@directus/api 35.0.1 → 35.0.2

package/dist/ai/chat/utils/chat-request-tool-to-ai-sdk-tool.js

@@ -1,4 +1,5 @@
 import "../../../packages/types/dist/index.js";
+import { coerceJsonFields } from "../../tools/utils.js";
 import { ALL_TOOLS } from "../../tools/index.js";
 import { InvalidPayloadError } from "@directus/errors";
 import { jsonSchema, tool, zodSchema } from "ai";
@@ -19,7 +20,8 @@ const chatRequestToolToAiSdkTool = ({ chatRequestTool, accountability, schema, t
 			inputSchema,
 			needsApproval,
 			execute: async (rawArgs) => {
-				const { error, data: args } = directusTool.validateSchema?.safeParse(rawArgs) ?? { data: rawArgs };
+				const coercedArgs = coerceJsonFields(rawArgs);
+				const { error, data: args } = directusTool.validateSchema?.safeParse(coercedArgs) ?? { data: coercedArgs };
 				if (error) {
 					throw new InvalidPayloadError({ reason: fromZodError(error).message });
 				}

package/dist/ai/mcp/server.js

@@ -1,11 +1,12 @@
 import { ItemsService } from "../../services/items.js";
+import { coerceJsonFields } from "../tools/utils.js";
 import { Url } from "../../utils/url.js";
 import "../../services/index.js";
 import { findMcpTool, getAllMcpTools } from "../tools/index.js";
 import { DirectusTransport } from "./transport.js";
 import { useEnv } from "@directus/env";
 import { ForbiddenError, InvalidPayloadError, isDirectusError } from "@directus/errors";
-import { isObject, parseJSON, toArray } from "@directus/utils";
+import { isObject, toArray } from "@directus/utils";
 import { fromZodError } from "zod-validation-error";
 import { z } from "zod";
 import { render, tokenize } from "micromustache";
@@ -166,19 +167,8 @@ var DirectusMCP = class {
 				if (tool.name === "system-prompt") {
 					request.params.arguments = { promptOverride: this.systemPrompt };
 				}
-				if (request.params.arguments) {
-					for (const field of [
-						"data",
-						"keys",
-						"query"
-					]) {
-						const arg = request.params.arguments[field];
-						if (typeof arg === "string") {
-							request.params.arguments[field] = parseJSON(arg);
-						}
-					}
-				}
-				const { error, data: args } = tool.validateSchema?.safeParse(request.params.arguments) ?? { data: request.params.arguments };
+				const coercedArgs = request.params.arguments ? coerceJsonFields(request.params.arguments) : request.params.arguments;
+				const { error, data: args } = tool.validateSchema?.safeParse(coercedArgs) ?? { data: coercedArgs };
 				if (error) {
 					throw new InvalidPayloadError({ reason: fromZodError(error).message });
 				}

package/dist/ai/tools/utils.js

@@ -1,6 +1,28 @@
 import { sanitizeQuery } from "../../utils/sanitize-query.js";
+import { parseJSON } from "@directus/utils";
 
 //#region src/ai/tools/utils.ts
+const JSON_COERCE_FIELDS = [
+	"data",
+	"keys",
+	"query",
+	"headers"
+];
+/**
+* LLMs sometimes return object/array arguments as stringified JSON.
+* Coerce known fields back to native values before validation.
+*/
+function coerceJsonFields(args) {
+	const coerced = { ...args };
+	for (const field of JSON_COERCE_FIELDS) {
+		if (typeof coerced[field] === "string") {
+			try {
+				coerced[field] = parseJSON(coerced[field]);
+			} catch {}
+		}
+	}
+	return coerced;
+}
 /**
 * Build a sanitized query object from a tool's args payload.
 * - Ensures fields defaults to '*' when not provided
@@ -19,4 +41,4 @@ async function buildSanitizedQueryFromArgs(args, schema, accountability) {
 }
 
 //#endregion
-export { buildSanitizedQueryFromArgs };
+export { buildSanitizedQueryFromArgs, coerceJsonFields };

package/dist/controllers/assets.js

@@ -24,6 +24,7 @@ const router = Router();
 const env = useEnv();
 router.use(use_collection_default("directus_files"));
 router.post("/folder/:pk", async_handler_default(async (req, res) => {
+	const logger = useLogger();
 	const service = new AssetsService({
 		accountability: req.accountability,
 		schema: req.schema
@@ -32,10 +33,33 @@ router.post("/folder/:pk", async_handler_default(async (req, res) => {
 	res.setHeader("Content-Type", "application/zip");
 	const folderName = `folder-${metadata["name"] ? metadata["name"] : "unknown"}-${getDateTimeFormatted()}.zip`;
 	res.setHeader("Content-Disposition", contentDisposition(folderName, { type: "attachment" }));
+	res.on("close", () => {
+		if (!res.writableEnded) {
+			archive.destroy();
+			archive.abort();
+		}
+	});
 	archive.pipe(res);
-	await complete();
+	try {
+		await complete();
+	} catch (error) {
+		logger.error(error, `Couldn't archive folder ${req.params["pk"]} to the client`);
+		archive.destroy();
+		if (!res.headersSent) {
+			res.removeHeader("Content-Type");
+			res.removeHeader("Content-Disposition");
+			res.removeHeader("Cache-Control");
+			res.status(500).json({ errors: [{
+				message: "An unexpected error occurred.",
+				extensions: { code: "INTERNAL_SERVER_ERROR" }
+			}] });
+		} else {
+			res.end();
+		}
+	}
 }));
 router.post("/files/", async_handler_default(async (req, res) => {
+	const logger = useLogger();
 	const service = new AssetsService({
 		accountability: req.accountability,
 		schema: req.schema
@@ -47,8 +71,30 @@ router.post("/files/", async_handler_default(async (req, res) => {
 	const { archive, complete } = await service.zipFiles(data.ids);
 	res.setHeader("Content-Type", "application/zip");
 	res.setHeader("Content-Disposition", `attachment; filename="files-${getDateTimeFormatted()}.zip"`);
+	res.on("close", () => {
+		if (!res.writableEnded) {
+			archive.destroy();
+			archive.abort();
+		}
+	});
 	archive.pipe(res);
-	await complete();
+	try {
+		await complete();
+	} catch (error$1) {
+		logger.error(error$1, `Couldn't archive files to the client`);
+		archive.destroy();
+		if (!res.headersSent) {
+			res.removeHeader("Content-Type");
+			res.removeHeader("Content-Disposition");
+			res.removeHeader("Cache-Control");
+			res.status(500).json({ errors: [{
+				message: "An unexpected error occurred.",
+				extensions: { code: "INTERNAL_SERVER_ERROR" }
+			}] });
+		} else {
+			res.end();
+		}
+	}
 }));
 router.get("/:pk/:filename?", async_handler_default(async (req, res, next) => {
 	const payloadService = new PayloadService("directus_settings", { schema: req.schema });
@@ -183,8 +229,15 @@ router.get("/:pk/:filename?", async_handler_default(async (req, res, next) => {
 		res.setHeader("Content-Length", stat.size);
 		return res.end();
 	}
-	(await stream()).on("error", (error) => {
+	const sourceStream = await stream();
+	res.on("close", () => {
+		if (!res.writableEnded) {
+			sourceStream.destroy();
+		}
+	});
+	sourceStream.on("error", (error) => {
 		logger.error(error, `Couldn't stream file ${file.id} to the client`);
+		sourceStream.destroy();
 		if (!res.headersSent) {
 			res.removeHeader("Content-Type");
 			res.removeHeader("Content-Disposition");

package/dist/services/assets.js

@@ -59,6 +59,7 @@ var AssetsService = class {
 			const deduper = new NameDeduper();
 			const storage = await getStorage();
 			for (const { id, folder, filename_download } of options.files) {
+				if (archive.destroyed) break;
 				const file = await this.sudoFilesService.readOne(id, { fields: [
 					"id",
 					"storage",
@@ -84,6 +85,7 @@ var AssetsService = class {
 			}
 			if (options.folders) {
 				for (const [, folder] of options.folders) {
+					if (archive.destroyed) break;
 					archive.append("", { name: folder + "/" });
 				}
 			}

package/dist/services/users.js

@@ -14,7 +14,7 @@ import { verifyJWT } from "../utils/jwt.js";
 import { stall } from "../utils/stall.js";
 import { SettingsService } from "./settings.js";
 import { useEnv } from "@directus/env";
-import { ForbiddenError, InvalidPayloadError, RecordNotUniqueError } from "@directus/errors";
+import { ForbiddenError, InvalidInviteError, InvalidPayloadError, RecordNotUniqueError } from "@directus/errors";
 import { getSimpleHash, toArray, validatePayload } from "@directus/utils";
 import { isEmpty } from "lodash-es";
 import { performance } from "perf_hooks";
@@ -314,7 +314,7 @@ var UsersService = class UsersService extends ItemsService {
 		if (scope !== "invite") throw new ForbiddenError();
 		const user = await this.getUserByEmail(email);
 		if (user?.status !== "invited") {
-			throw new InvalidPayloadError({ reason: `Email address ${email} hasn't been invited` });
+			throw new InvalidInviteError();
 		}
 		const service = new UsersService({
 			knex: this.knex,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@directus/api",
-  "version": "35.0.1",
+  "version": "35.0.2",
   "description": "Directus is a real-time API and App dashboard for managing SQL database content",
   "keywords": [
     "directus",
@@ -122,7 +122,7 @@
     "knex": "3.1.0",
     "ldapts": "8.1.3",
     "liquidjs": "10.25.0",
-    "lodash-es": "4.17.23",
+    "lodash-es": "4.18.1",
     "marked": "16.4.1",
     "micromustache": "8.0.3",
     "mime-types": "3.0.1",
@@ -151,7 +151,7 @@
     "rate-limiter-flexible": "7.2.0",
     "rolldown": "1.0.0-beta.31",
     "rollup": "4.59.0",
-    "samlify": "2.11.0",
+    "samlify": "2.12.0",
     "sanitize-filename": "1.6.3",
     "sanitize-html": "2.17.0",
     "sharp": "0.34.5",
@@ -166,30 +166,30 @@
     "zod": "4.1.12",
     "zod-validation-error": "4.0.2",
     "@directus/ai": "1.3.1",
-    "@directus/constants": "14.3.0",
-    "@directus/app": "15.7.0",
+    "@directus/app": "15.8.0",
     "@directus/env": "5.7.1",
-    "@directus/extensions": "3.0.23",
-    "@directus/errors": "2.3.0",
-    "@directus/extensions-registry": "3.0.23",
+    "@directus/constants": "14.3.0",
+    "@directus/errors": "2.3.1",
+    "@directus/extensions-registry": "3.0.24",
     "@directus/format-title": "12.1.2",
-    "@directus/memory": "3.1.6",
-    "@directus/extensions-sdk": "17.1.1",
+    "@directus/extensions": "3.0.23",
+    "@directus/memory": "3.1.7",
     "@directus/pressure": "3.0.21",
+    "@directus/extensions-sdk": "17.1.2",
     "@directus/schema": "13.0.7",
     "@directus/schema-builder": "0.0.18",
     "@directus/specs": "13.0.0",
     "@directus/storage": "12.0.4",
-    "@directus/storage-driver-azure": "12.0.21",
-    "@directus/storage-driver-cloudinary": "12.0.21",
     "@directus/storage-driver-gcs": "12.0.21",
+    "@directus/storage-driver-cloudinary": "12.0.21",
+    "@directus/storage-driver-azure": "12.0.21",
+    "@directus/storage-driver-local": "12.0.4",
     "@directus/storage-driver-s3": "12.1.7",
     "@directus/storage-driver-supabase": "3.0.21",
-    "@directus/utils": "13.4.0",
-    "@directus/storage-driver-local": "12.0.4",
     "@directus/system-data": "4.4.0",
-    "directus": "11.17.1",
-    "@directus/validation": "2.0.21"
+    "@directus/validation": "2.0.22",
+    "directus": "11.17.2",
+    "@directus/utils": "13.4.0"
   },
   "devDependencies": {
     "@directus/tsconfig": "4.0.0",