release: 0.39.0

[stainless-app]

Automated Release PR

0.39.0 (2026-06-10)

Full Changelog: v0.38.0...v0.39.0

Features

• api: api update (aece11c)
• api: api update (16484dc)
• api: api update (eb85299)
• api: api update (7465b15)
• api: api update (898829a)
• api: api update (c31c296)
• api: api update (8958b49)
• api: api update (10386a3)
• api: api update (e1f12f8)
• api: api update (700d0af)
• api: api update (d4b2496)
• api: manual updates (93a95b4)
• api: manual updates (dc0c039)
• support setting headers via env (0e3b514)

Bug Fixes

• typescript: upgrade tsc-multi so that it works with Node 26 (bb51450)

Chores

• avoid formatting file that gets changed during releases (cf52108)
• format: run eslint and prettier separately (43ec88d)
• internal: codegen related update (f6cdc59)
• internal: more robust bootstrap script (dd48b06)
• internal: update docs ordering (9ac7b35)
• redact api-key headers in debug logs (9ccb5ff)
• restructure docs search code (8a752b4)
• tests: remove redundant File import (1f3a018)
• update SDK settings (5f5049a)

Documentation

• update http mcp docs (6f8f5a6)

---

This pull request is managed by Stainless's GitHub App.

The semver version number is based on included commit messages. Alternatively, you can manually set the version number in the title of this pull request.

For a better experience, it is recommended to use either rebase-merge or squash-merge when merging this pull request.

🔗 Stainless website
📚 Read the docs
🙋 Reach out for help or questions

[stainless-app]

🧪 Testing

To try out this version of the SDK:

npm install 'https://pkg.stainless.com/s/hyperspell-typescript/93a95b40d2d6632e3cb33d7bddbb0dd40a42c02e/dist.tar.gz'

Expires at: Fri, 10 Jul 2026 20:27:45 GMT
Updated at: Wed, 10 Jun 2026 20:27:45 GMT

[canaries-inc]

🐤 Canary Summary

This is an automated release PR with no UI/UX changes:

• Version bumped from 0.38.0 to 0.38.1 across all package files
• Updated npm publishing workflow authentication from OIDC to token-based
• Modified release scripts to use NPM_TOKEN environment variable
• Updated changelog and configuration metadata
• No user-facing UI components, styling, or application logic affected

---

---

View PR tests on Canary

[canaries-inc]

🐤 Canary Proposed Tests

No testable user journeys found for this PR.

[entelligence-ai-pr-reviews]

---

Confidence Score: 5/5 - Safe to Merge

Safe to merge — this appears to be a standard release bump to version 0.38.1 with no identified logic, security, or correctness issues surfaced during review. The automated analysis found zero critical, significant, or medium-severity issues across the reviewed files. While only 4 of 13 changed files received coverage, the absence of any flagged concerns and the nature of a patch release (typically containing minor fixes or version metadata updates) supports a clean merge.

Key Findings:

• No new review comments were generated, indicating no obvious logic bugs, security vulnerabilities, or correctness issues were detected in the analyzed code.
• The PR is a patch release (0.38.1), which typically involves version string updates, changelog entries, and minor bug fixes rather than high-risk architectural changes.
• Zero unresolved pre-existing comments were carried into this review, meaning there is no backlog of known issues being deferred.
• 4 of 13 changed files were reviewed by the heuristic analysis — the unreviewed files represent a minor blind spot, but for a release PR this risk is generally low.

[entelligence-ai-pr-reviews]

EntelligenceAI PR Summary

Introduces the evaluate.listQueries paginated endpoint and HYPERSPELL_CUSTOM_HEADERS environment variable support across the SDK and MCP server.

• Added listQueries method to src/resources/evaluate.ts using CursorPage with optional user_id filter
• Introduced and exported EvaluateListQueriesResponse, EvaluateListQueriesParams, EvaluateListQueriesResponsesCursorPage from src/resources/index.ts and src/client.ts
• Added HYPERSPELL_CUSTOM_HEADERS env var parsing in src/client.ts (newline-separated key: value pairs, overridden by programmatic options)
• Registered new method in MCP server (methods.ts, code-tool-worker.ts) and updated local docs search index (local-docs-search.ts) with new fields, enum type change for effort, and standardized example ordering
• Added two test cases in tests/api-resources/evaluate.test.ts covering basic response and parameter validation
• Updated api.md, MIGRATION.md, CHANGELOG.md, and .stats.yml to reflect all changes

---

Confidence Score: 3/5 - Review Recommended

Likely safe but review recommended — this PR introduces the evaluate.listQueries paginated endpoint and HYPERSPELL_CUSTOM_HEADERS env var support cleanly, but carries unresolved pre-existing issues that have not been addressed. A pre-existing concern about bin/publish-npm not catching an empty-string NPM_TOKEN remains open, as does a bug in scripts/fast-format where $FILE_LIST holds a file path rather than file contents causing prettier to potentially hang on an empty file list, and a character-count breaking issue in scripts/utils/postprocess-files.cjs where ts-ignore replacement corrupts declaration maps.

Key Findings:

• In bin/publish-npm, the NPM_TOKEN empty-string check has been identified as not properly guarded — a publish attempt with an empty token would fail non-gracefully, representing a reliability issue in the release pipeline for this very release PR.
• In scripts/fast-format, the guard at L31-37 checks $FILE_LIST (which is a file path string, always non-empty) rather than the file's contents, meaning prettier can hang when zero files have changed — a latent reliability bug in the dev toolchain.
• In scripts/utils/postprocess-files.cjs, the ts-ignore comment replacement changes character counts, which can break source declaration maps — this is a correctness issue affecting generated TypeScript declarations that ship with the SDK.
• The new listQueries method in src/resources/evaluate.ts and its exports via src/resources/index.ts and src/client.ts appear structurally consistent with existing patterns in the codebase, and no new issues were identified in the current review pass.
• 1 previous unresolved comment(s) likely resolved in latest diff (score-only signal; thread status unchanged)

Files requiring special attention

• bin/publish-npm
• scripts/fast-format
• scripts/utils/postprocess-files.cjs
• src/resources/evaluate.ts

[entelligence-ai-pr-reviews]

publish-npm.yml skips NPM_TOKEN validation that bin/publish-npm previously enforced

bin/publish-npm previously had an inline guard that printed a clear error and exited if NPM_TOKEN was unset and OIDC was unavailable. The new bin/publish-npm drops that guard entirely and unconditionally calls npm config set ... "$NPM_TOKEN". The validation was moved to bin/check-release-environment (called only from release-doctor.yml), but publish-npm.yml never calls check-release-environment. If either secret (HYPERSPELL_NPM_TOKEN/NPM_TOKEN) is missing, GitHub Actions resolves the expression to "", so the publish job builds all packages, installs deps, and then fails late at pnpm publish with a cryptic npm auth error instead of the fast, descriptive message.

Prompt to fix with AI

Copy this prompt into your AI coding assistant to fix this issue.

Add a step in `.github/workflows/publish-npm.yml` before 'Publish to NPM' that runs `bash ./bin/check-release-environment` with `env: NPM_TOKEN: ${{ secrets.HYPERSPELL_NPM_TOKEN || secrets.NPM_TOKEN }}`, so the workflow fails fast with a descriptive error if the secret is missing rather than failing late at npm auth after building all packages.

[entelligence-ai-pr-reviews]

NPM_TOKEN empty-string not caught; check moved out of publish path

bin/publish-npm removed its inline NPM_TOKEN guard and now unconditionally calls npm config set with "$NPM_TOKEN". publish-npm.yml sets NPM_TOKEN from secrets with a || fallback; when both secrets are absent it evaluates to empty string (not unset), so bash's -u guard never fires, the auth token is set to "", and the publish silently fails at npm with an opaque auth error. The only [ -z "${NPM_TOKEN}" ] check lives in bin/check-release-environment, which is only invoked by release-doctor.yml (triggered on PRs, not on publish events).

Prompt to fix with AI

Copy this prompt into your AI coding assistant to fix this issue.

Add an explicit NPM_TOKEN check to `publish-npm.yml` before the publish step, OR add `if [ -z "${NPM_TOKEN:-}" ]; then echo 'ERROR: NPM_TOKEN must be set'; exit 1; fi` at the top of `bin/publish-npm` (replacing the unconditional set) so the publish job itself fails fast with a clear message when both secrets are unset.

[entelligence-ai-pr-reviews]

File: tests/api-resources/memories.test.ts

Test exercises provenance=true with effort='minimal', contradicting documented constraint

src/resources/memories.ts:598-604 documents provenance as 'effort=very_high only', but tests/api-resources/memories.test.ts:163+200 sends provenance=true alongside effort='minimal'. The test validates a combination the API docs say is unsupported, giving callers a false model of the API contract.

Prompt to fix with AI

Copy this prompt into your AI coding assistant to fix this issue.

In tests/api-resources/memories.test.ts, the search test at line 159 sets effort: 'minimal' but also passes provenance: true at line 200. The src/resources/memories.ts JSDoc for the provenance field states it is 'effort=\'very_high\' only'. Either change the test to use effort: 'very_high' to match the documented constraint, or remove the constraint note from the JSDoc if the API actually accepts provenance at any effort level.