In the User Facing API section of the encryption spec, ClientEncryptionOpts are first described as having three fields, then later used with a fourth field bypass_auto_encryption:

class ClientEncryptionOpts {
   keyVaultClient: MongoClient;
   keyVaultNamespace: String;
   kmsProviders: Map<String, Map<String, Value>>;
} 
...

opts = ClientEncryptionOpts (
   key_vault_client=client,
   key_vault_namespace="admin.keyvault",
   kms_providers=kms,
   bypass_auto_encryption=True)

However, ClientEncryptionOpts does not support bypass_auto_encryption. ClientEncryption is only used for explicit encryption, not automatic.