release: 0.19.0

[stainless-app]

Automated Release PR

0.19.0 (2026-05-01)

Full Changelog: v0.18.0...v0.19.0

Features

• go: add default http client with timeout (4562f58)
• support setting headers via env (3b6d6cd)

Chores

• avoid embedding reflect.Type for dead code elimination (768a2a1)
• internal: more robust bootstrap script (53ef042)

---

This pull request is managed by Stainless's GitHub App.

The semver version number is based on included commit messages. Alternatively, you can manually set the version number in the title of this pull request.

For a better experience, it is recommended to use either rebase-merge or squash-merge when merging this pull request.

🔗 Stainless website
📚 Read the docs
🙋 Reach out for help or questions

---

Note

Medium Risk
Introduces a new default http.Client with a long ResponseHeaderTimeout and adds env-driven custom headers, which can subtly change request behavior across all SDK users if they relied on the previous no-timeout default or static headers.

Overview
Updates the SDK release to 0.19.0 (manifest, internal/version.go, README pin, changelog, and spec metadata).

Changes DefaultClientOptions() to always use a new default http.Client (cloned transport + ResponseHeaderTimeout) when callers don’t provide one, and adds support for injecting arbitrary request headers via a HYPEMAN_CUSTOM_HEADERS env var.

Refactors internal encoder/decoder cache keys to store reflect.Type as a named field (typ) instead of embedding it, and makes the bootstrap script’s SKIP_BREW check robust to unset variables.

^{Reviewed by Cursor Bugbot for commit 459e311. Bugbot is set up for automated code reviews on this repo. Configure here.}

[firetiger-agent]

Firetiger deploy monitoring skipped

This PR didn't match the auto-monitor filter configured on your GitHub connection:

Any PR that changes the kernel API. Monitor changes to API endpoints (packages/api/cmd/api/) and Temporal workflows (packages/api/lib/temporal) in the kernel repo

Reason: This is an automated release PR with only internal/chore changes to a bootstrap script, not a change to kernel API endpoints or Temporal workflows.

To monitor this PR anyway, reply with @firetiger monitor this.

[stainless-app]

🧪 Testing

To try out this version of the SDK:

Download and unzip: 'https://pkg.stainless.com/s/hypeman-go/768a2a12c13728f05946bd4c0f24e5f3a90f8620/source.zip'. Run 'go mod edit -replace github.com/kernel/hypeman-go=/path/to/unzipped_directory'.

Expires at: Sun, 31 May 2026 04:57:16 GMT
Updated at: Fri, 01 May 2026 04:57:16 GMT

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit b9f3593. Configure here.}

[cursor]

Unchecked type assertion on DefaultTransport can panic

High Severity

http.DefaultTransport.(*http.Transport) is an unchecked type assertion that will panic at runtime if http.DefaultTransport has been replaced with a custom RoundTripper (commonly done for tracing, instrumentation, or testing). Since defaultHTTPClient() is called from DefaultClientOptions() on every NewClient() invocation, this makes client construction panic-prone. A comma-ok assertion with a fallback (as used by googleapis/google-cloud-go after hitting the same issue) would be safer.

 

^{Reviewed by Cursor Bugbot for commit b9f3593. Configure here.}