Skip to content

release: 0.5.0#13

Open
stainless-app[bot] wants to merge 19 commits into
mainfrom
release-please--branches--main--changes--next--components--hypeman
Open

release: 0.5.0#13
stainless-app[bot] wants to merge 19 commits into
mainfrom
release-please--branches--main--changes--next--components--hypeman

Conversation

@stainless-app

@stainless-app stainless-app Bot commented Apr 23, 2026

Copy link
Copy Markdown
Contributor

Automated Release PR

0.5.0 (2026-07-11)

Full Changelog: v0.4.0...v0.5.0

Features

  • Add design proposal: Rosetta x86-64 emulation for vz Linux guests (4ed6797)
  • Add instance health checks (a14bf8c)
  • Add instance restart policy (adb5d8c)
  • Model template as an instance state instead of a separate registry (09a28d5)
  • Revert template state model (549ddec)
  • support setting headers via env (8c41637)
  • Track per-phase duration on each instance (8da2e87)

Bug Fixes

  • ci: bump @arethetypeswrong/cli to ^0.18.0 and run CI workflows on Node 24 (4db99ac)
  • client: send content-type header for requests with an omitted optional body (0b1bd07)
  • remove incorrect setup-bun input — project uses pnpm (2c9abc9)
  • typescript: upgrade tsc-multi so that it works with Node 26 (c543e44)

Chores

  • format: run eslint and prettier separately (035aa83)
  • internal: codegen related update (c8083ea)
  • internal: more robust bootstrap script (a369af6)
  • redact api-key headers in debug logs (a985151)
  • tests: remove redundant File import (85aa1c8)

This pull request is managed by Stainless's GitHub App.

The semver version number is based on included commit messages. Alternatively, you can manually set the version number in the title of this pull request.

For a better experience, it is recommended to use either rebase-merge or squash-merge when merging this pull request.

🔗 Stainless website
📚 Read the docs
🙋 Reach out for help or questions


Note

Medium Risk
Minor release adds new instance API types and changes HTTP client header/body behavior, which can affect integrators; CI/tooling churn is lower risk.

Overview
Release 0.5.0 bumps the package and OpenAPI/codegen metadata, documenting new instance health check and restart policy types in api.md (aligned with the updated Hypeman spec).

Client/runtime changes (per changelog, reflected in generated sources) include configuring default headers via HYPEMAN_CUSTOM_HEADERS, fixing Content-Type when an optional request body is omitted, redacting API-key headers in debug logs, and instance per-phase duration fields.

CI & tooling: GitHub Actions move to Node 24 with pinned action SHAs; lint/format now runs Prettier separately from ESLint (drops eslint-plugin-prettier); dev deps bump @arethetypeswrong/cli, tsc-multi, and postprocess-files improves emitted .d.ts @ts-ignore handling.

Reviewed by Cursor Bugbot for commit ff55cae. Bugbot is set up for automated code reviews on this repo. Configure here.

@firetiger-agent

Copy link
Copy Markdown

Firetiger deploy monitoring skipped

This PR didn't match the auto-monitor filter configured on your GitHub connection:

Any PR that changes the kernel API. Monitor changes to API endpoints (packages/api/cmd/api/) and Temporal workflows (packages/api/lib/temporal) in the kernel repo

Reason: This is an automated release PR with only internal bootstrap script changes, not a modification to kernel API endpoints or Temporal workflows.

To monitor this PR anyway, reply with @firetiger monitor this.

@stainless-app

stainless-app Bot commented Apr 23, 2026

Copy link
Copy Markdown
Contributor Author

🧪 Testing

To try out this version of the SDK:

npm install 'https://pkg.stainless.com/s/hypeman-typescript/4db99acc7c4cf0fa1e8a303d663d89ac060d9de1/dist.tar.gz'

Expires at: Mon, 10 Aug 2026 02:26:02 GMT
Updated at: Sat, 11 Jul 2026 02:26:02 GMT

@stainless-app stainless-app Bot force-pushed the release-please--branches--main--changes--next--components--hypeman branch from d3308ac to f31252b Compare April 28, 2026 04:35
@stainless-app stainless-app Bot changed the title release: 0.4.1 release: 0.5.0 Apr 28, 2026
Comment thread src/client.ts
}
}
options.defaultHeaders = { ...parsed, ...options.defaultHeaders };
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Object spread breaks non-Record defaultHeaders types

Medium Severity

When HYPEMAN_CUSTOM_HEADERS is set, the new code merges env headers into options.defaultHeaders via object spread. However, HeadersLike accepts a Headers instance, an array of header tuples, or a branded NullableHeaders — none of which spread into a plain object correctly. A user-supplied Headers instance is silently dropped (no enumerable own properties); arrays produce numeric-key objects; NullableHeaders exposes its internal values/nulls/brand fields. Downstream buildHeaders/iterateHeaders then treats the result as a record and corrupts the headers.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit f31252b. Configure here.

@stainless-app stainless-app Bot force-pushed the release-please--branches--main--changes--next--components--hypeman branch 3 times, most recently from 34cdd30 to 1e1dd24 Compare April 29, 2026 19:15
Comment thread scripts/format
@stainless-app stainless-app Bot force-pushed the release-please--branches--main--changes--next--components--hypeman branch 2 times, most recently from 8796aae to 2f48827 Compare May 1, 2026 04:53
Comment thread src/client.ts
const parsed: Record<string, string> = {};
for (const line of customHeadersEnv.split('\n')) {
const colon = line.indexOf(':');
if (colon >= 0) {

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Empty header name allowed when line starts with colon

Low Severity

The HYPEMAN_CUSTOM_HEADERS parser uses colon >= 0 which accepts lines starting with :, producing a header with an empty-string name (""). Using colon > 0 would correctly skip such malformed lines, since HTTP header names cannot be empty.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 2f48827. Configure here.

@stainless-app stainless-app Bot force-pushed the release-please--branches--main--changes--next--components--hypeman branch from 2f48827 to dd4d2d3 Compare May 8, 2026 05:21
Comment thread scripts/fast-format
@stainless-app stainless-app Bot force-pushed the release-please--branches--main--changes--next--components--hypeman branch from dd4d2d3 to 4c8ba35 Compare May 12, 2026 12:40
@stainless-app stainless-app Bot force-pushed the release-please--branches--main--changes--next--components--hypeman branch from 4c8ba35 to 76b4242 Compare May 12, 2026 17:33
Pin all GitHub Actions referenced in generated workflows (both
first-party `actions/*` and third-party) to immutable commit SHAs.
Updating pinned actions is now a deliberate codegen-side bump rather
than implicit on every workflow run.
@stainless-app stainless-app Bot force-pushed the release-please--branches--main--changes--next--components--hypeman branch from 76b4242 to 2618405 Compare May 13, 2026 04:07
@stainless-app stainless-app Bot force-pushed the release-please--branches--main--changes--next--components--hypeman branch from 2618405 to 750e597 Compare May 14, 2026 16:00
@stainless-app stainless-app Bot force-pushed the release-please--branches--main--changes--next--components--hypeman branch from 750e597 to 2c7bcbe Compare May 18, 2026 14:39
@stainless-app stainless-app Bot force-pushed the release-please--branches--main--changes--next--components--hypeman branch from 2c7bcbe to 9ca9e66 Compare May 18, 2026 15:04
@stainless-app stainless-app Bot force-pushed the release-please--branches--main--changes--next--components--hypeman branch from 9ca9e66 to 8405ea9 Compare May 19, 2026 03:16
@stainless-app stainless-app Bot force-pushed the release-please--branches--main--changes--next--components--hypeman branch from 8405ea9 to c846491 Compare June 9, 2026 15:01
// line as the type declaration, which doesn't work. So we convert to // @ts-ignore
// on its own line to properly suppresses errors.
if (file.endsWith('.d.ts') || file.endsWith('.d.mts') || file.endsWith('.d.cts')) {
transformed = transformed.replace(/\/\*\* @ts-ignore\b[^*]*\*\/ /gm, '// @ts-ignore\n');

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Postprocess misplaces ts-ignore line

Medium Severity

The new declaration post-pass rewrites collapsed /** @ts-ignore */ comments to a standalone // @ts-ignore, but the regex only consumes text through the first */ when a /* prettier-ignore */ suffix sits on the same line. That inserts // @ts-ignore immediately above the prettier-ignore comment, so suppression applies to that comment line instead of the following type alias where the emitter actually needs it.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit c846491. Configure here.

@stainless-app stainless-app Bot force-pushed the release-please--branches--main--changes--next--components--hypeman branch from c846491 to a38888c Compare June 17, 2026 02:18
@stainless-app stainless-app Bot force-pushed the release-please--branches--main--changes--next--components--hypeman branch from a38888c to ff55cae Compare July 11, 2026 02:25

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes using high effort and found 1 potential issue.

There are 4 total unresolved issues (including 3 from previous reviews).

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit ff55cae. Configure here.

Comment thread package-lock.json
"": {
"name": "@onkernel/hypeman",
"version": "0.4.0",
"version": "0.5.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale npm lockfile dependencies

Medium Severity

This release updates package.json devDependencies (@arethetypeswrong/cli ^0.18.0, tsc-multi v1.1.11, and removal of eslint-plugin-prettier) but package-lock.json still lists the old versions and the removed plugin. npm ci against the lockfile can fail or install tooling that no longer matches what CI runs via pnpm-lock.yaml.

Additional Locations (1)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit ff55cae. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants