chore(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@ai-sdk/mcp (source)	^1.0.43 → ^1.0.46
@better-auth/api-key (source)	^1.6.11 → ^1.6.14
@electric-sql/pglite (source)	^0.4.5 → ^0.5.1
@iconify-json/lucide	^1.2.109 → ^1.2.111
@iconify-json/simple-icons	^1.2.83 → ^1.2.85
@nuxt/ui (source)	^4.8.0 → ^4.8.2
@vue/compiler-sfc (source)	^3.5.34 → ^3.5.35
agents (source)	>=0.13.2 → >=0.14.4
ai (source)	^6.0.191 → ^6.0.197
better-auth (source)	^1.6.11 → ^1.6.14
docus	^5.11.0 → ^5.12.0
evlog (source)	^2.17.0 → ^2.18.1
pnpm (source)	11.3.0 → 11.5.2
pnpm (source)	10.33.4 → 10.34.1
shaders	^2.5.128 → ^2.5.129
tinyglobby (source)	^0.2.16 → ^0.2.17
turbo (source)	^2.9.14 → ^2.9.16
vite (source)	^8.0.14 → ^8.0.16
vitest (source)	^4.1.7 → ^4.1.8
vue (source)	^3.5.34 → ^3.5.35
vue-tsc (source)	^3.3.1 → ^3.3.3

---

Release Notes

vercel/ai (@​ai-sdk/mcp)

v1.0.46

Compare Source

Patch Changes

• 1f817db: fix(mcp): await addClientAuthentication in token exchange and refresh

v1.0.45

Compare Source

Patch Changes

• ec5fceb: fix(mcp): respond to ping requests with an empty result per JSON-RPC spec (closes #​6282)

v1.0.44

Compare Source

Patch Changes

• 77775a4: feat(mcp): expose statusCode, url, and responseBody on MCPClientError for HTTP transport failures

  MCPClientError now carries structured HTTP context when it originates from the
  streamable HTTP transport. This lets downstream consumers (e.g. agent frameworks
  that need to decide whether to fall back from streamable HTTP to legacy SSE
  transport per the MCP spec) branch on the actual response status without parsing
  the error message string.

  Fields are optional — they remain undefined for stdio transport errors and for
  non-response failures (network errors, aborts).

better-auth/better-auth (@​better-auth/api-key)

v1.6.14

Compare Source

Patch Changes

• Updated dependencies [2d9781a, 5a2d642, 13abc79, 9d3450a]:
  • better-auth@​1.6.14
  • @​better-auth/core@​1.6.14

v1.6.13

Compare Source

Patch Changes

• #​9794 e131d3a Thanks @​bytaesu! - verifyApiKey rejected keys created under a non-default configId when the request omitted configId. It now validates the key against its own configuration.

• Updated dependencies [d3919dc, 5f282bd, 43c08a2, 43c08a2, be32012, 87c1a0c, 5c3e248, 9c8ded6, 23d7cbf]:

  • better-auth@​1.6.13
  • @​better-auth/core@​1.6.13

v1.6.12

Compare Source

Patch Changes

• #​9759 f6bf451 Thanks @​ping-maxwell! - fix(api-key): add better-call as peer dependency to fix TS4023 declaration emit

• Updated dependencies [9bd53e1, 23dbe1a, 7a12072, 09a1d50, a6f144a, f77060a, dcb2e6d, c92cd74, f5fcc9d, 9d91eb7, a3b0c63, 1b40dac, 5626e1b, ad9ad82, 62dabf6, 276d67f, 2d73fff, c5b9f93, ac96316, 0a7cb70, 015f96b, 43cc49c, f5e29ea, 1d372bb, 3f8f310, 83fa369, 17cd433, c01b2f1, 6b44606, 04303a9, 7bf5449, 2b7937f]:

  • better-auth@​1.6.12
  • @​better-auth/core@​1.6.12

electric-sql/pglite (@​electric-sql/pglite)

v0.5.1

Compare Source

Patch Changes

• 930e2d0: fix PGlite version; redeploy external extensions

v0.5.0

Minor Changes

• 93d50aa: Upgrade to Postgres 18.3; move other extensions to their own npm packages;

v0.4.6

Patch Changes

• 2aa4d1a: Allow parsing of nulls in arrays #​997
• 2095d4e: Add ICU support.
• e937669: Restore process.exitCode
• 54ed6dc: new API method copyToFs() and new param postgresqlconf
• 817d073: restore exit code

nuxt/ui (@​nuxt/ui)

v4.8.2

Compare Source

Bug Fixes

• Form: support setting the name attribute (#​6539) (f8186e2)
• InputMenu/SelectMenu: re-highlight first item when items change (#​6538) (0414dd0)
• InputNumber/InputDate/InputTime/Calendar: restore locale prop (#​6546) (ed2f955)
• module: merge custom variants into AppConfig type (#​6531) (f0571c3)

v4.8.1

Compare Source

Bug Fixes

• ContentSearch/DashboardSearch: proxy missing CommandPalette props (#​6505) (631f5dc)
• Form: add method="post" to prevent credential leaking via GET before hydration (#​6512) (7a0825a)
• Icon: avoid recursive icon resolution (#​6495) (d50c121)
• locale: improve Thai translation accuracy and consistency (#​6509) (5d82418)
• module: expose component theme keys in AppConfig type (#​6520) (ffaf163)
• module: revert tagPriority to -2 for inline style tag (2dac778)
• Select/SelectMenu/InputMenu: add fallback for max-height (#​6503) (f4d7cbe)

vuejs/core (@​vue/compiler-sfc)

v3.5.35

Compare Source

Bug Fixes

• compiler-core: avoid double processing v-for keys with v-memo (#​14861) (34a0ded), closes #​14859
• compiler-sfc: resolve top-level exports from files registered as global types (#​14805) (3d077f2), closes nuxt/nuxt#33694
• runtime-core: avoid repeated hydration mismatch checks (#​14857) (170fc95), closes #​14855
• runtime-core: skip idle persisted transition hooks in keep-alive moves (#​14865) (80fc139), closes #​14031
• server-renderer: propagate sync errors from ssrRenderSuspense (#​14804) (4760997), closes nuxt/nuxt#28162
• teleport: skip child unmount when pending mount discarded (#​14876) (#​14877) (584beb1)

Performance Improvements

• reactivity: skip type checks for cached proxies (#​14860) (5734fe9)
• runtime-dom: optimize array event handler dispatch (#​14828) (bb18dc8)
• server-renderer: avoid materializing iterables in ssrRenderList (#​14821) (1b7a2cc)

cloudflare/agents (agents)

v0.14.4

Compare Source

Patch Changes

• #​1693 6496c80 Thanks @​threepointone! - Fix AIChatAgent orphaned-stream recovery merging a new assistant turn into the previous assistant message (#​1691).

  When a stream was interrupted before its final assistant message was persisted (Durable Object hibernation, deploy churn, isolate restart, reconnect), orphan recovery reconstructed the message from stored chunks. If those chunks carried no provider start.messageId — the common case — recovery fell back to the last assistant message in history. That is correct for a continuation, but wrong for a normal new turn after a later user message: the recovered chunks for the new turn were appended onto the previous assistant message, corrupting both the persisted transcript and future model context.

  The assistant message id allocated when a stream starts is now persisted in the resumable-stream metadata (ResumableStream.start() records message_id). When the reconstructed chunks carry no provider start.messageId — the common case, and the one that triggered the bug — orphan recovery now uses this stored id instead of the last-assistant fallback, so a new turn becomes its own message and a continuation still merges into the message it was extending (it stored the cloned last-assistant id). A provider start.messageId, when present, still wins, matching the live path which adopts it for new turns. Stream rows written before this release have no stored id and keep the previous behavior (provider id if present, otherwise the last assistant message). The metadata migration adds a single column, guarded by a schema check so it runs only once.

  This also fixes two related variants of the same corruption on the durable (chatRecovery) continuation path:

  • When a stream was persisted early (e.g. at a tool-approval pause) and then recovered, the merge re-appended chunks it had already stored, leaving two parts for the same tool call. Recovery now skips reconstructed parts whose toolCallId already exists on the message.
  • When a new turn was interrupted before any assistant part was persisted — either because it was cut off in the window before the first chunk materialized, or because onChatRecovery returned { persist: false } — recovery would "continue" it by cloning the previous assistant message, merging the new turn into it. Recovery now detects that the conversation leaf is still the user message (no partial to continue) and re-runs the turn fresh, so it becomes its own message.

  @cloudflare/think is unaffected — its session-tree recovery already allocates a distinct message id per orphan and never falls back to the last assistant message.

v0.14.3

Compare Source

Patch Changes

• #​1686 1e49880 Thanks @​threepointone! - Batch and pack chat-persistence SQLite writes to reduce rows written and round-trips.
  • agents: ResumableStream now packs each buffered group of stream chunks into a single SQLite row (a JSON array of chunk bodies) instead of writing one row per chunk. Single-chunk and large-chunk segments are stored unwrapped, and a per-segment byte cap keeps rows within the 2 MB SQLite row limit. This cuts chunk rows written / stored / scanned-on-replay by up to ~10×. Reads (replay, orphan reconstruction, getStreamChunks) transparently unpack both packed segments and legacy per-chunk rows, so existing stored data keeps working. Adds shared buildInClauseStrings and MAX_BOUND_PARAMS helpers exported from agents/chat.
  • @cloudflare/ai-chat: message cleanup (stale-row pruning and maxPersistedMessages enforcement) previously issued one DELETE per row in a loop; it now deletes rows in batched DELETE ... WHERE id IN (...) queries (capped at 100 bound parameters per query).
  • @cloudflare/think: deleteSubmissions() cleanup previously issued one DELETE per terminal submission (up to 500 per call); it now deletes rows in batched DELETE ... WHERE submission_id IN (...) queries.
  • @cloudflare/ai-chat & @cloudflare/think: chat-recovery incident TTL sweep previously deleted each stale incident with a separate awaited storage.delete(key) (which also defeats Durable Object write-coalescing); it now deletes incidents in batched storage.delete(keys) calls (up to 128 keys per call).

v0.14.2

Compare Source

Patch Changes

• #​1684 ab6dd95 Thanks @​threepointone! - warn when chatRecovery is configured in onStart() (applied too late for wake recovery)

  On every Durable Object wake the SDK evaluates chat-recovery budgets — and may seal an interrupted turn, firing onExhausted — before the user's onStart() runs (_checkRunFibers() is ordered ahead of onStart()). A chatRecovery config produced inside onStart() is therefore read as the built-in defaults at the moment recovery decides, so a configured maxRecoveryWork / shouldKeepRecovering / onExhausted silently never applies to the recovery that matters.

  This is now documented on ChatRecoveryConfig and the chatRecovery fields of Think / AIChatAgent, and the SDK logs a one-time warning if it detects chatRecovery being reassigned during onStart(). The warning fires both for a custom config object and for chatRecovery = true (enabling recovery / its defaults too late); assigning false (disabling) in onStart() is intentionally not warned, since recovery already ran with the pre-onStart() value and disabling it afterward is a benign no-op for that wake. The fix is to assign chatRecovery as a class field or in the constructor.

• #​1672 f96a2ba Thanks @​threepointone! - fix(chat-recovery): a turn making forward progress now survives unbounded deploy churn; add a work budget + shouldKeepRecovering runaway guard

  Durable chat recovery used to bound a single incident with a non-resetting 15-minute wall-clock ceiling (CHAT_RECOVERY_MAX_WINDOW_MS). That ceiling was overloaded — it served as both a recovery-duration bound and a runaway-loop guard — and it terminated healthy, actively-progressing turns that simply took longer than 15 minutes of wall-clock to finish while being repeatedly interrupted by a dense deploy window, sealing them with reason="max_recovery_window_exceeded" and discarding completed work.

  The two jobs are now decoupled (see design/rfc-chat-recovery-work-budget.md):

  • Duration is no longer a bound for a progressing turn. The non-resetting wall-clock ceiling is removed. A turn that keeps producing content survives unbounded deploy churn. Stuck turns are still sealed by the no-progress window (5 min, resets on progress); tight no-progress alarm loops by the attempt cap.
  • New runaway-loop guard, keyed to work, not time. The existing durable, monotonic, reconnect-immune progress counter is reused as a work meter. chatRecovery.maxRecoveryWork caps the produced content/tool units since an incident opened; exceeding it seals with reason="work_budget_exceeded". Defaults to Infinity — the SDK ships the mechanism but imposes no implicit cap, so it never terminates a progressing turn on its own.
  • New caller predicate. chatRecovery.shouldKeepRecovering(ctx) is consulted per recovery attempt from the second onward (only when no hard bound has already sealed the incident); returning false seals with reason="recovery_aborted". This is where integrators express token/cost/step budgets the SDK should not hardcode. A throwing predicate is logged and treated as "keep recovering".
  • The no-progress timeout is now configurable. chatRecovery.noProgressTimeoutMs (default 5 min, resets on progress) is the primary stuck-turn bound, now overridable per agent instead of a hardcoded constant.

  New public types from agents/chat: ChatRecoveryProgressContext. New ChatRecoveryConfig fields: maxRecoveryWork, shouldKeepRecovering, noProgressTimeoutMs. ChatRecoveryExhaustedContext.reason gains work_budget_exceeded and recovery_aborted; max_recovery_window_exceeded is retained as an open-string value but is no longer emitted.

  Both @cloudflare/ai-chat and @cloudflare/think (which carries its own copy of the recovery engine) are updated identically. Defaults are unchanged except that a progressing turn is no longer terminated by wall-clock age.

• #​1668 d40cc8a Thanks @​ghostwriternr! - Fix RPC resource leaks in workflows.

  Workflows that use waitForApproval() or ThinkWorkflow.prompt() now release their RPC stubs promptly, preventing resource leaks and the associated "RPC stub was not disposed" warnings in your logs.

• #​1679 c8d1d32 Thanks @​threepointone! - fix(sub-agents): a facet sub-agent no longer touches the root DO's WebSockets, fixing a production-only "Cannot perform I/O on behalf of a different Durable Object (Native)" crash (#​1677)

  A sub-agent (facet) that called setState(), broadcast(), or otherwise enumerated connections — directly or indirectly via the internal _broadcastProtocol() — could crash in production with Cannot perform I/O on behalf of a different Durable Object. ... (I/O type: Native). It reproduced when the root Agent held a live (hibernatable) WebSocket connection and the child facet was freshly bootstrapped; it never reproduced in wrangler dev/miniflare, which made it hard to catch.

  Root cause: the Agent overrides of getConnections() and getConnection() fell through to super.getConnections() / super.getConnection() for facets too. On a facet, that resolves to the host/root DO's hibernatable WebSockets, and reading their attachments from the facet's I/O context is a cross-DO native I/O access that workerd aborts. setState() tripped it only incidentally, because _broadcastProtocol() enumerates connections to compute its exclude list before sending anything.

  Fix: a facet's client connections are all virtual (real sockets owned by the root and bridged in), so getConnections()/getConnection() now return only the facet's virtual sub-agent connections and never fall through to the host DO's sockets. Delivery of facet state updates to clients connected directly to the sub-agent is unchanged.

• #​1670 5d64940 Thanks @​threepointone! - Fix: a deploy that interrupts an in-flight runAgentTool child no longer abandons the still-running child as interrupted.

  Parent recovery re-attaches to a still-running child and tails it to its real terminal. Previously that re-attach used a flat 120s wall-clock budget that was not reset by the child's forward progress, so a healthy child whose recovery legitimately ran longer than the budget was sealed interrupted (and its already-completed work re-run from scratch), even while it was actively streaming.

  The re-attach budget is now progress-keyed: it bounds how long the parent waits with no forward progress from the child (resetting on every forwarded chunk), so a genuinely hung/silent child still seals interrupted after one no-progress window and can never block recovery forever, while a healthy child that keeps streaming is followed through to terminal. The parent re-arms (opens a fresh tail) only when the child's stream closes cleanly while it is still advancing — i.e. a re-evicted-but-progressing child. A full no-progress window (the child went silent) seals no-progress immediately even if the child streamed earlier in that window; it no longer grants a bonus window. This is both the honest stall signal and what keeps at most one pending tail reader alive per re-attach (no per-cycle reader accumulation).

  @cloudflare/think and @cloudflare/ai-chat additionally finalize a child facet's own agent-tool run row as soon as its recovered turn settles — regardless of whether recovery took the continue path (_chatRecoveryContinue) or the pre-stream retry path (_chatRecoveryRetry) — so a re-attached parent collects the terminal result immediately instead of waiting out a full no-progress window after the child has already finished.

  This release also adds:

  • Typed interrupted cause. RunAgentToolResult, the agentTool() AgentToolFailure envelope, the onAgentToolFinish lifecycle result, and the agent-tool-event wire event (kind "interrupted") now carry a machine-readable reason (AgentToolInterruptedReason: "no-progress" | "window-exceeded" | "not-tailable" | "inspect-timeout" | "inspect-failed" | "recovery-deadline") and a childStillRunning boolean on interrupted results, so callers (and UIs) can branch on why a run was abandoned (and whether the child is still running) instead of pattern-matching the human-readable error prose. retryable stays coarse (always true for interrupted); refine with reason / childStillRunning. These fields are persisted (schema bump), so they survive a reconnect replay — a client that reconnects after an interrupt reconstructs the same reason / childStillRunning a live client saw, rather than undefined. The persisted cause is cleared when a soft interrupted row is later repaired to completed/error.
  • Configurable re-attach budgets. Two new public AgentStaticOptions — agentToolReattachNoProgressTimeoutMs (default 120000, the progress-keyed no-progress budget) and agentToolReattachMaxWindowMs (default Infinity — no implicit wall-clock cap) — let an Agent tune re-attach. The hard ceiling defaults to uncapped to mirror chat-recovery's maxRecoveryWork: Infinity: a re-attached parent follows a healthy, still-advancing child for as long as it makes progress — exactly as it would on the live (never-evicted) path — so it never abandons a long-running-but-healthy child that simply outlasts a fixed wall clock under deploy churn. A hung/silent child is bounded by the no-progress budget; a content-runaway is bounded uniformly (live and recovery) by the child's own maxRecoveryWork / shouldKeepRecovering. Integrators that want a hard wall-clock cap (and the window-exceeded child teardown it triggers) can set agentToolReattachMaxWindowMs to a finite value. Symmetrically, setting agentToolReattachNoProgressTimeoutMs to Infinity now means "never seal on no-progress" (a silent-but-alive child is followed until its stream closes or the hard ceiling fires) instead of silently skipping the wait — 0 remains the "don't wait, collect only an already-terminal child" sentinel.
  • Give-up teardown (ceiling only). When the parent gives up at the hard window-exceeded ceiling — where the child has had its full recovery window and is truly exhausted — it now cancels the child (childStillRunning: false) so it stops consuming a fiber / keep-alive. no-progress give-ups stay soft (childStillRunning: true): the child is left running so a re-issue can still re-attach and repair it if it self-heals, preserving the repair-on-re-issue path. In both @cloudflare/think and @cloudflare/ai-chat, cancelAgentToolRun also aborts an in-flight chat-recovery turn (not just the original in-isolate run) and releases live tails — Think sweeps its _submissionAbortControllers, ai-chat its request AbortRegistry (abortAllRequests) — so a torn-down child stops grinding instead of finishing an orphaned recovered turn.

• #​1680 8f9500a Thanks @​threepointone! - Remove the now-redundant _suppressProtocolBroadcasts facet-bootstrap guard.

  This flag was added in #​1425 to stop _broadcastProtocol() from enumerating the
  parent DO's WebSockets during facet bootstrap (the cross-DO Native I/O crash,
  #​1410/#​1677). The proper fix in #​1679 makes getConnections()/broadcast()
  facet-safe at the source — on a facet they return only virtual sub-agent
  connections and route through the parent bridge, never touching the parent's own
  sockets. With that, suppressing broadcasts during bootstrap is unnecessary, and
  removing it also lets legitimate state sync run during the bootstrap window.

  The separate request/WebSocket/email native-handle clearing from #​1425 is
  retained, since #​1679 does not cover that vector.

• #​1675 d915bc6 Thanks @​threepointone! - The skill runner now imports just-bash and @cloudflare/codemode statically instead of dynamically, and both have moved from optional peer dependencies to regular dependencies of agents. The dynamic imports were ineffective in bundled Workers (the bundler includes them eagerly regardless) and triggered INEFFECTIVE_DYNAMIC_IMPORT warnings when bundled alongside @cloudflare/think, which imports them statically. @cloudflare/think also now statically imports its internal ExtensionManager instead of dynamically, removing the third such warning.

• #​1662 df6c0d6 Thanks @​threepointone! - Add opt-in recovery for mid-turn context-window overflow.

  Compaction only fires between turns (Session.compactAfter checks the threshold on appendMessage). A single long, tool-heavy turn grows the prompt step-by-step inside one streamText loop and can exceed the model's context window mid-turn, before the next pre-turn check — the provider then 400s ("prompt is too long" / context_length_exceeded) and the turn dies terminally. Think deliberately ships no provider-specific error matching, so it could neither detect nor recover from this.

  This adds opt-in, provider-agnostic recovery (all default off — no behavior change unless enabled), configured through a single contextOverflow property on Think:

  • classifyChatError(error, ctx) — the app maps a raw error (or the in-stream error string) to a ChatErrorClassification ("context_overflow" | "rate_limit" | "transient" | "fatal" | "unknown"). Same framework-owns-the-mechanism / app-owns-the-provider-knowledge split as tokenCounter. The classification is also threaded to onChatError/observers via ChatErrorContext.classification. The bundled, exported defaultContextOverflowClassifier covers the common providers (Anthropic, OpenAI, Google, Bedrock, …) for apps that do not need custom classification.
  • contextOverflow.reactive + contextOverflow.maxRetries — when a turn fails with a context_overflow the app classified, Think discards the truncated partial, runs session.compact(), and re-runs the turn (bounded) from the compacted history instead of dying. The partial is intentionally not persisted: the retry restarts the turn from scratch, so keeping the cut-off partial would orphan a half-finished assistant message beside the recovered answer (and duplicate any tool work the retry re-issues). A no-op compaction or a spent budget surfaces the overflow terminally through onChatError with classification: "context_overflow" — never a silent end, never an infinite loop. Wired into the WebSocket, chat()/RPC, and programmatic (saveMessages/submitMessages) turn paths.
  • contextOverflow.proactive — a { maxInputTokens, headroom?, maxCompactions? } pre-step guard: when the previous step's model-reported usage.inputTokens crosses maxInputTokens * (headroom ?? 0.9), Think compacts in place and feeds the recompacted history into the upcoming step, heading off the provider 400 before it happens. Keys off model-reported usage (every provider reports it), not provider error strings. Bounded per step loop by its own maxCompactions (default 1, independent of the reactive maxRetries budget).

  Also adds a chat:context:compacted observability event (agents) emitted (once) on both proactive and reactive compaction.

  Notes:

  • Provider context-overflow errors always surface as in-stream error parts (confirmed against the AI SDK: streamText re-enqueues even top-level rejections as { type: "error" } fullStream parts, and toUIMessageStream passes them through without throwing), so the in-stream seam catches them on every path; the thrown-error catch path does not need separate wiring.
  • Recovery effectiveness depends on the app's compaction config — a no-op compaction cannot rescue an over-budget turn (handled gracefully: terminal, not a loop). A one-time warning fires if contextOverflow.reactive is enabled but classifyChatError was never overridden.

• #​1675 d915bc6 Thanks @​threepointone! - The agents/vite plugin now stubs turndown by default. turndown (pulled in transitively by just-bash for the workspace bash tool and skill runner) runs a top-level require() in its Node DOM fallback, which throws ReferenceError: require is not defined at Worker startup — even when the bash tool is never used. The plugin replaces it with an inert stub so Workers deploys stay clean. Opt out with agents({ stubTurndown: false }) if your app uses turndown directly.

v0.14.1

Compare Source

Patch Changes

• #​1659 f99f890 Thanks @​threepointone! - Recover one-shot scheduled work (alarms) killed by a "This script has been upgraded…" deploy/code-update, not just "Durable Object reset because its code was updated.".

  _executeScheduleCallback only re-runs a one-shot schedule row after a superseded-isolate error if the error matched /reset because its code was updated/i. The platform also surfaces the same failure class as "This script has been upgraded. Please send a new request to connect to the new version." (a stub/connection to a superseded script), which fell through to the swallow-and-delete branch — the one-shot row was deleted and the work abandoned. For a queued submission this orphaned the pending row with no driver (no alarm, no retry) until something unrelated woke the Durable Object, leaving the user on an indefinite spinner.

  The superseded-isolate matcher now recognizes both messages, so either causes the row to be preserved and re-run on the fresh isolate under the at-least-once alarm guarantee. "Network connection lost." is intentionally not included (it is a connection error that may succeed on in-process retry, not an isolate replacement).

• #​1661 41315b6 Thanks @​threepointone! - Enforce the tool_use.input invariant at the chat write boundary.

  A streamed tool call that finishes with no input_json_delta events (the model called the tool with no args), or whose input surfaces as a stringified JSON blob, could persist a non-object input — null, undefined, "", an array, or a raw string. The Anthropic Messages API requires tool_use.input to be a JSON object and rejects every subsequent turn with tool_use.input: Input should be an object (verified against the live API: {} → 200, but "", [], and [{...}] all → 400). Because the bad shape lives in durable storage, the session is wedged across reconnects, redeploys, and DO evictions.

  applyChunkToParts (the shared accumulator used by @cloudflare/ai-chat and @cloudflare/think) now normalizes the finalized tool input on tool-input-available / tool-input-error: a plain object passes through untouched, a stringified-JSON object is parsed, and everything else (null/undefined/""/arrays/primitives/unparseable strings) collapses to {}. A new normalizeToolInput helper is exported from agents/chat so read-side transcript repair can enforce the same invariant.

• #​1665 13d6db0 Thanks @​threepointone! - Await Chat SDK state-agent cleanup scheduling during startup so tests and short-lived worker isolates do not leave dangling cleanup work.

• #​1666 01a0b35 Thanks @​dcartertwo! - Fix MCP OAuth PKCE verifier lookup for overlapping authorization attempts.

  DurableObjectOAuthClientProvider now binds pending PKCE verifiers to the OAuth callback state instead of storing a single verifier per client/server. Callback handling runs token exchange and verifier cleanup in the returned state's context, so older auth windows and retry churn no longer exchange an authorization code with another attempt's verifier.

v0.14.0

Compare Source

Minor Changes

• #​1623 4c8b371 Thanks @​threepointone! - agentTool() now returns a structured failure envelope instead of an opaque error string, so a parent agent can tell a transient interruption apart from a terminal failure.

  Previously every non-completed sub-agent run collapsed to { ok: false, error: string }. A child that was reset/superseded by a deploy or parent recovery (interrupted) looked identical to a genuine failure or an intentional cancellation, so the parent model would often parrot the interruption text back to the user as if the work had permanently failed.

  The failure value is now AgentToolFailure:

  type AgentToolFailure = {
    ok: false;
    status: "error" | "aborted" | "interrupted";
    error: string; // still human-readable
    retryable: boolean;
  };

  • interrupted → retryable: true (the run never reached a logical outcome; re-dispatching can succeed), and now surfaces the underlying interruption reason via error.
  • aborted (intentional cancellation) and error (genuine failure) → retryable: false.

  This is backward compatible for consumers that read ok/error; the new status and retryable fields let an orchestration harness (or a parent prompt convention) re-run an interrupted sub-agent automatically rather than reporting it as final. AgentToolFailure is exported from agents.

• #​1636 f5a0d00 Thanks @​threepointone! - Expose recovery incident identity and enrich the onExhausted payload so
  products can build a terminal-state policy without re-deriving anything (#​1631).

  • ChatRecoveryContext (the onChatRecovery argument) now includes
    recoveryRootRequestId — the stable request ID for the whole continuation
    chain. Unlike requestId, it doesn't change across chained continuations, so
    it's the right key for per-incident budget tracking / fresh-incident detection
    without re-deriving identity from message IDs.
  • ChatRecoveryExhaustedContext (the onExhausted argument) now carries
    recoveryRootRequestId, terminalMessage (the exact text shown to the user),
    partialText / partialParts (what the turn produced before it was given up
    on), and streamId / createdAt — enough to render or persist a user-facing
    terminal banner AND emit correlated terminal telemetry (e.g. time-since-turn-start,
    stream correlation) directly, without re-deriving anything.

  All fields are additive. Applied across agents (shared types),
  @cloudflare/think, and @cloudflare/ai-chat.

• #​1584 87006e2 Thanks @​threepointone! - Add a framework-agnostic Agent Skills engine at agents/skills: skill sources (fromManifest, R2), a SkillRegistry that produces a catalog prompt and AI SDK activation tools (activate_skill, read_skill_resource, run_skill_script), binary-safe resource reads, and qualified cross-skill resource paths. Bundled skills are imported through the Agents Vite plugin with the agents:skills specifier (defaulting to a ./skills directory), typed via ambi

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "on Monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: apps/playground/pnpm-lock.yaml

Scope: all 5 workspace projects
? Verifying lockfile against supply-chain policies (1980 entries)...
✓ Lockfile passes supply-chain policies (1980 entries in 13.5s)
../..                                    | Progress: resolved 1, reused 0, downloaded 0, added 0
../..                                    | Progress: resolved 38, reused 0, downloaded 1, added 0
../..                                    | Progress: resolved 122, reused 0, downloaded 1, added 0
../..                                    | Progress: resolved 239, reused 0, downloaded 1, added 0
../..                                    | Progress: resolved 395, reused 0, downloaded 1, added 0
../..                                    | Progress: resolved 538, reused 0, downloaded 1, added 0
../..                                    | Progress: resolved 640, reused 0, downloaded 1, added 0
../..                                    | Progress: resolved 696, reused 0, downloaded 1, added 0
../..                                    | Progress: resolved 793, reused 0, downloaded 1, added 0
../..                                    | Progress: resolved 802, reused 0, downloaded 1, added 0
../..                                    | Progress: resolved 940, reused 0, downloaded 1, added 0
../..                                    | Progress: resolved 983, reused 0, downloaded 1, added 0
../..                                    | Progress: resolved 1003, reused 0, downloaded 1, added 0
../..                                    | Progress: resolved 1150, reused 0, downloaded 1, added 0
../..                                    | Progress: resolved 1177, reused 0, downloaded 1, added 0
../..                                    | Progress: resolved 1214, reused 0, downloaded 1, added 0
../..                                    | Progress: resolved 1260, reused 0, downloaded 1, added 0
../..                                    | Progress: resolved 1309, reused 0, downloaded 1, added 0
../..                                    | Progress: resolved 1339, reused 0, downloaded 1, added 0
../..                                    | Progress: resolved 1349, reused 0, downloaded 1, added 0
../..                                    | Progress: resolved 1364, reused 0, downloaded 1, added 0
../..                                    | Progress: resolved 1387, reused 0, downloaded 1, added 0
../..                                    | Progress: resolved 1426, reused 0, downloaded 1, added 0
[WARN] Request took 11118ms: https://registry.npmjs.org/@typescript-eslint%2Ftypescript-estree
../..                                    | Progress: resolved 1474, reused 0, downloaded 1, added 0
../..                                    | Progress: resolved 1696, reused 0, downloaded 1, added 0
../..                                    | Progress: resolved 1858, reused 0, downloaded 1, added 0
../..                                    | Progress: resolved 2007, reused 0, downloaded 1, added 0
../..                                    | Progress: resolved 2054, reused 0, downloaded 1, added 0
[WARN] Request took 17293ms: https://registry.npmjs.org/drizzle-orm
[ERR_PNPM_NO_MATURE_MATCHING_VERSION] 1 version does not meet the minimumReleaseAge constraint:
  agents@0.14.4 was published at 2026-06-07T00:14:49.166Z, within the minimumReleaseAge cutoff (2026-06-06T03:14:37.019Z)

File name: pnpm-lock.yaml

Scope: all 5 workspace projects
Progress: resolved 1, reused 0, downloaded 0, added 0
Progress: resolved 38, reused 0, downloaded 0, added 0
Progress: resolved 112, reused 0, downloaded 1, added 0
Progress: resolved 245, reused 0, downloaded 1, added 0
Progress: resolved 423, reused 0, downloaded 1, added 0
Progress: resolved 541, reused 0, downloaded 1, added 0
Progress: resolved 578, reused 0, downloaded 1, added 0
Progress: resolved 613, reused 0, downloaded 1, added 0
Progress: resolved 705, reused 0, downloaded 1, added 0
Progress: resolved 848, reused 0, downloaded 1, added 0
Progress: resolved 1025, reused 0, downloaded 1, added 0
Progress: resolved 1136, reused 0, downloaded 1, added 0
Progress: resolved 1166, reused 0, downloaded 1, added 0
Progress: resolved 1180, reused 0, downloaded 1, added 0
Progress: resolved 1230, reused 0, downloaded 1, added 0
Progress: resolved 1334, reused 0, downloaded 1, added 0
Progress: resolved 1531, reused 0, downloaded 1, added 0
Progress: resolved 1719, reused 0, downloaded 1, added 0
Progress: resolved 1824, reused 0, downloaded 1, added 0
Progress: resolved 1950, reused 0, downloaded 1, added 0
Progress: resolved 2050, reused 0, downloaded 1, added 0
Progress: resolved 2054, reused 0, downloaded 1, added 0
[ERR_PNPM_NO_MATURE_MATCHING_VERSION] 1 version does not meet the minimumReleaseAge constraint:
  agents@0.14.4 was published at 2026-06-07T00:14:49.166Z, within the minimumReleaseAge cutoff (2026-06-06T03:15:32.835Z)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
nuxt-mcp-toolkit-docs	Error		Jun 8, 2026 3:16am