release: 0.53.0

.release-please-manifest.json

@@ -1,3 +1,3 @@
 {
-  ".": "0.52.0"
+  ".": "0.53.0"
 }

.stats.yml

@@ -1,4 +1,4 @@
 configured_endpoints: 112
-openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/kernel%2Fkernel-4ce09d1a7546ab36f578cb27d819187eeb90c580b11834c7ff7a375aa22f9a20.yml
-openapi_spec_hash: 1043ab2d699f6c828680c3352cd4cece
+openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/kernel/kernel-64dac369ae935b0318cd611e1735d45359a663eb55cf43fbb8b09e9dd814d7a2.yml
+openapi_spec_hash: cc0c6a4e716977df4b9eab5f4658d41b
 config_hash: 08d55086449943a8fec212b870061a3f

CHANGELOG.md

@@ -1,5 +1,29 @@
 # Changelog
 
+## 0.53.0 (2026-05-12)
+
+Full Changelog: [v0.52.0...v0.53.0](https://github.com/kernel/kernel-go-sdk/compare/v0.52.0...v0.53.0)
+
+### Features
+
+* Add 'switch' MFA option type for generic method-switcher links ([b6c0d17](https://github.com/kernel/kernel-go-sdk/commit/b6c0d174ffaf8f5a0788f8c16a2fded6b56add76))
+* Add opt-in record_session flag to managed auth ([5673b41](https://github.com/kernel/kernel-go-sdk/commit/5673b41f0cc5d6233dbaf9875bc20b84b7cc7762))
+* **api:** server-side search on GET /projects ([81a050d](https://github.com/kernel/kernel-go-sdk/commit/81a050d64651caf4fefc58ce25a13c65ffe05bea))
+* browser_pools: add start_url config (KERNEL-1217 PR 2) ([b2c8f95](https://github.com/kernel/kernel-go-sdk/commit/b2c8f951ddde27daf1285b78a1ce6a7fc01d74ef))
+* managed-auth: surface awaiting_external_action even when fallback actions exist ([c1a9ba4](https://github.com/kernel/kernel-go-sdk/commit/c1a9ba4038b690875a5c8c5198d20671e27acec4))
+* Scope name uniqueness to project for profiles, session_pools, extensions, credentials ([be3c6bd](https://github.com/kernel/kernel-go-sdk/commit/be3c6bd46f8826cf5d17523bb1aa79c77d9a8d39))
+
+
+### Bug Fixes
+
+* **go:** avoid panic when http.DefaultTransport is wrapped ([15e7a88](https://github.com/kernel/kernel-go-sdk/commit/15e7a8860af570cb968ed0153742c86af85c9909))
+
+
+### Chores
+
+* avoid embedding reflect.Type for dead code elimination ([c267709](https://github.com/kernel/kernel-go-sdk/commit/c2677092b3f611e3470f5b6730f32fe896e2d688))
+* redact api-key headers in debug logs ([405d242](https://github.com/kernel/kernel-go-sdk/commit/405d242dd4564cb133cc036b7693169df2537e3b))
+
 ## 0.52.0 (2026-04-29)
 
 Full Changelog: [v0.51.0...v0.52.0](https://github.com/kernel/kernel-go-sdk/compare/v0.51.0...v0.52.0)

README.md

@@ -28,7 +28,7 @@ Or to pin the version:
 <!-- x-release-please-start-version -->
 
 ```sh
-go get -u 'github.com/kernel/kernel-go-sdk@v0.52.0'
+go get -u 'github.com/kernel/kernel-go-sdk@v0.53.0'
 ```
 
 <!-- x-release-please-end -->

authconnection.go

@@ -221,6 +221,9 @@ type ManagedAuth struct {
 	Domain string `json:"domain" api:"required"`
 	// Name of the profile associated with this auth connection
 	ProfileName string `json:"profile_name" api:"required"`
+	// Whether browser sessions for this connection are recorded by default for
+	// debugging. Can be overridden per-login.
+	RecordSession bool `json:"record_session" api:"required"`
 	// Whether credentials are saved after every successful login. One-time codes
 	// (TOTP, SMS, etc.) are not saved.
 	SaveCredentials bool `json:"save_credentials" api:"required"`
@@ -261,7 +264,8 @@ type ManagedAuth struct {
 	// - { provider, path } for external provider item
 	// - { provider, auto: true } for external provider domain lookup
 	Credential ManagedAuthCredential `json:"credential"`
-	// Fields awaiting input (present when flow_step=awaiting_input)
+	// Fields awaiting input (present when flow_step=awaiting_input; may also be
+	// present with awaiting_external_action as fallback actions)
 	DiscoveredFields []ManagedAuthDiscoveredField `json:"discovered_fields" api:"nullable"`
 	// Machine-readable error code (present when flow_status=failed)
 	ErrorCode string `json:"error_code" api:"nullable"`
@@ -312,17 +316,19 @@ type ManagedAuth struct {
 	LiveViewURL string `json:"live_view_url" api:"nullable" format:"uri"`
 	// Optional login page URL to skip discovery
 	LoginURL string `json:"login_url" format:"uri"`
-	// MFA method options (present when flow_step=awaiting_input and MFA selection
-	// required)
+	// MFA method options (present when flow_step=awaiting_input; may also be present
+	// with awaiting_external_action as fallback actions)
 	MfaOptions []ManagedAuthMfaOption `json:"mfa_options" api:"nullable"`
-	// SSO buttons available (present when flow_step=awaiting_input)
+	// SSO buttons available (present when flow_step=awaiting_input; may also be
+	// present with awaiting_external_action as fallback actions)
 	PendingSSOButtons []ManagedAuthPendingSSOButton `json:"pending_sso_buttons" api:"nullable"`
 	// URL where the browser landed after successful login
 	PostLoginURL string `json:"post_login_url" format:"uri"`
 	// ID of the proxy associated with this connection, if any.
 	ProxyID string `json:"proxy_id"`
 	// Non-MFA choices presented during the auth flow, such as account selection or org
-	// pickers (present when flow_step=awaiting_input).
+	// pickers (present when flow_step=awaiting_input; may also be present with
+	// awaiting_external_action as fallback actions).
 	SignInOptions []ManagedAuthSignInOption `json:"sign_in_options" api:"nullable"`
 	// SSO provider being used (e.g., google, github, microsoft)
 	SSOProvider string `json:"sso_provider" api:"nullable"`
@@ -334,6 +340,7 @@ type ManagedAuth struct {
 		ID                    respjson.Field
 		Domain                respjson.Field
 		ProfileName           respjson.Field
+		RecordSession         respjson.Field
 		SaveCredentials       respjson.Field
 		Status                respjson.Field
 		AllowedDomains        respjson.Field
@@ -430,7 +437,7 @@ type ManagedAuthDiscoveredField struct {
 	// If this field is associated with an MFA option, the type of that option (e.g.,
 	// password field linked to "Enter password" option)
 	//
-	// Any of "sms", "call", "email", "totp", "push", "password".
+	// Any of "sms", "call", "email", "totp", "push", "password", "switch".
 	LinkedMfaType string `json:"linked_mfa_type" api:"nullable"`
 	// Field placeholder
 	Placeholder string `json:"placeholder"`
@@ -491,9 +498,11 @@ const (
 type ManagedAuthMfaOption struct {
 	// The visible option text
 	Label string `json:"label" api:"required"`
-	// The MFA delivery method type (includes password for auth method selection pages)
+	// The MFA delivery method type. Includes 'password' for auth method selection
+	// pages and 'switch' for generic method-switcher links like "Use another method"
+	// that do not name a specific method.
 	//
-	// Any of "sms", "call", "email", "totp", "push", "password".
+	// Any of "sms", "call", "email", "totp", "push", "password", "switch".
 	Type string `json:"type" api:"required"`
 	// Additional instructions from the site
 	Description string `json:"description" api:"nullable"`
@@ -582,6 +591,9 @@ type ManagedAuthCreateRequestParam struct {
 	HealthCheckInterval param.Opt[int64] `json:"health_check_interval,omitzero"`
 	// Optional login page URL to skip discovery
 	LoginURL param.Opt[string] `json:"login_url,omitzero" format:"uri"`
+	// Whether to record browser sessions for this connection by default. Useful for
+	// debugging. Can be overridden per-login. Defaults to false.
+	RecordSession param.Opt[bool] `json:"record_session,omitzero"`
 	// Whether to save credentials after every successful login. Defaults to true.
 	// One-time codes (TOTP, SMS, etc.) are not saved.
 	SaveCredentials param.Opt[bool] `json:"save_credentials,omitzero"`
@@ -672,6 +684,8 @@ type ManagedAuthUpdateRequestParam struct {
 	HealthCheckInterval param.Opt[int64] `json:"health_check_interval,omitzero"`
 	// Login page URL. Set to empty string to clear.
 	LoginURL param.Opt[string] `json:"login_url,omitzero" format:"uri"`
+	// Whether to record browser sessions for this connection by default
+	RecordSession param.Opt[bool] `json:"record_session,omitzero"`
 	// Whether to save credentials after every successful login
 	SaveCredentials param.Opt[bool] `json:"save_credentials,omitzero"`
 	// Additional domains valid for this auth flow (replaces existing list)
@@ -915,7 +929,8 @@ type AuthConnectionFollowResponseManagedAuthState struct {
 	FlowStep string `json:"flow_step" api:"required"`
 	// Time the state was reported.
 	Timestamp time.Time `json:"timestamp" api:"required" format:"date-time"`
-	// Fields awaiting input (present when flow_step=AWAITING_INPUT).
+	// Fields awaiting input (present when flow_step=AWAITING_INPUT; may also be
+	// present with AWAITING_EXTERNAL_ACTION as fallback actions).
 	DiscoveredFields []AuthConnectionFollowResponseManagedAuthStateDiscoveredField `json:"discovered_fields"`
 	// Machine-readable error code (present when flow_status=FAILED).
 	ErrorCode string `json:"error_code"`
@@ -932,15 +947,17 @@ type AuthConnectionFollowResponseManagedAuthState struct {
 	HostedURL string `json:"hosted_url" format:"uri"`
 	// Browser live view URL for debugging.
 	LiveViewURL string `json:"live_view_url" format:"uri"`
-	// MFA method options (present when flow_step=AWAITING_INPUT and MFA selection
-	// required).
+	// MFA method options (present when flow_step=AWAITING_INPUT; may also be present
+	// with AWAITING_EXTERNAL_ACTION as fallback actions).
 	MfaOptions []AuthConnectionFollowResponseManagedAuthStateMfaOption `json:"mfa_options"`
-	// SSO buttons available (present when flow_step=AWAITING_INPUT).
+	// SSO buttons available (present when flow_step=AWAITING_INPUT; may also be
+	// present with AWAITING_EXTERNAL_ACTION as fallback actions).
 	PendingSSOButtons []AuthConnectionFollowResponseManagedAuthStatePendingSSOButton `json:"pending_sso_buttons"`
 	// URL where the browser landed after successful login.
 	PostLoginURL string `json:"post_login_url" format:"uri"`
 	// Non-MFA choices presented during the auth flow, such as account selection or org
-	// pickers (present when flow_step=AWAITING_INPUT).
+	// pickers (present when flow_step=AWAITING_INPUT; may also be present with
+	// AWAITING_EXTERNAL_ACTION as fallback actions).
 	SignInOptions []AuthConnectionFollowResponseManagedAuthStateSignInOption `json:"sign_in_options"`
 	// Visible error message from the website (e.g., 'Incorrect password'). Present
 	// when the website displays an error during login.
@@ -992,7 +1009,7 @@ type AuthConnectionFollowResponseManagedAuthStateDiscoveredField struct {
 	// If this field is associated with an MFA option, the type of that option (e.g.,
 	// password field linked to "Enter password" option)
 	//
-	// Any of "sms", "call", "email", "totp", "push", "password".
+	// Any of "sms", "call", "email", "totp", "push", "password", "switch".
 	LinkedMfaType string `json:"linked_mfa_type" api:"nullable"`
 	// Field placeholder
 	Placeholder string `json:"placeholder"`
@@ -1025,9 +1042,11 @@ func (r *AuthConnectionFollowResponseManagedAuthStateDiscoveredField) UnmarshalJ
 type AuthConnectionFollowResponseManagedAuthStateMfaOption struct {
 	// The visible option text
 	Label string `json:"label" api:"required"`
-	// The MFA delivery method type (includes password for auth method selection pages)
+	// The MFA delivery method type. Includes 'password' for auth method selection
+	// pages and 'switch' for generic method-switcher links like "Use another method"
+	// that do not name a specific method.
 	//
-	// Any of "sms", "call", "email", "totp", "push", "password".
+	// Any of "sms", "call", "email", "totp", "push", "password", "switch".
 	Type string `json:"type" api:"required"`
 	// Additional instructions from the site
 	Description string `json:"description" api:"nullable"`
@@ -1149,6 +1168,9 @@ func (r AuthConnectionListParams) URLQuery() (v url.Values, err error) {
 }
 
 type AuthConnectionLoginParams struct {
+	// Override the connection's default for recording this login's browser session.
+	// When omitted, the connection's record_session default is used.
+	RecordSession param.Opt[bool] `json:"record_session,omitzero"`
 	// Proxy selection. Provide either id or name. The proxy must belong to the
 	// caller's org.
 	Proxy AuthConnectionLoginParamsProxy `json:"proxy,omitzero"`

authconnection_test.go

@@ -43,6 +43,7 @@ func TestAuthConnectionNewWithOptionalParams(t *testing.T) {
 				ID:   kernel.String("id"),
 				Name: kernel.String("name"),
 			},
+			RecordSession:   kernel.Bool(false),
 			SaveCredentials: kernel.Bool(true),
 		},
 	})
@@ -109,6 +110,7 @@ func TestAuthConnectionUpdateWithOptionalParams(t *testing.T) {
 					ID:   kernel.String("id"),
 					Name: kernel.String("name"),
 				},
+				RecordSession:   kernel.Bool(false),
 				SaveCredentials: kernel.Bool(true),
 			},
 		},
@@ -194,6 +196,7 @@ func TestAuthConnectionLoginWithOptionalParams(t *testing.T) {
 				ID:   kernel.String("id"),
 				Name: kernel.String("name"),
 			},
+			RecordSession: kernel.Bool(true),
 		},
 	)
 	if err != nil {

browser.go

@@ -328,6 +328,9 @@ type BrowserNewResponse struct {
 	Profile Profile `json:"profile"`
 	// ID of the proxy associated with this browser session, if any.
 	ProxyID string `json:"proxy_id"`
+	// URL the session was asked to navigate to on creation, if any. Recorded for
+	// debugging — navigation is best-effort and may have failed.
+	StartURL string `json:"start_url"`
 	// Session usage metrics.
 	Usage BrowserUsage `json:"usage"`
 	// Initial browser window size in pixels with optional refresh rate. If omitted,
@@ -361,6 +364,7 @@ type BrowserNewResponse struct {
 		Pool               respjson.Field
 		Profile            respjson.Field
 		ProxyID            respjson.Field
+		StartURL           respjson.Field
 		Usage              respjson.Field
 		Viewport           respjson.Field
 		ExtraFields        map[string]respjson.Field
@@ -411,6 +415,9 @@ type BrowserGetResponse struct {
 	Profile Profile `json:"profile"`
 	// ID of the proxy associated with this browser session, if any.
 	ProxyID string `json:"proxy_id"`
+	// URL the session was asked to navigate to on creation, if any. Recorded for
+	// debugging — navigation is best-effort and may have failed.
+	StartURL string `json:"start_url"`
 	// Session usage metrics.
 	Usage BrowserUsage `json:"usage"`
 	// Initial browser window size in pixels with optional refresh rate. If omitted,
@@ -444,6 +451,7 @@ type BrowserGetResponse struct {
 		Pool               respjson.Field
 		Profile            respjson.Field
 		ProxyID            respjson.Field
+		StartURL           respjson.Field
 		Usage              respjson.Field
 		Viewport           respjson.Field
 		ExtraFields        map[string]respjson.Field
@@ -494,6 +502,9 @@ type BrowserUpdateResponse struct {
 	Profile Profile `json:"profile"`
 	// ID of the proxy associated with this browser session, if any.
 	ProxyID string `json:"proxy_id"`
+	// URL the session was asked to navigate to on creation, if any. Recorded for
+	// debugging — navigation is best-effort and may have failed.
+	StartURL string `json:"start_url"`
 	// Session usage metrics.
 	Usage BrowserUsage `json:"usage"`
 	// Initial browser window size in pixels with optional refresh rate. If omitted,
@@ -527,6 +538,7 @@ type BrowserUpdateResponse struct {
 		Pool               respjson.Field
 		Profile            respjson.Field
 		ProxyID            respjson.Field
+		StartURL           respjson.Field
 		Usage              respjson.Field
 		Viewport           respjson.Field
 		ExtraFields        map[string]respjson.Field
@@ -577,6 +589,9 @@ type BrowserListResponse struct {
 	Profile Profile `json:"profile"`
 	// ID of the proxy associated with this browser session, if any.
 	ProxyID string `json:"proxy_id"`
+	// URL the session was asked to navigate to on creation, if any. Recorded for
+	// debugging — navigation is best-effort and may have failed.
+	StartURL string `json:"start_url"`
 	// Session usage metrics.
 	Usage BrowserUsage `json:"usage"`
 	// Initial browser window size in pixels with optional refresh rate. If omitted,
@@ -610,6 +625,7 @@ type BrowserListResponse struct {
 		Pool               respjson.Field
 		Profile            respjson.Field
 		ProxyID            respjson.Field
+		StartURL           respjson.Field
 		Usage              respjson.Field
 		Viewport           respjson.Field
 		ExtraFields        map[string]respjson.Field
@@ -665,6 +681,12 @@ type BrowserNewParams struct {
 	// Optional proxy to associate to the browser session. Must reference a proxy
 	// belonging to the caller's org.
 	ProxyID param.Opt[string] `json:"proxy_id,omitzero"`
+	// Optional URL to navigate to immediately after the browser is created.
+	// Best-effort: failures to navigate do not fail browser creation. Any pre-existing
+	// tabs are reduced to a single tab which is then navigated. Accepts any URL
+	// Chromium can resolve, including chrome:// pages. Ignored when reusing an
+	// existing persistent session.
+	StartURL param.Opt[string] `json:"start_url,omitzero"`
 	// If true, launches the browser in stealth mode to reduce detection by anti-bot
 	// mechanisms.
 	Stealth param.Opt[bool] `json:"stealth,omitzero"`

browser_test.go

@@ -47,6 +47,7 @@ func TestBrowserNewWithOptionalParams(t *testing.T) {
 			SaveChanges: kernel.Bool(true),
 		},
 		ProxyID:        kernel.String("proxy_id"),
+		StartURL:       kernel.String("https://example.com"),
 		Stealth:        kernel.Bool(true),
 		TimeoutSeconds: kernel.Int(10),
 		Viewport: shared.BrowserViewportParam{