CHANGELOG.md

@cloudflare/codemode

0.3.8

Patch Changes

• #1555 2d45abd Thanks @mattzcarey! - Default openApiMcpServer to the MCP SDK's Workers-safe JSON schema validator so elicitation response validation does not rely on runtime code generation.

0.3.7

Patch Changes

• #1547 f739ec9 Thanks @mattzcarey! - Dispatch all codemode tool calls positionally and remove provider-level positionalArgs configuration.

0.3.6

Patch Changes

• #1521 2911bae Thanks @mattzcarey! - Preserve binary values across codemode tool calls so Uint8Array arguments and results survive the sandbox boundary. This fixes state.writeFileBytes() from codemode with byte arrays and keeps readFileBytes() results as Uint8Array values.

• #1523 5f1376f Thanks @mattzcarey! - Remove the echoed source code field from codemode tool results. Successful sandbox executions now return only the execution result and any captured logs.

0.3.5

Patch Changes

• #1468 186a2a4 Thanks @mattzcarey! - Add a browser-safe codemode export with an iframe sandbox executor and browser tool helper. Harden iframe message handling with nonce-scoped messages, reject sanitized tool name collisions, and keep tools with needsApproval: false.

• #1470 1033fa2 Thanks @mattzcarey! - Resolve OpenAPI specs inside the codemode sandbox to avoid Worker Loader RPC size limits for heavily-referenced specs.

• #1508 13acffe Thanks @threepointone! - fix(codemode): harden OpenAPI sandbox ref handling

0.3.4

Patch Changes

• #1266 d5dbf45 Thanks @threepointone! - Add optional description to codeMcpServer, matching the existing option on createCodeTool. Supports {{types}} and {{example}} placeholders; falls back to the built-in default when omitted.

• c5ca556 Thanks @threepointone! - Fix @tanstack/ai peer dependency range from ^0.8.0 to >=0.8.0 <1.0.0. The caret range for pre-1.0 packages only allows >=0.8.0 <0.9.0, which excluded the current 0.10.0 release.

0.3.3

Patch Changes

• #1248 c74b615 Thanks @threepointone! - Update dependencies

0.3.2

Patch Changes

• #1204 39d8d62 Thanks @threepointone! - Unwrap MCP content wrappers in codeMcpServer so sandbox code sees plain values instead of raw { content: [{ type: "text", text }] } objects. Error responses (isError) now throw proper exceptions catchable via try/catch, and structuredContent is returned directly when present.

0.3.1

Patch Changes

• #1181 e9bace9 Thanks @threepointone! - Fix createCodeTool dropping positionalArgs from providers, causing multi-argument tool calls (e.g. stateTools) to silently lose arguments after the first.

0.3.0

Minor Changes

• #1138 36e2020 Thanks @threepointone! - Drop Zod v3 from peer dependency range — now requires zod ^4.0.0. Replace dynamic import("ai") with z.fromJSONSchema() from Zod 4 for MCP tool schema conversion, removing the ai runtime dependency from the agents core. Remove ensureJsonSchema().

Patch Changes

• #1149 47ce125 Thanks @threepointone! - feat: add TanStack AI integration (@cloudflare/codemode/tanstack-ai)

  New entry point for using codemode with TanStack AI's chat() instead of the Vercel AI SDK's streamText().

  import {
    createCodeTool,
    tanstackTools
  } from "@cloudflare/codemode/tanstack-ai";
  import { chat } from "@tanstack/ai";
  
  const codeTool = createCodeTool({
    tools: [tanstackTools(myServerTools)],
    executor
  });
  
  const stream = chat({ adapter, tools: [codeTool], messages });

  Exports:

  • createCodeTool — returns a TanStack AI ServerTool (via toolDefinition().server())
  • tanstackTools — converts a TanStackTool[] into a ToolProvider with pre-generated types
  • generateTypes — generates TypeScript type definitions from TanStack AI tools
  • resolveProvider — re-exported framework-agnostic provider resolver

  Internal cleanup: extracted resolveProvider into a framework-agnostic resolve.ts module so the main entry (@cloudflare/codemode) no longer pulls in the ai package at runtime. Shared constants and helpers moved to shared.ts to avoid duplication between the AI SDK and TanStack AI entry points.

0.2.2

Patch Changes

• #1122 a16e74d Thanks @threepointone! - Add ToolProvider interface for composing tools from multiple sources into a single codemode sandbox. createCodeTool now accepts a ToolProvider[] alongside raw tool sets. Each provider contributes tools under a named namespace (e.g. state.*, mcp.*) with the default being codemode.*. Providers with positionalArgs: true use natural function signatures (state.readFile("/path")) instead of single-object args. The old executor.execute(code, fns) signature is deprecated but still works with a warning.

0.2.1

Patch Changes

• #1114 5d88b81 Thanks @mattzcarey! - Add @cloudflare/codemode/mcp barrel export with two functions:

  • codeMcpServer({ server, executor }) — wraps an MCP server with a single code tool where each upstream tool becomes a typed codemode.* method
  • openApiMcpServer({ spec, executor, request }) — creates search + execute MCP tools from an OpenAPI spec with host-side request proxying and automatic $ref resolution

• #1113 1264372 Thanks @mattzcarey! - Add optional modules option to DynamicWorkerExecutorOptions to allow injecting custom ES modules into the sandbox

• #1117 9837adc Thanks @mattzcarey! - DynamicWorkerExecutor now normalizes code and sanitizes tool names internally. Users no longer need to call normalizeCode() or sanitizeToolName() before passing code/fns to execute().

0.2.0

Minor Changes

• #1102 f07ef51 Thanks @mattzcarey! - BREAKING: generateTypes and ToolDescriptor/ToolDescriptors types are no longer exported from the main entry point. Import them from @cloudflare/codemode/ai instead:

  // Before
  import { generateTypes } from "@cloudflare/codemode";
  
  // After
  import { generateTypes } from "@cloudflare/codemode/ai";

  The main entry point (@cloudflare/codemode) no longer requires the ai or zod peer dependencies. It now exports:

  • sanitizeToolName — sanitize tool names into valid JS identifiers
  • normalizeCode — normalize LLM-generated code into async arrow functions
  • generateTypesFromJsonSchema — generate TypeScript type definitions from plain JSON Schema (no AI SDK needed)
  • jsonSchemaToType — convert a JSON Schema to a TypeScript type declaration string
  • DynamicWorkerExecutor, ToolDispatcher — sandboxed code execution
  • JsonSchemaToolDescriptor / JsonSchemaToolDescriptors — types for the JSON Schema API

  The ai and zod peer dependencies are now optional — only required when importing from @cloudflare/codemode/ai.

0.1.3

Patch Changes

• #1092 c2df742 Thanks @mattzcarey! - Export normalizeCode utility function for use by consumers that need to normalize user-provided code to async arrow function format before sandbox execution.

• #1074 33b92d5 Thanks @mattzcarey! - Remove zod-to-ts dependency to reduce bundle size. Zod schemas are now converted to TypeScript strings via JSON Schema using the existing jsonSchemaToTypeString() function and AI SDK's asSchema().

0.1.2

Patch Changes

• #1020 70ebb05 Thanks @threepointone! - udpate dependencies

0.1.1

Patch Changes

• #962 ef46d68 Thanks @tumberger! - Validate tool arguments against Zod schema before execution in codemode sandbox

• #973 969fbff Thanks @threepointone! - Update dependencies

• #960 179b8cb Thanks @mattzcarey! - Harden JSON Schema to TypeScript converter for production use

  • Add depth and circular reference guards to prevent stack overflows on recursive or deeply nested schemas
  • Add $ref resolution for internal JSON Pointers (#/definitions/..., #/$defs/..., #)
  • Add tuple support (prefixItems for JSON Schema 2020-12, array items for draft-07)
  • Add OpenAPI 3.0 nullable: true support across all schema branches
  • Fix string escaping in enum/const values, property names (control chars, U+2028/U+2029), and JSDoc comments (*/)
  • Add per-tool error isolation in generateTypes() so one malformed schema cannot crash the pipeline
  • Guard missing inputSchema in getAITools() with a fallback to { type: "object" }
  • Add per-tool error isolation in getAITools() so one bad MCP tool does not break the entire tool set

• #961 f6aa79f Thanks @mattzcarey! - Updated default tool prompt to explicitly request JavaScript code from LLMs, preventing TypeScript syntax errors in the Dynamic Worker executor.

0.1.0

Minor Changes

• #879 90e54da Thanks @mattzcarey! - Remove experimental_codemode() and CodeModeProxy. Replace with createCodeTool() from @cloudflare/codemode/ai which returns a standard AI SDK Tool. The package no longer owns an LLM call or model choice. Users call streamText/generateText with their own model and pass the codemode tool.

  The AI-dependent export (createCodeTool) is now at @cloudflare/codemode/ai. The root export (@cloudflare/codemode) contains the executor, type generation, and utilities which do not require the ai peer dependency.

  ToolDispatcher (extends RpcTarget) replaces CodeModeProxy (extends WorkerEntrypoint) for dispatching tool calls from the sandbox back to the host. It is passed as a parameter to the dynamic worker's evaluate() method instead of being injected as an env binding, removing the need for CodeModeProxy and globalOutbound service bindings. Only a WorkerLoader binding is required now. globalOutbound on DynamicWorkerExecutor defaults to null which blocks fetch/connect at the runtime level. New Executor interface (execute(code, fns) => ExecuteResult) allows custom sandbox implementations. DynamicWorkerExecutor is the Cloudflare Workers implementation. Console output captured in ExecuteResult.logs. Configurable execution timeout.

  AST-based code normalization via acorn replaces regex. sanitizeToolName() exported for converting MCP-style tool names to valid JS identifiers.

Patch Changes

• #954 943c407 Thanks @threepointone! - update dependencies

0.0.8

Patch Changes

• #916 24e16e0 Thanks @threepointone! - Widen peer dependency ranges across packages to prevent cascading major bumps during 0.x minor releases. Mark @cloudflare/ai-chat and @cloudflare/codemode as optional peer dependencies of agents to fix unmet peer dependency warnings during installation.

0.0.7

Patch Changes

• #849 21a7977 Thanks @Muhammad-Bin-Ali! - Allow configurable model in experimental_codemode instead of hardcoded gpt-4.1

• #859 3de98a3 Thanks @threepointone! - broaden peer deps

• #865 c3211d0 Thanks @threepointone! - update dependencies

0.0.6

Patch Changes

• #813 7aebab3 Thanks @threepointone! - update dependencies

• #800 a54edf5 Thanks @threepointone! - Update dependencies

• #818 7c74336 Thanks @threepointone! - update dependencies

• Updated dependencies [0c3c9bb, 0c3c9bb, d1a0c2b, 6218541, 6218541, 6218541, 6218541, fd79481, 6218541, 0c3c9bb, 6218541, 6218541, e20da53, f604008, 7aebab3, a54edf5, 7c74336, 6218541, ded8d3e]:

  • agents@0.3.7

0.0.5

Patch Changes

• #776 93c613e Thanks @ShoeBoom! - prepend custom prompt to default assistant text

• Updated dependencies [395f461, f27e62c]:

  • agents@0.3.6

0.0.4

Patch Changes

• #771 87dc96d Thanks @threepointone! - update dependencies

• Updated dependencies [cf8a1e7, 87dc96d]:

  • agents@0.3.4

0.0.3

Patch Changes

• a5d0137 Thanks @threepointone! - trigger a new release

• Updated dependencies [a5d0137]:

  • agents@0.3.3

0.0.2

Patch Changes

• #756 0c4275f Thanks @threepointone! - feat: split ai-chat and codemode into separate packages

  Extract @cloudflare/ai-chat and @cloudflare/codemode into their own packages with comprehensive READMEs. Update agents README to remove chat-specific content and point to new packages. Fix documentation imports to reflect new package structure.

  Maintains backward compatibility, no breaking changes.

• Updated dependencies [0c4275f, f12553f]:

  • agents@0.3.2