Bump agents from 0.2.25 to 0.3.7

[dependabot]

Bumps agents from 0.2.25 to 0.3.7.

Release notes

Sourced from agents's releases.

agents@0.3.7 Release Notes

This release introduces Cloudflare Workflows integration for durable multi-step processing, secure email reply routing with HMAC-SHA256 signatures, 15+ new documentation files, and significant improvements to state management, the callable RPC system, and scheduling.

agents@0.3.6

Patch Changes

• #786 395f461 Thanks @​deathbyknowledge! - fix: allow callable methods to return this.state

• #783 f27e62c Thanks @​Muhammad-Bin-Ali! - fix saving initialize params for stateless MCP server (effects eliciations and other optional features)

• Updated dependencies [93c613e]:

  • @​cloudflare/codemode@​0.0.5

agents@0.3.5

Patch Changes

• #752 473e53c Thanks @​mattzcarey! - bump mcp sdk version to 1.25.2. changes error handling for not found see: cloudflare/agents#752

agents@0.3.4

Patch Changes

• #768 cf8a1e7 Thanks @​whoiskatrin! - pipe SQL errors into the existing onError method using a new SqlError class

• #771 87dc96d Thanks @​threepointone! - update dependencies

• Updated dependencies [0e8fc1e, 87dc96d]:

  • @​cloudflare/ai-chat@​0.0.4
  • @​cloudflare/codemode@​0.0.4

agents@0.3.3

Patch Changes

• a5d0137 Thanks @​threepointone! - trigger a new release

• Updated dependencies [a5d0137]:

  • @​cloudflare/codemode@​0.0.3
  • @​cloudflare/ai-chat@​0.0.3

agents@0.3.1

Patch Changes

• #754 e21051d Thanks @​threepointone! - fix: don't mark ai as optional under peerDependenciesMeta

agents@0.3.0

Minor Changes

• accdd78 Thanks @​threepointone! - update to ai sdk v6

  via @​whoiskatrin in cloudflare/agents#733

... (truncated)

Changelog

Sourced from agents's changelog.

0.3.7

agents@0.3.7 Release Notes

This release introduces Cloudflare Workflows integration for durable multi-step processing, secure email reply routing with HMAC-SHA256 signatures, 15+ new documentation files, and significant improvements to state management, the callable RPC system, and scheduling.

Highlights

• Workflows Integration - Seamless integration between Cloudflare Agents and Cloudflare Workflows for durable, multi-step background processing
• Secure Email Routing - HMAC-SHA256 signed email headers prevent unauthorized routing of emails to agent instances
• Comprehensive Documentation - 15+ new docs covering getting started, state, routing, HTTP/WebSocket lifecycle, callable methods, MCP, and scheduling
• Synchronous setState() - State updates are now synchronous with a new validateStateChange() validation hook
• scheduleEvery() Method - Fixed-interval recurring tasks with overlap prevention
• Callable System Improvements - Client-side RPC timeouts, streaming error signaling, introspection API
• 100+ New Tests - Comprehensive test coverage across state, routing, callable, and email utilities

---

Cloudflare Workflows Integration

Agents excel at real-time communication and state management. Workflows excel at durable execution. Together, they enable powerful patterns where Agents handle WebSocket connections while Workflows handle long-running tasks, retries, and human-in-the-loop flows.

AgentWorkflow Base Class

Extend AgentWorkflow instead of WorkflowEntrypoint to get typed access to the originating Agent:

import { AgentWorkflow } from "agents/workflows";
export class ProcessingWorkflow extends AgentWorkflow<MyAgent, TaskParams> {
async run(event: AgentWorkflowEvent<TaskParams>, step: AgentWorkflowStep) {
// Call Agent methods via RPC
await this.agent.updateStatus(params.taskId, "processing");
// Non-durable: progress reporting
await this.reportProgress({ step: &quot;process&quot;, percent: 0.5 });
this.broadcastToClients({ type: &quot;update&quot;, taskId: params.taskId });
// Durable via step: idempotent, won't repeat on retry
await step.mergeAgentState({ taskProgress: 0.5 });
await step.reportComplete(result);
return result;

}
}

Agent Methods for Workflows

• runWorkflow(workflowName, params, options?) - Start workflow with optional metadata

... (truncated)

Commits

• 9647577 Version Packages (#802)
• 6218541 docs/tests/enhancements (#812)
• 4c46079 Move email utilities to agents/email (#828)
• e20da53 Move workflow API to agents/workflows subpath (#827)
• 0c3c9bb Workflow Integration Enhancements (#825)
• 7c74336 update dependencies (#818)
• c407331 Add providerOptions to generateObject in scheduling eval
• ded8d3e docs: add OpenAI provider options documentation to scheduleSchema (#815)
• 7aebab3 update dependencies (#813)
• f604008 feat(email): Add secure reply routing with HMAC signatures (#811)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for agents since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.