From 64e448fca3cece6b7ad64ed31f498575041b1e31 Mon Sep 17 00:00:00 2001 From: "stainless-app[bot]" <142633134+stainless-app[bot]@users.noreply.github.com> Date: Wed, 13 May 2026 02:41:09 +0000 Subject: [PATCH 1/4] ci: pin GitHub Actions to commit SHAs Pin all GitHub Actions referenced in generated workflows (both first-party `actions/*` and third-party) to immutable commit SHAs. Updating pinned actions is now a deliberate codegen-side bump rather than implicit on every workflow run. --- .github/workflows/ci.yml | 14 +++++++------- .github/workflows/publish-npm.yml | 4 ++-- .github/workflows/release-doctor.yml | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 42341634..d920d7bf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,10 +21,10 @@ jobs: runs-on: ${{ github.repository == 'stainless-sdks/kernel-typescript' && 'depot-ubuntu-24.04' || 'ubuntu-latest' }} if: (github.event_name == 'push' || github.event.pull_request.head.repo.fork) && (github.event_name != 'push' || github.event.head_commit.message != 'codegen metadata') steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Node - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: '20' @@ -43,10 +43,10 @@ jobs: contents: read id-token: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Node - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: '20' @@ -61,7 +61,7 @@ jobs: github.repository == 'stainless-sdks/kernel-typescript' && !startsWith(github.ref, 'refs/heads/stl/') id: github-oidc - uses: actions/github-script@v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: core.setOutput('github_token', await core.getIDToken()); @@ -80,10 +80,10 @@ jobs: runs-on: ${{ github.repository == 'stainless-sdks/kernel-typescript' && 'depot-ubuntu-24.04' || 'ubuntu-latest' }} if: github.event_name == 'push' || github.event.pull_request.head.repo.fork steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Node - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: '20' diff --git a/.github/workflows/publish-npm.yml b/.github/workflows/publish-npm.yml index 8984e27c..664e42c3 100644 --- a/.github/workflows/publish-npm.yml +++ b/.github/workflows/publish-npm.yml @@ -17,10 +17,10 @@ jobs: id-token: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Node - uses: actions/setup-node@v3 + uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3.9.1 with: node-version: '20' diff --git a/.github/workflows/release-doctor.yml b/.github/workflows/release-doctor.yml index 42e30af8..4fef92eb 100644 --- a/.github/workflows/release-doctor.yml +++ b/.github/workflows/release-doctor.yml @@ -12,7 +12,7 @@ jobs: if: github.repository == 'kernel/kernel-node-sdk' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || startsWith(github.head_ref, 'release-please') || github.head_ref == 'next') steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Check release environment run: | From 6f9e3d97031b8f5dd3536a86b65a1b45f27f6af1 Mon Sep 17 00:00:00 2001 From: "stainless-app[bot]" <142633134+stainless-app[bot]@users.noreply.github.com> Date: Thu, 14 May 2026 18:20:28 +0000 Subject: [PATCH 2/4] feat: Polish start URL OpenAPI descriptions --- .stats.yml | 4 ++-- src/resources/browser-pools.ts | 27 ++++++++++----------------- src/resources/browsers/browsers.ts | 20 +++++++------------- src/resources/invocations.ts | 3 +-- 4 files changed, 20 insertions(+), 34 deletions(-) diff --git a/.stats.yml b/.stats.yml index 7915e042..35cab471 100644 --- a/.stats.yml +++ b/.stats.yml @@ -1,4 +1,4 @@ configured_endpoints: 112 -openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/kernel/kernel-a33e59aa1758ba51f13538838ecd70b0a23ed69739b3022e8c2ce0622e42b904.yml -openapi_spec_hash: c042d2f6880c927be09aa9fa79d7241e +openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/kernel/kernel-b7a19ff1fbd93322c8cffcd0b397ce2536ca8bff91594e0081bd030d4bec879f.yml +openapi_spec_hash: 490520e6f0a8b1ebc89e9c0add46082d config_hash: 08d55086449943a8fec212b870061a3f diff --git a/src/resources/browser-pools.ts b/src/resources/browser-pools.ts index c8e38d05..f7e1890a 100644 --- a/src/resources/browser-pools.ts +++ b/src/resources/browser-pools.ts @@ -238,11 +238,9 @@ export namespace BrowserPool { proxy_id?: string; /** - * Optional URL to navigate to when a new browser is warmed into the pool. - * Best-effort: failures to navigate do not fail pool fill. Only applied to - * newly-warmed browsers — browsers reused via release/acquire keep whatever URL - * the previous lease left them on. Accepts any URL Chromium can resolve, including - * chrome:// pages. + * Optional URL to open when a browser is created for the pool. Navigation is + * best-effort, so navigation failures do not prevent the pool from filling. Reused + * browsers keep the page left by the previous lease. */ start_url?: string; @@ -363,8 +361,7 @@ export interface BrowserPoolAcquireResponse { proxy_id?: string; /** - * URL the session was asked to navigate to on creation, if any. Recorded for - * debugging — navigation is best-effort and may have failed. + * Start URL requested for the session, if provided. */ start_url?: string; @@ -446,11 +443,9 @@ export interface BrowserPoolCreateParams { proxy_id?: string; /** - * Optional URL to navigate to when a new browser is warmed into the pool. - * Best-effort: failures to navigate do not fail pool fill. Only applied to - * newly-warmed browsers — browsers reused via release/acquire keep whatever URL - * the previous lease left them on. Accepts any URL Chromium can resolve, including - * chrome:// pages. + * Optional URL to open when a browser is created for the pool. Navigation is + * best-effort, so navigation failures do not prevent the pool from filling. Reused + * browsers keep the page left by the previous lease. */ start_url?: string; @@ -545,11 +540,9 @@ export interface BrowserPoolUpdateParams { proxy_id?: string; /** - * Optional URL to navigate to when a new browser is warmed into the pool. - * Best-effort: failures to navigate do not fail pool fill. Only applied to - * newly-warmed browsers — browsers reused via release/acquire keep whatever URL - * the previous lease left them on. Accepts any URL Chromium can resolve, including - * chrome:// pages. + * Optional URL to open when a browser is created for the pool. Navigation is + * best-effort, so navigation failures do not prevent the pool from filling. Reused + * browsers keep the page left by the previous lease. */ start_url?: string; diff --git a/src/resources/browsers/browsers.ts b/src/resources/browsers/browsers.ts index b8e1db52..3766080f 100644 --- a/src/resources/browsers/browsers.ts +++ b/src/resources/browsers/browsers.ts @@ -393,8 +393,7 @@ export interface BrowserCreateResponse { proxy_id?: string; /** - * URL the session was asked to navigate to on creation, if any. Recorded for - * debugging — navigation is best-effort and may have failed. + * Start URL requested for the session, if provided. */ start_url?: string; @@ -505,8 +504,7 @@ export interface BrowserRetrieveResponse { proxy_id?: string; /** - * URL the session was asked to navigate to on creation, if any. Recorded for - * debugging — navigation is best-effort and may have failed. + * Start URL requested for the session, if provided. */ start_url?: string; @@ -617,8 +615,7 @@ export interface BrowserUpdateResponse { proxy_id?: string; /** - * URL the session was asked to navigate to on creation, if any. Recorded for - * debugging — navigation is best-effort and may have failed. + * Start URL requested for the session, if provided. */ start_url?: string; @@ -729,8 +726,7 @@ export interface BrowserListResponse { proxy_id?: string; /** - * URL the session was asked to navigate to on creation, if any. Recorded for - * debugging — navigation is best-effort and may have failed. + * Start URL requested for the session, if provided. */ start_url?: string; @@ -830,11 +826,9 @@ export interface BrowserCreateParams { proxy_id?: string; /** - * Optional URL to navigate to immediately after the browser is created. - * Best-effort: failures to navigate do not fail browser creation. Any pre-existing - * tabs are reduced to a single tab which is then navigated. Accepts any URL - * Chromium can resolve, including chrome:// pages. Ignored when reusing an - * existing persistent session. + * Optional URL to open when the browser session is created. Navigation is + * best-effort, so navigation failures do not prevent the session from being + * created. */ start_url?: string; diff --git a/src/resources/invocations.ts b/src/resources/invocations.ts index f722823c..c26f6ecf 100644 --- a/src/resources/invocations.ts +++ b/src/resources/invocations.ts @@ -502,8 +502,7 @@ export namespace InvocationListBrowsersResponse { proxy_id?: string; /** - * URL the session was asked to navigate to on creation, if any. Recorded for - * debugging — navigation is best-effort and may have failed. + * Start URL requested for the session, if provided. */ start_url?: string; From 259c75be12f66c2180fb20c83269573bc5c2b00a Mon Sep 17 00:00:00 2001 From: "stainless-app[bot]" <142633134+stainless-app[bot]@users.noreply.github.com> Date: Fri, 15 May 2026 20:32:31 +0000 Subject: [PATCH 3/4] feat: Add health check and auto-reauth controls for managed auth connections --- .stats.yml | 2 +- src/resources/auth/connections.ts | 98 ++++++++++++++++++++ tests/api-resources/auth/connections.test.ts | 2 + 3 files changed, 101 insertions(+), 1 deletion(-) diff --git a/.stats.yml b/.stats.yml index 35cab471..6b78eac1 100644 --- a/.stats.yml +++ b/.stats.yml @@ -1,4 +1,4 @@ configured_endpoints: 112 openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/kernel/kernel-b7a19ff1fbd93322c8cffcd0b397ce2536ca8bff91594e0081bd030d4bec879f.yml -openapi_spec_hash: 490520e6f0a8b1ebc89e9c0add46082d +openapi_spec_hash: 9dd204b37a357b19032aea9eb4496645 config_hash: 08d55086449943a8fec212b870061a3f diff --git a/src/resources/auth/connections.ts b/src/resources/auth/connections.ts index 55e2e843..2b37a78e 100644 --- a/src/resources/auth/connections.ts +++ b/src/resources/auth/connections.ts @@ -250,6 +250,17 @@ export interface ManagedAuth { */ allowed_domains?: Array; + /** + * Whether automatic re-authentication is permitted for this connection. This is an + * opt-in flag only — it does not check whether re-auth is actually feasible. Even + * when true, re-auth only runs when the system has what it needs to perform it + * (for example, saved credentials for the required login fields), and only after a + * scheduled health check detects an expired session — so this flag has no effect + * when `health_checks` is false. When false, expired sessions detected by a health + * check are marked as `NEEDS_AUTH` instead of attempting re-auth. + */ + auto_reauth?: boolean; + /** * ID of the underlying browser session driving the current flow (present when flow * in progress). Use this to inspect or terminate the browser session via the @@ -337,6 +348,15 @@ export interface ManagedAuth { */ health_check_interval?: number | null; + /** + * Whether periodic health checks are enabled for this connection. When false, the + * system will not automatically verify authentication status, and `auto_reauth` + * has no effect on the automatic flow (since re-auth is only triggered by a failed + * scheduled health check). Manually triggering a health check via the API still + * works regardless of this setting. + */ + health_checks?: boolean; + /** * URL to redirect user to for hosted login (present when flow in progress) */ @@ -591,6 +611,18 @@ export interface ManagedAuthCreateRequest { */ allowed_domains?: Array; + /** + * Whether to permit automatic re-authentication when a scheduled health check + * detects an expired session. This is an opt-in flag only — it does not check + * whether re-auth is actually feasible. Even when true, re-auth only runs when the + * system has what it needs to perform it (for example, saved credentials for the + * required login fields), and only after a scheduled health check detects an + * expired session — so this flag has no effect when `health_checks` is false. When + * false, expired sessions are marked as `NEEDS_AUTH` instead of attempting + * re-auth. Defaults to true. + */ + auto_reauth?: boolean; + /** * Reference to credentials for the auth connection. Use one of: * @@ -609,6 +641,14 @@ export interface ManagedAuthCreateRequest { */ health_check_interval?: number; + /** + * Whether to enable periodic health checks. When false, the system will not + * automatically verify authentication status, and `auto_reauth` has no effect on + * the automatic flow (since re-auth is only triggered by a failed scheduled health + * check). Defaults to true. + */ + health_checks?: boolean; + /** * Optional login page URL to skip discovery */ @@ -689,6 +729,17 @@ export interface ManagedAuthUpdateRequest { */ allowed_domains?: Array; + /** + * Whether automatic re-authentication is permitted for this connection. This is an + * opt-in flag only — it does not check whether re-auth is actually feasible. Even + * when true, re-auth only runs when the system has what it needs to perform it + * (for example, saved credentials for the required login fields), and only after a + * scheduled health check detects an expired session — so this flag has no effect + * when `health_checks` is false. When false, expired sessions detected by a health + * check are marked as `NEEDS_AUTH` instead of attempting re-auth. + */ + auto_reauth?: boolean; + /** * Reference to credentials for the auth connection. Use one of: * @@ -703,6 +754,14 @@ export interface ManagedAuthUpdateRequest { */ health_check_interval?: number; + /** + * Whether periodic health checks are enabled. When set to false, the system will + * not automatically verify authentication status, and `auto_reauth` has no effect + * on the automatic flow (since re-auth is only triggered by a failed scheduled + * health check). + */ + health_checks?: boolean; + /** * Login page URL. Set to empty string to clear. */ @@ -1068,6 +1127,18 @@ export interface ConnectionCreateParams { */ allowed_domains?: Array; + /** + * Whether to permit automatic re-authentication when a scheduled health check + * detects an expired session. This is an opt-in flag only — it does not check + * whether re-auth is actually feasible. Even when true, re-auth only runs when the + * system has what it needs to perform it (for example, saved credentials for the + * required login fields), and only after a scheduled health check detects an + * expired session — so this flag has no effect when `health_checks` is false. When + * false, expired sessions are marked as `NEEDS_AUTH` instead of attempting + * re-auth. Defaults to true. + */ + auto_reauth?: boolean; + /** * Reference to credentials for the auth connection. Use one of: * @@ -1086,6 +1157,14 @@ export interface ConnectionCreateParams { */ health_check_interval?: number; + /** + * Whether to enable periodic health checks. When false, the system will not + * automatically verify authentication status, and `auto_reauth` has no effect on + * the automatic flow (since re-auth is only triggered by a failed scheduled health + * check). Defaults to true. + */ + health_checks?: boolean; + /** * Optional login page URL to skip discovery */ @@ -1163,6 +1242,17 @@ export interface ConnectionUpdateParams { */ allowed_domains?: Array; + /** + * Whether automatic re-authentication is permitted for this connection. This is an + * opt-in flag only — it does not check whether re-auth is actually feasible. Even + * when true, re-auth only runs when the system has what it needs to perform it + * (for example, saved credentials for the required login fields), and only after a + * scheduled health check detects an expired session — so this flag has no effect + * when `health_checks` is false. When false, expired sessions detected by a health + * check are marked as `NEEDS_AUTH` instead of attempting re-auth. + */ + auto_reauth?: boolean; + /** * Reference to credentials for the auth connection. Use one of: * @@ -1177,6 +1267,14 @@ export interface ConnectionUpdateParams { */ health_check_interval?: number; + /** + * Whether periodic health checks are enabled. When set to false, the system will + * not automatically verify authentication status, and `auto_reauth` has no effect + * on the automatic flow (since re-auth is only triggered by a failed scheduled + * health check). + */ + health_checks?: boolean; + /** * Login page URL. Set to empty string to clear. */ diff --git a/tests/api-resources/auth/connections.test.ts b/tests/api-resources/auth/connections.test.ts index 675c3620..c03afb3a 100644 --- a/tests/api-resources/auth/connections.test.ts +++ b/tests/api-resources/auth/connections.test.ts @@ -29,6 +29,7 @@ describe('resource connections', () => { domain: 'netflix.com', profile_name: 'user-123', allowed_domains: ['login.netflix.com', 'auth.netflix.com'], + auto_reauth: true, credential: { auto: true, name: 'my-netflix-creds', @@ -36,6 +37,7 @@ describe('resource connections', () => { provider: 'my-1p', }, health_check_interval: 3600, + health_checks: true, login_url: 'https://netflix.com/login', proxy: { id: 'id', name: 'name' }, record_session: false, From 3f483b75c9eac46519106a8827838d307fc79c37 Mon Sep 17 00:00:00 2001 From: "stainless-app[bot]" <142633134+stainless-app[bot]@users.noreply.github.com> Date: Fri, 15 May 2026 20:33:05 +0000 Subject: [PATCH 4/4] release: 0.55.0 --- .release-please-manifest.json | 2 +- CHANGELOG.md | 9 +++++++++ package-lock.json | 4 ++-- package.json | 2 +- src/version.ts | 2 +- 5 files changed, 14 insertions(+), 5 deletions(-) diff --git a/.release-please-manifest.json b/.release-please-manifest.json index 330850bf..b2ddd217 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1,3 +1,3 @@ { - ".": "0.54.0" + ".": "0.55.0" } diff --git a/CHANGELOG.md b/CHANGELOG.md index a2e6a6ca..9c34e4ce 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,14 @@ # Changelog +## 0.55.0 (2026-05-15) + +Full Changelog: [v0.54.0...v0.55.0](https://github.com/kernel/kernel-node-sdk/compare/v0.54.0...v0.55.0) + +### Features + +* Add health check and auto-reauth controls for managed auth connections ([259c75b](https://github.com/kernel/kernel-node-sdk/commit/259c75be12f66c2180fb20c83269573bc5c2b00a)) +* Polish start URL OpenAPI descriptions ([6f9e3d9](https://github.com/kernel/kernel-node-sdk/commit/6f9e3d97031b8f5dd3536a86b65a1b45f27f6af1)) + ## 0.54.0 (2026-05-13) Full Changelog: [v0.53.0...v0.54.0](https://github.com/kernel/kernel-node-sdk/compare/v0.53.0...v0.54.0) diff --git a/package-lock.json b/package-lock.json index edd4e546..c085d96f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@onkernel/sdk", - "version": "0.54.0", + "version": "0.55.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@onkernel/sdk", - "version": "0.54.0", + "version": "0.55.0", "license": "Apache-2.0", "devDependencies": { "@arethetypeswrong/cli": "^0.17.0", diff --git a/package.json b/package.json index 9232236f..c11d590f 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@onkernel/sdk", - "version": "0.54.0", + "version": "0.55.0", "description": "The official TypeScript library for the Kernel API", "author": "Kernel <>", "types": "dist/index.d.ts", diff --git a/src/version.ts b/src/version.ts index 3a6141dc..7c47df59 100644 --- a/src/version.ts +++ b/src/version.ts @@ -1 +1 @@ -export const VERSION = '0.54.0'; // x-release-please-version +export const VERSION = '0.55.0'; // x-release-please-version