@matthesketh/utopia-ai 0.7.1 → 0.8.0

package/dist/ai-KmtRQe5L.d.ts

@@ -1,4 +1,4 @@
-import { d as ChatRequest, e as ChatResponse, C as ChatChunk, E as EmbeddingRequest, f as EmbeddingResponse, c as ChatMessage, l as ToolDefinition, j as ToolCall, a as AIHooks, R as RetryConfig, A as AIAdapter } from './types-FSnS43LM.js';
+import { d as ChatRequest, e as ChatResponse, C as ChatChunk, E as EmbeddingRequest, f as EmbeddingResponse, c as ChatMessage, l as ToolDefinition, j as ToolCall, a as AIHooks, R as RetryConfig, A as AIAdapter } from './types-FSnS43LM';
 
 interface AI {
     /** Send a chat completion request. */

package/dist/mcp/index.cjs

@@ -58,14 +58,17 @@ function createMCPServer(config) {
       return { jsonrpc: "2.0", id: request.id, result };
     } catch (err) {
       const rpcErr = err;
+      if (typeof rpcErr.code === "number") {
+        return {
+          jsonrpc: "2.0",
+          id: request.id,
+          error: { code: rpcErr.code, message: rpcErr.message ?? "Error", data: rpcErr.data }
+        };
+      }
       return {
         jsonrpc: "2.0",
         id: request.id,
-        error: {
-          code: rpcErr.code ?? -32603,
-          message: rpcErr.message ?? "Internal error",
-          data: rpcErr.data
-        }
+        error: { code: -32603, message: "Internal error" }
       };
     }
   }
@@ -93,12 +96,22 @@ function createMCPServer(config) {
           }))
         };
       case "tools/call": {
-        const params = request.params;
-        const tool = toolMap.get(params.name);
+        const params = asParamsObject(request.params, "tools/call");
+        const name = params.name;
+        if (typeof name !== "string") {
+          throw makeError(-32602, 'tools/call requires a string "name"');
+        }
+        const tool = toolMap.get(name);
         if (!tool) {
-          throw makeError(-32602, `Unknown tool: ${params.name}`);
+          throw makeError(-32602, `Unknown tool: ${name}`);
         }
-        return tool.handler(params.arguments ?? {});
+        const args = params.arguments ?? {};
+        if (typeof args !== "object" || args === null || Array.isArray(args)) {
+          throw makeError(-32602, "tool arguments must be an object");
+        }
+        const argRecord = args;
+        validateAgainstSchema(tool.definition.inputSchema, argRecord, name);
+        return tool.handler(argRecord);
       }
       case "resources/list":
         return {
@@ -110,12 +123,16 @@ function createMCPServer(config) {
           }))
         };
       case "resources/read": {
-        const params = request.params;
-        const resource = findResource(params.uri);
+        const params = asParamsObject(request.params, "resources/read");
+        const uri = params.uri;
+        if (typeof uri !== "string") {
+          throw makeError(-32602, 'resources/read requires a string "uri"');
+        }
+        const resource = findResource(uri);
         if (!resource) {
-          throw makeError(-32602, `Unknown resource: ${params.uri}`);
+          throw makeError(-32602, `Unknown resource: ${uri}`);
         }
-        const content = await resource.handler(params.uri);
+        const content = await resource.handler(uri);
         return { contents: [content] };
       }
       case "prompts/list":
@@ -127,12 +144,17 @@ function createMCPServer(config) {
           }))
         };
       case "prompts/get": {
-        const params = request.params;
-        const prompt = promptMap.get(params.name);
+        const params = asParamsObject(request.params, "prompts/get");
+        const name = params.name;
+        if (typeof name !== "string") {
+          throw makeError(-32602, 'prompts/get requires a string "name"');
+        }
+        const prompt = promptMap.get(name);
         if (!prompt) {
-          throw makeError(-32602, `Unknown prompt: ${params.name}`);
+          throw makeError(-32602, `Unknown prompt: ${name}`);
         }
-        return prompt.handler(params.arguments ?? {});
+        const args = params.arguments ?? {};
+        return prompt.handler(args);
       }
       case "ping":
         return {};
@@ -159,10 +181,46 @@ function matchesTemplate(pattern, uri) {
 function makeError(code, message) {
   return { code, message };
 }
+function asParamsObject(params, ctx) {
+  if (params === null || typeof params !== "object" || Array.isArray(params)) {
+    throw makeError(-32602, `Invalid params for ${ctx}: expected an object`);
+  }
+  return params;
+}
+function validateAgainstSchema(schema, args, toolName) {
+  if (!schema || typeof schema !== "object") return;
+  const s = schema;
+  if (Array.isArray(s.required)) {
+    for (const key of s.required) {
+      if (typeof key === "string" && !(key in args)) {
+        throw makeError(-32602, `Missing required argument "${key}" for tool "${toolName}"`);
+      }
+    }
+  }
+  if (s.properties && typeof s.properties === "object") {
+    for (const [key, prop] of Object.entries(s.properties)) {
+      const value = args[key];
+      if (value === void 0 || value === null) continue;
+      const expected = prop?.type;
+      if (!expected) continue;
+      const ok = expected === "number" || expected === "integer" ? typeof value === "number" : expected === "array" ? Array.isArray(value) : expected === "object" ? typeof value === "object" && !Array.isArray(value) : typeof value === expected;
+      if (!ok) {
+        throw makeError(
+          -32602,
+          `Argument "${key}" for tool "${toolName}" must be of type ${expected}`
+        );
+      }
+    }
+  }
+}
 
 // src/mcp/client.ts
 function createMCPClient(config) {
   let requestId = 0;
+  const parsedUrl = new URL(config.url);
+  if (parsedUrl.protocol !== "http:" && parsedUrl.protocol !== "https:") {
+    throw new Error(`MCP client URL must be http(s): ${config.url}`);
+  }
   async function rpc(method, params) {
     const request = {
       jsonrpc: "2.0",
@@ -177,6 +235,10 @@ function createMCPClient(config) {
         ...config.headers
       },
       body: JSON.stringify(request),
+      // never follow redirects: a 3xx to another host would otherwise re-send
+      // config.headers (often a bearer token) to that host, leaking the
+      // credential and enabling an ssrf pivot.
+      redirect: "error",
       signal: AbortSignal.timeout(3e4)
     });
     if (!response.ok) {
@@ -250,6 +312,8 @@ function createMCPClient(config) {
 // src/mcp/handler.ts
 function createMCPHandler(server, options) {
   const corsOrigin = options?.corsOrigin;
+  const allowedOrigins = options?.allowedOrigins;
+  const authorize = options?.authorize;
   return async (req, res) => {
     if (corsOrigin) {
       res.setHeader("Access-Control-Allow-Origin", corsOrigin);
@@ -261,6 +325,31 @@ function createMCPHandler(server, options) {
       res.end();
       return;
     }
+    const origin = req.headers.origin;
+    if (allowedOrigins && origin !== void 0 && !allowedOrigins.includes(origin)) {
+      res.writeHead(403, { "Content-Type": "text/plain" });
+      res.end("Forbidden");
+      return;
+    }
+    if (authorize) {
+      let allowed = false;
+      try {
+        allowed = await authorize(req);
+      } catch {
+        allowed = false;
+      }
+      if (!allowed) {
+        res.writeHead(401, { "Content-Type": "application/json" });
+        res.end(
+          JSON.stringify({
+            jsonrpc: "2.0",
+            id: null,
+            error: { code: -32600, message: "Unauthorized" }
+          })
+        );
+        return;
+      }
+    }
     const url = new URL(req.url ?? "/", `http://${req.headers.host ?? "localhost"}`);
     if (url.pathname.endsWith("/sse") && req.method === "GET") {
       handleSSE(server, req, res);

package/dist/mcp/index.d.cts

@@ -174,6 +174,19 @@ declare function createMCPClient(config: MCPClientConfig): MCPClient;
 
 interface MCPHandlerOptions {
     corsOrigin?: string;
+    /**
+     * allow-list of permitted `Origin` header values. when set, any request
+     * carrying an `Origin` not in the list is rejected with 403. this is the
+     * primary defence against dns-rebinding attacks on a locally-bound server.
+     */
+    allowedOrigins?: string[];
+    /**
+     * authorisation gate run before any request is dispatched to the server.
+     * return false (or throw) to reject with 401. an mcp server exposes tool
+     * execution, so it must not be reachable on a network without an authz
+     * check — there is intentionally no default-allow for remote callers.
+     */
+    authorize?: (req: IncomingMessage) => boolean | Promise<boolean>;
 }
 /**
  * Create a Node.js HTTP handler for an MCP server.

package/dist/mcp/index.d.ts

@@ -174,6 +174,19 @@ declare function createMCPClient(config: MCPClientConfig): MCPClient;
 
 interface MCPHandlerOptions {
     corsOrigin?: string;
+    /**
+     * allow-list of permitted `Origin` header values. when set, any request
+     * carrying an `Origin` not in the list is rejected with 403. this is the
+     * primary defence against dns-rebinding attacks on a locally-bound server.
+     */
+    allowedOrigins?: string[];
+    /**
+     * authorisation gate run before any request is dispatched to the server.
+     * return false (or throw) to reject with 401. an mcp server exposes tool
+     * execution, so it must not be reachable on a network without an authz
+     * check — there is intentionally no default-allow for remote callers.
+     */
+    authorize?: (req: IncomingMessage) => boolean | Promise<boolean>;
 }
 /**
  * Create a Node.js HTTP handler for an MCP server.

package/dist/mcp/index.js

@@ -30,14 +30,17 @@ function createMCPServer(config) {
       return { jsonrpc: "2.0", id: request.id, result };
     } catch (err) {
       const rpcErr = err;
+      if (typeof rpcErr.code === "number") {
+        return {
+          jsonrpc: "2.0",
+          id: request.id,
+          error: { code: rpcErr.code, message: rpcErr.message ?? "Error", data: rpcErr.data }
+        };
+      }
       return {
         jsonrpc: "2.0",
         id: request.id,
-        error: {
-          code: rpcErr.code ?? -32603,
-          message: rpcErr.message ?? "Internal error",
-          data: rpcErr.data
-        }
+        error: { code: -32603, message: "Internal error" }
       };
     }
   }
@@ -65,12 +68,22 @@ function createMCPServer(config) {
           }))
         };
       case "tools/call": {
-        const params = request.params;
-        const tool = toolMap.get(params.name);
+        const params = asParamsObject(request.params, "tools/call");
+        const name = params.name;
+        if (typeof name !== "string") {
+          throw makeError(-32602, 'tools/call requires a string "name"');
+        }
+        const tool = toolMap.get(name);
         if (!tool) {
-          throw makeError(-32602, `Unknown tool: ${params.name}`);
+          throw makeError(-32602, `Unknown tool: ${name}`);
         }
-        return tool.handler(params.arguments ?? {});
+        const args = params.arguments ?? {};
+        if (typeof args !== "object" || args === null || Array.isArray(args)) {
+          throw makeError(-32602, "tool arguments must be an object");
+        }
+        const argRecord = args;
+        validateAgainstSchema(tool.definition.inputSchema, argRecord, name);
+        return tool.handler(argRecord);
       }
       case "resources/list":
         return {
@@ -82,12 +95,16 @@ function createMCPServer(config) {
           }))
         };
       case "resources/read": {
-        const params = request.params;
-        const resource = findResource(params.uri);
+        const params = asParamsObject(request.params, "resources/read");
+        const uri = params.uri;
+        if (typeof uri !== "string") {
+          throw makeError(-32602, 'resources/read requires a string "uri"');
+        }
+        const resource = findResource(uri);
         if (!resource) {
-          throw makeError(-32602, `Unknown resource: ${params.uri}`);
+          throw makeError(-32602, `Unknown resource: ${uri}`);
         }
-        const content = await resource.handler(params.uri);
+        const content = await resource.handler(uri);
         return { contents: [content] };
       }
       case "prompts/list":
@@ -99,12 +116,17 @@ function createMCPServer(config) {
           }))
         };
       case "prompts/get": {
-        const params = request.params;
-        const prompt = promptMap.get(params.name);
+        const params = asParamsObject(request.params, "prompts/get");
+        const name = params.name;
+        if (typeof name !== "string") {
+          throw makeError(-32602, 'prompts/get requires a string "name"');
+        }
+        const prompt = promptMap.get(name);
         if (!prompt) {
-          throw makeError(-32602, `Unknown prompt: ${params.name}`);
+          throw makeError(-32602, `Unknown prompt: ${name}`);
         }
-        return prompt.handler(params.arguments ?? {});
+        const args = params.arguments ?? {};
+        return prompt.handler(args);
       }
       case "ping":
         return {};
@@ -131,10 +153,46 @@ function matchesTemplate(pattern, uri) {
 function makeError(code, message) {
   return { code, message };
 }
+function asParamsObject(params, ctx) {
+  if (params === null || typeof params !== "object" || Array.isArray(params)) {
+    throw makeError(-32602, `Invalid params for ${ctx}: expected an object`);
+  }
+  return params;
+}
+function validateAgainstSchema(schema, args, toolName) {
+  if (!schema || typeof schema !== "object") return;
+  const s = schema;
+  if (Array.isArray(s.required)) {
+    for (const key of s.required) {
+      if (typeof key === "string" && !(key in args)) {
+        throw makeError(-32602, `Missing required argument "${key}" for tool "${toolName}"`);
+      }
+    }
+  }
+  if (s.properties && typeof s.properties === "object") {
+    for (const [key, prop] of Object.entries(s.properties)) {
+      const value = args[key];
+      if (value === void 0 || value === null) continue;
+      const expected = prop?.type;
+      if (!expected) continue;
+      const ok = expected === "number" || expected === "integer" ? typeof value === "number" : expected === "array" ? Array.isArray(value) : expected === "object" ? typeof value === "object" && !Array.isArray(value) : typeof value === expected;
+      if (!ok) {
+        throw makeError(
+          -32602,
+          `Argument "${key}" for tool "${toolName}" must be of type ${expected}`
+        );
+      }
+    }
+  }
+}
 
 // src/mcp/client.ts
 function createMCPClient(config) {
   let requestId = 0;
+  const parsedUrl = new URL(config.url);
+  if (parsedUrl.protocol !== "http:" && parsedUrl.protocol !== "https:") {
+    throw new Error(`MCP client URL must be http(s): ${config.url}`);
+  }
   async function rpc(method, params) {
     const request = {
       jsonrpc: "2.0",
@@ -149,6 +207,10 @@ function createMCPClient(config) {
         ...config.headers
       },
       body: JSON.stringify(request),
+      // never follow redirects: a 3xx to another host would otherwise re-send
+      // config.headers (often a bearer token) to that host, leaking the
+      // credential and enabling an ssrf pivot.
+      redirect: "error",
       signal: AbortSignal.timeout(3e4)
     });
     if (!response.ok) {
@@ -222,6 +284,8 @@ function createMCPClient(config) {
 // src/mcp/handler.ts
 function createMCPHandler(server, options) {
   const corsOrigin = options?.corsOrigin;
+  const allowedOrigins = options?.allowedOrigins;
+  const authorize = options?.authorize;
   return async (req, res) => {
     if (corsOrigin) {
       res.setHeader("Access-Control-Allow-Origin", corsOrigin);
@@ -233,6 +297,31 @@ function createMCPHandler(server, options) {
       res.end();
       return;
     }
+    const origin = req.headers.origin;
+    if (allowedOrigins && origin !== void 0 && !allowedOrigins.includes(origin)) {
+      res.writeHead(403, { "Content-Type": "text/plain" });
+      res.end("Forbidden");
+      return;
+    }
+    if (authorize) {
+      let allowed = false;
+      try {
+        allowed = await authorize(req);
+      } catch {
+        allowed = false;
+      }
+      if (!allowed) {
+        res.writeHead(401, { "Content-Type": "application/json" });
+        res.end(
+          JSON.stringify({
+            jsonrpc: "2.0",
+            id: null,
+            error: { code: -32600, message: "Unauthorized" }
+          })
+        );
+        return;
+      }
+    }
     const url = new URL(req.url ?? "/", `http://${req.headers.host ?? "localhost"}`);
     if (url.pathname.endsWith("/sse") && req.method === "GET") {
       handleSSE(server, req, res);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@matthesketh/utopia-ai",
-  "version": "0.7.1",
+  "version": "0.8.0",
   "description": "AI adapters and MCP support for UtopiaJS",
   "type": "module",
   "license": "MIT",