Skip to content

v2.40.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 08 Jun 16:21
· 26 commits to main since this release
v2.40.0
38e2fec

v2.40.0 - org control plane (nested), email handoff, step-up errors, loopback login

Public SDK/CLI/MCP cascade for the org-owned control plane (part of #444), built on the v1.77/1.78 gateway.

Org control plane - nested + invites + audit

  • SDK: r.org.members.{list,add,setRole,revoke}, r.org.invites.{list,create,revoke}, r.org.audit() (plus r.org.whoami / r.org.list). The flat org.addMember/removeMember/... surface is reshaped into grouped sub-resources that scale as the org surface grows. Pre-launch, no migration.
  • CLI: run402 org member list|add|role|rm, run402 org invite list|create|rm, run402 org audit.
  • MCP: member tools repointed onto the nested SDK.

Project handoff by email

  • run402 transfer init --to <wallet|email> routes by recipient kind; adds run402 transfer claim and --handoff / --handoffs on cancel / preview / list.
  • SDK: r.admin.transfers.{initiateHandoff,listIncomingHandoffs,previewHandoff,claimHandoff,cancelHandoff}.

Step-up auth error

  • StepUpRequiredError (403 STEP_UP_REQUIRED) with typed requiredAmr / maxAgeSeconds / challengeUrl / reason and the canonical next_actions[]; isStepUpRequired() guard. Coexists with NotAuthorizedError.

Operator write-login (loopback-PKCE)

  • run402 operator login --loopback / --step-up: an aws-sso-style browser passkey ceremony (RFC 8252 loopback) that mints a write-capable control-plane session, cached 0600. SDK: r.operator.{buildCliAuthorizeUrl,exchangeCliToken}.

Lockstep release of run402-mcp, run402, and @run402/sdk at 2.40.0 (OIDC Trusted Publisher, with provenance).

Assets 2
Loading