generateId,
   getErrorMessage: () => getErrorMessage,
   getFromApi: () => getFromApi,
   getRuntimeEnvironmentUserAgent: () => getRuntimeEnvironmentUserAgent,
   injectJsonInstructionIntoMessages: () => injectJsonInstructionIntoMessages,
   isAbortError: () => isAbortError,
+  isBrowserRuntime: () => isBrowserRuntime,
   isParsableJson: () => isParsableJson,
+  isSameOrigin: () => isSameOrigin,
   isUrlSupported: () => isUrlSupported,
   isValidator: () => isValidator,
   jsonSchema: () => jsonSchema,
@@ -251,6 +254,191 @@ var DownloadError = class extends (_b = import_provider.AISDKError, _a = symbol,
   }
 };
+// src/is-browser-runtime.ts
+function isBrowserRuntime(globalThisAny = globalThis) {
+  return globalThisAny.window != null;
+}
+// src/validate-download-url.ts
+function validateDownloadUrl(url) {
+  let parsed;
+  try {
+    parsed = new URL(url);
+  } catch (e) {
+    throw new DownloadError({
+      url,
+      message: `Invalid URL: ${url}`
+    });
+  }
+  if (parsed.protocol === "data:") {
+    return;
+  }
+  if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+    throw new DownloadError({
+      url,
+      message: `URL scheme must be http, https, or data, got ${parsed.protocol}`
+    });
+  }
+  const hostname = parsed.hostname.toLowerCase().replace(/\.+$/, "");
+  if (!hostname) {
+    throw new DownloadError({
+      url,
+      message: `URL must have a hostname`
+    });
+  }
+  if (hostname === "localhost" || hostname.endsWith(".local") || hostname.endsWith(".localhost")) {
+    throw new DownloadError({
+      url,
+      message: `URL with hostname ${hostname} is not allowed`
+    });
+  }
+  if (hostname.startsWith("[") && hostname.endsWith("]")) {
+    const ipv6 = hostname.slice(1, -1);
+    if (isPrivateIPv6(ipv6)) {
+      throw new DownloadError({
+        url,
+        message: `URL with IPv6 address ${hostname} is not allowed`
+      });
+    }
+    return;
+  }
+  if (isIPv4(hostname)) {
+    if (isPrivateIPv4(hostname)) {
+      throw new DownloadError({
+        url,
+        message: `URL with IP address ${hostname} is not allowed`
+      });
+    }
+    return;
+  }
+}
+function isIPv4(hostname) {
+  const parts = hostname.split(".");
+  if (parts.length !== 4) return false;
+  return parts.every((part) => {
+    const num = Number(part);
+    return Number.isInteger(num) && num >= 0 && num <= 255 && String(num) === part;
+  });
+}
+function isPrivateIPv4(ip) {
+  const parts = ip.split(".").map(Number);
+  const [a, b, c] = parts;
+  if (a === 0) return true;
+  if (a === 10) return true;
+  if (a === 100 && b >= 64 && b <= 127) return true;
+  if (a === 127) return true;
+  if (a === 169 && b === 254) return true;
+  if (a === 172 && b >= 16 && b <= 31) return true;
+  if (a === 192 && b === 0 && c === 0) return true;
+  if (a === 192 && b === 168) return true;
+  if (a === 198 && (b === 18 || b === 19)) return true;
+  if (a >= 240) return true;
+  return false;
+}
+function parseIPv6(ip) {
+  let address = ip.toLowerCase();
+  const zoneIndex = address.indexOf("%");
+  if (zoneIndex !== -1) {
+    address = address.slice(0, zoneIndex);
+  }
+  const halves = address.split("::");
+  if (halves.length > 2) return null;
+  const toGroups = (segment) => {
+    if (segment === "") return [];
+    const groups = [];
+    const parts = segment.split(":");
+    for (let i = 0; i < parts.length; i++) {
+      const part = parts[i];
+      if (part.includes(".")) {
+        if (i !== parts.length - 1 || !isIPv4(part)) return null;
+        const [a, b, c, d] = part.split(".").map(Number);
+        groups.push(a << 8 | b, c << 8 | d);
+        continue;
+      }
+      if (!/^[0-9a-f]{1,4}$/.test(part)) return null;
+      groups.push(parseInt(part, 16));
+    }
+    return groups;
+  };
+  const head = toGroups(halves[0]);
+  if (head === null) return null;
+  if (halves.length === 2) {
+    const tail = toGroups(halves[1]);
+    if (tail === null) return null;
+    const fill = 8 - head.length - tail.length;
+    if (fill < 0) return null;
+    return [...head, ...new Array(fill).fill(0), ...tail];
+  }
+  return head.length === 8 ? head : null;
+}
+function isPrivateIPv6(ip) {
+  const groups = parseIPv6(ip);
+  if (groups === null) return true;
+  const topZero = (count) => groups.slice(0, count).every((group) => group === 0);
+  if (topZero(7) && (groups[7] === 0 || groups[7] === 1)) return true;
+  if ((groups[0] & 65024) === 64512) return true;
+  if ((groups[0] & 65472) === 65152) return true;
+  if ((groups[0] & 65472) === 65216) return true;
+  if ((groups[0] & 65280) === 65280) return true;
+  const embedsIPv4 = (
+    // ::/96 — IPv4-compatible (deprecated)
+    topZero(6) || // ::ffff:0:0/96 — IPv4-mapped (ffff in group 5)
+    topZero(5) && groups[5] === 65535 || // ::ffff:0:0/96 — IPv4-translated form (ffff in group 4, group 5 zero)
+    topZero(4) && groups[4] === 65535 && groups[5] === 0 || // 64:ff9b::/96 — NAT64 well-known prefix
+    groups[0] === 100 && groups[1] === 65435 && groups[2] === 0 && groups[3] === 0 && groups[4] === 0 && groups[5] === 0 || // 64:ff9b:1::/48 — NAT64 local-use prefix
+    groups[0] === 100 && groups[1] === 65435 && groups[2] === 1
+  );
+  if (embedsIPv4) {
+    const a = groups[6] >> 8 & 255;
+    const b = groups[6] & 255;
+    const c = groups[7] >> 8 & 255;
+    const d = groups[7] & 255;
+    return isPrivateIPv4(`${a}.${b}.${c}.${d}`);
+  }
+  return false;
+}
+// src/fetch-with-validated-redirects.ts
+var MAX_DOWNLOAD_REDIRECTS = 10;
+async function fetchWithValidatedRedirects({
+  url,
+  headers,
+  abortSignal,
+  maxRedirects = MAX_DOWNLOAD_REDIRECTS
+}) {
+  const baseInit = { signal: abortSignal };
+  if (headers !== void 0) {
+    baseInit.headers = headers;
+  }
+  let currentUrl = url;
+  for (let redirectCount = 0; redirectCount <= maxRedirects; redirectCount++) {
+    validateDownloadUrl(currentUrl);
+    const response = await fetch(currentUrl, {
+      ...baseInit,
+      redirect: "manual"
+    });
+    if (response.type === "opaqueredirect") {
+      if (!isBrowserRuntime()) {
+        throw new DownloadError({
+          url,
+          message: `Redirect from ${currentUrl} could not be validated and was blocked`
+        });
+      }
+      return await fetch(currentUrl, { ...baseInit, redirect: "follow" });
+    }
+    const location = response.headers.get("location");
+    if (response.status >= 300 && response.status < 400 && location) {
+      currentUrl = new URL(location, currentUrl).toString();
+      continue;
+    }
+    return response;
+  }
+  throw new DownloadError({
+    url,
+    message: `Too many redirects (max ${maxRedirects})`
+  });
+}
 // src/read-response-with-size-limit.ts
 var DEFAULT_MAX_DOWNLOAD_SIZE = 2 * 1024 * 1024 * 1024;
 async function readResponseWithSizeLimit({
@@ -440,7 +628,7 @@ function withUserAgentSuffix(headers, ...userAgentSuffixParts) {
 }
 // src/version.ts
-var VERSION = true ? "3.0.24" : "0.0.0-test";
+var VERSION = true ? "3.0.26" : "0.0.0-test";
 // src/get-from-api.ts
 var getOriginalFetch = () => globalThis.fetch;
@@ -450,10 +638,10 @@ var getFromApi = async ({
   successfulResponseHandler,
   failedResponseHandler,
   abortSignal,
-  fetch = getOriginalFetch()
+  fetch: fetch2 = getOriginalFetch()
 }) => {
   try {
-    const response = await fetch(url, {
+    const response = await fetch2(url, {
       method: "GET",
       headers: withUserAgentSuffix(
         headers,
@@ -551,6 +739,15 @@ function injectJsonInstructionIntoMessages({
   ];
 }
+// src/is-same-origin.ts
+function isSameOrigin(url, baseUrl) {
+  try {
+    return new URL(url).origin === new URL(baseUrl).origin;
+  } catch (e) {
+    return false;
+  }
+}
 // src/is-url-supported.ts
 function isUrlSupported({
   mediaType,
@@ -890,7 +1087,7 @@ var postJsonToApi = async ({
   failedResponseHandler,
   successfulResponseHandler,
   abortSignal,
-  fetch
+  fetch: fetch2
 }) => postToApi({
   url,
   headers: {
@@ -904,7 +1101,7 @@ var postJsonToApi = async ({
   failedResponseHandler,
   successfulResponseHandler,
   abortSignal,
-  fetch
+  fetch: fetch2
 });
 var postFormDataToApi = async ({
   url,
@@ -913,7 +1110,7 @@ var postFormDataToApi = async ({
   failedResponseHandler,
   successfulResponseHandler,
   abortSignal,
-  fetch
+  fetch: fetch2
 }) => postToApi({
   url,
   headers,
@@ -924,7 +1121,7 @@ var postFormDataToApi = async ({
   failedResponseHandler,
   successfulResponseHandler,
   abortSignal,
-  fetch
+  fetch: fetch2
 });
 var postToApi = async ({
   url,
@@ -933,10 +1130,10 @@ var postToApi = async ({
   successfulResponseHandler,
   failedResponseHandler,
   abortSignal,
-  fetch = getOriginalFetch2()
+  fetch: fetch2 = getOriginalFetch2()
 }) => {
   try {
-    const response = await fetch(url, {
+    const response = await fetch2(url, {
       method: "POST",
       headers: withUserAgentSuffix(
         headers,
@@ -1241,6 +1438,35 @@ var createStatusCodeErrorResponseHandler = () => async ({ response, url, request
   };
 };
+// src/schema.ts
+var schemaSymbol = /* @__PURE__ */ Symbol.for("vercel.ai.schema");
+function lazySchema(createSchema) {
+  let schema;
+  return () => {
+    if (schema == null) {
+      schema = createSchema();
+    }
+    return schema;
+  };
+}
+function jsonSchema(jsonSchema2, {
+  validate
+} = {}) {
+  return {
+    [schemaSymbol]: true,
+    _type: void 0,
+    // should never be used directly
+    [validatorSymbol]: true,
+    get jsonSchema() {
+      if (typeof jsonSchema2 === "function") {
+        jsonSchema2 = jsonSchema2();
+      }
+      return jsonSchema2;
+    },
+    validate
+  };
+}
 // src/zod-schema.ts
 var z4 = __toESM(require("zod/v4"));
@@ -1271,15 +1497,6 @@ function addAdditionalPropertiesToJsonSchema(jsonSchema2) {
   return jsonSchema2;
 }
-// src/zod-to-json-schema/get-relative-path.ts
-var getRelativePath = (pathA, pathB) => {
-  let i = 0;
-  for (; i < pathA.length && i < pathB.length; i++) {
-    if (pathA[i] !== pathB[i]) break;
-  }
-  return [(pathA.length - i).toString(), ...pathB.slice(i)].join("/");
-};
 // src/zod-to-json-schema/options.ts
 var ignoreOverride = /* @__PURE__ */ Symbol(
   "Let zodToJsonSchema decide on which parser to use"
@@ -2311,6 +2528,15 @@ var selectParser = (def, typeName, refs) => {
   }
 };
+// src/zod-to-json-schema/get-relative-path.ts
+var getRelativePath = (pathA, pathB) => {
+  let i = 0;
+  for (; i < pathA.length && i < pathB.length; i++) {
+    if (pathA[i] !== pathB[i]) break;
+  }
+  return [(pathA.length - i).toString(), ...pathB.slice(i)].join("/");
+};
 // src/zod-to-json-schema/parse-def.ts
 function parseDef(def, refs, forceResolution = false) {
   var _a2;
@@ -2500,34 +2726,7 @@ function zodSchema(zodSchema2, options) {
   }
 }
-// src/schema.ts
-var schemaSymbol = /* @__PURE__ */ Symbol.for("vercel.ai.schema");
-function lazySchema(createSchema) {
-  let schema;
-  return () => {
-    if (schema == null) {
-      schema = createSchema();
-    }
-    return schema;
-  };
-}
-function jsonSchema(jsonSchema2, {
-  validate
-} = {}) {
-  return {
-    [schemaSymbol]: true,
-    _type: void 0,
-    // should never be used directly
-    [validatorSymbol]: true,
-    get jsonSchema() {
-      if (typeof jsonSchema2 === "function") {
-        jsonSchema2 = jsonSchema2();
-      }
-      return jsonSchema2;
-    },
-    validate
-  };
-}
+// src/as-schema.ts
 function isSchema(value) {
   return typeof value === "object" && value !== null && schemaSymbol in value && value[schemaSymbol] === true && "jsonSchema" in value && "validate" in value;
 }
@@ -2556,105 +2755,6 @@ function convertToBase64(value) {
   return value instanceof Uint8Array ? convertUint8ArrayToBase64(value) : value;
 }
-// src/validate-download-url.ts
-function validateDownloadUrl(url) {
-  let parsed;
-  try {
-    parsed = new URL(url);
-  } catch (e) {
-    throw new DownloadError({
-      url,
-      message: `Invalid URL: ${url}`
-    });
-  }
-  if (parsed.protocol === "data:") {
-    return;
-  }
-  if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
-    throw new DownloadError({
-      url,
-      message: `URL scheme must be http, https, or data, got ${parsed.protocol}`
-    });
-  }
-  const hostname = parsed.hostname;
-  if (!hostname) {
-    throw new DownloadError({
-      url,
-      message: `URL must have a hostname`
-    });
-  }
-  if (hostname === "localhost" || hostname.endsWith(".local") || hostname.endsWith(".localhost")) {
-    throw new DownloadError({
-      url,
-      message: `URL with hostname ${hostname} is not allowed`
-    });
-  }
-  if (hostname.startsWith("[") && hostname.endsWith("]")) {
-    const ipv6 = hostname.slice(1, -1);
-    if (isPrivateIPv6(ipv6)) {
-      throw new DownloadError({
-        url,
-        message: `URL with IPv6 address ${hostname} is not allowed`
-      });
-    }
-    return;
-  }
-  if (isIPv4(hostname)) {
-    if (isPrivateIPv4(hostname)) {
-      throw new DownloadError({
-        url,
-        message: `URL with IP address ${hostname} is not allowed`
-      });
-    }
-    return;
-  }
-}
-function isIPv4(hostname) {
-  const parts = hostname.split(".");
-  if (parts.length !== 4) return false;
-  return parts.every((part) => {
-    const num = Number(part);
-    return Number.isInteger(num) && num >= 0 && num <= 255 && String(num) === part;
-  });
-}
-function isPrivateIPv4(ip) {
-  const parts = ip.split(".").map(Number);
-  const [a, b] = parts;
-  if (a === 0) return true;
-  if (a === 10) return true;
-  if (a === 127) return true;
-  if (a === 169 && b === 254) return true;
-  if (a === 172 && b >= 16 && b <= 31) return true;
-  if (a === 192 && b === 168) return true;
-  return false;
-}
-function isPrivateIPv6(ip) {
-  const normalized = ip.toLowerCase();
-  if (normalized === "::1") return true;
-  if (normalized === "::") return true;
-  if (normalized.startsWith("::ffff:")) {
-    const mappedPart = normalized.slice(7);
-    if (isIPv4(mappedPart)) {
-      return isPrivateIPv4(mappedPart);
-    }
-    const hexParts = mappedPart.split(":");
-    if (hexParts.length === 2) {
-      const high = parseInt(hexParts[0], 16);
-      const low = parseInt(hexParts[1], 16);
-      if (!isNaN(high) && !isNaN(low)) {
-        const a = high >> 8 & 255;
-        const b = high & 255;
-        const c = low >> 8 & 255;
-        const d = low & 255;
-        return isPrivateIPv4(`${a}.${b}.${c}.${d}`);
-      }
-    }
-  }
-  if (normalized.startsWith("fc") || normalized.startsWith("fd")) return true;
-  if (normalized.startsWith("fe80")) return true;
-  return false;
-}
 // src/without-trailing-slash.ts
 function withoutTrailingSlash(url) {
   return url == null ? void 0 : url.replace(/\/$/, "");
@@ -2714,13 +2814,16 @@ var import_stream2 = require("eventsource-parser/stream");
   dynamicTool,
   executeTool,
   extractResponseHeaders,
+  fetchWithValidatedRedirects,
   generateId,
   getErrorMessage,
   getFromApi,
   getRuntimeEnvironmentUserAgent,
   injectJsonInstructionIntoMessages,
   isAbortError,
+  isBrowserRuntime,
   isParsableJson,
+  isSameOrigin,
   isUrlSupported,
   isValidator,
   jsonSchema,