Skip to content

Release 0.14.2#2899

Merged
seratch merged 1 commit intomainfrom
release/v0.14.2
Apr 18, 2026
Merged

Release 0.14.2#2899
seratch merged 1 commit intomainfrom
release/v0.14.2

Conversation

@github-actions
Copy link
Copy Markdown
Contributor

@github-actions github-actions bot commented Apr 15, 2026
edited
Loading

Release readiness review (v0.14.1 -> TARGET c68f062)

This is a release readiness report done by $final-release-review skill.

Diff

v0.14.1...c68f062

Release call:

🟢 GREEN LIGHT TO SHIP No concrete release-blocking regression or compatibility break is evidenced in v0.14.1...c68f062d70be5ffaa7054f34b229d9d4a51b989a.

Scope summary:

  • 109 files changed (+7376/-4367); key areas touched: sandbox runtime/path confinement (src/agents/sandbox/**, tests/sandbox/**), run-loop/tool metadata persistence (src/agents/run_internal/**, src/agents/items.py, src/agents/run_state.py, tests/test_tool_origin.py), new MongoDB memory backend (src/agents/extensions/memory/mongodb_session.py, tests/extensions/memory/test_mongodb_session.py), model/provider fixes (src/agents/models/openai_chatcompletions.py, src/agents/extensions/models/litellm_model.py), docs/translations, and version bump to 0.14.2.

Risk assessment (ordered by impact):

  1. Sandbox path-grant confinement changes are broad and security-sensitive

    • Risk: 🟡 MODERATE. A defect here could allow unintended read/write access outside intended workspace roots.
    • Evidence: Core path validation and remote realpath checks were refactored across src/agents/sandbox/workspace_paths.py, src/agents/sandbox/session/base_sandbox_session.py, and src/agents/sandbox/sandboxes/unix_local.py, including new extra grant semantics and write-deny handling (WorkspaceArchiveWriteError paths, new helper exit-code handling).
    • Files: src/agents/sandbox/workspace_paths.py, src/agents/sandbox/session/base_sandbox_session.py, src/agents/sandbox/sandboxes/unix_local.py, tests/sandbox/test_workspace_paths.py, tests/sandbox/test_runtime.py, tests/sandbox/test_docker.py
    • Action: Run targeted confinement regression checks: uv run pytest -q tests/sandbox/test_workspace_paths.py tests/sandbox/test_runtime.py tests/sandbox/test_docker.py -k "extra_path_grant or validate_remote_path_access or normalize_path"; pass criteria: all selected tests pass with no new permission-escape failures.

  2. Run-item/tool-origin persistence touched streaming, approvals, and state serialization

    • Risk: 🟢 LOW. Potential impact is metadata consistency rather than core execution flow, and dedicated coverage was added.
    • Evidence: New ToolOrigin/ToolOriginType wired through model response processing, approvals, generated items, and RunState serialization/deserialization; explicit tests added including legacy schema roundtrip behavior.
    • Files: src/agents/tool.py, src/agents/items.py, src/agents/run_internal/tool_execution.py, src/agents/run_internal/turn_resolution.py, src/agents/run_state.py, tests/test_tool_origin.py
    • Action: Validate metadata/compat behavior: uv run pytest -q tests/test_tool_origin.py tests/test_cancel_streaming.py tests/test_items_helpers.py; pass criteria: all tests pass, especially legacy schema and streamed exception assertions.

  3. Temporal sandbox example now depends on upstream temporalio plugin instead of vendored patch

    • Risk: 🟢 LOW. This is example-scope, but example startup can fail if environment/plugin availability diverges.
    • Evidence: Vendored plugin files were deleted and patch step removed; dependency bumped to temporalio==1.26.0; example imports now assume temporalio.contrib.openai_agents is present.
    • Files: examples/sandbox/extensions/temporal/_vendored_plugin/* (deleted), examples/sandbox/extensions/temporal/justfile, examples/sandbox/extensions/temporal/temporal_sandbox_agent.py, pyproject.toml
    • Action: Run example import/startup smoke test in Temporal extra env: uv run --extra temporal --extra daytona --extra e2b --extra docker python examples/sandbox/extensions/temporal/temporal_sandbox_agent.py --help; pass criteria: command exits successfully without import errors.

Notes:

  • BASE tag was selected from local tags only as requested: v0.14.1.
  • TARGET used current HEAD: c68f062d70be5ffaa7054f34b229d9d4a51b989a.
  • Working tree is clean (git status --short produced no output).
  • Assumption: standard CI verification stack for this commit is authoritative; this report is diff-based risk analysis.

@github-actions github-actions bot added this to the 0.14.x milestone Apr 15, 2026
@github-actions github-actions bot force-pushed the release/v0.14.2 branch 12 times, most recently from e57368a to 6e690ad Compare April 17, 2026 23:39
@seratch seratch merged commit e80d2d2 into main Apr 18, 2026
@seratch seratch deleted the release/v0.14.2 branch April 18, 2026 00:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

project

Projects

None yet

Milestone

0.14.x

Development

Successfully merging this pull request may close these issues.

1 participant

@seratch