Adopt @onkernel/sdk v0.72.0; drop save_changes from browser pools

[IlyaasK]

What

Bumps @onkernel/sdk ^0.60.0 → ^0.72.0 and adapts the MCP tools to the changes across that 12-minor jump, including the browser-pool save_changes removal from kernel/kernel#2484.

Changes

• Pagination: list() now returns OffsetPagination (not arrays). Read .items for browser-pools, extensions, proxies, and surface the real has_more / next_offset for the extensions/proxies list tools (previously hardcoded false/null).
• Credentials: values is string → string; use z.record(z.string(), z.string()) (also satisfies zod v4's two-arg z.record).
• Browser pools drop save_changes (#2484): removed the save_profile_changes input from manage_browser_pools and Omit'd it from PoolConfigParams, so the pool path can't send it (the API now silently ignores save_changes on pools). Single-session browsers/profiles tools keep save_profile_changes unchanged.

Verification

npx tsc --noEmit passes with zero errors.

Notes

• The repo has no committed lockfile and zod is a transitive dep that now resolves to v4; the z.record(z.string(), z.string()) form is valid in both zod v3 and v4, so the fix is resolution-robust.
• browser-pools list now returns the first page; the resource reader / list action preserve their prior (non-paginating) shape. The extensions/proxies tools now report accurate has_more.

🤖 Generated with Claude Code

---

Note

Medium Risk
SDK jump and pagination changes can truncate large extension/proxy/pool inventories if callers do not paginate; removing pool save_profile_changes is a behavioral contract change for agents that relied on it.

Overview
Upgrades @onkernel/sdk from ^0.60.0 to ^0.72.0 (and relaxes next to ^16.2.6) so MCP tools match the newer Kernel client and API shapes.

List endpoints no longer return bare arrays: browserPools, extensions, and proxies list paths now read page.items. manage_extensions and manage_proxies accept shared limit/offset pagination params and return real has_more / next_offset instead of hardcoded false/null. Browser pool list/resource still expose the same response shape but only the first page of pools.

Browser pools drop save_profile_changes from manage_browser_pools and omit it from pool config typing so pools cannot send profile save flags the API no longer supports for pools; single-session browser tools keep save_profile_changes unchanged.

Credentials validation changes values to z.record(z.string(), z.string()) for SDK typing and Zod v3/v4 compatibility.

^{Reviewed by Cursor Bugbot for commit 5077eb7. Bugbot is set up for automated code reviews on this repo. Configure here.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
mcp	Ready	Preview, Comment	Jun 26, 2026 9:24pm

[cursor]

Cursor Bugbot has reviewed your changes using high effort and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit bb1f1ab. Configure here.}

[vercel]

Additional Suggestion:

manage_credential_providers "list" serializes the entire SDK pagination page object instead of the provider array, because the @onkernel/sdk 0.72 bump changed credentialProviders.list() to return an OffsetPagination page while this tool was not updated like the other list tools.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​onkernel/​sdk@​0.60.0 ⏵ 0.72.0	+5		+1	+1

View full report