fix: Multi Params issue with @supermemory/tools

[MaheshtheDev]

testing for now

fix proxy issue

upgraded the package

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
🔵 In progress View logs	supermemory-mcp	66ce119	Apr 15 2026, 10:37 PM

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	supermemory-app	b6a53ae	Commit Preview URL Branch Preview URL	Apr 15 2026, 10:49 PM

[MaheshtheDev]

• fix: Multi Params issue with @supermemory/tools #854 👈 (View in Graphite)
• main

---

How to use the Graphite Merge Queue

Add the label Main to this PR to add it to the merge queue.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

[claude]

Claude finished @MaheshtheDev's task in 1m 5s —— View job

---

PR Review Complete

Overview: Fixes proxy/wrapper issue by switching from object spread to ES6 Proxy pattern to preserve prototype-chain properties on wrapped language models.

Issues found: None — this looks good to ship.

Details:

• The core change in packages/tools/src/vercel/index.ts correctly solves the problem where { ...model } would drop prototype/getter properties like provider, modelId, and specificationVersion. The Proxy with Reflect.get(target, prop, receiver) properly delegates to the prototype chain.
• Unit test added to verify the fix works for prototype-based properties (lines 90-107 in unit.test.ts).
• Test app files cleaned up to use package imports (@supermemory/tools/*) instead of relative paths.
• Version bump to 1.4.02 is appropriate for this fix.

Score: 9/10

Minor note: The test app changes (switching from OpenAI to Gemini gateway, adding PostHog tracing) are unrelated to the proxy fix. Not a blocker, but worth noting for commit message clarity.

---

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​anthropic-ai/​sdk@​0.71.2 ⏵ 0.55.1
	@​types/​pg@​8.20.0
	@​ai-sdk/​react@​1.2.12 ⏵ 3.0.160	+3
	@​scalar/​hono-api-reference@​0.9.48
	@​ai-sdk/​anthropic@​3.0.69 ⏵ 1.2.12			-4
	@​types/​flubber@​0.4.0
	posthog-node@​5.29.2
	@​supermemory/​tools@​1.4.1
	destr@​2.0.5
	boxen@​8.0.1
	@​google/​generative-ai@​0.24.1
	atmn@​0.0.16
	@​sentry/​cli@​2.58.5
	@​ai-sdk/​google@​2.0.68 ⏵ 1.2.22	+9
	@​hono/​zod-validator@​0.7.6
	drizzle-orm@​0.44.7
	better-auth@​1.6.4
	@​vanilla-extract/​recipes@​0.5.7
	dedent@​1.7.2
	compromise@​14.15.0
	@​ai-sdk/​cerebras@​2.0.45 ⏵ 0.2.16			+1
	alchemy@​0.81.4
	cloudflare@​4.5.0
	zod@​3.25.76 ⏵ 4.3.6	+2
	hono-openapi@​1.3.0 ⏵ 0.4.8			+21
	drizzle-zod@​0.7.1
	file-type@​21.3.4
	drizzle-kit@​0.31.10
	@​posthog/​ai@​7.16.0
	@​biomejs/​biome@​2.4.12

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: ? → npm/entities@4.5.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@4.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[claude]

Overview: Fixes proxy/wrapper issue by switching from object spread to ES6 Proxy pattern to preserve prototype-chain properties on wrapped language models.

Issues found: None — this looks good to ship.

Details:

• The core change in packages/tools/src/vercel/index.ts correctly solves the problem where { ...model } would drop prototype/getter properties like provider, modelId, and specificationVersion. The Proxy with Reflect.get(target, prop, receiver) properly delegates to the prototype chain.
• Unit test added to verify the fix works for prototype-based properties.
• Test app files cleaned up to use package imports (@supermemory/tools/*) instead of relative paths.
• Version bump to 1.4.02 is appropriate for this fix.

Score: 9/10

Minor note: The test app changes (switching from OpenAI to Gemini gateway, adding PostHog tracing) are unrelated to the proxy fix. Not a blocker, but worth noting for commit message clarity.