ai 6.0.169 → 6.0.170

package/CHANGELOG.md

@@ -1,5 +1,11 @@
 # ai
 
+## 6.0.170
+
+### Patch Changes
+
+- 19d587a: fix(ai): add allowSystemInMessages option and warn by default when system messages are found in prompt or messages
+
 ## 6.0.169
 
 ### Patch Changes

package/dist/index.d.mts

@@ -679,6 +679,15 @@ type Prompt = {
      * System message to include in the prompt. Can be used with `prompt` or `messages`.
      */
     system?: string | SystemModelMessage | Array<SystemModelMessage>;
+    /**
+     * Whether system messages are allowed in the `prompt` or `messages` fields.
+     *
+     * When disabled, system messages must be provided through the `system`
+     * option. When unset, system messages are allowed with a warning.
+     *
+     * @default undefined
+     */
+    allowSystemInMessages?: boolean;
 } & ({
     /**
      * A prompt. It can be either a text prompt or a list of messages.
@@ -1382,6 +1391,7 @@ type GenerateTextOnFinishCallback<TOOLS extends ToolSet> = (event: OnFinishEvent
  * @param system - A system message that will be part of the prompt.
  * @param prompt - A simple text prompt. You can either use `prompt` or `messages` but not both.
  * @param messages - A list of messages. You can either use `prompt` or `messages` but not both.
+ * @param allowSystemInMessages - Whether system messages are allowed in the `prompt` or `messages` fields. When unset, system messages are allowed with a warning.
  *
  * @param maxOutputTokens - Maximum number of tokens to generate.
  * @param temperature - Temperature setting.
@@ -1423,7 +1433,7 @@ type GenerateTextOnFinishCallback<TOOLS extends ToolSet> = (event: OnFinishEvent
  * @returns
  * A result object that contains the generated text, the results of the tool calls, and additional information.
  */
-declare function generateText<TOOLS extends ToolSet, OUTPUT extends Output = Output<string, string>>({ model: modelArg, tools, toolChoice, system, prompt, messages, maxRetries: maxRetriesArg, abortSignal, timeout, headers, stopWhen, experimental_output, output, experimental_telemetry: telemetry, providerOptions, experimental_activeTools, activeTools, experimental_prepareStep, prepareStep, experimental_repairToolCall: repairToolCall, experimental_download: download, experimental_context, experimental_include: include, _internal: { generateId }, experimental_onStart: onStart, experimental_onStepStart: onStepStart, experimental_onToolCallStart: onToolCallStart, experimental_onToolCallFinish: onToolCallFinish, onStepFinish, onFinish, ...settings }: CallSettings & Prompt & {
+declare function generateText<TOOLS extends ToolSet, OUTPUT extends Output = Output<string, string>>({ model: modelArg, tools, toolChoice, system, prompt, messages, allowSystemInMessages, maxRetries: maxRetriesArg, abortSignal, timeout, headers, stopWhen, experimental_output, output, experimental_telemetry: telemetry, providerOptions, experimental_activeTools, activeTools, experimental_prepareStep, prepareStep, experimental_repairToolCall: repairToolCall, experimental_download: download, experimental_context, experimental_include: include, _internal: { generateId }, experimental_onStart: onStart, experimental_onStepStart: onStepStart, experimental_onToolCallStart: onToolCallStart, experimental_onToolCallFinish: onToolCallFinish, onStepFinish, onFinish, ...settings }: CallSettings & Prompt & {
     /**
      * The language model to use.
      */
@@ -2774,6 +2784,7 @@ type StreamTextOnToolCallFinishCallback<TOOLS extends ToolSet = ToolSet> = (even
  * @param system - A system message that will be part of the prompt.
  * @param prompt - A simple text prompt. You can either use `prompt` or `messages` but not both.
  * @param messages - A list of messages. You can either use `prompt` or `messages` but not both.
+ * @param allowSystemInMessages - Whether system messages are allowed in the `prompt` or `messages` fields. When unset, system messages are allowed with a warning.
  *
  * @param maxOutputTokens - Maximum number of tokens to generate.
  * @param temperature - Temperature setting.
@@ -2809,7 +2820,7 @@ type StreamTextOnToolCallFinishCallback<TOOLS extends ToolSet = ToolSet> = (even
  * @returns
  * A result object for accessing different stream types and additional information.
  */
-declare function streamText<TOOLS extends ToolSet, OUTPUT extends Output = Output<string, string, never>>({ model, tools, toolChoice, system, prompt, messages, maxRetries, abortSignal, timeout, headers, stopWhen, experimental_output, output, experimental_telemetry: telemetry, prepareStep, providerOptions, experimental_activeTools, activeTools, experimental_repairToolCall: repairToolCall, experimental_transform: transform, experimental_download: download, includeRawChunks, onChunk, onError, onFinish, onAbort, onStepFinish, experimental_onStart: onStart, experimental_onStepStart: onStepStart, experimental_onToolCallStart: onToolCallStart, experimental_onToolCallFinish: onToolCallFinish, experimental_context, experimental_include: include, _internal: { now, generateId }, ...settings }: CallSettings & Prompt & {
+declare function streamText<TOOLS extends ToolSet, OUTPUT extends Output = Output<string, string, never>>({ model, tools, toolChoice, system, prompt, messages, allowSystemInMessages, maxRetries, abortSignal, timeout, headers, stopWhen, experimental_output, output, experimental_telemetry: telemetry, prepareStep, providerOptions, experimental_activeTools, activeTools, experimental_repairToolCall: repairToolCall, experimental_transform: transform, experimental_download: download, includeRawChunks, onChunk, onError, onFinish, onAbort, onStepFinish, experimental_onStart: onStart, experimental_onStepStart: onStepStart, experimental_onToolCallStart: onToolCallStart, experimental_onToolCallFinish: onToolCallFinish, experimental_context, experimental_include: include, _internal: { now, generateId }, ...settings }: CallSettings & Prompt & {
     /**
      * The language model to use.
      */
@@ -5098,6 +5109,7 @@ type RepairTextFunction = (options: {
  * @param system - A system message that will be part of the prompt.
  * @param prompt - A simple text prompt. You can either use `prompt` or `messages` but not both.
  * @param messages - A list of messages. You can either use `prompt` or `messages` but not both.
+ * @param allowSystemInMessages - Whether system messages are allowed in the `prompt` or `messages` fields. When unset, system messages are allowed with a warning.
  *
  * @param maxOutputTokens - Maximum number of tokens to generate.
  * @param temperature - Temperature setting.
@@ -5449,6 +5461,7 @@ type StreamObjectOnFinishCallback<RESULT> = (event: {
  * @param system - A system message that will be part of the prompt.
  * @param prompt - A simple text prompt. You can either use `prompt` or `messages` but not both.
  * @param messages - A list of messages. You can either use `prompt` or `messages` but not both.
+ * @param allowSystemInMessages - Whether system messages are allowed in the `prompt` or `messages` fields. When unset, system messages are allowed with a warning.
  *
  * @param maxOutputTokens - Maximum number of tokens to generate.
  * @param temperature - Temperature setting.

package/dist/index.d.ts

@@ -679,6 +679,15 @@ type Prompt = {
      * System message to include in the prompt. Can be used with `prompt` or `messages`.
      */
     system?: string | SystemModelMessage | Array<SystemModelMessage>;
+    /**
+     * Whether system messages are allowed in the `prompt` or `messages` fields.
+     *
+     * When disabled, system messages must be provided through the `system`
+     * option. When unset, system messages are allowed with a warning.
+     *
+     * @default undefined
+     */
+    allowSystemInMessages?: boolean;
 } & ({
     /**
      * A prompt. It can be either a text prompt or a list of messages.
@@ -1382,6 +1391,7 @@ type GenerateTextOnFinishCallback<TOOLS extends ToolSet> = (event: OnFinishEvent
  * @param system - A system message that will be part of the prompt.
  * @param prompt - A simple text prompt. You can either use `prompt` or `messages` but not both.
  * @param messages - A list of messages. You can either use `prompt` or `messages` but not both.
+ * @param allowSystemInMessages - Whether system messages are allowed in the `prompt` or `messages` fields. When unset, system messages are allowed with a warning.
  *
  * @param maxOutputTokens - Maximum number of tokens to generate.
  * @param temperature - Temperature setting.
@@ -1423,7 +1433,7 @@ type GenerateTextOnFinishCallback<TOOLS extends ToolSet> = (event: OnFinishEvent
  * @returns
  * A result object that contains the generated text, the results of the tool calls, and additional information.
  */
-declare function generateText<TOOLS extends ToolSet, OUTPUT extends Output = Output<string, string>>({ model: modelArg, tools, toolChoice, system, prompt, messages, maxRetries: maxRetriesArg, abortSignal, timeout, headers, stopWhen, experimental_output, output, experimental_telemetry: telemetry, providerOptions, experimental_activeTools, activeTools, experimental_prepareStep, prepareStep, experimental_repairToolCall: repairToolCall, experimental_download: download, experimental_context, experimental_include: include, _internal: { generateId }, experimental_onStart: onStart, experimental_onStepStart: onStepStart, experimental_onToolCallStart: onToolCallStart, experimental_onToolCallFinish: onToolCallFinish, onStepFinish, onFinish, ...settings }: CallSettings & Prompt & {
+declare function generateText<TOOLS extends ToolSet, OUTPUT extends Output = Output<string, string>>({ model: modelArg, tools, toolChoice, system, prompt, messages, allowSystemInMessages, maxRetries: maxRetriesArg, abortSignal, timeout, headers, stopWhen, experimental_output, output, experimental_telemetry: telemetry, providerOptions, experimental_activeTools, activeTools, experimental_prepareStep, prepareStep, experimental_repairToolCall: repairToolCall, experimental_download: download, experimental_context, experimental_include: include, _internal: { generateId }, experimental_onStart: onStart, experimental_onStepStart: onStepStart, experimental_onToolCallStart: onToolCallStart, experimental_onToolCallFinish: onToolCallFinish, onStepFinish, onFinish, ...settings }: CallSettings & Prompt & {
     /**
      * The language model to use.
      */
@@ -2774,6 +2784,7 @@ type StreamTextOnToolCallFinishCallback<TOOLS extends ToolSet = ToolSet> = (even
  * @param system - A system message that will be part of the prompt.
  * @param prompt - A simple text prompt. You can either use `prompt` or `messages` but not both.
  * @param messages - A list of messages. You can either use `prompt` or `messages` but not both.
+ * @param allowSystemInMessages - Whether system messages are allowed in the `prompt` or `messages` fields. When unset, system messages are allowed with a warning.
  *
  * @param maxOutputTokens - Maximum number of tokens to generate.
  * @param temperature - Temperature setting.
@@ -2809,7 +2820,7 @@ type StreamTextOnToolCallFinishCallback<TOOLS extends ToolSet = ToolSet> = (even
  * @returns
  * A result object for accessing different stream types and additional information.
  */
-declare function streamText<TOOLS extends ToolSet, OUTPUT extends Output = Output<string, string, never>>({ model, tools, toolChoice, system, prompt, messages, maxRetries, abortSignal, timeout, headers, stopWhen, experimental_output, output, experimental_telemetry: telemetry, prepareStep, providerOptions, experimental_activeTools, activeTools, experimental_repairToolCall: repairToolCall, experimental_transform: transform, experimental_download: download, includeRawChunks, onChunk, onError, onFinish, onAbort, onStepFinish, experimental_onStart: onStart, experimental_onStepStart: onStepStart, experimental_onToolCallStart: onToolCallStart, experimental_onToolCallFinish: onToolCallFinish, experimental_context, experimental_include: include, _internal: { now, generateId }, ...settings }: CallSettings & Prompt & {
+declare function streamText<TOOLS extends ToolSet, OUTPUT extends Output = Output<string, string, never>>({ model, tools, toolChoice, system, prompt, messages, allowSystemInMessages, maxRetries, abortSignal, timeout, headers, stopWhen, experimental_output, output, experimental_telemetry: telemetry, prepareStep, providerOptions, experimental_activeTools, activeTools, experimental_repairToolCall: repairToolCall, experimental_transform: transform, experimental_download: download, includeRawChunks, onChunk, onError, onFinish, onAbort, onStepFinish, experimental_onStart: onStart, experimental_onStepStart: onStepStart, experimental_onToolCallStart: onToolCallStart, experimental_onToolCallFinish: onToolCallFinish, experimental_context, experimental_include: include, _internal: { now, generateId }, ...settings }: CallSettings & Prompt & {
     /**
      * The language model to use.
      */
@@ -5098,6 +5109,7 @@ type RepairTextFunction = (options: {
  * @param system - A system message that will be part of the prompt.
  * @param prompt - A simple text prompt. You can either use `prompt` or `messages` but not both.
  * @param messages - A list of messages. You can either use `prompt` or `messages` but not both.
+ * @param allowSystemInMessages - Whether system messages are allowed in the `prompt` or `messages` fields. When unset, system messages are allowed with a warning.
  *
  * @param maxOutputTokens - Maximum number of tokens to generate.
  * @param temperature - Temperature setting.
@@ -5449,6 +5461,7 @@ type StreamObjectOnFinishCallback<RESULT> = (event: {
  * @param system - A system message that will be part of the prompt.
  * @param prompt - A simple text prompt. You can either use `prompt` or `messages` but not both.
  * @param messages - A list of messages. You can either use `prompt` or `messages` but not both.
+ * @param allowSystemInMessages - Whether system messages are allowed in the `prompt` or `messages` fields. When unset, system messages are allowed with a warning.
  *
  * @param maxOutputTokens - Maximum number of tokens to generate.
  * @param temperature - Temperature setting.

package/dist/index.js

@@ -1252,7 +1252,7 @@ var import_provider_utils3 = require("@ai-sdk/provider-utils");
 var import_provider_utils4 = require("@ai-sdk/provider-utils");
 
 // src/version.ts
-var VERSION = true ? "6.0.169" : "0.0.0-test";
+var VERSION = true ? "6.0.170" : "0.0.0-test";
 
 // src/util/download/download.ts
 var download = async ({
@@ -2144,35 +2144,35 @@ var modelMessageSchema = import_v45.z.union([
 ]);
 
 // src/prompt/standardize-prompt.ts
-async function standardizePrompt(prompt) {
-  if (prompt.prompt == null && prompt.messages == null) {
+async function standardizePrompt({
+  allowSystemInMessages,
+  system,
+  prompt,
+  messages
+}) {
+  if (prompt == null && messages == null) {
     throw new import_provider24.InvalidPromptError({
       prompt,
       message: "prompt or messages must be defined"
     });
   }
-  if (prompt.prompt != null && prompt.messages != null) {
+  if (prompt != null && messages != null) {
     throw new import_provider24.InvalidPromptError({
       prompt,
       message: "prompt and messages cannot be defined at the same time"
     });
   }
-  if (prompt.system != null && typeof prompt.system !== "string" && !asArray(prompt.system).every(
-    (message) => typeof message === "object" && message !== null && "role" in message && message.role === "system"
-  )) {
+  if (typeof system !== "string" && !asArray(system).every((message) => message.role === "system")) {
     throw new import_provider24.InvalidPromptError({
       prompt,
       message: "system must be a string, SystemModelMessage, or array of SystemModelMessage"
     });
   }
-  let messages;
-  if (prompt.prompt != null && typeof prompt.prompt === "string") {
-    messages = [{ role: "user", content: prompt.prompt }];
-  } else if (prompt.prompt != null && Array.isArray(prompt.prompt)) {
-    messages = prompt.prompt;
-  } else if (prompt.messages != null) {
-    messages = prompt.messages;
-  } else {
+  if (prompt != null && typeof prompt === "string") {
+    messages = [{ role: "user", content: prompt }];
+  } else if (prompt != null && Array.isArray(prompt)) {
+    messages = prompt;
+  } else if (messages == null) {
     throw new import_provider24.InvalidPromptError({
       prompt,
       message: "prompt or messages must be defined"
@@ -2184,6 +2184,19 @@ async function standardizePrompt(prompt) {
       message: "messages must not be empty"
     });
   }
+  if (messages.some((message) => message.role === "system")) {
+    if (allowSystemInMessages === false) {
+      throw new import_provider24.InvalidPromptError({
+        prompt,
+        message: "System messages are not allowed in the prompt or messages fields. Use the system option instead."
+      });
+    }
+    if (allowSystemInMessages === void 0) {
+      console.warn(
+        "AI SDK Warning: System messages in the prompt or messages fields can be a security risk because they may enable prompt injection attacks. Use the system option instead when possible. Set allowSystemInMessages to true to suppress this warning, or false to throw an error."
+      );
+    }
+  }
   const validationResult = await (0, import_provider_utils8.safeValidateTypes)({
     value: messages,
     schema: import_v46.z.array(modelMessageSchema)
@@ -2195,10 +2208,7 @@ async function standardizePrompt(prompt) {
       cause: validationResult.error
     });
   }
-  return {
-    messages,
-    system: prompt.system
-  };
+  return { messages, system };
 }
 
 // src/prompt/wrap-gateway-error.ts
@@ -4115,6 +4125,7 @@ async function generateText({
   system,
   prompt,
   messages,
+  allowSystemInMessages,
   maxRetries: maxRetriesArg,
   abortSignal,
   timeout,
@@ -4171,7 +4182,8 @@ async function generateText({
   const initialPrompt = await standardizePrompt({
     system,
     prompt,
-    messages
+    messages,
+    allowSystemInMessages
   });
   const globalTelemetry = createGlobalTelemetry(telemetry == null ? void 0 : telemetry.integrations);
   await notify({
@@ -6452,6 +6464,7 @@ function streamText({
   system,
   prompt,
   messages,
+  allowSystemInMessages,
   maxRetries,
   abortSignal,
   timeout,
@@ -6508,6 +6521,7 @@ function streamText({
     system,
     prompt,
     messages,
+    allowSystemInMessages,
     tools,
     toolChoice,
     transforms: asArray(transform),
@@ -6614,6 +6628,7 @@ var DefaultStreamTextResult = class {
     system,
     prompt,
     messages,
+    allowSystemInMessages,
     tools,
     toolChoice,
     transforms,
@@ -7005,7 +7020,8 @@ var DefaultStreamTextResult = class {
         const initialPrompt = await standardizePrompt({
           system,
           prompt,
-          messages
+          messages,
+          allowSystemInMessages
         });
         await notify({
           event: {
@@ -10112,6 +10128,7 @@ async function generateObject(options) {
     system,
     prompt,
     messages,
+    allowSystemInMessages,
     maxRetries: maxRetriesArg,
     abortSignal,
     headers,
@@ -10196,7 +10213,8 @@ async function generateObject(options) {
         const standardizedPrompt = await standardizePrompt({
           system,
           prompt,
-          messages
+          messages,
+          allowSystemInMessages
         });
         const promptMessages = await convertToLanguageModelPrompt({
           prompt: standardizedPrompt,
@@ -10521,6 +10539,7 @@ function streamObject(options) {
     system,
     prompt,
     messages,
+    allowSystemInMessages,
     maxRetries,
     abortSignal,
     headers,
@@ -10568,6 +10587,7 @@ function streamObject(options) {
     system,
     prompt,
     messages,
+    allowSystemInMessages,
     schemaName,
     schemaDescription,
     providerOptions,
@@ -10592,6 +10612,7 @@ var DefaultStreamObjectResult = class {
     system,
     prompt,
     messages,
+    allowSystemInMessages,
     schemaName,
     schemaDescription,
     providerOptions,
@@ -10662,7 +10683,8 @@ var DefaultStreamObjectResult = class {
         const standardizedPrompt = await standardizePrompt({
           system,
           prompt,
-          messages
+          messages,
+          allowSystemInMessages
         });
         const callOptions = {
           responseFormat: {