@seed-ship/mcp-ui-solid 6.13.0 → 6.15.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +46 -0
- package/dist/components/UIResourceRenderer.cjs +369 -298
- package/dist/components/UIResourceRenderer.cjs.map +1 -1
- package/dist/components/UIResourceRenderer.d.ts +19 -0
- package/dist/components/UIResourceRenderer.d.ts.map +1 -1
- package/dist/components/UIResourceRenderer.js +369 -298
- package/dist/components/UIResourceRenderer.js.map +1 -1
- package/package.json +1 -1
- package/src/components/ChartRenderer.quickchart.test.tsx +66 -0
- package/src/components/UIResourceRenderer.tsx +114 -7
- package/src/components/UnsupportedComponent.test.tsx +77 -0
- package/tsconfig.tsbuildinfo +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,52 @@ All notable changes to this project will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [6.15.0] - 2026-05-31
|
|
9
|
+
|
|
10
|
+
Unknown component types never render a silent blank (audit P1.6).
|
|
11
|
+
|
|
12
|
+
### Fixed
|
|
13
|
+
|
|
14
|
+
- An unrecognized component `type` has no renderer branch, so it previously
|
|
15
|
+
rendered **nothing** — and under `errorMode: 'silent'` it passed the
|
|
16
|
+
validation gate without even an error card, producing a fully invisible
|
|
17
|
+
failure. The validation gate now routes any `UNKNOWN_COMPONENT_TYPE` to a
|
|
18
|
+
visible **"Unsupported component type: X"** notice **regardless of
|
|
19
|
+
`errorMode`**.
|
|
20
|
+
- The privacy-safe telemetry signal already emitted by the gate
|
|
21
|
+
(`validation:failed` with `firstErrorCode: 'UNKNOWN_COMPONENT_TYPE'`) lets
|
|
22
|
+
hosts detect drift; the fallback notice itself stays purely presentational.
|
|
23
|
+
|
|
24
|
+
Behavior change only for previously-invisible unknown types; valid components
|
|
25
|
+
are unaffected.
|
|
26
|
+
|
|
27
|
+
## [6.14.0] - 2026-05-31
|
|
28
|
+
|
|
29
|
+
Make the external quickchart.io chart fallback an explicit host opt-in
|
|
30
|
+
(audit P1.7).
|
|
31
|
+
|
|
32
|
+
### Security / privacy
|
|
33
|
+
|
|
34
|
+
- The chart renderer could silently fall back to **quickchart.io** when the
|
|
35
|
+
native `chart.js` peer was unavailable (auto mode) — encoding the **entire
|
|
36
|
+
chart config** (labels + data) into an external image URL. That is an
|
|
37
|
+
implicit network call that can leak potentially sensitive data and behaves
|
|
38
|
+
differently offline.
|
|
39
|
+
- A new **host-level** prop `allowQuickchartFallback` (on `<UIResourceRenderer>`
|
|
40
|
+
and `<StreamingUIRenderer>`) gates **all** quickchart.io access.
|
|
41
|
+
**Default `false`**:
|
|
42
|
+
- in `auto` mode, when Chart.js is missing the chart now **degrades to a
|
|
43
|
+
local data table** (the P2.5 fallback ladder) and emits a `render:error`
|
|
44
|
+
telemetry signal (`componentType: 'chart'`) — no external call;
|
|
45
|
+
- an explicit `renderer: 'iframe'` request is likewise declined (and
|
|
46
|
+
degraded) unless the host opts in.
|
|
47
|
+
- Native Chart.js stays the preferred path and is unchanged. Setting
|
|
48
|
+
`allowQuickchartFallback` restores the previous quickchart behaviour.
|
|
49
|
+
|
|
50
|
+
Like `allowHtmlPopups` (v6.10.0), this is deliberately a host prop, not a
|
|
51
|
+
payload field — a payload must not be able to opt itself into an external
|
|
52
|
+
call.
|
|
53
|
+
|
|
8
54
|
## [6.13.0] - 2026-05-31
|
|
9
55
|
|
|
10
56
|
`graph` is now first-class in the `UIComponent` params union (audit follow-up
|