Update Relaycast SDK to 4.1.2

[khaliqgant]

Summary

• Bump @relaycast/sdk ranges in agent-relay and @agent-relay/sdk from ^4.1.1 to ^4.1.2, preserving caret semantics rather than pinning
• Refresh the matching package-lock entries so @relaycast/sdk@4.1.2 resolves @relaycast/types@4.1.2
• Update the changelog and trajectory record

Validation

• npm view @relaycast/sdk@latest version dependencies --json confirms @relaycast/sdk 4.1.2 depends on @relaycast/types 4.1.2
• npm view @relaycast/types@latest version --json confirms @relaycast/types 4.1.2 is published
• npm ci --ignore-scripts
• Temp no-lock install probe resolves @relaycast/sdk 4.1.2 and @relaycast/types 4.1.2
• npm --prefix packages/sdk run check
• git diff --check

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: ef763c34-d7f1-447b-a30d-02925a9d359a

📥 Commits

Reviewing files that changed from the base of the PR and between 8daee54 and 6eb68e9.

📒 Files selected for processing (4)

• .agentworkforce/trajectories/completed/2026-06/traj_lawm15arzvua/summary.md
• .agentworkforce/trajectories/completed/2026-06/traj_lawm15arzvua/trajectory.json
• .github/workflows/rust-ci.yml
• crates/broker/src/worker.rs

✅ Files skipped from review due to trivial changes (2)

• .agentworkforce/trajectories/completed/2026-06/traj_lawm15arzvua/trajectory.json
• crates/broker/src/worker.rs

---

📝 Walkthrough

Walkthrough

Bumps @relaycast/sdk from ^4.1.1 to ^4.1.2 in packages/cli/package.json and packages/sdk/package.json, adds a CHANGELOG.md entry noting @relaycast/types 4.1.2 publication alignment, and harddens CI by retrying npm install after transient errors and increasing the Codex debug model probe timeout. Includes agent trajectory files documenting both decisions.

Changes

Relaycast SDK bump to ^4.1.2

Layer / File(s)	Summary
Dependency version bump and changelog packages/cli/package.json, packages/sdk/package.json, CHANGELOG.md	@relaycast/sdk updated from ^4.1.1 to ^4.1.2 in both package manifests; a Fixed bullet added to CHANGELOG.md noting @relaycast/types 4.1.2 publication alignment.
SDK refresh agent trajectory records .agentworkforce/trajectories/completed/2026-06/traj_l7osjf9vxe8d/*	New trajectory.json and summary.md files recording the completed agent run, the decision to bump the range rather than pin, and associated timestamps and retrospective metadata.

CI hardening for Relaycast SDK update

Layer / File(s)	Summary
npm install retry wrapper and workflow update .github/workflows/rust-ci.yml	The sdk-check job step now invokes scripts/post-publish-verify/retry-command.sh to wrap npm install, adding resilience against transient ECONNRESET errors from the npm registry.
Codex debug model probe timeout increase crates/broker/src/worker.rs	The timeout for codex_debug_models_contains_model subprocess execution is increased from 1.5s to 5s, reducing sensitivity to startup load and race conditions during full-suite test execution.
CI fix agent trajectory records .agentworkforce/trajectories/completed/2026-06/traj_lawm15arzvua/*	New trajectory.json and summary.md files documenting the completed CI hardening run, decisions to retry and increase timeout, and associated metadata.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• AgentWorkforce/relay#1133: Previously bumped @relaycast/sdk in the same packages/cli/package.json and packages/sdk/package.json files, making it a direct predecessor of this version update.
• AgentWorkforce/relay#1163: Introduced workspace.fleetNodes support relying on the same @relaycast/sdk package whose version is being bumped here.

Poem

🐇 Hop skip and jump, our SDK's renewed,
^4.1.2 now perfected and tuned!
When networks go wonky, we retry with grace,
And Codex gets breathing room, finding its pace.
Agent trajectories dance, documenting the race! 🌸

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly and concisely describes the main change: updating Relaycast SDK to version 4.1.2, which is the primary objective of the PR.
Description check	✅ Passed	The PR description covers the Summary section with detailed changes and validation steps, but lacks the Test Plan section from the template with checkboxes for testing status.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/refresh-relaycast-sdk-412

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[agent-relay-code]

ℹ️ pr-reviewer: review only — no file changes were applied to the PR (nothing to commit after review). The notes below are advisory and were not pushed.

This is the key insight that confirms the PR's correctness. The publish-fresh-install-build job (package-validation.yml:228-262) does exactly what the PR's changelog describes — it deletes the lockfile and runs npm install to resolve dependency ranges fresh, "to catch range-resolved dependency breaks before merge."

This is precisely the scenario the PR addresses: when @relaycast/sdk@^4.1.1 resolves to 4.1.2 (the newest), but @relaycast/types@4.1.1 was the only published types version, the fresh install would have a resolution mismatch. Now that @relaycast/types@4.1.2 is published and the range is ^4.1.2, fresh installs resolve cleanly. The bump is well-justified and the change is mechanically correct.

The PR is complete and correct as-is:

• npm ci (test.yml, package-validation.yml, standalone-macos-smoke) — lockfile↔manifest are consistent; both ^4.1.2 and resolved 4.1.2/integrity match.
• publish-fresh-install-build — range ^4.1.2 resolves to a @relaycast/sdk@4.1.2 whose @relaycast/types@4.1.2 is now published, so it resolves cleanly.

There are no code changes, no test changes needed, no semantic/safety concerns, and no lint/format issues (these are JSON manifests + a changelog bullet + tracked trajectory files). Nothing to edit.

I could not execute npm ci/npm install/npm test in this sandbox (no node_modules, registry installs unreliable), but the only thing those gates enforce on a pure-dependency PR — lockfile/manifest consistency and range resolvability — is verifiable by inspection, which I have done, and it holds. I made no edits, so there is nothing in the working tree to discard.

Summary

PR #1174 bumps @relaycast/sdk from ^4.1.1 to ^4.1.2 in packages/cli/package.json and packages/sdk/package.json, updates package-lock.json to resolve @relaycast/sdk/@relaycast/types at 4.1.2 (with matching integrity hashes), adds a Fixed changelog bullet, and includes the work's trajectory record. It's a clean, well-scoped patch-level dependency refresh.

Verification performed:

• Manifest↔lockfile consistency: both workspace declarations are ^4.1.2; nested resolved entries are 4.1.2 with updated SHA-512 integrity. No stale @relaycast/sdk@4.1.1 / @relaycast/types@4.1.1 references remain (object-assign@4.1.1 and @cfworker/json-schema@^4.1.1 are unrelated). npm ci will not detect a mismatch.
• Purpose alignment with CI: the publish-fresh-install-build job (.github/workflows/package-validation.yml:228) deletes the lockfile and runs npm install to catch range-resolution breaks before merge — exactly the failure this PR fixes now that @relaycast/types@4.1.2 is published.
• No source files changed; a patch bump doesn't alter the imported @relaycast/sdk API used across the 11 importing files, so no downstream type/build impact.

Observations (no action — out of scope / pre-existing):

• The lockfile records the agent-relay workspace at version: 8.8.5 while packages/cli/package.json is 8.9.0. I confirmed via git show e7fd3750 that this predates this PR; it is not a regression introduced here, so I left it unchanged.

Addressed comments

• No bot or human review comments are present in .workforce/context.json; there were no threads to reconcile.

Advisory Notes

• The lockfile/package.json workspace version drift (8.8.5 vs 8.9.0) exists on the base branch and is unrelated to this dependency refresh. If the team wants it corrected, it should be done in a separate PR by regenerating the lockfile, not folded into this one.

I made no file edits — the PR is mechanically correct and self-consistent, and there are no lint/format/typo fixes to apply. I could not run npm ci/npm install/npm test in this sandbox (no installed node_modules, no reliable registry access), so I did not verify the full build end-to-end here; the lockfile/manifest consistency and range resolvability that those gates enforce for a dependency-only PR were verified by inspection and hold. Because CI status cannot be confirmed as fully green and complete from this sandbox, I am not printing READY.

[agent-relay-code]

Only historical trajectory records mention 4.1.1 — those are immutable past-work logs and must not be edited. The bump is complete across all live config.

Let me confirm the trajectory files added by this PR are valid (the CLAUDE.md mandates .agentworkforce/trajectories/ stays tracked, and this PR adds a completed trajectory — consistent with policy). I've already seen their content in the diff; they're well-formed JSON/markdown.

I have completed the review. This is a clean, minimal, in-scope dependency bump. Here's my summary.

---

Review Summary: PR #1174 — Refresh Relaycast SDK lock after 4.1.2 publish

What the PR does

Bumps @relaycast/sdk from ^4.1.1 to ^4.1.2 in packages/cli/package.json and packages/sdk/package.json, updates package-lock.json to resolve @relaycast/sdk@4.1.2 / @relaycast/types@4.1.2 (matching integrity hashes), adds a ### Fixed changelog entry, and records a completed trajectory. The motivation: @relaycast/types@4.1.2 is now published, so caret ranges resolve cleanly without pinning.

Verification performed

• package.json consistency: Both packages/cli and packages/sdk correctly declare ^4.1.2. No stale ^4.1.1 remains in any live package.json.
• Lockfile resolution: npm install --package-lock-only reports "up to date" for the relaycast entries — the lockfile is in sync with the new ranges; integrity hashes for the 4.1.2 tarballs are present and consistent in both workspace node_modules blocks.
• npm ci (dry-run): Succeeds (exit 0). The lockfile/package.json pairing does not abort install. No CI-blocking lockfile mismatch from this PR.
• syncpack: .syncpackrc.json only enforces @agent-relay/** consistency, not @relaycast/*, so this bump raises no syncpack violation.
• Changelog: Entry is concise, impact-first, correctly under [Unreleased] → Fixed, conforms to Keep a Changelog.
• Trajectory files: Valid JSON/markdown; tracking them is required by CLAUDE.md.
• The only remaining 4.1.1 strings are in historical trajectory logs (immutable; correctly untouched).

Files changed: 0 (no edits needed)

The PR is mechanically and semantically correct as-is. I made no edits. (I ran npm install --package-lock-only during validation, which transiently rewrote unrelated 8.8.5→8.9.0 workspace entries in the lockfile; I git restored it so the working tree exactly matches the PR.)

Advisory Notes

• Pre-existing lockfile version drift (out of scope): package-lock.json still records the monorepo and its workspace packages (e.g. agent-relay, @agent-relay/cloud, etc.) at 8.8.5, while their package.json files are at 8.9.0. Running npm install --package-lock-only wants to rewrite ~42 lines to 8.9.0 and drop a stale "extraneous": true flag on is-unicode-supported. This drift predates this PR (the version bump landed earlier without a lockfile regen) and npm ci tolerates it, so it is not a blocker here. Folding the full 8.9.0 lockfile regeneration into this dependency-bump PR would be unrelated scope creep that could perturb package-validation. Recommend a human address it in a dedicated npm install housekeeping PR.

Addressed comments

• No bot or human review comments were present in .workforce/context.json or the workforce directory — there were no threads to account for.

This PR does not require any code changes from me and the bump is correct, but the pre-existing lockfile version drift is a repo-wide housekeeping item that a human should decide on separately, and I cannot confirm the live CI checks' pass/pending status from this sandbox — so I am not printing READY.

[agent-relay-code]

ℹ️ pr-reviewer: review only — no file changes were applied to the PR (nothing to commit after review). The notes below are advisory and were not pushed.

Working tree is clean (no modifications made), and the base is an ancestor of head — linear history, no merge conflicts expected.

Let me summarize my review. This PR has three logical changes, all of which I've validated against the current checkout:

Review Summary

PR #1174 refreshes the @relaycast/sdk dependency from ^4.1.1 to ^4.1.2 and hardens two CI checks. I traced all changes against the current checkout.

Changes validated

1. Dependency bump (^4.1.1 → ^4.1.2) in packages/cli/package.json:53, packages/sdk/package.json:62, and package-lock.json.

   • Lockfile is internally consistent: every @relaycast/sdk and @relaycast/types entry resolves to 4.1.2; no stale 4.1.1 references remain. The 4.1.1/4.1.2 hits elsewhere in the lockfile are unrelated packages (chalk, object-assign).
   • Patch-level semver bump; SDK source uses @relaycast/sdk in 6 files but no API surface change is implied by a patch release.

2. rust-ci.yml:145 — wraps npm install in scripts/post-publish-verify/retry-command.sh. I confirmed the script exists, is executable, and correctly exits 0 on success / 1 after exhausting retries. This is a CI resiliency change for transient ECONNRESET failures; non-semantic to product behavior.

3. crates/broker/src/worker.rs:1399 — probe timeout 1_500ms → 5s in codex_debug_models_contains_model. This is a model-detection helper (not lifecycle/dispatch/reaper code). Critically, it preserves fail-closed semantics: on timeout it still returns None, which codex_local_fallback_model treats as "do not fall back" (worker.rs:1392). No safety default was weakened.

Verification limitations

• cargo is unavailable in this sandbox, so I could not compile the Rust change. The edit is a single-line Duration literal swap with no type or control-flow change, so compilation risk is negligible.
• Node dependencies are not installed (no network), so I could not run npm run -w @agent-relay/sdk check end-to-end. The change is a semver patch bump with a consistent lockfile and no TS source edits.

I made no edits

The PR is mechanically clean and self-consistent. There was nothing to auto-fix (no lint/format/typo issues), and the semantic changes (CI retry, timeout bump) are reasonable and safe as written.

Addressed comments

• No bot or human review comments were present in .workforce/context.json or the provided metadata; there were no threads to account for.

Advisory Notes

• Pre-existing lockfile version skew (out of scope): package-lock.json:19637 records the agent-relay workspace and its internal @agent-relay/* deps at 8.8.5, while packages/cli/package.json declares 8.9.0. This PR did not introduce or touch this (it only modified the @relaycast/sdk line at 19647), and fixing it is unrelated to this PR's purpose — flagging for a future maintenance pass.

I could not run the canonical full build/test/typecheck commands (no cargo, no installed node deps, no network) in this sandbox, and I cannot confirm the actual CI check statuses on GitHub. Because required checks cannot be confirmed green from here, I am not printing READY.