CLI: Update Go SDK to 13b9433ac69ebc50e5c60ecd48c64b10e5681d01

[kernel-internal]

This PR updates the Go SDK dependency to the latest version.

SDK Update

• Updated kernel-go-sdk from v0.38.0 to v0.39.0 (commit 13b9433ac69ebc50e5c60ecd48c64b10e5681d01)

Coverage Analysis

A full enumeration of SDK methods and CLI commands was performed. No coverage gaps were found.

All SDK methods have corresponding CLI commands:

• Deployments: create (deploy), get, list (history), delete, follow (logs)
• Apps: list
• Invocations: create (invoke), get, update, list (history), browsers
• Browsers: create, get, update, list, delete, load-extensions + subcommands (fs, process, replays, computer, playwright, logs)
• Profiles: create, get, list, delete, download
• Auth.Connections: create, get, list, delete, login, submit, follow
• Proxies: create, get, list, delete, check
• Extensions: list, delete, download, download-web-store, upload
• BrowserPools: create, get, update, list, delete, acquire, release, flush
• Credentials: create, get, update, list, delete, totp-code
• CredentialProviders: create, get, update, list, delete, test, list-items

Triggered by: kernel/kernel-go-sdk@13b9433
Reviewer: @stainless-app[bot]

---

Note

Low Risk
Adds a new optional CLI flag/field and updates table output; main risk is minor behavior/format changes in the proxies commands and dependency bump to the SDK.

Overview
Adds first-class support for proxy BypassHosts in the CLI. proxies create now accepts --bypass-host (repeatable/comma-separated), trims/filters values before sending them to the API, and prints the resulting bypass hosts in the success output.

proxies get, proxies list, and proxies check now display a Bypass Hosts field/column (rendered as - when empty) via a shared formatter, with tests added/updated to cover the new behavior. Also bumps github.com/kernel/kernel-go-sdk from v0.37.0 to v0.39.0.

^{Written by Cursor Bugbot for commit ce7f998. This will update automatically on new commits. Configure here.}

[sjmiller609]

Result: PASS

• Flag exposed and documented in help.
• create persisted bypass hosts.
• get, list, and check all returned/displayed bypass hosts.
• cleanup (delete) succeeded.

Command outputs

$ unset KERNEL_BASE_URL KERNEL_API_KEY
$ ./bin/kernel --no-color auth status
SUCCESS: ✓ Authenticated with OAuth
WARNING: ⚠️ Access token expires in 20h5m11s

$ ./bin/kernel --no-color proxies create --help
...
# Create a proxy with bypass hosts
kernel proxies create --type datacenter --country US --bypass-host localhost,internal.service.local
...
--bypass-host  Hostname(S) to bypass proxy and connect directly (repeat or comma-separated)
...

$ ./bin/kernel --no-color proxies create \
  --type datacenter \
  --country US \
  --name codex-prod-bypass-rerun-1772060517 \
  --bypass-host localhost,internal.service.local \
  --bypass-host metadata.google.internal \
  -o json
{
  "bypass_hosts": [
    "localhost",
    "internal.service.local",
    "metadata.google.internal"
  ],
  "config": {
    "country": "us"
  },
  "id": "iqci4unan4qw6bp4qctz5d3o",
  "last_checked": "2026-02-25T23:01:57.533737993Z",
  "name": "codex-prod-bypass-rerun-1772060517",
  "protocol": "https",
  "status": "available",
  "type": "datacenter"
}

$ ./bin/kernel --no-color proxies get iqci4unan4qw6bp4qctz5d3o
Property     | Value
ID           | iqci4unan4qw6bp4qctz5d3o
Name         | codex-prod-bypass-rerun-1772060517
Type         | datacenter
Bypass Hosts | localhost, internal.service.local, metadata.google.internal
Protocol     | https
Country      | us
Status       | available
Last Checked | 2026-02-25 18:01:57 EST

$ ./bin/kernel --no-color proxies get iqci4unan4qw6bp4qctz5d3o -o json
{
  "bypass_hosts": [
    "localhost",
    "internal.service.local",
    "metadata.google.internal"
  ],
  "config": {
    "country": "us"
  },
  "id": "iqci4unan4qw6bp4qctz5d3o",
  "last_checked": "2026-02-25T23:01:57.533738Z",
  "name": "codex-prod-bypass-rerun-1772060517",
  "protocol": "https",
  "status": "available",
  "type": "datacenter"
}

$ ./bin/kernel --no-color proxies list -o json | jq '.[] | select(.id=="iqci4unan4qw6bp4qctz5d3o")'
{
  "bypass_hosts": [
    "localhost",
    "internal.service.local",
    "metadata.google.internal"
  ],
  "config": {
    "country": "us"
  },
  "id": "iqci4unan4qw6bp4qctz5d3o",
  "last_checked": "2026-02-25T23:01:57.533738Z",
  "name": "codex-prod-bypass-rerun-1772060517",
  "protocol": "https",
  "status": "available",
  "type": "datacenter"
}

$ ./bin/kernel --no-color proxies check iqci4unan4qw6bp4qctz5d3o
INFO: Running health check on proxy iqci4unan4qw6bp4qctz5d3o...
Property     | Value
ID           | iqci4unan4qw6bp4qctz5d3o
Name         | codex-prod-bypass-rerun-1772060517
Type         | datacenter
Bypass Hosts | localhost, internal.service.local, metadata.google.internal
Protocol     | https
Country      | us
Status       | available
Last Checked | 2026-02-25 18:01:59 EST
SUCCESS: Proxy health check passed

$ ./bin/kernel --no-color proxies delete iqci4unan4qw6bp4qctz5d3o -y
INFO: Deleting proxy: iqci4unan4qw6bp4qctz5d3o
SUCCESS: Successfully deleted proxy: iqci4unan4qw6bp4qctz5d3o

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

[cursor]

Normalization may send unintended empty array to API

Low Severity

When in.BypassHosts contains only whitespace or empty strings (e.g., --bypass-host " "), the guard len(in.BypassHosts) > 0 passes, but normalizeBypassHosts filters everything out and returns an empty []string{}. This empty (non-nil) slice gets assigned to params.BypassHosts, which serializes as "bypass_hosts":[] in JSON rather than omitting the field entirely. The API may treat an explicit empty array differently from an absent field.