v0.10.0 - April 17, 2026

What's New

• Subscriber context for write operations: create, update, and delete on DestinationClient, FragmentClient, and CertificateClient now accept an optional tenant parameter. Passing a subscriber tenant subdomain scopes the OAuth2 token request to that tenant's identity zone, enabling resource management in a subscriber context. Defaults to None, preserving existing provider-context behaviour.

Contributors

• Application Foundation Toolkit Libraries Team

v0.9.0 - April 15, 2026

What's New

• Label management for destinations, fragments, and certificates: All three resource types now support get_*_labels, update_*_labels, and patch_*_labels operations at both instance and subaccount scopes. Labels are key-value metadata used for tagging and filtering resources.
• New Label and PatchLabels types: Exported from sap_cloud_sdk.destination. PatchLabels supports ADD (upsert by key) and DELETE actions for incremental label updates.
• Label filtering in list operations: ListOptions now accepts a filter_labels field to filter resources by label using OData Label HAS expressions. Supported on list_*_destinations, list_*_fragments, and list_*_certificates methods.
• Fragment list filtering: list_instance_fragments and list_subaccount_fragments now accept a filter parameter (aligning with destinations and certificates).

Contributors

• Application Foundation Toolkit Libraries Team

v0.8.0 - April 15, 2026

What's New

• Extended get_destination headers support: ConsumptionOptions now exposes all HTTP request headers supported by the SAP Destination Service v2 API. New fields cover the full range of OAuth2 flows (token exchange, authorization code with PKCE, refresh token), client-provided SAML assertion, optional fragment handling, and destination chains with variables. All new fields default to None and are omitted from the request when not set. Existing code is unaffected.

Contributors

• Application Foundation Toolkit Libraries Team

v0.7.1 - April 14, 2026

Dependency Updates

• Upgraded opentelemetry-exporter-otlp-proto-grpc and opentelemetry-exporter-otlp-proto-http from ~=1.38.0 to ~=1.41.0, resolving a dependency conflict with packages requiring >=1.40.0 (e.g. sap-ai-agent-evaluation).

  Resolves #44

• Relaxed the requests pin from ~=2.31.0 to >=2.33.0, fixing a dependency conflict with packages requiring a newer version (e.g. sap-ai-sdk-gen) and remediating CVE-2026-25645 (insecure temporary file, CVSS 5.5).

  Resolves #49, #53

v0.7.0 - April 14, 2026

What's New

• New Audit Log NG Module: Introduced sap_cloud_sdk.core.auditlog_ng, a next-generation audit logging client that uses Protocol Buffers (protobuf) for improved performance and type safety
• New Dependencies: Added Protocol Buffers support with generated Python classes
• Module Structure:
  • sap_cloud_sdk.core.auditlog_ng.client: Main client implementation for audit logging
  • sap_cloud_sdk.core.auditlog_ng.config: Configuration management
  • sap_cloud_sdk.core.auditlog_ng.exceptions: Custom exception handling
  • sap_cloud_sdk.core.auditlog_ng.gen: Generated protobuf classes
  • sap_cloud_sdk.core.auditlog_ng.proto: Protocol buffer definitions
• Protocol Buffer Integration: Uses buf tooling for protobuf code generation and management
• Type Safety: Provides py.typed marker for full mypy compatibility

Bug Fixes

• N/A - This is a new feature addition

Breaking Changes

• No Breaking Changes: The existing sap_cloud_sdk.core.auditlog module remains fully functional and unchanged. The new auditlog_ng module runs alongside the existing implementation

Contributors

• Application Foundation Toolkit Libraries Team
• @simeongelovski made their first contribution in #41

v0.6.2 - April 13, 2026

Bug Fixes

• Fixed mocks/ directory resolution in local destination mode. Previously, both LocalDevClientBase and _mock_file() resolved the path relative to the package install location, which broke when the SDK was installed as a dependency. Both now use os.getcwd() so the mocks/ directory is always resolved relative to the application's working directory.

  Resolves #46

v0.6.1 - April 9, 2026

Improvements

• auto_instrument now uses BatchSpanProcessor by default, enabling asynchronous span export in a background thread. This significantly reduces response time overhead under concurrent workloads compared to the previous synchronous SimpleSpanProcessor.

What's New

• auto_instrument accepts a new disable_batch parameter (default False). Pass disable_batch=True to use synchronous span export, which may be preferable in short-lived scripts or test environments where the process may exit before the batch is flushed.

Resolves #40

v0.6.0 - April 8, 2026

What's New

• Local mode for sap_cloud_sdk.destination — run destination operations without SAP BTP connectivity during local development
• Place mocks/destination.json, mocks/fragments.json, or mocks/certificates.json at the repo root; create_client(), create_fragment_client(), and create_certificate_client() automatically return a local client when the corresponding file is detected
• LocalDevDestinationClient, LocalDevFragmentClient, and LocalDevCertificateClient support full CRUD (get, list, create, update, delete) at both service-instance and subaccount level
• Tenant-scoped entries and all four AccessStrategy values (SUBSCRIBER_ONLY, PROVIDER_ONLY, SUBSCRIBER_FIRST, PROVIDER_FIRST) are fully supported
• A WARNING is logged on every local-client creation to prevent accidental use in production

Contributors

• Application Foundation Toolkit Libraries Team

v0.5.0 - April 3, 2026

What's New

• New sap_cloud_sdk.ias module for working with SAP Identity Authentication Service
• parse_token() decodes IAS JWT tokens (no signature verification) into a typed IASClaims dataclass
• All 25 standard IAS claims mapped as named fields, including user_uuid (global user ID) and app_tid (tenant ID)
• Unrecognized claims collected in custom_attributes
• IASTokenError raised on malformed tokens; absent claims are None rather than errors

Contributors

• Application Foundation Toolkit Libraries Team

v0.4.0 - March 31, 2026

Breaking Changes

• ObjectStore: Removed implicit audit logging - All object store operations (upload, download, delete, list, etc.) no longer automatically log audit events.

Migration Guide

If your application requires audit logging for object store operations, you must now implement it explicitly:

from sap_cloud_sdk.objectstore import create_client
from sap_cloud_sdk.core.auditlog import create_client as create_audit_client, DataModificationEvent

# Create clients
store_client = create_client("my-instance")
audit_client = create_audit_client()

# Upload with explicit audit logging
store_client.put_object_from_bytes("file.txt", b"data", "text/plain")
audit_client.log(DataModificationEvent(
    object_type="s3-object",
    object_id={"bucket": "my-bucket", "key": "file.txt"},
    # ... other audit event details
))

What Changed

• Removed implicit audit log calls from all ObjectStore operations
• Removed audit log client initialization and helper methods from ObjectStore

Contributors

• Application Foundation Toolkit Libraries Team