Skip to content

Releases: vercel/eve

eve@0.22.6

Choose a tag to compare

@github-actions github-actions released this 12 Jul 23:17
47a33c1

Patch Changes

  • 5035812: Vercel deployments now emit framework: { slug: "eve" } alongside the version in the Build Output API config. Vercel's build-output deserializer drops the entire framework object when slug is absent, so this restores framework attribution end to end — framework_slug and framework_version are now populated in AI Gateway routing and access logs.
  • 9cd5c99: chatSdkChannel now mounts both GET and POST on each adapter's webhook route, so adapters that verify with a GET challenge like X's CRC check work through the bridge. POST-only adapters are unaffected.
  • caa0c17: eve dev now keeps Nitro build inputs outside prunable runtime snapshots. Long-running development servers no longer fail structural rebuilds with stale import errors after snapshot cleanup.
  • 01f0345: Resume active local workflow runs on the agent-scoped queue after restarting the eve server.

eve@0.22.5

Choose a tag to compare

@github-actions github-actions released this 10 Jul 23:03
8f5c9d0

Patch Changes

  • c8f00aa: Add experimental_chatgpt under the new eve/models/openai subpath: it returns an AI SDK language model served through the local Codex login (codex login), billed to the ChatGPT subscription, and defaults to gpt-5.6-sol. Direct provider API request errors now also surface their upstream message when one is available.
  • 640cd8e: Keep provider streams moving while durable event writes are in flight. eve now coalesces only adjacent queued text or reasoning appends behind an ordered writer, preserving event order while avoiding one durable round trip per provider delta.
  • a5b43e7: Add eve extension init and eve extension build for scaffolding and building extension packages.
  • a325195: limits.maxSubagentDepth now defaults to 1 instead of 3. Agents that rely on deeper default delegation should set limits: { maxSubagentDepth: 3 } (or another value) explicitly.
  • 4f86a21: Persist AI SDK approval-resume response messages in session history so approved local tool results survive later provider requests.
  • 3577534: Update the bundled Workflow runtime dependencies to their latest 5.0 beta releases.
  • bd780bd: Update the bundled Workflow runtime to @workflow/core@5.0.0-beta.30 and align its world packages.

eve@0.22.4

Choose a tag to compare

@github-actions github-actions released this 10 Jul 01:24
0e31fa9

Patch Changes

  • b5aedaf: The shared integrations catalog gains 33 curated MCP connections from the Vercel Connect preset directory (Airtable, Stripe, Sentry, Supabase, Zapier, and more) for the docs integrations gallery, and the connection scaffolder now skips gallery-only catalog entries, so the eve connections add picker is unchanged.
  • edc93cc: Keep the mounted extensions guide out of the docs sidebar for now. The page stays at /docs/extensions, but the feature isn't surfaced in the nav while its API stabilizes.
  • f00f084: Add named multi-agent routing to withEve and useEveAgent. Next.js apps can now configure multiple eve roots with agents, then target one from the frontend with useEveAgent({ agent: "name" }).
  • f83d47d: defineRemoteAgent now accepts a function for url, resolved at runtime instead of baked at compile time. Return a string (or Promise<string>) from () => process.env.MY_SERVICE_URL to target an endpoint supplied by a runtime env var, known only once the deployment runs.

eve@0.22.3

Choose a tag to compare

@github-actions github-actions released this 09 Jul 17:51
31a6b3f

Patch Changes

  • 8223498: Start remote authentication when a credentialed Vercel deployment returns an UNAUTHORIZED protection response.

  • 79df338: feat(eve): scaffold projects with bundler module resolution

    eve init now writes a tsconfig.json using "moduleResolution": "bundler" (and "module": "esnext"), which matches how eve compiles authored agents and extensions. Relative imports in your agent and extension source no longer need .js extensions (e.g. import extension from "../extension").

  • 173fa5d: Restore the DISCORD_BOT_TOKEN environment fallback for proactive Discord messages, typing indicators, and bot-authenticated requests when discordChannel() is configured without explicit credentials.

  • 89cd2d6: Eval assertion count options now accept predicates, allowing ranges such as “at least two” while preserving exact numeric counts.

  • fdf56ef: feat(eve): mounted extensions

    Package eve capabilities — tools, connections, skills, instructions, hooks — as a reusable package and mount it under agent/extensions/, as a file (crm.ts) or a directory with co-located override slots that shadow the extension's own contributions. Contributions compose into the agent under a <namespace>__ prefix. Author with defineExtension from eve/extension, taking an optional Standard-Schema config read via extension.config; defineState is auto-scoped to the package. eve build compiles the package to runnable JavaScript with type declarations and fills its exports, so a published extension installs and mounts with no second compiler. eve is a peer dependency whose declared range eve enforces at mount; an extension cannot declare a sandbox, agent config, schedules, or limits, or mount other extensions.

  • 89f13e0: Hardened frontmatter parsing and OpenAPI connection loading.

    All frontmatter parsing now runs through a single safe-by-default helper with gray-matter's code-capable engines disabled, so a ---js / ---javascript fence throws instead of being eval()d. Previously only authored markdown (skills, schedules, instructions) was hardened; the eval YAML loader and the OpenAPI spec loader used gray-matter's defaults and would execute such a fence. This closes that path for OpenAPI specs, which are fetched over the network. Parsing untrusted frontmatter as code is now opt-in only, and a direct import of the bundled gray-matter outside the wrapper fails CI.

    OpenAPI spec URLs and the resolved base URL are now required to use https (plain http is still allowed for loopback hosts during local development), so neither the spec fetch nor the credentialed operation calls run over cleartext; the spec transport is also re-checked after redirects.

  • aff35e2: Stop eve dev source snapshots from copying nested Git repositories and worktrees, preventing duplicate checkouts from inflating each development snapshot.

  • 9087496: Prevent brokered credential values from being exposed to commands running in Microsandbox. Guest Git configuration continues to use broker-managed placeholders for authenticated requests.

  • 72c58ae: Recover eve dev <url> authentication when Vercel Deployment Protection returns an SSO redirect or a structured protected-deployment response.

  • 87688f9: Slack outbound messages now preserve literal bare @ tokens, including scoped package names, while explicit <@USER_ID> mention syntax continues to pass through unchanged.

  • c1c4ee5: Preserve query parameters passed to eve dev and send them on every agent request, including session POSTs and streams.

eve@0.22.2

Choose a tag to compare

@github-actions github-actions released this 09 Jul 15:42
94e24ad

Patch Changes

  • 4da4d86: Fixed Anthropic prompt caching placing the final cache breakpoint one message too early. Fresh tool results were billed as uncached input every turn and only entered the cache on the following request, capping the effective cache hit rate near 50%; the breakpoint now sits on the last message of each request, so agentic tool loops get near-full prefix hits.
  • 4446f96: Update the vendored Workflow SDK packages to the latest 5.0 beta releases. eve now delegates world target selection and construction to the upstream SDK instead of maintaining parallel factory and compatibility logic, and no longer disables stable Workflow Turbo mode.
  • 3da5def: Retry transient provider overload errors delivered inside model streams. Classified transient failures get at most three fresh model-call attempts, while other recoverable task-mode errors fall back to Workflow's durable step retries without multiplying retry budgets.
  • 2afed3b: Update withEve() to generate Vercel Build Output service routes for eve instead of the legacy Next.js rewrite setup. The generated output now uses the stable services field and service routes, including in hosted Vercel builds where no local .vercel/project.json exists, so Vercel builds the eve service without Next.js rewrites.
  • 3983d36: The Slack channel's default typing indicator for actions.requested now shows the action's contents instead of a generic Running <tool>... label: the tool name plus its most telling argument (grep useEveAgent, read_file agent/agent.ts), the subagent or remote-agent name for dispatched calls, and +N more for batches. The label helpers are exported from eve/channels/slack as describeActionRequest and describeActionRequests for use in custom handlers.
  • 15309f3: New projects created with eve init now use stable TypeScript 7.0.2 instead of the release candidate.

eve@0.22.1

Choose a tag to compare

@github-actions github-actions released this 08 Jul 16:42
d05f692

Patch Changes

  • 9c63a4e: Export callSlackApi and resolveSlackBotToken from eve/channels/slack. Code running outside a webhook-side handler — schedules resolving reactions or reading history, for example — has no ctx.slack handle; these were the internal primitives behind slack.request, already public-shaped and documented, and are now importable so apps stop hand-rolling fetch against the Slack Web API.
  • 210f097: Session sandboxes are now keyed per durable session instead of per deployment, so redeploying no longer discards a session's /workspace state. A session gets a fresh sandbox only when the sandbox definition itself changes (authored sandbox source, workspace seed content, or revalidationKey), and onSession runs again on the replacement sandbox.
  • a3efd4b: Render Slack HITL button prompts as card blocks, move approval tool input into collapsible containers, and keep answered-card updates scoped to the answered request so sibling batched approval buttons remain clickable.
  • 3c6abbf: Surface authorization prompts and completion updates from local subagents on the parent channel, including through nested delegation chains, while keeping the authorization callback scoped to the child session.

eve@0.22.0

Choose a tag to compare

@github-actions github-actions released this 07 Jul 20:21
5d4e1bc

Minor Changes

  • 2958abf: feat(eve): add konsistent with initial config to enforce structural conventions

Patch Changes

  • b7d1089: Add defineDynamic({ fallback, events }) support for scoped dynamic agent model selection. Agents can choose a model once per session, once per turn, or per model step while keeping a compiled fallback for metadata and unset scopes.
  • bd287b1: fix(eve): pass error messages when tool call input is invalid back to model instead of throwing so that it can try again

eve@0.21.1

Choose a tag to compare

@github-actions github-actions released this 07 Jul 16:44
6529f92

Patch Changes

  • 0b42ba1: eve eval now shuts down tracked sandbox handles after a local one-shot eval run completes. This prevents local sandbox compute, including microsandbox sessions, from outliving the eval process.

eve@0.21.0

Choose a tag to compare

@github-actions github-actions released this 07 Jul 16:32
39edcb1

Minor Changes

  • 79e9959: Expand the Chat SDK channel (chatSdkChannel): post completed assistant messages as markdown, stream replies via post-then-edit (configurable with streaming and streamingEditIntervalMs), surface typing status on turn start and tool calls, and degrade optional adapter operations (startTyping, editMessage) gracefully when an adapter does not implement them. Add the messageToUserContent inbound helper and export isNotImplemented. The default adapter webhook route is now /eve/v1/{adapter}.
  • 73a9bf9: feat(eve): write skills into $HOME/.agents/skills instead of the workspace directory

Patch Changes

  • 99c2380: Subagents now report their token usage back to the caller — local, runtime, and remote alike. A completed turn carries the session's token totals (inputTokens, outputTokens, cacheReadTokens, cacheWriteTokens) on its terminal result; remote agents transport the same totals over the session callback. The parent's turn emits one invoke_agent span per usage-bearing result (gen_ai.operation.name=invoke_agent, gen_ai.agent.name, gen_ai.usage.*, per the OpenTelemetry GenAI semantic conventions) in the caller's trace. Remote usage requires both sides to run this version; collection stays best-effort everywhere.
  • c5cddb6: message.received events now include structured parts with text and file metadata so clients can render user attachments without parsing the flattened message summary. The default message reducer projects those attachments as file message parts while keeping raw bytes and internal sandbox paths off the stream.
  • 5ef4ec6: Reintroduce the ExperimentalWorkflow opt-in marker in eve/tools. Re-exporting it from agent/tools/workflow.ts enables the Workflow orchestration tool, which can spawn the agent's subagents from model-authored JavaScript. Workflow-spawned subagent calls are now capped per program by the new limits.maxSubagents agent setting (default 100) — calls beyond the budget resolve with a WORKFLOW_SUBAGENT_LIMIT_REACHED error result instead of starting a child session — and the tool stays root-only, so delegated subagent sessions never receive it.
  • 61745d5: Slack channel posts that combine Markdown and file uploads now send the Markdown message first and upload files as a threaded follow-up. This preserves Slack's full Markdown rendering, including tables, instead of downgrading the response into a file upload comment.
  • d408d0b: Reaching a session token limit no longer fails interactive sessions outright. The harness now pauses and sends a deterministic HITL continuation prompt; answering "Continue" grants a fresh budget window of the configured size, while "Stop" ends the session gracefully with session.completed. Task-mode sessions keep the structured SESSION_TOKEN_LIMIT_REACHED failure so parent tool calls receive an error result.
  • da2ec6c: Delegated subagent sessions now receive a share of the parent's remaining token quota at dispatch time — the remainder split across the batch's delegated calls — instead of a fixed 5M input-token cap, and a completed child's usage counts against the parent's quota, so a delegation tree can never outspend the budget configured at its root. Session token limits also accept false to uncap a session explicitly. Delegated children likewise inherit the parent's delegation caps (limits.maxSubagentDepth and limits.maxSubagents); on every inherited axis the tighter of the configured and inherited value wins.

eve@0.20.0

Choose a tag to compare

@github-actions github-actions released this 05 Jul 21:14
c61ea67

Minor Changes

  • 6f9364a: Sandboxes are now stopped when the eve server shuts down. Self-hosted production servers stop every open sandbox (microsandbox VMs, Docker containers, Vercel sandboxes, just-bash interpreters) on SIGTERM/SIGINT, matching the cleanup eve dev already performs, and sessions reattach from persisted state on the next start. Breaking change for custom sandbox backends: SandboxBackendHandle gains a required shutdown() and the unused dispose() is removed.

Patch Changes

  • 7699e98: eve eval now prints a clear, actionable message when it finds no evals but detects *.eval.ts files placed inside agent/. Instead of the generic "No evals found", it names the offending directories and reminds you that eval files belong in the top-level evals/ directory (a sibling of agent/).
  • f3a05c5: ToolContext and ApprovalContext now expose callId, the tool call id carried by the call's stream events, so approval-gated tools can key records to one identity across proposal, rejection, and execution.
  • f9621b6: Resuming a durable session whose history references a file attachment no longer fails the turn when the staged bytes are gone (for example after a redeploy pointed the session at a fresh sandbox). The missing attachment degrades to a FileNotFound text notice the model can interpret, so the run continues instead of ending in session.failed.
  • c233a6a: The turn harness now propagates a cooperative AbortSignal end to end: model calls, retries, recovery, compaction, and tool executions all honor it, and an aborted turn settles with a canonical TurnCancelledError that is never retried or misclassified as a failure. Authored tools receive the signal as ctx.abortSignal (and via the AI SDK execute options), and framework tools forward it into sandbox commands, file I/O, web_fetch, and MCP/OpenAPI connection calls. This is the lowest layer of turn cancellation — no trigger exists yet, so runtime behavior is unchanged until the cancellation API ships.