Version Packages

[github-actions]

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

agents@0.6.0

Minor Changes

• #565 0e9a607 Thanks @mattzcarey! - Add RPC transport for MCP: connect an Agent to an McpAgent via Durable Object bindings

  New feature: addMcpServer with DO binding

  Agents can now connect to McpAgent instances in the same Worker using RPC transport — no HTTP, no network overhead. Pass the Durable Object namespace directly:

  // In your Agent
  await this.addMcpServer("counter", env.MY_MCP);
  
  // With props
  await this.addMcpServer("counter", env.MY_MCP, {
    props: { userId: "user-123", role: "admin" },
  });

  The addMcpServer method now accepts string | DurableObjectNamespace as the second parameter with proper TypeScript overloads, so HTTP and RPC paths are type-safe and cannot be mixed.

  Hibernation support

  RPC connections survive Durable Object hibernation automatically. The binding name and props are persisted to storage and restored on wake-up, matching the behavior of HTTP MCP connections. No need to manually re-establish connections in onStart().

  Deduplication

  Calling addMcpServer with the same server name multiple times (e.g., across hibernation cycles) now returns the existing connection instead of creating duplicates. This applies to both RPC and HTTP connections. Connection IDs are stable across hibernation restore.

  Other changes

  • Rewrote RPCClientTransport to accept a DurableObjectNamespace and create the stub internally via getServerByName from partyserver, instead of requiring a pre-constructed stub
  • Rewrote RPCServerTransport to drop session management (unnecessary for DO-scoped RPC) and use JSONRPCMessageSchema from the MCP SDK for validation instead of 170 lines of hand-written validation
  • Removed _resolveRpcBinding, _buildRpcTransportOptions, _buildHttpTransportOptions, and _connectToMcpServerInternal from the Agent base class — RPC transport logic no longer leaks into index.ts
  • Added AddRpcMcpServerOptions type (discriminated from AddMcpServerOptions) so props is only available when passing a binding
  • Added RPC_DO_PREFIX constant used consistently across all RPC naming
  • Fixed MCPClientManager.callTool passing serverId through to conn.client.callTool (it should be stripped before the call)
  • Added getRpcServersFromStorage() and saveRpcServerToStorage() to MCPClientManager for hibernation persistence
  • restoreConnectionsFromStorage now skips RPC servers (restored separately by the Agent class which has access to env)
  • Reduced rpc.ts from 609 lines to 245 lines
  • Reduced types.ts from 108 lines to 26 lines
  • Updated mcp-rpc-transport example to use Workers AI (no API keys needed), Kumo/agents-ui components, and Tailwind CSS
  • Updated MCP transports documentation

Patch Changes

• #973 969fbff Thanks @threepointone! - Update dependencies

• #960 179b8cb Thanks @mattzcarey! - Harden JSON Schema to TypeScript converter for production use

  • Add depth and circular reference guards to prevent stack overflows on recursive or deeply nested schemas
  • Add $ref resolution for internal JSON Pointers (#/definitions/..., #/$defs/..., #)
  • Add tuple support (prefixItems for JSON Schema 2020-12, array items for draft-07)
  • Add OpenAPI 3.0 nullable: true support across all schema branches
  • Fix string escaping in enum/const values, property names (control chars, U+2028/U+2029), and JSDoc comments (*/)
  • Add per-tool error isolation in generateTypes() so one malformed schema cannot crash the pipeline
  • Guard missing inputSchema in getAITools() with a fallback to { type: "object" }
  • Add per-tool error isolation in getAITools() so one bad MCP tool does not break the entire tool set

• #963 b848008 Thanks @threepointone! - Make callbackHost optional in addMcpServer for non-OAuth servers

  Previously, addMcpServer() always required a callbackHost (either explicitly or derived from the request context) and eagerly created an OAuth auth provider, even when connecting to MCP servers that do not use OAuth. This made simple non-OAuth connections unnecessarily difficult, especially from WebSocket callable methods where the request context origin is unreliable.

  Now, callbackHost and the OAuth auth provider are only required when the MCP server actually needs OAuth (returns a 401/AUTHENTICATING state). For non-OAuth servers, addMcpServer("name", url) works with no additional options. If an OAuth server is encountered without a callbackHost, a clear error is thrown: "This MCP server requires OAuth authentication. Provide callbackHost in addMcpServer options to enable the OAuth flow."

  The restore-from-storage flow also handles missing callback URLs gracefully, skipping auth provider creation for non-OAuth servers.

• 97c6702 Thanks @threepointone! - Add one-time console warning when using RPC transport (DO binding) with addMcpServer, noting the API is experimental and linking to the feedback issue.

@cloudflare/ai-chat@0.1.4

Patch Changes

• #967 c128447 Thanks @threepointone! - Follow-up to fix(ai-chat): emit output-denied state for rejected tool approvals #956. Allow addToolOutput to work with tools in approval-requested and approval-responded states, not just input-available. Also adds support for state: "output-error" and errorText fields, enabling custom denial messages when rejecting tool approvals (addresses remaining items from @cloudflare/ai-chat: Tool approval denial does not produce a tool_result #955).

  Additionally, tool approval rejections (approved: false) now auto-continue the conversation when autoContinue is set, so the LLM sees the denial and can respond naturally (e.g. suggest alternatives).

  This enables the Vercel AI SDK recommended pattern for client-side tool denial:

  addToolOutput({
    toolCallId: invocation.toolCallId,
    state: "output-error",
    errorText: "User declined: insufficient permissions",
  });

• #958 f70a8b9 Thanks @whoiskatrin! - Fix duplicate assistant message persistence when clients resend full history with local assistant IDs that differ from server IDs.

  AIChatAgent.persistMessages() now reconciles non-tool assistant messages against existing server history by content and order, reusing the server ID instead of inserting duplicate rows.

• #977 5426b6f Thanks @dmmulroy! - Expose requestId in OnChatMessageOptions so handlers can send properly-tagged error responses for pre-stream failures.

  Also fix saveMessages() to pass the full options object (requestId, abortSignal, clientTools, body) to onChatMessage and use a consistent request ID for _reply.

• #973 969fbff Thanks @threepointone! - Update dependencies

• #983 2785f10 Thanks @threepointone! - Fix abort/cancel support for streaming responses. The framework now properly cancels the reader loop when the abort signal fires and sends a done signal to the client. Added a warning log when cancellation arrives but the stream has not closed (indicating the user forgot to pass abortSignal to their LLM call). Also fixed vitest project configs to scope test file discovery and prevent e2e/react tests from being picked up by the wrong runner.

• #979 23c90ea Thanks @mattzcarey! - Fix jsonSchema not initialized error when calling getAITools() in onChatMessage

• #980 00c576d Thanks @threepointone! - Fix _sanitizeMessageForPersistence stripping Anthropic redacted_thinking blocks. The sanitizer now strips OpenAI ephemeral metadata first, then filters out only reasoning parts that are truly empty (no text and no remaining providerMetadata). This preserves Anthropic's redacted_thinking blocks (stored as empty-text reasoning parts with providerMetadata.anthropic.redactedData) while still removing OpenAI placeholders. Fixes _sanitizeMessageForPersistence strips Anthropic redacted_thinking blocks #978.

• #953 bd22d60 Thanks @mattzcarey! - Moved /get-messages endpoint handling from a prototype override onRequest() method to a constructor wrapper. This ensures the endpoint always works, even when users override onRequest without calling super.onRequest().

• #956 ab401a0 Thanks @whoiskatrin! - Fix denied tool approvals (CF_AGENT_TOOL_APPROVAL with approved: false) to transition tool parts to output-denied instead of approval-responded.

  This ensures convertToModelMessages emits a tool_result for denied approvals, which is required by providers like Anthropic.

  Also adds regression tests for denied approval behavior, including rejection from approval-requested state.

• #982 5a851be Thanks @threepointone! - Undeprecate client tool APIs (createToolsFromClientSchemas, clientTools, AITool, extractClientToolSchemas, and the tools option on useAgentChat) for SDK/platform use cases where tools are defined dynamically at runtime. Fix spurious detectToolsRequiringConfirmation deprecation warning when using the tools option.

@cloudflare/codemode@0.1.1

Patch Changes

• #962 ef46d68 Thanks @tumberger! - Validate tool arguments against Zod schema before execution in codemode sandbox

• #973 969fbff Thanks @threepointone! - Update dependencies

• #960 179b8cb Thanks @mattzcarey! - Harden JSON Schema to TypeScript converter for production use

  • Add depth and circular reference guards to prevent stack overflows on recursive or deeply nested schemas
  • Add $ref resolution for internal JSON Pointers (#/definitions/..., #/$defs/..., #)
  • Add tuple support (prefixItems for JSON Schema 2020-12, array items for draft-07)
  • Add OpenAPI 3.0 nullable: true support across all schema branches
  • Fix string escaping in enum/const values, property names (control chars, U+2028/U+2029), and JSDoc comments (*/)
  • Add per-tool error isolation in generateTypes() so one malformed schema cannot crash the pipeline
  • Guard missing inputSchema in getAITools() with a fallback to { type: "object" }
  • Add per-tool error isolation in getAITools() so one bad MCP tool does not break the entire tool set

• #961 f6aa79f Thanks @mattzcarey! - Updated default tool prompt to explicitly request JavaScript code from LLMs, preventing TypeScript syntax errors in the Dynamic Worker executor.

hono-agents@3.0.6

Patch Changes

• #973 969fbff Thanks @threepointone! - Update dependencies