🧪 Testing

To try out this version of the SDK:

npm install 'https://pkg.stainless.com/s/hyperspell-typescript/74743e38189fcce572490e5ad3d0700209836db5/dist.tar.gz'

Expires at: Sat, 09 May 2026 10:51:36 GMT
Updated at: Thu, 09 Apr 2026 10:51:36 GMT

Canary encountered an internal error while analyzing this PR.

Confidence Score: 5/5 - Safe to Merge

• No new review comments were generated, indicating the PR appears clean to the automated review.
• No critical, significant, or high-risk issues were identified in the heuristic analysis.
• 8 out of 11 changed files were reviewed with zero issues flagged across all severity levels.
• No existing unresolved comments remain, suggesting previous concerns have been addressed.

Confidence Score: 5/5 - Safe to Merge

• No new review comments were generated, indicating the PR appears clean from an automated review perspective.
• No critical, significant, or high-risk issues were identified in the heuristic analysis.
• 8 out of 11 changed files were reviewed with no issues found, providing reasonable coverage confidence.
• No existing unresolved comments that could indicate lingering concerns.

Confidence Score: 5/5 - Safe to Merge

• No new review comments were generated, indicating the PR appears clean from an automated review perspective.
• No critical, significant, or high-risk issues were identified in the heuristic analysis.
• 15 out of 18 changed files were reviewed, providing good coverage with no issues found.
• No existing unresolved comments that would block merging.

Confidence Score: 5/5 - Safe to Merge

• No critical or significant issues found
• 15/18 changed files reviewed (83% coverage)

Confidence Score: 5/5 - Safe to Merge

• No critical or significant issues found
• 15/18 changed files reviewed (83% coverage)

Confidence Score: 5/5 - Safe to Merge

• No new review comments were generated, indicating the PR is clean from an automated review perspective.
• No critical, significant, or high-risk issues were identified in the heuristic analysis.
• 15 out of 18 changed files were reviewed with zero issues flagged, providing good coverage confidence.
• No existing unresolved comments carry over from previous reviews that would block merging.

Release version edited manually

The Pull Request version has been manually set to 0.35.1 and will be used for the release.

If you instead want to use the version number 0.36.0 generated from conventional commits, just remove the label autorelease: custom version from this Pull Request.

Confidence Score: 5/5 - Safe to Merge

• No critical or significant issues found
• 15/19 changed files reviewed (79% coverage)

Confidence Score: 5/5 - Safe to Merge

• No critical or significant issues found
• 16/20 changed files reviewed (80% coverage)

Confidence Score: 5/5 - Safe to Merge

• No critical or significant issues found
• 16/20 changed files reviewed (80% coverage)

Confidence Score: 5/5 - Safe to Merge

• No critical or significant issues found
• 16/20 changed files reviewed (80% coverage)

Confidence Score: 5/5 - Safe to Merge

• No new review comments were generated, indicating the PR is clean with no identified issues.
• No existing unresolved comments to consider, meaning there are no lingering concerns from previous reviews.
• 16 out of 21 changed files were reviewed with no issues found, providing good coverage confidence.
• Heuristic analysis shows zero critical, significant, high-risk, or medium issues detected.

Confidence Score: 5/5 - Safe to Merge

• No new review comments were generated, indicating the PR appears clean from an automated review perspective.
• No critical, significant, or high-risk issues were identified in the heuristic analysis.
• Coverage of 16/21 changed files is reasonable, and no unresolved existing comments are blocking the merge.
• The absence of any flagged issues across all severity levels supports a safe-to-merge assessment.

Confidence Score: 1/5 - Blocking Issues

Not safe to merge — code-tool-worker.ts executes user-supplied code from the request body directly via eval/dynamic execution with no sandboxing, representing a critical remote code execution vulnerability that gives any caller full access to the process environment and credentials. Compounding this, the globalThis.console mutation in the same file creates a confirmed race condition under concurrent requests where log lines and error lines will bleed across requests, a bug flagged repeatedly in at least eight prior unresolved review comments that have gone unaddressed. The PR does deliver meaningful value — expanding gmail_actions support across multiple type files and introducing LocalDocsSearch for offline MCP documentation — but the security and correctness issues in code-tool-worker.ts, plus the static import fs from 'fs/promises' in instructions.ts that will crash module initialization in Deno/edge runtimes, make this unsafe to ship.

Key Findings:

• Arbitrary code execution risk in code-tool-worker.ts: the code parameter from req.json() is executed without sandboxing, allowing any caller to run arbitrary code with full access to the worker process, environment variables, and network — a critical security vulnerability.
• Race condition in globalThis.console mutation (lines 270-278 of code-tool-worker.ts): concurrent async requests will overwrite each other's console interceptor, causing log_lines/err_lines to capture output from the wrong request; this exact bug has been raised in at least 8 previous unresolved review comments and remains unfixed.
• Static top-level import fs from 'fs/promises' in instructions.ts will cause module initialization failure in non-Node.js runtimes (Deno, Cloudflare Workers), silently breaking those environments at startup — inconsistent with the deliberate dynamic await import('node:fs') pattern already used in code-tool.ts.
• McpOptions object returned in options.ts (lines 179-185) is missing several properties (stainlessApiKey, codeAllowHttpGets, codeAllowedMethods, etc.) defined in the McpOptions type, a pre-existing unresolved correctness issue that could cause silent misconfiguration.

Confidence Score: 1/5 - Blocking Issues

Not safe to merge — this PR introduces critical security and correctness issues that must be resolved before merging. The code-tool-worker.ts file executes user-supplied code from req.json() without any sandboxing, allowing arbitrary code execution by any caller who can reach the endpoint; this is a severe remote code execution vulnerability. Additionally, globalThis.console mutation in the same file creates a well-documented race condition under concurrent requests where log lines will bleed between requests and finally restores will corrupt state, and this issue has been flagged in no fewer than eight previous unresolved review comments with zero remediation. The memories.ts change narrowing file from Uploadable to string is a breaking API regression that will silently corrupt multipart uploads for callers passing File, Blob, Buffer, or ReadableStream objects.

Key Findings:

• In code-tool-worker.ts, the code field from req.json() is passed directly to tseval with no input validation, sandboxing, or allowlisting — an attacker with network access to this worker endpoint can execute arbitrary code in the worker process, constituting a critical RCE vulnerability.
• The globalThis.console mutation pattern in code-tool-worker.ts (lines 270-278) is fundamentally unsafe for async concurrent handlers: two overlapping requests will cross-contaminate each other's log_lines arrays and the finally block's restore will set console to the wrong captured object — this has been flagged in 8 separate previous review comments and remains entirely unaddressed.
• The file parameter type change in src/resources/memories.ts from Uploadable (which includes File, Blob, Buffer, ReadableStream) to string is a breaking change that will cause multipart form uploads to be sent as raw string bodies, silently producing malformed requests rather than failing loudly.
• A pre-existing and still-open concern in packages/mcp-server/src/instructions.ts uses a static top-level import fs from 'fs/promises' which will crash module initialization in Deno or Cloudflare Workers environments, and packages/mcp-server/src/options.ts returns an McpOptions object missing several required properties (stainlessApiKey, codeAllowHttpGets, codeAllowedMethods), both of which remain unresolved from prior reviews.

Confidence Score: 1/5 - Blocking Issues

Not safe to merge — this PR has multiple critical, unresolved correctness bugs that have been flagged repeatedly across prior reviews without being addressed. In code-tool-worker.ts, the use of Buffer as a global will throw ReferenceError: Buffer is not defined in Deno environments (the intended runtime), and the mutation of globalThis.console creates a well-documented race condition where concurrent requests will bleed log lines into each other's log_lines/err_lines arrays. Additionally, the type change of file from Uploadable to string in src/resources/memories.ts is a breaking API change that will silently break callers passing File, Blob, or Buffer objects despite the underlying multipartFormRequestOptions call still expecting binary data. While the PR's goals — MCP local search, session tracking, and Gmail Actions support — are valuable, the core runtime and API correctness issues make this unsafe to ship.

Key Findings:

• Buffer.from(code) in code-tool-worker.ts is used as a Node.js global in what is clearly a Deno/edge runtime context (evidenced by export default { fetch }, node: import prefixes, and Deno-specific stack trace parsing in parseError); this will throw a ReferenceError at runtime and has been flagged in at least 5 separate prior review comments without resolution.
• The globalThis.console mutation pattern in code-tool-worker.ts (lines 270-278) is not concurrency-safe: two overlapping async requests will overwrite each other's console interceptor, causing log output to be attributed to the wrong request — this has been flagged in at least 6 prior review comments and remains unaddressed.
• Changing memories.ts upload's file parameter from Uploadable to string is a breaking type change — existing callers passing File, Blob, Buffer, or ReadableStream will get TypeScript errors, and the method still calls multipartFormRequestOptions which is designed for actual binary uploads, creating a semantic mismatch.
• In packages/mcp-server/src/instructions.ts, a static top-level import fs from 'fs/promises' will cause module initialization failure in non-Node.js runtimes at load time (not just at call time), and in packages/mcp-server/src/options.ts the returned McpOptions object is missing properties like stainlessApiKey, codeAllowHttpGets, and codeAllowedMethods that are defined in the type — both pre-existing issues that remain open.

Confidence Score: 1/5 - Blocking Issues

Not safe to merge — this PR introduces multiple critical correctness issues that remain unresolved across 18 prior review comments and are confirmed again in the current review. Specifically, the mutation of globalThis.console in code-tool-worker.ts creates a well-documented race condition under concurrent requests where one request's finally block can permanently install another request's capturing function as the global console, leaking log lines across requests. Additionally, local-docs-search.ts will throw an unhandled "query is empty" exception from MiniSearch.search('') when an empty string is passed, with no guard in place. While the PR meaningfully expands the Gmail Actions integration and adds the effort parameter to MemorySearchParams, these runtime-crashing bugs and the unresolved security concern about unsandboxed code execution via tseval in code-tool-worker.ts make this unsafe to ship.

Key Findings:

• The globalThis.console mutation pattern in code-tool-worker.ts (lines 270-278) is a confirmed race condition: concurrent async requests will interleave such that Request B captures Request A's patched console as originalConsole, and when B's finally block restores it, A's interceptor becomes the permanent global — this bug has appeared in 12 separate unresolved review comments and is flagged again at score 8.5 in the current review.
• In local-docs-search.ts, this.methodIndex.search(query) and this.proseIndex.search(query) are called without any empty-string guard; MiniSearch throws a runtime "query is empty" error for this input, meaning any caller that passes an empty query string will receive an unhandled exception rather than an empty result set.
• The code-tool-worker.ts file uses Buffer as a global (e.g., Buffer.from(code)), but multiple unresolved comments note that Buffer is not available as a global in Deno environments (evidenced by the export default { fetch } edge-worker pattern and Deno-specific stack trace parsing), meaning this will throw ReferenceError: Buffer is not defined at runtime in the intended deployment environment.
• The options.ts McpOptions return object is missing several properties from defaultOptions (stainlessApiKey, codeAllowHttpGets, codeAllowedMethods, etc.), and instructions.ts uses a static top-level import fs from 'fs/promises' that will cause module initialization failure in non-Node runtimes — both flagged as unresolved correctness issues in prior reviews.

Confidence Score: 2/5 - Changes Needed

Not safe to merge — packages/mcp-server/src/code-tool-worker.ts contains a well-documented and repeatedly flagged concurrency bug where globalThis.console is mutated directly in the async fetch handler, meaning overlapping requests will corrupt each other's captured log streams and leave the global console in an undefined state after the finally block runs. Beyond the concurrency hazard, multiple unresolved reviews flag that user-supplied code from req.json() is executed via tseval without sandboxing (arbitrary code execution risk), Buffer is used as a global in what appears to be a Deno runtime context where it isn't available, and instructions.ts uses a static import fs from 'fs/promises' that will crash module initialization in non-Node runtimes. The PR delivers real value in the mock-server migration, local-docs-search, and Gmail Actions support, but the recurring unresolved correctness issues in the MCP server worker — particularly the security concern around unsandboxed code execution and the concurrency race on globalThis.console — make this unsafe to merge in its current state.

Key Findings:

• In code-tool-worker.ts, globalThis.console is replaced inside each async fetch handler with no mutex or AsyncLocalStorage isolation; concurrent requests will race to overwrite each other's interceptor, routing log lines to the wrong request's arrays and leaving globalThis.console pointing to a partially-restored object after the finally block runs.
• User-controlled code from req.json() is passed directly to tseval() with no sandboxing beyond a proxy; an attacker who can reach this endpoint gains arbitrary code execution in the server process — a critical security concern flagged repeatedly in prior reviews that remains unaddressed.
• Buffer.from(code) is called as a global in code-tool-worker.ts, but the file's export default { fetch } pattern and Deno-specific stack-trace parsing strongly indicate a Deno runtime, where Buffer is not globally available, meaning this will throw ReferenceError at runtime.
• In instructions.ts, the static top-level import fs from 'fs/promises' will cause the module to fail to initialize in Deno or edge runtimes at load time, not merely at call time — a regression risk given the MCP server's stated multi-runtime target.

Confidence Score: 1/5 - Blocking Issues

Not safe to merge — the code-tool-worker.ts file has a critical, unresolved race condition where globalThis.console is mutated in an async fetch handler, meaning concurrent requests will corrupt each other's log capture and finally blocks will restore the wrong original console, silently losing output or mixing logs between requests. Beyond this correctness bug, a persistent security concern about executing unsanitized user-supplied code directly via tseval without sandboxing represents an arbitrary code execution vector for any caller that can reach the endpoint. Additionally, Buffer is used as a global in what appears to be a Deno runtime context (evidenced by export default { fetch } pattern and Deno-specific stack trace parsing), which will throw ReferenceError: Buffer is not defined at runtime. While the PR's additions — Gmail Actions support, effort parameter for MemorySearchParams, LocalDocsSearch via MiniSearch, and Prism-to-Steady mock server migration — are valuable, the unresolved critical issues in code-tool-worker.ts and instructions.ts block safe merging.

Key Findings:

• The globalThis.console mutation pattern in code-tool-worker.ts (lines 270-278) is fundamentally unsafe for concurrent async requests: Request B overwrites the patched console before Request A's finally restores it, causing Request A to restore Request B's interceptor and leaving the global console in an inconsistent state — this has been flagged in at least 10 prior unresolved review comments and remains unfixed.
• The tseval invocation in code-tool-worker.ts executes user-supplied code from req.json() with no sandboxing beyond a proxy, constituting an arbitrary code execution vulnerability — any authenticated caller can run arbitrary server-side code, flagged multiple times in prior reviews with no resolution.
• Buffer.from(code) is used as a bare global in code-tool-worker.ts, but the runtime is Deno (indicated by export default { fetch } pattern and Deno-specific V8 stack parsing), where Buffer is not available globally without explicit Node.js compat mode, causing a ReferenceError at runtime.
• In instructions.ts, a static top-level import fs from 'fs/promises' will cause module initialization failure in non-Node.js runtimes at load time (not just when the code path is exercised), and options.ts returns an McpOptions object missing several required properties (stainlessApiKey, codeAllowHttpGets, codeAllowedMethods) that are defined in the type, risking undefined access errors downstream.

Confidence Score: 1/5 - Blocking Issues

Not safe to merge — this PR introduces a critical race condition in packages/mcp-server/src/code-tool-worker.ts where globalThis.console is mutated inside an async fetch handler, meaning two concurrent requests will corrupt each other's console capture (Request B overwrites A's patched console, and A's finally block restores B's override, causing log loss or cross-request mixing). Additionally, Buffer.from(code) in the same file uses a Node.js global that is not natively available in Deno environments (evidenced by the Deno-specific stack parsing and export default { fetch } pattern), which will throw a ReferenceError at runtime. The PR does deliver value — Gmail Actions union type additions, the effort parameter for MemorySearchParams, and MCP server enhancements — but these critical unresolved correctness issues in the worker file, compounded by a static import fs from 'fs/promises' in instructions.ts that will crash module initialization in non-Node runtimes, block safe merging.

Key Findings:

• In code-tool-worker.ts, mutating globalThis.console inside an async request handler is not concurrency-safe: concurrent requests will overwrite each other's console interceptor mid-execution, causing log_ and error_ capture arrays to receive interleaved or missing output, and finally blocks may restore the wrong original console — this is a functional correctness bug under any real server load.
• In code-tool-worker.ts, Buffer.from(code) references the Node.js Buffer global which does not exist in Deno environments without explicit compatibility mode — the file's use of export default { fetch }, node:path/node:util imports, and Deno-specific stack trace parsing all indicate a Deno runtime target, making this a ReferenceError crash at runtime.
• In instructions.ts, the static top-level import fs from 'fs/promises' will cause module initialization failure in non-Node.js runtimes (Deno, Cloudflare Workers, edge environments) even when the file-reading code path is never reached — unlike the dynamic import pattern used elsewhere in the codebase.
• The code parameter passed to tseval in code-tool-worker.ts originates directly from the unauthenticated request body with no sandboxing, representing an arbitrary code execution vulnerability if this endpoint is reachable by untrusted callers — a security concern that remains unaddressed across multiple review cycles.

Confidence Score: 1/5 - Blocking Issues

Not safe to merge — packages/mcp-server/src/code-tool-worker.ts contains multiple critical, unresolved correctness and security issues that make this PR blocking. The globalThis.console mutation inside the async fetch handler is a confirmed race condition: concurrent requests will corrupt each other's log routing, and the new review comment confirms that prototype-bound methods like console.warn and console.info won't survive the spread-copy, causing TypeError at runtime. Beyond the concurrency bug, unsandboxed execution of user-supplied code via tseval represents an arbitrary code execution vulnerability, and Buffer usage in what appears to be a Deno runtime will throw ReferenceError on any invocation. While the PR delivers legitimate value (Gmail Actions support, mock server migration from Prism to Steady, new API resource types), the MCP server worker has foundational safety and correctness problems that must be resolved before shipping.

Key Findings:

• In code-tool-worker.ts, spreading {...originalConsole} to capture the console object misses all prototype-inherited methods (warn, info, debug, trace), so any user code or internal call to console.warn() will throw TypeError: console.warn is not a function at runtime — a confirmed high-severity bug introduced or left unresolved in this PR.
• Mutating globalThis.console across await boundaries in an async HTTP handler creates a textbook race condition: when two requests overlap, Request B captures Request A's patched console as its originalConsole, and A's finally block restores B's interceptor, permanently corrupting log routing for the lifetime of the process — 14+ unresolved comments on this exact pattern remain open.
• The code parameter received from req.json() is executed directly via tseval with no sandboxing, allowing any caller who can reach this endpoint to execute arbitrary code in the server process — a critical security vulnerability flagged repeatedly in prior reviews and still unresolved.
• Buffer.from(code) is used as a global in a file that exhibits Deno runtime characteristics (export default { fetch }, Deno stack trace parsing in parseError); Buffer is not a Deno global without explicit Node compatibility mode, meaning this will throw ReferenceError: Buffer is not defined in the intended deployment environment.