release: 0.57.0

.release-please-manifest.json

@@ -1,3 +1,3 @@
 {
-  ".": "0.56.0"
+  ".": "0.57.0"
 }

.stats.yml

@@ -1,4 +1,4 @@
 configured_endpoints: 112
-openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/kernel/kernel-982efd191c23737c9e1cdbcbf9237fa2231b9f74e0a25db2870293bdf9951c21.yml
-openapi_spec_hash: eeb27952a4cc939316c24fc0ce2c9e3a
-config_hash: 08d55086449943a8fec212b870061a3f
+openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/kernel/kernel-e9c99662d29710f105847d461f8919e06f6aa2e43b0e1a6285d0b137643a7907.yml
+openapi_spec_hash: 4415cb4790c7a5ec892f4e3521217cb4
+config_hash: 27b38657d9a3b33328be930eeb319628

CHANGELOG.md

@@ -1,5 +1,18 @@
 # Changelog
 
+## 0.57.0 (2026-05-26)
+
+Full Changelog: [v0.56.0...v0.57.0](https://github.com/kernel/kernel-go-sdk/compare/v0.56.0...v0.57.0)
+
+### Features
+
+* [kernel-1116] browser events api integration ([e0a367b](https://github.com/kernel/kernel-go-sdk/commit/e0a367b4fd596424dc913c9e999831ae1fdc068e))
+* api: dual-route /projects under /org/projects, deprecate /projects ([166c834](https://github.com/kernel/kernel-go-sdk/commit/166c83456a6c1eaf5a28b821383576eacbec3a3a))
+* **api:** type can_reauth_reason as an enum on ManagedAuth ([61f5842](https://github.com/kernel/kernel-go-sdk/commit/61f5842a55a7e846c6cf04f6d2c2dd7df5b40862))
+* browsers: accept chrome_policy on POST /browsers (KERNEL-1216) ([6f29adc](https://github.com/kernel/kernel-go-sdk/commit/6f29adc513752623a3ea761195005f5a50d46e5b))
+* EOL persistent browsers: openapi limits ([b79f2fd](https://github.com/kernel/kernel-go-sdk/commit/b79f2fd415108f84cf99377bd3b4c60e64af1ba3))
+* Support telemetry enabled request config ([ba2ff70](https://github.com/kernel/kernel-go-sdk/commit/ba2ff705279a32f8a3d91ca85696e398923ebe43))
+
 ## 0.56.0 (2026-05-18)
 
 Full Changelog: [v0.55.0...v0.56.0](https://github.com/kernel/kernel-go-sdk/compare/v0.55.0...v0.56.0)

README.md

@@ -28,7 +28,7 @@ Or to pin the version:
 <!-- x-release-please-start-version -->
 
 ```sh
-go get -u 'github.com/kernel/kernel-go-sdk@v0.56.0'
+go get -u 'github.com/kernel/kernel-go-sdk@v0.57.0'
 ```
 
 <!-- x-release-please-end -->

authconnection.go

@@ -261,11 +261,47 @@ type ManagedAuth struct {
 	// in progress). Use this to inspect or terminate the browser session via the
 	// `/browsers` API.
 	BrowserSessionID string `json:"browser_session_id" api:"nullable"`
-	// Whether automatic re-authentication is possible (has credential, selectors, and
-	// login_url)
+	// Whether Kernel can automatically re-authenticate this connection when the
+	// session expires. Requires a prior successful login plus either a Kernel
+	// credential or an external credential reference. See `can_reauth_reason` for the
+	// specific outcome.
 	CanReauth bool `json:"can_reauth"`
-	// Reason why automatic re-authentication is or is not possible
-	CanReauthReason string `json:"can_reauth_reason"`
+	// Machine-readable reason for the current value of `can_reauth`. Affirmative
+	// values (re-auth is possible):
+	//
+	//   - `external_credential` — an external credential provider is attached
+	//   - `cua_has_credential` — CUA flow with a stored credential
+	//   - `has_credential` — Kernel credential is attached (optimistic; plan viability
+	//     not checked)
+	//   - `viable_plans_found` — at least one stored login plan can be replayed
+	//   - `no_requirements_recorded` — no recorded credential requirements to fail
+	//     against
+	//   - `requirements_satisfiable` — recorded requirements can be met by the attached
+	//     credential
+	//
+	// Negative values (a human must complete the login flow):
+	//
+	//   - `no_prior_successful_login` — connection has never completed a successful
+	//     login
+	//   - `no_credential` — no Kernel or external credential attached
+	//   - `no_viable_plans` — credential attached but no replayable login plan exists
+	//     yet
+	//   - `viable_plans_require_external_action` — stored plans need an external step
+	//     (email link, push, etc.)
+	//   - `requires_external_action` — recorded requirements include an external step
+	//   - `requires_totp_without_secret` — flow needs a TOTP code but no TOTP secret is
+	//     stored
+	//   - `requires_sms_code` — flow needs an SMS code that cannot be received
+	//     automatically
+	//   - `requires_email_code` — flow needs an email code that cannot be received
+	//     automatically
+	//
+	// Any of "external_credential", "cua_has_credential", "has_credential",
+	// "viable_plans_found", "no_requirements_recorded", "requirements_satisfiable",
+	// "no_prior_successful_login", "no_credential", "no_viable_plans",
+	// "viable_plans_require_external_action", "requires_external_action",
+	// "requires_totp_without_secret", "requires_sms_code", "requires_email_code".
+	CanReauthReason ManagedAuthCanReauthReason `json:"can_reauth_reason"`
 	// Reference to credentials for the auth connection. Use one of:
 	//
 	// - { name } for Kernel credentials
@@ -404,6 +440,54 @@ const (
 	ManagedAuthStatusNeedsAuth     ManagedAuthStatus = "NEEDS_AUTH"
 )
 
+// Machine-readable reason for the current value of `can_reauth`. Affirmative
+// values (re-auth is possible):
+//
+//   - `external_credential` — an external credential provider is attached
+//   - `cua_has_credential` — CUA flow with a stored credential
+//   - `has_credential` — Kernel credential is attached (optimistic; plan viability
+//     not checked)
+//   - `viable_plans_found` — at least one stored login plan can be replayed
+//   - `no_requirements_recorded` — no recorded credential requirements to fail
+//     against
+//   - `requirements_satisfiable` — recorded requirements can be met by the attached
+//     credential
+//
+// Negative values (a human must complete the login flow):
+//
+//   - `no_prior_successful_login` — connection has never completed a successful
+//     login
+//   - `no_credential` — no Kernel or external credential attached
+//   - `no_viable_plans` — credential attached but no replayable login plan exists
+//     yet
+//   - `viable_plans_require_external_action` — stored plans need an external step
+//     (email link, push, etc.)
+//   - `requires_external_action` — recorded requirements include an external step
+//   - `requires_totp_without_secret` — flow needs a TOTP code but no TOTP secret is
+//     stored
+//   - `requires_sms_code` — flow needs an SMS code that cannot be received
+//     automatically
+//   - `requires_email_code` — flow needs an email code that cannot be received
+//     automatically
+type ManagedAuthCanReauthReason string
+
+const (
+	ManagedAuthCanReauthReasonExternalCredential               ManagedAuthCanReauthReason = "external_credential"
+	ManagedAuthCanReauthReasonCuaHasCredential                 ManagedAuthCanReauthReason = "cua_has_credential"
+	ManagedAuthCanReauthReasonHasCredential                    ManagedAuthCanReauthReason = "has_credential"
+	ManagedAuthCanReauthReasonViablePlansFound                 ManagedAuthCanReauthReason = "viable_plans_found"
+	ManagedAuthCanReauthReasonNoRequirementsRecorded           ManagedAuthCanReauthReason = "no_requirements_recorded"
+	ManagedAuthCanReauthReasonRequirementsSatisfiable          ManagedAuthCanReauthReason = "requirements_satisfiable"
+	ManagedAuthCanReauthReasonNoPriorSuccessfulLogin           ManagedAuthCanReauthReason = "no_prior_successful_login"
+	ManagedAuthCanReauthReasonNoCredential                     ManagedAuthCanReauthReason = "no_credential"
+	ManagedAuthCanReauthReasonNoViablePlans                    ManagedAuthCanReauthReason = "no_viable_plans"
+	ManagedAuthCanReauthReasonViablePlansRequireExternalAction ManagedAuthCanReauthReason = "viable_plans_require_external_action"
+	ManagedAuthCanReauthReasonRequiresExternalAction           ManagedAuthCanReauthReason = "requires_external_action"
+	ManagedAuthCanReauthReasonRequiresTotpWithoutSecret        ManagedAuthCanReauthReason = "requires_totp_without_secret"
+	ManagedAuthCanReauthReasonRequiresSMSCode                  ManagedAuthCanReauthReason = "requires_sms_code"
+	ManagedAuthCanReauthReasonRequiresEmailCode                ManagedAuthCanReauthReason = "requires_email_code"
+)
+
 // Reference to credentials for the auth connection. Use one of:
 //
 // - { name } for Kernel credentials