@ai-sdk/provider-utils 5.0.0-canary.45 → 5.0.0-canary.47
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +17 -0
- package/dist/index.d.ts +5 -0
- package/dist/index.js +1 -1
- package/package.json +2 -2
- package/src/types/tool-approval-request.ts +6 -0
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,22 @@
|
|
|
1
1
|
# @ai-sdk/provider-utils
|
|
2
2
|
|
|
3
|
+
## 5.0.0-canary.47
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- bae5e2b: fix(security): re-validate tool approvals from client message history before execution
|
|
8
|
+
|
|
9
|
+
The approval-replay path in `generateText`/`streamText` (and `WorkflowAgent.stream`) reconstructed approved tool calls from the client-supplied messages array and executed them without re-validating input against the tool's schema or re-applying the approval policy. A client could forge an assistant message with a pre-approved tool-call part and have the server execute a tool with attacker-chosen arguments.
|
|
10
|
+
|
|
11
|
+
The replay path now validates HMAC signature (when `experimental_toolApprovalSecret` is configured), re-validates tool-call input against the tool's input schema, and re-resolves the approval policy before execution.
|
|
12
|
+
|
|
13
|
+
## 5.0.0-canary.46
|
|
14
|
+
|
|
15
|
+
### Patch Changes
|
|
16
|
+
|
|
17
|
+
- Updated dependencies [ce769dd]
|
|
18
|
+
- @ai-sdk/provider@4.0.0-canary.18
|
|
19
|
+
|
|
3
20
|
## 5.0.0-canary.45
|
|
4
21
|
|
|
5
22
|
### Patch Changes
|
package/dist/index.d.ts
CHANGED
|
@@ -1203,6 +1203,11 @@ type ToolApprovalRequest = {
|
|
|
1203
1203
|
* @default false
|
|
1204
1204
|
*/
|
|
1205
1205
|
isAutomatic?: boolean;
|
|
1206
|
+
/**
|
|
1207
|
+
* HMAC-SHA256 signature binding this approval to its tool call.
|
|
1208
|
+
* Present only when `experimental_toolApprovalSecret` is configured.
|
|
1209
|
+
*/
|
|
1210
|
+
signature?: string;
|
|
1206
1211
|
};
|
|
1207
1212
|
|
|
1208
1213
|
/**
|
package/dist/index.js
CHANGED
|
@@ -876,7 +876,7 @@ function withUserAgentSuffix(headers, ...userAgentSuffixParts) {
|
|
|
876
876
|
}
|
|
877
877
|
|
|
878
878
|
// src/version.ts
|
|
879
|
-
var VERSION = true ? "5.0.0-canary.
|
|
879
|
+
var VERSION = true ? "5.0.0-canary.47" : "0.0.0-test";
|
|
880
880
|
|
|
881
881
|
// src/get-from-api.ts
|
|
882
882
|
var getOriginalFetch = () => globalThis.fetch;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@ai-sdk/provider-utils",
|
|
3
|
-
"version": "5.0.0-canary.
|
|
3
|
+
"version": "5.0.0-canary.47",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"license": "Apache-2.0",
|
|
6
6
|
"sideEffects": false,
|
|
@@ -35,7 +35,7 @@
|
|
|
35
35
|
"@standard-schema/spec": "^1.1.0",
|
|
36
36
|
"@workflow/serde": "4.1.0",
|
|
37
37
|
"eventsource-parser": "^3.0.8",
|
|
38
|
-
"@ai-sdk/provider": "4.0.0-canary.
|
|
38
|
+
"@ai-sdk/provider": "4.0.0-canary.18"
|
|
39
39
|
},
|
|
40
40
|
"devDependencies": {
|
|
41
41
|
"@types/node": "22.19.19",
|
|
@@ -20,4 +20,10 @@ export type ToolApprovalRequest = {
|
|
|
20
20
|
* @default false
|
|
21
21
|
*/
|
|
22
22
|
isAutomatic?: boolean;
|
|
23
|
+
|
|
24
|
+
/**
|
|
25
|
+
* HMAC-SHA256 signature binding this approval to its tool call.
|
|
26
|
+
* Present only when `experimental_toolApprovalSecret` is configured.
|
|
27
|
+
*/
|
|
28
|
+
signature?: string;
|
|
23
29
|
};
|