What's New in @dcyfr/ai: The v3 Line
A catch-up release note on where the AI harness landed across the v3.x releases
7 min read
A catch-up release note on where the AI harness landed across the v3.x releases
"What's new in @dcyfr/ai — the v3 line"
Illustration by FLUX.2 (fal.ai)
Feel free to send us a message with your thoughts, or learn more about us!
The blog went quiet for a few months while engineering capacity shifted elsewhere. The package didn’t. @dcyfr/ai — our AI agent harness — kept shipping the whole time, and the v3 line is the result: a major release that turned the harness from “config and providers” into an actual autonomous-agent runtime, then a steady run of security, transport, and tooling work on top of it. This post catches the changelog up. No deep dive — just an honest pass over what landed, grouped by theme, with what it means if you build on it.
The most important thing in the whole line is the first release in it. v3.0 is a major version, and it earns the bump.
Before v3.0, @dcyfr/ai was a solid base layer: a config system, a provider registry with fallback, telemetry, a plugin loader, and a delegation framework. Useful, but it stopped where the interesting part of agent work starts. v3.0 added the runtime pieces that let an agent actually run — remember things, hand off cleanly, and pause for a human when it should.
Three additions define the release.
@dcyfr/ai/session) replaces single-session handoff with a chain protocol. Multi-hop handoffs preserve conversation history across agent sessions instead of dropping context every time work changes hands. There’s a createHandoffChain() factory and a typed HandoffContext snapshot that travels between sessions.@dcyfr/ai/delegation) adds a requiresConfirmation flag to the delegation contract and a ConfirmationWorkflow class. Tasks that need human approval enter a pendingConfirmation state and log a confirmation timestamp for the audit trail. This is the structural version of “humans own the what, the agent owns the how” — a real gate, not a convention.@dcyfr/ai/context) loads workspace context files (about-me, brand-voice, and the like) with progressive disclosure: list what’s available without loading it, then lazy-load individual files. Agents get personalized behavior without anyone hardcoding preferences into them.Alongside those, a minor in the same release brought the Autonomous Agent Runtime — a set of tree-shakeable subpath exports that are the backbone of an unattended agent:
| Subpath | What it gives you |
|---|---|
@dcyfr/ai/memory | File-first persistent memory (Markdown), SHA-256 dedup, optional SQLite FTS5 hybrid search |
@dcyfr/ai/compaction | LLM-powered context compaction + memory compaction (dedup, summarization, stale-fact archival) |
@dcyfr/ai/skills | Dynamic skill injection with BM25 search over skill files and trust-level filtering |
@dcyfr/ai/mcp | An MCP tool bridge that discovers server tools and adapts them to the runtime |
These subpaths are the parts you’d reach for to build an agent that runs unattended on its own loop — observe, triage, think, act, record. Memory, scheduling, a trust-scoped session, a sanitizing gateway: that’s the spine.
The same release also did some honest naming work: @dcyfr/ai is now described as an AI agent harness — an infrastructure layer — rather than a “framework.” Frameworks dictate your application’s structure; a harness gives you the runtime pieces and stays out of the way. That’s the more accurate description of what it actually is.
Everything after v3.0 is the unglamorous, load-bearing work — the kind that doesn’t make a launch graphic but is exactly what you want from a dependency you build production agents on. A few themes ran through the v3.1 → v3.3 releases.
The standout feature release here is v3.2.0: authenticated Streamable HTTP transport for FastMCP servers. If you’re running MCP servers from the harness, you can now serve them over an authenticated HTTP transport rather than being limited to local stdio. That’s the difference between “MCP server on my machine” and “MCP server something else can reach, safely.”
Security work showed up steadily, and some of it mattered to downstream consumers directly:
@mistralai/mistralai dependency. It wasn’t imported anywhere — only referenced in a description string — but its presence pulled in a malware advisory (GHSA-3q49-cfcf-g5fm) whose overbroad version range flagged safe installs too. Removing it cleared that alert for downstream projects, dcyfr-labs/dcyfr-labs included.undici advisory out of the transitive dependency tree (and fixing the bundled standalone-Next.js example’s build along the way).None of these are headline features. All of them are the reason you can trust the thing.
@dcyfr/ai directly, simplifying what consumers install.VERSION export. Docs that can silently drift from the code are docs you eventually can’t trust; these gates make drift fail CI instead.Less visible but worth naming: a continuous run of dependency bumps across the line kept the runtime SDKs current — Anthropic, OpenAI, Google GenAI, LangChain, and the storage drivers among them, with majors like neo4j and redis moving to their 6.x releases. Each one is a one-line changelog entry. Together they’re the difference between a package that ages well and one that quietly rots.
If you build on @dcyfr/ai, here’s the short version of what to do with all this.
handoff_context field on DelegationContract — existing contracts keep working, and strict-mode consumers may see new optional-property warnings, nothing more.@dcyfr/ai/memory, /scheduler, /session, and the rest). Import only what you use; your bundle doesn’t pay for the parts you don’t.npm install @dcyfr/ai@latest to land on the current v3.x release.DelegationContract gained an optional handoff_context?: HandoffContext. If you’re on TypeScript strict mode, expect new optional-property hints — no code change is required for existing contracts.AgentRuntime usage is backward compatible; you opt into memory, scheduling, sessions, and the gateway as you need them.3.3.3. @latest lands you on the most-patched release. v3.3.2 and v3.3.3 are pure hardening on top of v3.3.1 — an undici advisory cleared from the transitive tree, no consumer-facing API changes — so there’s nothing new to adopt beyond the security wins.A few directions I want to be honest about rather than promise hard dates for.
If you want the unabridged version, the CHANGELOG has every entry, and the package page has the current overview.
Install @dcyfr/ai, pull in only the runtime subpaths you need, and wire up an agent that remembers, schedules, and knows when to ask for a human.
@dcyfr/ai/session | Session manager with trust-level tool policies (full / sandboxed / readonly) |
@dcyfr/ai/scheduler | Agent scheduler with a built-in cron parser, webhooks, and quiet hours |
@dcyfr/ai/gateway | Platform-agnostic messaging gateway with input sanitization and rate limiting |