oapiex 0.2.2 → 0.3.1

package/dist/index.cjs

@@ -1142,11 +1142,18 @@ var TypeScriptModuleRenderer = class {
 			"export interface OpenApiMediaTypeDefinition<TExample = unknown> {\n  schema?: OpenApiSchemaDefinition\n  example?: TExample\n}",
 			"export interface OpenApiResponseDefinition<_TResponse = unknown, TExample = unknown> {\n  description: string\n  content?: Record<string, OpenApiMediaTypeDefinition<TExample>>\n}",
 			"export interface OpenApiRequestBodyDefinition<TInput = unknown> {\n  description?: string\n  required: boolean\n  content: Record<string, OpenApiMediaTypeDefinition<TInput>>\n}",
-			"export interface OpenApiOperationDefinition<_TResponse = unknown, TResponseExample = unknown, TInput = Record<string, never>, _TQuery = Record<string, never>, _THeader = Record<string, never>, _TParams = Record<string, never>> {\n  summary?: string\n  description?: string\n  operationId?: string\n  parameters?: OpenApiParameterDefinition[]\n  requestBody?: OpenApiRequestBodyDefinition<TInput>\n  responses: Record<string, OpenApiResponseDefinition<_TResponse, TResponseExample>>\n}",
+			"export interface OpenApiOauthFlowDefinition {\n  authorizationUrl?: string\n  tokenUrl?: string\n  refreshUrl?: string\n  scopes?: Record<string, string>\n}",
+			"export type OpenApiSecurityRequirementDefinition = Record<string, string[]>",
+			"export type OpenApiSecuritySchemeDefinition =\n  | {\n      type: 'http'\n      description?: string\n      scheme: string\n      bearerFormat?: string\n    }\n  | {\n      type: 'apiKey'\n      description?: string\n      name: string\n      in: 'query' | 'header' | 'cookie'\n    }\n  | {\n      type: 'oauth2'\n      description?: string\n      flows?: Record<string, OpenApiOauthFlowDefinition>\n    }\n  | {\n      type: 'openIdConnect'\n      description?: string\n      openIdConnectUrl: string\n    }",
+			"export interface OpenApiComponentsDefinition {\n  securitySchemes?: Record<string, OpenApiSecuritySchemeDefinition>\n}",
+			"export interface OpenApiOperationDefinition<_TResponse = unknown, TResponseExample = unknown, TInput = Record<string, never>, _TQuery = Record<string, never>, _THeader = Record<string, never>, _TParams = Record<string, never>> {\n  summary?: string\n  description?: string\n  operationId?: string\n  security?: OpenApiSecurityRequirementDefinition[]\n  parameters?: OpenApiParameterDefinition[]\n  requestBody?: OpenApiRequestBodyDefinition<TInput>\n  responses: Record<string, OpenApiResponseDefinition<_TResponse, TResponseExample>>\n}",
 			"export interface OpenApiSdkParameterManifest {\n  name: string\n  accessor: string\n  in: 'query' | 'header' | 'path'\n  required: boolean\n  description?: string\n}",
-			"export interface OpenApiSdkOperationManifest {\n  path: string\n  method: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE'\n  methodName: string\n  summary?: string\n  description?: string\n  operationId?: string\n  requestBodyDescription?: string\n  responseDescription?: string\n  responseType: string\n  inputType: string\n  queryType: string\n  headerType: string\n  paramsType: string\n  hasBody: boolean\n  bodyRequired: boolean\n  pathParams: OpenApiSdkParameterManifest[]\n  queryParams: OpenApiSdkParameterManifest[]\n  headerParams: OpenApiSdkParameterManifest[]\n}",
+			"export interface OpenApiSdkSecurityRequirementSchemeManifest {\n  name: string\n  scopes: string[]\n}",
+			"export interface OpenApiSdkSecurityRequirementManifest {\n  schemes: OpenApiSdkSecurityRequirementSchemeManifest[]\n}",
+			"export interface OpenApiSdkSecuritySchemeManifest {\n  name: string\n  helperName: string\n  description?: string\n  type: 'http' | 'apiKey' | 'oauth2' | 'openIdConnect'\n  authType: 'bearer' | 'basic' | 'apiKey' | 'oauth2'\n  scheme?: string\n  bearerFormat?: string\n  in?: 'header' | 'query' | 'cookie'\n  parameterName?: string\n  openIdConnectUrl?: string\n  scopes?: string[]\n}",
+			"export interface OpenApiSdkOperationManifest {\n  path: string\n  method: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE'\n  methodName: string\n  summary?: string\n  description?: string\n  operationId?: string\n  requestBodyDescription?: string\n  responseDescription?: string\n  responseType: string\n  inputType: string\n  queryType: string\n  headerType: string\n  paramsType: string\n  hasBody: boolean\n  bodyRequired: boolean\n  pathParams: OpenApiSdkParameterManifest[]\n  queryParams: OpenApiSdkParameterManifest[]\n  headerParams: OpenApiSdkParameterManifest[]\n  security?: OpenApiSdkSecurityRequirementManifest[]\n}",
 			"export interface OpenApiSdkGroupManifest {\n  className: string\n  propertyName: string\n  operations: OpenApiSdkOperationManifest[]\n}",
-			"export interface OpenApiSdkManifest {\n  groups: OpenApiSdkGroupManifest[]\n}",
+			"export interface OpenApiSdkManifest {\n  groups: OpenApiSdkGroupManifest[]\n  securitySchemes: OpenApiSdkSecuritySchemeManifest[]\n  security?: OpenApiSdkSecurityRequirementManifest[]\n}",
 			"export interface OpenApiRuntimeBundle<TApi = unknown> {\n  document: unknown\n  manifest: OpenApiSdkManifest\n  __api?: TApi\n}",
 			Object.entries(document.paths).map(([path, operations]) => {
 				const pathTypeName = this.derivePathTypeName(path);
@@ -1164,7 +1171,7 @@ var TypeScriptModuleRenderer = class {
 				}).join("\n\n"), `export interface ${pathTypeName} {\n${Object.keys(operations).map((method) => `  ${method}: ${this.deriveOperationInterfaceName(path, method)}`).join("\n")}\n}`].join("\n\n");
 			}).join("\n\n"),
 			`export interface Paths {\n${Object.keys(document.paths).map((path) => `  ${this.formatPropertyKey(path)}: ${this.derivePathTypeName(path)}`).join("\n")}\n}`,
-			`export interface ${rootTypeName} {\n  openapi: '3.1.0'\n  info: OpenApiInfo\n  paths: Paths\n}`
+			`export interface ${rootTypeName} {\n  openapi: '3.1.0'\n  info: OpenApiInfo\n  components?: OpenApiComponentsDefinition\n  security?: OpenApiSecurityRequirementDefinition[]\n  paths: Paths\n}`
 		].join("\n\n");
 	}
 	renderSdkApiInterface(rootTypeName, manifest) {
@@ -1259,7 +1266,7 @@ var TypeScriptModuleRenderer = class {
 			if (value.length === 0) return "[]";
 			const nextIndent = this.indent(indentLevel + 1);
 			const currentIndent = this.indent(indentLevel);
-			return `[\n${value.map((entry) => `${nextIndent}${this.renderLiteral(entry, indentLevel + 1)}`).join(",\n")}\n${currentIndent}]`;
+			return `\n[`.startsWith("\n[") ? `[\n${value.map((entry) => `${nextIndent}${this.renderLiteral(entry, indentLevel + 1)}`).join(",\n")}\n${currentIndent}]` : "[]";
 		}
 		if (typeof value === "object") {
 			const entries = Object.entries(value);
@@ -2042,9 +2049,22 @@ var TypeScriptShapeBuilder = class {
 var TypeScriptTypeBuilder = class {
 	naming = new TypeScriptNamingSupport();
 	shapes = new TypeScriptShapeBuilder(this.naming);
+	/**
+	* Creates a new generator context, which holds the state of the type generation process.
+	* 
+	* @returns 
+	*/
 	createContext() {
 		return this.shapes.createContext();
 	}
+	/**
+	* Collects semantic models from the given OpenAPI document, which represent the various 
+	* shapes and types that need to be generated for the SDK, along with their associated 
+	* metadata such as paths, methods, and roles.
+	* 
+	* @param document The OpenAPI document to extract semantic models from.
+	* @returns An array of semantic models representing the shapes and types for the SDK.
+	*/
 	collectSemanticModels(document) {
 		const models = [];
 		for (const [path, operations] of Object.entries(document.paths)) {
@@ -2107,9 +2127,20 @@ var TypeScriptTypeBuilder = class {
 		}
 		return models;
 	}
+	/**
+	* Builds the SDK manifest from the given OpenAPI document, using the provided operation 
+	* type references and naming strategy options.
+	* 
+	* @param document              The OpenAPI document to build the SDK manifest from.
+	* @param operationTypeRefs     A map of operation type references.
+	* @param options               Naming strategy options for the SDK manifest.
+	* @returns                     The generated SDK manifest.
+	*/
 	buildSdkManifest(document, operationTypeRefs, options = {}) {
 		const sdkGroupNamesBySignature = this.naming.deriveSdkGroupNamesBySignature(document, options.namespaceStrategy ?? "smart");
 		const groups = /* @__PURE__ */ new Map();
+		const securitySchemes = this.buildSecuritySchemes(document);
+		const globalSecurity = this.buildSecurityRequirements(document.security);
 		for (const [path, operations] of Object.entries(document.paths)) {
 			const staticSignature = this.naming.getStaticPathSegments(path).join("/");
 			const className = sdkGroupNamesBySignature.get(staticSignature) ?? "Resource";
@@ -2146,34 +2177,96 @@ var TypeScriptTypeBuilder = class {
 					bodyRequired: operation.requestBody?.required ?? false,
 					pathParams: this.naming.createSdkParameterManifest(operation.parameters, "path", path),
 					queryParams: this.naming.createSdkParameterManifest(operation.parameters, "query", path),
-					headerParams: this.naming.createSdkParameterManifest(operation.parameters, "header", path)
+					headerParams: this.naming.createSdkParameterManifest(operation.parameters, "header", path),
+					security: this.buildSecurityRequirements(operation.security)
 				});
 			}
 			groups.set(propertyName, group);
 		}
-		return { groups: Array.from(groups.values()).map((group) => ({
-			...group,
-			operations: this.naming.ensureUniqueSdkMethodNames(group.operations)
-		})).sort((left, right) => left.propertyName.localeCompare(right.propertyName)) };
+		return {
+			groups: Array.from(groups.values()).map((group) => ({
+				...group,
+				operations: this.naming.ensureUniqueSdkMethodNames(group.operations)
+			})).sort((left, right) => left.propertyName.localeCompare(right.propertyName)),
+			securitySchemes,
+			security: globalSecurity
+		};
 	}
+	/** 
+	* Infers a shape node from a given example value, using the provided name hint for 
+	* type naming purposes.
+	* 
+	* @param value         The example value to infer the shape from.
+	* @param nameHint      A hint for naming the inferred type.
+	* @returns             The inferred shape node.
+	*/
 	inferShapeFromExample(value, nameHint) {
 		return this.shapes.inferShapeFromExample(value, nameHint);
 	}
+	/**
+	* Sanitizes a given string to be used as a type name in TypeScript.
+	* 
+	* @param value The string to sanitize.
+	* @returns     The sanitized type name.
+	*/
 	sanitizeTypeName(value) {
 		return this.naming.sanitizeTypeName(value);
 	}
+	/**
+	* Registers a shape with a preferred name and returns the assigned type name, ensuring 
+	* that it is unique within the given context. 
+	* 
+	* @param shape             The shape node to register.
+	* @param preferredName     The preferred name for the type.
+	* @param context           The generator context.
+	* @param collisionSuffix   The suffix to use in case of name collisions. 
+	* @returns                 The assigned type name.
+	*/
 	registerNamedShape(shape, preferredName, context, collisionSuffix) {
 		return this.shapes.registerNamedShape(shape, preferredName, context, collisionSuffix);
 	}
+	/**
+	* Determines the top-level shape for a given shape and its semantic role, which can 
+	* be used for namespace grouping in the generated SDK.
+	* 
+	* @param shape     The shape node to evaluate.
+	* @param role      The semantic role of the shape.
+	* @returns         The top-level shape node for the given shape and role.
+	*/
 	namespaceTopLevelShape(shape, role) {
 		return this.shapes.namespaceTopLevelShape(shape, role);
 	}
+	/**
+	* Registers the given object shape and returns the assigned type name. 
+	* 
+	* @param shape             The object shape to register.
+	* @param preferredName     The preferred name for the type.
+	* @param context           The generator context.
+	* @param collisionSuffix   The suffix to use in case of name collisions.
+	* @param emitAlias         Whether to emit a type alias.
+	* @returns                 The assigned type name.
+	*/
 	registerObjectShape(shape, preferredName, context, collisionSuffix, emitAlias = false) {
 		return this.shapes.registerObjectShape(shape, preferredName, context, collisionSuffix, emitAlias);
 	}
+	/**
+	* Determines the priority of an operation based on its characteristics, such as the 
+	* presence of a request body, which can be used for sorting operations when generating the SDK.
+	* 
+	* @param operation The operation object to evaluate.
+	* @returns         The priority of the operation.
+	*/
 	getOperationPriority(operation) {
 		return Number(Boolean(operation.requestBody)) * 10;
 	}
+	/**
+	* Resolves the description for a successful response from the given responses 
+	* object, preferring common success status codes and falling back to any available 
+	* description if necessary.
+	* 
+	* @param responses The responses object to evaluate.
+	* @returns         The description of the successful response, or undefined if none is found.
+	*/
 	resolveSuccessResponseDescription(responses) {
 		for (const statusCode of [
 			"200",
@@ -2189,6 +2282,85 @@ var TypeScriptTypeBuilder = class {
 			if (description) return description;
 		}
 	}
+	/**
+	* Builds the security schemes for the entire API, based on the provided OpenAPI document.
+	* 
+	* @param document  The OpenAPI document to build the security schemes from.
+	* @returns         The security scheme manifest objects.
+	*/
+	buildSecuritySchemes(document) {
+		return Object.entries(document.components?.securitySchemes ?? {}).map(([name, scheme]) => this.createSecuritySchemeManifest(name, scheme)).filter((entry) => entry !== null).sort((left, right) => left.name.localeCompare(right.name));
+	}
+	/**
+	* Builds the security requirements for an operation or the entire API, based on the 
+	* provided OpenAPI security requirement objects.
+	* 
+	* @param name      The name of the security requirement (used for logging or error messages).
+	* @param scheme    The OpenAPI security scheme object to create the manifest from.
+	* @returns         The security scheme manifest object, or null if the scheme type is not supported.
+	*/
+	createSecuritySchemeManifest(name, scheme) {
+		const helperName = this.createSecurityHelperName(name);
+		if (scheme.type === "apiKey") return {
+			name,
+			helperName,
+			description: scheme.description,
+			type: "apiKey",
+			authType: "apiKey",
+			in: scheme.in,
+			parameterName: scheme.name
+		};
+		if (scheme.type === "oauth2") return {
+			name,
+			helperName,
+			description: scheme.description,
+			type: "oauth2",
+			authType: "oauth2",
+			scopes: this.collectSecurityScopes(scheme)
+		};
+		if (scheme.type === "openIdConnect") return {
+			name,
+			helperName,
+			description: scheme.description,
+			type: "openIdConnect",
+			authType: "oauth2",
+			openIdConnectUrl: scheme.openIdConnectUrl
+		};
+		const normalizedScheme = scheme.scheme.toLowerCase();
+		return {
+			name,
+			helperName,
+			description: scheme.description,
+			type: "http",
+			authType: normalizedScheme === "basic" ? "basic" : "bearer",
+			scheme: scheme.scheme,
+			bearerFormat: scheme.bearerFormat
+		};
+	}
+	/**
+	* Builds the security requirements for an operation or the entire API, based on the 
+	* provided OpenAPI security requirement objects.
+	* 
+	* @param requirements    The OpenAPI security requirement objects to build the manifest from.
+	* @returns               The security requirement manifest objects, or undefined if none are provided.
+	*/
+	buildSecurityRequirements(requirements) {
+		if (!requirements || requirements.length === 0) return;
+		const normalized = requirements.map((requirement) => ({ schemes: Object.entries(requirement).map(([name, scopes]) => ({
+			name,
+			scopes: [...scopes].sort()
+		})).sort((left, right) => left.name.localeCompare(right.name)) })).filter((requirement) => requirement.schemes.length > 0);
+		return normalized.length > 0 ? normalized : void 0;
+	}
+	collectSecurityScopes(scheme) {
+		const scopes = /* @__PURE__ */ new Set();
+		for (const flow of Object.values(scheme.flows ?? {})) for (const scope of Object.keys(flow.scopes ?? {})) scopes.add(scope);
+		return scopes.size > 0 ? Array.from(scopes).sort() : void 0;
+	}
+	createSecurityHelperName(name) {
+		const sanitized = this.naming.sanitizeTypeName(name);
+		return sanitized.endsWith("Auth") ? `create${sanitized}` : `create${sanitized}Auth`;
+	}
 };
 
 //#endregion
@@ -2375,7 +2547,7 @@ var SdkPackageGenerator = class {
 			"package.json": this.renderPackageJson(options),
 			"README.md": this.renderReadme(manifest, options, outputMode, signatureStyle),
 			"src/Schema.ts": schemaModule,
-			"src/index.ts": this.renderIndexFile(classNames, outputMode, rootTypeName),
+			"src/index.ts": this.renderIndexFile(classNames, outputMode, rootTypeName, manifest),
 			"tsconfig.json": this.renderTsconfig(),
 			"tsdown.config.ts": this.renderTsdownConfig(),
 			"vitest.config.ts": this.renderVitestConfig(),
@@ -2625,7 +2797,7 @@ var SdkPackageGenerator = class {
 		const title = `# ${packageName}`;
 		const description = this.renderReadmeDescription(outputMode);
 		const usage = this.renderReadmeUsage(manifest, packageName, outputMode, signatureStyle);
-		const exports = this.renderReadmeExports(outputMode);
+		const exports = this.renderReadmeExports(outputMode, manifest);
 		return [
 			title,
 			"",
@@ -2667,8 +2839,13 @@ var SdkPackageGenerator = class {
 		const classSnippet = this.renderReadmeClientSnippet(packageName, "classes", signatureStyle, exampleOperation);
 		if (outputMode === "classes") return classSnippet;
 		const typeImports = exampleOperation ? this.collectReadmeTypeImports(exampleOperation.operation) : [];
+		const valueImports = [
+			"Core",
+			"createClient",
+			...exampleOperation ? this.collectReadmeAuthHelperImports(exampleOperation) : []
+		];
 		return [
-			typeImports.length > 0 ? `import { Core, createClient, type ${typeImports.join(", type ")} } from '${packageName}'` : `import { Core, createClient } from '${packageName}'`,
+			typeImports.length > 0 ? `import { ${valueImports.join(", ")}, type ${typeImports.join(", type ")} } from '${packageName}'` : `import { ${valueImports.join(", ")} } from '${packageName}'`,
 			"",
 			...this.renderReadmeClientBody("sdk", "classes", signatureStyle, exampleOperation),
 			"",
@@ -2680,7 +2857,9 @@ var SdkPackageGenerator = class {
 	renderReadmeClientSnippet(packageName, mode, signatureStyle, exampleOperation) {
 		const importNames = mode === "runtime" ? ["createClient"] : ["Core"];
 		const typeImports = exampleOperation ? this.collectReadmeTypeImports(exampleOperation.operation) : [];
-		const importLine = typeImports.length > 0 ? `import { ${importNames.join(", ")}, type ${typeImports.join(", type ")} } from '${packageName}'` : `import { ${importNames.join(", ")} } from '${packageName}'`;
+		const helperImports = exampleOperation ? this.collectReadmeAuthHelperImports(exampleOperation) : [];
+		const valueImports = [...importNames, ...helperImports];
+		const importLine = typeImports.length > 0 ? `import { ${valueImports.join(", ")}, type ${typeImports.join(", type ")} } from '${packageName}'` : `import { ${valueImports.join(", ")} } from '${packageName}'`;
 		const sdkVariable = mode === "runtime" ? "runtimeSdk" : "sdk";
 		return [
 			importLine,
@@ -2696,16 +2875,27 @@ var SdkPackageGenerator = class {
 			"  clientId: process.env.CLIENT_ID!,",
 			"  clientSecret: process.env.CLIENT_SECRET!,",
 			"  environment: 'sandbox',",
+			...exampleOperation ? this.renderReadmeAuthLines(exampleOperation.operation.security ?? exampleOperation.groupSecurity ?? exampleOperation.globalSecurity) : [],
 			"})",
 			...callLines.length > 0 ? ["", ...callLines] : []
 		];
 	}
-	renderReadmeExports(outputMode) {
-		if (outputMode === "runtime") return ["`createClient()` for a typed runtime SDK instance", "`Schema` exports for request, response, params, query, and header types"];
-		if (outputMode === "classes") return ["`Core` as the class-based SDK entrypoint", "generated API classes plus `Schema` type exports"];
+	renderReadmeExports(outputMode, manifest) {
+		const authLine = manifest.securitySchemes.length > 0 ? ["generated auth helpers derived from OpenAPI security schemes"] : [];
+		if (outputMode === "runtime") return [
+			"`createClient()` for a typed runtime SDK instance",
+			...authLine,
+			"`Schema` exports for request, response, params, query, and header types"
+		];
+		if (outputMode === "classes") return [
+			"`Core` as the class-based SDK entrypoint",
+			...authLine,
+			"generated API classes plus `Schema` type exports"
+		];
 		return [
 			"`Core` for class-based usage",
 			"`createClient()` for runtime-first usage",
+			...authLine,
 			"`Schema` exports for generated request, response, params, query, and header types"
 		];
 	}
@@ -2715,9 +2905,33 @@ var SdkPackageGenerator = class {
 		if (!group || !operation) return null;
 		return {
 			group,
-			operation
+			operation,
+			groupSecurity: void 0,
+			globalSecurity: manifest.security
 		};
 	}
+	renderReadmeAuthLines(security) {
+		if (!security || security.length === 0) return [];
+		const selectedRequirement = security[0];
+		if (!selectedRequirement || selectedRequirement.schemes.length === 0) return [];
+		const value = selectedRequirement.schemes.length === 1 ? this.renderReadmeAuthFactoryCall(selectedRequirement.schemes[0].name) : `[
+    ${selectedRequirement.schemes.map((scheme) => this.renderReadmeAuthFactoryCall(scheme.name)).join(",\n    ")}
+  ]`;
+		const lines = security.length > 1 ? ["  // Choose a generated auth helper that matches your API access setup."] : [];
+		lines.push(`  auth: ${value},`);
+		return lines;
+	}
+	renderReadmeAuthFactoryCall(schemeName) {
+		const helperName = this.createSecurityHelperName(schemeName);
+		const envName = this.toConstantCase(schemeName);
+		if (/basic/i.test(schemeName)) return `${helperName}(process.env.${envName}_USERNAME!, process.env.${envName}_PASSWORD!)`;
+		return `${helperName}(process.env.${envName}_VALUE!)`;
+	}
+	collectReadmeAuthHelperImports(exampleOperation) {
+		const selectedRequirement = (exampleOperation.operation.security ?? exampleOperation.groupSecurity ?? exampleOperation.globalSecurity)?.[0];
+		if (!selectedRequirement) return [];
+		return selectedRequirement.schemes.map((scheme) => this.createSecurityHelperName(scheme.name));
+	}
 	collectReadmeTypeImports(operation) {
 		const types = /* @__PURE__ */ new Set();
 		if (operation.pathParams.length > 0) types.add(operation.paramsType);
@@ -2824,13 +3038,13 @@ var SdkPackageGenerator = class {
 			"})"
 		].join("\n");
 	}
-	renderIndexFile(classNames, outputMode, rootTypeName) {
+	renderIndexFile(classNames, outputMode, rootTypeName, manifest) {
 		const rootExportName = `${rootTypeName.charAt(0).toLowerCase()}${rootTypeName.slice(1)}`;
 		const lines = [
 			`import type { ${rootTypeName}Api } from './Schema'`,
-			`import { ${rootExportName}Sdk } from './Schema'`,
+			`import { ${rootExportName}Manifest, ${rootExportName}Sdk } from './Schema'`,
 			"import { createSdk as createBoundSdk } from '@oapiex/sdk-kit'",
-			"import type { BaseApi as KitBaseApi, Core as KitCore, InitOptions } from '@oapiex/sdk-kit'",
+			"import type { AuthConfig, BaseApi as KitBaseApi, Core as KitCore, InitOptions } from '@oapiex/sdk-kit'",
 			"",
 			"export * from './Schema'"
 		];
@@ -2841,6 +3055,15 @@ var SdkPackageGenerator = class {
 			lines.push("export { Core } from './Core'");
 		}
 		lines.push("");
+		lines.push(`export const securitySchemes = ${rootExportName}Manifest.securitySchemes`);
+		lines.push(`export const security = ${rootExportName}Manifest.security`);
+		if (manifest.securitySchemes.length > 0) {
+			lines.push("");
+			for (const scheme of manifest.securitySchemes) {
+				lines.push(...this.renderSecurityHelper(scheme));
+				lines.push("");
+			}
+		}
 		lines.push("export const createClient = (");
 		lines.push("    options: InitOptions");
 		lines.push(`): KitCore & { api: KitBaseApi & ${rootTypeName}Api } =>`);
@@ -2858,6 +3081,7 @@ var SdkPackageGenerator = class {
 		lines.push("} from '@oapiex/sdk-kit'");
 		lines.push("");
 		lines.push("export type {");
+		lines.push("    AuthConfig,");
 		lines.push("    InitOptions,");
 		lines.push("    UnifiedResponse,");
 		lines.push("    XGenericObject,");
@@ -2869,6 +3093,47 @@ var SdkPackageGenerator = class {
 			return !["Record", "Promise"].includes(identifier);
 		})));
 	}
+	renderSecurityHelper(scheme) {
+		if (scheme.authType === "basic") return [
+			`export const ${scheme.helperName} = (username: string, password: string): AuthConfig => ({`,
+			"    type: 'basic',",
+			"    username,",
+			"    password,",
+			"})"
+		];
+		if (scheme.authType === "apiKey") return [
+			`export const ${scheme.helperName} = (value: string): AuthConfig => ({`,
+			"    type: 'apiKey',",
+			`    name: ${JSON.stringify(scheme.parameterName ?? scheme.name)},`,
+			"    value,",
+			`    in: ${JSON.stringify(scheme.in ?? "header")},`,
+			"})"
+		];
+		if (scheme.authType === "oauth2") return [
+			`export const ${scheme.helperName} = (accessToken: string, tokenType = 'Bearer'): AuthConfig => ({`,
+			"    type: 'oauth2',",
+			"    accessToken,",
+			"    tokenType,",
+			"})"
+		];
+		return [
+			`export const ${scheme.helperName} = (token: string): AuthConfig => ({`,
+			"    type: 'bearer',",
+			"    token,",
+			...scheme.scheme && scheme.scheme.toLowerCase() !== "bearer" ? [`    prefix: ${JSON.stringify(this.normalizeHttpAuthPrefix(scheme.scheme))},`] : [],
+			"})"
+		];
+	}
+	createSecurityHelperName(schemeName) {
+		const sanitized = this.typeBuilder.sanitizeTypeName(schemeName);
+		return sanitized.endsWith("Auth") ? `create${sanitized}` : `create${sanitized}Auth`;
+	}
+	normalizeHttpAuthPrefix(scheme) {
+		return scheme.charAt(0).toUpperCase() + scheme.slice(1);
+	}
+	toConstantCase(value) {
+		return value.replace(/([a-z0-9])([A-Z])/g, "$1_$2").replace(/[^A-Za-z0-9]+/g, "_").replace(/^_+|_+$/g, "").toUpperCase() || "AUTH";
+	}
 };
 
 //#endregion

package/dist/index.d.ts

@@ -117,10 +117,37 @@ interface OpenApiResponse {
   description: string;
   content?: Record<string, OpenApiMediaType>;
 }
+interface OpenApiOauthFlowLike {
+  authorizationUrl?: string;
+  tokenUrl?: string;
+  refreshUrl?: string;
+  scopes?: Record<string, string>;
+}
+type OpenApiSecurityRequirementLike = Record<string, string[]>;
+type OpenApiSecuritySchemeLike = {
+  type: 'http';
+  description?: string;
+  scheme: string;
+  bearerFormat?: string;
+} | {
+  type: 'apiKey';
+  description?: string;
+  name: string;
+  in: 'query' | 'header' | 'cookie';
+} | {
+  type: 'oauth2';
+  description?: string;
+  flows?: Record<string, OpenApiOauthFlowLike>;
+} | {
+  type: 'openIdConnect';
+  description?: string;
+  openIdConnectUrl: string;
+};
 interface OpenApiOperationLike {
   summary?: string;
   description?: string;
   operationId?: string;
+  security?: OpenApiSecurityRequirementLike[];
   parameters?: OpenApiParameterLike[];
   requestBody?: {
     description?: string;
@@ -135,6 +162,10 @@ interface OpenApiDocumentLike {
     title: string;
     version: string;
   };
+  components?: {
+    securitySchemes?: Record<string, OpenApiSecuritySchemeLike>;
+  };
+  security?: OpenApiSecurityRequirementLike[];
   paths: Record<string, Record<string, OpenApiOperationLike>>;
 }
 //#endregion
@@ -391,6 +422,26 @@ interface SdkParameterManifest {
   required: boolean;
   description?: string;
 }
+interface SdkSecurityRequirementSchemeManifest {
+  name: string;
+  scopes: string[];
+}
+interface SdkSecurityRequirementManifest {
+  schemes: SdkSecurityRequirementSchemeManifest[];
+}
+interface SdkSecuritySchemeManifest {
+  name: string;
+  helperName: string;
+  description?: string;
+  type: 'http' | 'apiKey' | 'oauth2' | 'openIdConnect';
+  authType: 'bearer' | 'basic' | 'apiKey' | 'oauth2';
+  scheme?: string;
+  bearerFormat?: string;
+  in?: 'header' | 'query' | 'cookie';
+  parameterName?: string;
+  openIdConnectUrl?: string;
+  scopes?: string[];
+}
 interface SdkOperationManifest {
   path: string;
   method: string;
@@ -410,6 +461,7 @@ interface SdkOperationManifest {
   pathParams: SdkParameterManifest[];
   queryParams: SdkParameterManifest[];
   headerParams: SdkParameterManifest[];
+  security?: SdkSecurityRequirementManifest[];
 }
 interface SdkGroupManifest {
   className: string;
@@ -418,6 +470,8 @@ interface SdkGroupManifest {
 }
 interface SdkManifest {
   groups: SdkGroupManifest[];
+  securitySchemes: SdkSecuritySchemeManifest[];
+  security?: SdkSecurityRequirementManifest[];
 }
 interface PayloadSchemaCandidate {
   schema?: OpenApiSchema;
@@ -500,6 +554,9 @@ declare class SdkPackageGenerator {
   private renderReadmeClientBody;
   private renderReadmeExports;
   private pickExampleOperation;
+  private renderReadmeAuthLines;
+  private renderReadmeAuthFactoryCall;
+  private collectReadmeAuthHelperImports;
   private collectReadmeTypeImports;
   private renderReadmeOperationCall;
   private renderReadmeGroupedArgs;
@@ -510,6 +567,10 @@ declare class SdkPackageGenerator {
   private renderExportsTest;
   private renderIndexFile;
   private collectTypeIdentifiers;
+  private renderSecurityHelper;
+  private createSecurityHelperName;
+  private normalizeHttpAuthPrefix;
+  private toConstantCase;
 }
 //#endregion
 //#region src/generator/TypeScriptGenerator.d.ts
@@ -623,4 +684,4 @@ interface ReadmeCrawledOperation extends ReadmeOperation {
 }
 declare const resolveReadmeSidebarUrls: (operation: Pick<ReadmeOperation, "sidebarLinks">, baseUrl: string) => string[];
 //#endregion
-export { Application, AttributeQueryNode, AttributedNode, BrowserName, Declaration, GenerateCommand, GeneratorContext, InitCommand, InterfaceAliasDeclaration, InterfaceDeclaration, JsonLike, JsonRepair, OpenApiDocumentLike, OpenApiMediaType, OpenApiOperationLike, OpenApiParameterLike, OpenApiResponse, OpenApiSchema, OpenApiTransformer, OperationTypeRefs, OutputGenerator, ParseCommand, PayloadSchemaCandidate, QueryableNode, ReadmeCodeSnippet, ReadmeCrawledOperation, ReadmeNormalizedRequestExample, ReadmeOperation, ReadmeParameter, ReadmeResponseBody, ReadmeResponseSchema, ReadmeSidebarLink, SdkGroupManifest, SdkManifest, SdkMethodNamingStrategy, SdkNamespaceNamingStrategy, SdkNamingStrategyOptions, SdkOperationManifest, SdkPackageGenerator, SdkPackageGeneratorOptions, SdkParameterManifest, SemanticModel, ShapeAliasDeclaration, ShapeNode, ShapeProperty, TextNodeLike, TypeReferenceAliasDeclaration, TypeScriptGenerator, UserConfig, browser, buildOperationUrl, defaultConfig, defineConfig, endBrowserSession, escapeSelector, extractBalancedSegment, extractButtonText, extractCodeMirrorText, extractCodeSnippets, extractFetchBody, extractFetchHeaders, extractObjectPropertyValue, extractOperationDescription, extractOperationParametersFromOpenApi, extractParameterDescription, extractReadmeOperationFromHtml, extractReadmeOperationFromSsrProps, extractRequestCodeSnippets, extractRequestParams, extractRequestParamsFromOpenApi, extractRequestSnippetLabel, extractResponseBodies, extractResponseBodiesFromOpenApi, extractResponseContentTypes, extractResponseLabels, extractResponseSchemas, extractResponseSchemasFromOpenApi, extractSidebarLinkLabel, extractSidebarLinks, extractStablePageHtml, extractStringLiteralValue, findParameterRoot, flattenOpenApiSchemaProperties, getBrowserSession, globalConfig, inferParameterLocation, inferParameterLocationFromText, inferParameterPath, inferParameterType, isRecord, isRequiredParameter, isSupportedBrowser, loadUserConfig, mergeReadmeOperations, mergeSsrPropsIntoRenderedHtml, normalizeCurlSnippet, normalizeFetchSnippet, normalizeRequestCodeSnippet, normalizeResponseBody, normalizeStructuredRequestBody, parseLooseStructuredValue, readInputValue, readText, readTexts, resolveConfig, resolveOpenApiMediaExample, resolveParameterInput, resolveReadmeSidebarUrls, resolveSsrOperation, startBrowserSession, supportedBrowsers, transformer };
+export { Application, AttributeQueryNode, AttributedNode, BrowserName, Declaration, GenerateCommand, GeneratorContext, InitCommand, InterfaceAliasDeclaration, InterfaceDeclaration, JsonLike, JsonRepair, OpenApiDocumentLike, OpenApiMediaType, OpenApiOauthFlowLike, OpenApiOperationLike, OpenApiParameterLike, OpenApiResponse, OpenApiSchema, OpenApiSecurityRequirementLike, OpenApiSecuritySchemeLike, OpenApiTransformer, OperationTypeRefs, OutputGenerator, ParseCommand, PayloadSchemaCandidate, QueryableNode, ReadmeCodeSnippet, ReadmeCrawledOperation, ReadmeNormalizedRequestExample, ReadmeOperation, ReadmeParameter, ReadmeResponseBody, ReadmeResponseSchema, ReadmeSidebarLink, SdkGroupManifest, SdkManifest, SdkMethodNamingStrategy, SdkNamespaceNamingStrategy, SdkNamingStrategyOptions, SdkOperationManifest, SdkPackageGenerator, SdkPackageGeneratorOptions, SdkParameterManifest, SdkSecurityRequirementManifest, SdkSecurityRequirementSchemeManifest, SdkSecuritySchemeManifest, SemanticModel, ShapeAliasDeclaration, ShapeNode, ShapeProperty, TextNodeLike, TypeReferenceAliasDeclaration, TypeScriptGenerator, UserConfig, browser, buildOperationUrl, defaultConfig, defineConfig, endBrowserSession, escapeSelector, extractBalancedSegment, extractButtonText, extractCodeMirrorText, extractCodeSnippets, extractFetchBody, extractFetchHeaders, extractObjectPropertyValue, extractOperationDescription, extractOperationParametersFromOpenApi, extractParameterDescription, extractReadmeOperationFromHtml, extractReadmeOperationFromSsrProps, extractRequestCodeSnippets, extractRequestParams, extractRequestParamsFromOpenApi, extractRequestSnippetLabel, extractResponseBodies, extractResponseBodiesFromOpenApi, extractResponseContentTypes, extractResponseLabels, extractResponseSchemas, extractResponseSchemasFromOpenApi, extractSidebarLinkLabel, extractSidebarLinks, extractStablePageHtml, extractStringLiteralValue, findParameterRoot, flattenOpenApiSchemaProperties, getBrowserSession, globalConfig, inferParameterLocation, inferParameterLocationFromText, inferParameterPath, inferParameterType, isRecord, isRequiredParameter, isSupportedBrowser, loadUserConfig, mergeReadmeOperations, mergeSsrPropsIntoRenderedHtml, normalizeCurlSnippet, normalizeFetchSnippet, normalizeRequestCodeSnippet, normalizeResponseBody, normalizeStructuredRequestBody, parseLooseStructuredValue, readInputValue, readText, readTexts, resolveConfig, resolveOpenApiMediaExample, resolveParameterInput, resolveReadmeSidebarUrls, resolveSsrOperation, startBrowserSession, supportedBrowsers, transformer };