Cloudflare just rebuilt browser agents from scratch. One tool. Full session persistence.

Cloudflare shipped agents@0.16.0 on June 12.

The entire browser tool surface is now a single durable tool called `browser_execute`.

The old model: pick from several flat tools. The new model: the LLM writes sandboxed code against a `cdp` connector — `cdp.send`, `cdp.attachToTarget`, `cdp.getDebugLog`.

Executions are recorded on a `CodemodeRuntime` Durable Object facet with abort-and-replay.

A run can pause for human approval and resume with its browser session, tabs, and cookies intact.

Three session modes:
- `one-shot`: fresh session per execution
- `reuse`: named shared session that survives hibernation
- `dynamic`: starts one-shot, model promotes with `cdp.startSession()` after logging in

The critical detail: stable attach handles.

`cdp.attachToTarget` returns a `sessionId` that is a stable handle bound to the target — not a raw CDP session id.

Handles recorded before a pause still work after the resume reconnects. This is what makes human-in-the-loop browser workflows viable.

The release also ships `pausedExecutionUpdate` in `agents/chat` — a tool-part update that replaces a paused execution's output in the transcript with its resolved outcome.

And client tools on the Think sub-agent `chat()` RPC path — parent agents can expose client-defined tools to child agents and complete the tool round trip within the same turn.

This is the infrastructure for browser agents that actually survive production. Pause, approve, resume — without losing state.

Audit your browser agent tool surface. If you are wiring flat CDP tools manually, you are rebuilding what Cloudflare just solved.

SOURCE: https://github.com/cloudflare/agents/releases/tag/agents%400.16.0
VERIFIED: GitHub release notes, Cloudflare agents README, npm package page
SIGNAL: Browser agents just got durable execution with human-in-the-loop approval — the missing piece for production autonomous browsing.