@matthesketh/utopia-ai 0.7.0 → 0.8.0

package/dist/ai-KmtRQe5L.d.ts

@@ -1,4 +1,4 @@
-import { d as ChatRequest, e as ChatResponse, C as ChatChunk, E as EmbeddingRequest, f as EmbeddingResponse, c as ChatMessage, l as ToolDefinition, j as ToolCall, a as AIHooks, R as RetryConfig, A as AIAdapter } from './types-FSnS43LM.js';
+import { d as ChatRequest, e as ChatResponse, C as ChatChunk, E as EmbeddingRequest, f as EmbeddingResponse, c as ChatMessage, l as ToolDefinition, j as ToolCall, a as AIHooks, R as RetryConfig, A as AIAdapter } from './types-FSnS43LM';
 
 interface AI {
     /** Send a chat completion request. */

package/dist/index.cjs

@@ -256,6 +256,7 @@ async function* parseSSEStream(response) {
           try {
             yield JSON.parse(data);
           } catch {
+            console.warn("[utopia-ai] Skipping malformed SSE data:", data);
           }
         }
       }

package/dist/index.js

@@ -227,6 +227,7 @@ async function* parseSSEStream(response) {
           try {
             yield JSON.parse(data);
           } catch {
+            console.warn("[utopia-ai] Skipping malformed SSE data:", data);
           }
         }
       }

package/dist/mcp/index.cjs

@@ -43,19 +43,32 @@ function createMCPServer(config) {
     (config.prompts ?? []).map((p) => [p.definition.name, p])
   );
   async function handleRequest(request) {
+    if (!request || request.jsonrpc !== "2.0" || typeof request.method !== "string") {
+      return {
+        jsonrpc: "2.0",
+        id: request?.id ?? null,
+        error: {
+          code: -32600,
+          message: 'Invalid Request: must include jsonrpc "2.0" and a string method'
+        }
+      };
+    }
     try {
       const result = await dispatch(request);
       return { jsonrpc: "2.0", id: request.id, result };
     } catch (err) {
       const rpcErr = err;
+      if (typeof rpcErr.code === "number") {
+        return {
+          jsonrpc: "2.0",
+          id: request.id,
+          error: { code: rpcErr.code, message: rpcErr.message ?? "Error", data: rpcErr.data }
+        };
+      }
       return {
         jsonrpc: "2.0",
         id: request.id,
-        error: {
-          code: rpcErr.code ?? -32603,
-          message: rpcErr.message ?? "Internal error",
-          data: rpcErr.data
-        }
+        error: { code: -32603, message: "Internal error" }
       };
     }
   }
@@ -83,12 +96,22 @@ function createMCPServer(config) {
           }))
         };
       case "tools/call": {
-        const params = request.params;
-        const tool = toolMap.get(params.name);
+        const params = asParamsObject(request.params, "tools/call");
+        const name = params.name;
+        if (typeof name !== "string") {
+          throw makeError(-32602, 'tools/call requires a string "name"');
+        }
+        const tool = toolMap.get(name);
         if (!tool) {
-          throw makeError(-32602, `Unknown tool: ${params.name}`);
+          throw makeError(-32602, `Unknown tool: ${name}`);
+        }
+        const args = params.arguments ?? {};
+        if (typeof args !== "object" || args === null || Array.isArray(args)) {
+          throw makeError(-32602, "tool arguments must be an object");
         }
-        return tool.handler(params.arguments ?? {});
+        const argRecord = args;
+        validateAgainstSchema(tool.definition.inputSchema, argRecord, name);
+        return tool.handler(argRecord);
       }
       case "resources/list":
         return {
@@ -100,12 +123,16 @@ function createMCPServer(config) {
           }))
         };
       case "resources/read": {
-        const params = request.params;
-        const resource = findResource(params.uri);
+        const params = asParamsObject(request.params, "resources/read");
+        const uri = params.uri;
+        if (typeof uri !== "string") {
+          throw makeError(-32602, 'resources/read requires a string "uri"');
+        }
+        const resource = findResource(uri);
         if (!resource) {
-          throw makeError(-32602, `Unknown resource: ${params.uri}`);
+          throw makeError(-32602, `Unknown resource: ${uri}`);
         }
-        const content = await resource.handler(params.uri);
+        const content = await resource.handler(uri);
         return { contents: [content] };
       }
       case "prompts/list":
@@ -117,12 +144,17 @@ function createMCPServer(config) {
           }))
         };
       case "prompts/get": {
-        const params = request.params;
-        const prompt = promptMap.get(params.name);
+        const params = asParamsObject(request.params, "prompts/get");
+        const name = params.name;
+        if (typeof name !== "string") {
+          throw makeError(-32602, 'prompts/get requires a string "name"');
+        }
+        const prompt = promptMap.get(name);
         if (!prompt) {
-          throw makeError(-32602, `Unknown prompt: ${params.name}`);
+          throw makeError(-32602, `Unknown prompt: ${name}`);
         }
-        return prompt.handler(params.arguments ?? {});
+        const args = params.arguments ?? {};
+        return prompt.handler(args);
       }
       case "ping":
         return {};
@@ -149,10 +181,46 @@ function matchesTemplate(pattern, uri) {
 function makeError(code, message) {
   return { code, message };
 }
+function asParamsObject(params, ctx) {
+  if (params === null || typeof params !== "object" || Array.isArray(params)) {
+    throw makeError(-32602, `Invalid params for ${ctx}: expected an object`);
+  }
+  return params;
+}
+function validateAgainstSchema(schema, args, toolName) {
+  if (!schema || typeof schema !== "object") return;
+  const s = schema;
+  if (Array.isArray(s.required)) {
+    for (const key of s.required) {
+      if (typeof key === "string" && !(key in args)) {
+        throw makeError(-32602, `Missing required argument "${key}" for tool "${toolName}"`);
+      }
+    }
+  }
+  if (s.properties && typeof s.properties === "object") {
+    for (const [key, prop] of Object.entries(s.properties)) {
+      const value = args[key];
+      if (value === void 0 || value === null) continue;
+      const expected = prop?.type;
+      if (!expected) continue;
+      const ok = expected === "number" || expected === "integer" ? typeof value === "number" : expected === "array" ? Array.isArray(value) : expected === "object" ? typeof value === "object" && !Array.isArray(value) : typeof value === expected;
+      if (!ok) {
+        throw makeError(
+          -32602,
+          `Argument "${key}" for tool "${toolName}" must be of type ${expected}`
+        );
+      }
+    }
+  }
+}
 
 // src/mcp/client.ts
 function createMCPClient(config) {
   let requestId = 0;
+  const parsedUrl = new URL(config.url);
+  if (parsedUrl.protocol !== "http:" && parsedUrl.protocol !== "https:") {
+    throw new Error(`MCP client URL must be http(s): ${config.url}`);
+  }
   async function rpc(method, params) {
     const request = {
       jsonrpc: "2.0",
@@ -167,6 +235,10 @@ function createMCPClient(config) {
         ...config.headers
       },
       body: JSON.stringify(request),
+      // never follow redirects: a 3xx to another host would otherwise re-send
+      // config.headers (often a bearer token) to that host, leaking the
+      // credential and enabling an ssrf pivot.
+      redirect: "error",
       signal: AbortSignal.timeout(3e4)
     });
     if (!response.ok) {
@@ -239,16 +311,45 @@ function createMCPClient(config) {
 
 // src/mcp/handler.ts
 function createMCPHandler(server, options) {
-  const corsOrigin = options?.corsOrigin ?? "*";
+  const corsOrigin = options?.corsOrigin;
+  const allowedOrigins = options?.allowedOrigins;
+  const authorize = options?.authorize;
   return async (req, res) => {
-    res.setHeader("Access-Control-Allow-Origin", corsOrigin);
-    res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
-    res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization");
+    if (corsOrigin) {
+      res.setHeader("Access-Control-Allow-Origin", corsOrigin);
+      res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
+      res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization");
+    }
     if (req.method === "OPTIONS") {
       res.writeHead(204);
       res.end();
       return;
     }
+    const origin = req.headers.origin;
+    if (allowedOrigins && origin !== void 0 && !allowedOrigins.includes(origin)) {
+      res.writeHead(403, { "Content-Type": "text/plain" });
+      res.end("Forbidden");
+      return;
+    }
+    if (authorize) {
+      let allowed = false;
+      try {
+        allowed = await authorize(req);
+      } catch {
+        allowed = false;
+      }
+      if (!allowed) {
+        res.writeHead(401, { "Content-Type": "application/json" });
+        res.end(
+          JSON.stringify({
+            jsonrpc: "2.0",
+            id: null,
+            error: { code: -32600, message: "Unauthorized" }
+          })
+        );
+        return;
+      }
+    }
     const url = new URL(req.url ?? "/", `http://${req.headers.host ?? "localhost"}`);
     if (url.pathname.endsWith("/sse") && req.method === "GET") {
       handleSSE(server, req, res);
@@ -270,6 +371,18 @@ async function handlePost(server, req, res) {
     res.writeHead(200, { "Content-Type": "application/json" });
     res.end(JSON.stringify(response));
   } catch (err) {
+    const errObj = err;
+    if (errObj.statusCode === 413) {
+      res.writeHead(413, { "Content-Type": "application/json" });
+      res.end(
+        JSON.stringify({
+          jsonrpc: "2.0",
+          id: null,
+          error: { code: -32600, message: "Payload too large" }
+        })
+      );
+      return;
+    }
     const data = err instanceof SyntaxError ? err.message : "Invalid request";
     res.writeHead(400, { "Content-Type": "application/json" });
     res.end(
@@ -303,10 +416,20 @@ data: ${endpointUrl}
     clearInterval(keepAlive);
   });
 }
-function readBody(req) {
+var DEFAULT_MAX_BODY_SIZE = 1024 * 1024;
+function readBody(req, maxSize = DEFAULT_MAX_BODY_SIZE) {
   return new Promise((resolve, reject) => {
     const chunks = [];
-    req.on("data", (chunk) => chunks.push(chunk));
+    let size = 0;
+    req.on("data", (chunk) => {
+      size += chunk.length;
+      if (size > maxSize) {
+        req.removeAllListeners("data");
+        reject(Object.assign(new Error("Payload too large"), { statusCode: 413 }));
+        return;
+      }
+      chunks.push(chunk);
+    });
     req.on("end", () => resolve(Buffer.concat(chunks).toString("utf-8")));
     req.on("error", reject);
   });

package/dist/mcp/index.d.cts

@@ -174,6 +174,19 @@ declare function createMCPClient(config: MCPClientConfig): MCPClient;
 
 interface MCPHandlerOptions {
     corsOrigin?: string;
+    /**
+     * allow-list of permitted `Origin` header values. when set, any request
+     * carrying an `Origin` not in the list is rejected with 403. this is the
+     * primary defence against dns-rebinding attacks on a locally-bound server.
+     */
+    allowedOrigins?: string[];
+    /**
+     * authorisation gate run before any request is dispatched to the server.
+     * return false (or throw) to reject with 401. an mcp server exposes tool
+     * execution, so it must not be reachable on a network without an authz
+     * check — there is intentionally no default-allow for remote callers.
+     */
+    authorize?: (req: IncomingMessage) => boolean | Promise<boolean>;
 }
 /**
  * Create a Node.js HTTP handler for an MCP server.

package/dist/mcp/index.d.ts

@@ -174,6 +174,19 @@ declare function createMCPClient(config: MCPClientConfig): MCPClient;
 
 interface MCPHandlerOptions {
     corsOrigin?: string;
+    /**
+     * allow-list of permitted `Origin` header values. when set, any request
+     * carrying an `Origin` not in the list is rejected with 403. this is the
+     * primary defence against dns-rebinding attacks on a locally-bound server.
+     */
+    allowedOrigins?: string[];
+    /**
+     * authorisation gate run before any request is dispatched to the server.
+     * return false (or throw) to reject with 401. an mcp server exposes tool
+     * execution, so it must not be reachable on a network without an authz
+     * check — there is intentionally no default-allow for remote callers.
+     */
+    authorize?: (req: IncomingMessage) => boolean | Promise<boolean>;
 }
 /**
  * Create a Node.js HTTP handler for an MCP server.

package/dist/mcp/index.js

@@ -15,19 +15,32 @@ function createMCPServer(config) {
     (config.prompts ?? []).map((p) => [p.definition.name, p])
   );
   async function handleRequest(request) {
+    if (!request || request.jsonrpc !== "2.0" || typeof request.method !== "string") {
+      return {
+        jsonrpc: "2.0",
+        id: request?.id ?? null,
+        error: {
+          code: -32600,
+          message: 'Invalid Request: must include jsonrpc "2.0" and a string method'
+        }
+      };
+    }
     try {
       const result = await dispatch(request);
       return { jsonrpc: "2.0", id: request.id, result };
     } catch (err) {
       const rpcErr = err;
+      if (typeof rpcErr.code === "number") {
+        return {
+          jsonrpc: "2.0",
+          id: request.id,
+          error: { code: rpcErr.code, message: rpcErr.message ?? "Error", data: rpcErr.data }
+        };
+      }
       return {
         jsonrpc: "2.0",
         id: request.id,
-        error: {
-          code: rpcErr.code ?? -32603,
-          message: rpcErr.message ?? "Internal error",
-          data: rpcErr.data
-        }
+        error: { code: -32603, message: "Internal error" }
       };
     }
   }
@@ -55,12 +68,22 @@ function createMCPServer(config) {
           }))
         };
       case "tools/call": {
-        const params = request.params;
-        const tool = toolMap.get(params.name);
+        const params = asParamsObject(request.params, "tools/call");
+        const name = params.name;
+        if (typeof name !== "string") {
+          throw makeError(-32602, 'tools/call requires a string "name"');
+        }
+        const tool = toolMap.get(name);
         if (!tool) {
-          throw makeError(-32602, `Unknown tool: ${params.name}`);
+          throw makeError(-32602, `Unknown tool: ${name}`);
+        }
+        const args = params.arguments ?? {};
+        if (typeof args !== "object" || args === null || Array.isArray(args)) {
+          throw makeError(-32602, "tool arguments must be an object");
         }
-        return tool.handler(params.arguments ?? {});
+        const argRecord = args;
+        validateAgainstSchema(tool.definition.inputSchema, argRecord, name);
+        return tool.handler(argRecord);
       }
       case "resources/list":
         return {
@@ -72,12 +95,16 @@ function createMCPServer(config) {
           }))
         };
       case "resources/read": {
-        const params = request.params;
-        const resource = findResource(params.uri);
+        const params = asParamsObject(request.params, "resources/read");
+        const uri = params.uri;
+        if (typeof uri !== "string") {
+          throw makeError(-32602, 'resources/read requires a string "uri"');
+        }
+        const resource = findResource(uri);
         if (!resource) {
-          throw makeError(-32602, `Unknown resource: ${params.uri}`);
+          throw makeError(-32602, `Unknown resource: ${uri}`);
         }
-        const content = await resource.handler(params.uri);
+        const content = await resource.handler(uri);
         return { contents: [content] };
       }
       case "prompts/list":
@@ -89,12 +116,17 @@ function createMCPServer(config) {
           }))
         };
       case "prompts/get": {
-        const params = request.params;
-        const prompt = promptMap.get(params.name);
+        const params = asParamsObject(request.params, "prompts/get");
+        const name = params.name;
+        if (typeof name !== "string") {
+          throw makeError(-32602, 'prompts/get requires a string "name"');
+        }
+        const prompt = promptMap.get(name);
         if (!prompt) {
-          throw makeError(-32602, `Unknown prompt: ${params.name}`);
+          throw makeError(-32602, `Unknown prompt: ${name}`);
         }
-        return prompt.handler(params.arguments ?? {});
+        const args = params.arguments ?? {};
+        return prompt.handler(args);
       }
       case "ping":
         return {};
@@ -121,10 +153,46 @@ function matchesTemplate(pattern, uri) {
 function makeError(code, message) {
   return { code, message };
 }
+function asParamsObject(params, ctx) {
+  if (params === null || typeof params !== "object" || Array.isArray(params)) {
+    throw makeError(-32602, `Invalid params for ${ctx}: expected an object`);
+  }
+  return params;
+}
+function validateAgainstSchema(schema, args, toolName) {
+  if (!schema || typeof schema !== "object") return;
+  const s = schema;
+  if (Array.isArray(s.required)) {
+    for (const key of s.required) {
+      if (typeof key === "string" && !(key in args)) {
+        throw makeError(-32602, `Missing required argument "${key}" for tool "${toolName}"`);
+      }
+    }
+  }
+  if (s.properties && typeof s.properties === "object") {
+    for (const [key, prop] of Object.entries(s.properties)) {
+      const value = args[key];
+      if (value === void 0 || value === null) continue;
+      const expected = prop?.type;
+      if (!expected) continue;
+      const ok = expected === "number" || expected === "integer" ? typeof value === "number" : expected === "array" ? Array.isArray(value) : expected === "object" ? typeof value === "object" && !Array.isArray(value) : typeof value === expected;
+      if (!ok) {
+        throw makeError(
+          -32602,
+          `Argument "${key}" for tool "${toolName}" must be of type ${expected}`
+        );
+      }
+    }
+  }
+}
 
 // src/mcp/client.ts
 function createMCPClient(config) {
   let requestId = 0;
+  const parsedUrl = new URL(config.url);
+  if (parsedUrl.protocol !== "http:" && parsedUrl.protocol !== "https:") {
+    throw new Error(`MCP client URL must be http(s): ${config.url}`);
+  }
   async function rpc(method, params) {
     const request = {
       jsonrpc: "2.0",
@@ -139,6 +207,10 @@ function createMCPClient(config) {
         ...config.headers
       },
       body: JSON.stringify(request),
+      // never follow redirects: a 3xx to another host would otherwise re-send
+      // config.headers (often a bearer token) to that host, leaking the
+      // credential and enabling an ssrf pivot.
+      redirect: "error",
       signal: AbortSignal.timeout(3e4)
     });
     if (!response.ok) {
@@ -211,16 +283,45 @@ function createMCPClient(config) {
 
 // src/mcp/handler.ts
 function createMCPHandler(server, options) {
-  const corsOrigin = options?.corsOrigin ?? "*";
+  const corsOrigin = options?.corsOrigin;
+  const allowedOrigins = options?.allowedOrigins;
+  const authorize = options?.authorize;
   return async (req, res) => {
-    res.setHeader("Access-Control-Allow-Origin", corsOrigin);
-    res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
-    res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization");
+    if (corsOrigin) {
+      res.setHeader("Access-Control-Allow-Origin", corsOrigin);
+      res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
+      res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization");
+    }
     if (req.method === "OPTIONS") {
       res.writeHead(204);
       res.end();
       return;
     }
+    const origin = req.headers.origin;
+    if (allowedOrigins && origin !== void 0 && !allowedOrigins.includes(origin)) {
+      res.writeHead(403, { "Content-Type": "text/plain" });
+      res.end("Forbidden");
+      return;
+    }
+    if (authorize) {
+      let allowed = false;
+      try {
+        allowed = await authorize(req);
+      } catch {
+        allowed = false;
+      }
+      if (!allowed) {
+        res.writeHead(401, { "Content-Type": "application/json" });
+        res.end(
+          JSON.stringify({
+            jsonrpc: "2.0",
+            id: null,
+            error: { code: -32600, message: "Unauthorized" }
+          })
+        );
+        return;
+      }
+    }
     const url = new URL(req.url ?? "/", `http://${req.headers.host ?? "localhost"}`);
     if (url.pathname.endsWith("/sse") && req.method === "GET") {
       handleSSE(server, req, res);
@@ -242,6 +343,18 @@ async function handlePost(server, req, res) {
     res.writeHead(200, { "Content-Type": "application/json" });
     res.end(JSON.stringify(response));
   } catch (err) {
+    const errObj = err;
+    if (errObj.statusCode === 413) {
+      res.writeHead(413, { "Content-Type": "application/json" });
+      res.end(
+        JSON.stringify({
+          jsonrpc: "2.0",
+          id: null,
+          error: { code: -32600, message: "Payload too large" }
+        })
+      );
+      return;
+    }
     const data = err instanceof SyntaxError ? err.message : "Invalid request";
     res.writeHead(400, { "Content-Type": "application/json" });
     res.end(
@@ -275,10 +388,20 @@ data: ${endpointUrl}
     clearInterval(keepAlive);
   });
 }
-function readBody(req) {
+var DEFAULT_MAX_BODY_SIZE = 1024 * 1024;
+function readBody(req, maxSize = DEFAULT_MAX_BODY_SIZE) {
   return new Promise((resolve, reject) => {
     const chunks = [];
-    req.on("data", (chunk) => chunks.push(chunk));
+    let size = 0;
+    req.on("data", (chunk) => {
+      size += chunk.length;
+      if (size > maxSize) {
+        req.removeAllListeners("data");
+        reject(Object.assign(new Error("Payload too large"), { statusCode: 413 }));
+        return;
+      }
+      chunks.push(chunk);
+    });
     req.on("end", () => resolve(Buffer.concat(chunks).toString("utf-8")));
     req.on("error", reject);
   });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@matthesketh/utopia-ai",
-  "version": "0.7.0",
+  "version": "0.8.0",
   "description": "AI adapters and MCP support for UtopiaJS",
   "type": "module",
   "license": "MIT",