release: 0.10.0#15
Conversation
1120576 to
5360552
Compare
5360552 to
583a35b
Compare
|
🧪 Testing To try out this version of the SDK: Expires at: Thu, 06 Aug 2026 15:51:06 GMT |
63d78de to
9e4fee6
Compare
| case <-ctx.Done(): | ||
| return ctx.Err() | ||
| case <-time.After(retryDelay(res, retryCount)): | ||
| } |
There was a problem hiding this comment.
Retry select uses per-request timeout context incorrectly
Medium Severity
The select waiting for retry delay uses ctx, which may include a per-request timeout (created via context.WithTimeout at line 427). If RequestTimeout is set and the request completes near its deadline, the remaining timeout can expire during the retry delay, causing a spurious context.DeadlineExceeded return — even though the user's original context is still active. Previously, time.Sleep was unaffected by the per-request timeout, and the next iteration would create a fresh timeout. This is worsened by the removal of the < time.Minute cap on Retry-After, since large server-specified delays now increase the chance of hitting the per-request timeout during the wait. The select needs to use cfg.Request.Context() (the user's original context) instead of ctx.
Additional Locations (1)
9e4fee6 to
da91790
Compare
| // If the API asks us to wait a certain amount of time (and it's a reasonable amount), | ||
| // just do what it says. | ||
|
|
||
| if retryAfterDelay, ok := parseRetryAfterHeader(res); ok && 0 <= retryAfterDelay && retryAfterDelay < time.Minute { |
There was a problem hiding this comment.
Retry delay removes upper bound on server-specified waits
Medium Severity
The retryDelay function previously capped the Retry-After header value at under one minute, falling back to exponential backoff (max 8 seconds) for larger values. Now it uses max(0, retryAfterDelay) with no upper bound. A misconfigured or malicious server returning a large Retry-After value (e.g., 86400 seconds) causes the SDK to wait an extremely long time per retry. While the new select on ctx.Done() allows cancellation, callers using context.Background() (common pattern, including in the test suite) have no deadline and will block indefinitely.
d460ffe to
31f1efb
Compare
31f1efb to
3ead8f0
Compare
26bd6d6 to
09ff1eb
Compare
53b2bfc to
9b49e99
Compare
| if params != "" { | ||
| u = u + "?" + params | ||
| parsed, _ := url.Parse(u) | ||
| if parsed.RawQuery != "" { |
There was a problem hiding this comment.
Ignored url.Parse error risks nil pointer dereference
Medium Severity
The error from url.Parse(u) is discarded on line 124 with parsed, _ := url.Parse(u). Go's url.Parse returns nil for the URL when it encounters a parse error. If that happens, the immediately following parsed.RawQuery access on line 125 will panic with a nil pointer dereference. While u is typically a well-formed path, propagating a malformed URL via request options or an unusual base URL could trigger this.
9b49e99 to
19bc880
Compare
Add namePrefixFilter to asset list
8025b18 to
ed651da
Compare
|
Note: this release PR has been open for more than 60 days. Until this PR is merged, we will temporarily stop pushing codegen updates due to changes to Stainless' codegen. |
ed651da to
440fc04
Compare
440fc04 to
40b83ac
Compare
40b83ac to
6f20040
Compare
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
There are 4 total unresolved issues (including 3 from previous reviews).
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 6f20040. Configure here.
| - '!stl-preview-base/**' | ||
| - '!generated' | ||
| - '!codegen/**' | ||
| - 'codegen/stl/**' |
There was a problem hiding this comment.
Codegen STL CI never runs
Medium Severity
Push filters list !codegen/** and then codegen/stl/**. GitHub Actions treats a matching exclude as blocking even when a later include also matches, so pushes to codegen/stl/** still skip this workflow despite the extra include line.
Reviewed by Cursor Bugbot for commit 6f20040. Configure here.
6f20040 to
9554d66
Compare
9554d66 to
fd05736
Compare
|
Note: this release PR has been open for more than 60 days. Until this PR is merged, we will temporarily stop pushing codegen updates due to changes to Stainless' codegen. |
4 similar comments
|
Note: this release PR has been open for more than 60 days. Until this PR is merged, we will temporarily stop pushing codegen updates due to changes to Stainless' codegen. |
|
Note: this release PR has been open for more than 60 days. Until this PR is merged, we will temporarily stop pushing codegen updates due to changes to Stainless' codegen. |
|
Note: this release PR has been open for more than 60 days. Until this PR is merged, we will temporarily stop pushing codegen updates due to changes to Stainless' codegen. |
|
Note: this release PR has been open for more than 60 days. Until this PR is merged, we will temporarily stop pushing codegen updates due to changes to Stainless' codegen. |
fd05736 to
3d55e1b
Compare


Automated Release PR
0.10.0 (2026-07-07)
Full Changelog: v0.9.0...v0.10.0
Features
Bug Fixes
Chores
jsontags toapi(9f208bc)This pull request is managed by Stainless's GitHub App.
The semver version number is based on included commit messages. Alternatively, you can manually set the version number in the title of this pull request.
For a better experience, it is recommended to use either rebase-merge or squash-merge when merging this pull request.
🔗 Stainless website
📚 Read the docs
🙋 Reach out for help or questions
Note
Medium Risk
Large generated API expansion plus changes to retries, query URL building, and required-field tagging affect all callers; risk is moderate but mostly additive API surface with some behavioral fixes in the HTTP layer.
Overview
Release 0.10.0 bumps the SDK from 0.9.0 and syncs generated clients to a larger OpenAPI surface (18 endpoints).
The client gains
Analytics(Get,GetInstances) andXcodeInstances(create/list/get/delete), wired onNewClientalongside existing instance and asset services.Instance and asset models pick up new API fields and semantics: Android/iOS status adds URLs (
apiUrl,mcpUrl,signedStreamUrl),terminationReason, and updated inactivity-timeout docs; iOS create supportsmodeland Keychain initial assets; assets addkind,platform,expiresAt,ttl, and richer list filters (kindFilter,namePrefixFilter).HTTP/runtime behavior changes include a default client with response header timeout,
LIMRUN_CUSTOM_HEADERS, retry waits that respect context cancel, merging query strings when the path already has?, and debug logging that redacts sensitive headers.Codegen/serialization moves required-field markers from
json:"...,required"toapi:"required", addsdefaultstruct tag support for JSON/multipart, and tightens param JSON marshaling (skip-compaction optimization).CI/testing adds a build job with OIDC source zip upload to Stainless (upstream repo only), pins action SHAs, adjusts push branch filters, removes Prism mock bootstrap from
scripts/test/scripts/mock, and skips mock-server integration tests by default.Reviewed by Cursor Bugbot for commit 3d55e1b. Bugbot is set up for automated code reviews on this repo. Configure here.