Conversation
Bind browser subresource calls to a browser session's base_url and expose raw HTTP through a standard http.Client so metro-routed access feels like normal Go networking. Made-with: Cursor
Use the browser session base_url directly for path rewriting, preserve custom HTTP clients in HTTPClient(), and add an env-gated integration test for browser-scoped routing. Made-with: Cursor
Avoid depending on base_url path details in the integration test, keep the JWT helper package-private, and make round-tripper conformance explicit while preserving browser-scoped routing behavior. Made-with: Cursor
Keep the raw round-tripper constructor package-private, remove defensive middleware branches that imply unsupported empty inputs, and retain the browser-scoped integration coverage without baking in base_url path details. Made-with: Cursor
Replace the handwritten browser-scoped Go service façade with deterministic generated bindings derived from the generated browser service graph, and enforce regeneration in lint. Made-with: Cursor
Show the browser-scoped HTTPClient flow explicitly so the /curl/raw-backed public API is discoverable from a runnable Go example. Made-with: Cursor
Route browser subresources and raw HTTP through the shared browser route cache so the SDK no longer needs the generated browser-scoped client surface. Made-with: Cursor
Drop the extra cache priming helper, remove metro wording, and rename the example so the go diff stays focused on direct-to-VM routing. Made-with: Cursor
Rename the browser routing allowlist field to Subresources so the direct-to-VM configuration is shorter and easier to read. Made-with: Cursor
Rename the handwritten routing helpers to browserrouting, fix the shared-cache and RawPath issues, and revert the generated/module churn that should not stay in the PR. Made-with: Cursor
Drop the superseded lib/browserscope files now that the renamed browserrouting package owns the direct-to-VM helpers. Made-with: Cursor
|
Firetiger deploy monitoring skipped This PR didn't match the auto-monitor filter configured on your GitHub connection:
Reason: This is an automated release PR for a Go SDK with only internal bootstrap script changes, not a kernel API or Temporal workflow modification. To monitor this PR anyway, reply with |
|
🧪 Testing To try out this version of the SDK: Expires at: Sun, 24 May 2026 21:16:16 GMT |
Stop exposing browser routing rollout controls on the client constructor and derive direct-to-VM subresource routing from KERNEL_BROWSER_ROUTING_SUBRESOURCES instead, defaulting to curl while keeping raw HTTP helpers cache-backed.
Return request config errors from Browsers.HTTPClient instead of silently falling back to the default client, so invalid options do not drop custom HTTP behavior without notice. Add a regression test for the failure path. Made-with: Cursor
stainless-app
Bot
force-pushed
the
release-please--branches--main--changes--next
branch
from
696014d to
391bb8d
Compare
stainless-app
Bot
force-pushed
the
release-please--branches--main--changes--next
branch
from
391bb8d to
9abcc23
Compare
Centralize browser route cache warm-up and eviction in the shared routing middleware so browser service methods can stay generic while direct-to-VM routing still learns browser base URLs from API responses. Made-with: Cursor
Reject subresource paths when detecting browser metadata responses and unify the post-response cache sync path so routing middleware does not carry dead duplicate logic. Made-with: Cursor
Process cache sniffing before successful browser delete eviction so delete responses that include browser metadata cannot reinsert stale route entries. Add a regression test for JSON delete responses. Made-with: Cursor
Warm the direct VM route cache from browser pool acquire responses and evict released sessions by sniffing the pool release request body in middleware. Made-with: Cursor
feat: add direct-to-vm browser routing
stainless-app
Bot
force-pushed
the
release-please--branches--main--changes--next
branch
from
9abcc23 to
01bdd6a
Compare
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 01bdd6a. Configure here.
|
|
||
| func isJSONResponse(header http.Header) bool { | ||
| mediaType, _, _ := mime.ParseMediaType(header.Get("Content-Type")) | ||
| return strings.Contains(mediaType, "application/json") || strings.HasSuffix(mediaType, "+json") |
There was a problem hiding this comment.
Overly broad JSON content-type matching via Contains
Low Severity
isJSONResponse uses strings.Contains(mediaType, "application/json") instead of equality. This matches non-JSON media types like application/jsonl (JSON Lines) or application/json-seq whose bodies aren't valid single JSON values. While the json.Unmarshal failure is handled gracefully (returns nil, body restored), mediaType == "application/json" would be more precise — the HasSuffix("+json") check already covers structured JSON subtypes like application/vnd.api+json.
Reviewed by Cursor Bugbot for commit 01bdd6a. Configure here.
1 participant
Automated Release PR
0.51.0 (2026-04-24)
Full Changelog: v0.50.0...v0.51.0
Features
Bug Fixes
Chores
Documentation
Refactors
This pull request is managed by Stainless's GitHub App.
The semver version number is based on included commit messages. Alternatively, you can manually set the version number in the title of this pull request.
For a better experience, it is recommended to use either rebase-merge or squash-merge when merging this pull request.
🔗 Stainless website
📚 Read the docs
🙋 Reach out for help or questions
Note
Medium Risk
Adds new browser direct-to-VM routing middleware and a browser-scoped
http.Client, which changes how certain/browsers/{id}/...requests are rewritten and authenticated; mistakes could break browser subresource calls or route caching/eviction.Overview
Bumps the SDK version to
0.51.0(manifest,internal/version.go, README pin, changelog, and OpenAPI spec metadata).Adds browser-scoped routing support: a new
lib/browserroutingpackage with a route cache, JWT extraction,/curl/rawtunnelingRoundTripper, and a middleware that rewrites allowlisted/browsers/{session}/<subresource>/...requests to the browser VM using cachedbase_url/jwt, while warming/evicting cache entries based on successful browser and browser-pool responses.Extends the public client surface by initializing and exposing
Client.BrowserRouteCache, addingBrowserService.HTTPClient(sessionID)for raw browser-egress HTTP via/curl/raw, and addingbrowser_session_idtoManagedAuthresponses; includes new unit + integration tests and an example for browser routing, plus a small bootstrap script robustness tweak (SKIP_BREWenv handling).Reviewed by Cursor Bugbot for commit 01bdd6a. Bugbot is set up for automated code reviews on this repo. Configure here.