…its (#15893)

* fix(generator-cli): set explicit author/committer on API-created commits

When creating commits via the GitHub REST API (octokit.git.createCommit),
explicitly set the author and committer to the Fern bot identity instead
of relying on the authenticated user default. This fixes commit
attribution on GitHub Enterprise where PAT-based authentication causes
commits to be attributed to the PAT-owning service account rather than
a stable bot identity.

The GithubStepConfig also accepts an optional author override for
callers that need a custom committer identity.

* test: update pushSignedCommit test assertions for author/committer fields

…5891)

When useLocalDocker is true, silently pick up an existing FERN_TOKEN env
var or saved login token via getToken() so Venus calls (e.g. GET
/organizations/{org_id}) are authenticated. Previously this path skipped
the auth flow entirely, leaving the Venus client unauthenticated.

Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>

…tch in dev mode (#15913)

* fix(docs): prefer stored login token over env var for global theme fetch in dev mode

* chore(docs): add changelog entry for global theme token fix

* Update fix-global-theme-token-in-dev.yml

* chore(deps): bump @fern-api/generator-cli catalog pin to 0.9.27

Co-Authored-By: tanmay.singh <tstanmay13@gmail.com>

* chore: update pnpm-lock.yaml

Co-Authored-By: tanmay.singh <tstanmay13@gmail.com>

---------

Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>

* fix(python): escape bare < in changelog to fix MDX parse error

Co-Authored-By: ryanstep <ryanstep@umich.edu>

* fix(python): add pre-commit check for bare < in changelog summaries

Co-Authored-By: ryanstep <ryanstep@umich.edu>

* fix(python): use null check instead of non-null assertion for biome

Co-Authored-By: ryanstep <ryanstep@umich.edu>

* fix(python): remove pre-commit changelog check pending better matching approach

Co-Authored-By: ryanstep <ryanstep@umich.edu>

---------

Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>

…#15917)

fix: change fern.yml to docs.yml in 5.26.0 changelog entry

Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>

* feat(php): add SSE / NDJSON / text streaming support

* feat(php): expose SSE metadata, add buffer cap, validate Content-Type

Three follow-ups to the SSE streaming runtime to close the parity gap
with the Python and Go SDK generators:

- New SseStream::events() yields typed SseEvent<T> with WHATWG envelope
  fields (event, id, retry). lastEventId persists across events per spec;
  null bytes in id and non-integer retry values are rejected.
- 1 MiB default maxBufferSize on every Stream wrapper, configurable per
  call. Guards line buffer and accumulated SSE event data against
  pathological streams; throws RuntimeException on overflow.
- SseStream constructor validates Content-Type contains text/event-stream
  and rejects non-UTF-8 charset parameters per the WHATWG SSE spec.

13 new PHPUnit cases cover metadata exposure, lastEventId persistence,
null-byte / non-integer field rejection, Content-Type / charset
validation, missing-header tolerance, and buffer overflow.

* chore(php): harden Stream runtime — cap-before-alloc, BOM, encapsulation

Six follow-ups to the SSE streaming runtime, surfacing from a fresh review
of Stream.Template.php for unidiomatic constructions:

1. Buffer cap during accumulation (real correctness gap): new
   appendWithinCap() helper throws BEFORE the concat allocates. A hostile
   stream sending many `data:` lines without a dispatching blank line
   used to grow $dataBuffer unbounded and only trip the check at
   dispatch — too late. Now bounded by the configured limit.

2. Split StreamFormat into its own template file for PSR-4 autoload
   correctness. Generated SDKs ship a separate StreamFormat.php.

3. Encapsulate $deserializer: private field behind a protected
   deserialize() method. SseStream::events() now calls
   $this->deserialize() instead of accessing the closure directly.

4. Strip a leading UTF-8 BOM per WHATWG §9.2.4. Handles BOM split
   across read chunks via a deferred check.

5. DEFAULT_MAX_BUFFER_SIZE = 1_048_576 (numeric separator).

6. Stream::__construct is now protected — external callers must use
   SseStream, JsonStream, or TextStream. Wrappers' parent::__construct
   calls are unaffected.

Adds three new tests: cumulative-accumulation cap, BOM at start, BOM
not stripped mid-stream.

* chore(php): tighten Stream / StreamTest comments shipped to customer SDKs

Trim WHAT-narration and internal implementation rationale from comments
in Stream.Template.php and StreamTest.Template.php — these files are
emitted into every generated SDK and were exposing dev-side context
("a hostile stream cannot drive us past the limit and then trip the
check", "The constructor is protected to enforce this", etc.) that
customers don't need. WHATWG spec citations and non-obvious WHY
comments are kept.

* chore(php): simplify Stream codegen and skip no-op CRLF rewrite

- Collapse duplicated enumString switch arm into the primitive case in
  buildStreamDeserializerBody (single decode$Suffix dispatch).
- Stream::readLines now guards str_replace(["\r\n", "\r"], "\n", ...)
  with str_contains($chunk, "\r"); NDJSON / text streams no longer pay
  the per-chunk rewrite when no CR bytes are present.

Co-authored-by: patrickthornton <70873350+patrickthornton@users.noreply.github.com>

* chore(seed): migrate scripts and wire exhaustive+imdb to OpenAPI input

Extract add-openapi-specs.sh and update export-openapi-test.sh from the
stale swap-seed-inputs-2 branch. Wire exhaustive and imdb fixtures to
use their existing openapi.yml via api.specs in generators.yml.

* chore(seed): split add-openapi-specs into copy + wire scripts

Replace the monolithic add-openapi-specs.sh with two scripts:
- copy-openapi-specs.sh: copies seed OpenAPI specs into test-definition
  dirs without modifying generators.yml (safe to run on all fixtures)
- wire-openapi-specs.sh: adds api.specs block to generators.yml, only
  for fixtures still using Fern definitions (skips any fixture that
  already has an api: block — openapi, proto, asyncapi, etc.)

Both accept optional fixture names to operate on a subset.

* fix(seed): copy script skips fixtures already wired to any spec input

Check for an existing api: block in generators.yml instead of just
checking for openapi.yml on disk. Prevents creating orphan spec files
for fixtures that are already wired to openapi/proto/asyncapi inputs
at non-standard paths.

* chore(seed): add overrides generation for SDK group/method naming

Add generate-openapi-overrides.py that reads an OpenAPI spec and the
Fern definition directory structure to produce x-fern-sdk-group-name
and x-fern-sdk-method-name overrides preserving the package hierarchy.

Integrated into copy-openapi-specs.sh (auto-generates overrides after
copying specs) and wire-openapi-specs.sh (wires overrides reference
into generators.yml when present).

Applied to imdb and exhaustive fixtures.

* revert generators.yml change

* revert imdb state

* Update imdb spec

* wire imdb through fixture definition

* Regenerate sdks for imdb

* regenerate jva flat package

* revert exhaustive fixture changes

* chore(seed): tune imdb OpenAPI spec and regenerate ts-sdk output

Fix auth scheme name to lowercase 'bearer' to match Fern definition
output. Remaining diffs (error naming, type placement, path param
wrapping) are acceptable structural differences from the OpenAPI→IR
path and do not affect SDK API surface or behavior.

* chore(seed): regenerate go-sdk imdb no-custom-config with OpenAPI input

* chore(seed): regenerate openapi, rust-sdk, swift-sdk imdb with OpenAPI input

Same acceptable structural diffs as ts-sdk and go-sdk: error naming,
type placement, path param wrapping. No spec tuning needed beyond
the bearer scheme fix already applied.

* chore(seed): regenerate java-sdk, csharp-sdk, php-sdk imdb with OpenAPI input

* chore(seed): regenerate ruby-sdk-v2 imdb with OpenAPI input

* chore: update imdb ir-to-jsonschema snapshots

Co-Authored-By: bot_apk <apk@cognition.ai>

* chore: update test snapshots

* Automated update of seed files

* chore: update test snapshots

---------

Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: bot_apk <apk@cognition.ai>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: jsklan <jsklan@users.noreply.github.com>

…erity (#15853)

* fix(docs-validator): make rule init failures honor configured severity

When a docs-validator rule throws an exception during its asynchronous create() step, the validator emits a 'Rule "X" failed to initialize' violation. Previously this violation was hardcoded to severity "fatal", which meant configuring a rule at 'warn' in docs.yml (e.g. 'missing-redirects: warn') had no effect on init-time failures and would still fail 'fern check' with exit code 1.

This change makes those init failures respect the user's configured severity. It also fixes the rendered message when a non-Error value is thrown — previously surfaced as '[object Object]' — by serializing plain objects to JSON, and adds a try/catch around DocsDefinitionResolver.resolve() inside the missing-redirects rule so transient resolution errors degrade to a warning instead of a fatal.

Signed-off-by: cade <info@buildwithfern.com>
Co-Authored-By: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>

* chore(cli): sort imports per biome check

Signed-off-by: cade <info@buildwithfern.com>
Co-Authored-By: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>

* fix(cli): surface DocsDefinitionResolver failure reason in missing-redirects

Signed-off-by: cade <info@buildwithfern.com>
Co-Authored-By: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>

---------

Signed-off-by: cade <info@buildwithfern.com>
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>