Skip to content

release: 0.116.1#1729

Open
stainless-app[bot] wants to merge 7 commits into
mainfrom
release-please--branches--main--changes--next
Open

release: 0.116.1#1729
stainless-app[bot] wants to merge 7 commits into
mainfrom
release-please--branches--main--changes--next

Conversation

@stainless-app

@stainless-app stainless-app Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Automated Release PR

0.116.1 (2026-07-09)

Full Changelog: v0.116.0...v0.116.1

Bug Fixes

  • credentials: keep credential material out of traceback frame locals via SecretStr (aa93a4d)

Chores

  • docs: small updates to field descriptions (75d8dcc)
  • docs: update model example (a57e30a)
  • docs: updates to descriptions and examples (e1535b6)

This pull request is managed by Stainless's GitHub App.

The semver version number is based on included commit messages. Alternatively, you can manually set the version number in the title of this pull request.

For a better experience, it is recommended to use either rebase-merge or squash-merge when merging this pull request.

🔗 Stainless website
📚 Read the docs
🙋 Reach out for help or questions

@stainless-app stainless-app Bot requested a review from a team as a code owner July 2, 2026 20:27
@stainless-app

stainless-app Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

🧪 Testing

To try out this version of the SDK:

pip install 'https://pkg.stainless.com/s/anthropic-python/a57e30ac1bafb54387bf631be2081bfdb3782911/anthropic-0.116.0-py3-none-any.whl'

Expires at: Sat, 08 Aug 2026 19:16:47 GMT
Updated at: Thu, 09 Jul 2026 19:16:47 GMT

@stainless-app stainless-app Bot force-pushed the release-please--branches--main--changes--next branch from 5d80aad to 4af97c0 Compare July 6, 2026 20:36
@stainless-app stainless-app Bot force-pushed the release-please--branches--main--changes--next branch from 4af97c0 to 0ae74b6 Compare July 8, 2026 17:11
@stainless-app stainless-app Bot force-pushed the release-please--branches--main--changes--next branch from 0ae74b6 to 861317a Compare July 8, 2026 19:40
* Block ask-gated session tool calls until user confirmation

SessionToolRunner executed every agent.tool_use event on arrival, ignoring
evaluated_permission — so a tool configured with the always_ask permission
policy ran before (or without) the user's approval.

The runner now routes tool-call events through a confirmation gate:

- evaluated_permission == "ask": the call is held until the matching
  user.tool_confirmation event arrives. Only an explicit "allow" releases it
  to the dispatch loop; "deny" resolves it without executing the tool.
- evaluated_permission == "deny": never executed, even if a stray allow
  verdict exists for the id.
- The gate fails closed against values newer than this SDK's types: an
  unrecognised permission is held like "ask" and an unrecognised verdict is
  treated as a denial — never dispatched.
- Denied calls post no result event (the denial itself resolves the call
  server-side) but are still yielded with the new
  DispatchedToolCall.confirmation == "deny" so callers can observe them;
  ask-then-allowed calls carry confirmation == "allow".

Confirmations are honored from both the live stream and the reconcile pass,
so a verdict posted while the runner was disconnected still releases (or
resolves) the held call. Reconcile's idle accounting treats denied calls as
resolved — a denied call never gets a result event, and previously would have
kept the end-turn idle countdown disarmed forever — and a held call keeps the
runner alive until its verdict arrives.

* fixes from claude review

* address review feedback on confirmation gating

- track held and in-flight gated calls on the idle clock (hold/release with a
  deferred arm) so a deny that resolves the last held call after an end_turn
  idle resumes the countdown instead of hanging the runner, and so the
  countdown never runs over gated work that is still dispatching
- thread the releasing verdict through the dispatch queue so the yielded
  confirmation is the verdict that actually released the call
- read evaluated_permission via getattr so the gate stays fail-closed if the
  field ever appears on custom tool calls
- skip re-recording verdicts for answered calls during reconcile and document
  that _confirmations grows like _seen/_answered
- share a _surface_call helper for the two result-stream send sites
- document the stray-deny fail-closed behavior and add regression tests
@stainless-app stainless-app Bot force-pushed the release-please--branches--main--changes--next branch from 861317a to f6b2475 Compare July 9, 2026 17:22
@stainless-app stainless-app Bot force-pushed the release-please--branches--main--changes--next branch from f6b2475 to b69490c Compare July 9, 2026 19:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants