Release 0.13.5

[github-actions]

Release readiness review (v0.13.4 -> TARGET eda3261)

This is a release readiness report done by $final-release-review skill.

Diff

v0.13.4...eda3261

Release call:

🟢 GREEN LIGHT TO SHIP Changes are additive/fix-oriented with targeted test coverage added in the same risk areas.

Scope summary:

• 28 files changed (+1318/-647); key areas touched: SQLite session concurrency/locking, MCP approval policy extensibility, tracing flush API/processor synchronization, plus tests/docs/workflow and version bump to 0.13.5.

Risk assessment (ordered by impact):

1. SQLite session locking refactor for file-backed databases

• Risk: 🟢 LOW. Concurrency behavior changed, but the diff adds explicit shared file-locking and targeted regression tests for multi-instance and concurrent writes.
• Evidence: src/agents/memory/sqlite_session.py introduces shared RLock management and _locked_connection; src/agents/extensions/memory/advanced_sqlite_session.py moves writes/metadata updates under the same lock; new tests in tests/test_session.py and tests/extensions/memory/test_advanced_sqlite_session.py.
• Files: src/agents/memory/sqlite_session.py, src/agents/extensions/memory/advanced_sqlite_session.py, tests/test_session.py, tests/extensions/memory/test_advanced_sqlite_session.py
• Action: uv run pytest -q tests/test_session.py -k sqlite_session_file_lock_is_shared_across_instances tests/extensions/memory/test_advanced_sqlite_session.py -k concurrent_add_items_preserves_message_structure_for_file_db (pass if both tests pass).

2. MCP callable approval policy support

• Risk: 🟢 LOW. Public surface is additive and keeps fail-closed behavior for legacy call paths without agent context.
• Evidence: src/agents/mcp/server.py adds callable require_approval normalization and legacy fallback; src/agents/mcp/__init__.py re-exports LocalMCPApprovalCallable; focused coverage added in tests/mcp/test_mcp_approval.py and tests/mcp/test_mcp_util.py.
• Files: src/agents/mcp/server.py, src/agents/mcp/init.py, tests/mcp/test_mcp_approval.py, tests/mcp/test_mcp_util.py
• Action: uv run pytest -q tests/mcp/test_mcp_approval.py tests/mcp/test_mcp_util.py (pass if callable approval scenarios pass for sync/async and legacy paths).

3. Tracing flush API and export synchronization

• Risk: 🟢 LOW. New flush_traces() API is additive and lock-based export serialization reduces race conditions during force flush.
• Evidence: src/agents/tracing/processors.py adds _export_lock; src/agents/tracing/provider.py adds default no-op force_flush/shutdown for compatibility and concrete flush in DefaultTraceProvider; exports added in src/agents/tracing/__init__.py and src/agents/__init__.py; tests expanded in tests/test_trace_processor.py.
• Files: src/agents/tracing/processors.py, src/agents/tracing/provider.py, src/agents/tracing/init.py, src/agents/init.py, tests/test_trace_processor.py
• Action: uv run pytest -q tests/test_trace_processor.py -k "force_flush or flush_traces" (pass if new flush/locking behavior tests pass).

No material risks identified.

Notes:

• Base and target were selected per request using local tags only (v0.13.4 -> eda32616505a6dffd7244dd55b0508bdd060a565).
• Working tree is clean (git status --short returned no changes).
• Assumed CI verification for the target commit; this report is diff-and-risk analysis focused.