airbyte-agent-facebook-marketing 0.1.2__py3-none-any.whl → 0.1.6__py3-none-any.whl

airbyte_agent_facebook_marketing/_vendored/connector_sdk/cloud_utils/client.py

@@ -161,6 +161,131 @@ class AirbyteCloudClient:
         connector_id = connectors[0]["id"]
         return connector_id
 
+    async def initiate_oauth(
+        self,
+        definition_id: str,
+        external_user_id: str,
+        redirect_url: str,
+    ) -> str:
+        """Initiate a server-side OAuth flow.
+
+        Starts the OAuth flow for a connector. Returns a consent URL where the
+        end user should be redirected to grant access. After completing consent,
+        they'll be redirected to your redirect_url with a `server_side_oauth_secret_id`
+        query parameter that can be used with `create_source()`.
+
+        Args:
+            definition_id: Connector definition UUID
+            external_user_id: Workspace identifier
+            redirect_url: URL where users will be redirected after OAuth consent
+
+        Returns:
+            The OAuth consent URL
+
+        Raises:
+            httpx.HTTPStatusError: If the request fails
+
+        Example:
+            consent_url = await client.initiate_oauth(
+                definition_id="d8313939-3782-41b0-be29-b3ca20d8dd3a",
+                external_user_id="my-workspace",
+                redirect_url="https://myapp.com/oauth/callback",
+            )
+            # Redirect user to: consent_url
+            # After consent: https://myapp.com/oauth/callback?server_side_oauth_secret_id=...
+        """
+        token = await self.get_bearer_token()
+        url = f"{self.API_BASE_URL}/api/v1/integrations/connectors/oauth/initiate"
+        headers = {"Authorization": f"Bearer {token}"}
+        request_body = {
+            "external_user_id": external_user_id,
+            "definition_id": definition_id,
+            "redirect_url": redirect_url,
+        }
+
+        response = await self._http_client.post(url, json=request_body, headers=headers)
+        response.raise_for_status()
+        return response.json()["consent_url"]
+
+    async def create_source(
+        self,
+        name: str,
+        connector_definition_id: str,
+        external_user_id: str,
+        credentials: dict[str, Any] | None = None,
+        replication_config: dict[str, Any] | None = None,
+        server_side_oauth_secret_id: str | None = None,
+        source_template_id: str | None = None,
+    ) -> str:
+        """Create a new source on Airbyte Cloud.
+
+        Supports two authentication modes:
+        1. Direct credentials: Provide `credentials` dict
+        2. Server-side OAuth: Provide `server_side_oauth_secret_id` from OAuth flow
+
+        Args:
+            name: Source name
+            connector_definition_id: UUID of the connector definition
+            external_user_id: User identifier
+            credentials: Connector auth config dict. Required unless using OAuth.
+            replication_config: Optional replication settings (e.g., start_date for
+                connectors with x-airbyte-replication-config). Required for REPLICATION
+                mode sources like Intercom.
+            server_side_oauth_secret_id: OAuth secret ID from initiate_oauth redirect.
+                When provided, credentials are not required.
+            source_template_id: Source template ID. Required when organization has
+                multiple source templates for this connector type.
+
+        Returns:
+            The created source ID (UUID string)
+
+        Raises:
+            httpx.HTTPStatusError: If creation fails
+
+        Example:
+            # With direct credentials:
+            source_id = await client.create_source(
+                name="My Intercom Source",
+                connector_definition_id="d8313939-3782-41b0-be29-b3ca20d8dd3a",
+                external_user_id="my-workspace",
+                credentials={"access_token": "..."},
+                replication_config={"start_date": "2024-01-01T00:00:00Z"}
+            )
+
+            # With server-side OAuth:
+            source_id = await client.create_source(
+                name="My Intercom Source",
+                connector_definition_id="d8313939-3782-41b0-be29-b3ca20d8dd3a",
+                external_user_id="my-workspace",
+                server_side_oauth_secret_id="airbyte_oauth_..._secret_...",
+                replication_config={"start_date": "2024-01-01T00:00:00Z"}
+            )
+        """
+        token = await self.get_bearer_token()
+        url = f"{self.API_BASE_URL}/v1/integrations/connectors"
+        headers = {"Authorization": f"Bearer {token}"}
+
+        request_body: dict[str, Any] = {
+            "name": name,
+            "definition_id": connector_definition_id,
+            "external_user_id": external_user_id,
+        }
+
+        if credentials is not None:
+            request_body["credentials"] = credentials
+        if replication_config is not None:
+            request_body["replication_config"] = replication_config
+        if server_side_oauth_secret_id is not None:
+            request_body["server_side_oauth_secret_id"] = server_side_oauth_secret_id
+        if source_template_id is not None:
+            request_body["source_template_id"] = source_template_id
+
+        response = await self._http_client.post(url, json=request_body, headers=headers)
+        response.raise_for_status()
+
+        data = response.json()
+        return data["id"]
+
     async def execute_connector(
         self,
         connector_id: str,

airbyte_agent_facebook_marketing/_vendored/connector_sdk/connector_model_loader.py

@@ -1014,6 +1014,7 @@ def _parse_security_scheme_to_option(scheme_name: str, scheme: Any) -> AuthOptio
         type=single_auth.type,
         config=single_auth.config,
         user_config_spec=single_auth.user_config_spec,
+        untested=getattr(scheme, "x_airbyte_untested", False),
     )
 
 

airbyte_agent_facebook_marketing/_vendored/connector_sdk/executor/hosted_executor.py

@@ -19,19 +19,26 @@ class HostedExecutor:
     instead of directly calling external services. The cloud API handles all
     connector logic, secrets management, and execution.
 
-    The executor takes an external_user_id and uses the AirbyteCloudClient to:
+    The executor uses the AirbyteCloudClient to:
     1. Authenticate with the Airbyte Platform (bearer token with caching)
-    2. Look up the user's connector
+    2. Look up the user's connector (if connector_id not provided)
     3. Execute the connector operation via the cloud API
 
     Implements ExecutorProtocol.
 
     Example:
-        # Create executor with user ID, credentials, and connector definition ID
+        # Create executor with explicit connector_id (no lookup needed)
+        executor = HostedExecutor(
+            airbyte_client_id="client_abc123",
+            airbyte_client_secret="secret_xyz789",
+            connector_id="existing-source-uuid",
+        )
+
+        # Or create executor with user ID for lookup
         executor = HostedExecutor(
-            external_user_id="user-123",
             airbyte_client_id="client_abc123",
             airbyte_client_secret="secret_xyz789",
+            external_user_id="user-123",
             connector_definition_id="abc123-def456-ghi789",
         )
 
@@ -51,28 +58,48 @@ class HostedExecutor:
 
     def __init__(
         self,
-        external_user_id: str,
         airbyte_client_id: str,
         airbyte_client_secret: str,
-        connector_definition_id: str,
+        connector_id: str | None = None,
+        external_user_id: str | None = None,
+        connector_definition_id: str | None = None,
     ):
         """Initialize hosted executor.
 
+        Either provide connector_id directly OR (external_user_id + connector_definition_id)
+        for lookup.
+
         Args:
-            external_user_id: User identifier in the Airbyte system
             airbyte_client_id: Airbyte client ID for authentication
             airbyte_client_secret: Airbyte client secret for authentication
-            connector_definition_id: Connector definition ID used to look up
-                the user's connector.
+            connector_id: Direct connector/source ID (skips lookup if provided)
+            external_user_id: User identifier in the Airbyte system (for lookup)
+            connector_definition_id: Connector definition ID (for lookup)
+
+        Raises:
+            ValueError: If neither connector_id nor (external_user_id + connector_definition_id) provided
 
         Example:
+            # With explicit connector_id (no lookup)
+            executor = HostedExecutor(
+                airbyte_client_id="client_abc123",
+                airbyte_client_secret="secret_xyz789",
+                connector_id="existing-source-uuid",
+            )
+
+            # With lookup by user + definition
             executor = HostedExecutor(
-                external_user_id="user-123",
                 airbyte_client_id="client_abc123",
                 airbyte_client_secret="secret_xyz789",
+                external_user_id="user-123",
                 connector_definition_id="abc123-def456-ghi789",
             )
         """
+        # Validate: either connector_id OR (external_user_id + connector_definition_id) required
+        if not connector_id and not (external_user_id and connector_definition_id):
+            raise ValueError("Either connector_id OR (external_user_id + connector_definition_id) must be provided")
+
+        self._connector_id = connector_id
         self._external_user_id = external_user_id
         self._connector_definition_id = connector_definition_id
 
@@ -86,10 +113,9 @@ class HostedExecutor:
         """Execute connector via cloud API (ExecutorProtocol implementation).
 
         Flow:
-        1. Get connector definition id from executor config
-        2. Look up the user's connector ID
-        3. Execute the connector operation via the cloud API
-        4. Parse the response into ExecutionResult
+        1. Use provided connector_id or look up from external_user_id + definition_id
+        2. Execute the connector operation via the cloud API
+        3. Parse the response into ExecutionResult
 
         Args:
             config: Execution configuration (entity, action, params)
@@ -98,7 +124,7 @@ class HostedExecutor:
             ExecutionResult with success/failure status
 
         Raises:
-            ValueError: If no connector or multiple connectors found for user
+            ValueError: If no connector or multiple connectors found for user (when doing lookup)
             httpx.HTTPStatusError: If API returns 4xx/5xx status code
             httpx.RequestError: If network request fails
 
@@ -114,23 +140,26 @@ class HostedExecutor:
 
         with tracer.start_as_current_span("airbyte.hosted_executor.execute") as span:
             # Add span attributes for observability
-            span.set_attribute("connector.definition_id", self._connector_definition_id)
+            if self._connector_definition_id:
+                span.set_attribute("connector.definition_id", self._connector_definition_id)
             span.set_attribute("connector.entity", config.entity)
             span.set_attribute("connector.action", config.action)
-            span.set_attribute("user.external_id", self._external_user_id)
+            if self._external_user_id:
+                span.set_attribute("user.external_id", self._external_user_id)
             if config.params:
                 # Only add non-sensitive param keys
                 span.set_attribute("connector.param_keys", list(config.params.keys()))
 
             try:
-                # Step 1: Get connector definition id
-                connector_definition_id = self._connector_definition_id
-
-                # Step 2: Get the connector ID for this user
-                connector_id = await self._cloud_client.get_connector_id(
-                    external_user_id=self._external_user_id,
-                    connector_definition_id=connector_definition_id,
-                )
+                # Use provided connector_id or look it up
+                if self._connector_id:
+                    connector_id = self._connector_id
+                else:
+                    # Look up connector by external_user_id + definition_id
+                    connector_id = await self._cloud_client.get_connector_id(
+                        external_user_id=self._external_user_id,  # type: ignore[arg-type]
+                        connector_definition_id=self._connector_definition_id,  # type: ignore[arg-type]
+                    )
 
                 span.set_attribute("connector.connector_id", connector_id)
 

airbyte_agent_facebook_marketing/_vendored/connector_sdk/executor/local_executor.py

@@ -36,6 +36,7 @@ from ..types import (
     EndpointDefinition,
     EntityDefinition,
 )
+from ..utils import find_matching_auth_options
 
 from .models import (
     ActionNotSupportedError,
@@ -356,8 +357,8 @@ class LocalExecutor:
     ) -> tuple[AuthOption, dict[str, SecretStr]]:
         """Infer authentication scheme from provided credentials.
 
-        Matches user credentials against each auth option's required fields
-        to determine which scheme to use.
+        Uses shared utility find_matching_auth_options to match credentials
+        against each auth option's required fields.
 
         Args:
             user_credentials: User-provided credentials
@@ -375,16 +376,8 @@ class LocalExecutor:
         # Get the credential keys provided by the user
         provided_keys = set(user_credentials.keys())
 
-        # Find all options where all required fields are present
-        matching_options: list[AuthOption] = []
-        for option in options:
-            if option.user_config_spec and option.user_config_spec.required:
-                required_fields = set(option.user_config_spec.required)
-                if required_fields.issubset(provided_keys):
-                    matching_options.append(option)
-            elif not option.user_config_spec or not option.user_config_spec.required:
-                # Option has no required fields - it matches any credentials
-                matching_options.append(option)
+        # Use shared utility to find matching options
+        matching_options = find_matching_auth_options(provided_keys, options)
 
         # Handle matching results
         if len(matching_options) == 0:

airbyte_agent_facebook_marketing/_vendored/connector_sdk/schema/base.py

@@ -126,6 +126,17 @@ class Info(BaseModel):
     x_airbyte_example_questions: ExampleQuestions | None = Field(None, alias="x-airbyte-example-questions")
     x_airbyte_cache: CacheConfig | None = Field(None, alias="x-airbyte-cache")
     x_airbyte_replication_config: ReplicationConfig | None = Field(None, alias="x-airbyte-replication-config")
+    x_airbyte_skip_suggested_streams: list[str] = Field(
+        default_factory=list,
+        alias="x-airbyte-skip-suggested-streams",
+        description="List of Airbyte suggested streams to skip when validating cache entity coverage",
+    )
+    x_airbyte_skip_auth_methods: list[str] = Field(
+        default_factory=list,
+        alias="x-airbyte-skip-auth-methods",
+        description="List of Airbyte auth methods to skip when validating auth compatibility. "
+        "Use the SelectiveAuthenticator option key (e.g., 'Private App Credentials', 'oauth2.0')",
+    )
 
 
 class ServerVariable(BaseModel):

airbyte_agent_facebook_marketing/_vendored/connector_sdk/schema/security.py

@@ -199,6 +199,11 @@ class SecurityScheme(BaseModel):
         alias="x-airbyte-token-extract",
         description="List of fields to extract from OAuth2 token responses and use as server variables",
     )
+    x_airbyte_untested: bool = Field(
+        False,
+        alias="x-airbyte-untested",
+        description="Mark this auth scheme as untested to skip cassette coverage validation",
+    )
 
     @field_validator("x_airbyte_token_extract", mode="after")
     @classmethod

airbyte_agent_facebook_marketing/_vendored/connector_sdk/types.py

@@ -90,6 +90,10 @@ class AuthOption(BaseModel):
         None,
         description="User-facing credential specification from x-airbyte-auth-config",
     )
+    untested: bool = Field(
+        False,
+        description="Mark this auth scheme as untested to skip cassette coverage validation",
+    )
 
 
 class AuthConfig(BaseModel):

airbyte_agent_facebook_marketing/_vendored/connector_sdk/utils.py

@@ -1,7 +1,13 @@
 """Utility functions for working with connectors."""
 
+from __future__ import annotations
+
 from collections.abc import AsyncIterator
 from pathlib import Path
+from typing import TYPE_CHECKING
+
+if TYPE_CHECKING:
+    from .types import AuthOption
 
 
 async def save_download(
@@ -58,3 +64,64 @@ async def save_download(
         raise OSError(f"Failed to write file {file_path}: {e}") from e
 
     return file_path
+
+
+def find_matching_auth_options(
+    provided_keys: set[str],
+    auth_options: list[AuthOption],
+) -> list[AuthOption]:
+    """Find auth options that match the provided credential keys.
+
+    This is the single source of truth for auth scheme inference logic,
+    used by both the executor (at runtime) and validation (for cassettes).
+
+    Matching logic:
+    - An option matches if all its required fields are present in provided_keys
+    - Options with no required fields match any credentials
+
+    Args:
+        provided_keys: Set of credential/auth_config keys
+        auth_options: List of AuthOption from the connector model
+
+    Returns:
+        List of AuthOption that match the provided keys
+    """
+    matching_options: list[AuthOption] = []
+
+    for option in auth_options:
+        if option.user_config_spec and option.user_config_spec.required:
+            required_fields = set(option.user_config_spec.required)
+            if required_fields.issubset(provided_keys):
+                matching_options.append(option)
+        elif not option.user_config_spec or not option.user_config_spec.required:
+            # Option has no required fields - it matches any credentials
+            matching_options.append(option)
+
+    return matching_options
+
+
+def infer_auth_scheme_name(
+    provided_keys: set[str],
+    auth_options: list[AuthOption],
+) -> str | None:
+    """Infer the auth scheme name from provided credential keys.
+
+    Uses find_matching_auth_options to find matches, then returns
+    the scheme name only if exactly one option matches.
+
+    Args:
+        provided_keys: Set of credential/auth_config keys
+        auth_options: List of AuthOption from the connector model
+
+    Returns:
+        The scheme_name if exactly one match, None otherwise
+    """
+    if not provided_keys or not auth_options:
+        return None
+
+    matching = find_matching_auth_options(provided_keys, auth_options)
+
+    if len(matching) == 1:
+        return matching[0].scheme_name
+
+    return None

airbyte_agent_facebook_marketing/_vendored/connector_sdk/validation.py

@@ -5,6 +5,7 @@ These tools help ensure that connectors are ready to ship by:
 - Checking that all entity/action operations have corresponding test cassettes
 - Validating that response schemas match the actual cassette responses
 - Detecting fields present in responses but not declared in schemas
+- Validating replication compatibility with Airbyte source connectors
 """
 
 from collections import defaultdict
@@ -20,7 +21,9 @@ from .connector_model_loader import (
     load_connector_model,
 )
 from .testing.spec_loader import load_test_spec
-from .types import Action, EndpointDefinition
+from .types import Action, ConnectorModel, EndpointDefinition
+from .utils import infer_auth_scheme_name
+from .validation_replication import validate_replication_compatibility
 
 
 def build_cassette_map(cassettes_dir: Path) -> Dict[Tuple[str, str], List[Path]]:
@@ -51,6 +54,112 @@ def build_cassette_map(cassettes_dir: Path) -> Dict[Tuple[str, str], List[Path]]
     return dict(cassette_map)
 
 
+def build_auth_scheme_coverage(
+    cassettes_dir: Path,
+    auth_options: list | None = None,
+) -> Tuple[Dict[str | None, List[Path]], List[Tuple[Path, set[str]]]]:
+    """Build a map of auth_scheme -> list of cassette paths.
+
+    For multi-auth connectors, infers the auth scheme from the cassette's auth_config
+    keys using the same matching logic as the executor.
+
+    Args:
+        cassettes_dir: Directory containing cassette YAML files
+        auth_options: List of AuthOption from the connector model (for inference)
+
+    Returns:
+        Tuple of:
+        - Dictionary mapping auth_scheme names (or None for single-auth) to cassette paths
+        - List of (cassette_path, auth_config_keys) for cassettes that couldn't be matched
+    """
+    auth_scheme_map: Dict[str | None, List[Path]] = defaultdict(list)
+    unmatched_cassettes: List[Tuple[Path, set[str]]] = []
+
+    if not cassettes_dir.exists() or not cassettes_dir.is_dir():
+        return {}, []
+
+    for cassette_file in cassettes_dir.glob("*.yaml"):
+        try:
+            spec = load_test_spec(cassette_file, auth_config={})
+
+            # First, check if auth_scheme is explicitly set in the cassette
+            if spec.auth_scheme:
+                auth_scheme_map[spec.auth_scheme].append(cassette_file)
+            # Otherwise, try to infer from auth_config keys
+            elif spec.auth_config and auth_options:
+                auth_config_keys = set(spec.auth_config.keys())
+                inferred_scheme = infer_auth_scheme_name(auth_config_keys, auth_options)
+                if inferred_scheme is not None:
+                    auth_scheme_map[inferred_scheme].append(cassette_file)
+                else:
+                    # Couldn't infer - track as unmatched
+                    unmatched_cassettes.append((cassette_file, auth_config_keys))
+            else:
+                # No auth_scheme and no auth_config - treat as None
+                auth_scheme_map[None].append(cassette_file)
+        except Exception:
+            continue
+
+    return dict(auth_scheme_map), unmatched_cassettes
+
+
+def validate_auth_scheme_coverage(
+    config: ConnectorModel,
+    cassettes_dir: Path,
+) -> Tuple[bool, List[str], List[str], List[str], List[Tuple[Path, set[str]]]]:
+    """Validate that each auth scheme has at least one cassette.
+
+    For multi-auth connectors, every defined auth scheme must have coverage
+    unless marked with x-airbyte-untested: true.
+    For single-auth connectors, this check is skipped (existing cassette checks suffice).
+
+    Args:
+        config: Loaded connector model
+        cassettes_dir: Directory containing cassette files
+
+    Returns:
+        Tuple of (is_valid, errors, warnings, covered_schemes, unmatched_cassettes)
+    """
+    errors: List[str] = []
+    warnings: List[str] = []
+
+    # Skip check for single-auth connectors
+    if not config.auth.is_multi_auth():
+        return True, errors, warnings, [], []
+
+    # Get all defined auth schemes, separating tested from untested
+    options = config.auth.options or []
+
+    # Build auth scheme coverage from cassettes (pass options for inference)
+    auth_scheme_coverage, unmatched_cassettes = build_auth_scheme_coverage(cassettes_dir, options)
+    tested_schemes = {opt.scheme_name for opt in options if not opt.untested}
+    untested_schemes = {opt.scheme_name for opt in options if opt.untested}
+    covered_schemes = {scheme for scheme in auth_scheme_coverage.keys() if scheme is not None}
+
+    # Find missing tested schemes (errors)
+    missing_tested = tested_schemes - covered_schemes
+    for scheme in sorted(missing_tested):
+        errors.append(
+            f"Auth scheme '{scheme}' has no cassette coverage. "
+            f"Record at least one cassette using this authentication method, "
+            f"or add 'x-airbyte-untested: true' to skip this check."
+        )
+
+    # Warn about untested schemes without coverage
+    missing_untested = untested_schemes - covered_schemes
+    for scheme in sorted(missing_untested):
+        warnings.append(
+            f"Auth scheme '{scheme}' is marked as untested (x-airbyte-untested: true) " f"and has no cassette coverage. Validation skipped."
+        )
+
+    # Warn about cassettes that couldn't be matched to any auth scheme
+    for cassette_path, auth_config_keys in unmatched_cassettes:
+        warnings.append(f"Cassette '{cassette_path.name}' could not be matched to any auth scheme. " f"auth_config keys: {sorted(auth_config_keys)}")
+
+    is_valid = len(missing_tested) == 0
+    return is_valid, errors, warnings, sorted(covered_schemes), unmatched_cassettes
+
+
 def validate_response_against_schema(response_body: Any, schema: Dict[str, Any]) -> Tuple[bool, List[str]]:
     """Validate a response body against a JSON schema.
 
@@ -586,6 +695,9 @@ def validate_connector_readiness(connector_dir: str | Path) -> Dict[str, Any]:
     cassettes_dir = connector_path / "tests" / "cassettes"
     cassette_map = build_cassette_map(cassettes_dir)
 
+    # Validate auth scheme coverage for multi-auth connectors
+    auth_valid, auth_errors, auth_warnings, auth_covered_schemes, auth_unmatched_cassettes = validate_auth_scheme_coverage(config, cassettes_dir)
+
     validation_results = []
     total_operations = 0
     operations_with_cassettes = 0
@@ -808,7 +920,29 @@ def validate_connector_readiness(connector_dir: str | Path) -> Dict[str, Any]:
                 }
             )
 
-    success = operations_missing_cassettes == 0 and cassettes_invalid == 0 and total_operations > 0
+    # Validate replication compatibility with Airbyte
+    replication_result = validate_replication_compatibility(
+        connector_yaml_path=config_file,
+        raw_spec=raw_spec,
+    )
+
+    # Merge replication errors/warnings into totals
+    # Note: If connector is not in registry, we don't count warnings since this is expected for test connectors
+    replication_errors = replication_result.get("errors", [])
+    replication_warnings = replication_result.get("warnings", [])
+    total_errors += len(replication_errors)
+
+    # Only count replication warnings if the connector was found in the registry
+    # (i.e., there are actual validation issues, not just "not found in registry")
+    if replication_result.get("registry_found", False):
+        total_warnings += len(replication_warnings)
+
+    # Merge auth scheme validation errors/warnings into totals
+    total_errors += len(auth_errors)
+    total_warnings += len(auth_warnings)
+
+    # Update success criteria to include replication and auth scheme validation
+    success = operations_missing_cassettes == 0 and cassettes_invalid == 0 and total_operations > 0 and len(replication_errors) == 0 and auth_valid
 
     # Check for preferred_for_check on at least one list operation
     has_preferred_check = False
@@ -829,11 +963,26 @@ def validate_connector_readiness(connector_dir: str | Path) -> Dict[str, Any]:
             "to enable reliable health checks."
         )
 
+    # Build auth scheme validation result
+    options = config.auth.options or []
+    tested_schemes = [opt.scheme_name for opt in options if not opt.untested]
+    untested_schemes_list = [opt.scheme_name for opt in options if opt.untested]
+    missing_tested = [s for s in tested_schemes if s not in auth_covered_schemes]
+
     return {
         "success": success,
         "connector_name": config.name,
         "connector_path": str(connector_path),
         "validation_results": validation_results,
+        "replication_validation": replication_result,
+        "auth_scheme_validation": {
+            "valid": auth_valid,
+            "errors": auth_errors,
+            "warnings": auth_warnings,
+            "covered_schemes": auth_covered_schemes,
+            "missing_schemes": missing_tested,
+            "untested_schemes": untested_schemes_list,
+        },
         "readiness_warnings": readiness_warnings,
         "summary": {
             "total_operations": total_operations,