release: 0.32.0

.github/workflows/publish-npm.yml

@@ -12,6 +12,9 @@ jobs:
   publish:
     name: publish
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
 
     steps:
       - uses: actions/checkout@v6
@@ -28,5 +31,3 @@ jobs:
       - name: Publish to NPM
         run: |
           bash ./bin/publish-npm
-        env:
-          NPM_TOKEN: ${{ secrets.KERNEL_NPM_TOKEN || secrets.NPM_TOKEN }}

.github/workflows/release-doctor.yml

@@ -17,6 +17,4 @@ jobs:
       - name: Check release environment
         run: |
           bash ./bin/check-release-environment
-        env:
-          NPM_TOKEN: ${{ secrets.KERNEL_NPM_TOKEN || secrets.NPM_TOKEN }}
 

.release-please-manifest.json

@@ -1,3 +1,3 @@
 {
-  ".": "0.31.2"
+  ".": "0.32.0"
 }

.stats.yml

@@ -1,4 +1,4 @@
 configured_endpoints: 108
-openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/kernel%2Fkernel-3fbe762c99e8a120c426ac22bc1fa257c9127d631b12a38a6440a37f52935543.yml
-openapi_spec_hash: 5a190df210ed90b20a71c5061ff43917
-config_hash: 38c9b3b355025daf9bb643040e4af94e
+openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/kernel%2Fkernel-f967d3024897a6125d5d18c4577dbb2cc22d742d487e6a43165198685f992379.yml
+openapi_spec_hash: e1c40ef0aee3a79168eb9cc854a9e403
+config_hash: 3b1fbbb6bda0dac7e8b42e155cd7da56

CHANGELOG.md

@@ -1,5 +1,18 @@
 # Changelog
 
+## 0.32.0 (2026-02-07)
+
+Full Changelog: [v0.31.2...v0.32.0](https://github.com/kernel/kernel-node-sdk/compare/v0.31.2...v0.32.0)
+
+### Features
+
+* **auth:** add reauth circuit breaker logic ([917dc3d](https://github.com/kernel/kernel-node-sdk/commit/917dc3d4ed691b16b969fb4f723d45dc0324d896))
+
+
+### Chores
+
+* switch npm publish to OIDC auth in stainless config ([403d222](https://github.com/kernel/kernel-node-sdk/commit/403d2223481c5217fa5cd126c41b2182b0a23f4a))
+
 ## 0.31.2 (2026-02-06)
 
 Full Changelog: [v0.31.1...v0.31.2](https://github.com/kernel/kernel-node-sdk/compare/v0.31.1...v0.31.2)

bin/check-release-environment

@@ -2,10 +2,6 @@
 
 errors=()
 
-if [ -z "${NPM_TOKEN}" ]; then
-  errors+=("The NPM_TOKEN secret has not been set. Please set it in either this repository's secrets or your organization secrets")
-fi
-
 lenErrors=${#errors[@]}
 
 if [[ lenErrors -gt 0 ]]; then

bin/publish-npm

@@ -2,7 +2,12 @@
 
 set -eux
 
-npm config set '//registry.npmjs.org/:_authToken' "$NPM_TOKEN"
+if [[ ${NPM_TOKEN:-} ]]; then
+  npm config set '//registry.npmjs.org/:_authToken' "$NPM_TOKEN"
+elif [[ ! ${ACTIONS_ID_TOKEN_REQUEST_TOKEN:-} ]]; then
+  echo "ERROR: NPM_TOKEN must be set if not running in a Github Action with id-token permission"
+  exit 1
+fi
 
 yarn build
 cd dist
@@ -57,5 +62,9 @@ else
   TAG="latest"
 fi
 
+# Install OIDC compatible npm version
+npm install --prefix ../oidc/ npm@11.6.2
+
 # Publish with the appropriate tag
-yarn publish --tag "$TAG"
+export npm_config_registry='https://registry.npmjs.org'
+../oidc/node_modules/.bin/npm publish --tag "$TAG"

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@onkernel/sdk",
-  "version": "0.31.2",
+  "version": "0.32.0",
   "description": "The official TypeScript library for the Kernel API",
   "author": "Kernel <>",
   "types": "dist/index.d.ts",

src/resources/agents/auth/auth.ts

@@ -271,6 +271,11 @@ export interface AuthAgent {
    */
   can_reauth?: boolean;
 
+  /**
+   * Reason why automatic re-authentication is or is not possible
+   */
+  can_reauth_reason?: string;
+
   /**
    * Reference to credentials for managed auth. Use one of:
    *

src/resources/auth/connections.ts

@@ -241,6 +241,11 @@ export interface ManagedAuth {
    */
   can_reauth?: boolean;
 
+  /**
+   * Reason why automatic re-authentication is or is not possible
+   */
+  can_reauth_reason?: string;
+
   /**
    * Reference to credentials for managed auth. Use one of:
    *

src/version.ts

@@ -1 +1 @@
-export const VERSION = '0.31.2'; // x-release-please-version
+export const VERSION = '0.32.0'; // x-release-please-version