🧪 Testing

To try out this version of the SDK:

npm install 'https://pkg.stainless.com/s/hyperspell-typescript/898829a0b4b42f4bd463aa8a4cf63fe6f29e57f2/dist.tar.gz'

Expires at: Fri, 19 Jun 2026 17:32:10 GMT
Updated at: Wed, 20 May 2026 17:32:10 GMT

🐤 Canary Summary

This is an automated release PR with no UI/UX changes:

• Version bumped from 0.38.0 to 0.38.1 across all package files
• Updated npm publishing workflow authentication from OIDC to token-based
• Modified release scripts to use NPM_TOKEN environment variable
• Updated changelog and configuration metadata
• No user-facing UI components, styling, or application logic affected

View PR tests on Canary

🐤 Canary Proposed Tests

No testable user journeys found for this PR.

Confidence Score: 5/5 - Safe to Merge

Safe to merge — this appears to be a standard release bump to version 0.38.1 with no identified logic, security, or correctness issues surfaced during review. The automated analysis found zero critical, significant, or medium-severity issues across the reviewed files. While only 4 of 13 changed files received coverage, the absence of any flagged concerns and the nature of a patch release (typically containing minor fixes or version metadata updates) supports a clean merge.

Key Findings:

• No new review comments were generated, indicating no obvious logic bugs, security vulnerabilities, or correctness issues were detected in the analyzed code.
• The PR is a patch release (0.38.1), which typically involves version string updates, changelog entries, and minor bug fixes rather than high-risk architectural changes.
• Zero unresolved pre-existing comments were carried into this review, meaning there is no backlog of known issues being deferred.
• 4 of 13 changed files were reviewed by the heuristic analysis — the unreviewed files represent a minor blind spot, but for a release PR this risk is generally low.

EntelligenceAI PR Summary

Release v0.39.0 expands integration support, hardens CI security, and refactors tooling configuration across the SDK.

• Adds six new integration sources (granola, fathom, linear, hubspot, salesforce, coda) to union types in actions.ts, auth.ts, connections.ts, integrations.ts, web-crawler.ts, memories.ts, and shared.ts
• Refactors MemorySearchParams.effort from number to 'minimal' | 'low' | 'medium' | 'high' string enum; adds recency_half_life_days and folder_ancestors optional fields
• Adds HYPERSPELL_CUSTOM_HEADERS environment variable support in src/client.ts for injecting HTTP headers
• Extends sensitive header redaction in src/internal/utils/log.ts to cover api-key and x-api-key
• Pins all GitHub Actions to immutable commit SHAs in all three CI workflows; simplifies NPM publish to use NPM_TOKEN directly
• Decouples Prettier from ESLint: removes eslint-plugin-prettier, adds prettier --check to lint script, updates format scripts
• Upgrades tsc-multi from v1.1.9 to v1.1.11; adds .d.ts post-processing for @ts-ignore comment handling in postprocess-files.cjs
• Updates MCP server embedded docs with reordered code examples, new schema fields, and enriched HTTP examples

Confidence Score: 2/5 - Changes Needed

Not safe to merge — this PR carries multiple unresolved reliability bugs across its CI/tooling changes. The newly flagged issue in bin/publish-npm removes the inline NPM_TOKEN guard so an empty or missing token is no longer caught before npm publish executes, which can silently fail or publish with wrong credentials. A pre-existing and still-unresolved bug in scripts/fast-format means $FILE_LIST is tested as a non-empty path string rather than its contents, causing prettier to hang when no files have changed. A second unresolved pre-existing issue in scripts/utils/postprocess-files.cjs documents that the ts-ignore string replacement alters character counts, which breaks generated declaration maps — a correctness problem for consumers of the SDK. The new integration sources and MemorySearchParams.effort enum refactor look well-scoped and low-risk, but the tooling/CI issues are substantive enough to block a clean release.

Key Findings:

• bin/publish-npm no longer guards against an empty NPM_TOKEN before invoking npm publish, meaning a misconfigured CI environment could attempt a publish without valid credentials — a reliability and potential security concern for an automated release script.
• In scripts/fast-format, the emptiness check tests the path variable $FILE_LIST (always a non-empty string) instead of the file's contents, so prettier will be invoked with an empty file list and hang indefinitely when no files changed.
• In scripts/utils/postprocess-files.cjs, the ts-ignore comment replacement changes the byte/character count of processed files, invalidating source-map offsets in .d.ts.map declaration maps and breaking IDE go-to-definition for SDK consumers.
• The union-type expansions in actions.ts, auth.ts, connections.ts, and related files appear additive and consistent, and the effort string-enum refactor is a straightforward type narrowing — these changes themselves carry low risk.
• 2 previous unresolved comment(s) likely resolved in latest diff (score-only signal; thread status unchanged)