@agentstep/agent-sdk 0.4.39 → 0.5.0

package/dist/{chunk-OXWELRJL.js → chunk-CBPO2P4I.js}

@@ -78,13 +78,27 @@ var ModelConfigSchema = registry.register(
 var AgentSchema = registry.register(
   "Agent",
   z.object({
+    type: z.literal("agent"),
     id: UlidId,
     version: z.number().int().positive(),
     name: z.string(),
-    model: z.string(),
+    description: z.string().openapi({ description: "Human-readable description of the agent." }),
+    model: z.object({
+      id: z.string(),
+      speed: z.enum(["standard", "fast"]).optional()
+    }).openapi({ description: "Model configuration. `id` is the canonical model identifier." }),
     system: z.string().nullable(),
     tools: z.array(ToolConfigSchema),
-    mcp_servers: z.record(McpServerConfigSchema),
+    mcp_servers: z.array(z.object({
+      name: z.string(),
+      type: z.string(),
+      url: z.string().optional()
+    }).catchall(z.unknown())).openapi({
+      description: "MCP servers configured for this agent. Each entry has a name, type, and optional url."
+    }),
+    metadata: z.record(z.string()).openapi({
+      description: "Key-value metadata attached to the agent. Values must be strings."
+    }),
     engine: z.enum(["claude", "opencode", "codex", "anthropic", "gemini", "factory", "pi"]).openapi({
       description: "Which agent harness powers this agent. `claude` drives `claude -p`; `opencode` drives sst/opencode-ai's `opencode run`; `gemini` drives Google's `gemini -p`; `factory` drives Factory's `droid exec`; `pi` drives the pi.dev coding agent (`pi --mode json`). Immutable after agent creation."
     }),
@@ -94,12 +108,22 @@ var AgentSchema = registry.register(
     webhook_events: z.array(z.string()).openapi({
       description: "Event types that trigger webhook delivery. Defaults to status + error events."
     }),
+    webhook_signing_enabled: z.boolean().openapi({
+      description: "Whether a webhook shared secret is configured. The secret itself is never returned."
+    }),
     threads_enabled: z.boolean().openapi({
       description: "Whether this agent can spawn sub-agents via the spawn_agent tool."
     }),
     confirmation_mode: z.boolean().openapi({
       description: "Whether this agent requires tool confirmation via user.tool_confirmation events. When true, claude runs with --permission-mode default and a PermissionRequest hook bridges tool approvals to the MA API."
     }),
+    callable_agents: z.array(z.object({
+      type: z.literal("agent"),
+      id: z.string(),
+      version: z.number().int().optional()
+    })).openapi({
+      description: "Agents that can be called by this agent via the spawn_agent tool."
+    }),
     skills: z.array(AgentSkillSchema).openapi({
       description: "Skills injected into the container at session start. For Claude backend, written to .claude/skills/<name>/SKILL.md. For all backends, also written to .agents/skills/<name>/SKILL.md. Non-Claude backends also receive skills prepended to the system prompt."
     }),
@@ -107,17 +131,30 @@ var AgentSchema = registry.register(
       description: "Model configuration options. 'fast' speed enables fast mode on Claude (claude engine only)."
     }),
     created_at: IsoTimestamp,
-    updated_at: IsoTimestamp
+    updated_at: IsoTimestamp,
+    archived_at: IsoTimestamp.nullable()
   })
 );
 var CreateAgentRequestSchema = registry.register(
   "CreateAgentRequest",
   z.object({
     name: z.string().min(1).openapi({ example: "my-agent" }),
-    model: z.string().min(1).openapi({ example: "claude-sonnet-4-6" }),
+    model: z.object({ id: z.string().min(1), speed: z.enum(["standard", "fast"]).optional() }).openapi({ description: "Model configuration. `id` is the canonical model identifier.", example: { id: "claude-sonnet-4-6" } }),
+    description: z.string().max(2048).optional().openapi({
+      description: "Human-readable description of the agent."
+    }),
+    metadata: z.record(z.string(), z.string().max(512)).optional().openapi({
+      description: "Key-value metadata. Max 16 keys, values max 512 chars."
+    }),
     system: z.string().nullish().openapi({ example: "You are a helpful assistant." }),
     tools: z.array(ToolConfigSchema).optional(),
-    mcp_servers: z.record(McpServerConfigSchema).optional(),
+    mcp_servers: z.array(z.object({
+      name: z.string(),
+      type: z.string().optional(),
+      url: z.string().optional()
+    }).catchall(z.unknown())).optional().openapi({
+      description: "MCP servers as an array of objects with name, type, and optional url."
+    }),
     engine: z.enum(["claude", "opencode", "codex", "anthropic", "gemini", "factory", "pi"]).optional().openapi({
       description: "Agent harness. Defaults to `claude`. Opencode agents must set `model` to a `provider/model` string (e.g. `anthropic/claude-sonnet-4-6`) and must NOT declare `tools` \u2014 opencode manages its tool surface internally. Gemini agents require GEMINI_API_KEY. Factory agents require FACTORY_API_KEY. Pi agents (pi.dev) require at least one of ANTHROPIC_API_KEY, OPENAI_API_KEY, or GEMINI_API_KEY.",
       example: "claude"
@@ -143,7 +180,7 @@ var CreateAgentRequestSchema = registry.register(
   }).openapi({
     example: {
       name: "my-agent",
-      model: "claude-sonnet-4-6",
+      model: { id: "claude-sonnet-4-6" },
       system: "You are a helpful assistant.",
       tools: [{ type: "agent_toolset_20260401" }]
     }
@@ -152,11 +189,28 @@ var CreateAgentRequestSchema = registry.register(
 var UpdateAgentRequestSchema = registry.register(
   "UpdateAgentRequest",
   z.object({
+    version: z.number().int().min(1).openapi({
+      description: "Current agent version for optimistic concurrency. Must match the agent's current version."
+    }),
     name: z.string().min(1).optional(),
-    model: z.string().min(1).optional(),
+    model: z.object({ id: z.string().min(1), speed: z.enum(["standard", "fast"]).optional() }).optional().openapi({
+      description: "Model configuration. `id` is the canonical model identifier."
+    }),
+    description: z.string().max(2048).optional().openapi({
+      description: "Human-readable description of the agent."
+    }),
+    metadata: z.record(z.string(), z.string().max(512)).optional().openapi({
+      description: "Key-value metadata. Max 16 keys, values max 512 chars."
+    }),
     system: z.string().nullish(),
     tools: z.array(ToolConfigSchema).optional(),
-    mcp_servers: z.record(McpServerConfigSchema).optional(),
+    mcp_servers: z.array(z.object({
+      name: z.string(),
+      type: z.string().optional(),
+      url: z.string().optional()
+    }).catchall(z.unknown())).optional().openapi({
+      description: "MCP servers as an array of objects with name, type, and optional url."
+    }),
     skills: z.array(AgentSkillSchema).max(20).optional().openapi({
       description: "Updated skills list. Replaces the existing skills entirely."
     }),
@@ -198,6 +252,7 @@ var EnvironmentConfigSchema = registry.register(
 var EnvironmentSchema = registry.register(
   "Environment",
   z.object({
+    type: z.literal("environment"),
     id: UlidId,
     name: z.string(),
     description: z.string().nullable().openapi({
@@ -254,7 +309,10 @@ var SessionUsageSchema = z.object({
   input_tokens: z.number().int().nonnegative(),
   output_tokens: z.number().int().nonnegative(),
   cache_read_input_tokens: z.number().int().nonnegative(),
-  cache_creation_input_tokens: z.number().int().nonnegative(),
+  cache_creation: z.object({
+    ephemeral_5m_input_tokens: z.number().int().nonnegative(),
+    ephemeral_1h_input_tokens: z.number().int().nonnegative()
+  }),
   cost_usd: z.number().nonnegative()
 });
 var SessionStatusSchema = registry.register(
@@ -265,7 +323,18 @@ var SessionSchema = registry.register(
   "Session",
   z.object({
     id: UlidId,
-    agent: z.object({ id: UlidId, version: z.number().int().positive() }),
+    agent: z.object({
+      type: z.literal("agent"),
+      id: UlidId,
+      version: z.number().int().positive(),
+      name: z.string(),
+      description: z.string(),
+      model: z.object({ id: z.string(), speed: z.enum(["standard", "fast"]).optional() }),
+      system: z.string().nullable(),
+      tools: z.array(z.record(z.unknown())),
+      mcp_servers: z.array(z.record(z.unknown())),
+      skills: z.array(z.record(z.unknown()))
+    }),
     environment_id: UlidId,
     status: SessionStatusSchema,
     stop_reason: z.union([
@@ -425,11 +494,17 @@ var ManagedEventSchema = registry.register(
 var VaultSchema = registry.register(
   "Vault",
   z.object({
+    type: z.literal("vault"),
     id: UlidId,
-    agent_id: UlidId,
+    agent_id: UlidId.nullable().openapi({ description: "Owning agent ID. Null for unscoped vaults." }),
     name: z.string(),
+    display_name: z.string().openapi({ description: "Anthropic-compatible alias for `name`." }),
+    metadata: z.record(z.string()).openapi({
+      description: "Key-value metadata attached to the vault. Values must be strings."
+    }),
     created_at: IsoTimestamp,
-    updated_at: IsoTimestamp
+    updated_at: IsoTimestamp,
+    archived_at: IsoTimestamp.nullable()
   })
 );
 var VaultEntrySchema = registry.register(
@@ -442,10 +517,21 @@ var VaultEntrySchema = registry.register(
 var CreateVaultRequestSchema = registry.register(
   "CreateVaultRequest",
   z.object({
-    agent_id: UlidId.openapi({ example: "agent_01ABCDEFG..." }),
+    agent_id: UlidId.optional().openapi({ example: "agent_01ABCDEFG...", description: "Owning agent ID. Optional for unscoped vaults." }),
     name: z.string().min(1).openapi({ example: "my-vault" })
   })
 );
+var UpdateVaultRequestSchema = registry.register(
+  "UpdateVaultRequest",
+  z.object({
+    display_name: z.string().min(1).max(255).optional().openapi({
+      description: "Update the vault display name."
+    }),
+    metadata: z.record(z.string().max(512)).optional().openapi({
+      description: "Replaces the metadata entirely. Max 16 key-value pairs."
+    })
+  })
+);
 var SetVaultEntryRequestSchema = registry.register(
   "SetVaultEntryRequest",
   z.object({
@@ -555,9 +641,7 @@ var FileListResponseSchema = registry.register(
   "FileListResponse",
   z.object({
     data: z.array(FileRecordSchema),
-    has_more: z.boolean().openapi({ description: "Whether there are more results beyond this page." }),
-    first_id: z.string().nullable().openapi({ description: "ID of the first item in this page." }),
-    last_id: z.string().nullable().openapi({ description: "ID of the last item in this page." })
+    next_page: z.string().nullable().openapi({ description: "Opaque cursor for the next page, or null if no more results." })
   })
 );
 var FileDeletedResponseSchema = registry.register(
@@ -1093,6 +1177,7 @@ export {
   VaultSchema,
   VaultEntrySchema,
   CreateVaultRequestSchema,
+  UpdateVaultRequestSchema,
   SetVaultEntryRequestSchema,
   VaultDeletedResponseSchema,
   VaultEntryDeletedResponseSchema,

package/dist/{chunk-32XS3Y6P.js → chunk-CLSGNQ7J.js}

@@ -1,32 +1,32 @@
 import {
   resolveRemoteSessionId
-} from "./chunk-L2RX552S.js";
+} from "./chunk-22OUZJAV.js";
 import {
   assertResourceTenant
 } from "./chunk-23UKWXJH.js";
 import {
   authenticateAndIntercept
-} from "./chunk-WQARLGBG.js";
+} from "./chunk-GCQDNUS2.js";
 import {
   forwardToAnthropic
-} from "./chunk-JCW3ZRES.js";
+} from "./chunk-MQBMXAPU.js";
 import {
   ensureInitialized
-} from "./chunk-LMNFIJ6M.js";
+} from "./chunk-PN3AWRMX.js";
 import {
   getProxiedTenantId,
   isProxied
-} from "./chunk-E7DD7F7J.js";
+} from "./chunk-5U5LRAFJ.js";
 import {
   subscribe
-} from "./chunk-MHBLVGRF.js";
+} from "./chunk-5MERXOLJ.js";
 import {
   getSession
-} from "./chunk-3NK6YTA5.js";
+} from "./chunk-KUWJJD6O.js";
 import {
   getDb,
   init_client
-} from "./chunk-6POQAFEC.js";
+} from "./chunk-W3JMIUHV.js";
 import {
   notFound,
   toResponse

package/dist/{chunk-SV2B3P6B.js → chunk-DBFPJSOY.js}

@@ -1,11 +1,12 @@
 // src/sessions/mcp-auth.ts
 function injectMcpAuthHeaders(agent, vaultEntries) {
   const mcpServers = agent.mcp_servers;
-  if (!mcpServers || Object.keys(mcpServers).length === 0) return agent;
+  if (!mcpServers || mcpServers.length === 0) return agent;
   if (vaultEntries.length === 0) return agent;
   const serverLookup = /* @__PURE__ */ new Map();
-  for (const name of Object.keys(mcpServers)) {
-    serverLookup.set(name.toUpperCase().replace(/-/g, "_"), name);
+  for (let i = 0; i < mcpServers.length; i++) {
+    const name = mcpServers[i].name;
+    serverLookup.set(name.toUpperCase().replace(/-/g, "_"), i);
   }
   let mutated = false;
   const merged = {};
@@ -13,10 +14,10 @@ function injectMcpAuthHeaders(agent, vaultEntries) {
     const authMatch = /^MCP_AUTH_(.+)$/i.exec(key);
     if (authMatch) {
       const norm = authMatch[1].toUpperCase();
-      const serverName = serverLookup.get(norm);
-      if (serverName) {
-        merged[serverName] = merged[serverName] ?? {};
-        merged[serverName]["Authorization"] = `Bearer ${value}`;
+      const idx = serverLookup.get(norm);
+      if (idx !== void 0) {
+        merged[idx] = merged[idx] ?? {};
+        merged[idx]["Authorization"] = `Bearer ${value}`;
         mutated = true;
       }
       continue;
@@ -28,10 +29,10 @@ function injectMcpAuthHeaders(agent, vaultEntries) {
       for (let i = parts.length - 1; i >= 1; i--) {
         const serverPart = parts.slice(0, i).join("_").toUpperCase();
         const headerPart = parts.slice(i).join("-");
-        const serverName = serverLookup.get(serverPart);
-        if (serverName) {
-          merged[serverName] = merged[serverName] ?? {};
-          merged[serverName][headerPart] = value;
+        const idx = serverLookup.get(serverPart);
+        if (idx !== void 0) {
+          merged[idx] = merged[idx] ?? {};
+          merged[idx][headerPart] = value;
           mutated = true;
           break;
         }
@@ -39,13 +40,14 @@ function injectMcpAuthHeaders(agent, vaultEntries) {
     }
   }
   if (!mutated) return agent;
-  const newServers = { ...mcpServers };
-  for (const [name, headers] of Object.entries(merged)) {
-    newServers[name] = {
-      ...newServers[name],
-      headers: { ...newServers[name].headers, ...headers }
+  const newServers = mcpServers.map((server, idx) => {
+    const headers = merged[idx];
+    if (!headers) return server;
+    return {
+      ...server,
+      headers: { ...server.headers, ...headers }
     };
-  }
+  });
   return { ...agent, mcp_servers: newServers };
 }
 

package/dist/{chunk-JWH4OIBP.js → chunk-DJZSPWG2.js}

@@ -1,17 +1,17 @@
 import {
   listTraces
-} from "./chunk-6GP5IKXE.js";
+} from "./chunk-XSNJ7NT2.js";
 import {
   jsonOk,
   routeWrap
-} from "./chunk-RH4GKU52.js";
+} from "./chunk-QTXAWC5J.js";
 import {
   exportTrace
-} from "./chunk-GVPJL3XS.js";
+} from "./chunk-JP7Y3TKK.js";
 import {
   listEventsByTrace,
   rowToManagedEvent
-} from "./chunk-TH7WJLZC.js";
+} from "./chunk-KGBKIJPF.js";
 import {
   badRequest,
   notFound

package/dist/{chunk-JZL4L54R.js → chunk-DKLHYSPW.js}

@@ -3,11 +3,11 @@ import {
 } from "./chunk-S3JRZFF5.js";
 import {
   buildGeminiArgs
-} from "./chunk-JHGJG2Z2.js";
+} from "./chunk-IBYOMAZ3.js";
 import {
   buildGeminiAuthEnv,
   validateGeminiRuntime
-} from "./chunk-V2R7RWVY.js";
+} from "./chunk-STJNO6SL.js";
 import {
   prepareGeminiOnSandbox
 } from "./chunk-XG4UIGDH.js";

package/dist/{chunk-NQVRZAIX.js → chunk-DMMNAQUM.js}

@@ -10,10 +10,10 @@ import {
 import {
   getDrizzle,
   init_drizzle
-} from "./chunk-R5T4LJSK.js";
+} from "./chunk-PZNAQBHQ.js";
 import {
   schema_exports
-} from "./chunk-ZMJ4EP4C.js";
+} from "./chunk-ILHIHMO3.js";
 
 // src/db/files.ts
 init_drizzle();

package/dist/{chunk-Y6SFUNGO.js → chunk-EOJ66GY7.js}

@@ -1,6 +1,6 @@
 import {
   SUPPORTED_PROVIDERS
-} from "./chunk-PIJKJNGB.js";
+} from "./chunk-24IDJ7LY.js";
 import {
   addUpstreamKey,
   deleteUpstreamKey,
@@ -8,20 +8,20 @@ import {
   enableUpstreamKey,
   getUpstreamKey,
   listUpstreamKeys
-} from "./chunk-H7UKW666.js";
+} from "./chunk-445EL6J5.js";
 import {
   requireGlobalAdmin
 } from "./chunk-23UKWXJH.js";
 import {
   recordAudit
-} from "./chunk-KLN6HPYM.js";
+} from "./chunk-L3IACZ72.js";
 import {
   requireFeature
 } from "./chunk-2N2KL4KM.js";
 import {
   jsonOk,
   routeWrap
-} from "./chunk-RH4GKU52.js";
+} from "./chunk-QTXAWC5J.js";
 import {
   badRequest,
   notFound

package/dist/{chunk-EUINGLHA.js → chunk-EWIWVXXP.js}

@@ -1,10 +1,10 @@
 import {
   syncAndCreateSession
-} from "./chunk-DU7LSFQQ.js";
+} from "./chunk-7SY65LWY.js";
 import {
   resolveRemoteSessionId,
   upsertSync
-} from "./chunk-L2RX552S.js";
+} from "./chunk-22OUZJAV.js";
 import {
   assertResourceTenant,
   tenantFilter
@@ -14,14 +14,16 @@ import {
 } from "./chunk-DC2UMEQH.js";
 import {
   kickoffEnvironmentSetup
-} from "./chunk-C6AXM3M7.js";
+} from "./chunk-LQP6XGFU.js";
 import {
+  decodeCursor,
   jsonOk,
+  paginatedOk,
   routeWrap
-} from "./chunk-RH4GKU52.js";
+} from "./chunk-QTXAWC5J.js";
 import {
   forwardToAnthropic
-} from "./chunk-JCW3ZRES.js";
+} from "./chunk-MQBMXAPU.js";
 import {
   errors_exports,
   init_errors
@@ -31,18 +33,18 @@ import {
   isProxied,
   markProxied,
   unmarkProxied
-} from "./chunk-E7DD7F7J.js";
+} from "./chunk-5U5LRAFJ.js";
 import {
   dropActor,
   getActor
 } from "./chunk-LAWTTG2E.js";
 import {
   releaseSession
-} from "./chunk-N76ZVITA.js";
+} from "./chunk-JFOHGHW5.js";
 import {
   appendEvent,
   dropEmitter
-} from "./chunk-MHBLVGRF.js";
+} from "./chunk-5MERXOLJ.js";
 import {
   archiveSession,
   createSession,
@@ -50,13 +52,13 @@ import {
   listSessions,
   updateSessionMutable,
   updateSessionStatus
-} from "./chunk-3NK6YTA5.js";
+} from "./chunk-KUWJJD6O.js";
 import {
   getEnvironment
-} from "./chunk-X6IQ57SC.js";
+} from "./chunk-H6OT5GUL.js";
 import {
   getAgent
-} from "./chunk-ZTH5JRZG.js";
+} from "./chunk-BCIFFAGW.js";
 import {
   init_clock,
   nowMs
@@ -64,7 +66,7 @@ import {
 import {
   getDb,
   init_client
-} from "./chunk-6POQAFEC.js";
+} from "./chunk-W3JMIUHV.js";
 import {
   badRequest,
   notFound
@@ -445,13 +447,25 @@ function handleListSessions(request) {
     const limit = url.searchParams.get("limit");
     const order = url.searchParams.get("order");
     const includeArchived = url.searchParams.get("include_archived") === "true";
-    const cursor = url.searchParams.get("page") ?? void 0;
+    const cursor = decodeCursor(url.searchParams.get("page"));
     const agentId = url.searchParams.get("agent_id") ?? void 0;
     const agentVersion = url.searchParams.get("agent_version");
     const environmentId = url.searchParams.get("environment_id") ?? void 0;
+    const statusesRaw = url.searchParams.getAll("statuses");
     const statusRaw = url.searchParams.get("status");
+    let statuses;
     let status;
-    if (statusRaw != null) {
+    if (statusesRaw.length > 0) {
+      const values = statusesRaw.flatMap((v) => v.split(","));
+      for (const v of values) {
+        if (!ALLOWED_STATUSES.includes(v)) {
+          throw badRequest(
+            `invalid statuses value: ${v} (allowed: ${ALLOWED_STATUSES.join(",")})`
+          );
+        }
+      }
+      statuses = values;
+    } else if (statusRaw != null) {
       if (!ALLOWED_STATUSES.includes(statusRaw)) {
         throw badRequest(
           `invalid status value: ${statusRaw} (allowed: ${ALLOWED_STATUSES.join(",")})`
@@ -465,6 +479,7 @@ function handleListSessions(request) {
       agent_version: agentVersion ? Number(agentVersion) : void 0,
       environmentId,
       status,
+      statuses,
       limit: requestedLimit,
       order: order ?? void 0,
       includeArchived,
@@ -475,12 +490,7 @@ function handleListSessions(request) {
       createdLte: parseMs(url.searchParams.get("created_at[lte]")),
       tenantFilter: tenantFilter(auth)
     });
-    return jsonOk({
-      data,
-      has_more: data.length === requestedLimit,
-      first_id: data.length > 0 ? data[0].id : null,
-      last_id: data.length > 0 ? data[data.length - 1].id : null
-    });
+    return paginatedOk(data, requestedLimit);
   });
 }
 function handleGetSession(request, id) {

package/dist/{chunk-5EKQBD2H.js → chunk-FCUXFLNK.js}

@@ -10,10 +10,10 @@ import {
 import {
   getDrizzle,
   init_drizzle
-} from "./chunk-R5T4LJSK.js";
+} from "./chunk-PZNAQBHQ.js";
 import {
   schema_exports
-} from "./chunk-ZMJ4EP4C.js";
+} from "./chunk-ILHIHMO3.js";
 import {
   __esm,
   __export

package/dist/{chunk-LAVHQCRP.js → chunk-FSQ4HGHX.js}

@@ -11,18 +11,18 @@ import {
   getFileRecord,
   listFiles,
   updateFileStoragePath
-} from "./chunk-NQVRZAIX.js";
+} from "./chunk-DMMNAQUM.js";
 import {
   assertResourceTenant
 } from "./chunk-23UKWXJH.js";
 import {
   jsonOk,
   routeWrap
-} from "./chunk-RH4GKU52.js";
+} from "./chunk-QTXAWC5J.js";
 import {
   getDb,
   init_client
-} from "./chunk-6POQAFEC.js";
+} from "./chunk-W3JMIUHV.js";
 import {
   badRequest,
   notFound

package/dist/{chunk-WQARLGBG.js → chunk-GCQDNUS2.js}

@@ -1,6 +1,6 @@
 import {
   forwardToAnthropic
-} from "./chunk-JCW3ZRES.js";
+} from "./chunk-MQBMXAPU.js";
 import {
   isAnthropicApiKey,
   isPassthroughAllowedPath
@@ -8,10 +8,10 @@ import {
 import {
   findByRawKey,
   hydratePermissions
-} from "./chunk-USYY3L7G.js";
+} from "./chunk-T3FQPTOA.js";
 import {
   getConfig
-} from "./chunk-V7MTIMPB.js";
+} from "./chunk-X6QIWZ33.js";
 import {
   unauthorized
 } from "./chunk-EZYKRG4W.js";

package/dist/{chunk-MXOG5SAO.js → chunk-GFSRNOPI.js}

@@ -5,23 +5,25 @@ import {
 } from "./chunk-23UKWXJH.js";
 import {
   kickoffEnvironmentSetup
-} from "./chunk-C6AXM3M7.js";
+} from "./chunk-LQP6XGFU.js";
 import {
+  decodeCursor,
   jsonOk,
+  paginatedOk,
   routeWrap
-} from "./chunk-RH4GKU52.js";
+} from "./chunk-QTXAWC5J.js";
 import {
   forwardToAnthropic
-} from "./chunk-JCW3ZRES.js";
+} from "./chunk-MQBMXAPU.js";
 import {
   getProxiedTenantId,
   isProxied,
   markProxied,
   unmarkProxied
-} from "./chunk-E7DD7F7J.js";
+} from "./chunk-5U5LRAFJ.js";
 import {
   resolveContainerProvider
-} from "./chunk-WPK4ZPMG.js";
+} from "./chunk-UE6DNLSV.js";
 import {
   archiveEnvironment,
   createEnvironment,
@@ -30,11 +32,11 @@ import {
   hasSessionsAttached,
   listEnvironments,
   updateEnvironment
-} from "./chunk-X6IQ57SC.js";
+} from "./chunk-H6OT5GUL.js";
 import {
   getDb,
   init_client
-} from "./chunk-6POQAFEC.js";
+} from "./chunk-W3JMIUHV.js";
 import {
   badRequest,
   conflict,
@@ -155,7 +157,7 @@ function handleListEnvironments(request) {
     const limit = url.searchParams.get("limit");
     const order = url.searchParams.get("order");
     const includeArchived = url.searchParams.get("include_archived") === "true";
-    const cursor = url.searchParams.get("page") ?? void 0;
+    const cursor = decodeCursor(url.searchParams.get("page"));
     const requestedLimit = limit ? Number(limit) : 20;
     const data = listEnvironments({
       limit: requestedLimit,
@@ -164,12 +166,7 @@ function handleListEnvironments(request) {
       cursor,
       tenantFilter: tenantFilter(auth)
     });
-    return jsonOk({
-      data,
-      has_more: data.length === requestedLimit,
-      first_id: data.length > 0 ? data[0].id : null,
-      last_id: data.length > 0 ? data[data.length - 1].id : null
-    });
+    return paginatedOk(data, requestedLimit);
   });
 }
 function handleGetEnvironment(request, id) {