@ai-sdk/provider-utils 4.0.27 → 4.0.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/CHANGELOG.md +10 -0
  2. package/dist/index.d.mts +5 -0
  3. package/dist/index.d.ts +5 -0
  4. package/dist/index.js +1 -1
  5. package/dist/index.mjs +1 -1
  6. package/package.json +1 -1
  7. package/src/types/tool-approval-request.ts +6 -0
package/CHANGELOG.md CHANGED
@@ -1,5 +1,15 @@
1
1
  # @ai-sdk/provider-utils
2
2
 
3
+ ## 4.0.28
4
+
5
+ ### Patch Changes
6
+
7
+ - 942f2f8: fix(security): re-validate tool approvals from client message history before execution
8
+
9
+ The approval-replay path in `generateText`/`streamText` reconstructed approved tool calls from the client-supplied messages array and executed them without re-validating input against the tool's schema or re-checking that the tool actually requires approval. A client could forge an assistant message with a pre-approved tool-call part and have the server execute a tool with attacker-chosen arguments.
10
+
11
+ The replay path now verifies the HMAC signature (when `experimental_toolApprovalSecret` is configured), re-validates tool-call input against the tool's input schema, and re-resolves whether the tool requires approval before execution.
12
+
3
13
  ## 4.0.27
4
14
 
5
15
  ### Patch Changes
package/dist/index.d.mts CHANGED
@@ -874,6 +874,11 @@ type ToolApprovalRequest = {
874
874
  * ID of the tool call that the approval request is for.
875
875
  */
876
876
  toolCallId: string;
877
+ /**
878
+ * HMAC-SHA256 signature binding this approval to its tool call.
879
+ * Present only when `experimental_toolApprovalSecret` is configured.
880
+ */
881
+ signature?: string;
877
882
  };
878
883
 
879
884
  /**
package/dist/index.d.ts CHANGED
@@ -874,6 +874,11 @@ type ToolApprovalRequest = {
874
874
  * ID of the tool call that the approval request is for.
875
875
  */
876
876
  toolCallId: string;
877
+ /**
878
+ * HMAC-SHA256 signature binding this approval to its tool call.
879
+ * Present only when `experimental_toolApprovalSecret` is configured.
880
+ */
881
+ signature?: string;
877
882
  };
878
883
 
879
884
  /**
package/dist/index.js CHANGED
@@ -678,7 +678,7 @@ function withUserAgentSuffix(headers, ...userAgentSuffixParts) {
678
678
  }
679
679
 
680
680
  // src/version.ts
681
- var VERSION = true ? "4.0.27" : "0.0.0-test";
681
+ var VERSION = true ? "4.0.28" : "0.0.0-test";
682
682
 
683
683
  // src/get-from-api.ts
684
684
  var getOriginalFetch = () => globalThis.fetch;
package/dist/index.mjs CHANGED
@@ -582,7 +582,7 @@ function withUserAgentSuffix(headers, ...userAgentSuffixParts) {
582
582
  }
583
583
 
584
584
  // src/version.ts
585
- var VERSION = true ? "4.0.27" : "0.0.0-test";
585
+ var VERSION = true ? "4.0.28" : "0.0.0-test";
586
586
 
587
587
  // src/get-from-api.ts
588
588
  var getOriginalFetch = () => globalThis.fetch;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@ai-sdk/provider-utils",
3
- "version": "4.0.27",
3
+ "version": "4.0.28",
4
4
  "license": "Apache-2.0",
5
5
  "sideEffects": false,
6
6
  "main": "./dist/index.js",
package/src/types/tool-approval-request.ts CHANGED
@@ -13,4 +13,10 @@ export type ToolApprovalRequest = {
13
13
  * ID of the tool call that the approval request is for.
14
14
  */
15
15
  toolCallId: string;
16
+
17
+ /**
18
+ * HMAC-SHA256 signature binding this approval to its tool call.
19
+ * Present only when `experimental_toolApprovalSecret` is configured.
20
+ */
21
+ signature?: string;
16
22
  };