v0.27.0 - June 17, 2026

What's New

• SAP Print Service module (sap_cloud_sdk.print): A new first-class integration for the SAP Print Service. Use create_client() to get a fully configured PrintClient that handles OAuth2
  token acquisition, credential resolution, and all core print operations out of the box.
• PrintClient operations: Manage print queues (list_queues, create_queue), retrieve print profiles (get_print_profiles), upload documents with optional virus scanning (upload_document),
  and submit print jobs (create_print_task).
• Credential loading: Credentials are resolved automatically from mounted volumes (/etc/secrets/appfnd/print/{instance}/) with fallback to environment variables
  (CLOUD_SDK_CFG_PRINT_{INSTANCE}_{FIELD}), consistent with the SDK's existing secret-resolution pattern.

Contributors

• @laniakea2006

v0.26.1 - June 16, 2026

Improvements

• [DMS — Integration Tests]: The session-scoped _setup_test_repositories fixture in tests/dms/integration/conftest.py now automatically onboards a standard and a version-enabled test repository at session start and deletes them on teardown. No pre-existing repositories are required.
• [Docs]: docs/INTEGRATION_TESTS.md updated with DMS-specific environment variable instructions and a note about the auto-repository setup.

Contributors

• @I559656

v0.26.0 - June 11, 2026

What's New

• sap_cloud_sdk.adms module — full-featured sync and async Python client for the SAP Advanced Document Management Service (ADM), backed by IAS X.509 client-credentials authentication and OData V4.

  Clients

  • AdmsClient (sync) and AsyncAdmsClient (async) with sub-namespaces documents, relations, jobs, and config
  • create_client() / create_async_client() factories that load IAS bindings from a mounted secret volume with CLOUD_SDK_CFG_ADMS_DEFAULT_* environment-variable fallback

  Document API

  • Document CRUD: create, get, update, delete
  • Content download URL generation; scan-state handling (PENDING / CLEAN / INFECTED)
  • get_all() transparently queries DocumentRelation?$expand=Document (the ADM service has no top-level Document collection)
  • update() returns the full entity (follows up with a GET after UpdateDocument)
  • Fields: DocumentStateText, DocumentContentHash; size fields typed as int

  DocumentRelation API

  • Full draft lifecycle: create_draft, validate_draft, activate_draft, discard_draft
  • delete_business_object_node — removes all relations for a BO node (requires system-user scope)
  • get_change_logs() and get_bo_node_change_logs() — read-only audit trails
  • New model: DraftAdministrativeData (returned by draft lifecycle responses)
  • New fields: is_active_entity, has_active_entity, has_draft_entity, document_relation_is_output_relevant, draft_messages, doc_relation_changed_by_user_name, doc_relation_changed_at_date_time

  Configuration API

  • AllowedDomain, DocumentType, BusinessObjectNodeType, DocumentTypeBusinessObjectTypeMap: full CRUD including get_by_id and update (PATCH)
  • FileExtensionPolicy CRUD: get_all, create, get, delete
  • ApplicationTenant CRUD: get_all, create, get, delete
  • mark_default(mapping_id) — sets a DocType↔BOType map as default

  Jobs API

  • ZIP_DOWNLOAD and DELETE_USER_DATA job orchestration via AdminService
  • get_status sync/async parity — both accept use_admin_service parameter

  OData query options — tiered dataclasses replace scattered keyword arguments:

  • ConfigQueryOptions (filter, top, skip)
  • RelationQueryOptions (+ select, expand)
  • DocumentQueryOptions (+ orderby)

  Authentication & token cache

  • IasTokenFetcher — client_credentials (cached) and jwt-bearer OBO (intentionally not cached; OBO tokens are user-scoped and must not be shared across pods)
  • Pluggable TokenCache protocol with InMemoryTokenCache (thread-safe); TokenCache and InMemoryTokenCache exported from sap_cloud_sdk.adms

Contributors

• @adwitiyasushant

v0.25.2 - June 11, 2026

Bug Fixes

• Fixed all ty type errors that were blocking the pre-commit hook from passing:
  • tests/agent_memory/integration/test_agentmemory_bdd.py: replaced "USER" string literal with MessageRole.USER enum value
  • tests/agentgateway/integration/test_agw_bdd.py: narrowed Optional[str] token to str before using it in a Callable[[], str] lambda
  • tests/core/integration/telemetry/_agent.py: moved top-level langgraph and langchain_core imports inside the try/except ImportError block; added # ty: ignore[unresolved-import] for optional dependencies absent from the base venv
  • tests/core/unit/data_anonymization/test_http_transport.py: annotated DummyResponse.headers as Mapping[str, str] to satisfy the _ResponseLike protocol
  • tests/dms/integration/: removed two stale # ty: ignore suppression comments

Improvements

• CI now runs all pre-commit hooks (check-yaml, trailing whitespace, ruff format, ruff lint, ty type check) via a single uvx pre-commit run --all-files step, replacing the previous individual ruff and ty steps
• Version-bump check now only triggers when .py, .pyi, or .proto files under src/ are modified — py.typed markers, user guides, and other non-code assets no longer require a bump

Contributors

• @jeanscherf

v0.25.1 - June 10, 2026

Bug Fixes

• When a global Tracer had already been set, auto_instrument was not able to merge its own resource attributes into existing ones. The fix accesses internally cached tracers to merge all resources with newly-created ones so that SDK resource attributes are present in all spans.

Contributors

• @LucasAlvesSoares

v0.25.0 - Jun 09, 2025

What's New

• AgentGatewayClient.list_mcp_tools() now accepts an optional user_token parameter.
  When provided, tool discovery uses user-scoped authentication (principal propagation) instead of the default system-scoped token. This mirrors the existing behaviour of call_mcp_tool() and enables consistent identity propagation across both the discovery and invocation phases.

  # Without user_token — uses system auth (unchanged default)
  tools = await agw_client.list_mcp_tools()
  
  # With user_token — uses user-scoped auth (new)
  tools = await agw_client.list_mcp_tools(user_token="user-jwt")

  Supported for both LoB agents (IAS token exchange via BTP Destination Service) and Customer agents (jwt-bearer grant via mTLS).

Contributors

• @NicoleMGomes

v0.24.0 - June 09, 2026

Improvements

• auditlog-ng: Event names are now derived directly from DESCRIPTOR.full_name, aligning the OTEL event name format with the ALS protobuf schema
  and the Audit Log SDK implementation. No manual event type string is needed anymore.

Bug Fixes

• auditlog-ng: Fixed incorrect OTEL event name format — names were previously constructed as sap.als.AuditEvent..v2 but are now correctly
  emitted as sap.auditlog.auditevent.v2. per the protobuf descriptor convention.

Breaking Changes

▎ ⚠️ Important: This section is critical for users upgrading from previous versions

• AuditlogNgClient.send() / send_json() — event_type parameter removed: The optional event_type: str argument has been removed from both methods.
  The event type is now always derived from event.DESCRIPTOR.full_name. Update all call sites by removing the event_type argument:

Before

  client.send(event, "DataAccess")
  client.send_json(event, "DataAccess") 

After

  client.send(event)                                                                                                                               
  client.send_json(event)     

Contributors

• @simeongelovski

v0.23.2 - June 08, 2026

Improvements

• Pinned opentelemetry-instrumentation-langchain to >= 0.61.0 to enforce compatibility with Traceloop
• Pinned PyJWT to >=2.13.0 for security
• Added automated tests for agent autoinstrumentation

Contributors

• @LucasAlvesSoares

v0.23.1 - June 03, 2026

Improvements

Upgrade traceloop-sdk and OpenTelemetry dependencies

• traceloop-sdk: 0.54.0 → 0.61.0
• opentelemetry-api / opentelemetry-sdk: >=1.28.0 → >=1.42.1
• opentelemetry-exporter-otlp-proto-grpc / opentelemetry-exporter-otlp-proto-http: 1.41.0 → 1.42.1
• Removed wrapt<2 constraint: the traceloop-sdk upgrade resolves the upstream incompatibility with wrapt 2.x that previously caused the LangChain instrumentor to fail at import time

Contributors

• @LucasAlvesSoares

v0.23.0 - June 02, 2026

What's New

• Agent Gateway token cache: AgentGatewayClient now maintains an in-memory _TokenCache (system tokens) and _GatewayUrlCache (gateway URLs) per instance. Repeated calls to get_system_auth and get_user_auth reuse valid tokens without a new network request, eliminating redundant token fetches in agentic loops.
• New ClientConfig fields for controlling cache behaviour (all backwards-compatible with defaults):
  • fallback_token_ttl_seconds (default 300.0): cache TTL when a token response provides no expiry metadata.
  • token_expiry_buffer_seconds (default 30.0): safety buffer subtracted from explicit token expiries before a cached token is reused.
  • max_system_token_cache_size (default 32): LRU cap for cached system tokens per client instance.
  • max_user_token_cache_size (default 256): LRU cap for cached exchanged user tokens per client instance.

Contributors

• @vitalykumov
• @prashantrakheja