kernel 0.43.0__tar.gz → 0.45.0__tar.gz

{kernel-0.43.0 → kernel-0.45.0}/.gitignore

@@ -1,4 +1,5 @@
 .prism.log
+.stdy.log
 _dev
 
 __pycache__

kernel-0.45.0/.release-please-manifest.json

@@ -0,0 +1,3 @@
+{
+  ".": "0.45.0"
+}

{kernel-0.43.0 → kernel-0.45.0}/CHANGELOG.md

@@ -1,5 +1,46 @@
 # Changelog
 
+## 0.45.0 (2026-03-30)
+
+Full Changelog: [v0.44.0...v0.45.0](https://github.com/kernel/kernel-python-sdk/compare/v0.44.0...v0.45.0)
+
+### Features
+
+* [kernel-1008] browser pools add custom policy ([09f8520](https://github.com/kernel/kernel-python-sdk/commit/09f85209bc3c646d8a2a1231ed3925cad830f3dc))
+* Add disable_default_proxy for stealth browsers ([3a75e81](https://github.com/kernel/kernel-python-sdk/commit/3a75e819e6e7caffdfba74a9627ed418de247de7))
+* **internal:** implement indices array format for query and form serialization ([c798c39](https://github.com/kernel/kernel-python-sdk/commit/c798c39251def1447d61215c187f0e285f225f3d))
+
+
+### Chores
+
+* **ci:** skip lint on metadata-only changes ([f0815a8](https://github.com/kernel/kernel-python-sdk/commit/f0815a8d36799444220552cb599a19b79c9b5e12))
+* **internal:** update gitignore ([34b47ab](https://github.com/kernel/kernel-python-sdk/commit/34b47ab40aeb12ad9f78e923493caaca88a554b4))
+
+## 0.44.0 (2026-03-20)
+
+Full Changelog: [v0.43.0...v0.44.0](https://github.com/kernel/kernel-python-sdk/compare/v0.43.0...v0.44.0)
+
+### Features
+
+* Add GPU viewport presets and GPU encoder defaults ([0735b45](https://github.com/kernel/kernel-python-sdk/commit/0735b45fc92950cef3afea92a879712ea0ebdf0f))
+* Adds description to OAS spec for docs about delta_x, delta_y ([9841aac](https://github.com/kernel/kernel-python-sdk/commit/9841aac21588beb0c6a22baf5c5b0bf8e8cdd024))
+* Drop headless GPU support and disable pooling ([cda8f94](https://github.com/kernel/kernel-python-sdk/commit/cda8f94f6cebabc3b3b6f95aff765816255a9270))
+* Enhance managed authentication with CUA support and new features ([ece76c2](https://github.com/kernel/kernel-python-sdk/commit/ece76c2f7d2a20af7c00988d161c4e275623aaac))
+* expose smooth drag mouse movement via public API ([c6f6862](https://github.com/kernel/kernel-python-sdk/commit/c6f6862d03620bb218a99c85431e384c5c8e5e4c))
+* Rename hardware acceleration UI/docs wording to GPU acceleration ([9ee4d0c](https://github.com/kernel/kernel-python-sdk/commit/9ee4d0c080da7f649a3bde63640593f33d5d0f6b))
+
+
+### Bug Fixes
+
+* **deps:** bump minimum typing-extensions version ([fd55947](https://github.com/kernel/kernel-python-sdk/commit/fd55947f1776b43cca804622d0c771ebe99ead60))
+* **pydantic:** do not pass `by_alias` unless set ([a815a82](https://github.com/kernel/kernel-python-sdk/commit/a815a8237cce2098b2f5d6a8ad5def400d418fbb))
+* sanitize endpoint path params ([9b55d2b](https://github.com/kernel/kernel-python-sdk/commit/9b55d2be9472f779fe20d7d863dacae1030d2b49))
+
+
+### Chores
+
+* **internal:** tweak CI branches ([8781c7d](https://github.com/kernel/kernel-python-sdk/commit/8781c7d9aa8759e487e5d86cbb82bfb7eb3d314e))
+
 ## 0.43.0 (2026-03-10)
 
 Full Changelog: [v0.42.1...v0.43.0](https://github.com/kernel/kernel-python-sdk/compare/v0.42.1...v0.43.0)

{kernel-0.43.0 → kernel-0.45.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: kernel
-Version: 0.43.0
+Version: 0.45.0
 Summary: The official Python library for the kernel API
 Project-URL: Homepage, https://github.com/kernel/kernel-python-sdk
 Project-URL: Repository, https://github.com/kernel/kernel-python-sdk
@@ -27,7 +27,7 @@ Requires-Dist: distro<2,>=1.7.0
 Requires-Dist: httpx<1,>=0.23.0
 Requires-Dist: pydantic<3,>=1.9.0
 Requires-Dist: sniffio
-Requires-Dist: typing-extensions<5,>=4.10
+Requires-Dist: typing-extensions<5,>=4.14
 Provides-Extra: aiohttp
 Requires-Dist: aiohttp; extra == 'aiohttp'
 Requires-Dist: httpx-aiohttp>=0.1.9; extra == 'aiohttp'

{kernel-0.43.0 → kernel-0.45.0}/api.md

@@ -245,6 +245,7 @@ from kernel.types.auth import (
     LoginResponse,
     ManagedAuth,
     ManagedAuthCreateRequest,
+    ManagedAuthUpdateRequest,
     SubmitFieldsRequest,
     SubmitFieldsResponse,
     ConnectionFollowResponse,
@@ -255,6 +256,7 @@ Methods:
 
 - <code title="post /auth/connections">client.auth.connections.<a href="./src/kernel/resources/auth/connections.py">create</a>(\*\*<a href="src/kernel/types/auth/connection_create_params.py">params</a>) -> <a href="./src/kernel/types/auth/managed_auth.py">ManagedAuth</a></code>
 - <code title="get /auth/connections/{id}">client.auth.connections.<a href="./src/kernel/resources/auth/connections.py">retrieve</a>(id) -> <a href="./src/kernel/types/auth/managed_auth.py">ManagedAuth</a></code>
+- <code title="patch /auth/connections/{id}">client.auth.connections.<a href="./src/kernel/resources/auth/connections.py">update</a>(id, \*\*<a href="src/kernel/types/auth/connection_update_params.py">params</a>) -> <a href="./src/kernel/types/auth/managed_auth.py">ManagedAuth</a></code>
 - <code title="get /auth/connections">client.auth.connections.<a href="./src/kernel/resources/auth/connections.py">list</a>(\*\*<a href="src/kernel/types/auth/connection_list_params.py">params</a>) -> <a href="./src/kernel/types/auth/managed_auth.py">SyncOffsetPagination[ManagedAuth]</a></code>
 - <code title="delete /auth/connections/{id}">client.auth.connections.<a href="./src/kernel/resources/auth/connections.py">delete</a>(id) -> None</code>
 - <code title="get /auth/connections/{id}/events">client.auth.connections.<a href="./src/kernel/resources/auth/connections.py">follow</a>(id) -> <a href="./src/kernel/types/auth/connection_follow_response.py">ConnectionFollowResponse</a></code>

{kernel-0.43.0 → kernel-0.45.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "kernel"
-version = "0.43.0"
+version = "0.45.0"
 description = "The official Python library for the kernel API"
 dynamic = ["readme"]
 license = "Apache-2.0"
@@ -11,7 +11,7 @@ authors = [
 dependencies = [
   "httpx>=0.23.0, <1",
   "pydantic>=1.9.0, <3",
-  "typing-extensions>=4.10, <5",
+  "typing-extensions>=4.14, <5",
   "anyio>=3.5.0, <5",
   "distro>=1.7.0, <2",
   "sniffio",

{kernel-0.43.0 → kernel-0.45.0}/src/kernel/_compat.py

@@ -2,7 +2,7 @@ from __future__ import annotations
 
 from typing import TYPE_CHECKING, Any, Union, Generic, TypeVar, Callable, cast, overload
 from datetime import date, datetime
-from typing_extensions import Self, Literal
+from typing_extensions import Self, Literal, TypedDict
 
 import pydantic
 from pydantic.fields import FieldInfo
@@ -131,6 +131,10 @@ def model_json(model: pydantic.BaseModel, *, indent: int | None = None) -> str:
     return model.model_dump_json(indent=indent)
 
 
+class _ModelDumpKwargs(TypedDict, total=False):
+    by_alias: bool
+
+
 def model_dump(
     model: pydantic.BaseModel,
     *,
@@ -142,6 +146,9 @@ def model_dump(
     by_alias: bool | None = None,
 ) -> dict[str, Any]:
     if (not PYDANTIC_V1) or hasattr(model, "model_dump"):
+        kwargs: _ModelDumpKwargs = {}
+        if by_alias is not None:
+            kwargs["by_alias"] = by_alias
         return model.model_dump(
             mode=mode,
             exclude=exclude,
@@ -149,7 +156,7 @@ def model_dump(
             exclude_defaults=exclude_defaults,
             # warnings are not supported in Pydantic v1
             warnings=True if PYDANTIC_V1 else warnings,
-            by_alias=by_alias,
+            **kwargs,
         )
     return cast(
         "dict[str, Any]",

{kernel-0.43.0 → kernel-0.45.0}/src/kernel/_qs.py

@@ -101,7 +101,10 @@ class Querystring:
                     items.extend(self._stringify_item(key, item, opts))
                 return items
             elif array_format == "indices":
-                raise NotImplementedError("The array indices format is not supported yet")
+                items = []
+                for i, item in enumerate(value):
+                    items.extend(self._stringify_item(f"{key}[{i}]", item, opts))
+                return items
             elif array_format == "brackets":
                 items = []
                 key = key + "[]"

{kernel-0.43.0 → kernel-0.45.0}/src/kernel/_utils/__init__.py

@@ -1,3 +1,4 @@
+from ._path import path_template as path_template
 from ._sync import asyncify as asyncify
 from ._proxy import LazyProxy as LazyProxy
 from ._utils import (

kernel-0.45.0/src/kernel/_utils/_path.py

@@ -0,0 +1,127 @@
+from __future__ import annotations
+
+import re
+from typing import (
+    Any,
+    Mapping,
+    Callable,
+)
+from urllib.parse import quote
+
+# Matches '.' or '..' where each dot is either literal or percent-encoded (%2e / %2E).
+_DOT_SEGMENT_RE = re.compile(r"^(?:\.|%2[eE]){1,2}$")
+
+_PLACEHOLDER_RE = re.compile(r"\{(\w+)\}")
+
+
+def _quote_path_segment_part(value: str) -> str:
+    """Percent-encode `value` for use in a URI path segment.
+
+    Considers characters not in `pchar` set from RFC 3986 §3.3 to be unsafe.
+    https://datatracker.ietf.org/doc/html/rfc3986#section-3.3
+    """
+    # quote() already treats unreserved characters (letters, digits, and -._~)
+    # as safe, so we only need to add sub-delims, ':', and '@'.
+    # Notably, unlike the default `safe` for quote(), / is unsafe and must be quoted.
+    return quote(value, safe="!$&'()*+,;=:@")
+
+
+def _quote_query_part(value: str) -> str:
+    """Percent-encode `value` for use in a URI query string.
+
+    Considers &, = and characters not in `query` set from RFC 3986 §3.4 to be unsafe.
+    https://datatracker.ietf.org/doc/html/rfc3986#section-3.4
+    """
+    return quote(value, safe="!$'()*+,;:@/?")
+
+
+def _quote_fragment_part(value: str) -> str:
+    """Percent-encode `value` for use in a URI fragment.
+
+    Considers characters not in `fragment` set from RFC 3986 §3.5 to be unsafe.
+    https://datatracker.ietf.org/doc/html/rfc3986#section-3.5
+    """
+    return quote(value, safe="!$&'()*+,;=:@/?")
+
+
+def _interpolate(
+    template: str,
+    values: Mapping[str, Any],
+    quoter: Callable[[str], str],
+) -> str:
+    """Replace {name} placeholders in `template`, quoting each value with `quoter`.
+
+    Placeholder names are looked up in `values`.
+
+    Raises:
+        KeyError: If a placeholder is not found in `values`.
+    """
+    # re.split with a capturing group returns alternating
+    # [text, name, text, name, ..., text] elements.
+    parts = _PLACEHOLDER_RE.split(template)
+
+    for i in range(1, len(parts), 2):
+        name = parts[i]
+        if name not in values:
+            raise KeyError(f"a value for placeholder {{{name}}} was not provided")
+        val = values[name]
+        if val is None:
+            parts[i] = "null"
+        elif isinstance(val, bool):
+            parts[i] = "true" if val else "false"
+        else:
+            parts[i] = quoter(str(values[name]))
+
+    return "".join(parts)
+
+
+def path_template(template: str, /, **kwargs: Any) -> str:
+    """Interpolate {name} placeholders in `template` from keyword arguments.
+
+    Args:
+        template: The template string containing {name} placeholders.
+        **kwargs: Keyword arguments to interpolate into the template.
+
+    Returns:
+        The template with placeholders interpolated and percent-encoded.
+
+        Safe characters for percent-encoding are dependent on the URI component.
+        Placeholders in path and fragment portions are percent-encoded where the `segment`
+        and `fragment` sets from RFC 3986 respectively are considered safe.
+        Placeholders in the query portion are percent-encoded where the `query` set from
+        RFC 3986 §3.3 is considered safe except for = and & characters.
+
+    Raises:
+        KeyError: If a placeholder is not found in `kwargs`.
+        ValueError: If resulting path contains /./ or /../ segments (including percent-encoded dot-segments).
+    """
+    # Split the template into path, query, and fragment portions.
+    fragment_template: str | None = None
+    query_template: str | None = None
+
+    rest = template
+    if "#" in rest:
+        rest, fragment_template = rest.split("#", 1)
+    if "?" in rest:
+        rest, query_template = rest.split("?", 1)
+    path_template = rest
+
+    # Interpolate each portion with the appropriate quoting rules.
+    path_result = _interpolate(path_template, kwargs, _quote_path_segment_part)
+
+    # Reject dot-segments (. and ..) in the final assembled path.  The check
+    # runs after interpolation so that adjacent placeholders or a mix of static
+    # text and placeholders that together form a dot-segment are caught.
+    # Also reject percent-encoded dot-segments to protect against incorrectly
+    # implemented normalization in servers/proxies.
+    for segment in path_result.split("/"):
+        if _DOT_SEGMENT_RE.match(segment):
+            raise ValueError(f"Constructed path {path_result!r} contains dot-segment {segment!r} which is not allowed")
+
+    result = path_result
+    if query_template is not None:
+        result += "?" + _interpolate(query_template, kwargs, _quote_query_part)
+    if fragment_template is not None:
+        result += "#" + _interpolate(fragment_template, kwargs, _quote_fragment_part)
+
+    return result

{kernel-0.43.0 → kernel-0.45.0}/src/kernel/_version.py

@@ -1,4 +1,4 @@
 # File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
 
 __title__ = "kernel"
-__version__ = "0.43.0"  # x-release-please-version
+__version__ = "0.45.0"  # x-release-please-version

{kernel-0.43.0 → kernel-0.45.0}/src/kernel/resources/auth/connections.py

@@ -7,7 +7,7 @@ from typing import Any, Dict, cast
 import httpx
 
 from ..._types import Body, Omit, Query, Headers, NoneType, NotGiven, SequenceNotStr, omit, not_given
-from ..._utils import maybe_transform, async_maybe_transform
+from ..._utils import path_template, maybe_transform, async_maybe_transform
 from ..._compat import cached_property
 from ..._resource import SyncAPIResource, AsyncAPIResource
 from ..._response import (
@@ -23,6 +23,7 @@ from ...types.auth import (
     connection_login_params,
     connection_create_params,
     connection_submit_params,
+    connection_update_params,
 )
 from ..._base_client import AsyncPaginator, make_request_options
 from ...types.auth.managed_auth import ManagedAuth
@@ -179,7 +180,77 @@ class ConnectionsResource(SyncAPIResource):
         if not id:
             raise ValueError(f"Expected a non-empty value for `id` but received {id!r}")
         return self._get(
-            f"/auth/connections/{id}",
+            path_template("/auth/connections/{id}", id=id),
+            options=make_request_options(
+                extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout
+            ),
+            cast_to=ManagedAuth,
+        )
+
+    def update(
+        self,
+        id: str,
+        *,
+        allowed_domains: SequenceNotStr[str] | Omit = omit,
+        credential: connection_update_params.Credential | Omit = omit,
+        health_check_interval: int | Omit = omit,
+        login_url: str | Omit = omit,
+        proxy: connection_update_params.Proxy | Omit = omit,
+        save_credentials: bool | Omit = omit,
+        # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
+        # The extra values given here take precedence over values defined on the client or passed to this method.
+        extra_headers: Headers | None = None,
+        extra_query: Query | None = None,
+        extra_body: Body | None = None,
+        timeout: float | httpx.Timeout | None | NotGiven = not_given,
+    ) -> ManagedAuth:
+        """Update an auth connection's configuration.
+
+        Only the fields provided will be
+        updated.
+
+        Args:
+          allowed_domains: Additional domains valid for this auth flow (replaces existing list)
+
+          credential:
+              Reference to credentials for the auth connection. Use one of:
+
+              - { name } for Kernel credentials
+              - { provider, path } for external provider item
+              - { provider, auto: true } for external provider domain lookup
+
+          health_check_interval: Interval in seconds between automatic health checks
+
+          login_url: Login page URL. Set to empty string to clear.
+
+          proxy: Proxy selection. Provide either id or name. The proxy must belong to the
+              caller's org.
+
+          save_credentials: Whether to save credentials after every successful login
+
+          extra_headers: Send extra headers
+
+          extra_query: Add additional query parameters to the request
+
+          extra_body: Add additional JSON properties to the request
+
+          timeout: Override the client-level default timeout for this request, in seconds
+        """
+        if not id:
+            raise ValueError(f"Expected a non-empty value for `id` but received {id!r}")
+        return self._patch(
+            path_template("/auth/connections/{id}", id=id),
+            body=maybe_transform(
+                {
+                    "allowed_domains": allowed_domains,
+                    "credential": credential,
+                    "health_check_interval": health_check_interval,
+                    "login_url": login_url,
+                    "proxy": proxy,
+                    "save_credentials": save_credentials,
+                },
+                connection_update_params.ConnectionUpdateParams,
+            ),
             options=make_request_options(
                 extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout
             ),
@@ -273,7 +344,7 @@ class ConnectionsResource(SyncAPIResource):
             raise ValueError(f"Expected a non-empty value for `id` but received {id!r}")
         extra_headers = {"Accept": "*/*", **(extra_headers or {})}
         return self._delete(
-            f"/auth/connections/{id}",
+            path_template("/auth/connections/{id}", id=id),
             options=make_request_options(
                 extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout
             ),
@@ -309,7 +380,7 @@ class ConnectionsResource(SyncAPIResource):
             raise ValueError(f"Expected a non-empty value for `id` but received {id!r}")
         extra_headers = {"Accept": "text/event-stream", **(extra_headers or {})}
         return self._get(
-            f"/auth/connections/{id}/events",
+            path_template("/auth/connections/{id}/events", id=id),
             options=make_request_options(
                 extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout
             ),
@@ -353,7 +424,7 @@ class ConnectionsResource(SyncAPIResource):
         if not id:
             raise ValueError(f"Expected a non-empty value for `id` but received {id!r}")
         return self._post(
-            f"/auth/connections/{id}/login",
+            path_template("/auth/connections/{id}/login", id=id),
             body=maybe_transform({"proxy": proxy}, connection_login_params.ConnectionLoginParams),
             options=make_request_options(
                 extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout
@@ -367,7 +438,9 @@ class ConnectionsResource(SyncAPIResource):
         *,
         fields: Dict[str, str] | Omit = omit,
         mfa_option_id: str | Omit = omit,
+        sign_in_option_id: str | Omit = omit,
         sso_button_selector: str | Omit = omit,
+        sso_provider: str | Omit = omit,
         # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
         # The extra values given here take precedence over values defined on the client or passed to this method.
         extra_headers: Headers | None = None,
@@ -383,9 +456,15 @@ class ConnectionsResource(SyncAPIResource):
         Args:
           fields: Map of field name to value
 
-          mfa_option_id: Optional MFA option ID if user selected an MFA method
+          mfa_option_id: The MFA method type to select (when mfa_options were returned)
+
+          sign_in_option_id: The sign-in option ID to select (when sign_in_options were returned)
 
-          sso_button_selector: Optional XPath selector if user chose to click an SSO button instead
+          sso_button_selector: XPath selector for the SSO button to click (ODA). Use sso_provider instead for
+              CUA.
+
+          sso_provider: SSO provider to click, matching the provider field from pending_sso_buttons
+              (e.g., "google", "github"). Cannot be used with sso_button_selector.
 
           extra_headers: Send extra headers
 
@@ -398,12 +477,14 @@ class ConnectionsResource(SyncAPIResource):
         if not id:
             raise ValueError(f"Expected a non-empty value for `id` but received {id!r}")
         return self._post(
-            f"/auth/connections/{id}/submit",
+            path_template("/auth/connections/{id}/submit", id=id),
             body=maybe_transform(
                 {
                     "fields": fields,
                     "mfa_option_id": mfa_option_id,
+                    "sign_in_option_id": sign_in_option_id,
                     "sso_button_selector": sso_button_selector,
+                    "sso_provider": sso_provider,
                 },
                 connection_submit_params.ConnectionSubmitParams,
             ),
@@ -560,7 +641,77 @@ class AsyncConnectionsResource(AsyncAPIResource):
         if not id:
             raise ValueError(f"Expected a non-empty value for `id` but received {id!r}")
         return await self._get(
-            f"/auth/connections/{id}",
+            path_template("/auth/connections/{id}", id=id),
+            options=make_request_options(
+                extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout
+            ),
+            cast_to=ManagedAuth,
+        )
+
+    async def update(
+        self,
+        id: str,
+        *,
+        allowed_domains: SequenceNotStr[str] | Omit = omit,
+        credential: connection_update_params.Credential | Omit = omit,
+        health_check_interval: int | Omit = omit,
+        login_url: str | Omit = omit,
+        proxy: connection_update_params.Proxy | Omit = omit,
+        save_credentials: bool | Omit = omit,
+        # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
+        # The extra values given here take precedence over values defined on the client or passed to this method.
+        extra_headers: Headers | None = None,
+        extra_query: Query | None = None,
+        extra_body: Body | None = None,
+        timeout: float | httpx.Timeout | None | NotGiven = not_given,
+    ) -> ManagedAuth:
+        """Update an auth connection's configuration.
+
+        Only the fields provided will be
+        updated.
+
+        Args:
+          allowed_domains: Additional domains valid for this auth flow (replaces existing list)
+
+          credential:
+              Reference to credentials for the auth connection. Use one of:
+
+              - { name } for Kernel credentials
+              - { provider, path } for external provider item
+              - { provider, auto: true } for external provider domain lookup
+
+          health_check_interval: Interval in seconds between automatic health checks
+
+          login_url: Login page URL. Set to empty string to clear.
+
+          proxy: Proxy selection. Provide either id or name. The proxy must belong to the
+              caller's org.
+
+          save_credentials: Whether to save credentials after every successful login
+
+          extra_headers: Send extra headers
+
+          extra_query: Add additional query parameters to the request
+
+          extra_body: Add additional JSON properties to the request
+
+          timeout: Override the client-level default timeout for this request, in seconds
+        """
+        if not id:
+            raise ValueError(f"Expected a non-empty value for `id` but received {id!r}")
+        return await self._patch(
+            path_template("/auth/connections/{id}", id=id),
+            body=await async_maybe_transform(
+                {
+                    "allowed_domains": allowed_domains,
+                    "credential": credential,
+                    "health_check_interval": health_check_interval,
+                    "login_url": login_url,
+                    "proxy": proxy,
+                    "save_credentials": save_credentials,
+                },
+                connection_update_params.ConnectionUpdateParams,
+            ),
             options=make_request_options(
                 extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout
             ),
@@ -654,7 +805,7 @@ class AsyncConnectionsResource(AsyncAPIResource):
             raise ValueError(f"Expected a non-empty value for `id` but received {id!r}")
         extra_headers = {"Accept": "*/*", **(extra_headers or {})}
         return await self._delete(
-            f"/auth/connections/{id}",
+            path_template("/auth/connections/{id}", id=id),
             options=make_request_options(
                 extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout
             ),
@@ -690,7 +841,7 @@ class AsyncConnectionsResource(AsyncAPIResource):
             raise ValueError(f"Expected a non-empty value for `id` but received {id!r}")
         extra_headers = {"Accept": "text/event-stream", **(extra_headers or {})}
         return await self._get(
-            f"/auth/connections/{id}/events",
+            path_template("/auth/connections/{id}/events", id=id),
             options=make_request_options(
                 extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout
             ),
@@ -734,7 +885,7 @@ class AsyncConnectionsResource(AsyncAPIResource):
         if not id:
             raise ValueError(f"Expected a non-empty value for `id` but received {id!r}")
         return await self._post(
-            f"/auth/connections/{id}/login",
+            path_template("/auth/connections/{id}/login", id=id),
             body=await async_maybe_transform({"proxy": proxy}, connection_login_params.ConnectionLoginParams),
             options=make_request_options(
                 extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout
@@ -748,7 +899,9 @@ class AsyncConnectionsResource(AsyncAPIResource):
         *,
         fields: Dict[str, str] | Omit = omit,
         mfa_option_id: str | Omit = omit,
+        sign_in_option_id: str | Omit = omit,
         sso_button_selector: str | Omit = omit,
+        sso_provider: str | Omit = omit,
         # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
         # The extra values given here take precedence over values defined on the client or passed to this method.
         extra_headers: Headers | None = None,
@@ -764,9 +917,15 @@ class AsyncConnectionsResource(AsyncAPIResource):
         Args:
           fields: Map of field name to value
 
-          mfa_option_id: Optional MFA option ID if user selected an MFA method
+          mfa_option_id: The MFA method type to select (when mfa_options were returned)
+
+          sign_in_option_id: The sign-in option ID to select (when sign_in_options were returned)
 
-          sso_button_selector: Optional XPath selector if user chose to click an SSO button instead
+          sso_button_selector: XPath selector for the SSO button to click (ODA). Use sso_provider instead for
+              CUA.
+
+          sso_provider: SSO provider to click, matching the provider field from pending_sso_buttons
+              (e.g., "google", "github"). Cannot be used with sso_button_selector.
 
           extra_headers: Send extra headers
 
@@ -779,12 +938,14 @@ class AsyncConnectionsResource(AsyncAPIResource):
         if not id:
             raise ValueError(f"Expected a non-empty value for `id` but received {id!r}")
         return await self._post(
-            f"/auth/connections/{id}/submit",
+            path_template("/auth/connections/{id}/submit", id=id),
             body=await async_maybe_transform(
                 {
                     "fields": fields,
                     "mfa_option_id": mfa_option_id,
+                    "sign_in_option_id": sign_in_option_id,
                     "sso_button_selector": sso_button_selector,
+                    "sso_provider": sso_provider,
                 },
                 connection_submit_params.ConnectionSubmitParams,
             ),
@@ -805,6 +966,9 @@ class ConnectionsResourceWithRawResponse:
         self.retrieve = to_raw_response_wrapper(
             connections.retrieve,
         )
+        self.update = to_raw_response_wrapper(
+            connections.update,
+        )
         self.list = to_raw_response_wrapper(
             connections.list,
         )
@@ -832,6 +996,9 @@ class AsyncConnectionsResourceWithRawResponse:
         self.retrieve = async_to_raw_response_wrapper(
             connections.retrieve,
         )
+        self.update = async_to_raw_response_wrapper(
+            connections.update,
+        )
         self.list = async_to_raw_response_wrapper(
             connections.list,
         )
@@ -859,6 +1026,9 @@ class ConnectionsResourceWithStreamingResponse:
         self.retrieve = to_streamed_response_wrapper(
             connections.retrieve,
         )
+        self.update = to_streamed_response_wrapper(
+            connections.update,
+        )
         self.list = to_streamed_response_wrapper(
             connections.list,
         )
@@ -886,6 +1056,9 @@ class AsyncConnectionsResourceWithStreamingResponse:
         self.retrieve = async_to_streamed_response_wrapper(
             connections.retrieve,
         )
+        self.update = async_to_streamed_response_wrapper(
+            connections.update,
+        )
         self.list = async_to_streamed_response_wrapper(
             connections.list,
         )