github kortix-ai/suna v0.9.97
v0.9.97 — Per-account session-limit override + session delete/provision race fix

latest releases: dev-latest, desktop-dev-latest
4 hours ago

This release ships two changes:

1. Per-account concurrent-session override (f162d38289)
Concurrent-session caps were tier-only. Adds an operator-set per-account
override (credit_accounts.max_concurrent_sessions; NULL = tier decides,
a positive integer wins over the tier in both directions) and a clearer
429 message that includes the account's actual limit. Wired through
session-create enforcement, trigger backpressure, and the billing
account-state response.

2. Session-delete-mid-provision resurrection race fix (this promotion's
second change)
A session deleted while its sandbox was still provisioning could come back
to life: the fire-and-forget provisioner had no status guards on its
finish-of-provisioning writes, so a session deleted mid-provision could be
flipped back to 'running' (and billed) after the user had already deleted
it. Both finish-of-provisioning writes are now conditional on the session
not having been deleted/archived in the meantime; two related hardening
fixes close the same class of gap in continueSession's revival path and the
stuck-session reaper sweep.

Migration: 20260706034600000_account_session_limit_override.sql

  • Adds nullable kortix.credit_accounts.max_concurrent_sessions (int)
  • Idempotent upsert seeding the internal Kortix dogfood account
    (3b1fc472-a90e-404f-823f-ca42f6b32e4d) with an effectively-uncapped
    override of 100000
    This is the only migration pending between prod and staging.

Rollback: additive-only migration (ADD COLUMN IF NOT EXISTS + idempotent
upsert), safe to leave in place. A bad release rolls back via Path 1 in
docs/runbooks/rollback-procedure.md: revert the merge commit on prod
(PR, reviewed, same gate as forward deploys) — Argo CD self-heals to the
prior image tag. No down-migration is needed or defined (matches this
repo's node-pg-migrate convention).

What's Changed

  • chore(release): VERSION → 0.9.97 [skip ci] by @github-actions[bot] in #4163
  • fix(accounts): name unnamed accounts after their owner, not the caller by @markokraemer in #4166
  • chore(dev-eks): deploy dev-40a4b072 [skip ci] by @github-actions[bot] in #4167
  • feat(sdk+web): perfect tool-call handling — embedded failures surfaced everywhere + dev credit-gate exemption by @markokraemer in #4165
  • chore(dev-eks): deploy dev-cd3a5d16 [skip ci] by @github-actions[bot] in #4168
  • refactor(web): replace document/data viewers with Extend UI components by @markokraemer in #4157
  • chore(dev-eks): deploy gateway dev-e5b910cb [skip ci] by @github-actions[bot] in #4169
  • chore(dev-eks): deploy dev-e5b910cb [skip ci] by @github-actions[bot] in #4170
  • chore: retire the basejump account framework by @markokraemer in #4171
  • chore(dev-eks): deploy dev-46ee7395 [skip ci] by @github-actions[bot] in #4172
  • feat(agents): agent-first config & authorization v2 — manifest, native-.md model, IAM, secrets v2, canonical schema by @markokraemer in #4164
  • chore(dev-eks): deploy gateway dev-68aef1c6 [skip ci] by @github-actions[bot] in #4173
  • fix(sandbox): reap superseded per-project warm images on bake (Daytona quota) by @kubet in #4175
  • feat(web): sign in with SSO — route work-email domains to their SAML IdP by @Ino-Bagaric in #4174
  • fix(iam): SSO users land in their org — parse real Supabase SAML JWT + await JIT sync by @Ino-Bagaric in #4177
  • fix(db): reorder #4164 migrations after retire_basejump — unblock dev deploys by @Ino-Bagaric in #4178
  • chore(dev-eks): deploy dev-73fbee99 [skip ci] by @github-actions[bot] in #4179
  • fix(iam): run SAML JIT sync on all Supabase-auth paths (network + combinedAuth) by @Ino-Bagaric in #4180
  • fix(api): scope account member/invite reads to member-managers by @markokraemer in #4181
  • chore(dev-eks): deploy dev-06a9855d [skip ci] by @github-actions[bot] in #4182
  • fix(api): name auto-provisioned accounts after the signup email by @markokraemer in #4183
  • chore(dev-eks): deploy dev-13084eb8 [skip ci] by @github-actions[bot] in #4184
  • fix(iam): read SSO group claim from user_metadata.custom_claims by @Ino-Bagaric in #4187
  • chore(dev-eks): deploy dev-22ee9c5a [skip ci] by @github-actions[bot] in #4189
  • chore(dev-eks): deploy dev-407e5439 [skip ci] by @github-actions[bot] in #4190
  • chore(dev-eks): deploy dev-409d772f [skip ci] by @github-actions[bot] in #4192
  • chore(dev-eks): deploy dev-33febbf0 [skip ci] by @github-actions[bot] in #4193
  • chore(dev-eks): deploy dev-5c3f7abe [skip ci] by @github-actions[bot] in #4194
  • chore(dev-eks): deploy dev-2a4a25b7 [skip ci] by @github-actions[bot] in #4195
  • fix(sandbox): ppwarm reap skips Platinum soft-delete tombstones by @kubet in #4196
  • chore(dev-eks): deploy dev-6a1f1e00 [skip ci] by @github-actions[bot] in #4199
  • fix(approvals): approvals await response & auto-continue like questions; session/config allow scopes by @markokraemer in #4191
  • chore(dev-eks): deploy dev-eb23048a [skip ci] by @github-actions[bot] in #4200
  • feat(web): v2 migration gets its own customize sidebar section + giga migration prompt by @markokraemer in #4202
  • refactor(web): fold connector 'sensitive' into Permissions default selector by @markokraemer in #4204
  • feat(provider): rename sandbox provider daytona → managed (backward-compatible) by @kubet in #4201
  • chore(dev-eks): deploy dev-3c22b400 [skip ci] by @github-actions[bot] in #4205

Full Changelog: v0.9.96...v0.9.97

Don't miss a new suna release

NewReleases is sending notifications on new releases.