release: 0.2.0 (#2)

Automated Release PR
---


## 0.2.0 (2026-03-16)

Full Changelog:
[v0.1.0...v0.2.0](v0.1.0...v0.2.0)

### Features

* add OAuth2 as alternative auth on management API endpoints
([52c6c27](52c6c27))
* add OAuth2 client credentials security scheme from common spec
([be3f5df](be3f5df))
* add OAuth2 client_credentials auth to SDK config
([40d6e7a](40d6e7a))
* Include `array_format: brackets` settings
([59f0159](59f0159))
* PyPi underscore package name
([3cd5a1e](3cd5a1e))
* support HTTP Basic Auth for service account token endpoint (RFC 6749
2.3.1)
([b9d6db0](b9d6db0))
* update pkg-oapi-common and add OAuth2 security scheme
([4a94884](4a94884))


### Bug Fixes

* **tests:** correct setup of OAuth 2 Client Credentials tests
([fe2b8ba](fe2b8ba))


### Chores

* hide unstable mcp features from api documentation
([0fd55ba](0fd55ba))


### Documentation

* remove MCP endpoints
([06fb1fd](06fb1fd))

---
This pull request is managed by Stainless's [GitHub
App](https://github.com/apps/stainless-app).

The [semver version
number](https://semver.org/#semantic-versioning-specification-semver) is
based on included [commit
messages](https://www.conventionalcommits.org/en/v1.0.0/).
Alternatively, you can manually set the version number in the title of
this pull request.

For a better experience, it is recommended to use either rebase-merge or
squash-merge when merging this pull request.

🔗 Stainless [website](https://www.stainlessapi.com)
📚 Read the [docs](https://app.stainlessapi.com/docs)
🙋 [Reach out](mailto:support@stainlessapi.com) for help or questions

---------

Co-authored-by: stainless-app[bot] <142633134+stainless-app[bot]@users.noreply.github.com>

Author: stainless-app[bot]

.release-please-manifest.json

@@ -1,3 +1,3 @@
 {
-  ".": "0.1.0"
+  ".": "0.2.0"
 }

.stats.yml

@@ -1,4 +1,4 @@
-configured_endpoints: 87
-openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/keycard%2Fkeycard-api-5092d9d6393b940b63aecc5d9ba44f85c79c01cd926978c09c62450ee5f7c269.yml
-openapi_spec_hash: 6d95ae31ee4a688394df9e89b766a53f
-config_hash: 68c59785c54c03969ea8163e835c3402
+configured_endpoints: 107
+openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/keycard%2Fkeycard-api-d3d69f45bfeddbd210e86edb90a843d195ba38d3b8636915400f26bd10882b95.yml
+openapi_spec_hash: 3bb1233f309a042f4fe90d9e32a81a3d
+config_hash: 99a124cc01ffd9a67759ccbc360af24a

CHANGELOG.md

@@ -1,5 +1,34 @@
 # Changelog
 
+## 0.2.0 (2026-03-16)
+
+Full Changelog: [v0.1.0...v0.2.0](https://github.com/keycardai/keycard-python/compare/v0.1.0...v0.2.0)
+
+### Features
+
+* add OAuth2 as alternative auth on management API endpoints ([52c6c27](https://github.com/keycardai/keycard-python/commit/52c6c27bb85b2f07f5ead2490ab902fef4816dca))
+* add OAuth2 client credentials security scheme from common spec ([be3f5df](https://github.com/keycardai/keycard-python/commit/be3f5df50f9f6434ab8836c06adeda99c9f514d4))
+* add OAuth2 client_credentials auth to SDK config ([40d6e7a](https://github.com/keycardai/keycard-python/commit/40d6e7a713f518df3653430ed7cee25b2db79140))
+* Include `array_format: brackets` settings ([59f0159](https://github.com/keycardai/keycard-python/commit/59f0159a9a84d4a89b219faf4e7ac67556c22392))
+* PyPi underscore package name ([3cd5a1e](https://github.com/keycardai/keycard-python/commit/3cd5a1e6bd8684f86efb5d77249cd950848631fe))
+* support HTTP Basic Auth for service account token endpoint (RFC 6749 2.3.1) ([b9d6db0](https://github.com/keycardai/keycard-python/commit/b9d6db00b5388ae7b8872c6f5f4345cb132edb56))
+* update pkg-oapi-common and add OAuth2 security scheme ([4a94884](https://github.com/keycardai/keycard-python/commit/4a9488474597b923dac403292e207ba0d8487754))
+
+
+### Bug Fixes
+
+* **tests:** correct setup of OAuth 2 Client Credentials tests ([fe2b8ba](https://github.com/keycardai/keycard-python/commit/fe2b8ba8b7867cc86942b5306bb8cb31f5d469ac))
+
+
+### Chores
+
+* hide unstable mcp features from api documentation ([0fd55ba](https://github.com/keycardai/keycard-python/commit/0fd55ba2f11a5ad75e6c13702a060853a209156c))
+
+
+### Documentation
+
+* remove MCP endpoints ([06fb1fd](https://github.com/keycardai/keycard-python/commit/06fb1fdec007a642eac2debbc11acdef112635c1))
+
 ## 0.1.0 (2026-03-10)
 
 Full Changelog: [v0.0.1...v0.1.0](https://github.com/keycardai/keycard-python/compare/v0.0.1...v0.1.0)

README.md

@@ -1,7 +1,7 @@
 # Keycard API Python API library
 
 <!-- prettier-ignore -->
-[![PyPI version](https://img.shields.io/pypi/v/keycardai-api.svg?label=pypi%20(stable))](https://pypi.org/project/keycardai-api/)
+[![PyPI version](https://img.shields.io/pypi/v/keycardai_api.svg?label=pypi%20(stable))](https://pypi.org/project/keycardai_api/)
 
 The Keycard API Python library provides convenient access to the Keycard API REST API from any Python 3.9+
 application. The library includes type definitions for all request params and response fields,
@@ -17,42 +17,31 @@ The REST API documentation can be found on [docs.keycard.ai](https://docs.keycar
 
 ```sh
 # install from PyPI
-pip install keycardai-api
+pip install keycardai_api
 ```
 
 ## Usage
 
 The full API of this library can be found in [api.md](api.md).
 
 ```python
-import os
 from keycardai_api import KeycardAPI
 
-client = KeycardAPI(
-    api_key=os.environ.get("KEYCARD_API_API_KEY"),  # This is the default and can be omitted
-)
+client = KeycardAPI()
 
 zones = client.zones.list()
 print(zones.items)
 ```
 
-While you can provide an `api_key` keyword argument,
-we recommend using [python-dotenv](https://pypi.org/project/python-dotenv/)
-to add `KEYCARD_API_API_KEY="My API Key"` to your `.env` file
-so that your API Key is not stored in source control.
-
 ## Async usage
 
 Simply import `AsyncKeycardAPI` instead of `KeycardAPI` and use `await` with each API call:
 
 ```python
-import os
 import asyncio
 from keycardai_api import AsyncKeycardAPI
 
-client = AsyncKeycardAPI(
-    api_key=os.environ.get("KEYCARD_API_API_KEY"),  # This is the default and can be omitted
-)
+client = AsyncKeycardAPI()
 
 
 async def main() -> None:
@@ -73,21 +62,19 @@ You can enable this by installing `aiohttp`:
 
 ```sh
 # install from PyPI
-pip install keycardai-api[aiohttp]
+pip install keycardai_api[aiohttp]
 ```
 
 Then you can enable it by instantiating the client with `http_client=DefaultAioHttpClient()`:
 
 ```python
-import os
 import asyncio
 from keycardai_api import DefaultAioHttpClient
 from keycardai_api import AsyncKeycardAPI
 
 
 async def main() -> None:
     async with AsyncKeycardAPI(
-        api_key=os.environ.get("KEYCARD_API_API_KEY"),  # This is the default and can be omitted
         http_client=DefaultAioHttpClient(),
     ) as client:
         zones = await client.zones.list()

api.md

@@ -19,7 +19,6 @@ Methods:
 - <code title="patch /zones/{zoneId}">client.zones.<a href="./src/keycardai_api/resources/zones/zones.py">update</a>(zone_id, \*\*<a href="src/keycardai_api/types/zone_update_params.py">params</a>) -> <a href="./src/keycardai_api/types/zone.py">Zone</a></code>
 - <code title="get /zones">client.zones.<a href="./src/keycardai_api/resources/zones/zones.py">list</a>(\*\*<a href="src/keycardai_api/types/zone_list_params.py">params</a>) -> <a href="./src/keycardai_api/types/zone_list_response.py">ZoneListResponse</a></code>
 - <code title="delete /zones/{zoneId}">client.zones.<a href="./src/keycardai_api/resources/zones/zones.py">delete</a>(zone_id) -> None</code>
-- <code title="delete /zones/{zoneId}/mcp-servers/{downstreamId}">client.zones.<a href="./src/keycardai_api/resources/zones/zones.py">delete_mcp_server</a>(downstream_id, \*, zone_id) -> None</code>
 - <code title="get /zones/{zoneId}/session-resource-access">client.zones.<a href="./src/keycardai_api/resources/zones/zones.py">list_session_resource_access</a>(zone_id, \*\*<a href="src/keycardai_api/types/zone_list_session_resource_access_params.py">params</a>) -> <a href="./src/keycardai_api/types/zone_list_session_resource_access_response.py">ZoneListSessionResourceAccessResponse</a></code>
 
 ## Applications
@@ -104,18 +103,6 @@ Methods:
 - <code title="get /zones/{zoneId}/delegated-grants">client.zones.delegated_grants.<a href="./src/keycardai_api/resources/zones/delegated_grants.py">list</a>(zone_id, \*\*<a href="src/keycardai_api/types/zones/delegated_grant_list_params.py">params</a>) -> <a href="./src/keycardai_api/types/zones/delegated_grant_list_response.py">DelegatedGrantListResponse</a></code>
 - <code title="delete /zones/{zoneId}/delegated-grants/{id}">client.zones.delegated_grants.<a href="./src/keycardai_api/resources/zones/delegated_grants.py">delete</a>(id, \*, zone_id) -> None</code>
 
-## McpGateways
-
-Types:
-
-```python
-from keycardai_api.types.zones import McpGatewayCreateMcpServerResponse
-```
-
-Methods:
-
-- <code title="post /zones/{zoneId}/mcp-gateways/{applicationId}/mcp-servers">client.zones.mcp_gateways.<a href="./src/keycardai_api/resources/zones/mcp_gateways.py">create_mcp_server</a>(application_id, \*, zone_id, \*\*<a href="src/keycardai_api/types/zones/mcp_gateway_create_mcp_server_params.py">params</a>) -> <a href="./src/keycardai_api/types/zones/mcp_gateway_create_mcp_server_response.py">McpGatewayCreateMcpServerResponse</a></code>
-
 ## Providers
 
 Types:
@@ -227,6 +214,101 @@ Methods:
 - <code title="get /zones/{zone_id}/secrets">client.zones.secrets.<a href="./src/keycardai_api/resources/zones/secrets.py">list</a>(zone_id, \*\*<a href="src/keycardai_api/types/zones/secret_list_params.py">params</a>) -> <a href="./src/keycardai_api/types/zones/secret_list_response.py">SecretListResponse</a></code>
 - <code title="delete /zones/{zone_id}/secrets/{id}">client.zones.secrets.<a href="./src/keycardai_api/resources/zones/secrets.py">delete</a>(id, \*, zone_id) -> None</code>
 
+## PolicySchemas
+
+Types:
+
+```python
+from keycardai_api.types.zones import (
+    SchemaVersion,
+    SchemaVersionWithZoneInfo,
+    PolicySchemaListResponse,
+)
+```
+
+Methods:
+
+- <code title="get /zones/{zone_id}/policy-schemas/{version}">client.zones.policy_schemas.<a href="./src/keycardai_api/resources/zones/policy_schemas.py">retrieve</a>(version, \*, zone_id, \*\*<a href="src/keycardai_api/types/zones/policy_schema_retrieve_params.py">params</a>) -> <a href="./src/keycardai_api/types/zones/schema_version_with_zone_info.py">SchemaVersionWithZoneInfo</a></code>
+- <code title="get /zones/{zone_id}/policy-schemas">client.zones.policy_schemas.<a href="./src/keycardai_api/resources/zones/policy_schemas.py">list</a>(zone_id, \*\*<a href="src/keycardai_api/types/zones/policy_schema_list_params.py">params</a>) -> <a href="./src/keycardai_api/types/zones/policy_schema_list_response.py">PolicySchemaListResponse</a></code>
+- <code title="patch /zones/{zone_id}/policy-schemas/{version}">client.zones.policy_schemas.<a href="./src/keycardai_api/resources/zones/policy_schemas.py">set_default</a>(version, \*, zone_id, \*\*<a href="src/keycardai_api/types/zones/policy_schema_set_default_params.py">params</a>) -> <a href="./src/keycardai_api/types/zones/schema_version_with_zone_info.py">SchemaVersionWithZoneInfo</a></code>
+
+## Policies
+
+Types:
+
+```python
+from keycardai_api.types.zones import Policy, PolicyDraft, PolicyListResponse
+```
+
+Methods:
+
+- <code title="post /zones/{zone_id}/policies">client.zones.policies.<a href="./src/keycardai_api/resources/zones/policies/policies.py">create</a>(zone_id, \*\*<a href="src/keycardai_api/types/zones/policy_create_params.py">params</a>) -> <a href="./src/keycardai_api/types/zones/policy.py">Policy</a></code>
+- <code title="get /zones/{zone_id}/policies/{policy_id}">client.zones.policies.<a href="./src/keycardai_api/resources/zones/policies/policies.py">retrieve</a>(policy_id, \*, zone_id) -> <a href="./src/keycardai_api/types/zones/policy.py">Policy</a></code>
+- <code title="patch /zones/{zone_id}/policies/{policy_id}">client.zones.policies.<a href="./src/keycardai_api/resources/zones/policies/policies.py">update</a>(policy_id, \*, zone_id, \*\*<a href="src/keycardai_api/types/zones/policy_update_params.py">params</a>) -> <a href="./src/keycardai_api/types/zones/policy.py">Policy</a></code>
+- <code title="get /zones/{zone_id}/policies">client.zones.policies.<a href="./src/keycardai_api/resources/zones/policies/policies.py">list</a>(zone_id, \*\*<a href="src/keycardai_api/types/zones/policy_list_params.py">params</a>) -> <a href="./src/keycardai_api/types/zones/policy_list_response.py">PolicyListResponse</a></code>
+- <code title="delete /zones/{zone_id}/policies/{policy_id}">client.zones.policies.<a href="./src/keycardai_api/resources/zones/policies/policies.py">archive</a>(policy_id, \*, zone_id) -> <a href="./src/keycardai_api/types/zones/policy.py">Policy</a></code>
+
+### Versions
+
+Types:
+
+```python
+from keycardai_api.types.zones.policies import PolicyVersion, VersionListResponse
+```
+
+Methods:
+
+- <code title="post /zones/{zone_id}/policies/{policy_id}/versions">client.zones.policies.versions.<a href="./src/keycardai_api/resources/zones/policies/versions.py">create</a>(policy_id, \*, zone_id, \*\*<a href="src/keycardai_api/types/zones/policies/version_create_params.py">params</a>) -> <a href="./src/keycardai_api/types/zones/policies/policy_version.py">PolicyVersion</a></code>
+- <code title="get /zones/{zone_id}/policies/{policy_id}/versions/{version_id}">client.zones.policies.versions.<a href="./src/keycardai_api/resources/zones/policies/versions.py">retrieve</a>(version_id, \*, zone_id, policy_id, \*\*<a href="src/keycardai_api/types/zones/policies/version_retrieve_params.py">params</a>) -> <a href="./src/keycardai_api/types/zones/policies/policy_version.py">PolicyVersion</a></code>
+- <code title="get /zones/{zone_id}/policies/{policy_id}/versions">client.zones.policies.versions.<a href="./src/keycardai_api/resources/zones/policies/versions.py">list</a>(policy_id, \*, zone_id, \*\*<a href="src/keycardai_api/types/zones/policies/version_list_params.py">params</a>) -> <a href="./src/keycardai_api/types/zones/policies/version_list_response.py">VersionListResponse</a></code>
+- <code title="delete /zones/{zone_id}/policies/{policy_id}/versions/{version_id}">client.zones.policies.versions.<a href="./src/keycardai_api/resources/zones/policies/versions.py">archive</a>(version_id, \*, zone_id, policy_id) -> <a href="./src/keycardai_api/types/zones/policies/policy_version.py">PolicyVersion</a></code>
+
+## PolicySets
+
+Types:
+
+```python
+from keycardai_api.types.zones import (
+    Attestation,
+    AttestationStatement,
+    PolicySet,
+    PolicySetDraft,
+    PolicySetManifest,
+    PolicySetManifestEntry,
+    PolicySetWithBinding,
+    PolicySetListResponse,
+)
+```
+
+Methods:
+
+- <code title="post /zones/{zone_id}/policy-sets">client.zones.policy_sets.<a href="./src/keycardai_api/resources/zones/policy_sets/policy_sets.py">create</a>(zone_id, \*\*<a href="src/keycardai_api/types/zones/policy_set_create_params.py">params</a>) -> <a href="./src/keycardai_api/types/zones/policy_set_with_binding.py">PolicySetWithBinding</a></code>
+- <code title="get /zones/{zone_id}/policy-sets/{policy_set_id}">client.zones.policy_sets.<a href="./src/keycardai_api/resources/zones/policy_sets/policy_sets.py">retrieve</a>(policy_set_id, \*, zone_id) -> <a href="./src/keycardai_api/types/zones/policy_set_with_binding.py">PolicySetWithBinding</a></code>
+- <code title="patch /zones/{zone_id}/policy-sets/{policy_set_id}">client.zones.policy_sets.<a href="./src/keycardai_api/resources/zones/policy_sets/policy_sets.py">update</a>(policy_set_id, \*, zone_id, \*\*<a href="src/keycardai_api/types/zones/policy_set_update_params.py">params</a>) -> <a href="./src/keycardai_api/types/zones/policy_set_with_binding.py">PolicySetWithBinding</a></code>
+- <code title="get /zones/{zone_id}/policy-sets">client.zones.policy_sets.<a href="./src/keycardai_api/resources/zones/policy_sets/policy_sets.py">list</a>(zone_id, \*\*<a href="src/keycardai_api/types/zones/policy_set_list_params.py">params</a>) -> <a href="./src/keycardai_api/types/zones/policy_set_list_response.py">PolicySetListResponse</a></code>
+- <code title="delete /zones/{zone_id}/policy-sets/{policy_set_id}">client.zones.policy_sets.<a href="./src/keycardai_api/resources/zones/policy_sets/policy_sets.py">archive</a>(policy_set_id, \*, zone_id) -> <a href="./src/keycardai_api/types/zones/policy_set_with_binding.py">PolicySetWithBinding</a></code>
+
+### Versions
+
+Types:
+
+```python
+from keycardai_api.types.zones.policy_sets import (
+    PolicySetVersion,
+    VersionListResponse,
+    VersionListPoliciesResponse,
+)
+```
+
+Methods:
+
+- <code title="post /zones/{zone_id}/policy-sets/{policy_set_id}/versions">client.zones.policy_sets.versions.<a href="./src/keycardai_api/resources/zones/policy_sets/versions.py">create</a>(policy_set_id, \*, zone_id, \*\*<a href="src/keycardai_api/types/zones/policy_sets/version_create_params.py">params</a>) -> <a href="./src/keycardai_api/types/zones/policy_sets/policy_set_version.py">PolicySetVersion</a></code>
+- <code title="get /zones/{zone_id}/policy-sets/{policy_set_id}/versions/{version_id}">client.zones.policy_sets.versions.<a href="./src/keycardai_api/resources/zones/policy_sets/versions.py">retrieve</a>(version_id, \*, zone_id, policy_set_id) -> <a href="./src/keycardai_api/types/zones/policy_sets/policy_set_version.py">PolicySetVersion</a></code>
+- <code title="patch /zones/{zone_id}/policy-sets/{policy_set_id}/versions/{version_id}">client.zones.policy_sets.versions.<a href="./src/keycardai_api/resources/zones/policy_sets/versions.py">update</a>(version_id, \*, zone_id, policy_set_id, \*\*<a href="src/keycardai_api/types/zones/policy_sets/version_update_params.py">params</a>) -> <a href="./src/keycardai_api/types/zones/policy_sets/policy_set_version.py">PolicySetVersion</a></code>
+- <code title="get /zones/{zone_id}/policy-sets/{policy_set_id}/versions">client.zones.policy_sets.versions.<a href="./src/keycardai_api/resources/zones/policy_sets/versions.py">list</a>(policy_set_id, \*, zone_id, \*\*<a href="src/keycardai_api/types/zones/policy_sets/version_list_params.py">params</a>) -> <a href="./src/keycardai_api/types/zones/policy_sets/version_list_response.py">VersionListResponse</a></code>
+- <code title="delete /zones/{zone_id}/policy-sets/{policy_set_id}/versions/{version_id}">client.zones.policy_sets.versions.<a href="./src/keycardai_api/resources/zones/policy_sets/versions.py">archive</a>(version_id, \*, zone_id, policy_set_id) -> <a href="./src/keycardai_api/types/zones/policy_sets/policy_set_version.py">PolicySetVersion</a></code>
+- <code title="get /zones/{zone_id}/policy-sets/{policy_set_id}/versions/{version_id}/policies">client.zones.policy_sets.versions.<a href="./src/keycardai_api/resources/zones/policy_sets/versions.py">list_policies</a>(version_id, \*, zone_id, policy_set_id, \*\*<a href="src/keycardai_api/types/zones/policy_sets/version_list_policies_params.py">params</a>) -> <a href="./src/keycardai_api/types/zones/policy_sets/version_list_policies_response.py">VersionListPoliciesResponse</a></code>
+
 # Organizations
 
 Types:
@@ -338,12 +420,6 @@ Methods:
 - <code title="delete /organizations/{organization_id}/sso-connection">client.organizations.sso_connection.<a href="./src/keycardai_api/resources/organizations/sso_connection.py">disable</a>(organization_id) -> None</code>
 - <code title="post /organizations/{organization_id}/sso-connection">client.organizations.sso_connection.<a href="./src/keycardai_api/resources/organizations/sso_connection.py">enable</a>(organization_id, \*\*<a href="src/keycardai_api/types/organizations/sso_connection_enable_params.py">params</a>) -> <a href="./src/keycardai_api/types/organizations/sso_connection.py">SSOConnection</a></code>
 
-# ServiceAccountToken
-
-Methods:
-
-- <code title="post /service-account-token">client.service_account_token.<a href="./src/keycardai_api/resources/service_account_token.py">create</a>(\*\*<a href="src/keycardai_api/types/service_account_token_create_params.py">params</a>) -> <a href="./src/keycardai_api/types/token_response.py">TokenResponse</a></code>
-
 # Invitations
 
 Types:

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
-name = "keycardai-api"
-version = "0.1.0"
+name = "keycardai_api"
+version = "0.2.0"
 description = "The official Python library for the keycard-api API"
 dynamic = ["readme"]
 license = "Apache-2.0"