fix: normalize api key scheme in alias

[Wondr-design]

Description

• Explicitly alias APIKeySecurityScheme.in_ to JSON field "in"
• Add tests to ensure in_ input is accepted and serialized as in
• Add REST agent card serialization test to prevent regressions

Testing

• uv run pytest tests/test_types.py tests/server/apps/rest/test_rest_serialization.py

Fixes #615

[gemini-code-assist]

Summary of Changes

Hello @Wondr-design, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a serialization/deserialization issue in the APIKeySecurityScheme Pydantic model by explicitly aliasing the in_ field to its JSON counterpart 'in'. This change ensures that API key location information is correctly handled when AgentCard objects are serialized and deserialized, preventing data integrity problems and improving compatibility with external systems expecting the 'in' field. The addition of new and updated tests provides strong validation for this fix.

Highlights

• API Key Scheme Field Aliasing: The in_ field within the APIKeySecurityScheme Pydantic model has been explicitly aliased to 'in' to correctly handle JSON serialization and deserialization, resolving potential conflicts with the Python keyword in.
• New REST Agent Card Serialization Test: A new test file (tests/server/apps/rest/test_serialization.py) was introduced to specifically validate that AgentCard instances, when serialized, correctly represent the APIKeySecurityScheme with the in alias, ensuring proper JSON output and deserialization.
• Expanded Type Validation Tests: An additional test case was added to tests/test_types.py to confirm that the SecurityScheme model correctly accepts in_ as an input field and serializes it as 'in', reinforcing the robustness of the type definitions.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request correctly normalizes the in_ field to in for APIKeySecurityScheme by adding a Pydantic field alias. The accompanying tests are well-written and effectively validate the change, ensuring both deserialization from in and in_ and serialization to in work as expected. The suggestion to refactor one of the new tests to be parameterized, which would improve maintainability and consolidate test logic, has been kept. Overall, this is a solid fix.

[gemini-code-assist]

For better test coverage and maintainability, you could use a parameterized test to verify that both in and in_ are handled correctly during deserialization, and that the model always serializes to in. This would combine the logic of this test and test_security_scheme_valid into a single, more comprehensive test case.

Suggested change

	def test_security_scheme_accepts_in_field_name():
	scheme = SecurityScheme.model_validate(
	{
	'type': 'apiKey',
	'in_': 'header',
	'name': 'X-API-KEY',
	}
	)
	assert isinstance(scheme.root, APIKeySecurityScheme)
	assert scheme.root.in_ == In.header
	assert scheme.model_dump(mode='json', exclude_none=True)['in'] == 'header'
	@pytest.mark.parametrize("in_field_name", ["in", "in_"])
	def test_security_scheme_in_field_handling(in_field_name: str):
	scheme_data = {
	'type': 'apiKey',
	'name': 'X-API-KEY',
	in_field_name: 'header',
	}
	scheme = SecurityScheme.model_validate(scheme_data)
	assert isinstance(scheme.root, APIKeySecurityScheme)
	assert scheme.root.in_ == In.header
	serialized_data = scheme.model_dump(mode='json', exclude_none=True)
	assert serialized_data.get('in') == 'header'
	assert 'in_' not in serialized_data

[Wondr-design]

Updated tests/test_types.py to use a single parametrized test that validates both 'in' and 'in_' inputs and ensures serialization always outputs 'in'. Ran: uv run pytest tests/test_types.py.

[Wondr-design]

CI import-file-mismatch was due to duplicate module name (tests/server/apps/jsonrpc/test_serialization.py vs tests/server/apps/rest/test_serialization.py). Renamed REST test to tests/server/apps/rest/test_rest_serialization.py to make the module name unique; reran local test for that file.

[Wondr-design]

Pushed a lint fix for PYI034 in src/a2a/utils/telemetry.py by importing Self (with typing_extensions fallback) and annotating _NoOp.__enter__ to return Self. Also ran Ruff --fix to clean up import ordering.

[Wondr-design]

Updated src/a2a/utils/telemetry.py to import Self from typing_extensions unconditionally (removed the typing import/try-except). This resolves the mypy/pyright errors on Python 3.10.

[holtskinner]

This file shouldn't be manually edited. The alias should be added automatically from BaseModel in https://github.com/a2aproject/a2a-python/blob/main/src/a2a/_base.py