release: 0.68.0

[stainless-app]

Automated Release PR

0.68.0 (2026-06-14)

Full Changelog: v0.67.0...v0.68.0

Features

• Add API key rotate endpoint (5ad5ee5)
• api: surface deleted/expired API keys for audit trail (KERNEL-1350) (6f16159)

Refactors

• api: align API key audit surface with browser sibling (KERNEL-1350) (bdf7a0d)

---

This pull request is managed by Stainless's GitHub App.

The semver version number is based on included commit messages. Alternatively, you can manually set the version number in the title of this pull request.

For a better experience, it is recommended to use either rebase-merge or squash-merge when merging this pull request.

🔗 Stainless website
📚 Read the docs
🙋 Reach out for help or questions

---

Note

Medium Risk
New credential rotation and deleted-key exposure in the API keys client affect auth lifecycle; changes are additive OpenAPI-generated bindings with backward-compatible list defaults.

Overview
Release 0.68.0 bumps package version and OpenAPI metadata (120 endpoints) with changelog entries for API key work.

API keys gain a rotate method (POST /org/api_keys/{id}/rotate) on sync/async clients, including raw/streaming helpers. Rotation accepts optional days_to_expire for the new key and expire_in_days for the old key’s grace period; it returns CreatedAPIKey (plaintext shown once).

Audit / soft-delete visibility: the APIKey type adds optional deleted_at. retrieve accepts include_deleted; list adds status (active | deleted | all) and keeps deprecated include_deleted. Generated param types and api.md are updated; API key tests cover the new surface (still mock-skipped).

^{Reviewed by Cursor Bugbot for commit ed30024. Bugbot is set up for automated code reviews on this repo. Configure here.}

[firetiger-agent]

Firetiger deploy monitoring skipped

This PR didn't match the auto-monitor filter configured on your GitHub connection:

PRs in the kernel, infra, hypeman, and hypeship repos. kernel is a ~mono repo with many logical services underneath, ensure to focus on the implicated service for the PR

Reason: This PR is for the kernel-python-sdk repository, not one of the specified repos (kernel, infra, hypeman, hypeship); please opt in manually if deploy monitoring is needed.

To monitor this PR anyway, reply with @firetiger monitor this.

[stainless-app]

🧪 Testing

To try out this version of the SDK:

pip install 'https://pkg.stainless.com/s/kernel-python/bdf7a0dec6ed448f4846186fba05e4cbb7eb0846/kernel-0.67.0-py3-none-any.whl'

Expires at: Tue, 14 Jul 2026 20:22:01 GMT
Updated at: Sun, 14 Jun 2026 20:22:01 GMT

[bmsaadat]

Do not merge yet! Pending a followup to the deleted status changes.