npm - @seed-ship/mcp-ui-solid - Versions diffs - 6.12.0 → 6.14.0 - Mend

@seed-ship/mcp-ui-solid 6.12.0 → 6.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/CHANGELOG.md +46 -0
package/dist/components/UIResourceRenderer.cjs +343 -297
package/dist/components/UIResourceRenderer.cjs.map +1 -1
package/dist/components/UIResourceRenderer.d.ts +19 -0
package/dist/components/UIResourceRenderer.d.ts.map +1 -1
package/dist/components/UIResourceRenderer.js +343 -297
package/dist/components/UIResourceRenderer.js.map +1 -1
package/dist/services/component-registry.cjs +19 -6
package/dist/services/component-registry.cjs.map +1 -1
package/dist/services/component-registry.d.ts.map +1 -1
package/dist/services/component-registry.js +19 -6
package/dist/services/component-registry.js.map +1 -1
package/dist/types/index.d.ts +54 -1
package/dist/types/index.d.ts.map +1 -1
package/dist/types.d.cts +54 -1
package/dist/types.d.ts +54 -1
package/package.json +1 -1
package/src/components/ChartRenderer.quickchart.test.tsx +66 -0
package/src/components/UIResourceRenderer.tsx +79 -7
package/src/services/component-registry.ts +19 -6
package/src/types/graph-types.test.ts +42 -0
package/src/types/index.ts +58 -1
package/tsconfig.tsbuildinfo +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -5,6 +5,52 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [6.14.0] - 2026-05-31
+Make the external quickchart.io chart fallback an explicit host opt-in
+(audit P1.7).
+### Security / privacy
+- The chart renderer could silently fall back to **quickchart.io** when the
+  native `chart.js` peer was unavailable (auto mode) — encoding the **entire
+  chart config** (labels + data) into an external image URL. That is an
+  implicit network call that can leak potentially sensitive data and behaves
+  differently offline.
+- A new **host-level** prop `allowQuickchartFallback` (on `<UIResourceRenderer>`
+  and `<StreamingUIRenderer>`) gates **all** quickchart.io access.
+  **Default `false`**:
+  - in `auto` mode, when Chart.js is missing the chart now **degrades to a
+    local data table** (the P2.5 fallback ladder) and emits a `render:error`
+    telemetry signal (`componentType: 'chart'`) — no external call;
+  - an explicit `renderer: 'iframe'` request is likewise declined (and
+    degraded) unless the host opts in.
+- Native Chart.js stays the preferred path and is unchanged. Setting
+  `allowQuickchartFallback` restores the previous quickchart behaviour.
+  Like `allowHtmlPopups` (v6.10.0), this is deliberately a host prop, not a
+  payload field — a payload must not be able to opt itself into an external
+  call.
+## [6.13.0] - 2026-05-31
+`graph` is now first-class in the `UIComponent` params union (audit follow-up
+to P1.4/P1.5).
+### Added
+- `GraphComponentParams`, `GraphNode`, `GraphEdge` and `GraphLayout` types
+  (mirroring `GraphComponentParamsSchema` in `@seed-ship/mcp-ui-spec`), and
+  `GraphComponentParams` is now part of the `UIComponent` `params` union.
+  Previously a `type: 'graph'` component could not be expressed as a typed
+  `UIComponent` — the union ended at `MapComponentParams`.
+- `GraphRegistry` now ships a **typed** example (it was an empty array in
+  v6.12.0 precisely because the union lacked graph params).
+- `types/graph-types.test.ts` — compile-time + runtime assertion that a graph
+  component with `nodes`/`edges` is assignable to `UIComponent`.
+Type-widening only; existing valid code keeps compiling.
 ## [6.12.0] - 2026-05-31
 Registry/schema parity for `graph` (audit P1.5).