release: 0.39.0

[stainless-app]

Automated Release PR

0.39.0 (2026-05-29)

Full Changelog: v0.38.0...v0.39.0

Features

• api: api update (eb85299)
• api: api update (7465b15)
• api: api update (898829a)
• api: api update (c31c296)
• api: api update (8958b49)
• api: api update (10386a3)
• api: api update (e1f12f8)
• api: api update (700d0af)
• api: api update (d4b2496)
• support setting headers via env (0e3b514)

Bug Fixes

• typescript: upgrade tsc-multi so that it works with Node 26 (bb51450)

Chores

• avoid formatting file that gets changed during releases (cf52108)
• format: run eslint and prettier separately (43ec88d)
• internal: codegen related update (f6cdc59)
• internal: more robust bootstrap script (dd48b06)
• internal: update docs ordering (9ac7b35)
• redact api-key headers in debug logs (9ccb5ff)
• restructure docs search code (8a752b4)
• tests: remove redundant File import (1f3a018)
• update SDK settings (5f5049a)

Documentation

• update http mcp docs (6f8f5a6)

---

This pull request is managed by Stainless's GitHub App.

The semver version number is based on included commit messages. Alternatively, you can manually set the version number in the title of this pull request.

For a better experience, it is recommended to use either rebase-merge or squash-merge when merging this pull request.

🔗 Stainless website
📚 Read the docs
🙋 Reach out for help or questions

[stainless-app]

🧪 Testing

To try out this version of the SDK:

npm install 'https://pkg.stainless.com/s/hyperspell-typescript/eb852994671e2c39b31ffc1f150be17974a69393/dist.tar.gz'

Expires at: Sun, 28 Jun 2026 03:32:05 GMT
Updated at: Fri, 29 May 2026 03:32:05 GMT

[canaries-inc]

🐤 Canary Summary

This is an automated release PR with no UI/UX changes:

• Version bumped from 0.38.0 to 0.38.1 across all package files
• Updated npm publishing workflow authentication from OIDC to token-based
• Modified release scripts to use NPM_TOKEN environment variable
• Updated changelog and configuration metadata
• No user-facing UI components, styling, or application logic affected

---

---

View PR tests on Canary

[canaries-inc]

🐤 Canary Proposed Tests

No testable user journeys found for this PR.

[entelligence-ai-pr-reviews]

---

Confidence Score: 5/5 - Safe to Merge

Safe to merge — this appears to be a standard release bump to version 0.38.1 with no identified logic, security, or correctness issues surfaced during review. The automated analysis found zero critical, significant, or medium-severity issues across the reviewed files. While only 4 of 13 changed files received coverage, the absence of any flagged concerns and the nature of a patch release (typically containing minor fixes or version metadata updates) supports a clean merge.

Key Findings:

• No new review comments were generated, indicating no obvious logic bugs, security vulnerabilities, or correctness issues were detected in the analyzed code.
• The PR is a patch release (0.38.1), which typically involves version string updates, changelog entries, and minor bug fixes rather than high-risk architectural changes.
• Zero unresolved pre-existing comments were carried into this review, meaning there is no backlog of known issues being deferred.
• 4 of 13 changed files were reviewed by the heuristic analysis — the unreviewed files represent a minor blind spot, but for a release PR this risk is generally low.

[entelligence-ai-pr-reviews]

EntelligenceAI PR Summary

This PR introduces version 0.39.0, broadly adding eight new integration sources across the SDK and enhancing memory search and resource modeling capabilities.

• Added granola, fathom, fireflies, linear, hubspot, salesforce, coda, and lightfield to union types in actions.ts, auth.ts, connections.ts, integrations/integrations.ts, integrations/web-crawler.ts, memories.ts, and shared.ts
• Refactored MemorySearchParams.effort from a numeric type to a descriptive string enum ('minimal' | 'low' | 'medium' | 'high') with tiered agentic retrieval documentation
• Added optional recency_half_life_days to MemorySearchParams.Options for exponential-decay score weighting by document recency
• Added optional requires_channel_selection boolean to IntegrationListResponse to flag integrations requiring explicit channel selection before indexing
• Added optional selected_count to ConnectionListResponse.user_options.channels to track selected item counts
• Added optional folder_ancestors: Array<string> to Resource interface for hierarchical folder path resolution
• Updated OpenAPI spec URL, openapi_spec_hash, and config_hash in .stats.yml
• Documented v0.39.0 release in CHANGELOG.md including API changes, TypeScript Node 26 fix, and internal chores

---

Confidence Score: 2/5 - Changes Needed

Not safe to merge — while this PR cleanly adds eight new integration sources across union types and refactors MemorySearchParams.effort to a string type, it carries four unresolved pre-existing issues of significant severity that have not been addressed. The most critical are: a bug in scripts/fast-format where $FILE_LIST guards on the path string rather than file contents (causing prettier to hang on empty input), a character-count corruption in scripts/utils/postprocess-files.cjs where ts-ignore replacement breaks declaration maps, and an empty header key vulnerability in src/client.ts where a colon-prefixed line (line.substring(0, 0).trim()) silently writes an empty-string key into headers. These pre-existing issues are unresolved and affect tooling correctness and runtime behavior, making this release branch unsafe to merge without addressing them.

Key Findings:

• In scripts/fast-format (L31-L37), the guard condition checks $FILE_LIST (a non-empty path string) rather than the file's contents, meaning prettier will be invoked with an empty file list and hang — a real CI reliability issue flagged as Major in two separate comments.
• In scripts/utils/postprocess-files.cjs (L23-L41), ts-ignore comment replacements change the character count of processed files, which corrupts source-to-declaration map offsets — a confirmed bug that could silently break TypeScript consumers of the published SDK.
• In src/client.ts (L228-L245), when a response header line starts with a colon (i.e., colon === 0), line.substring(0, 0).trim() produces an empty string key written into the headers map — an edge-case data integrity issue that could cause subtle downstream parsing failures.
• The new integration additions across actions.ts, auth.ts, connections.ts, integrations.ts, memories.ts, and shared.ts appear clean and consistent, and the effort type refactor is straightforward, but the unresolved tooling and runtime bugs make this PR a risky release candidate.
• 2 previous unresolved comment(s) likely resolved in latest diff (score-only signal; thread status unchanged)

Files requiring special attention

• scripts/fast-format
• scripts/utils/postprocess-files.cjs
• src/client.ts

[entelligence-ai-pr-reviews]

🔧 Nit: Guard checks path variable instead of file contents, allowing prettier to hang on empty input — $FILE_LIST is the path string, which is always non-empty here (the script exits earlier if the file is missing), so this guard never prevents prettier from running. When the file is empty (no changed files), cat "$FILE_LIST" | xargs prettier causes GNU xargs to invoke prettier with no file arguments, making it block on stdin.

🤖 AI Agent Prompt for Cursor/Windsurf

📋 Copy this prompt to your AI coding assistant (Cursor, Windsurf, etc.) to get help fixing this issue

In `scripts/fast-format`, lines 33–37, the prettier guard checks the path variable `$FILE_LIST` instead of the file contents. Replace the block:

if ! [ -z "$FILE_LIST" ]; then
cat "$FILE_LIST" | xargs ./node_modules/.bin/prettier
--write --cache --cache-strategy metadata --no-error-on-unmatched-pattern --ignore-unknown
fi

with a content-aware check, for example by adding `-r` to xargs to prevent running when stdin is empty:

if [ -s "$FILE_LIST" ]; then
cat "$FILE_LIST" | xargs -r ./node_modules/.bin/prettier
--write --cache --cache-strategy metadata --no-error-on-unmatched-pattern --ignore-unknown
fi

This matches the pattern the ESLint block already uses (lines 28–31) and prevents prettier from hanging when no files are listed.

[entelligence-ai-pr-reviews]

ts-ignore replacement changes character count, breaking declaration maps

The existing replacement explicitly preserves character count to avoid breaking source maps, but this replacement converts /** @ts-ignore */ (18 chars, same line) to // @ts-ignore\n (15 chars + new line), corrupting offsets in the .d.ts.map files that declarationMap: true emits.

Prompt to fix with AI

Copy this prompt into your AI coding assistant to fix this issue.

In `scripts/utils/postprocess-files.cjs`, line 36, the replacement `transformed.replace(/\/\*\* @ts-ignore\b[^*]*\*\/ /gm, '// @ts-ignore\n')` changes the character count and inserts a new line, which breaks `.d.ts.map` declaration maps (the project has `declarationMap: true` in tsconfig.build.json). The sibling replacement at line 29 explicitly preserves character count to avoid this. Fix by padding the replacement to the same length as the match, e.g.: `transformed.replace(/\/\*\* @ts-ignore\b[^*]*\*\/ /gm, (match) => '// @ts-ignore' + '\n' + ' '.repeat(match.length - 14))` — or by restructuring so the `@ts-ignore` line replaces its content but the line count and subsequent offsets are preserved.

[entelligence-ai-pr-reviews]

publish-npm.yml skips NPM_TOKEN validation that bin/publish-npm previously enforced

bin/publish-npm previously had an inline guard that printed a clear error and exited if NPM_TOKEN was unset and OIDC was unavailable. The new bin/publish-npm drops that guard entirely and unconditionally calls npm config set ... "$NPM_TOKEN". The validation was moved to bin/check-release-environment (called only from release-doctor.yml), but publish-npm.yml never calls check-release-environment. If either secret (HYPERSPELL_NPM_TOKEN/NPM_TOKEN) is missing, GitHub Actions resolves the expression to "", so the publish job builds all packages, installs deps, and then fails late at pnpm publish with a cryptic npm auth error instead of the fast, descriptive message.

Prompt to fix with AI

Copy this prompt into your AI coding assistant to fix this issue.

Add a step in `.github/workflows/publish-npm.yml` before 'Publish to NPM' that runs `bash ./bin/check-release-environment` with `env: NPM_TOKEN: ${{ secrets.HYPERSPELL_NPM_TOKEN || secrets.NPM_TOKEN }}`, so the workflow fails fast with a descriptive error if the secret is missing rather than failing late at npm auth after building all packages.

[entelligence-ai-pr-reviews]

NPM_TOKEN empty-string not caught; check moved out of publish path

bin/publish-npm removed its inline NPM_TOKEN guard and now unconditionally calls npm config set with "$NPM_TOKEN". publish-npm.yml sets NPM_TOKEN from secrets with a || fallback; when both secrets are absent it evaluates to empty string (not unset), so bash's -u guard never fires, the auth token is set to "", and the publish silently fails at npm with an opaque auth error. The only [ -z "${NPM_TOKEN}" ] check lives in bin/check-release-environment, which is only invoked by release-doctor.yml (triggered on PRs, not on publish events).

Prompt to fix with AI

Copy this prompt into your AI coding assistant to fix this issue.

Add an explicit NPM_TOKEN check to `publish-npm.yml` before the publish step, OR add `if [ -z "${NPM_TOKEN:-}" ]; then echo 'ERROR: NPM_TOKEN must be set'; exit 1; fi` at the top of `bin/publish-npm` (replacing the unconditional set) so the publish job itself fails fast with a clear message when both secrets are unset.