Skip to content

Version Packages#995

Open
github-actions[bot] wants to merge 1 commit intomainfrom
changeset-release/main
Open

Version Packages#995
github-actions[bot] wants to merge 1 commit intomainfrom
changeset-release/main

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Feb 26, 2026

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

agents@0.6.1

Patch Changes

  • #1003 d24936c Thanks @threepointone! - Fix: throw new Error() in AgentWorkflow now triggers onWorkflowError on the Agent

    Previously, throwing an error inside a workflow's run() method would halt the workflow but never notify the Agent via onWorkflowError. Only explicit step.reportError() calls triggered the callback, but those did not halt the workflow.

    Now, unhandled errors in run() are automatically caught and reported to the Agent before re-throwing. A double-notification guard (_errorReported flag) ensures that if step.reportError() was already called before the throw, the auto-report is skipped.

  • #997 a570ea5 Thanks @threepointone! - Security hardening for Agent and MCP subsystems:

    • SSRF protection: MCP client now validates URLs before connecting, blocking private/internal IP addresses (RFC 1918, loopback, link-local, cloud metadata endpoints, IPv6 unique local and link-local ranges)
    • OAuth log redaction: Removed OAuth state parameter value from consumeState warning logs to prevent sensitive data leakage
    • Error sanitization: MCP server error strings are now sanitized (control characters stripped, truncated to 500 chars) before broadcasting to clients to mitigate XSS risk
    • Deprecation warnings: Added one-time warnings for sendIdentityOnConnect (default true will change to false in next major) and CORS Authorization header with wildcard origin (will be removed from defaults in next major)
  • #992 4fcf179 Thanks @Muhammad-Bin-Ali! - Fix email routing to handle lowercased agent names from email infrastructure

    Email servers normalize addresses to lowercase, so SomeAgent+id@domain.com arrives as someagent+id@domain.com. The router now registers a lowercase key in addition to the original binding name and kebab-case version, so all three forms resolve correctly.

@cloudflare/ai-chat@0.1.6

Patch Changes

  • #989 8404954 Thanks @threepointone! - Fix active streams losing UI state after reconnect and dead streams after DO hibernation.

    • Send replayComplete signal after replaying stored chunks for live streams, so the client flushes accumulated parts to React state immediately instead of waiting for the next live chunk.
    • Detect orphaned streams (restored from SQLite after hibernation with no live LLM reader) via _isLive flag on ResumableStream. On reconnect, send done: true, complete the stream, and reconstruct/persist the partial assistant message from stored chunks.
    • Client-side: flush activeStreamRef on replayComplete (keeps stream alive for subsequent live chunks) and on done during replay (finalizes orphaned streams).
  • #993 f706e3f Thanks @ferdousbhai! - fix(ai-chat): preserve server tool outputs when client sends approval-responded state

    _mergeIncomingWithServerState now treats approval-responded the same as
    input-available when the server already has output-available for a tool call,
    preventing stale client state from overwriting completed tool results.

@github-actions github-actions bot force-pushed the changeset-release/main branch 4 times, most recently from ee36253 to f1baa7c Compare February 26, 2026 17:22
@github-actions github-actions bot force-pushed the changeset-release/main branch from f1baa7c to 10fd398 Compare February 26, 2026 18:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants