Releases: vercel/eve
Release list
eve@0.22.6
Patch Changes
- 5035812: Vercel deployments now emit
framework: { slug: "eve" }alongside the version in the Build Output API config. Vercel's build-output deserializer drops the entireframeworkobject whenslugis absent, so this restores framework attribution end to end —framework_slugandframework_versionare now populated in AI Gateway routing and access logs. - 9cd5c99: chatSdkChannel now mounts both GET and POST on each adapter's webhook route, so adapters that verify with a GET challenge like X's CRC check work through the bridge. POST-only adapters are unaffected.
- caa0c17:
eve devnow keeps Nitro build inputs outside prunable runtime snapshots. Long-running development servers no longer fail structural rebuilds with stale import errors after snapshot cleanup. - 01f0345: Resume active local workflow runs on the agent-scoped queue after restarting the eve server.
eve@0.22.5
Patch Changes
- c8f00aa: Add
experimental_chatgptunder the neweve/models/openaisubpath: it returns an AI SDK language model served through the local Codex login (codex login), billed to the ChatGPT subscription, and defaults togpt-5.6-sol. Direct provider API request errors now also surface their upstream message when one is available. - 640cd8e: Keep provider streams moving while durable event writes are in flight. eve now coalesces only adjacent queued text or reasoning appends behind an ordered writer, preserving event order while avoiding one durable round trip per provider delta.
- a5b43e7: Add
eve extension initandeve extension buildfor scaffolding and building extension packages. - a325195:
limits.maxSubagentDepthnow defaults to1instead of3. Agents that rely on deeper default delegation should setlimits: { maxSubagentDepth: 3 }(or another value) explicitly. - 4f86a21: Persist AI SDK approval-resume response messages in session history so approved local tool results survive later provider requests.
- 3577534: Update the bundled Workflow runtime dependencies to their latest 5.0 beta releases.
- bd780bd: Update the bundled Workflow runtime to
@workflow/core@5.0.0-beta.30and align its world packages.
eve@0.22.4
Patch Changes
- b5aedaf: The shared integrations catalog gains 33 curated MCP connections from the Vercel Connect preset directory (Airtable, Stripe, Sentry, Supabase, Zapier, and more) for the docs integrations gallery, and the connection scaffolder now skips gallery-only catalog entries, so the
eve connections addpicker is unchanged. - edc93cc: Keep the mounted extensions guide out of the docs sidebar for now. The page stays at
/docs/extensions, but the feature isn't surfaced in the nav while its API stabilizes. - f00f084: Add named multi-agent routing to
withEveanduseEveAgent. Next.js apps can now configure multiple eve roots withagents, then target one from the frontend withuseEveAgent({ agent: "name" }). - f83d47d:
defineRemoteAgentnow accepts a function forurl, resolved at runtime instead of baked at compile time. Return astring(orPromise<string>) from() => process.env.MY_SERVICE_URLto target an endpoint supplied by a runtime env var, known only once the deployment runs.
eve@0.22.3
Patch Changes
-
8223498: Start remote authentication when a credentialed Vercel deployment returns an
UNAUTHORIZEDprotection response. -
79df338: feat(eve): scaffold projects with bundler module resolution
eve initnow writes atsconfig.jsonusing"moduleResolution": "bundler"(and"module": "esnext"), which matches how eve compiles authored agents and extensions. Relative imports in your agent and extension source no longer need.jsextensions (e.g.import extension from "../extension"). -
173fa5d: Restore the
DISCORD_BOT_TOKENenvironment fallback for proactive Discord messages, typing indicators, and bot-authenticated requests whendiscordChannel()is configured without explicit credentials. -
89cd2d6: Eval assertion
countoptions now accept predicates, allowing ranges such as “at least two” while preserving exact numeric counts. -
fdf56ef: feat(eve): mounted extensions
Package eve capabilities — tools, connections, skills, instructions, hooks — as a reusable package and mount it under
agent/extensions/, as a file (crm.ts) or a directory with co-located override slots that shadow the extension's own contributions. Contributions compose into the agent under a<namespace>__prefix. Author withdefineExtensionfromeve/extension, taking an optional Standard-Schemaconfigread viaextension.config;defineStateis auto-scoped to the package.eve buildcompiles the package to runnable JavaScript with type declarations and fills itsexports, so a published extension installs and mounts with no second compiler.eveis a peer dependency whose declared range eve enforces at mount; an extension cannot declare a sandbox, agent config, schedules, or limits, or mount other extensions. -
89f13e0: Hardened frontmatter parsing and OpenAPI connection loading.
All frontmatter parsing now runs through a single safe-by-default helper with gray-matter's code-capable engines disabled, so a
---js/---javascriptfence throws instead of beingeval()d. Previously only authored markdown (skills, schedules, instructions) was hardened; the eval YAML loader and the OpenAPI spec loader used gray-matter's defaults and would execute such a fence. This closes that path for OpenAPI specs, which are fetched over the network. Parsing untrusted frontmatter as code is now opt-in only, and a direct import of the bundled gray-matter outside the wrapper fails CI.OpenAPI spec URLs and the resolved base URL are now required to use
https(plainhttpis still allowed for loopback hosts during local development), so neither the spec fetch nor the credentialed operation calls run over cleartext; the spec transport is also re-checked after redirects. -
aff35e2: Stop
eve devsource snapshots from copying nested Git repositories and worktrees, preventing duplicate checkouts from inflating each development snapshot. -
9087496: Prevent brokered credential values from being exposed to commands running in Microsandbox. Guest Git configuration continues to use broker-managed placeholders for authenticated requests.
-
72c58ae: Recover
eve dev <url>authentication when Vercel Deployment Protection returns an SSO redirect or a structured protected-deployment response. -
87688f9: Slack outbound messages now preserve literal bare
@tokens, including scoped package names, while explicit<@USER_ID>mention syntax continues to pass through unchanged. -
c1c4ee5: Preserve query parameters passed to
eve devand send them on every agent request, including session POSTs and streams.
eve@0.22.2
Patch Changes
- 4da4d86: Fixed Anthropic prompt caching placing the final cache breakpoint one message too early. Fresh tool results were billed as uncached input every turn and only entered the cache on the following request, capping the effective cache hit rate near 50%; the breakpoint now sits on the last message of each request, so agentic tool loops get near-full prefix hits.
- 4446f96: Update the vendored Workflow SDK packages to the latest 5.0 beta releases. eve now delegates world target selection and construction to the upstream SDK instead of maintaining parallel factory and compatibility logic, and no longer disables stable Workflow Turbo mode.
- 3da5def: Retry transient provider overload errors delivered inside model streams. Classified transient failures get at most three fresh model-call attempts, while other recoverable task-mode errors fall back to Workflow's durable step retries without multiplying retry budgets.
- 2afed3b: Update
withEve()to generate Vercel Build Output service routes for eve instead of the legacy Next.js rewrite setup. The generated output now uses the stableservicesfield and service routes, including in hosted Vercel builds where no local.vercel/project.jsonexists, so Vercel builds the eve service without Next.js rewrites. - 3983d36: The Slack channel's default typing indicator for
actions.requestednow shows the action's contents instead of a genericRunning <tool>...label: the tool name plus its most telling argument (grep useEveAgent,read_file agent/agent.ts), the subagent or remote-agent name for dispatched calls, and+N morefor batches. The label helpers are exported fromeve/channels/slackasdescribeActionRequestanddescribeActionRequestsfor use in custom handlers. - 15309f3: New projects created with
eve initnow use stable TypeScript 7.0.2 instead of the release candidate.
eve@0.22.1
Patch Changes
- 9c63a4e: Export
callSlackApiandresolveSlackBotTokenfromeve/channels/slack. Code running outside a webhook-side handler — schedules resolving reactions or reading history, for example — has noctx.slackhandle; these were the internal primitives behindslack.request, already public-shaped and documented, and are now importable so apps stop hand-rollingfetchagainst the Slack Web API. - 210f097: Session sandboxes are now keyed per durable session instead of per deployment, so redeploying no longer discards a session's
/workspacestate. A session gets a fresh sandbox only when the sandbox definition itself changes (authored sandbox source, workspace seed content, orrevalidationKey), andonSessionruns again on the replacement sandbox. - a3efd4b: Render Slack HITL button prompts as card blocks, move approval tool input into collapsible containers, and keep answered-card updates scoped to the answered request so sibling batched approval buttons remain clickable.
- 3c6abbf: Surface authorization prompts and completion updates from local subagents on the parent channel, including through nested delegation chains, while keeping the authorization callback scoped to the child session.
eve@0.22.0
Minor Changes
- 2958abf: feat(eve): add
konsistentwith initial config to enforce structural conventions
Patch Changes
- b7d1089: Add
defineDynamic({ fallback, events })support for scoped dynamic agent model selection. Agents can choose a model once per session, once per turn, or per model step while keeping a compiled fallback for metadata and unset scopes. - bd287b1: fix(eve): pass error messages when tool call input is invalid back to model instead of throwing so that it can try again
eve@0.21.1
Patch Changes
- 0b42ba1:
eve evalnow shuts down tracked sandbox handles after a local one-shot eval run completes. This prevents local sandbox compute, including microsandbox sessions, from outliving the eval process.
eve@0.21.0
Minor Changes
- 79e9959: Expand the Chat SDK channel (
chatSdkChannel): post completed assistant messages as markdown, stream replies via post-then-edit (configurable withstreamingandstreamingEditIntervalMs), surface typing status on turn start and tool calls, and degrade optional adapter operations (startTyping,editMessage) gracefully when an adapter does not implement them. Add themessageToUserContentinbound helper and exportisNotImplemented. The default adapter webhook route is now/eve/v1/{adapter}. - 73a9bf9: feat(eve): write skills into
$HOME/.agents/skillsinstead of the workspace directory
Patch Changes
- 99c2380: Subagents now report their token usage back to the caller — local, runtime, and remote alike. A completed turn carries the session's token totals (
inputTokens,outputTokens,cacheReadTokens,cacheWriteTokens) on its terminal result; remote agents transport the same totals over the session callback. The parent's turn emits oneinvoke_agentspan per usage-bearing result (gen_ai.operation.name=invoke_agent,gen_ai.agent.name,gen_ai.usage.*, per the OpenTelemetry GenAI semantic conventions) in the caller's trace. Remote usage requires both sides to run this version; collection stays best-effort everywhere. - c5cddb6:
message.receivedevents now include structuredpartswith text and file metadata so clients can render user attachments without parsing the flattened message summary. The default message reducer projects those attachments asfilemessage parts while keeping raw bytes and internal sandbox paths off the stream. - 5ef4ec6: Reintroduce the
ExperimentalWorkflowopt-in marker ineve/tools. Re-exporting it fromagent/tools/workflow.tsenables theWorkfloworchestration tool, which can spawn the agent's subagents from model-authored JavaScript. Workflow-spawned subagent calls are now capped per program by the newlimits.maxSubagentsagent setting (default 100) — calls beyond the budget resolve with aWORKFLOW_SUBAGENT_LIMIT_REACHEDerror result instead of starting a child session — and the tool stays root-only, so delegated subagent sessions never receive it. - 61745d5: Slack channel posts that combine Markdown and file uploads now send the Markdown message first and upload files as a threaded follow-up. This preserves Slack's full Markdown rendering, including tables, instead of downgrading the response into a file upload comment.
- d408d0b: Reaching a session token limit no longer fails interactive sessions outright. The harness now pauses and sends a deterministic HITL continuation prompt; answering "Continue" grants a fresh budget window of the configured size, while "Stop" ends the session gracefully with
session.completed. Task-mode sessions keep the structuredSESSION_TOKEN_LIMIT_REACHEDfailure so parent tool calls receive an error result. - da2ec6c: Delegated subagent sessions now receive a share of the parent's remaining token quota at dispatch time — the remainder split across the batch's delegated calls — instead of a fixed 5M input-token cap, and a completed child's usage counts against the parent's quota, so a delegation tree can never outspend the budget configured at its root. Session token limits also accept
falseto uncap a session explicitly. Delegated children likewise inherit the parent's delegation caps (limits.maxSubagentDepthandlimits.maxSubagents); on every inherited axis the tighter of the configured and inherited value wins.
eve@0.20.0
Minor Changes
- 6f9364a: Sandboxes are now stopped when the eve server shuts down. Self-hosted production servers stop every open sandbox (microsandbox VMs, Docker containers, Vercel sandboxes, just-bash interpreters) on
SIGTERM/SIGINT, matching the cleanupeve devalready performs, and sessions reattach from persisted state on the next start. Breaking change for custom sandbox backends:SandboxBackendHandlegains a requiredshutdown()and the unuseddispose()is removed.
Patch Changes
- 7699e98:
eve evalnow prints a clear, actionable message when it finds no evals but detects*.eval.tsfiles placed insideagent/. Instead of the generic "No evals found", it names the offending directories and reminds you that eval files belong in the top-levelevals/directory (a sibling ofagent/). - f3a05c5:
ToolContextandApprovalContextnow exposecallId, the tool call id carried by the call's stream events, so approval-gated tools can key records to one identity across proposal, rejection, and execution. - f9621b6: Resuming a durable session whose history references a file attachment no longer fails the turn when the staged bytes are gone (for example after a redeploy pointed the session at a fresh sandbox). The missing attachment degrades to a
FileNotFoundtext notice the model can interpret, so the run continues instead of ending insession.failed. - c233a6a: The turn harness now propagates a cooperative
AbortSignalend to end: model calls, retries, recovery, compaction, and tool executions all honor it, and an aborted turn settles with a canonicalTurnCancelledErrorthat is never retried or misclassified as a failure. Authored tools receive the signal asctx.abortSignal(and via the AI SDK execute options), and framework tools forward it into sandbox commands, file I/O,web_fetch, and MCP/OpenAPI connection calls. This is the lowest layer of turn cancellation — no trigger exists yet, so runtime behavior is unchanged until the cancellation API ships.