ai 6.0.169 → 6.0.170

package/docs/07-reference/03-ai-sdk-rsc/01-stream-ui.mdx

@@ -255,6 +255,13 @@ To see `streamUI` in action, check out [these examples](#examples).
         },
       ],
     },
+    {
+      name: 'allowSystemInMessages',
+      type: 'boolean',
+      isOptional: true,
+      description:
+        'Whether system messages are allowed in the `prompt` or `messages` fields. When unset, system messages are allowed with a warning because they can create a prompt injection attack risk. Ideally, use the `system` option instead. Set to `true` to suppress the warning, or `false` to reject system messages in `prompt` or `messages`.',
+    },
     {
       name: 'maxOutputTokens',
       type: 'number',

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ai",
-  "version": "6.0.169",
+  "version": "6.0.170",
   "description": "AI SDK by Vercel - build apps like ChatGPT, Claude, Gemini, and more with a single interface for any model using the Vercel AI Gateway or go direct to OpenAI, Anthropic, Google, or any other model provider.",
   "license": "Apache-2.0",
   "sideEffects": false,

package/src/generate-object/generate-object.ts

@@ -55,6 +55,7 @@ const originalGenerateId = createIdGenerator({ prefix: 'aiobj', size: 24 });
  * @param system - A system message that will be part of the prompt.
  * @param prompt - A simple text prompt. You can either use `prompt` or `messages` but not both.
  * @param messages - A list of messages. You can either use `prompt` or `messages` but not both.
+ * @param allowSystemInMessages - Whether system messages are allowed in the `prompt` or `messages` fields. When unset, system messages are allowed with a warning.
  *
  * @param maxOutputTokens - Maximum number of tokens to generate.
  * @param temperature - Temperature setting.
@@ -197,6 +198,7 @@ export async function generateObject<
     system,
     prompt,
     messages,
+    allowSystemInMessages,
     maxRetries: maxRetriesArg,
     abortSignal,
     headers,
@@ -295,6 +297,7 @@ export async function generateObject<
           system,
           prompt,
           messages,
+          allowSystemInMessages,
         } as Prompt);
 
         const promptMessages = await convertToLanguageModelPrompt({

package/src/generate-object/stream-object.ts

@@ -119,6 +119,7 @@ export type StreamObjectOnFinishCallback<RESULT> = (event: {
  * @param system - A system message that will be part of the prompt.
  * @param prompt - A simple text prompt. You can either use `prompt` or `messages` but not both.
  * @param messages - A list of messages. You can either use `prompt` or `messages` but not both.
+ * @param allowSystemInMessages - Whether system messages are allowed in the `prompt` or `messages` fields. When unset, system messages are allowed with a warning.
  *
  * @param maxOutputTokens - Maximum number of tokens to generate.
  * @param temperature - Temperature setting.
@@ -284,6 +285,7 @@ export function streamObject<
     system,
     prompt,
     messages,
+    allowSystemInMessages,
     maxRetries,
     abortSignal,
     headers,
@@ -337,6 +339,7 @@ export function streamObject<
     system,
     prompt,
     messages,
+    allowSystemInMessages,
     schemaName,
     schemaDescription,
     providerOptions,
@@ -386,6 +389,7 @@ class DefaultStreamObjectResult<
     system,
     prompt,
     messages,
+    allowSystemInMessages,
     schemaName,
     schemaDescription,
     providerOptions,
@@ -407,6 +411,7 @@ class DefaultStreamObjectResult<
     system: Prompt['system'];
     prompt: Prompt['prompt'];
     messages: Prompt['messages'];
+    allowSystemInMessages: Prompt['allowSystemInMessages'];
     schemaName: string | undefined;
     schemaDescription: string | undefined;
     providerOptions: ProviderOptions | undefined;
@@ -485,6 +490,7 @@ class DefaultStreamObjectResult<
           system,
           prompt,
           messages,
+          allowSystemInMessages,
         } as Prompt);
 
         const callOptions = {

package/src/generate-text/generate-text.ts

@@ -201,6 +201,7 @@ export type GenerateTextOnFinishCallback<TOOLS extends ToolSet> = (
  * @param system - A system message that will be part of the prompt.
  * @param prompt - A simple text prompt. You can either use `prompt` or `messages` but not both.
  * @param messages - A list of messages. You can either use `prompt` or `messages` but not both.
+ * @param allowSystemInMessages - Whether system messages are allowed in the `prompt` or `messages` fields. When unset, system messages are allowed with a warning.
  *
  * @param maxOutputTokens - Maximum number of tokens to generate.
  * @param temperature - Temperature setting.
@@ -252,6 +253,7 @@ export async function generateText<
   system,
   prompt,
   messages,
+  allowSystemInMessages,
   maxRetries: maxRetriesArg,
   abortSignal,
   timeout,
@@ -477,6 +479,7 @@ export async function generateText<
     system,
     prompt,
     messages,
+    allowSystemInMessages,
   } as Prompt);
 
   const globalTelemetry = createGlobalTelemetry(telemetry?.integrations);

package/src/generate-text/stream-text.ts

@@ -252,6 +252,7 @@ export type StreamTextOnToolCallFinishCallback<
  * @param system - A system message that will be part of the prompt.
  * @param prompt - A simple text prompt. You can either use `prompt` or `messages` but not both.
  * @param messages - A list of messages. You can either use `prompt` or `messages` but not both.
+ * @param allowSystemInMessages - Whether system messages are allowed in the `prompt` or `messages` fields. When unset, system messages are allowed with a warning.
  *
  * @param maxOutputTokens - Maximum number of tokens to generate.
  * @param temperature - Temperature setting.
@@ -297,6 +298,7 @@ export function streamText<
   system,
   prompt,
   messages,
+  allowSystemInMessages,
   maxRetries,
   abortSignal,
   timeout,
@@ -548,6 +550,7 @@ export function streamText<
     system,
     prompt,
     messages,
+    allowSystemInMessages,
     tools,
     toolChoice,
     transforms: asArray(transform),
@@ -731,6 +734,7 @@ class DefaultStreamTextResult<
     system,
     prompt,
     messages,
+    allowSystemInMessages,
     tools,
     toolChoice,
     transforms,
@@ -772,6 +776,7 @@ class DefaultStreamTextResult<
     system: Prompt['system'];
     prompt: Prompt['prompt'];
     messages: Prompt['messages'];
+    allowSystemInMessages: Prompt['allowSystemInMessages'];
     tools: TOOLS | undefined;
     toolChoice: ToolChoice<TOOLS> | undefined;
     transforms: Array<StreamTextTransform<TOOLS>>;
@@ -1307,6 +1312,7 @@ class DefaultStreamTextResult<
           system,
           prompt,
           messages,
+          allowSystemInMessages,
         } as Prompt);
 
         await notify({

package/src/prompt/prompt.ts

@@ -9,6 +9,16 @@ export type Prompt = {
    * System message to include in the prompt. Can be used with `prompt` or `messages`.
    */
   system?: string | SystemModelMessage | Array<SystemModelMessage>;
+
+  /**
+   * Whether system messages are allowed in the `prompt` or `messages` fields.
+   *
+   * When disabled, system messages must be provided through the `system`
+   * option. When unset, system messages are allowed with a warning.
+   *
+   * @default undefined
+   */
+  allowSystemInMessages?: boolean;
 } & (
   | {
       /**

package/src/prompt/standardize-prompt.ts

@@ -21,17 +21,31 @@ export type StandardizedPrompt = {
   messages: ModelMessage[];
 };
 
-export async function standardizePrompt(
-  prompt: Prompt,
-): Promise<StandardizedPrompt> {
-  if (prompt.prompt == null && prompt.messages == null) {
+/**
+ * Converts a prompt input into a standardized prompt with validated model
+ * messages.
+ *
+ * @param prompt - The prompt definition to standardize.
+ * Set `allowSystemInMessages` to false to reject system messages in the
+ * `prompt` or `messages` fields. When unset, system messages are allowed with a
+ * warning. System messages in the `system` option are always allowed.
+ * @returns The standardized prompt.
+ * @throws {InvalidPromptError} When the prompt is invalid.
+ */
+export async function standardizePrompt({
+  allowSystemInMessages,
+  system,
+  prompt,
+  messages,
+}: Prompt): Promise<StandardizedPrompt> {
+  if (prompt == null && messages == null) {
     throw new InvalidPromptError({
       prompt,
       message: 'prompt or messages must be defined',
     });
   }
 
-  if (prompt.prompt != null && prompt.messages != null) {
+  if (prompt != null && messages != null) {
     throw new InvalidPromptError({
       prompt,
       message: 'prompt and messages cannot be defined at the same time',
@@ -40,15 +54,8 @@ export async function standardizePrompt(
 
   // validate that system is a string or a SystemModelMessage
   if (
-    prompt.system != null &&
-    typeof prompt.system !== 'string' &&
-    !asArray(prompt.system).every(
-      message =>
-        typeof message === 'object' &&
-        message !== null &&
-        'role' in message &&
-        message.role === 'system',
-    )
+    typeof system !== 'string' &&
+    !asArray(system).every(message => message.role === 'system')
   ) {
     throw new InvalidPromptError({
       prompt,
@@ -57,15 +64,11 @@ export async function standardizePrompt(
     });
   }
 
-  let messages: ModelMessage[];
-
-  if (prompt.prompt != null && typeof prompt.prompt === 'string') {
-    messages = [{ role: 'user', content: prompt.prompt }];
-  } else if (prompt.prompt != null && Array.isArray(prompt.prompt)) {
-    messages = prompt.prompt;
-  } else if (prompt.messages != null) {
-    messages = prompt.messages;
-  } else {
+  if (prompt != null && typeof prompt === 'string') {
+    messages = [{ role: 'user', content: prompt }];
+  } else if (prompt != null && Array.isArray(prompt)) {
+    messages = prompt;
+  } else if (messages == null) {
     throw new InvalidPromptError({
       prompt,
       message: 'prompt or messages must be defined',
@@ -79,6 +82,26 @@ export async function standardizePrompt(
     });
   }
 
+  if (messages.some(message => message.role === 'system')) {
+    if (allowSystemInMessages === false) {
+      throw new InvalidPromptError({
+        prompt,
+        message:
+          'System messages are not allowed in the prompt or messages fields. Use the system option instead.',
+      });
+    }
+
+    if (allowSystemInMessages === undefined) {
+      console.warn(
+        'AI SDK Warning: System messages in the prompt or messages fields ' +
+          'can be a security risk because they may enable prompt injection ' +
+          'attacks. Use the system option instead when possible. Set ' +
+          'allowSystemInMessages to true to suppress this warning, or false ' +
+          'to throw an error.',
+      );
+    }
+  }
+
   const validationResult = await safeValidateTypes({
     value: messages,
     schema: z.array(modelMessageSchema),
@@ -92,8 +115,5 @@ export async function standardizePrompt(
     });
   }
 
-  return {
-    messages,
-    system: prompt.system,
-  };
+  return { messages, system };
 }