release: 0.36.1

[stainless-app]

Automated Release PR

0.36.1 (2026-04-22)

Full Changelog: v0.36.0...v0.36.1

Chores

• update SDK settings (597e2c0)
• update SDK settings (b4e0424)

---

This pull request is managed by Stainless's GitHub App.

The semver version number is based on included commit messages. Alternatively, you can manually set the version number in the title of this pull request.

For a better experience, it is recommended to use either rebase-merge or squash-merge when merging this pull request.

🔗 Stainless website
📚 Read the docs
🙋 Reach out for help or questions

[canaries-inc]

🐤 Canary Summary

This is an automated release PR with no UI/UX changes:

• Version bump from 0.36.0 to 0.36.1 across all package files
• CI/CD infrastructure updates: removed OIDC support, simplified NPM authentication
• Release tooling and workflow configuration changes
• No user-facing features, components, or UI modifications

---

---

View PR tests on Canary

[canaries-inc]

🐤 Canary Proposed Tests

No testable user journeys found for this PR.

[entelligence-ai-pr-reviews]

---

Confidence Score: 5/5 - Safe to Merge

Safe to merge — this is a release PR for version 0.36.1 that generated no review comments and has no identified issues across the heuristic analysis. The PR appears to be a standard version bump release with zero critical, significant, or medium-severity concerns flagged. No pre-existing unresolved issues were found, and the automated review produced no substantive feedback.

Key Findings:

• Zero review comments were generated by the automated analysis, indicating no detectable logic bugs, security issues, or correctness problems in the reviewed files.
• Heuristic analysis found no critical issues (score >= 8.0), no significant issues (score >= 6.0), and no medium issues, placing this at the maximum allowed heuristic ceiling of 5/5.
• This is a release versioning PR (0.36.1), which typically involves changelog updates, version string bumps, and minor housekeeping — low-risk changes by nature.
• 4 out of 13 changed files were reviewed with no findings, consistent with a clean release preparation commit.

[stainless-app]

🧪 Testing

To try out this version of the SDK:

npm install 'https://pkg.stainless.com/s/hyperspell-typescript/597e2c01ec271e6f7054a03b475968ce5e19af31/dist.tar.gz'

Expires at: Fri, 22 May 2026 19:30:19 GMT
Updated at: Wed, 22 Apr 2026 19:30:19 GMT

[stainless-app]

🤖 Release is at https://github.com/hyperspell/node-sdk/releases/tag/v0.36.1 🌻

[entelligence-ai-pr-reviews]

EntelligenceAI PR Summary

Renames the npm package from hyperspell to the scoped @hyperspell/hyperspell and releases version 0.36.1 across the entire repository.

• Updates package.json name, version, and CLI binary entry (hyperspell-hyperspell)
• Migrates npm publish authentication from OIDC to NPM_TOKEN-based secrets in CI workflows
• Renames MCP server identifier and bundle artifact from hyperspell_api to hyperspell_hyperspell_api
• Updates all TypeScript imports, path aliases (tsconfig.json, tsconfig.build.json), Jest module mappers, and ESLint rules to the scoped package name
• Replaces all documentation references (README, CONTRIBUTING, MIGRATION) with the new scoped package name and updated CLI binary name
• Updates MCP server Docker copy path, build scripts, and internal source imports to @hyperspell/hyperspell
• Adds NPM_TOKEN presence validation to the pre-release environment check script

---

Confidence Score: 4/5 - Mostly Safe

Safe to merge — this PR is a well-scoped package rename and version bump from hyperspell to @hyperspell/hyperspell (v0.36.1) with consistent updates across package.json, tsconfig.json, CI workflows, and MCP server identifiers. The changes are largely mechanical and low-risk: renaming import paths, updating the CLI binary entry to hyperspell-hyperspell, swapping OIDC-based npm publish auth for NPM_TOKEN secrets, and renaming the bundle artifact from hyperspell_api to hyperspell_hyperspell_api. No logic bugs or security issues were identified in the reviewed files, though only 19 of 58 changed files were covered by automated review, leaving some surface area unverified.

Key Findings:

• The migration from OIDC-based npm publish authentication to NPM_TOKEN secrets in CI workflows is a legitimate and common pattern, but introduces a dependency on the secret being correctly provisioned in the repository — if NPM_TOKEN is missing or expired, publish will fail silently or with an unhelpful error rather than the more auditable OIDC flow.
• The rename of the MCP server identifier and bundle artifact from hyperspell_api to hyperspell_hyperspell_api is internally consistent across the reviewed files, reducing the risk of runtime registration mismatches.
• The CLI binary entry rename to hyperspell-hyperspell in package.json could be a UX regression for existing users who have hyperspell in their PATH or scripts — this is an intentional breaking change but worth confirming is documented in a changelog or migration guide.
• Coverage of 19/58 changed files means roughly two-thirds of the diff was not statically reviewed; for a rename refactor this size, there is low but non-zero risk of a missed import alias or path reference causing a build or runtime failure.

Files requiring special attention

• package.json
• .github/workflows/publish.yml
• tsconfig.json
• src/mcp/server.ts