Conversation
Bind browser subresource calls to a browser session's base_url and expose raw HTTP through fetch so metro-routed access feels like normal JavaScript networking. Made-with: Cursor
Fail fast when browser-scoped clients do not have a session base_url, route subresource calls through the browser session base directly, and clean up browser-vm wording. Made-with: Cursor
Fail fast when browser-scoped clients are missing a browser session base_url, route subresource calls through the session base consistently, and keep lint output clean. Made-with: Cursor
Replace the handwritten Node browser-scoped façade with deterministic generated bindings from the browser resource graph, and enforce regeneration during lint and build. Made-with: Cursor
Route direct-to-VM browser requests through the shared client cache so the SDK no longer needs the generated browser session wrapper layer. Made-with: Cursor
Trim the node browser routing changes down to the cache/interceptor shape from PR #100 and remove the leftover browser-scoped example and priming surface. Made-with: Cursor
Shorten the browserRouting allowlist field to subresources so the direct-to-VM configuration reads more cleanly without changing behavior. Made-with: Cursor
Keep the node browser-routing example showing both direct subresource routing and the cache-backed /curl/raw path. Made-with: Cursor
Bring back the cache-backed browser fetch helper so raw HTTP stays on the SDK's language-native surface instead of falling through to manual /curl/raw requests. Made-with: Cursor
Remove the unnecessary generated resource and dependency diffs from the node branch and keep BrowserRouteCache.set() as a direct assignment without trimming user input. Made-with: Cursor
Tighten the browser routing files to the repo's formatter expectations so the node CI lint job passes cleanly again. Made-with: Cursor
Split browser.fetch into its own helper, remove unused browser transport code, and simplify withOptions cache sharing so the routing layer stays easier to reason about. Made-with: Cursor
|
Firetiger deploy monitoring skipped This PR didn't match the auto-monitor filter configured on your GitHub connection:
Reason: This is an automated release PR with only internal chores; it does not modify API endpoints (packages/api/cmd/api/) or Temporal workflows (packages/api/lib/temporal). To monitor this PR anyway, reply with |
|
🧪 Testing To try out this version of the SDK: Expires at: Sun, 24 May 2026 21:15:41 GMT |
Remove the public browser routing constructor knobs and read direct-to-VM subresource rollout from KERNEL_BROWSER_ROUTING_SUBRESOURCES instead, defaulting to curl while leaving browser.fetch cache-backed.
Keep the routing wrapper from stripping runtime-specific fetch init options when requests fall through or route directly to the VM, and share the browser fetch helpers so routed methods stay type-safe and covered by regression tests. Made-with: Cursor
stainless-app
Bot
force-pushed
the
release-please--branches--main--changes--next--components--sdk
branch
from
e66387d to
b96b5e6
Compare
stainless-app
Bot
force-pushed
the
release-please--branches--main--changes--next--components--sdk
branch
from
b96b5e6 to
db820d1
Compare
Only parse cloned JSON responses for browser metadata endpoints so unrelated API calls don't pay the route cache warm-up cost, and cover the regression with a focused routing fetch test. Made-with: Cursor
Drop cached browser routing entries after successful DELETE /browsers/:id responses so stale base URLs are not reused, and cover both the success and failure paths in the routing tests. Made-with: Cursor
Restore the generated internal types file so browser routing changes stay in custom code only. Move joinURL into lib and keep browser.fetch limited to the SDK's existing HTTPMethod union. Made-with: Cursor
Restore src/internal/types.ts byte-for-byte to the generated base version. This drops the file from the PR so browser routing changes stay out of generated code. Made-with: Cursor
Warm the browser route cache from browser pool acquire responses and evict released sessions after successful pool releases. Keep this behavior in the routing middleware so generated resource methods stay untouched. Made-with: Cursor
feat: add browser routing cache
stainless-app
Bot
force-pushed
the
release-please--branches--main--changes--next--components--sdk
branch
from
db820d1 to
2b2e3ca
Compare
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 2b2e3ca. Configure here.
| const apiOrigin = new URL(apiBaseURL).origin; | ||
|
|
||
| return async (input, init) => { | ||
| const request = new Request(input, init); |
There was a problem hiding this comment.
Routing fetch locks ReadableStream bodies before forwarding
Medium Severity
createRoutingFetch eagerly constructs new Request(input, init) on every call, which locks any ReadableStream body from init. For non-routed requests (most API calls), the original init with its now-locked body stream is then passed to innerFetch, causing a TypeError. For routed requests, requestBodyForFetch prefers originalInit.body (the locked stream) over request.body, producing the same failure. Any SDK method whose body passes through buildBody as a ReadableStream or async iterator will break.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 2b2e3ca. Configure here.
1 participant
Automated Release PR
0.51.0 (2026-04-24)
Full Changelog: v0.50.0...v0.51.0
Features
Bug Fixes
Chores
Documentation
Refactors
This pull request is managed by Stainless's GitHub App.
The semver version number is based on included commit messages. Alternatively, you can manually set the version number in the title of this pull request.
For a better experience, it is recommended to use either rebase-merge or squash-merge when merging this pull request.
🔗 Stainless website
📚 Read the docs
🙋 Reach out for help or questions
Note
Medium Risk
Introduces a new browser subresource routing layer that rewrites certain
/browsers/{id}/...requests to the browser VMbase_urlusing cached JWTs, which could impact request behavior/auth headers and routing in production. Changes are well-covered by new unit tests but touch the core clientfetchpath.Overview
Bumps the SDK version to
0.51.0(manifest/package/version/changelog) and updates the tracked OpenAPI spec metadata.Adds browser-scoped routing via a shared
BrowserRouteCachewired into the client’sfetch, which auto-populates from browser create/list and pool acquire responses, conditionally reroutes allowlisted/browsers/{sessionId}/{subresource}calls to the browser VMbase_urlwithjwt, and evicts cache entries on successful browser delete or pool release (configurable viaKERNEL_BROWSER_ROUTING_SUBRESOURCES).Introduces a new
browsers.fetch()helper (browserFetch) that issues raw HTTP via the browser VM network stack (/curl/raw) using the cached route, exports the new routing/fetch types fromsrc/index.ts, adds an example, and adds comprehensive tests for routing, cache behavior, and option preservation; also slightly hardensscripts/bootstraphandling ofSKIP_BREW.Reviewed by Cursor Bugbot for commit 2b2e3ca. Bugbot is set up for automated code reviews on this repo. Configure here.