Skip to content

@ai-sdk/provider-utils@5.0.0-canary.47

Pre-release
Pre-release

Choose a tag to compare

View all tags
@github-actions github-actions released this 11 Jun 04:35
· 33 commits to main since this release
@ai-sdk/provider-utils@5.0.0-canary.47
260caaf
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Patch Changes

  • bae5e2b: fix(security): re-validate tool approvals from client message history before execution

    The approval-replay path in generateText/streamText (and WorkflowAgent.stream) reconstructed approved tool calls from the client-supplied messages array and executed them without re-validating input against the tool's schema or re-applying the approval policy. A client could forge an assistant message with a pre-approved tool-call part and have the server execute a tool with attacker-chosen arguments.

    The replay path now validates HMAC signature (when experimental_toolApprovalSecret is configured), re-validates tool-call input against the tool's input schema, and re-resolves the approval policy before execution.

Assets 2
Loading