release: 0.35.1

[stainless-app]

Automated Release PR

0.35.1 (2026-04-02)

Full Changelog: v0.35.0...v0.35.1

Features

• add 'mood' to memory type unions (#89) (76d16b8)
• api: api update (1394392)
• api: api update (acf8988)
• api: api update (408ed83)
• api: api update (62d04a2)

Bug Fixes

• internal: gitignore generated oidc dir (a305f3d)

Chores

• ci: escape input path in publish-npm workflow (40c8402)
• ci: skip lint on metadata-only changes (14012e7)
• internal: fix MCP server TS errors that occur with required client options (b7abcfb)
• internal: improve local docs search for MCP servers (eee2438)
• internal: improve local docs search for MCP servers (f218072)
• internal: support custom-instructions-path flag in MCP servers (c6d4043)
• internal: support local docs search in MCP servers (4a9b2cf)
• internal: support type annotations when running MCP in local execution mode (41a4e6a)
• internal: update gitignore (9270ff5)
• internal: update multipart form array serialization (97f213b)
• mcp-server: add support for session id, forward client info (9e3018f)
• tests: bump steady to v0.19.4 (e614b67)
• tests: bump steady to v0.19.5 (eadfc98)
• tests: bump steady to v0.19.6 (4ed8bba)
• tests: bump steady to v0.19.7 (6aaa435)
• tests: bump steady to v0.20.1 (bb96b8b)
• tests: bump steady to v0.20.2 (2a71a6e)

Refactors

• tests: switch from prism to steady (75ac934)

---

This pull request is managed by Stainless's GitHub App.

The semver version number is based on included commit messages. Alternatively, you can manually set the version number in the title of this pull request.

For a better experience, it is recommended to use either rebase-merge or squash-merge when merging this pull request.

🔗 Stainless website
📚 Read the docs
🙋 Reach out for help or questions

[stainless-app]

🧪 Testing

To try out this version of the SDK:

npm install 'https://pkg.stainless.com/s/hyperspell-typescript/41a4e6a998f03224e0aa765c348f7d4d96a98d01/dist.tar.gz'

Expires at: Sat, 02 May 2026 05:26:58 GMT
Updated at: Thu, 02 Apr 2026 05:26:58 GMT

[canaries-inc]

Canary encountered an internal error while analyzing this PR.

[entelligence-ai-pr-reviews]

---

---

Confidence Score: 5/5 - Safe to Merge

• No new review comments were generated, indicating the PR appears clean to the automated review.
• No critical, significant, or high-risk issues were identified in the heuristic analysis.
• 8 out of 11 changed files were reviewed with zero issues flagged across all severity levels.
• No existing unresolved comments remain, suggesting previous concerns have been addressed.

[entelligence-ai-pr-reviews]

---

---

Confidence Score: 5/5 - Safe to Merge

• No new review comments were generated, indicating the PR appears clean from an automated review perspective.
• No critical, significant, or high-risk issues were identified in the heuristic analysis.
• 8 out of 11 changed files were reviewed with no issues found, providing reasonable coverage confidence.
• No existing unresolved comments that could indicate lingering concerns.

[entelligence-ai-pr-reviews]

---

---

Confidence Score: 5/5 - Safe to Merge

• No new review comments were generated, indicating the PR appears clean from an automated review perspective.
• No critical, significant, or high-risk issues were identified in the heuristic analysis.
• 15 out of 18 changed files were reviewed, providing good coverage with no issues found.
• No existing unresolved comments that would block merging.

[entelligence-ai-pr-reviews]

---

---

Confidence Score: 5/5 - Safe to Merge

• No critical or significant issues found
• 15/18 changed files reviewed (83% coverage)

[entelligence-ai-pr-reviews]

---

---

Confidence Score: 5/5 - Safe to Merge

• No critical or significant issues found
• 15/18 changed files reviewed (83% coverage)

[entelligence-ai-pr-reviews]

---

---

Confidence Score: 5/5 - Safe to Merge

• No new review comments were generated, indicating the PR is clean from an automated review perspective.
• No critical, significant, or high-risk issues were identified in the heuristic analysis.
• 15 out of 18 changed files were reviewed with zero issues flagged, providing good coverage confidence.
• No existing unresolved comments carry over from previous reviews that would block merging.

[stainless-app]

Release version edited manually

The Pull Request version has been manually set to 0.35.1 and will be used for the release.

If you instead want to use the version number 0.36.0 generated from conventional commits, just remove the label autorelease: custom version from this Pull Request.

[entelligence-ai-pr-reviews]

---

---

Confidence Score: 5/5 - Safe to Merge

• No critical or significant issues found
• 15/19 changed files reviewed (79% coverage)

[entelligence-ai-pr-reviews]

---

---

Confidence Score: 5/5 - Safe to Merge

• No critical or significant issues found
• 16/20 changed files reviewed (80% coverage)

[entelligence-ai-pr-reviews]

---

---

Confidence Score: 5/5 - Safe to Merge

• No critical or significant issues found
• 16/20 changed files reviewed (80% coverage)

[entelligence-ai-pr-reviews]

---

---

Confidence Score: 5/5 - Safe to Merge

• No critical or significant issues found
• 16/20 changed files reviewed (80% coverage)

[entelligence-ai-pr-reviews]

---

---

Confidence Score: 5/5 - Safe to Merge

• No new review comments were generated, indicating the PR is clean with no identified issues.
• No existing unresolved comments to consider, meaning there are no lingering concerns from previous reviews.
• 16 out of 21 changed files were reviewed with no issues found, providing good coverage confidence.
• Heuristic analysis shows zero critical, significant, high-risk, or medium issues detected.

[entelligence-ai-pr-reviews]

---

---

Confidence Score: 5/5 - Safe to Merge

• No new review comments were generated, indicating the PR appears clean from an automated review perspective.
• No critical, significant, or high-risk issues were identified in the heuristic analysis.
• Coverage of 16/21 changed files is reasonable, and no unresolved existing comments are blocking the merge.
• The absence of any flagged issues across all severity levels supports a safe-to-merge assessment.

[entelligence-ai-pr-reviews]

---

Confidence Score: 3/5 - Review Recommended

Likely safe but review recommended — this patch release adds Gmail Actions support, a memory search effort parameter, and offline MCP docs search via MiniSearch, all of which appear well-structured, but a pre-existing unresolved concern about packages/mcp-server/src/instructions.ts remains open: the static import fs from 'fs/promises' at the top of that file will cause a hard failure at module load time in non-Node runtimes such as Deno or Cloudflare Workers, even when the file-reading code path is never reached. This is not introduced by the current PR, but it has not been resolved either, and given that MCP servers are commonly deployed in edge/worker environments, the risk is real enough to warrant attention before shipping.

Key Findings:

• The static top-level import fs from 'fs/promises' in packages/mcp-server/src/instructions.ts will throw at module initialization in non-Node runtimes (Deno, Cloudflare Workers), making the entire MCP server non-functional in those environments — this pre-existing comment remains unresolved.
• The additions to union types across actions.ts, auth.ts, connections.ts, integrations.ts, web-crawler.ts, memories.ts, and shared.ts for 'gmail_actions' appear consistent and mechanical, reducing the risk of type-level regressions.
• The new optional effort parameter on MemorySearchParams is accompanied by test coverage, which is a positive signal for correctness of that feature.
• 23 of 30 changed files were reviewed, meaning roughly 7 files had no automated review coverage — for a release PR this is an acceptable but non-zero residual risk.

Files requiring special attention

• packages/mcp-server/src/instructions.ts

[entelligence-ai-pr-reviews]

Correctness: The returned McpOptions object is missing several properties from defaultOptions that are defined in the McpOptions type: stainlessApiKey, codeAllowHttpGets, codeAllowedMethods, codeBlockedMethods, and customInstructionsPath. These will be silently dropped when parseQueryOptions is called, potentially causing features like auth and method filtering to stop working for HTTP connections.

🤖 AI Agent Prompt for Cursor/Windsurf

📋 Copy this prompt to your AI coding assistant (Cursor, Windsurf, etc.) to get help fixing this issue

In packages/mcp-server/src/options.ts, the `parseQueryOptions` function (lines 179-185) returns a `McpOptions` object that is missing several properties from `defaultOptions`: `stainlessApiKey`, `codeAllowHttpGets`, `codeAllowedMethods`, `codeBlockedMethods`, and `customInstructionsPath`. These are defined in the `McpOptions` type but are not forwarded through, so they will be silently dropped. Add these properties to the returned object: `stainlessApiKey: defaultOptions.stainlessApiKey`, `codeAllowHttpGets: defaultOptions.codeAllowHttpGets`, `codeAllowedMethods: defaultOptions.codeAllowedMethods`, `codeBlockedMethods: defaultOptions.codeBlockedMethods`, `customInstructionsPath: defaultOptions.customInstructionsPath`.

[entelligence-ai-pr-reviews]

---

Confidence Score: 3/5 - Review Recommended

Likely safe but review recommended — this patch release introduces useful extensions to Gmail Actions integration and MCP server capabilities, but has two substantive correctness issues that should be addressed. In packages/mcp-server/src/options.ts, the parseQueryOptions function silently drops several McpOptions properties including stainlessApiKey, codeAllowHttpGets, codeAllowedMethods, codeBlockedMethods, and customInstructionsPath from the returned object, which could cause runtime behavior mismatches when callers depend on those values. A pre-existing concern about the static import fs from 'fs/promises' in packages/mcp-server/src/instructions.ts also remains unresolved, which will cause module-load failures in non-Node runtimes even when the file-reading code path is never invoked.

Key Findings:

• In parseQueryOptions (options.ts), the reconstructed McpOptions return value omits stainlessApiKey, codeAllowHttpGets, codeAllowedMethods, codeBlockedMethods, and customInstructionsPath — fields that are part of the type definition and populated from defaultOptions. This is a silent data-loss bug that could cause downstream callers to use undefined values where configured options were expected.
• The static top-level import fs from 'fs/promises' in instructions.ts is a pre-existing unresolved issue: it will throw at module load time in non-Node environments (Cloudflare Workers, Deno) regardless of whether the customInstructionsPath feature is used, limiting the portability of the MCP server package.
• The Gmail Actions literal additions across actions.ts, auth.ts, connections.ts, integrations.ts, web-crawler.ts, memories.ts, and shared.ts appear to be consistent union type extensions with low risk, and the new effort parameter on MemorySearchParams is additive and optional.

Files requiring special attention

• packages/mcp-server/src/options.ts
• packages/mcp-server/src/instructions.ts

[entelligence-ai-pr-reviews]

---

Confidence Score: 3/5 - Review Recommended

Likely safe but review recommended — this PR delivers a solid patch release expanding Gmail Actions support and MCP server enhancements, but two unresolved correctness concerns from a prior review remain open. Specifically, the static import fs from 'fs/promises' in instructions.ts will cause module load failures in non-Node runtimes (e.g., Cloudflare Workers, Deno) even when the file-reading path is never invoked, and the McpOptions object returned in options.ts is missing several properties (stainlessApiKey, codeAllowHttpGets, codeAllowedMethods, etc.) that are defined in the McpOptions type, which could lead to subtle runtime failures or type unsafety downstream. These were flagged in a previous review and remain unaddressed.

Key Findings:

• In packages/mcp-server/src/instructions.ts, the top-level static import fs from 'fs/promises' will throw at module load time in any non-Node environment, making the entire MCP server package unusable in edge/serverless runtimes without a conditional dynamic import or a runtime guard.
• In packages/mcp-server/src/options.ts (L179-L185), the returned McpOptions object omits required/expected fields such as stainlessApiKey, codeAllowHttpGets, and codeAllowedMethods that exist on the McpOptions type, meaning callers relying on those fields will silently receive undefined rather than the defaults, potentially causing incorrect behavior.
• The core SDK changes (adding 'gmail_actions' to union types across actions.ts, auth.ts, connections.ts, integrations.ts, etc., and adding the effort parameter to MemorySearchParams) are additive, non-breaking, and appear well-scoped with corresponding test coverage.
• The migration from Prism to Steady for mock server tooling and the CI/CD hardening are infrastructure-level changes that don't affect runtime correctness of the SDK itself, but the two unresolved MCP server correctness issues are sufficient reason to recommend a review before merging.

Files requiring special attention

• packages/mcp-server/src/instructions.ts
• packages/mcp-server/src/options.ts

[entelligence-ai-pr-reviews]

---

Confidence Score: 3/5 - Review Recommended

Likely safe but review recommended — this patch release introduces valuable API surface expansions (Gmail Actions support, MCP server enhancements) and appears clean in the new review pass, but two pre-existing unresolved correctness issues remain open that were not addressed before merge. Specifically, the static import fs from 'fs/promises' in packages/mcp-server/src/instructions.ts will cause hard failures at module load time in non-Node runtimes (Deno, Cloudflare Workers), and the McpOptions construction in packages/mcp-server/src/options.ts is missing fields like stainlessApiKey, codeAllowHttpGets, and codeAllowedMethods which could cause type inconsistencies or silent runtime failures downstream.

Key Findings:

• The static import fs from 'fs/promises' in instructions.ts is a runtime correctness issue: in non-Node environments, this import fails at module load time regardless of whether the file-reading code path is ever reached, making the entire MCP server package unusable in those environments.
• In options.ts, the returned McpOptions object omits several properties (stainlessApiKey, codeAllowHttpGets, codeAllowedMethods) that are part of the McpOptions type contract — consumers relying on these fields will get undefined silently, which is a correctness/API contract violation.
• The new-review pass found no additional issues across the 24/31 reviewed changed files, which is a positive signal that the bulk of the additions (Gmail Actions literals across actions.ts, auth.ts, connections.ts, etc., and the effort parameter in MemorySearchParams) appear structurally sound.
• The two unresolved comments are categorized as correctness issues, not style nits — they represent real runtime failure modes that should be addressed before shipping to consumers depending on this package in non-Node environments.

Files requiring special attention

• packages/mcp-server/src/instructions.ts
• packages/mcp-server/src/options.ts

[entelligence-ai-pr-reviews]

---

Confidence Score: 3/5 - Review Recommended

Likely safe but review recommended — this patch release adds Gmail Actions support, MCP server enhancements, and mock server migration, but two pre-existing unresolved correctness issues in the MCP server package remain open. Specifically, the static import fs from 'fs/promises' in instructions.ts will cause module-load failures in non-Node runtimes (Deno, Cloudflare Workers), and options.ts returns an McpOptions object missing several type-required properties (stainlessApiKey, codeAllowHttpGets, codeAllowedMethods, etc.), which could cause runtime errors when those fields are accessed. These issues were not introduced by this PR but remain unresolved and affect the MCP server package that is part of this release.

Key Findings:

• In packages/mcp-server/src/instructions.ts, the top-level import fs from 'fs/promises' is unconditional and will throw at module load time in any non-Node.js runtime environment, making the MCP server non-functional in edge or Deno deployments regardless of which code paths are executed.
• In packages/mcp-server/src/options.ts, the McpOptions object returned by the options-building function is missing several declared type properties (stainlessApiKey, codeAllowHttpGets, codeAllowedMethods), which represents a type-safety gap that could cause undefined access bugs downstream when callers rely on those fields being present.
• The new LocalDocsSearch class in local-docs-search.ts using MiniSearch appears to be a new code path that was not covered in the heuristic review (only 24/31 changed files were reviewed), leaving some uncertainty about its correctness.
• The core type union additions for 'gmail_actions' across actions.ts, auth.ts, connections.ts, integrations.ts, and related files appear straightforward and low-risk as additive changes to discriminated unions.

Files requiring special attention

• packages/mcp-server/src/instructions.ts
• packages/mcp-server/src/options.ts
• packages/mcp-server/src/local-docs-search.ts

[entelligence-ai-pr-reviews]

Correctness: Buffer is used as a global, but in a Deno environment (evidenced by the export default { fetch } pattern and Deno stack trace parsing) it is not globally available without an explicit import { Buffer } from 'node:buffer' — this will throw a ReferenceError at runtime when tseval is called.

🤖 AI Agent Prompt for Cursor/Windsurf

📋 Copy this prompt to your AI coding assistant (Cursor, Windsurf, etc.) to get help fixing this issue

In `packages/mcp-server/src/code-tool-worker.ts`, the `tseval` function introduced at line 8-10 uses `Buffer` as a global. This file runs in a Deno environment (see `export default { fetch }` at the bottom and the Deno-specific stack trace comment in `parseError`). In Deno, `Buffer` is not a global and must be explicitly imported. Add `import { Buffer } from 'node:buffer';` at the top of the file alongside the existing `node:path` and `node:util` imports to prevent a ReferenceError at runtime.

[entelligence-ai-pr-reviews]

Correctness: 🔴 Mutating globalThis.console is not safe for concurrent requests: if two fetch calls overlap, Request B will capture Request A's patched console as its originalConsole, and the finally restore in B will leave the global pointing at A's interceptor instead of the real console, permanently leaking log capture across requests.

🤖 AI Agent Prompt for Cursor/Windsurf

📋 Copy this prompt to your AI coding assistant (Cursor, Windsurf, etc.) to get help fixing this issue

In packages/mcp-server/src/code-tool-worker.ts, lines 271-278, the code patches `globalThis.console` to intercept log output from user-supplied code. Because `fetch` is async and can be called concurrently, multiple requests can interleave: Request B may snapshot Request A's already-patched console as its 'originalConsole', causing the finally-restore in B to leave `globalThis.console` pointing at A's interceptor. Fix by either: (1) using an AsyncLocalStorage context to scope the console override per-request without mutating shared global state, or (2) running the user code in an isolated worker where `console` can be safely replaced without affecting other concurrent requests.

[entelligence-ai-pr-reviews]

---

Confidence Score: 1/5 - Blocking Issues

Not safe to merge — packages/mcp-server/src/code-tool-worker.ts contains two critical runtime bugs: a missing import { Buffer } from 'node:buffer' that will throw a ReferenceError in the Deno environment this worker targets, and an unsafe mutation of globalThis.console that is not concurrency-safe, meaning overlapping fetch requests will permanently corrupt the global console state. This PR adds valuable features (Gmail Actions support, local docs search via MiniSearch, session tracking) but the worker file issues are blocking, and two pre-existing unresolved correctness issues remain open: a static import fs from 'fs/promises' in instructions.ts that breaks non-Node runtimes at module load time, and options.ts returning a McpOptions object missing several required properties (stainlessApiKey, codeAllowHttpGets, codeAllowedMetadata). The combination of new critical bugs and unresolved prior correctness issues makes this unsafe to merge in its current state.

Key Findings:

• Buffer is used as a global in code-tool-worker.ts inside the tseval handler, but the Deno runtime does not expose it globally — this will cause a hard ReferenceError crash at runtime for any code evaluation request, completely breaking the code tool feature.
• The globalThis.console patch in code-tool-worker.ts is not concurrency-safe: concurrent fetch calls will capture each other's patched console as originalConsole, and the finally block will restore the wrong reference, permanently leaving the global console pointing at a stale interceptor and causing log output leakage or loss across all subsequent requests.
• The pre-existing unresolved issue in instructions.ts — using a top-level import fs from 'fs/promises' — will crash the module at load time in non-Node environments (Deno, Cloudflare Workers), which is directly relevant given this PR targets Deno-based MCP server deployment.
• The pre-existing unresolved issue in options.ts where the returned McpOptions object omits stainlessApiKey, codeAllowHttpGets, and codeAllowedMetadata means callers relying on those properties will silently receive undefined, potentially causing subtle downstream failures in code execution gating and authentication flows.

Files requiring special attention

• packages/mcp-server/src/code-tool-worker.ts
• packages/mcp-server/src/instructions.ts
• packages/mcp-server/src/options.ts