Skip to content

v0.13.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 20 May 11:45
· 54 commits to develop since this release
v0.13.0
3090be6

Highlights

A small maintenance release on top of v0.12.0, focused on adapter robustness and durability fixes for the new ZenML 0.94.4 baseline. The headline new capability is OpenAI Agents adapter context passthrough: KitaruRunner.run(...) and run_sync(...) now accept a context= argument that the SDK forwards to tools and guardrails, with context identity baked into checkpoint cache keys so two runs with the same visible tool args but different request context can no longer share a cached tool result.

This release also tightens several rough edges across the adapter family: result identity after checkpoint load is now stable across OpenAI Agents, Claude Agent SDK, and LangGraph runners; adapter-created granular checkpoints no longer get misread as the flow's return value; and a class of safety-related local-server cleanup behaviors (PID-only SIGKILL fallback, silent inspection failures, post-login environment leaks) is corrected.

Added

  • OpenAI Agents context passthroughKitaruRunner.run(...) / run_sync(...) now accept a context= argument, forwarded to the OpenAI Agents SDK and folded into runner/tool checkpoint cache keys. An explicit context_cache_identity= projection hook lets callers reduce rich request context down to stable cache fields. Context-derived cache identity also covers tool calls resumed from interrupted RunState, so an approved tool call after a HITL resume cannot reuse a stale same-args/different-context cache entry. (#345)
  • OpenAI Agents guardrail observability in checkpoint_strategy="calls" — tool calls blocked by a tool-input guardrail before the tool body runs are now recorded as tool_call events with guardrail metadata, without creating a tool checkpoint or persisting rejected arguments. OpenAICapturePolicy.save_input=False redacts guardrail rejection text; save_interruption_payloads=False omits raw interruption argument previews. (#345)
  • PEP 561 typing marker — Built wheels now include kitaru/py.typed, so downstream type checkers pick up Kitaru's public type information. (#343)

Changed

  • Bumped the minimum ZenML dependency, server image, and Helm subchart versions to 0.94.4 so Kitaru tracks the latest upstream ZenML release. (#344)
  • kitaru logout now resets persisted store state and clears credentials before attempting best-effort local-daemon shutdown — a failed daemon stop no longer leaves the CLI pointed at a broken remote connection. (#343)
  • kitaru secrets list now uses a stable backend page size before applying CLI pagination, so output ordering is deterministic across runs. (#343)

Fixed

  • Adapter-created granular checkpoints are no longer treated as flow-return candidates, so flow.run(...).wait() / .get() returns the user's final checkpoint result when adapters also produced model/tool checkpoints. (#355)
  • Kitaru-owned request constructors now reject checkpoint output handles with guidance to call .load() instead of surfacing generic Pydantic string validation errors. (#353)
  • Adapter result identity after checkpoint load is stable for OpenAI Agents, Claude Agent SDK, and LangGraph runners — results restored from a synthetic checkpoint are rebuilt as the canonical local result class, so isinstance(result, OpenAIRunResult) (and the Claude/LangGraph equivalents) no longer fails when the loaded payload came from an alternate import path. (#354)
  • PydanticAI direct sync tool-body kp.wait_for_input(...) calls work under ZenML 0.94.4 via an explicit allow_sync_tool_body_waits=True opt-in, keeping tool_checkpoint_config_by_name={"tool": False} as checkpoint-only configuration. (#351)
  • Kitaru flow returns are compatible with ZenML 0.94.4 dynamic-pipeline output validation again: plain flow returns are persisted as internal artifacts while preserving user-facing Python return values, and marker-shaped user dictionaries are no longer mistaken for hidden tuple metadata. (#344)
  • Local-server cleanup's PID-only SIGKILL fallback is replaced with a "warn and continue" path, so a recycled PID can no longer cause kitaru clean global/all to kill an unrelated process. Inspection failures now surface as unknown (inspection failed: ...) instead of being silently treated as "no local server". (#343)
  • The caller's process environment is restored exactly after kitaru login startup attempts, even when local-daemon deployment or connection fails partway through. (#343)
  • Removed stale references to the deprecated native memory surface from the docs site, agent-native guides, and comparison pages. (#342)

Full Changelog: v0.12.0...v0.13.0

Assets 6
Loading