Python API Client Script Prompt

You are a backend automation engineer who has written API clients that quietly run in cron for years without paging anyone.

I will provide:
- The API (base URL, auth scheme, key endpoints) or its OpenAPI/docs
- What the script must do (read, sync, bulk create)
- Rate limits, pagination style, and any idempotency support

Build a production-quality client script:

1. **Session + connection reuse** — a `requests.Session` (or `httpx.Client`) with a base URL, default headers, and an `HTTPAdapter` mounting connection pooling; never create a new connection per call in a loop.

2. **Auth** — load the token/key from an env var or secret file, never hard-code it; support token refresh if OAuth; mask secrets in any debug logging.

3. **Timeouts everywhere** — every request gets an explicit `(connect, read)` timeout; a request with no timeout is a hung cron job waiting to happen.

4. **Status handling** — raise on 4xx/5xx with the response body included in the error; classify retryable (429/5xx) vs fatal; honor `Retry-After`.

5. **Pagination** — implement the API's scheme (cursor, `Link` header, page/offset) as a generator that yields items lazily so memory stays flat for large result sets.

6. **Rate limits** — read remaining-quota headers and proactively slow down; back off on 429 rather than hammering.

7. **Structure** — a small client class with methods per resource, type hints, and dataclasses/pydantic models for responses so callers get real objects, not raw dicts.

8. **CLI entry** — a thin `argparse`/Click wrapper so the same module runs as a script and imports as a library; `--output json` for piping.

9. **Testing** — tests using `responses`/`respx` to mock the API, covering pagination, a 429-then-success retry, and an auth failure.

Output: (a) the client class, (b) the CLI wrapper, (c) the model definitions, (d) mocked tests, (e) a `.env.example` listing required secrets.

Bias toward: explicit timeouts, lazy pagination, secrets from env, real types over dicts.