chore(deps): bump bundled agents to latest#925
Open
dohooo wants to merge 4 commits into
Open
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub. 1 Skipped Deployment
|
13d2bd2 to
e9b035d
Compare
Bump Claude Code + claude-agent-sdk (lockstep) to 2.1.206/0.3.206 and Codex to 0.144.1. Cursor and OpenCode already current; Kimi bump deferred (release-asset SHA256 unreachable from the automation sandbox). Claude-Session: https://claude.ai/code/session_013f2wz3YAhNjd23SmiVbuTF
e9b035d to
f4591b1
Compare
Bump Claude Code + agent-sdk to 2.1.207 / 0.3.207 (lockstep), keep Codex at 0.144.1. Cursor and OpenCode already current; Kimi deferred (release assets unreachable from this sandbox). Claude-Session: https://claude.ai/code/session_0162xeT9LJzy5GLPpqA5eMoQ
Bump @openai/codex 0.144.1 -> 0.144.2 (latest). All local gates pass. Claude-Session: https://claude.ai/code/session_01RbxSjuRC9v2JQUqFGCs5BQ
Bump @openai/codex 0.144.2 → 0.144.3 (latest npm dist-tag). Claude Code (2.1.207) and claude-agent-sdk (0.3.207) already at latest and lockstep-matched. CODEX_SHA256 arm64 + x64 computed from npm tarballs. Claude-Session: https://claude.ai/code/session_01Kp1XoKpKigunzjYRBZcgQP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automated daily bundled-agent vendor bump. Only the in-scope bundled agent providers are touched (Claude Code + agent-sdk lockstep, Codex, Cursor SDK, OpenCode, Kimi); supporting tools (gh/glab/cloudflared/llama.cpp/node) are excluded.
Long-lived PR on the fixed
automation/bump-bundled-vendorsbranch. Updated 2026-07-13: Codex advanced further upstream (0.144.2 → 0.144.3) since the last push, so the newer bump was applied on top to keep the bundle at latest.Version changes (vs
main)@anthropic-ai/claude-agent-sdk@anthropic-ai/claude-code@openai/codex@cursor/sdk@opencode-ai/sdk+opencode-aiMoonshotAI/kimi-code)Claude lockstep ✅
@anthropic-ai/claude-agent-sdk@0.3.207resolvesclaudeCodeVersion: "2.1.207"— SDK↔CLI patch matched.CLAUDE_CODE_SHA256["2.1.207"]present (arm64 + x64). Both already at the latest npmlatestdist-tag.Codex 0.144.3
CODEX_SHA256["0.144.3"]added (arm64 + x64), computed straight from the npm tarballs vianpm_vendor_sha.sh. The superseded uncommitted0.144.2key was replaced for a clean single-version diff. Codex is a patch bump within0.144.x—codex-package.jsonlayoutVersionunchanged (still1), so nostage-vendor.tslayout change needed.Kimi deferred (needs an environment with GitHub-release access)
Kimi is a class-C GitHub-release binary whose SHA256 must be sourced from its release assets on
MoonshotAI/kimi-code. A newer Kimi is available upstream, but this cloud sandbox's egress is scoped todohooo/helmoronly —api.github.com/repos/MoonshotAI/kimi-code/...returns 403 (re-verified this run), so the newer asset SHAs cannot be computed or verified here. Pinning a guessed SHA would hard-fail the build gate, so Kimi is intentionally left at 0.21.0. Bump it from an environment with access to the kimi release assets (check the ACP protocol version when doing so; Kimi releases are typically TUI/web-only and low-value).Breaking-change assessment
All bumps are additive same-line patch deltas.
bun run typecheck— the SDK export/type-break detector — passed, so no removed/renamed SDK exports. Rust pipeline fixtures (stdout event-shape contract) replay green → assessed no impact. CodexlayoutVersionunchanged (1).Local verification gates (codex 0.144.3 revision)
bun installclaudeCodeVersion: 2.1.207verifiedbun run typecheckbun testcargo test --test pipeline_scenarios --test pipeline_fixtures --test pipeline_streamsnpm_vendor_sha.shThe heavy
bun run build(full staging + SHA256 verification + cross-arch) was not run locally — nostage-vendor.tslayout change, and SHAs were computed straight from the npm tarballs. CI re-runs the full build, which is the gate that exercises SHA256 verification + cross-arch staging.Changeset
.changeset/bump-bundled-agents.md— single, in-placehelmorpatch naming the bundled Claude Code and Codex agents brought to latest. No in-app announcement (routine maintenance).🤖 Automated daily bundled-vendor bump.