fix(deps): update dependency @mastra/mcp to v1

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@mastra/mcp (source)	^0.11.0 → ^1.0.0

---

Release Notes

mastra-ai/mastra (@​mastra/mcp)

v1.10.0

Compare Source

Minor Changes

• Added MCP server Fine-Grained Authorization mapping overrides for tool authorization. (#​17529)

  Use the new fga option on MCPServer to customize the resource and permission mappings used for tools/list and tools/call checks without changing the Mastra instance-level tool mapping used by internal agent and workflow tool execution.

  const server = new MCPServer({
    name: 'My Server',
    version: '1.0.0',
    tools: { getData },
    fga: {
      resourceMapping: {
        tool: {
          fgaResourceType: 'user',
          deriveId: ({ user }) => user.id,
        },
      },
      permissionMapping: {
        'tools:execute': 'read',
      },
    },
  });

Patch Changes

• Fixed MCPServer leaking one caller's resources to other callers. The result of the first resources/list request was cached on the shared, long-lived server instance and replayed to everyone, so a dynamic resource provider that scopes resources per user or tenant (resolved from extra.authInfo) served the first caller's resource index — names and URIs — to subsequent callers. The same stale cache also backed resources/read URI resolution and the public listResources() method. The resources/templates/list handler had the same defect for dynamic resource template providers. (#​17610)

  Resource and resource template providers are now invoked on every request with the current caller's context, so each caller only sees their own resources. See #​17609

• Fixed flaky MCP server tests by replacing real weather API calls with deterministic mock tool (#​17572)

• Updated dependencies [d468acb, 575f815, 34839c1, 053735a, 306909a, 5191af8, 43bd3d4, e6fa79e, 904bcdf, 7f5ee1d, 1e9aab5, 2bccba4, bf8eb6d, e9be4e7, 493a328, d53cfc2, 65799d4, c268c89, 34839c1, 014e00f, 029a414, d468acb, b147b29, d371ac1, 2bccba4, 0c72f03, cf182b7, 3b45ea9, a049c2a, f084be1, b147b29, 2a96528, f2ab060, 5d302c8, 34839c1, a952852, 2656d9c, 63e3fe1, 1d4ce8d, 8c68372]:

  • @​mastra/core@​1.42.0

v1.9.1

Compare Source

Patch Changes

• Removed Hono from @​mastra/core and auth package runtime dependencies. Auth providers now receive framework-agnostic request types that support standard Request objects and Hono-compatible request shapes. MCP and deployer avoid relying on core-bundled Hono context types at package boundaries. (#​17410)

• Updated dependencies [c973db4, 552285e, 77e686c, ece8dba, e751af2, e2a8380, be3f1cd, a34d9db]:

  • @​mastra/core@​1.39.0

v1.9.0

Compare Source

Minor Changes

• Added opt-in MCP server instructions forwarding into agent system prompts. (#​17155)

  When an MCP server advertises instructions during initialization, you can now forward that guidance into the system prompt of agents that use the server's tools. This is opt-in — set forwardInstructions: true per server to enable it. Forwarded instructions are injected into the agent's system prompt, so only enable this for servers you trust.

  const mcp = new MCPClient({
    servers: {
      db: {
        url: new URL('http://localhost:4111/mcp'),
        forwardInstructions: true, // opt in; defaults to false
        instructionsMaxLength: 512, // max chars forwarded per server
      },
    },
  });
  
  const agent = new Agent({
    id: 'db-agent',
    name: 'DB Agent',
    instructions: 'Help with database changes.',
    model,
    tools: await mcp.listTools(),
  });

  You can always inspect cached instructions without forwarding them:

  const instructions = mcp.getServerInstructions();
  // => { db: 'Always validate before migrating.', other: undefined }

• Added native multimodal tool-result support. Core now converts MCP-style tool results with image and audio content parts into model-native media output when building model prompts, without requiring MCP tools to persist duplicate media payloads in providerMetadata.mastra.modelOutput. (#​16866)

  return {
    content: [
      { type: 'text', text: 'Screenshot captured' },
      { type: 'image', data: base64Png, mimeType: 'image/png' },
    ],
  };

Patch Changes

• Support conditional, function-based tool approvals. (#​17337)

  • MCP tools that wrap a server-level requireToolApproval function are now honored end-to-end. The per-tool approval function was previously dropped when the agent converted MCP tools (it kept only the boolean flag), so conditional approval silently fell back to always-on. CoreToolBuilder now preserves a needsApprovalFn attached directly to a tool instance.
  • The global requireToolApproval option on agent.stream/agent.generate now accepts a function in addition to a boolean. It is evaluated per tool call with the tool name, arguments, and request context, enabling policies such as regex allowlists on tool names. Returning true requires approval for that call; false allows it. On error the call defaults to requiring approval. When a function policy is set, tool calls run sequentially so approval suspensions don't race. Durable agents and stored agents continue to accept only a boolean (a function degrades to requiring approval for every call, since their options must be serializable).

  // Approve only tool calls whose name is not on an allowlist.
  const allowlist = /^(get|list|search)_/;
  await agent.generate('...', {
    requireToolApproval: ({ toolName }) => !allowlist.test(toolName),
  });

  • Precedence is unchanged from before: a per-tool approval function (createTool({ requireApproval: fn }) or an MCP-derived needsApprovalFn) is authoritative for that tool and overrides the global setting, so a tool can still opt out of approval by returning false even when the global option is on. The only new behavior is that the global option may now be a function in addition to a boolean.
  • The previously implicit, runtime-attached per-tool approval predicate is now a typed contract: @mastra/core exports NeedsApprovalFn and declares the optional needsApprovalFn property on the Tool class. The MCP client and the agent runtime now share this typed contract instead of reaching through any. This is additive — no public API changes.

• Close the stale MCP transport before reconnecting so SSE connections no longer leak orphaned EventSource instances and accumulate server-side sessions on implicit reconnect. (#​17326)

• Fixed FGA-enabled MCP servers so OAuth authInfo can be mapped to a Mastra user before tools/list and tools/call authorization. (#​17475)

• Updated dependencies [fa63872, d779de3, 1750c97, 9283971, f07b646, d8838ae, 40f9297, 19a8658, 850af77, 0f0d1ba, a18775a, 1baf2d1, 8c31bcd, 0e32507, 95b14cd, 07c3de7, 0bf2d93, 7b0d34c, a659a77, aa36be2, 3332be9, 212c635, d8838ae, 9aa5a73, f73c789, 8bd16da, c8630f8, 94dfef6, 47f71dc, 50ceae2, a122f79, 8cdde58, 3a081c1, 49f8abc, 847ff1e, 0c1ed1d, 259d409, 9e16c68, cefca33, d00e8c5, 36fa7e2, 87e9774, 65a72e7, fe9eacd, 4c02027, 0f77241, 849efb9, 92ff509, 3fce5e7, a763592, db79c86, 6855012, 80c7737, 7fef31c, 7fef31c, 3f1cf47]:

  • @​mastra/core@​1.38.0

v1.8.1

Compare Source

Patch Changes

• Removed zod as a required peer dependency. Internal schemas now use plain JSON Schema objects instead of zod runtime. (#​16726)

• Updated dependencies [cfa2e3a, 0cbece9, 2f5f58a, 7dfe1bc, ac442a4, b7286f4, 6096445, d72dc4b, a481027, 1e5c067, 168fa09, df1947a, ee59b74, a97b1a0, 008baaf, 801baa0, 8116436, c35b962, c27c4b9, 08b3b59, b3c3b18, 4084113, 70cb714, 91cf0e0, 7f9da22]:

  • @​mastra/core@​1.37.0

v1.8.0

Compare Source

Minor Changes

• Added MCP tool annotations to the requireToolApproval context and exposed them on tools returned from listTools() / listToolsets(). (#​16784)

  The requireToolApproval callback now receives the server-advertised annotations (title, readOnlyHint, destructiveHint, idempotentHint, openWorldHint) alongside toolName and args. This lets you write declarative approval policies instead of hardcoding tool name lists. Annotations are also propagated onto Mastra tools as tool.mcp.annotations so apps can render them in UI.

  Security caveat (per the MCP spec): annotations are hints, not guarantees. Clients MUST treat them as untrusted unless they come from a trusted server. Do not use annotations alone as a security boundary for servers you do not control — set requireToolApproval: true for those. When the server omits annotations entirely, this field is undefined, so policies can distinguish "no annotations" from "annotated as safe".

  import { MCPClient } from '@​mastra/mcp';
  
  // Before — hardcoded tool name lists, server-specific
  const mcp = new MCPClient({
    servers: {
      github: {
        url: new URL('https://example.com/mcp'),
        requireToolApproval: ({ toolName }) => toolName === 'delete_repo',
      },
    },
  });
  
  // After — annotation-driven, works across any trusted MCP server
  const mcp = new MCPClient({
    servers: {
      github: {
        url: new URL('https://example.com/mcp'),
        requireToolApproval: ({ annotations }) => {
          if (!annotations) return true;
          if (annotations.readOnlyHint) return false;
          if (annotations.destructiveHint) return true;
          return false;
        },
      },
    },
  });
  
  // Annotations are also visible on tools returned by listTools()
  const tools = await mcp.listTools();
  for (const tool of Object.values(tools)) {
    console.log(tool.mcp?.annotations);
  }

  Closes #​16766.

Patch Changes

• Fixed an issue where OAuth token requests dropped client_id and client_secret for confidential clients. The provider previously shipped an empty addClientAuthentication method that satisfied the MCP SDK's existence check and short-circuited its default credential attachment, causing invalid_request errors on token exchange and refresh against confidential-client OAuth servers. The empty stub has been removed so the SDK's built-in client authentication runs again. See #​16854. (#​16862)

• Close previous SSE transport before accepting a new connection in MCPServer.connectSSE(). Previously, sequential SSE connections to the same server would fail with "Already connected to a transport" because the underlying protocol was never closed when the previous client disconnected. (#​16695)

• Updated dependencies [452036a, c272d50, 27fd1b7, 5ba7253, 5556cc1, f73980d, 5499303, a702009, 9aee493, d8692af, 1a9cc60, 8cdb86c, 8534d79, eda90c5, a935b0a, 9c88701, c78f8cd, e146aad, ac79462, 1a0ec78, e47bca7, afc004f, 0031d0f, 841a222, 64c1e0b, 40d83a9, 4e88dc6, 19018f0, 19281c7, 3498b49, d52b6fe, 408be73, 359439b, 71a820b, 1698f5e]:

  • @​mastra/core@​1.36.0

v1.7.0

Compare Source

Minor Changes

• Added MCP Apps support for interactive UI rendering over MCP. (#​16004)

  MCPClientServerProxy — a lightweight proxy that delegates resource and tool operations to remote MCP servers via MCPClient, enabling Studio to fetch app resources from any connected server.

  toMCPServerProxies() — new convenience method on MCPClient that creates proxy objects for all configured servers, ready for Mastra-level registration.

  Automatic serverId stamping — tools returned by listTools() now carry _meta.ui.serverId, allowing consumers to resolve ui:// app resources from the correct MCP server in multi-server environments.

  const mcp = new MCPClient({
    servers: {
      myApps: { url: new URL('https://my-mcp-server.example.com/mcp') },
    },
  });
  
  const mastra = new Mastra({
    agents: { myAgent },
    mcpServers: { ...mcp.toMCPServerProxies() },
  });

• Added MCP Apps extension support (SEP-1865). MCPServer now accepts an appResources config to register interactive ui:// HTML resources. MCPClient preserves full tool _meta (including ui.resourceUri) when converting MCP tools to Mastra tools. Both advertise the io.modelcontextprotocol/ui extension capability. (#​16004)

  Example — MCPServer with app resources:

  const server = new MCPServer({
    name: 'my-server',
    tools: { myTool },
    appResources: {
      dashboard: {
        name: 'Dashboard',
        description: 'Interactive dashboard UI',
        html: '<html>...</html>',
      },
    },
  });

Patch Changes

• Added Fine-Grained Authorization (FGA) enforcement to MCP tool execution. Both transport-driven calls and direct executeTool() calls now run the same authorization checks when a request user is present, and typed FGA permission constants are accepted in MCP server authorization config. (#​15410)

• Fixed trace parenting for long-lived MCP Stream connections. (#​15716)

• Updated dependencies [6dcd65f, 86c0298, c05c9a1, ca28c23, e24aacb, 7679a63, 7fce309, 1d64a76, 1c2dda8, c721164, 1b55954, 7997c2e, 5adc55e, 7679a63, a0d9b6d, e97ccb9, c5daf48, 70017d7, cd96779, b0c7022, e4942bc]:

  • @​mastra/core@​1.32.0

v1.6.0

Compare Source

Minor Changes

• Added jsonSchemaValidator pass-through option on MCPClient server entries and MCPServer. Forward this option from @modelcontextprotocol/sdk to opt into a non-default validator. Pass CfWorkerJsonSchemaValidator from @modelcontextprotocol/sdk/validation/cfworker to make tools with outputSchema work in Cloudflare Workers / V8 isolates, where the default Ajv validator's new Function(...) compile path is blocked. (#​15866)

  import { MCPClient, MCPServer } from '@​mastra/mcp';
  import { CfWorkerJsonSchemaValidator } from '@​modelcontextprotocol/sdk/validation/cfworker';
  
  const mcp = new MCPClient({
    servers: {
      upstream: {
        url: new URL('https://example/mcp'),
        jsonSchemaValidator: new CfWorkerJsonSchemaValidator(),
      },
    },
  });
  
  const server = new MCPServer({
    name: 'My Server',
    version: '1.0.0',
    tools: { ... },
    jsonSchemaValidator: new CfWorkerJsonSchemaValidator(),
  });

  Closes #​15862.

Patch Changes

• Updated dependencies [28caa5b, c1ae974, b510d36, 13b4d7c, 7a7b313, c04417b, cf25a03, 8a71261, 9e973b0, dd934a0, ba6b0c5, a6dac0a, 5a4b1ee, 5a4b1ee, 5a4b1ee, 6c8c6c7, 5a4b1ee, 7d056b6, 9cef83b, d30e215, 021a60f, 73f2809, aedeea4, 26f1f94, 8126d86, 73b45fa, ae97520, 7a7b313, 441670a]:
  • @​mastra/core@​1.29.0

v1.5.2

Compare Source

Patch Changes

• Replace uuid with @lukeed/uuid and node:crypto (#​15691)

• Updated dependencies [733bf53, 5405b3b, 45e29cb, 750b4d3, c321127, a07bcef, 696694e, b084a80, 82b7a96, df97812, 8bbe360, f6b8ba8, a07bcef]:

  • @​mastra/core@​1.28.0

v1.5.1

Compare Source

Patch Changes

• Fixed MCP tool strict mode propagation. MCP servers now expose Mastra tool strictness in MCP metadata, and the MCP client restores that flag when rebuilding tools so strict OpenAI tool calling works for MCP-backed tools too. (#​15397)

• Fixed MCP tools with recursive JSON Schema refs so they stay serializable when loaded. (#​15400)

• Updated dependencies [20f59b8, aba393e, 3d83d06, e2687a7, fdd54cf, 6315317, a371ac5, 0474c2b, 0a5fa1d, 7e0e63e, ea43e64, f607106, 30456b6, 9d11a8c, 9d3b24b, 00d1b16, 47cee3e, 62919a6, d246696, 354f9ce, 16e34ca, 7020c06, 8786a61, 9467ea8, 7338d94, c80dc16, af8a57e, d63ffdb, 47cee3e, 1bd5104, e9837b5, 8f1b280, 92dcf02, 0fd90a2, 8fb2405, 12df98c]:

  • @​mastra/core@​1.26.0

v1.5.0

Compare Source

Minor Changes

• Added requireToolApproval option to MCP server configuration for requiring human approval before tool execution. Supports both boolean (all tools) and function (dynamic per-tool logic). (#​15315)

Patch Changes

• Preserve forwarded MCP client elicitation capabilities so client-supported URL and form elicitations work correctly. (#​15233)

• Updated dependencies [87df955, 8fad147, 582644c, cbdf3e1, 8fe46d3, 18c67db, 4ba3bb1, 5d84914, 8dcc77e, aa67fc5, fd2f314, fa8140b, 190f452, e80fead, 0287b64, 7e7bf60, 184907d, 075e91a, 0c4cd13, b16a753]:

  • @​mastra/core@​1.25.0

v1.4.2

Compare Source

Patch Changes

• Improved MCP tool discovery to retry once after reconnectable connection errors like Connection closed during tools/list. (#​15141)

  MCPClient.listToolsets(), listToolsetsWithErrors(), and listTools() now attempt a reconnect before treating transient discovery failures as missing tools.

• Fixed MCP server to return HTTP 404 (instead of 400) when a client sends a stale or unknown session ID. Per the MCP spec, this tells clients to re-initialize with a new session, which fixes broken tool calls after server redeploys. (#​15160)

• Updated dependencies [8db7663, 153e864, 715710d, 378c6c4, 9f91fd5, ba6fa9c]:

  • @​mastra/core@​1.24.0

v1.4.1

Compare Source

Patch Changes

• Standardized all logger calls across the codebase to use static string messages with structured data objects. Dynamic values are now passed as key-value pairs in the second argument instead of being interpolated into template literal strings. This improves log filterability and searchability in observability storage. (#​14899)

  Removed ~150 redundant or noisy log calls including duplicate error logging after trackException and verbose in-memory storage CRUD traces.

• Updated dependencies [cbeec24, cee146b, aa0aeff, 2bcec65, ad9bded, cbeec24, 208c0bb, f566ee7]:

  • @​mastra/core@​1.20.0

v1.4.0

Compare Source

Minor Changes

• Added support for passing custom _meta metadata when calling tools on external MCP servers. The execute context now accepts an optional _meta field with arbitrary key-value pairs that are forwarded in the callTool request, enabling use cases like distributed tracing, compliance tagging, and multi-tenant routing. Custom _meta is merged with the progress token when progress tracking is enabled. (#​14809)

  const tools = await mcpClient.tools();
  await tools['my_tool'].execute({ query: 'active users' }, { _meta: { traceId: 'span-456', tenantId: 'org-123' } });

  When enableProgressTracking is enabled, the progressToken is automatically merged into _meta alongside your custom fields.

Patch Changes

• Updated dependencies [180aaaf, 9140989, d7c98cf, acf5fbc, 24ca2ae, 0762516, 9c57f2f, 5bfc691, 2de3d36, d3736cb, c627366]:
  • @​mastra/core@​1.19.0

v1.3.2

Compare Source

Patch Changes

• Fixed MCP server returning confusing output schema errors when tool input fails Zod validation but passes JSON Schema validation. The server now correctly returns isError: true with the validation error message. (#​14853)

• Updated dependencies [dc514a8, e333b77, dc9fc19, 60a224d, fbf22a7, f16d92c, 949b7bf, 404fea1, ebf5047, 12c647c, d084b66, 79c699a, 62757b6, 675f15b, b174c63, 819f03c, 04160ee, 2c27503, [424a1df](https://redirect.github.com/mastra-ai/mastra/commit/424a1df7bee59abb5c83717a54807fdd674a

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.