release: 0.5.0#13
Conversation
|
Firetiger deploy monitoring skipped This PR didn't match the auto-monitor filter configured on your GitHub connection:
Reason: This is an automated release PR with only internal bootstrap script changes, not a modification to kernel API endpoints or Temporal workflows. To monitor this PR anyway, reply with |
|
🧪 Testing To try out this version of the SDK: Expires at: Mon, 10 Aug 2026 02:26:02 GMT |
d3308ac to
f31252b
Compare
| } | ||
| } | ||
| options.defaultHeaders = { ...parsed, ...options.defaultHeaders }; | ||
| } |
There was a problem hiding this comment.
Object spread breaks non-Record defaultHeaders types
Medium Severity
When HYPEMAN_CUSTOM_HEADERS is set, the new code merges env headers into options.defaultHeaders via object spread. However, HeadersLike accepts a Headers instance, an array of header tuples, or a branded NullableHeaders — none of which spread into a plain object correctly. A user-supplied Headers instance is silently dropped (no enumerable own properties); arrays produce numeric-key objects; NullableHeaders exposes its internal values/nulls/brand fields. Downstream buildHeaders/iterateHeaders then treats the result as a record and corrupts the headers.
Reviewed by Cursor Bugbot for commit f31252b. Configure here.
34cdd30 to
1e1dd24
Compare
8796aae to
2f48827
Compare
| const parsed: Record<string, string> = {}; | ||
| for (const line of customHeadersEnv.split('\n')) { | ||
| const colon = line.indexOf(':'); | ||
| if (colon >= 0) { |
There was a problem hiding this comment.
Empty header name allowed when line starts with colon
Low Severity
The HYPEMAN_CUSTOM_HEADERS parser uses colon >= 0 which accepts lines starting with :, producing a header with an empty-string name (""). Using colon > 0 would correctly skip such malformed lines, since HTTP header names cannot be empty.
Reviewed by Cursor Bugbot for commit 2f48827. Configure here.
2f48827 to
dd4d2d3
Compare
dd4d2d3 to
4c8ba35
Compare
4c8ba35 to
76b4242
Compare
Pin all GitHub Actions referenced in generated workflows (both first-party `actions/*` and third-party) to immutable commit SHAs. Updating pinned actions is now a deliberate codegen-side bump rather than implicit on every workflow run.
76b4242 to
2618405
Compare
2618405 to
750e597
Compare
750e597 to
2c7bcbe
Compare
2c7bcbe to
9ca9e66
Compare
9ca9e66 to
8405ea9
Compare
8405ea9 to
c846491
Compare
| // line as the type declaration, which doesn't work. So we convert to // @ts-ignore | ||
| // on its own line to properly suppresses errors. | ||
| if (file.endsWith('.d.ts') || file.endsWith('.d.mts') || file.endsWith('.d.cts')) { | ||
| transformed = transformed.replace(/\/\*\* @ts-ignore\b[^*]*\*\/ /gm, '// @ts-ignore\n'); |
There was a problem hiding this comment.
Postprocess misplaces ts-ignore line
Medium Severity
The new declaration post-pass rewrites collapsed /** @ts-ignore */ comments to a standalone // @ts-ignore, but the regex only consumes text through the first */ when a /* prettier-ignore */ suffix sits on the same line. That inserts // @ts-ignore immediately above the prettier-ignore comment, so suppression applies to that comment line instead of the following type alias where the emitter actually needs it.
Reviewed by Cursor Bugbot for commit c846491. Configure here.
c846491 to
a38888c
Compare
a38888c to
ff55cae
Compare
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes using high effort and found 1 potential issue.
There are 4 total unresolved issues (including 3 from previous reviews).
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit ff55cae. Configure here.
| "": { | ||
| "name": "@onkernel/hypeman", | ||
| "version": "0.4.0", | ||
| "version": "0.5.0", |
There was a problem hiding this comment.
Stale npm lockfile dependencies
Medium Severity
This release updates package.json devDependencies (@arethetypeswrong/cli ^0.18.0, tsc-multi v1.1.11, and removal of eslint-plugin-prettier) but package-lock.json still lists the old versions and the removed plugin. npm ci against the lockfile can fail or install tooling that no longer matches what CI runs via pnpm-lock.yaml.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit ff55cae. Configure here.


Automated Release PR
0.5.0 (2026-07-11)
Full Changelog: v0.4.0...v0.5.0
Features
Bug Fixes
Chores
This pull request is managed by Stainless's GitHub App.
The semver version number is based on included commit messages. Alternatively, you can manually set the version number in the title of this pull request.
For a better experience, it is recommended to use either rebase-merge or squash-merge when merging this pull request.
🔗 Stainless website
📚 Read the docs
🙋 Reach out for help or questions
Note
Medium Risk
Minor release adds new instance API types and changes HTTP client header/body behavior, which can affect integrators; CI/tooling churn is lower risk.
Overview
Release 0.5.0 bumps the package and OpenAPI/codegen metadata, documenting new instance health check and restart policy types in
api.md(aligned with the updated Hypeman spec).Client/runtime changes (per changelog, reflected in generated sources) include configuring default headers via
HYPEMAN_CUSTOM_HEADERS, fixing Content-Type when an optional request body is omitted, redacting API-key headers in debug logs, and instance per-phase duration fields.CI & tooling: GitHub Actions move to Node 24 with pinned action SHAs; lint/format now runs Prettier separately from ESLint (drops
eslint-plugin-prettier); dev deps bump@arethetypeswrong/cli,tsc-multi, andpostprocess-filesimproves emitted.d.ts@ts-ignorehandling.Reviewed by Cursor Bugbot for commit ff55cae. Bugbot is set up for automated code reviews on this repo. Configure here.