Skip to content

feat(python-sdk): support omitting username/password from basic auth when configured in IR #14407

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Swimburger wants to merge 55 commits into
base: main
Choose a base branch
from
Open

feat(python-sdk): support omitting username/password from basic auth when configured in IR #14407

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
55 commits
Select commit Hold shift + click to select a range
97ba837
feat(python-sdk): support optional username/password in basic auth wh…
Swimburger Mar 31, 2026
a3f8635
fix(python-sdk): use per-field omit checks and constructor optionalit…
Swimburger Apr 1, 2026
e388f2c
fix(python-sdk): regenerate seed output for basic-auth-optional after…
Swimburger Apr 1, 2026
5167926
fix(python-sdk): apply ruff-format formatting fixes
Swimburger Apr 1, 2026
1d56f47
Merge remote-tracking branch 'origin/main' into devin/1774997704-basi…
Swimburger Apr 2, 2026
af66447
fix(python-sdk): remove omitted fields entirely from constructor para…
Swimburger Apr 2, 2026
d447854
fix(python-sdk): apply ruff-format to client_wrapper_generator.py
Swimburger Apr 2, 2026
f0f03d5
merge: resolve versions.yml conflict with main (bump to 5.2.2)
Swimburger Apr 2, 2026
55b8f55
fix(python-sdk): skip auth header when both fields omitted and auth i…
Swimburger Apr 2, 2026
0e7aed7
fix(python-sdk): use 'omit' instead of 'optional' in versions.yml cha…
Swimburger Apr 3, 2026
b68310c
Merge remote-tracking branch 'origin/main' into devin/1774997704-basi…
Swimburger Apr 3, 2026
dea51d2
refactor: rename basic-auth-optional fixture to basic-auth-pw-omitted
Swimburger Apr 3, 2026
b85372b
fix(python-sdk): bump version to 5.4.0 (feat requires minor bump)
Swimburger Apr 3, 2026
e42b9fe
merge: resolve versions.yml conflict with main (preserve 5.3.0/5.3.1 …
Swimburger Apr 3, 2026
87deef3
merge: resolve seed output conflicts with main
Swimburger Apr 3, 2026
dd520ad
fix(python-sdk): correct createdAt date to 2026-04-03
Swimburger Apr 3, 2026
b2e22fd
fix(python-sdk): handle usernameOmit/passwordOmit in dynamic snippets…
Swimburger Apr 3, 2026
406c776
refactor(python-sdk): simplify omit checks from === true to !!
Swimburger Apr 3, 2026
96607ee
fix: pass usernameOmit/passwordOmit through DynamicSnippetsConverter …
Swimburger Apr 3, 2026
ad58c5a
ci: retrigger CI (flaky test-ete timeout)
Swimburger Apr 4, 2026
282e654
merge: resolve merge with main for seed regeneration
Swimburger Apr 6, 2026
146db63
fix(python-sdk): remove omitted password field from basic-auth-pw-omi…
Swimburger Apr 6, 2026
2a813d7
merge: resolve versions.yml conflict with main (5.3.2 from main)
Swimburger Apr 7, 2026
40088a3
merge: resolve versions.yml conflict with main (5.3.3 from main)
Swimburger Apr 8, 2026
dfe72db
merge: resolve versions.yml conflict with main (5.3.4 from main)
Swimburger Apr 9, 2026
47467b8
fix: update createdAt date to 2026-04-09 for version 5.4.0
Swimburger Apr 9, 2026
4ab97bf
merge: resolve versions.yml conflict with main (5.3.5 from main)
Swimburger Apr 9, 2026
e6132b5
merge: resolve versions.yml conflict with main (5.3.6 from main)
Swimburger Apr 9, 2026
904bd20
merge: resolve versions.yml conflict with main (5.3.7 from main)
Swimburger Apr 9, 2026
191e55f
ci: retrigger CI for flaky python-sdk seed job
Swimburger Apr 9, 2026
57a4e42
merge: resolve versions.yml conflict with main (5.3.8 from main)
Swimburger Apr 9, 2026
b199044
merge: resolve versions.yml conflict with main (5.3.9 from main)
Swimburger Apr 10, 2026
7eb55d3
merge: resolve versions.yml conflict with main (5.3.10 from main)
Swimburger Apr 10, 2026
414980d
merge: resolve conflict with main
Swimburger Apr 10, 2026
b1e6b89
fix: restore base field deduplication and import reference propagation
Swimburger Apr 10, 2026
b43fb7c
fix: skip Authorization header when both fields omitted in mandatory …
Swimburger Apr 10, 2026
cfd5582
fix: ruff-format Python generator files
Swimburger Apr 10, 2026
27311c2
merge: resolve versions.yml conflict with main (5.3.12 from main)
Swimburger Apr 12, 2026
32c911e
merge: resolve cli versions.yml conflict with main (take main's 4.68.0)
Swimburger Apr 13, 2026
0d88056
fix: restore base_property_wire_values filter lost during merge
Swimburger Apr 13, 2026
fa01ae5
fix: restore triple-quote escaping and versions.yml ordering lost dur…
Swimburger Apr 13, 2026
b5a83aa
merge: resolve versions.yml conflict with main (5.3.14 from main)
Swimburger Apr 14, 2026
34b9a30
fix: restore dynamic stream condition property lookup in mock-utils
Swimburger Apr 14, 2026
79d4246
merge: resolve conflicts with main (IR v66 resolve_name + versions.yml)
devin-ai-integration[bot] Apr 14, 2026
8cd9896
fix: restore constructor_overloads for OAuth wrapper classes (merge a…
devin-ai-integration[bot] Apr 14, 2026
629447a
fix: rename version 5.4.0 to 5.3.15 to avoid collision with 5.4.0-rc.…
devin-ai-integration[bot] Apr 14, 2026
140db1e
fix: reorder versions.yml — place 5.3.15 after 5.4.0-rc.0 for descend…
devin-ai-integration[bot] Apr 14, 2026
2a25ce8
Merge remote-tracking branch 'origin/main' into devin/1774997704-basi…
Swimburger Apr 15, 2026
04718e3
fix: correct createdAt date for 5.3.15 to match chronological order
Swimburger Apr 15, 2026
cbd7f5e
merge: resolve versions.yml conflict with main (keep 5.4.0-rc.1 from …
Swimburger Apr 15, 2026
ad61f74
merge: resolve versions.yml conflict with main (keep 5.4.0 from main)
Swimburger Apr 16, 2026
b1ca1bd
merge: resolve versions.yml conflict with main (remove stale comment …
Swimburger Apr 16, 2026
b82592a
merge: resolve versions.yml conflict with main (keep 5.5.0 from main)
Swimburger Apr 16, 2026
c83989d
merge: resolve versions.yml conflict with main (keep 5.5.1 from main)
Swimburger Apr 17, 2026
db6f0d9
merge: resolve versions.yml conflict with main (keep 5.5.2 from main)
Swimburger Apr 18, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 14 additions & 6 deletions generators/python-v2/dynamic-snippets/src/EndpointSnippetGenerator.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -293,16 +293,24 @@ export class EndpointSnippetGenerator {
auth: FernIr.dynamic.BasicAuth;
values: FernIr.dynamic.BasicAuthValues;
}): python.NamedValue[] {
return [
{
// usernameOmit/passwordOmit may exist in newer IR versions
const authRecord = auth as unknown as Record<string, unknown>;
Copy link
Copy Markdown
Contributor

@devin-ai-integration devin-ai-integration bot Apr 3, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔴 as unknown as Record<string, unknown> violates CLAUDE.md rule and relies on fragile data smuggling

CLAUDE.md explicitly prohibits as unknown as X type assertions: "Never use as any or as unknown as X. These are escape hatches that bypass the type system entirely. If the types don't line up, fix the types."

Beyond the rule violation, this pattern exists because usernameOmit/passwordOmit are smuggled as extra properties on a DynamicSnippets.BasicAuth object (which only defines username and password per packages/ir-sdk/src/sdk/api/resources/dynamic/resources/auth/types/BasicAuth.ts:5-8). The converter at packages/cli/generation/ir-generator/src/dynamic-snippets/DynamicSnippetsConverter.ts:736-749 attaches these as ad-hoc properties, relying on JavaScript spread to propagate them. If the dynamic snippet IR passes through any schema-based serialization/deserialization boundary (as is typical when IR is passed to generators via JSON), these undeclared fields may be silently stripped, causing !!authRecord.usernameOmit to always evaluate to false and the feature to silently not work. The proper fix is to extend the DynamicSnippets.BasicAuth type in the IR definition to include the new fields.

Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

Copy link
Copy Markdown
Contributor

@devin-ai-integration devin-ai-integration bot Apr 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a known limitation. The FernIr.dynamic.BasicAuth type comes from @fern-fern/ir-sdk (the published IR SDK package), which doesn't have typed usernameOmit/passwordOmit fields yet. The fields exist in the IR schema (packages/ir-sdk/src/sdk/api/resources/auth/types/BasicAuthScheme.ts) but the dynamic IR types haven't been updated to include them. Updating the IR types is out of scope for this PR per maintainer instruction ("Fix the non-IR changes"). The cast is necessary until the published IR SDK is updated.

const usernameOmitted = !!authRecord.usernameOmit;
const passwordOmitted = !!authRecord.passwordOmit;
Comment on lines +297 to +299
Copy link
Copy Markdown
Contributor

@devin-ai-integration devin-ai-integration bot Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟡 CLAUDE.md violation: as unknown as Record<string, unknown> used instead of proper type narrowing

CLAUDE.md explicitly states: "Never use as any or as unknown as X. These are escape hatches that bypass the type system entirely. If the types don't line up, fix the types." The code at generators/python-v2/dynamic-snippets/src/EndpointSnippetGenerator.ts:297 uses auth as unknown as Record<string, unknown> to access usernameOmit/passwordOmit. The IR SDK's BasicAuthScheme type (packages/ir-sdk/src/sdk/api/resources/auth/types/BasicAuthScheme.ts) already defines these fields — the proper fix is to update the FernIr.dynamic.BasicAuth type to include them, or use a runtime in check for forward-compatibility.

Prompt for agents 
The code uses `as unknown as Record<string, unknown>` to access usernameOmit/passwordOmit on the BasicAuth type, violating the CLAUDE.md rule against `as unknown as X`. The IR SDK's BasicAuthScheme type (packages/ir-sdk/src/sdk/api/resources/auth/types/BasicAuthScheme.ts) already defines these fields. The fix should either: (1) Update the FernIr.dynamic.BasicAuth type definition to include usernameOmit and passwordOmit fields, then access them directly. Or (2) Use a runtime property check like `const usernameOmitted = 'usernameOmit' in auth && auth.usernameOmit === true` which avoids the type assertion entirely. Option 1 is preferred since the fields already exist in the IR schema definition at packages/ir-sdk/fern/apis/ir-types-latest/definition/auth.yml lines 150-158.
Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

const args: python.NamedValue[] = [];
if (!usernameOmitted) {
args.push({
name: this.context.getPropertyName(auth.username),
value: python.TypeInstantiation.str(values.username)
},
{
});
}
if (!passwordOmitted) {
args.push({
name: this.context.getPropertyName(auth.password),
value: python.TypeInstantiation.str(values.password)
}
];
});
}
return args;
}

private getConstructorBearerAuthArgs({
Expand Down
23 changes: 14 additions & 9 deletions generators/python/sdk/versions.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
# yaml-language-server: $schema=../../../fern-versions-yml.schema.json
# For unreleased changes, use unreleased.yml
- version: 5.5.2
changelogEntry:
- summary: |
Expand Down Expand Up @@ -56,7 +57,6 @@
type: fix
createdAt: "2026-04-15"
irVersion: 66

- version: 5.4.0-rc.0
changelogEntry:
- summary: |
Expand All @@ -65,6 +65,18 @@
createdAt: "2026-04-10"
irVersion: 66

- version: 5.3.15
changelogEntry:
- summary: |
Support omitting username or password from basic auth when configured via
`usernameOmit` or `passwordOmit` in the IR. Omitted fields are removed from
the SDK's public API and treated as empty strings internally (e.g., omitting
password encodes `username:`, omitting username encodes `:password`). When
both are omitted, the Authorization header is skipped entirely.
type: feat
createdAt: "2026-04-15"
irVersion: 65

- version: 5.3.14
changelogEntry:
- summary: |
Expand All @@ -84,6 +96,7 @@
type: fix
createdAt: "2026-04-13"
irVersion: 65

- version: 5.3.12
changelogEntry:
- summary: |
Expand Down Expand Up @@ -120,7 +133,6 @@
type: chore
createdAt: "2026-04-10"
irVersion: 65

- version: 5.3.9
changelogEntry:
- summary: |
Expand All @@ -136,15 +148,13 @@
type: chore
createdAt: "2026-04-09"
irVersion: 65

- version: 5.3.7
changelogEntry:
- summary: |
Upgrade @fern-api/generator-cli to 0.9.4 which upgrades @fern-api/replay to 0.10.1.
type: chore
createdAt: "2026-04-09"
irVersion: 65

- version: 5.3.6
changelogEntry:
- summary: |
Expand All @@ -156,7 +166,6 @@
type: fix
createdAt: "2026-04-09"
irVersion: 65

- version: 5.3.5
changelogEntry:
- summary: |
Expand All @@ -166,7 +175,6 @@
type: fix
createdAt: "2026-04-09"
irVersion: 65

- version: 5.3.4
changelogEntry:
- summary: |
Expand All @@ -176,7 +184,6 @@
type: fix
createdAt: "2026-04-09"
irVersion: 65

- version: 5.3.3
changelogEntry:
- summary: |
Expand All @@ -186,7 +193,6 @@
type: fix
createdAt: "2026-04-08"
irVersion: 65

- version: 5.3.2
changelogEntry:
- summary: |
Expand Down Expand Up @@ -259,7 +265,6 @@
type: feat
createdAt: "2026-03-31"
irVersion: 65

- version: 5.1.3
changelogEntry:
- summary: |
Expand Down
4 changes: 2 additions & 2 deletions generators/python/src/fern_python/generators/sdk/client_generator/root_client_generator.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1689,11 +1689,11 @@ def __init__(
self._async_init_parameters: Optional[List[ConstructorParameter]] = (
list(async_init_parameters) if async_init_parameters is not None else None
)
self._sync_constructor_overloads = sync_constructor_overloads
self._async_constructor_overloads = async_constructor_overloads
self._oauth_token_override = oauth_token_override
self._use_kwargs_snippets = use_kwargs_snippets
self._base_url_example_value = base_url_example_value
self._sync_constructor_overloads = sync_constructor_overloads
self._async_constructor_overloads = async_constructor_overloads

def build(self) -> GeneratedRootClient:
def create_class_reference(class_name: str) -> AST.ClassReference:
Expand Down
Loading
Loading