Currently (as at e2d7b5c), Agent and by extension AIChatAgent have the convenient but insecure default of allowing WebSocket clients to send 𝚌𝚏_𝚊𝚐𝚎𝚗𝚝_𝚜𝚝𝚊𝚝𝚎 messages to mutate internal agent state.

This feature makes it possible for client to call agent.setState to update state from client side with ease:

import { useState } from "react";
import { useAgent } from "agents/react";

function StateInterface() {
  const [state, setState] = useState({ counter: 0 });

  const agent = useAgent({
    agent: "thinking-agent",
    onStateUpdate: (newState) => setState(newState),
  });

  const increment = () => {
    agent.setState({ counter: state.counter + 1 });
  };

  return (
    <div>
      <div>Count: {state.counter}</div>
      <button onClick={increment}>Increment</button>
    </div>
  );
}

While this is great for demos and MVPs, developers unaware of the consequences of this convenience can leave their agents vulnerable to unexpected state changes or other bypasses.

To protect agents and developers, this client-initiated direct state change should become opt-in. The Synchronizing State section of the Agents API documentation should also warn developers of the potential danger of this convenience.