Change8

python-v0.4.9.2

Breaking Changes
📦 autogen
1 breaking🐛 4 fixes🔧 7 symbols

Summary

This patch release focuses on security hardening by preventing API key exposure during serialization and fixes bugs in FileSurfer, SKChatCompletionAdapter, and reflection logic.

⚠️ Breaking Changes

  • API keys in model clients are now stored as SecretStr and will no longer be exported when calling model_dump_json() or dump_component(). To fix, ensure your deployment environment provides keys via environment variables or token-based auth rather than relying on serialized configs.

Migration Steps

  1. Update code that relies on serialized model client configurations to provide API keys via environment variables or external secret managers, as keys are no longer included in JSON exports.

🐛 Bug Fixes

  • Fixed logging error in SKChatCompletionAdapter.
  • Fixed missing system message in model client calls during reflect step when reflect_on_tool_use=True (regression from v0.4.8).
  • Fixed directory listing error in FileSurfer.
  • Enhanced security by using SecretStr for API keys to prevent accidental exposure during serialization.

🔧 Affected Symbols

SKChatCompletionAdapterFileSurferOpenAIChatCompletionClientAzureOpenAIChatCompletionClientAnthropicChatCompletionClientmodel_client.dump_componentmodel_client.model_dump_json