Releases: SAP/cloud-sdk-python
Release list
v0.28.0 - June 23, 2026
What's New
- Destination-based configuration for Audit Log NG —
create_client()insap_cloud_sdk.core.auditlog_ngnow accepts three new keyword arguments:destination_name,destination_instance, andfragment_name. When provided (or when the defaultsdestination_name="AuditLogV3_Destination"/destination_instance="default"are in effect), the function resolvesendpoint,deployment_id, andnamespaceautomatically from the named SAP Destination at subaccount level, eliminating the need to pass these values explicitly in SPII-based deployments.
Improvements
create_client()now documents three mutually exclusive configuration paths evaluated in order: explicitconfigobject → destination-based resolution → explicit keyword arguments (endpoint,deployment_id,namespace).deploymentRegiondestination property is accepted as a fallback fordeployment_idwhendeploymentIdis absent or empty.- Destination import is lazy, so importing
auditlog_ngin environments without the destination module installed continues to work without errors. - User guide (
auditlog_ng/user-guide.md) updated with a new Destination-based configuration section, parameter tables, and usage examples. - Unit tests for
create_client()extended with aTestCreateClientFromDestinationsuite covering happy path,deploymentRegionfallback, missing required properties, and regression tests for the existing explicit-args path. starlettedev dependency bumped from1.0.0to1.3.1.
Contributors
v0.27.1 - Jun 18, 2026
Bug Fixes
-
mcp_tool_to_langchainnow respects optional MCP tool parameters.
Previously, all fields in the generated Pydanticargs_schemawere unconditionally marked as required (...), causing Pydantic validation errors when optional parameters were omitted. The converter now reads the"required"array from the tool'sinput_schema— fields listed there remain required, while all others are marked optional (str | None, defaulting toNone).# input_schema with required + optional fields tool = MCPTool( input_schema={ "type": "object", "required": ["eventid"], # only eventid is required "properties": { "eventid": {...}, "datafetchmode": {...}, # optional — no longer raises ValidationError }, }, ... ) langchain_tool = mcp_tool_to_langchain(tool, call_tool, get_user_token) # calling without datafetchmode now works correctly
Contributors
v0.27.0 - June 17, 2026
What's New
- SAP Print Service module (sap_cloud_sdk.print): A new first-class integration for the SAP Print Service. Use create_client() to get a fully configured PrintClient that handles OAuth2
token acquisition, credential resolution, and all core print operations out of the box. - PrintClient operations: Manage print queues (list_queues, create_queue), retrieve print profiles (get_print_profiles), upload documents with optional virus scanning (upload_document),
and submit print jobs (create_print_task). - Credential loading: Credentials are resolved automatically from mounted volumes (/etc/secrets/appfnd/print/{instance}/) with fallback to environment variables
(CLOUD_SDK_CFG_PRINT_{INSTANCE}_{FIELD}), consistent with the SDK's existing secret-resolution pattern.
Contributors
v0.26.1 - June 16, 2026
Improvements
- [DMS — Integration Tests]: The session-scoped
_setup_test_repositoriesfixture intests/dms/integration/conftest.pynow automatically onboards a standard and a version-enabled test repository at session start and deletes them on teardown. No pre-existing repositories are required. - [Docs]:
docs/INTEGRATION_TESTS.mdupdated with DMS-specific environment variable instructions and a note about the auto-repository setup.
Contributors
v0.26.0 - June 11, 2026
What's New
-
sap_cloud_sdk.admsmodule — full-featured sync and async Python client for the SAP Advanced Document Management Service (ADM), backed by IAS X.509 client-credentials authentication and OData V4.Clients
AdmsClient(sync) andAsyncAdmsClient(async) with sub-namespacesdocuments,relations,jobs, andconfigcreate_client()/create_async_client()factories that load IAS bindings from a mounted secret volume withCLOUD_SDK_CFG_ADMS_DEFAULT_*environment-variable fallback
Document API
- Document CRUD:
create,get,update,delete - Content download URL generation; scan-state handling (
PENDING/CLEAN/INFECTED) get_all()transparently queriesDocumentRelation?$expand=Document(the ADM service has no top-level Document collection)update()returns the full entity (follows up with aGETafterUpdateDocument)- Fields:
DocumentStateText,DocumentContentHash; size fields typed asint
DocumentRelation API
- Full draft lifecycle:
create_draft,validate_draft,activate_draft,discard_draft delete_business_object_node— removes all relations for a BO node (requires system-user scope)get_change_logs()andget_bo_node_change_logs()— read-only audit trails- New model:
DraftAdministrativeData(returned by draft lifecycle responses) - New fields:
is_active_entity,has_active_entity,has_draft_entity,document_relation_is_output_relevant,draft_messages,doc_relation_changed_by_user_name,doc_relation_changed_at_date_time
Configuration API
AllowedDomain,DocumentType,BusinessObjectNodeType,DocumentTypeBusinessObjectTypeMap: full CRUD includingget_by_idandupdate(PATCH)FileExtensionPolicyCRUD:get_all,create,get,deleteApplicationTenantCRUD:get_all,create,get,deletemark_default(mapping_id)— sets a DocType↔BOType map as default
Jobs API
ZIP_DOWNLOADandDELETE_USER_DATAjob orchestration viaAdminServiceget_statussync/async parity — both acceptuse_admin_serviceparameter
OData query options — tiered dataclasses replace scattered keyword arguments:
ConfigQueryOptions(filter,top,skip)RelationQueryOptions(+select,expand)DocumentQueryOptions(+orderby)
Authentication & token cache
IasTokenFetcher—client_credentials(cached) andjwt-bearerOBO (intentionally not cached; OBO tokens are user-scoped and must not be shared across pods)- Pluggable
TokenCacheprotocol withInMemoryTokenCache(thread-safe);TokenCacheandInMemoryTokenCacheexported fromsap_cloud_sdk.adms
Contributors
v0.25.2 - June 11, 2026
Bug Fixes
- Fixed all
tytype errors that were blocking thepre-commithook from passing:tests/agent_memory/integration/test_agentmemory_bdd.py: replaced"USER"string literal withMessageRole.USERenum valuetests/agentgateway/integration/test_agw_bdd.py: narrowedOptional[str]token tostrbefore using it in aCallable[[], str]lambdatests/core/integration/telemetry/_agent.py: moved top-levellanggraphandlangchain_coreimports inside thetry/except ImportErrorblock; added# ty: ignore[unresolved-import]for optional dependencies absent from the base venvtests/core/unit/data_anonymization/test_http_transport.py: annotatedDummyResponse.headersasMapping[str, str]to satisfy the_ResponseLikeprotocoltests/dms/integration/: removed two stale# ty: ignoresuppression comments
Improvements
- CI now runs all pre-commit hooks (
check-yaml, trailing whitespace, ruff format, ruff lint, ty type check) via a singleuvx pre-commit run --all-filesstep, replacing the previous individual ruff and ty steps - Version-bump check now only triggers when
.py,.pyi, or.protofiles undersrc/are modified —py.typedmarkers, user guides, and other non-code assets no longer require a bump
Contributors
v0.25.1 - June 10, 2026
Bug Fixes
- When a global
Tracerhad already been set,auto_instrumentwas not able to merge its own resource attributes into existing ones. The fix accesses internally cached tracers to merge all resources with newly-created ones so that SDK resource attributes are present in all spans.
Contributors
v0.25.0 - Jun 09, 2025
What's New
-
AgentGatewayClient.list_mcp_tools()now accepts an optionaluser_tokenparameter.
When provided, tool discovery uses user-scoped authentication (principal propagation) instead of the default system-scoped token. This mirrors the existing behaviour ofcall_mcp_tool()and enables consistent identity propagation across both the discovery and invocation phases.# Without user_token — uses system auth (unchanged default) tools = await agw_client.list_mcp_tools() # With user_token — uses user-scoped auth (new) tools = await agw_client.list_mcp_tools(user_token="user-jwt")
Supported for both LoB agents (IAS token exchange via BTP Destination Service) and Customer agents (jwt-bearer grant via mTLS).
Contributors
v0.24.0 - June 09, 2026
Improvements
- auditlog-ng: Event names are now derived directly from DESCRIPTOR.full_name, aligning the OTEL event name format with the ALS protobuf schema
and the Audit Log SDK implementation. No manual event type string is needed anymore.
Bug Fixes
- auditlog-ng: Fixed incorrect OTEL event name format — names were previously constructed as sap.als.AuditEvent..v2 but are now correctly
emitted as sap.auditlog.auditevent.v2. per the protobuf descriptor convention.
Breaking Changes
▎
- AuditlogNgClient.send() / send_json() — event_type parameter removed: The optional event_type: str argument has been removed from both methods.
The event type is now always derived from event.DESCRIPTOR.full_name. Update all call sites by removing the event_type argument:
Before
client.send(event, "DataAccess")
client.send_json(event, "DataAccess") After
client.send(event)
client.send_json(event) Contributors
v0.23.2 - June 08, 2026
Improvements
- Pinned
opentelemetry-instrumentation-langchainto>= 0.61.0to enforce compatibility with Traceloop - Pinned
PyJWTto>=2.13.0for security - Added automated tests for agent autoinstrumentation