Skip to content

Bump agents from 0.14.4 to 0.16.2 in /worker#18

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/worker/agents-0.16.2
Open

Bump agents from 0.14.4 to 0.16.2 in /worker#18
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/worker/agents-0.16.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 21, 2026

Copy link
Copy Markdown

Bumps agents from 0.14.4 to 0.16.2.

Release notes

Sourced from agents's releases.

agents@0.16.2

Patch Changes

  • #1767 f03dee6 Thanks @​threepointone! - Reduce Think Durable Object SQLite reads during normal wakes and text-only turns.

    Think now avoids automatic media-eviction scans until hydration has been windowed or an oversized appended message has been observed. The shared resumable stream buffer also avoids per-wake metadata-column introspection by creating new tables with the current columns and lazily migrating legacy tables only when a stream write needs it.

  • #1722 9f8e14b Thanks @​mattzcarey! - Fix two MCP client OAuth bugs found by the new conformance suite, and add MCP conformance testing.

    • MCPClientConnection now finishes OAuth on the transport that received the 401. A fresh transport loses the resource metadata URL from the WWW-Authenticate header, so token exchange fell back to the default /token path and failed against authorization servers at non-default locations.
    • MCPClientConnection.init() detaches the previous transport before reconnecting. Re-authorizing after a mid-session 401 (scope step-up, token revocation) previously failed permanently with "Already connected to a transport".
    • Added the official @modelcontextprotocol/conformance suite (as used by the MCP TypeScript SDK) running against the MCP client (Agent + MCPClientManager), McpAgent, and createMcpHandler + WorkerTransport — all hosted in workerd via wrangler dev. See packages/agents/conformance/README.md.

  • #1767 f03dee6 Thanks @​threepointone! - Cache the active branch tip in AgentSessionProvider so finding the latest leaf no longer scans the whole session on every read and append.

    latestLeafRow() previously ran an anti-join over every message row (O(rows)) to locate the branch tip — on each hydration AND each auto-parent append, so on long transcripts it dominated a wake's read cost. The tip is now maintained in place on append/delete/clear; a cached tip is re-validated on read with an O(1) existence + still-childless check (so it self-heals if another writer deletes the tip or gives it a child), and the full scan only runs when that check fails or the cache is cold. Per-hydration and per-append tip lookups drop from O(rows) to O(1), and the full scan never runs more often than before.

agents@0.16.1

Patch Changes

  • #1757 92a5ba1 Thanks @​threepointone! - Bump the partyserver dependency to ^0.5.8, which base64-encodes the x-partykit-props header so props containing non-ASCII characters (e.g. accented names) no longer trigger workerd's "header value contains non-ASCII characters" warning (which throws a TypeError in browser fetch implementations). The header is decoded back to the original Unicode payload on the server, and raw-JSON values from older callers are still accepted for backwards compatibility.

  • #1754 151d457 Thanks @​threepointone! - Pin accepted WebSocket connections to binaryType = "arraybuffer". On Worker compatibility_dates >= 2026-03-17 the runtime defaults a server WebSocket's binaryType to "blob" (the websocket_standard_binary_type flag), so binary frames arrive as Blob instead of ArrayBuffer. The Agent protocol and every downstream consumer (e.g. @cloudflare/voice audio frames, user onMessage handlers that check message instanceof ArrayBuffer) have always relied on ArrayBuffer. The Agent now sets connection.binaryType = "arraybuffer" when a connection is established, restoring the historical contract regardless of compatibility date without requiring the no_websocket_standard_binary_type flag. (The hibernatable webSocketMessage handler always delivers ArrayBuffer, so this only affects non-hibernating agents.)

    Also bumps the partyserver dependency to ^0.5.7, which pins binaryType at the connection layer (accept()), accepts non-hibernating connections in half-open mode, and suppresses retryable transport-teardown errors on already-closing/closed connections. With partyserver now pinning binaryType itself, the Agent's own pin becomes defense-in-depth (kept for older partyserver versions and custom connections) and runs once per connection per isolate lifetime instead of on every state access.

  • #1754 151d457 Thanks @​threepointone! - Add Browser Run Live View support to the browser tools. The cdp connector gains a getLiveViewUrl({ targetId?, mode? }) tool that returns a link a human

... (truncated)

Changelog

Sourced from agents's changelog.

0.16.2

Patch Changes

  • #1767 f03dee6 Thanks @​threepointone! - Reduce Think Durable Object SQLite reads during normal wakes and text-only turns.

    Think now avoids automatic media-eviction scans until hydration has been windowed or an oversized appended message has been observed. The shared resumable stream buffer also avoids per-wake metadata-column introspection by creating new tables with the current columns and lazily migrating legacy tables only when a stream write needs it.

  • #1722 9f8e14b Thanks @​mattzcarey! - Fix two MCP client OAuth bugs found by the new conformance suite, and add MCP conformance testing.

    • MCPClientConnection now finishes OAuth on the transport that received the 401. A fresh transport loses the resource metadata URL from the WWW-Authenticate header, so token exchange fell back to the default /token path and failed against authorization servers at non-default locations.
    • MCPClientConnection.init() detaches the previous transport before reconnecting. Re-authorizing after a mid-session 401 (scope step-up, token revocation) previously failed permanently with "Already connected to a transport".
    • Added the official @modelcontextprotocol/conformance suite (as used by the MCP TypeScript SDK) running against the MCP client (Agent + MCPClientManager), McpAgent, and createMcpHandler + WorkerTransport — all hosted in workerd via wrangler dev. See packages/agents/conformance/README.md.

  • #1767 f03dee6 Thanks @​threepointone! - Cache the active branch tip in AgentSessionProvider so finding the latest leaf no longer scans the whole session on every read and append.

    latestLeafRow() previously ran an anti-join over every message row (O(rows)) to locate the branch tip — on each hydration AND each auto-parent append, so on long transcripts it dominated a wake's read cost. The tip is now maintained in place on append/delete/clear; a cached tip is re-validated on read with an O(1) existence + still-childless check (so it self-heals if another writer deletes the tip or gives it a child), and the full scan only runs when that check fails or the cache is cold. Per-hydration and per-append tip lookups drop from O(rows) to O(1), and the full scan never runs more often than before.

0.16.1

Patch Changes

  • #1757 92a5ba1 Thanks @​threepointone! - Bump the partyserver dependency to ^0.5.8, which base64-encodes the x-partykit-props header so props containing non-ASCII characters (e.g. accented names) no longer trigger workerd's "header value contains non-ASCII characters" warning (which throws a TypeError in browser fetch implementations). The header is decoded back to the original Unicode payload on the server, and raw-JSON values from older callers are still accepted for backwards compatibility.

  • #1754 151d457 Thanks @​threepointone! - Pin accepted WebSocket connections to binaryType = "arraybuffer". On Worker compatibility_dates >= 2026-03-17 the runtime defaults a server WebSocket's binaryType to "blob" (the websocket_standard_binary_type flag), so binary frames arrive as Blob instead of ArrayBuffer. The Agent protocol and every downstream consumer (e.g. @cloudflare/voice audio frames, user onMessage handlers that check message instanceof ArrayBuffer) have always relied on ArrayBuffer. The Agent now sets connection.binaryType = "arraybuffer" when a connection is established, restoring the historical contract regardless of compatibility date without requiring the no_websocket_standard_binary_type flag. (The hibernatable webSocketMessage handler always delivers ArrayBuffer, so this only affects non-hibernating agents.)

    Also bumps the partyserver dependency to ^0.5.7, which pins binaryType at the connection layer (accept()), accepts non-hibernating connections in half-open mode, and suppresses retryable transport-teardown errors on already-closing/closed connections. With partyserver now pinning binaryType itself, the Agent's own pin becomes defense-in-depth (kept for older partyserver versions and custom connections) and runs once per connection per isolate lifetime instead of on every state access.

... (truncated)

Commits
  • 8019e61 Version Packages (#1768)
  • 9f8e14b feat(mcp): MCP conformance test suites + two OAuth client fixes (#1722)
  • f03dee6 fix: reduce Think SQLite read amplification (#1767)
  • 6f1f71a Version Packages (#1756)
  • 92a5ba1 Update Kimi model references to kimi-k2.7-code and bump partyserver to 0.5.8 ...
  • 151d457 Browser Run: Live View, Session Recording & Quick Actions + WebSocket/compat ...
  • ef85f0a Version Packages (#1708)
  • 99c9326 fix(agents): defer agent teardown to its own alarm invocation so canceled req...
  • c18a446 fix: stop oversized sessions from bricking the DO with SQLITE_NOMEM on wake (...
  • 4ec3b07 fix(agents): ignore RPC responses after socket close (#1748)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump agents from 0.14.4 to 0.16.2 in /worker
ca245bc 
Bumps [agents](https://github.com/cloudflare/agents/tree/HEAD/packages/agents) from 0.14.4 to 0.16.2.
- [Release notes](https://github.com/cloudflare/agents/releases)
- [Changelog](https://github.com/cloudflare/agents/blob/main/packages/agents/CHANGELOG.md)
- [Commits](https://github.com/cloudflare/agents/commits/agents@0.16.2/packages/agents)

---
updated-dependencies:
- dependency-name: agents
  dependency-version: 0.16.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 21, 2026
@dependabot dependabot Bot mentioned this pull request Jun 21, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants