feat(license): inject X-Axonflow-Client header on every governed request#180
Merged
saurabhjain1592 merged 3 commits intomainfrom May 5, 2026
Merged
feat(license): inject X-Axonflow-Client header on every governed request#180saurabhjain1592 merged 3 commits intomainfrom
saurabhjain1592 merged 3 commits intomainfrom
Conversation
Per ADR-050 §4, every governed client must set `X-Axonflow-Client: <client-id>/<version>` on every request to the agent so the agent can derive request scope (sdk) and validate it against the token's aud.scope via HasScope(). Adds the header alongside the existing User-Agent in the AsyncClient constructor. Value sourced from the bundled __version__ constant; no env override (the consumer doesn't get to spoof its own client identity to the agent). Test coverage: - tests/test_client_header.py asserts the header is forwarded on proxy_llm_call requests and matches the agent-parseable "<client-id>/<semver>" contract. Signed-off-by: Saurabh Jain <saurabhjain1592@gmail.com>
Signed-off-by: Saurabh Jain <saurabhjain1592@gmail.com>
…der injection Signed-off-by: Saurabh Jain <saurabhjain1592@gmail.com>
2 tasks
saurabhjain1592
added a commit
that referenced
this pull request
May 6, 2026
…se validation [skip-runtime-e2e] (#182) Companion release to platform v7.7.0. The Python SDK now sends X-Axonflow-Client: sdk-python/<version> on every governed request, which the agent (v7.7.0+) uses to derive SDK request scope and validate against any license token's audience claim per the ADR-050 license matrix. Single substantive change since v7.0.0 (#180 — header injection). Supporting commits since v7.0.0 (DCO sign-off docs, definition-of-done CI gate, v7.0.0 changelog typo correction) are infrastructure and not user-facing. No public API changes. Existing v7.0.x callers pip install --upgrade axonflow and rebuild against v7.7.0 with no source changes. Backward-compatible against pre-v7.7.0 agents (header silently dropped). [skip-runtime-e2e] — version + CHANGELOG bump only; the underlying header behavior shipped + was runtime-tested when #180 landed. Signed-off-by: Saurabh Jain <saurabhjain1592@gmail.com>
saurabhjain1592
added a commit
that referenced
this pull request
May 6, 2026
…[skip-runtime-e2e] (#183) Companion to axonflow-sdk-go fix PR #156. The previous release PR (#182) bumped the Python SDK from v7.0.0 directly to v7.7.0 to platform-align with the V1 SaaS Plugin Pro launch. That was incorrect semver — the only substantive change since v7.0.0 is the X-Axonflow-Client header injection (one minor feature) so the natural bump is v7.1.0, not v7.7.0. Updates: - pyproject.toml + axonflow/_version.py 7.7.0 → 7.1.0 - CHANGELOG header [7.7.0] → [7.1.0], 2026-05-06 stamp preserved - Sister SDK cross-references (Go / TypeScript / Java) updated to v7.1.0 - Existing v7.0.x callers rebuild against v7.1.0 Platform v7.7.0 references in the same CHANGELOG entry are kept — those are correctly the platform version, not the SDK version. [skip-runtime-e2e] — version-correction only; no behavior change since the header injection runtime contract was already validated when #180 landed and re-confirmed when #182 merged. Signed-off-by: Saurabh Jain <saurabhjain1592@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Per ADR-050 §4, every governed client must set
X-Axonflow-Client: <client-id>/<version>on every request to the agent.This is the sdk-python half of getaxonflow/axonflow-enterprise#1881.
Changes
axonflow/client.py::__init__— addsX-Axonflow-Client: sdk-python/<__version__>to the AsyncClient constructor headers. Every request shipped through_http_clientnow carries the header.tests/test_client_header.py— new test (2 assertions: forwarded onproxy_llm_call+ format check).Verification
pytest tests/test_client_header.py— 2 / 2 passingpytest tests/ --no-cov— 964 passed, 29 skipped, 1 pre-existing failure ontest_telemetry_short_lived.py::test_telemetry_flushes_on_immediate_exitthat also fails onorigin/main(atexit flush flake, unrelated to this change).