agents 0.14.4 → 0.15.0

package/dist/{agent-tool-types-V25Z_HcX.d.ts → agent-tool-types-VPsjVYL0.d.ts}

@@ -60,6 +60,12 @@ import {
   Tool as Tool$1
 } from "@modelcontextprotocol/sdk/types.js";
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import {
+  EventStore as EventStore$1,
+  StreamId as StreamId$1,
+  WebStandardStreamableHTTPServerTransport,
+  WebStandardStreamableHTTPServerTransportOptions
+} from "@modelcontextprotocol/sdk/server/webStandardStreamableHttp.js";
 import { RequestOptions } from "@modelcontextprotocol/sdk/shared/protocol.js";
 import {
   Transport,
@@ -72,10 +78,7 @@ import {
   EventStore,
   StreamId
 } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
-import {
-  EventStore as EventStore$1,
-  StreamId as StreamId$1
-} from "@modelcontextprotocol/sdk/server/webStandardStreamableHttp.js";
+import { AuthInfo } from "@modelcontextprotocol/sdk/server/auth/types.js";
 
 //#region src/sub-routing.d.ts
 /**
@@ -240,136 +243,150 @@ declare class StreamableHTTPEdgeClientTransport extends StreamableHTTPClientTran
 }
 //#endregion
 //#region src/mcp/worker-transport.d.ts
+/**
+ * Pluggable storage adapter for persisting `WorkerTransport` state across
+ * Durable Object hibernation / restart cycles.
+ *
+ * A typical implementation reads/writes a single key on `this.ctx.storage`
+ * inside a Durable Object or Agent.
+ */
 interface MCPStorageApi {
   get(): Promise<TransportState | undefined> | TransportState | undefined;
   set(state: TransportState): Promise<void> | void;
 }
+/** Shape of the persisted transport state. */
 interface TransportState {
   sessionId?: string;
   initialized: boolean;
   initializeParams?: InitializeRequestParams;
 }
-interface WorkerTransportOptions {
-  /**
-   * Function that generates a session ID for the transport.
-   * The session ID SHOULD be globally unique and cryptographically secure.
-   * Return undefined to disable session management (stateless mode).
-   */
-  sessionIdGenerator?: () => string;
-  /**
-   * Enable traditional Request/Response mode, this will disable streaming.
-   */
-  enableJsonResponse?: boolean;
-  /**
-   * Callback fired when a new session is initialized.
-   */
-  onsessioninitialized?: (sessionId: string) => void;
+interface WorkerTransportOptions extends WebStandardStreamableHTTPServerTransportOptions {
   /**
-   * Callback fired when a session is closed via DELETE request.
+   * CORS options applied to every response and to OPTIONS preflight.
+   * Defaults: `origin: *`, expose `mcp-session-id`, allow the standard MCP
+   * methods/headers, max-age 86400.
    */
-  onsessionclosed?: (sessionId: string) => void;
   corsOptions?: CORSOptions;
   /**
-   * Optional storage api for persisting transport state.
-   * Use this to store session state in Durable Object/Agent storage
-   * so it survives hibernation/restart.
+   * Optional storage adapter for persisting transport state across DO
+   * hibernation / restart. Use this to keep an MCP session alive across
+   * Durable Object wake-ups.
    */
   storage?: MCPStorageApi;
-  /**
-   * Event store for SSE resumability.
-   *
-   * When set, the transport assigns a globally-unique `id:` to each SSE
-   * event and replays missed events when a client reconnects with the
-   * `Last-Event-ID` header. Both GET (standalone listen stream) and POST
-   * (tool response stream) events are stored and replayable per the
-   * MCP 2025-03-26 spec.
-   *
-   * Configuring an event store **disables the server-side keepalive**
-   * on the standalone GET stream — idle drops are recovered by
-   * reconnect rather than prevented by writing bytes. Without an event
-   * store, the GET stream still gets the 25s comment-frame keepalive
-   * so long-lived idle listeners aren't closed by the Cloudflare edge
-   * ~5min watchdog.
-   *
-   * POST response streams always get the keepalive regardless of this
-   * setting: in-progress tool calls have no way to recover
-   * mid-execution without staying connected, so we don't let the
-   * stream drop in the first place.
-   *
-   * Bring your own {@link EventStore} implementation — e.g.
-   * `new DurableObjectEventStore(this.ctx.storage)` when embedding
-   * `WorkerTransport` inside a Durable Object / Agent. See
-   * cloudflare/agents#1583.
-   */
-  eventStore?: EventStore;
-  /**
-   * Retry interval in milliseconds to suggest to clients in SSE retry field.
-   * Controls client reconnection timing for polling behavior.
-   */
-  retryInterval?: number;
 }
-declare class WorkerTransport implements Transport {
-  started: boolean;
-  private initialized;
-  private sessionIdGenerator?;
-  private enableJsonResponse;
-  private onsessioninitialized?;
-  private onsessionclosed?;
-  private standaloneSseStreamId;
-  private streamMapping;
-  private requestToStreamMapping;
-  private requestResponseMap;
-  private corsOptions?;
-  private storage?;
-  private stateRestored;
-  private eventStore?;
-  private retryInterval?;
-  private initializeParams?;
-  sessionId?: string;
-  onclose?: () => void;
-  onerror?: (error: Error) => void;
-  onmessage?: (message: JSONRPCMessage, extra?: MessageExtraInfo) => void;
+declare class WorkerTransport extends WebStandardStreamableHTTPServerTransport {
+  private readonly _corsOptions?;
+  private readonly _storage?;
+  private _stateRestored;
+  private _capturedInitializeParams?;
+  private _userOnSessionInitialized?;
+  private _bridgeInstalled;
+  /**
+   * Tracks keepalive interval cleanups so we can fire them eagerly when the
+   * SDK closes the underlying SSE stream via `closeSSEStream(requestId)` or
+   * `closeStandaloneSSEStream()`. Keyed by the JSON-RPC request id that
+   * triggered the stream, or the sentinel for the standalone GET stream.
+   */
+  private readonly _keepaliveCleanups;
+  /**
+   * Most recent JSON-RPC request id seen on an incoming POST. Used to key
+   * keepalive cleanups when the response is an SSE stream tied to that
+   * request (so `closeSSEStream(id)` can find and clear the interval).
+   */
+  private _pendingRequestId?;
+  /**
+   * Request ids whose SSE stream was deliberately torn down via
+   * `closeSSEStream`. The SDK's `send()` throws "No connection established"
+   * when a request id has no stream — a race that surfaces whenever the
+   * server's tool handler resolves *after* the caller closed the stream
+   * (e.g. polling-style early-close, or test fixtures closing mid-flight).
+   * We swallow `send()` for these ids so the rejection doesn't bubble out
+   * of the protocol layer as an unhandled rejection. Mirrors the
+   * silent-noop behaviour of the pre-refactor `WorkerTransport`.
+   */
+  private readonly _closedRequestIds;
   constructor(options?: WorkerTransportOptions);
   /**
-   * Restore transport state from persistent storage.
-   * This is automatically called on start.
+   * Backwards-compatible alias for the SDK's internal `_started` flag.
+   * Several callers and tests check `transport.started` directly.
    */
-  private restoreState;
+  get started(): boolean;
   /**
-   * Persist current transport state to storage.
+   * Top-level request entry point. Handles CORS preflight, restores any
+   * persisted state on first invocation, then delegates to the SDK transport
+   * and finally appends CORS headers + keepalive to whatever response comes
+   * back.
    */
-  private saveState;
-  start(): Promise<void>;
+  handleRequest(
+    request: Request,
+    options?: {
+      parsedBody?: unknown;
+      authInfo?: AuthInfo;
+    }
+  ): Promise<Response>;
   /**
-   * Validates the MCP-Protocol-Version header on incoming requests.
-   *
-   * This performs a simple check: if a version header is present, it must be
-   * in the SUPPORTED_PROTOCOL_VERSIONS list. We do not track the negotiated
-   * version or enforce version consistency across requests - the SDK handles
-   * version negotiation during initialization, and we simply reject any
-   * explicitly unsupported versions.
-   *
-   * - Header present and supported: Accept
-   * - Header present and unsupported: 400 Bad Request
-   * - Header missing: Accept (version validation is optional)
-   */
-  private validateProtocolVersion;
-  private getHeaders;
-  handleRequest(request: Request, parsedBody?: unknown): Promise<Response>;
-  private handleGetRequest;
-  private handlePostRequest;
-  private handleDeleteRequest;
-  private handleOptionsRequest;
-  private handleUnsupportedRequest;
-  private validateSession;
+   * The SDK's 405 responses advertise `Allow: GET, POST, DELETE` because
+   * OPTIONS is handled outside the SDK. Since our wrapper *does* handle
+   * OPTIONS, advertise it in `Allow` so clients can probe accurately.
+   */
+  private normalizeAllowHeader;
+  closeSSEStream(requestId: RequestId): void;
+  closeStandaloneSSEStream(): void;
   close(): Promise<void>;
   /**
-   * Close an SSE stream for a specific request, triggering client reconnection.
-   * Use this to implement polling behavior during long-running operations -
-   * client will reconnect after the retry interval specified in the priming event.
+   * Swallow two classes of message that would otherwise surface as
+   * unhandled rejections from the SDK transport's `send()`:
+   *
+   *   1. Replayed initialize responses (the `RESTORE_REQUEST_ID` sentinel)
+   *      — we synthesise these in `restoreState()` to rebuild server
+   *      capabilities; there's no real client waiting for the response.
+   *   2. Sends for a request id whose SSE stream has been deliberately
+   *      closed via `closeSSEStream`. The protocol layer's tool-handler
+   *      promise may settle after the close, and the SDK's `send()` throws
+   *      "No connection established" — a race the pre-refactor transport
+   *      silently swallowed.
+   *
+   * Everything else is delegated. We use `await super.send(...)` rather
+   * than `return super.send(...)` so any rejection is observed inside this
+   * async frame; without the await, the test runner's
+   * unhandled-rejection tracker can fire before the caller's own `await`
+   * observes it.
    */
-  closeSSEStream(requestId: RequestId): void;
   send(message: JSONRPCMessage, options?: TransportSendOptions): Promise<void>;
+  /**
+   * If the response is an SSE stream, tee the body through a TransformStream
+   * that injects a `: keepalive\n\n` comment frame every 25s. The interval
+   * is cleared when the wrapped stream closes — which happens both when the
+   * SDK ends the underlying stream naturally and when `closeSSEStream` is
+   * called.
+   *
+   * Keepalive policy:
+   *   - POST response streams (`key` is a request id): always keepalive.
+   *     In-progress tool calls have no recovery path — if the stream drops
+   *     mid-execution the result is lost — so we keep it under the
+   *     Cloudflare edge ~5min idle watchdog.
+   *   - Standalone GET stream (`key === "_standalone"`): keepalive only
+   *     when no `eventStore` is configured. When resumability is enabled,
+   *     clients reconnect with `Last-Event-ID` after an idle drop, so we
+   *     skip the keepalive and let the DO hibernate.
+   *
+   * Uses the shared `sse-keepalive` constants so both this wrapper and
+   * `McpAgent.serve()` write identical frames at the same cadence.
+   * See cloudflare/agents#1583.
+   */
+  private withKeepalive;
+  /**
+   * Does the SDK transport have an `eventStore`? Reaches into the SDK's
+   * private field because the option isn't surfaced on the public API —
+   * we only need a yes/no for keepalive policy.
+   */
+  private eventStoreConfigured;
+  private getCorsHeaders;
+  private withCorsHeaders;
+  private installOnSessionInitializedBridge;
+  private captureInitializeParams;
+  private restoreState;
+  private saveState;
 }
 //#endregion
 //#region src/mcp/auth-context.d.ts
@@ -4777,4 +4794,4 @@ export {
   MCPServer as z,
   WorkerTransport as zt
 };
-//# sourceMappingURL=agent-tool-types-V25Z_HcX.d.ts.map
+//# sourceMappingURL=agent-tool-types-VPsjVYL0.d.ts.map

package/dist/agent-tool-types.d.ts

@@ -16,7 +16,7 @@ import {
   s as AgentToolInterruptedReason,
   t as AgentToolChildAdapter,
   u as AgentToolRunInspection
-} from "./agent-tool-types-V25Z_HcX.js";
+} from "./agent-tool-types-VPsjVYL0.js";
 export {
   AgentToolChildAdapter,
   AgentToolDisplayMetadata,

package/dist/{agent-tools-C-9s151X.d.ts → agent-tools-BGpgfpJT.d.ts}

@@ -1,7 +1,7 @@
 import {
   a as AgentToolEventState,
   i as AgentToolEventMessage
-} from "./agent-tool-types-V25Z_HcX.js";
+} from "./agent-tool-types-VPsjVYL0.js";
 
 //#region src/chat/agent-tools.d.ts
 declare function createAgentToolEventState(): AgentToolEventState;
@@ -11,4 +11,4 @@ declare function applyAgentToolEvent(
 ): AgentToolEventState;
 //#endregion
 export { createAgentToolEventState as n, applyAgentToolEvent as t };
-//# sourceMappingURL=agent-tools-C-9s151X.d.ts.map
+//# sourceMappingURL=agent-tools-BGpgfpJT.d.ts.map

package/dist/agent-tools.d.ts

@@ -16,7 +16,7 @@ import {
   s as AgentToolInterruptedReason,
   t as AgentToolChildAdapter,
   u as AgentToolRunInspection
-} from "./agent-tool-types-V25Z_HcX.js";
+} from "./agent-tool-types-VPsjVYL0.js";
 import { Tool } from "ai";
 
 //#region src/agent-tools.d.ts

package/dist/chat/index.d.ts

@@ -3,11 +3,11 @@ import {
   d as AgentToolRunState,
   i as AgentToolEventMessage,
   r as AgentToolEvent
-} from "../agent-tool-types-V25Z_HcX.js";
+} from "../agent-tool-types-VPsjVYL0.js";
 import {
   n as createAgentToolEventState,
   t as applyAgentToolEvent
-} from "../agent-tools-C-9s151X.js";
+} from "../agent-tools-BGpgfpJT.js";
 import { JSONSchema7, Tool, ToolSet, UIMessage } from "ai";
 import { Connection } from "agents";
 

package/dist/chat-sdk/index.d.ts

@@ -2,7 +2,7 @@ import {
   b as Agent,
   et as SubAgentClass,
   tt as SubAgentStub
-} from "../agent-tool-types-V25Z_HcX.js";
+} from "../agent-tool-types-VPsjVYL0.js";
 import { Lock, QueueEntry, StateAdapter } from "chat";
 
 //#region src/chat-sdk/agent.d.ts

package/dist/client.d.ts

@@ -1,4 +1,4 @@
-import { b as Agent } from "./agent-tool-types-V25Z_HcX.js";
+import { b as Agent } from "./agent-tool-types-VPsjVYL0.js";
 import {
   ClientParameters,
   Method,

package/dist/index.d.ts

@@ -71,7 +71,8 @@ import {
   xt as normalizeServerId,
   y as AddRpcMcpServerOptions,
   z as MCPServer
-} from "./agent-tool-types-V25Z_HcX.js";
+} from "./agent-tool-types-VPsjVYL0.js";
+import { n as camelCaseToKebabCase } from "./utils-CGtGDSgA.js";
 import { t as RetryOptions } from "./retries-CF_HKSlJ.js";
 import {
   n as AgentsOAuthProvider,
@@ -148,6 +149,7 @@ export {
   type WSMessage,
   __DO_NOT_USE_WILL_BREAK__agentContext,
   callable,
+  camelCaseToKebabCase,
   createHeaderBasedEmailResolver,
   getAgentByName,
   getCurrentAgent,

package/dist/index.js

@@ -6374,6 +6374,6 @@ var StreamingResponse = class {
 	}
 };
 //#endregion
-export { Agent, DEFAULT_AGENT_STATIC_OPTIONS, DurableObjectOAuthClientProvider, MCP_SERVER_ID_MAX_LENGTH, MessageType, SUB_PREFIX, SqlError, StreamingResponse, __DO_NOT_USE_WILL_BREAK__agentContext, callable, createHeaderBasedEmailResolver, getAgentByName, getCurrentAgent, getSubAgentByName, normalizeServerId, parseSubAgentPath, routeAgentEmail, routeAgentRequest, routeSubAgentRequest, unstable_callable };
+export { Agent, DEFAULT_AGENT_STATIC_OPTIONS, DurableObjectOAuthClientProvider, MCP_SERVER_ID_MAX_LENGTH, MessageType, SUB_PREFIX, SqlError, StreamingResponse, __DO_NOT_USE_WILL_BREAK__agentContext, callable, camelCaseToKebabCase, createHeaderBasedEmailResolver, getAgentByName, getCurrentAgent, getSubAgentByName, normalizeServerId, parseSubAgentPath, routeAgentEmail, routeAgentRequest, routeSubAgentRequest, unstable_callable };
 
 //# sourceMappingURL=index.js.map