feat(rust): Add RequestExecutor trait for CLI execution-sharing (#16282)

* feat(rust): Add RequestExecutor trait for CLI execution-sharing

Add RequestExecutor trait and HttpClient::with_executor() constructor
to enable CLI execution-sharing. When an external executor is injected,
the SDK delegates HTTP execution entirely — auth, headers, and retries
are handled by the caller's transport stack.

Also adds cliEmbedded config flag that skips model generation when the
SDK is embedded in a CLI binary.

* fix(rust): Update http_client snapshot for RequestExecutor changes

* fix(rust): Address review findings - restore Clone, fix base64 executor, fix cliEmbedded types

- Restore #[derive(Clone)] on HttpClient (needed for pagination code gen)
- Update BASE64_METHOD template to use send_request() instead of direct
  apply_auth_headers/execute_with_retries (bypassed injected executor)
- Check cliEmbedded flag in generateApiModFile and generateLibFile to
  avoid declaring mod types when type generation is skipped

* fix(rust): Preserve SSE header precedence over custom headers

Move SSE-specific headers (Accept: text/event-stream, Cache-Control: no-store)
after apply_custom_headers in the default path so they always take precedence,
matching the original ordering. In the executor path, SSE headers are applied
before delegation.

---------

Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>

Author: jsklan

generators/rust/base/src/asIs/http_client.rs

@@ -1,5 +1,5 @@
 {{BASE64_IMPORT}}use crate::{join_url, ApiError, ClientConfig, OAuthTokenProvider, RequestOptions};
-use futures::{Stream, StreamExt};
+use futures::{future::BoxFuture, Stream, StreamExt};
 use reqwest::{
     header::{HeaderMap, HeaderName, HeaderValue},
     Client, Method, Request, Response,
@@ -100,6 +100,34 @@ impl Stream for ByteStream {
     }
 }
 
+/// Trait for executing HTTP requests, enabling injection of custom
+/// transport implementations (e.g., for CLI execution-sharing).
+///
+/// When an external executor is provided, the SDK delegates raw HTTP
+/// execution to it, allowing the caller's transport stack to handle
+/// auth, retries, and TLS configuration.
+#[doc(hidden)]
+pub trait RequestExecutor: Send + Sync {
+    fn execute(
+        &self,
+        request: Request,
+    ) -> BoxFuture<'_, Result<Response, reqwest::Error>>;
+}
+
+/// Default executor that delegates to a `reqwest::Client`.
+struct ReqwestExecutor {
+    client: Client,
+}
+
+impl RequestExecutor for ReqwestExecutor {
+    fn execute(
+        &self,
+        request: Request,
+    ) -> BoxFuture<'_, Result<Response, reqwest::Error>> {
+        Box::pin(self.client.execute(request))
+    }
+}
+
 /// Configuration for OAuth token fetching.
 ///
 /// This struct contains all the information needed to automatically fetch
@@ -124,6 +152,7 @@ struct OAuthTokenResponse {
 #[derive(Clone)]
 pub struct HttpClient {
     client: Client,
+    executor: Option<Arc<dyn RequestExecutor>>,
     config: ClientConfig,
     /// Optional OAuth configuration for automatic token management
     oauth_config: Option<OAuthConfig>,
@@ -151,11 +180,33 @@ impl HttpClient {
 
         Ok(Self {
             client,
+            executor: None,
             config,
             oauth_config,
         })
     }
 
+    /// Creates an HttpClient with an injected request executor.
+    ///
+    /// When using an injected executor, the client delegates HTTP execution
+    /// entirely to the executor. Auth headers, custom headers, and retry
+    /// logic are NOT applied by this client — the executor's transport
+    /// stack is expected to handle them. This prevents double-retry and
+    /// double-auth when the SDK is embedded inside a CLI.
+    #[doc(hidden)]
+    pub fn with_executor(
+        executor: Arc<dyn RequestExecutor>,
+        config: ClientConfig,
+    ) -> Self {
+        let client = Client::new();
+        Self {
+            client,
+            executor: Some(executor),
+            config,
+            oauth_config: None,
+        }
+    }
+
     /// Returns the configured base URL.
     pub fn base_url(&self) -> &str {
         &self.config.base_url
@@ -199,12 +250,9 @@ impl HttpClient {
             request = request.json(&body);
         }
 
-        let mut req = request.build().map_err(|e| ApiError::Network(e))?;
-
-        self.apply_auth_headers(&mut req, &options).await?;
-        self.apply_custom_headers(&mut req, &options)?;
+        let req = request.build().map_err(|e| ApiError::Network(e))?;
 
-        let response = self.execute_with_retries(req, &options).await?;
+        let response = self.send_request(req, &options).await?;
         self.parse_response_raw(response).await
     }
 
@@ -218,37 +266,28 @@ impl HttpClient {
         options: Option<RequestOptions>,
     ) -> Result<T, ApiError>
     where
-        T: DeserializeOwned, // Generic T: DeserializeOwned means the response will be automatically deserialized into whatever type you specify:
+        T: DeserializeOwned,
     {
         let url = join_url(&self.config.base_url, path);
         let mut request = self.client.request(method, &url);
 
-        // Apply query parameters if provided
         if let Some(params) = query_params {
             request = request.query(&params);
         }
 
-        // Apply additional query parameters from options
         if let Some(opts) = &options {
             if !opts.additional_query_params.is_empty() {
                 request = request.query(&opts.additional_query_params);
             }
         }
 
-        // Apply body if provided
         if let Some(body) = body {
             request = request.json(&body);
         }
 
-        // Build the request
-        let mut req = request.build().map_err(|e| ApiError::Network(e))?;
+        let req = request.build().map_err(|e| ApiError::Network(e))?;
 
-        // Apply authentication and headers
-        self.apply_auth_headers(&mut req, &options).await?;
-        self.apply_custom_headers(&mut req, &options)?;
-
-        // Execute with retries
-        let response = self.execute_with_retries(req, &options).await?;
+        let response = self.send_request(req, &options).await?;
         self.parse_response(response).await
     }
 
@@ -285,16 +324,31 @@ impl HttpClient {
             request = request.json(&body);
         }
 
-        let mut req = request.build().map_err(|e| ApiError::Network(e))?;
-
-        self.apply_auth_headers(&mut req, &options).await?;
-        self.apply_custom_headers(&mut req, &options)?;
+        let req = request.build().map_err(|e| ApiError::Network(e))?;
 
-        let response = self.execute_with_retries(req, &options).await?;
+        let response = self.send_request(req, &options).await?;
         self.parse_response(response).await
     }
 
-{{MULTIPART_METHOD}}{{BYTES_METHOD}}    async fn apply_auth_headers(
+{{MULTIPART_METHOD}}{{BYTES_METHOD}}    /// Applies auth/headers and executes the request, choosing between
+    /// the injected executor path (no SDK-level auth/headers/retries)
+    /// and the default path (full SDK behavior).
+    async fn send_request(
+        &self,
+        req: Request,
+        options: &Option<RequestOptions>,
+    ) -> Result<Response, ApiError> {
+        if let Some(executor) = &self.executor {
+            executor.execute(req).await.map_err(ApiError::Network)
+        } else {
+            let mut req = req;
+            self.apply_auth_headers(&mut req, options).await?;
+            self.apply_custom_headers(&mut req, options)?;
+            self.execute_with_retries(req, options).await
+        }
+    }
+
+    async fn apply_auth_headers(
         &self,
         request: &mut Request,
         options: &Option<RequestOptions>,
@@ -603,14 +657,9 @@ impl HttpClient {
         }
 
         // Build the request
-        let mut req = request.build().map_err(|e| ApiError::Network(e))?;
+        let req = request.build().map_err(|e| ApiError::Network(e))?;
 
-        // Apply authentication and headers
-        self.apply_auth_headers(&mut req, &options).await?;
-        self.apply_custom_headers(&mut req, &options)?;
-
-        // Execute with retries
-        let response = self.execute_with_retries(req, &options).await?;
+        let response = self.send_request(req, &options).await?;
 
         // Return streaming response
         Ok(ByteStream::new(response))
@@ -643,12 +692,9 @@ impl HttpClient {
             request = request.json(&body);
         }
 
-        let mut req = request.build().map_err(|e| ApiError::Network(e))?;
-
-        self.apply_auth_headers(&mut req, &options).await?;
-        self.apply_custom_headers(&mut req, &options)?;
+        let req = request.build().map_err(|e| ApiError::Network(e))?;
 
-        let response = self.execute_with_retries(req, &options).await?;
+        let response = self.send_request(req, &options).await?;
 
         Ok(ByteStream::new(response))
     }

generators/rust/base/src/project/RustProject.ts

@@ -210,21 +210,25 @@ export class RustProject extends AbstractProject<AbstractRustGeneratorContext<Ba
         request = request.multipart(form);
 
         // Build the request
-        let mut req = request.build().map_err(|e| ApiError::Network(e))?;
-
-        // Apply authentication and headers
-        self.apply_auth_headers(&mut req, &options).await?;
-        self.apply_custom_headers(&mut req, &options)?;
-
-        // Execute directly without retries (multipart requests cannot be cloned)
-        let response = self.client.execute(req).await.map_err(ApiError::Network)?;
+        let req = request.build().map_err(|e| ApiError::Network(e))?;
 
-        // Check response status
-        if !response.status().is_success() {
-            let status_code = response.status().as_u16();
-            let body = response.text().await.ok();
-            return Err(ApiError::from_response(status_code, body.as_deref()));
-        }
+        // Multipart requests cannot be cloned, so they skip retries
+        // even in the default path. With an injected executor, delegate
+        // entirely to the executor.
+        let response = if let Some(executor) = &self.executor {
+            executor.execute(req).await.map_err(ApiError::Network)?
+        } else {
+            let mut req = req;
+            self.apply_auth_headers(&mut req, &options).await?;
+            self.apply_custom_headers(&mut req, &options)?;
+            let response = self.client.execute(req).await.map_err(ApiError::Network)?;
+            if !response.status().is_success() {
+                let status_code = response.status().as_u16();
+                let body = response.text().await.ok();
+                return Err(ApiError::from_response(status_code, body.as_deref()));
+            }
+            response
+        };
 
         self.parse_response(response).await
     }
@@ -270,12 +274,9 @@ export class RustProject extends AbstractProject<AbstractRustGeneratorContext<Ba
                 .body(body);
         }
 
-        let mut req = request.build().map_err(|e| ApiError::Network(e))?;
-
-        self.apply_auth_headers(&mut req, &options).await?;
-        self.apply_custom_headers(&mut req, &options)?;
+        let req = request.build().map_err(|e| ApiError::Network(e))?;
 
-        let response = self.execute_with_retries(req, &options).await?;
+        let response = self.send_request(req, &options).await?;
         self.parse_response(response).await
     }
 
@@ -296,8 +297,8 @@ export class RustProject extends AbstractProject<AbstractRustGeneratorContext<Ba
     ///
     /// # SSE-Specific Headers
     ///
-    /// This method automatically sets the following headers **after** applying custom headers,
-    /// which means these headers will override any user-supplied values:
+    /// In the default path, these headers are applied **after** custom headers,
+    /// which means they will override any user-supplied values:
     /// - \`Accept: text/event-stream\` - Required for SSE protocol
     /// - \`Cache-Control: no-store\` - Prevents caching of streaming responses
     ///
@@ -358,33 +359,47 @@ export class RustProject extends AbstractProject<AbstractRustGeneratorContext<Ba
         // Build the request
         let mut req = request.build().map_err(|e| ApiError::Network(e))?;
 
-        // Apply authentication and headers
-        self.apply_auth_headers(&mut req, &options).await?;
-        self.apply_custom_headers(&mut req, &options)?;
-
-        // SSE-specific headers
-        req.headers_mut().insert(
-            "Accept",
-            "text/event-stream"
-                .parse()
-                .map_err(|_| ApiError::InvalidHeader)?,
-        );
-        req.headers_mut().insert(
-            "Cache-Control",
-            "no-store"
-                .parse()
-                .map_err(|_| ApiError::InvalidHeader)?,
-        );
-
         // Determine per-event timeout: request-level overrides client-level
         let timeout = options
             .as_ref()
             .and_then(|opts| opts.timeout_seconds)
             .map(std::time::Duration::from_secs)
             .unwrap_or(self.config.timeout);
 
-        // Execute with retries
-        let response = self.execute_with_retries(req, &options).await?;
+        let response = if let Some(executor) = &self.executor {
+            // SSE-specific headers for the executor path
+            req.headers_mut().insert(
+                "Accept",
+                "text/event-stream"
+                    .parse()
+                    .map_err(|_| ApiError::InvalidHeader)?,
+            );
+            req.headers_mut().insert(
+                "Cache-Control",
+                "no-store"
+                    .parse()
+                    .map_err(|_| ApiError::InvalidHeader)?,
+            );
+            executor.execute(req).await.map_err(ApiError::Network)?
+        } else {
+            self.apply_auth_headers(&mut req, &options).await?;
+            self.apply_custom_headers(&mut req, &options)?;
+            // SSE-specific headers applied after custom headers to ensure
+            // proper SSE behavior even if custom headers are provided
+            req.headers_mut().insert(
+                "Accept",
+                "text/event-stream"
+                    .parse()
+                    .map_err(|_| ApiError::InvalidHeader)?,
+            );
+            req.headers_mut().insert(
+                "Cache-Control",
+                "no-store"
+                    .parse()
+                    .map_err(|_| ApiError::InvalidHeader)?,
+            );
+            self.execute_with_retries(req, &options).await?
+        };
 
         // Return SSE stream with per-event timeout
         crate::SseStream::new(response, terminator, timeout).await
@@ -434,14 +449,9 @@ export class RustProject extends AbstractProject<AbstractRustGeneratorContext<Ba
         }
 
         // Build the request
-        let mut req = request.build().map_err(|e| ApiError::Network(e))?;
-
-        // Apply authentication and headers
-        self.apply_auth_headers(&mut req, &options).await?;
-        self.apply_custom_headers(&mut req, &options)?;
+        let req = request.build().map_err(|e| ApiError::Network(e))?;
 
-        // Execute with retries
-        let response = self.execute_with_retries(req, &options).await?;
+        let response = self.send_request(req, &options).await?;
 
         // Parse response as JSON string and decode base64
         let text = response.text().await.map_err(ApiError::Network)?;

generators/rust/sdk/changes/unreleased/add-request-executor-trait.yml

@@ -0,0 +1,6 @@
+- summary: |
+    Add `RequestExecutor` trait and `HttpClient::with_executor()` constructor
+    to enable CLI execution-sharing. When an external executor is injected,
+    the SDK delegates HTTP execution entirely — auth, headers, and retries
+    are handled by the caller's transport stack.
+  type: feat

generators/rust/sdk/src/SdkCustomConfig.ts

@@ -3,7 +3,13 @@ import { z } from "zod";
 
 export const SdkCustomConfigSchema = BaseRustCustomConfigSchema.extend({
     clientName: z.string().optional(),
-    generateExamples: z.boolean().optional().default(true)
+    generateExamples: z.boolean().optional().default(true),
+    /**
+     * When true, the SDK is being generated in CLI-embedded mode:
+     * - Model/type generation is skipped (types come from a co-generated types crate)
+     * - The `RequestExecutor` trait and `HttpClient::with_executor()` are the primary API surface
+     */
+    cliEmbedded: z.boolean().optional().default(false)
 });
 
 export type SdkCustomConfigSchema = z.infer<typeof SdkCustomConfigSchema>;