@exulu/backend 1.22.0 → 1.23.0

package/dist/index.js

@@ -1,10 +1,3 @@
-var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
-  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
-}) : x)(function(x) {
-  if (typeof require !== "undefined") return require.apply(this, arguments);
-  throw Error('Dynamic require of "' + x + '" is not supported');
-});
-
 // src/index.ts
 import "dotenv/config";
 
@@ -762,6 +755,10 @@ var agentSessionsSchema = {
     {
       name: "title",
       type: "text"
+    },
+    {
+      name: "project",
+      type: "uuid"
     }
   ]
 };
@@ -839,6 +836,37 @@ var workflowTemplatesSchema = {
     }
   ]
 };
+var projectsSchema = {
+  type: "projects",
+  name: {
+    plural: "projects",
+    singular: "project"
+  },
+  RBAC: true,
+  fields: [
+    {
+      name: "name",
+      type: "text",
+      required: true
+    },
+    {
+      name: "description",
+      type: "text"
+    },
+    {
+      name: "image",
+      type: "text"
+    },
+    {
+      name: "custom_instructions",
+      type: "longText"
+    },
+    {
+      name: "context_files",
+      type: "json"
+    }
+  ]
+};
 var agentsSchema = {
   type: "agents",
   name: {
@@ -898,6 +926,10 @@ var usersSchema = {
       name: "favourite_agents",
       type: "json"
     },
+    {
+      name: "favourite_projects",
+      type: "json"
+    },
     {
       name: "firstname",
       type: "text"
@@ -1185,6 +1217,10 @@ var rbacSchema = {
       name: "user_id",
       type: "number"
     },
+    {
+      name: "project_id",
+      type: "uuid"
+    },
     {
       name: "rights",
       type: "text",
@@ -1216,6 +1252,7 @@ var coreSchemas = {
       agentsSchema: () => addRBACfields(agentsSchema),
       agentMessagesSchema: () => addRBACfields(agentMessagesSchema),
       agentSessionsSchema: () => addRBACfields(agentSessionsSchema),
+      projectsSchema: () => addRBACfields(projectsSchema),
       usersSchema: () => addRBACfields(usersSchema),
       rolesSchema: () => addRBACfields(rolesSchema),
       statisticsSchema: () => addRBACfields(statisticsSchema),
@@ -1454,7 +1491,7 @@ var getRequestedFields = (info) => {
   return fields.filter((field) => field !== "pageInfo" && field !== "items" && field !== "RBAC");
 };
 var handleRBACUpdate = async (db3, entityName, resourceId, rbacData, existingRbacRecords) => {
-  const { users = [], roles = [] } = rbacData;
+  const { users = [], roles = [], projects = [] } = rbacData;
   if (!existingRbacRecords) {
     existingRbacRecords = await db3.from("rbac").where({
       entity: entityName,
@@ -1463,18 +1500,25 @@ var handleRBACUpdate = async (db3, entityName, resourceId, rbacData, existingRba
   }
   const newUserRecords = new Set(users.map((u) => `${u.id}:${u.rights}`));
   const newRoleRecords = new Set(roles.map((r) => `${r.id}:${r.rights}`));
+  const newProjectRecords = new Set(projects.map((p) => `${p.id}:${p.rights}`));
   const existingUserRecords = new Set(existingRbacRecords.filter((r) => r.access_type === "User").map((r) => `${r.user_id}:${r.rights}`));
   const existingRoleRecords = new Set(existingRbacRecords.filter((r) => r.access_type === "Role").map((r) => `${r.role_id}:${r.rights}`));
+  const existingProjectRecords = new Set(existingRbacRecords.filter((r) => r.access_type === "Project").map((r) => `${r.project_id}:${r.rights}`));
   const usersToCreate = users.filter((u) => !existingUserRecords.has(`${u.id}:${u.rights}`));
   const rolesToCreate = roles.filter((r) => !existingRoleRecords.has(`${r.id}:${r.rights}`));
+  const projectsToCreate = projects.filter((p) => !existingProjectRecords.has(`${p.id}:${p.rights}`));
   const usersToRemove = existingRbacRecords.filter((r) => r.access_type === "User" && !newUserRecords.has(`${r.user_id}:${r.rights}`));
   const rolesToRemove = existingRbacRecords.filter((r) => r.access_type === "Role" && !newRoleRecords.has(`${r.role_id}:${r.rights}`));
+  const projectsToRemove = existingRbacRecords.filter((r) => r.access_type === "Project" && !newProjectRecords.has(`${r.project_id}:${r.rights}`));
   if (usersToRemove.length > 0) {
     await db3.from("rbac").whereIn("id", usersToRemove.map((r) => r.id)).del();
   }
   if (rolesToRemove.length > 0) {
     await db3.from("rbac").whereIn("id", rolesToRemove.map((r) => r.id)).del();
   }
+  if (projectsToRemove.length > 0) {
+    await db3.from("rbac").whereIn("id", projectsToRemove.map((r) => r.id)).del();
+  }
   const recordsToInsert = [];
   usersToCreate.forEach((user) => {
     recordsToInsert.push({
@@ -1498,6 +1542,17 @@ var handleRBACUpdate = async (db3, entityName, resourceId, rbacData, existingRba
       updatedAt: /* @__PURE__ */ new Date()
     });
   });
+  projectsToCreate.forEach((project) => {
+    recordsToInsert.push({
+      entity: entityName,
+      access_type: "Project",
+      target_resource_id: resourceId,
+      project_id: project.id,
+      rights: project.rights,
+      createdAt: /* @__PURE__ */ new Date(),
+      updatedAt: /* @__PURE__ */ new Date()
+    });
+  });
   if (recordsToInsert.length > 0) {
     await db3.from("rbac").insert(recordsToInsert);
   }
@@ -1562,6 +1617,52 @@ function createMutations(table, agents, contexts, tools) {
         }
         throw new Error("Insufficient role permissions to edit this record");
       }
+      if (record.rights_mode === "projects") {
+        const projects = await db3.from("rbac").where({
+          entity: table.name.singular,
+          target_resource_id: id,
+          access_type: "Project",
+          rights: "write"
+        });
+        if (projects.length === 0) {
+          throw new Error("Entity ${table.name.singular} has its rights mode set to projects, but is not shared with any projects.");
+        }
+        const checks = await Promise.all(projects.map(async (project) => {
+          if (project.rights_mode === "private" && project.created_by !== user.id) {
+            return false;
+          }
+          if (project.rights_mode === "users") {
+            const rbacRecord = await db3.from("rbac").where({
+              entity: "project",
+              target_resource_id: project.id,
+              access_type: "User",
+              user_id: user.id,
+              rights: "write"
+            }).first();
+            if (rbacRecord) {
+              return true;
+            }
+            return false;
+          }
+          if (record.rights_mode === "roles" && user.role) {
+            const rbacRecord = await db3.from("rbac").where({
+              entity: "project",
+              target_resource_id: project.id,
+              access_type: "Role",
+              role_id: user.role,
+              rights: "write"
+            }).first();
+            if (rbacRecord) {
+              return true;
+            }
+            return false;
+          }
+          return false;
+        }));
+        if (checks.some((check) => check)) {
+          return true;
+        }
+      }
       throw new Error("Insufficient permissions to edit this record");
     } catch (error) {
       console.error("Write access validation error:", error);
@@ -2549,13 +2650,16 @@ var RBACResolver = async (db3, entityName, resourceId, rights_mode) => {
   }).select("*");
   const users = rbacRecords.filter((r) => r.access_type === "User")?.map((r) => ({ id: r.user_id, rights: r.rights }));
   const roles = rbacRecords.filter((r) => r.access_type === "Role")?.map((r) => ({ id: r.role_id, rights: r.rights }));
+  const projects = rbacRecords.filter((r) => r.access_type === "Project")?.map((r) => ({ id: r.project_id, rights: r.rights }));
   let type = rights_mode || "private";
   if (type === "users" && users.length === 0) type = "private";
   if (type === "roles" && roles.length === 0) type = "private";
+  if (type === "projects" && projects.length === 0) type = "private";
   return {
     type,
     users,
-    roles
+    roles,
+    projects
   };
 };
 var contextToTableDefinition = (context) => {
@@ -2648,6 +2752,7 @@ function createSDL(tables, contexts, agents, tools) {
       type: String!
       users: [RBACUser!]
       roles: [RBACRole!]
+      projects: [RBACProject!]
     }
     
     type RBACUser {
@@ -2660,9 +2765,15 @@ function createSDL(tables, contexts, agents, tools) {
       rights: String!
     }
     
+    type RBACProject {
+      id: ID!
+      rights: String!
+    }
+    
     input RBACInput {
       users: [RBACUserInput!]
       roles: [RBACRoleInput!]
+      projects: [RBACProjectInput!]
     }
     
     input RBACUserInput {
@@ -2675,6 +2786,11 @@ function createSDL(tables, contexts, agents, tools) {
       rights: String!
     }
     
+    input RBACProjectInput {
+      id: ID!
+      rights: String!
+    }
+    
     type Query {
     `;
   let mutationDefs = `
@@ -3085,21 +3201,6 @@ function generateSlug(name) {
   const slug = lowercase.replace(/[\W_]+/g, "-").replace(/^-+|-+$/g, "");
   return slug;
 }
-var ExuluZodFileType = ({
-  name,
-  label,
-  description,
-  allowedFileTypes
-}) => {
-  return z.object({
-    [`exulu_file_${name}`]: z.string().describe(JSON.stringify({
-      label,
-      isFile: true,
-      description,
-      allowedFileTypes
-    }))
-  });
-};
 var ExuluAgent2 = class {
   // Must begin with a letter (a-z) or underscore (_). Subsequent characters in a name can be letters, digits (0-9), or 
   // underscores and be a max length of 80 characters and at least 5 characters long.
@@ -4200,23 +4301,24 @@ import { expressMiddleware } from "@as-integrations/express5";
 
 // src/registry/uppy.ts
 import "express";
-var createUppyRoutes = async (app) => {
-  const {
-    S3Client,
-    AbortMultipartUploadCommand,
-    CompleteMultipartUploadCommand,
-    CreateMultipartUploadCommand,
-    GetObjectCommand,
-    ListPartsCommand,
-    PutObjectCommand,
-    UploadPartCommand,
-    ListObjectsV2Command
-  } = __require("@aws-sdk/client-s3");
-  const { getSignedUrl } = __require("@aws-sdk/s3-request-presigner");
-  const {
-    STSClient,
-    GetFederationTokenCommand
-  } = __require("@aws-sdk/client-sts");
+import {
+  S3Client,
+  AbortMultipartUploadCommand,
+  CompleteMultipartUploadCommand,
+  CreateMultipartUploadCommand,
+  GetObjectCommand,
+  ListPartsCommand,
+  PutObjectCommand,
+  UploadPartCommand,
+  ListObjectsV2Command
+} from "@aws-sdk/client-s3";
+import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
+import {
+  STSClient,
+  GetFederationTokenCommand
+} from "@aws-sdk/client-sts";
+import { randomUUID } from "crypto";
+var createUppyRoutes = async (app, config) => {
   const policy = {
     Version: "2012-10-17",
     Statement: [
@@ -4226,8 +4328,8 @@ var createUppyRoutes = async (app) => {
           "s3:PutObject"
         ],
         Resource: [
-          `arn:aws:s3:::${process.env.COMPANION_S3_BUCKET}/*`,
-          `arn:aws:s3:::${process.env.COMPANION_S3_BUCKET}`
+          `arn:aws:s3:::${config.fileUploads.s3Bucket}/*`,
+          `arn:aws:s3:::${config.fileUploads.s3Bucket}`
         ]
       }
     ]
@@ -4237,25 +4339,25 @@ var createUppyRoutes = async (app) => {
   const expiresIn = 60 * 60 * 24 * 1;
   function getS3Client() {
     s3Client ??= new S3Client({
-      region: process.env.COMPANION_S3_REGION,
-      ...process.env.COMPANION_S3_ENDPOINT && {
+      region: config.fileUploads.s3region,
+      ...config.fileUploads.s3endpoint && {
         forcePathStyle: true,
-        endpoint: process.env.COMPANION_S3_ENDPOINT
+        endpoint: config.fileUploads.s3endpoint
       },
       credentials: {
-        accessKeyId: process.env.COMPANION_S3_KEY,
-        secretAccessKey: process.env.COMPANION_S3_SECRET
+        accessKeyId: config.fileUploads.s3key,
+        secretAccessKey: config.fileUploads.s3secret
       }
     });
     return s3Client;
   }
   function getSTSClient() {
     stsClient ??= new STSClient({
-      region: process.env.COMPANION_S3_REGION,
-      ...process.env.COMPANION_S3_ENDPOINT && { endpoint: process.env.COMPANION_S3_ENDPOINT },
+      region: config.fileUploads.s3region,
+      ...config.fileUploads.s3endpoint && { endpoint: config.fileUploads.s3endpoint },
       credentials: {
-        accessKeyId: process.env.COMPANION_S3_KEY,
-        secretAccessKey: process.env.COMPANION_S3_SECRET
+        accessKeyId: config.fileUploads.s3key,
+        secretAccessKey: config.fileUploads.s3secret
       }
     });
     return stsClient;
@@ -4288,7 +4390,7 @@ var createUppyRoutes = async (app) => {
     }
     try {
       const command = new ListObjectsV2Command({
-        Bucket: process.env.COMPANION_S3_BUCKET,
+        Bucket: config.fileUploads.s3Bucket,
         Prefix: prefix,
         MaxKeys: 1e3
         // Adjust this value based on your needs
@@ -4340,7 +4442,7 @@ var createUppyRoutes = async (app) => {
       const url = await getSignedUrl(
         getS3Client(),
         new GetObjectCommand({
-          Bucket: process.env.COMPANION_S3_BUCKET,
+          Bucket: config.fileUploads.s3Bucket,
           Key: key
         }),
         { expiresIn }
@@ -4364,8 +4466,8 @@ var createUppyRoutes = async (app) => {
       res.setHeader("Cache-Control", `public,max-age=${expiresIn}`);
       res.json({
         credentials: response.Credentials,
-        bucket: process.env.COMPANION_S3_BUCKET,
-        region: process.env.COMPANION_S3_REGION
+        bucket: config.fileUploads.s3Bucket,
+        region: config.fileUploads.s3region
       });
     }, next);
   });
@@ -4382,7 +4484,7 @@ var createUppyRoutes = async (app) => {
       contentType: params.type
     };
   };
-  const generateS3Key = (filename) => `${crypto.randomUUID()}-${filename}`;
+  const generateS3Key = (filename) => `${randomUUID()}-${filename}`;
   const signOnServer = async (req, res, next) => {
     const apikey = req.headers["exulu-api-key"] || null;
     const { db: db3 } = await postgresClient();
@@ -4411,7 +4513,7 @@ var createUppyRoutes = async (app) => {
     getSignedUrl(
       getS3Client(),
       new PutObjectCommand({
-        Bucket: process.env.COMPANION_S3_BUCKET,
+        Bucket: config.fileUploads.s3Bucket,
         Key: folder + key,
         ContentType: contentType
       }),
@@ -4419,6 +4521,7 @@ var createUppyRoutes = async (app) => {
     ).then((url) => {
       res.setHeader("Access-Control-Allow-Origin", "*");
       res.json({
+        key,
         url,
         method: "PUT"
       });
@@ -4455,7 +4558,7 @@ var createUppyRoutes = async (app) => {
     if (typeof type !== "string") {
       return res.status(400).json({ error: "s3: content type must be a string" });
     }
-    const key = `${crypto.randomUUID()}-${filename}`;
+    const key = `${randomUUID()}-${filename}`;
     let folder = "";
     if (authenticationResult.user.type === "api") {
       folder = `api/`;
@@ -4463,7 +4566,7 @@ var createUppyRoutes = async (app) => {
       folder = `${authenticationResult.user.id}/`;
     }
     const params = {
-      Bucket: process.env.COMPANION_S3_BUCKET,
+      Bucket: config.fileUploads.s3Bucket,
       Key: folder + key,
       ContentType: type,
       Metadata: metadata
@@ -4476,7 +4579,7 @@ var createUppyRoutes = async (app) => {
       }
       res.setHeader("Access-Control-Allow-Origin", "*");
       res.json({
-        key: data.Key,
+        key,
         uploadId: data.UploadId
       });
     });
@@ -4495,10 +4598,10 @@ var createUppyRoutes = async (app) => {
       return res.status(400).json({ error: 's3: the object key must be passed as a query parameter. For example: "?key=abc.jpg"' });
     }
     return getSignedUrl(getS3Client(), new UploadPartCommand({
-      Bucket: process.env.COMPANION_S3_BUCKET,
+      Bucket: config.fileUploads.s3Bucket,
       Key: key,
       UploadId: uploadId,
-      PartNumber: partNumber,
+      PartNumber: Number(partNumber),
       Body: ""
     }), { expiresIn }).then((url) => {
       res.setHeader("Access-Control-Allow-Origin", "*");
@@ -4516,7 +4619,7 @@ var createUppyRoutes = async (app) => {
     const parts = [];
     function listPartsPage(startAt) {
       client2.send(new ListPartsCommand({
-        Bucket: process.env.COMPANION_S3_BUCKET,
+        Bucket: config.fileUploads.s3Bucket,
         Key: key,
         UploadId: uploadId,
         PartNumberMarker: startAt
@@ -4550,7 +4653,7 @@ var createUppyRoutes = async (app) => {
       return res.status(400).json({ error: "s3: `parts` must be an array of {ETag, PartNumber} objects." });
     }
     return client2.send(new CompleteMultipartUploadCommand({
-      Bucket: process.env.COMPANION_S3_BUCKET,
+      Bucket: config.fileUploads.s3Bucket,
       Key: key,
       UploadId: uploadId,
       MultipartUpload: {
@@ -4563,6 +4666,7 @@ var createUppyRoutes = async (app) => {
       }
       res.setHeader("Access-Control-Allow-Origin", "*");
       res.json({
+        key,
         location: data.Location
       });
     });
@@ -4575,7 +4679,7 @@ var createUppyRoutes = async (app) => {
       return res.status(400).json({ error: 's3: the object key must be passed as a query parameter. For example: "?key=abc.jpg"' });
     }
     return client2.send(new AbortMultipartUploadCommand({
-      Bucket: process.env.COMPANION_S3_BUCKET,
+      Bucket: config.fileUploads.s3Bucket,
       Key: key,
       UploadId: uploadId
     }), (err) => {
@@ -4583,7 +4687,9 @@ var createUppyRoutes = async (app) => {
         next(err);
         return;
       }
-      res.json({});
+      res.json({
+        key
+      });
     });
   });
   return app;
@@ -4619,7 +4725,7 @@ var CLAUDE_MESSAGES = {
 // src/registry/routes.ts
 import OpenAI from "openai";
 import fs2 from "fs";
-import { randomUUID } from "crypto";
+import { randomUUID as randomUUID2 } from "crypto";
 import "@opentelemetry/api";
 var REQUEST_SIZE_LIMIT = "50mb";
 var global_queues = {
@@ -4627,6 +4733,7 @@ var global_queues = {
 };
 var {
   agentsSchema: agentsSchema2,
+  projectsSchema: projectsSchema2,
   evalResultsSchema: evalResultsSchema2,
   jobsSchema: jobsSchema2,
   agentSessionsSchema: agentSessionsSchema2,
@@ -4701,6 +4808,7 @@ var createExpressRoutes = async (app, logger, agents, tools, contexts, config, t
     usersSchema2(),
     rolesSchema2(),
     agentsSchema2(),
+    projectsSchema2(),
     jobsSchema2(),
     evalResultsSchema2(),
     agentSessionsSchema2(),
@@ -4826,7 +4934,7 @@ Mood: friendly and intelligent.
       return;
     }
     const image_bytes = Buffer.from(image_base64, "base64");
-    const uuid = randomUUID();
+    const uuid = randomUUID2();
     if (!fs2.existsSync("public")) {
       fs2.mkdirSync("public");
     }
@@ -5055,10 +5163,10 @@ Mood: friendly and intelligent.
       }
     });
   });
-  if (process.env.COMPANION_S3_REGION && process.env.COMPANION_S3_KEY && process.env.COMPANION_S3_SECRET) {
-    await createUppyRoutes(app);
+  if (config?.fileUploads?.s3region && config?.fileUploads?.s3key && config?.fileUploads?.s3secret && config?.fileUploads?.s3Bucket) {
+    await createUppyRoutes(app, config);
   } else {
-    console.log("[EXULU] skipping uppy file upload routes, because no S3 compatible region, key or secret is set in the environment.");
+    console.log("[EXULU] skipping uppy file upload routes, because no S3 compatible region, key or secret is set in ExuluApp instance.");
   }
   const TARGET_API = "https://api.anthropic.com";
   app.use("/gateway/anthropic/:id", express.raw({ type: "*/*", limit: REQUEST_SIZE_LIMIT }), async (req, res) => {
@@ -5330,7 +5438,7 @@ var createLogsCleanerWorker = (logsDir) => {
 
 // src/mcp/index.ts
 import { McpServer, ResourceTemplate } from "@modelcontextprotocol/sdk/server/mcp.js";
-import { randomUUID as randomUUID2 } from "crypto";
+import { randomUUID as randomUUID3 } from "crypto";
 import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
 import { isInitializeRequest } from "@modelcontextprotocol/sdk/types.js";
 import { z as z2 } from "zod";
@@ -5423,7 +5531,7 @@ ${code}`
         transport = this.transports[sessionId];
       } else if (!sessionId && isInitializeRequest(req.body)) {
         transport = new StreamableHTTPServerTransport({
-          sessionIdGenerator: () => randomUUID2(),
+          sessionIdGenerator: () => randomUUID3(),
           onsessioninitialized: (sessionId2) => {
             this.transports[sessionId2] = transport;
           }
@@ -5482,8 +5590,8 @@ var defaultAgent = new ExuluAgent2({
   type: "agent",
   capabilities: {
     text: true,
-    images: [],
-    files: [],
+    images: [".png", ".jpg", ".jpeg", ".webp"],
+    files: [".pdf", ".docx", ".xlsx", ".xls", ".csv", ".pptx", ".ppt"],
     audio: [],
     video: []
   },
@@ -5580,6 +5688,49 @@ var projectsContext = new ExuluContext({
   active: true
 });
 
+// src/templates/contexts/files.ts
+var filesContext = new ExuluContext({
+  id: "files_default_context",
+  name: "Files",
+  description: "Files that can be used with Exulu agents.",
+  configuration: {
+    defaultRightsMode: "private",
+    calculateVectors: "manual"
+  },
+  fields: [
+    {
+      name: "type",
+      type: "text"
+    },
+    {
+      name: "s3bucket",
+      type: "text"
+    },
+    {
+      name: "s3region",
+      type: "text"
+    },
+    {
+      name: "url",
+      type: "text"
+    },
+    {
+      name: "s3key",
+      // ID of the file in S3 storage
+      type: "text"
+    },
+    {
+      name: "s3endpoint",
+      type: "text"
+    },
+    {
+      name: "content",
+      type: "longText"
+    }
+  ],
+  active: true
+});
+
 // src/registry/index.ts
 var isValidPostgresName = (id) => {
   console.log("[EXULU] validating context id.", id);
@@ -5603,7 +5754,8 @@ var ExuluApp = class {
     this._contexts = {
       ...contexts,
       projectsContext,
-      codeStandardsContext
+      codeStandardsContext,
+      filesContext
     };
     this._agents = [
       claudeCodeAgent,
@@ -7016,7 +7168,7 @@ var generateApiKey = async (name, email) => {
 };
 
 // src/postgres/init-db.ts
-var { agentsSchema: agentsSchema3, evalResultsSchema: evalResultsSchema3, jobsSchema: jobsSchema3, agentSessionsSchema: agentSessionsSchema3, agentMessagesSchema: agentMessagesSchema3, rolesSchema: rolesSchema3, usersSchema: usersSchema3, statisticsSchema: statisticsSchema3, variablesSchema: variablesSchema3, workflowTemplatesSchema: workflowTemplatesSchema3, rbacSchema: rbacSchema3 } = coreSchemas.get();
+var { agentsSchema: agentsSchema3, evalResultsSchema: evalResultsSchema3, jobsSchema: jobsSchema3, agentSessionsSchema: agentSessionsSchema3, agentMessagesSchema: agentMessagesSchema3, rolesSchema: rolesSchema3, usersSchema: usersSchema3, statisticsSchema: statisticsSchema3, variablesSchema: variablesSchema3, workflowTemplatesSchema: workflowTemplatesSchema3, rbacSchema: rbacSchema3, projectsSchema: projectsSchema3 } = coreSchemas.get();
 var addMissingFields = async (knex, tableName, fields, skipFields = []) => {
   for (const field of fields) {
     const { type, name, default: defaultValue, unique } = field;
@@ -7045,6 +7197,7 @@ var up = async function(knex) {
     rolesSchema3(),
     evalResultsSchema3(),
     statisticsSchema3(),
+    projectsSchema3(),
     jobsSchema3(),
     rbacSchema3(),
     agentsSchema3(),
@@ -7294,6 +7447,5 @@ export {
   ExuluOtel,
   queues as ExuluQueues,
   ExuluTool2 as ExuluTool,
-  ExuluZodFileType,
   db2 as db
 };

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@exulu/backend",
   "author": "Qventu Bv.",
-  "version": "1.22.0",
+  "version": "1.23.0",
   "main": "./dist/index.js",
   "private": false,
   "publishConfig": {

package/types/models/agent-session.ts

@@ -7,11 +7,12 @@ export interface AgentSession {
     resourceId: string;
     title: string;
     created_by: string;
-    rights_mode: 'private' | 'users' | 'roles' | 'public' | 'project'
+    rights_mode: 'private' | 'users' | 'roles' | 'public' | 'projects'
     RBAC?: {
         type?: string;
         users?: Array<{ id: string; rights: 'read' | 'write' }>;
         roles?: Array<{ id: string; rights: 'read' | 'write' }>;
+        projects?: Array<{ id: string; rights: 'read' | 'write' }>;
     };
 }
 export interface AgentMessage {

package/types/models/agent.ts

@@ -37,12 +37,13 @@ export interface Agent {
         video: string[];
     }
     // New RBAC fields
-    rights_mode?: 'private' | 'users' | 'roles' | 'public';
+    rights_mode?: 'private' | 'users' | 'roles' | 'public' | 'projects';
     created_by?: string;
     RBAC?: {
         type?: string;
         users?: Array<{ id: string; rights: 'read' | 'write' }>;
         roles?: Array<{ id: string; rights: 'read' | 'write' }>;
+        projects?: Array<{ id: string; rights: 'read' | 'write' }>;
     };
     createdAt?: string;
     updatedAt?: string;