Gregor Martynus

more v3 -> v4 updates (#13602) - Update remaining 24 test files in `packages/ai/src` to use V4 mock models and interfaces instead of V3 counterparts - Continuation of #13567

v3 -> v4 spec usage for ai@7 beta (#13549) ## Background follow up to #13001 ## Summary I missed some usage of the v3 spec

docs: ADRs (#13343) Introducing [Architecture Decision Records](https://adr.github.io/) with an accompanying [agent skill](https://github.com/skillrecordings/adr-skill)

feat: `response.stream` (#15653) ## Background In preparation of https://github.com/vercel/ai/pull/14652 Follow up to https://github.com/vercel/ai/commit/b095aef28f21c44377fcbe227264c3fa99c05a80 ## Summary - introduces `response.stream` as a replacement for `response.fullStream` - deprecates `response.fullStream` Note: I didn't update `streamObject` since it's deprecated and due to be removed anyway. ## Manual Verification Ran examples

fix: smarter fallback team selection for scope inference (#120) ## Summary - Fetches both `/v2/user` and `/v2/teams` in parallel to build an ordered list of candidate teams for scope inference - Tries `user.defaultTeamId` first, then falls back to the best hobby-plan OWNER team (personal team matching username, or most recently updated) - Filters fallback candidates by `billing.plan === 'hobby'` and `membership.role === 'OWNER'` to avoid selecting pro/enterprise teams - On 403, skips to the next candidate instead of failing immediately - Only throws after all candidates are exhausted, with a helpful error message including the authenticated username --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Marc Codina <marc.codina@vercel.com>

refactor: extract StreamingToolCallTracker to deduplicate streaming tool call handling (#14565) ## Summary - Extracts shared streaming tool call state management into a reusable `StreamingToolCallTracker` class in `@ai-sdk/provider-utils` - Removes ~660 lines of duplicated code across 5 OpenAI-compatible providers (openai, openai-compatible, groq, deepseek, alibaba) - Fixes missing `generateId()` fallback for `toolCallId` in the Alibaba provider's `doGenerate` path - Ensures all providers finalize unfinished tool calls during stream flush (previously only openai-compatible and deepseek did this) Recreates #13141 against the current main branch. ## Background All 5 OpenAI-compatible providers had nearly identical ~80-line tool call tracking logic (accumulating arguments across deltas, emitting start/delta/end/call events). This PR extracts that into a shared class. The `StreamingToolCallTracker` class: - Tracks tool call state across streaming deltas (start detection, argument accumulation) - Finalizes tool calls both inline (via `isParsableJson`) and in `flush()` as a safety net - Supports provider-specific metadata (e.g., Google's `thoughtSignature` via openai-compatible) - Supports configurable type validation (`none`, `if-present`, `required`) - Has comprehensive test coverage (17 test cases) Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Revert "fix(security): prevent streaming tool calls from finalizing on parsable partial JSON" (#13172) Reverts vercel/ai#13137

feat (provider/quiverai): new @ai-sdk/quiverai provider (v2.0.0) (#15461) ## Background Add a 1st-party `@ai-sdk/quiverai` provider for [QuiverAI](https://quiver.ai/) SVG image generation, ported from https://github.com/quiverai/ai-sdk-provider. This PR targets `main` (canary pre-release). It must be merged **after** https://github.com/vercel/ai/pull/15463 has shipped `@ai-sdk/quiverai@1.0.0` from `release-v6.0`. With #15463's `v1.0.0` recorded as the initial version in `.changeset/pre.json`, the major changeset on this branch will publish `@ai-sdk/quiverai@2.0.0` once canary mode exits. ## Summary - New `packages/quiverai` package (image model only) supporting `generate` and `vectorize` operations against Arrow models (`arrow-1`, `arrow-1.1`, `arrow-1.1-max`). - Workflow serialization, example in `examples/ai-functions/src/generate-image/quiverai/`, docs at `content/providers/01-ai-sdk-providers/180-quiverai.mdx`, major changeset. - `package.json` version pinned to `1.0.0` and `.changeset/pre.json` initialVersions seeded with `@ai-sdk/quiverai: 1.0.0` so canary publishes start at `2.0.0-canary.x` and avoid colliding with the `v1.0.0` line shipped from `release-v6.0`. ## Manual Verification Ran both examples added in this PR against the live QuiverAI API: - `examples/ai-functions/src/generate-image/quiverai/basic.ts` — text-to-SVG generation with `arrow-1.1`. - `examples/ai-functions/src/generate-image/quiverai/vectorize.ts` — vectorization of `examples/ai-functions/data/wtf-logo.png` with `arrow-1.1`. ## Checklist - [x] All commits are signed (PRs with unsigned commits cannot be merged) - [x] Tests have been added / updated (for bug fixes / features) - [x] Documentation has been added / updated (for bug fixes / features) - [x] A _patch_ changeset for relevant packages has been added (for bug fixes / features - run `pnpm changeset` in the project root) - [x] I have reviewed this pull request (self-review) ## Related Issues Closes https://github.com/vercel/ai/issues/15459 Depends on https://github.com/vercel/ai/pull/15463 (must merge first). --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

fix(google): auto-inject skip_thought_signature_validator on Gemini 3 replays (#15560) ## Background Gemini 3 rejects replayed assistant `functionCall` parts without `thoughtSignature` with HTTP 400. This happens when app/client code persists or rebuilds messages and drops `providerOptions`. ## Summary - For Gemini 3 only (`/^gemini-3[.-]/`), inject Google's documented `skip_thought_signature_validator` sentinel when a replayed tool call has no signature. - Warn once per request with affected tool names. - Adapted to `main` V4 Google provider files and existing `google` / `googleVertex` / `vertex` namespace lookup. ## Manual Verification Live replay against `google('gemini-3-flash-preview')`: missing-signature replay changed from HTTP 400 to HTTP 200 with warning. ## Checklist - [ ] All commits are signed (PRs with unsigned commits cannot be merged) - [x] Tests have been added / updated (for bug fixes / features) - [ ] Documentation has been added / updated (for bug fixes / features) - [x] A _patch_ changeset for relevant packages has been added (for bug fixes / features - run `pnpm changeset` in the project root) - [x] I have reviewed this pull request (self-review) ## Related Issues Closes #15550. Refs #10344, #11413, #14196, #15548, #13060. Co-authored-by: Cursor <cursoragent@cursor.com>

feat(workflow): add runtimeContext and toolsContext to WorkflowAgent (#15022) ## Background Towards https://github.com/vercel/ai/issues/12164 `WorkflowAgent` lacked the runtime/tool context APIs that the AI SDK core (`generateText`, `streamText`, `ToolLoopAgent`) already exposes, so users could not pass typed shared state or per-tool context. ## Summary - Adds `runtimeContext` and `toolsContext` to `WorkflowAgent` (constructor and `stream()`), surfaced through `prepareCall`, `prepareStep`, `onFinish`, and step results. - Tools receive their own validated entry from `toolsContext` as `context` (validated against `tool.contextSchema` when defined, including missing entries). - Documents Workflow runtime serialization limits for context values and updates `examples/next-workflow` to demonstrate route-derived `runtimeContext` and per-tool `toolsContext`. - Removes `experimental_context` (and the corresponding fields on the related option/info/result/callback types). Use `runtimeContext` for shared agent state and `toolsContext` for per-tool values. ## Manual Verification Updated [examples/next-workflow](https://github.com/vercel/ai/pull/15022/changes#diff-56b85a0e575871868dced5fe09920e5d2eef3abbb25cbc1e08e9fe9f21db2c70) ## Checklist - [x] All commits are signed (PRs with unsigned commits cannot be merged) - [x] Tests have been added / updated (for bug fixes / features) - [x] Documentation has been added / updated (for bug fixes / features) - [x] A _patch_ changeset for relevant packages has been added (for bug fixes / features - run `pnpm changeset` in the project root) - [x] I have reviewed this pull request (self-review) ## Future Work Telemetry for `@ai-sdk/workflow` needs to be updated to the latest telemetry APIs in AI SDK. Once that is done, `includeRuntimeContext` and `includeToolsContext` should be added to `WorkflowAgent` so telemetry integrations can opt into selected context fields.

fix(security): prevent streaming tool calls from finalizing on parsable partial JSON (#13137) ## Background In 5 OpenAI-compatible providers (`openai`, `openai-compatible`, `groq`, `deepseek`, `alibaba`), streaming tool call arguments were finalized using `isParsableJson()` as a heuristic for completion. If partial accumulated JSON happened to be valid JSON before all chunks arrived, the tool call would be executed with incomplete arguments, potentially dropping safety-relevant parameters. For example, a model streaming `{"query": "test", "limit": 10}` might produce `{"query": "test"}` as an intermediate value — which is valid JSON. The tool call would be finalized early with only `{"query": "test"}`, and the `"limit": 10` parameter would be silently lost. Providers not affected: `anthropic` (uses explicit `content_block_stop` events), OpenAI Responses API (different protocol). ## Summary - Removed all inline `isParsableJson()` checks from the streaming tool call delta handlers across 5 providers - Moved tool call finalization to the `flush()` handler, which only runs after the stream is fully consumed, ensuring tool calls always receive complete arguments - Added a regression test demonstrating the vulnerability (first commit fails against unfixed code, second commit fixes it) - Updated existing test snapshots to reflect the new ordering (tool calls finalize in `flush()` after text-end, rather than inline during streaming) ## Manual Verification The first commit (`573a744`) adds the regression test only — it fails against the unfixed code, proving the vulnerability exists: ``` - Expected: input: '{"query": "test"}, "limit": 10}' + Received: input: '{"query": "test"}' ``` The second commit (`7ae73dd`) applies the fix, making all tests pass. ## Checklist - [x] Tests have been added / updated (for bug fixes / features) - [ ] Documentation has been added / updated (for bug fixes / features) - [x] A _patch_ changeset for relevant packages has been added (for bug fixes / features - run `pnpm changeset` in the project root) - [x] I have reviewed this pull request (self-review) ## Related Issues VULN-6861 --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

[ai] Preserve reasoning content in DurableAgent conversation history (#1444) Co-authored-by: Peter Wielander <mittgfu@gmail.com>

ci: add Node.js 24 to test matrix (#13358) ## Summary Adds Node.js 24 to the CI test matrix and fixes all build/test incompatibilities. Closes #13357 ## Changes ### CI & config - Adds Node.js 24 to `.github/workflows/ci.yml` test matrix - Adds `^24.0.0` to root `package.json` engines field ### SvelteKit example build fix - Updates `@sveltejs/adapter-vercel` from v5 to v6 and `@sveltejs/kit` to v2.55+ in `examples/sveltekit-openai` — adapter-vercel v5 only supported Node 18/20/22, v6 adds Node 24 ### Vitest v2 → v4 upgrade Node 24 ships with undici v7, which enforces strict `AbortSignal` instanceof checks in `fetch()`. The jsdom environment in vitest v2/v3 replaces the global `AbortController`/`AbortSignal` with its own polyfill, and Node 24's native fetch rejects these with `"Expected signal to be an instance of AbortSignal"`. Vitest v4 stops overriding these globals ([vitest-dev/vitest#8390](https://github.com/vitest-dev/vitest/issues/8390)), fixing the incompatibility. #### Test adaptations required by vitest v4 **`vi.fn()` arrow functions can no longer be used as constructors** — vitest v4 wraps mock functions differently, so arrow-function mocks fail with `TypeError: is not a constructor` when called with `new`. Fixed by changing arrow functions to `function` expressions in mock implementations: - `packages/amazon-bedrock/src/bedrock-event-stream-response-handler.test.ts` - `packages/baseten/src/baseten-provider.unit.test.ts` - `packages/gateway/src/gateway-provider.test.ts` - `packages/google-vertex/src/google-vertex-auth-google-auth-library.test.ts` **`toStrictEqual(expect.objectContaining(...))` is stricter** — vitest v4 now requires that `undefined` properties on the actual object (e.g. `metadata: undefined`) also appear in the expected pattern. Since these tests intentionally do partial matching, changed to `toEqual(expect.objectContaining(...))`: - `packages/angular/src/lib/chat.ng.test.ts` - `packages/svelte/src/chat.svelte.test.ts` **`toThrowError` with an Error object checks all properties** — previously only checked `message`, now checks every property. The anthropic overloaded-error test compared `requestBodyValues: {}` against the full request body. Changed to try/catch with individual property assertions: - `packages/anthropic/src/anthropic-messages-language-model.test.ts` **`test.workspace` renamed to `test.projects`**: - `packages/svelte/vite.config.ts` ### Other test fixes - `packages/openai` and `packages/elevenlabs`: Made `File` object snapshot tests Node version-agnostic (Node 24 serializes additional `Symbol(state)` on File objects) - `packages/mcp`: Fixed race condition in SSE reconnect test where `server.calls[2]` was accessed before the fire-and-forget `openInboundSse()` completed — added `vi.waitFor()` - Pinned `tinyexec` to 1.0.2 via pnpm overrides (1.0.3 has broken package exports on npm) ### Backports - v6: https://github.com/vercel/ai/pull/13440 - v5: https://github.com/vercel/ai/pull/13441 --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

fix(security): validate redirect targets in download functions to prevent SSRF bypass (#13111) ## Background The existing `validateDownloadUrl` (added in #13085) only validates the initial URL before `fetch()`. Since `fetch()` follows HTTP redirects by default, an attacker can bypass SSRF protections by providing a safe-looking public URL that 302-redirects to internal endpoints (e.g., `http://169.254.169.254/latest/meta-data/`), enabling in-band response body exfiltration through the AI model's response. ## Summary Added `response.redirected` check with `validateDownloadUrl(response.url)` in both `downloadBlob` (`@ai-sdk/provider-utils`) and `download` (`ai`) functions to validate the final URL after following redirects, before reading the response body. ## Manual Verification - `pnpm vitest run packages/provider-utils/src/download-blob.test.ts` — 16 tests pass - `pnpm vitest run packages/provider-utils/src/validate-download-url.test.ts` — 29 tests pass - `pnpm vitest run packages/ai/src/util/download/download.test.ts -t "SSRF"` — 5 tests pass

refactor(ai/core): align language model call stream naming (#14238) ## Background As part of the streamText custom loop refactor work, we are converging terminology on "language model call" and reducing mixed naming in the low-level streaming primitives. ## Summary - renamed `streamModelCall` to `streamLanguageModelCall` via the new `stream-language-model-call` export path - renamed `ModelCallStreamPart` to `LanguageModelStreamPart` across `packages/ai` internals, tests, and the custom loop example - updated experimental exports to `experimental_streamLanguageModelCall` and `Experimental_LanguageModelStreamPart` ## Manual Verification tests and type checks pass ## Checklist - [x] Tests have been added / updated (for bug fixes / features) - [ ] n/a ~~Documentation has been added / updated (for bug fixes / features)~~ - [ ] A _patch_ changeset for relevant packages has been added (for bug fixes / features - run `pnpm changeset` in the project root) - [x] I have reviewed this pull request (self-review) ## Related Issues - Related: https://github.com/vercel/ai/issues/14234 - Related: https://github.com/vercel/ai/issues/13570

Implement WorkflowAgent telemetry support (#15078) ## Background Implements stable telemetry support for `WorkflowAgent` as tracked in #15074. ## Summary Adds WorkflowAgent telemetry integrations, focused coverage, a Next Workflow e2e harness, and a patch changeset for `@ai-sdk/workflow`. ## Manual Verification `/telemetry` route in workflow-agent example (`examples/next-workflow/app/telemetry/page.tsx`) https://github.com/user-attachments/assets/eeb5605b-9210-4511-b966-3e4279f999cc ## Checklist - [x] All commits are signed (PRs with unsigned commits cannot be merged) - [x] Tests have been added / updated (for bug fixes / features) - [x] Documentation has been added / updated (for bug fixes / features) - [x] A _patch_ changeset for relevant packages has been added (for bug fixes / features - run `pnpm changeset` in the project root) - [x] I have reviewed this pull request (self-review) ## Related Issues Closes #15074 --------- Co-authored-by: Cursor <cursoragent@cursor.com>

fix(ai): preserve provider tool identity across step boundaries (#1663) * fix(ai): preserve provider tool identity across step boundaries Port of vercel/ai#14229. Provider tools (e.g. anthropic.tools.webSearch) were converted to plain function tools in toolsToModelTools, stripping type, id, and args fields. This caused providers like Anthropic Gateway to not recognize them as provider-executed tools. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * DCO Remediation Commit for Gregor Martynus <39992+gr2m@users.noreply.github.com> I, Gregor Martynus <39992+gr2m@users.noreply.github.com>, hereby add my Signed-off-by to this commit: b1930b307def795f014d186c16290ecb80c26105 Signed-off-by: Gregor Martynus <39992+gr2m@users.noreply.github.com> --------- Signed-off-by: Gregor Martynus <39992+gr2m@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

v3->v4 spec update in docs (#13552) ## Background Follow up to https://github.com/vercel/ai/pull/13549 ## Summary Use latest spec in docs

refactor(ai): split tool preparation and tool choice helpers (#13977) ## Background Follow up to https://github.com/vercel/ai/pull/13921 ## Summary - split prompt preparation into two dedicated modules: `prepare-tools` and `prepare-tool-choice` - normalize `toolChoice` independently of tools (defaulting to `{ type: 'auto' }` when unspecified) ## Manual verification Tested with major providers that the slight behavior change does not cause any problems ## Related issues towards https://github.com/vercel/ai/issues/13570

fix(security): prevent verify-changesets from leaking runner file contents via symlinks (#13143) ## Background The `verify-changesets` GitHub Action reads PR-changed `.changeset/*.md` files via `readFile('../../../../' + path)`. If a changeset file is a symlink, Node follows it and reads the target. On failure, the catch block writes the full file contents (`error.content`) into `$GITHUB_STEP_SUMMARY`, exposing arbitrary runner file contents to anyone who can view the PR's workflow run. An attacker can exploit this by opening a PR that adds a symlink under `.changeset/` pointing to a sensitive file (e.g. `/etc/passwd`, `/proc/self/environ`). CWE-59 (Improper Link Resolution Before File Access) / CWE-200 (Exposure of Sensitive Information) ## Summary Two complementary fixes: 1. **Reject symlinks** — Use `lstat` to check if a changeset file is a symbolic link before reading it. Symlinked files are rejected with an error that does not include file contents. 2. **Stop leaking raw content (defense in depth)** — Error objects no longer attach the full file content. Instead, only the parsed YAML frontmatter (which is safe to display) is attached. The error handler writes `error.frontmatter` instead of `error.content` to the step summary. Even if an attacker bypasses the symlink check, the full file content is never written to the step summary. ## Manual Verification - Ran all 12 tests (10 existing + 2 new) against the unfixed code: 4 failures (symlink not rejected, raw content leaked) - Ran all 12 tests against the fixed code: all pass ## Checklist - [x] Tests have been added / updated (for bug fixes / features) - [ ] Documentation has been added / updated (for bug fixes / features) - [ ] A _patch_ changeset for relevant packages has been added (for bug fixes / features - run `pnpm changeset` in the project root) - [x] I have reviewed this pull request (self-review) --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>