@exulu/backend 1.8.1 → 1.9.0

package/CHANGELOG.md

@@ -1,9 +1,9 @@
-## [1.8.1](https://github.com/Qventu/exulu-backend/compare/v1.8.0...v1.8.1) (2025-08-06)
+# [1.9.0](https://github.com/Qventu/exulu-backend/compare/v1.8.1...v1.9.0) (2025-08-13)
 
 
-### Bug Fixes
+### Features
 
-* json import syntax ([9eff3aa](https://github.com/Qventu/exulu-backend/commit/9eff3aabebe649ccae8a4cd6e1df81aef0799ae5))
+* improve scroll behaviour in chat and add apiKeyProvider to agents ([505155b](https://github.com/Qventu/exulu-backend/commit/505155b853707cefb1a5205f78064845391473d9))
 
 # [1.1.0](https://github.com/Qventu/exulu-backend/compare/v1.0.1...v1.1.0) (2025-07-30)
 

package/dist/index.cjs

@@ -446,37 +446,6 @@ var ExuluEvalUtils = {
   }
 };
 
-// src/registry/utils/claude-messages.ts
-var CLAUDE_MESSAGES = {
-  anthropic_token_variable_not_encrypted: `
-\x1B[41m -- Anthropic token variable set by your admin is not encrypted. This poses a security risk. Please contact your admin to fix the variable used for your key. --
-\x1B[0m`,
-  anthropic_token_variable_not_found: `
-\x1B[41m -- Anthropic token variable not found. Please contact to fix the variable used for your key. --
-\x1B[0m`,
-  authentication_error: `
-\x1B[41m -- Authentication error please check your IMP token and try again. --
-\x1B[0m`,
-  missing_body: `
-\x1B[41m -- Missing body Anthropic response. --
-\x1B[0m`,
-  missing_nextauth_secret: `
-\x1B[41m -- Missing NEXTAUTH_SECRET in environment variables on the server. --
-\x1B[0m`,
-  not_enabled: `
-\x1B[31m
-\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2557  \u2588\u2588\u2557\u2588\u2588\u2557   \u2588\u2588\u2557\u2588\u2588\u2557      \u2588\u2588\u2557   \u2588\u2588\u2557
-\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D\u255A\u2588\u2588\u2557\u2588\u2588\u2554\u255D\u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2551      \u2588\u2588\u2551   \u2588\u2588\u2551
-\u2588\u2588\u2588\u2588\u2588\u2557   \u255A\u2588\u2588\u2588\u2554\u255D \u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2551      \u2588\u2588\u2551   \u2588\u2588\u2551
-\u2588\u2588\u2554\u2550\u2550\u255D   \u2588\u2588\u2554\u2588\u2588\u2557 \u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2551      \u2588\u2588\u2551   \u2588\u2588\u2551
-\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2554\u255D \u2588\u2588\u2557\u255A\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255D\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u255A\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255D
-\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u255D\u255A\u2550\u255D  \u255A\u2550\u255D \u255A\u2550\u2550\u2550\u2550\u2550\u255D \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u255D \u255A\u2550\u2550\u2550\u2550\u2550\u255D 
-Intelligence Management Platform
-\x1B[0m
-\x1B[41m -- Your account has not been enabled to use Claude Code, please contact your admin or enable Claude Code in the user settings. --
-\x1B[0m`
-};
-
 // src/registry/classes.ts
 var import_crypto_js = __toESM(require("crypto-js"), 1);
 function sanitizeToolName(name) {
@@ -488,12 +457,13 @@ function sanitizeToolName(name) {
   }
   return sanitized;
 }
-var convertToolsArrayToObject = (tools, configs) => {
+var convertToolsArrayToObject = (tools, configs, providerApiKey) => {
   if (!tools) return {};
   const sanitizedTools = tools ? tools.map((tool2) => ({
     ...tool2,
     name: sanitizeToolName(tool2.name)
   })) : [];
+  console.log("[EXULU] Sanitized tools", sanitizedTools);
   const askForConfirmation = {
     description: "Ask the user for confirmation.",
     parameters: import_zod2.z.object({
@@ -515,11 +485,13 @@ var convertToolsArrayToObject = (tools, configs) => {
             if (config) {
               config = await hydrateVariables(config || []);
             }
+            console.log("[EXULU] Config", config);
             return await cur.tool.execute({
               ...inputs,
               // Convert config to object format if a config object 
               // is available, after we added the .value property
               // by hydrating it from the variables table.
+              providerApiKey,
               config: config ? config.config.reduce((acc, curr) => {
                 acc[curr.name] = curr.value;
                 return acc;
@@ -616,9 +588,10 @@ var ExuluAgent = class {
       }),
       description: `A function that calls an AI agent named: ${this.name}. The agent does the following: ${this.description}.`,
       config: [],
-      execute: async ({ prompt }) => {
+      execute: async ({ prompt, config, providerApiKey }) => {
         return await this.generateSync({
           prompt,
+          providerApiKey,
           statistics: {
             label: "",
             trigger: "tool"
@@ -627,7 +600,7 @@ var ExuluAgent = class {
       }
     });
   };
-  generateSync = async ({ messages, prompt, tools, statistics, configs }) => {
+  generateSync = async ({ messages, prompt, tools, statistics, toolConfigs, providerApiKey }) => {
     if (!this.model) {
       throw new Error("Model is required for streaming.");
     }
@@ -637,13 +610,17 @@ var ExuluAgent = class {
     if (prompt && messages) {
       throw new Error("Prompt and messages cannot be provided at the same time.");
     }
+    const model = this.model.create({
+      apiKey: providerApiKey
+    });
     const { text } = await (0, import_ai.generateText)({
-      model: this.model,
+      model,
+      // Should be a LanguageModelV1
       system: "You are a helpful assistant. When you use a tool to answer a question do not explicitly comment on the result of the tool call unless the user has explicitly you to do something with the result.",
       messages,
       prompt,
       maxRetries: 2,
-      tools: convertToolsArrayToObject(tools, configs),
+      tools: convertToolsArrayToObject(tools, toolConfigs, providerApiKey),
       maxSteps: 5
     });
     if (statistics) {
@@ -657,7 +634,7 @@ var ExuluAgent = class {
     }
     return text;
   };
-  generateStream = ({ messages, prompt, tools, statistics, configs }) => {
+  generateStream = ({ messages, prompt, tools, statistics, toolConfigs, providerApiKey }) => {
     if (!this.model) {
       throw new Error("Model is required for streaming.");
     }
@@ -667,13 +644,19 @@ var ExuluAgent = class {
     if (prompt && messages) {
       throw new Error("Prompt and messages cannot be provided at the same time.");
     }
+    const model = this.model.create({
+      apiKey: providerApiKey
+    });
+    console.log("[EXULU] Model provider key", providerApiKey);
+    console.log("[EXULU] Tool configs", toolConfigs);
     return (0, import_ai.streamText)({
-      model: this.model,
+      model,
+      // Should be a LanguageModelV1
       messages,
       prompt,
       system: "You are a helpful assistant. When you use a tool to answer a question do not explicitly comment on the result of the tool call unless the user has explicitly you to do something with the result.",
       maxRetries: 2,
-      tools: convertToolsArrayToObject(tools, configs),
+      tools: convertToolsArrayToObject(tools, toolConfigs, providerApiKey),
       maxSteps: 5,
       onError: (error) => console.error("[EXULU] chat stream error.", error),
       onFinish: async ({ response, usage }) => {
@@ -930,8 +913,23 @@ var ExuluEval = class {
               if (!data.prompt) {
                 throw new Error("Prompt is required for running an agent.");
               }
+              const { db: db4 } = await postgresClient();
+              const variableName = runner.agent.providerApiKey;
+              const variable = await db4.from("variables").where({ name: variableName }).first();
+              if (!variable) {
+                throw new Error(`Provider API key for variable "${runner.agent.providerApiKey}" not found.`);
+              }
+              let providerApiKey = variable.value;
+              if (!variable.encrypted) {
+                throw new Error(`Provider API key for variable "${runner.agent.providerApiKey}" is not encrypted, for security reasons you are only allowed to use encrypted variables for provider API keys.`);
+              }
+              if (variable.encrypted) {
+                const bytes = import_crypto_js.default.AES.decrypt(variable.value, process.env.NEXTAUTH_SECRET);
+                providerApiKey = bytes.toString(import_crypto_js.default.enc.Utf8);
+              }
               const result = await runner.agent.generateSync({
-                prompt: data.prompt
+                prompt: data.prompt,
+                providerApiKey
               });
               data.result = result;
             }
@@ -2675,6 +2673,10 @@ var agentsSchema = {
       name: "description",
       type: "text"
     },
+    {
+      name: "providerApiKey",
+      type: "text"
+    },
     {
       name: "extensions",
       type: "json"
@@ -3122,6 +3124,39 @@ var createUppyRoutes = async (app) => {
 var import_utils2 = require("@apollo/utils.keyvaluecache");
 var import_body_parser = __toESM(require("body-parser"), 1);
 var import_crypto_js3 = __toESM(require("crypto-js"), 1);
+
+// src/registry/utils/claude-messages.ts
+var CLAUDE_MESSAGES = {
+  anthropic_token_variable_not_encrypted: `
+\x1B[41m -- Anthropic token variable set by your admin is not encrypted. This poses a security risk. Please contact your admin to fix the variable used for your key. --
+\x1B[0m`,
+  anthropic_token_variable_not_found: `
+\x1B[41m -- Anthropic token variable not found. Please contact to fix the variable used for your key. --
+\x1B[0m`,
+  authentication_error: `
+\x1B[41m -- Authentication error please check your IMP token and try again. --
+\x1B[0m`,
+  missing_body: `
+\x1B[41m -- Missing body Anthropic response. --
+\x1B[0m`,
+  missing_nextauth_secret: `
+\x1B[41m -- Missing NEXTAUTH_SECRET in environment variables on the server. --
+\x1B[0m`,
+  not_enabled: `
+\x1B[31m
+\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2557  \u2588\u2588\u2557\u2588\u2588\u2557   \u2588\u2588\u2557\u2588\u2588\u2557      \u2588\u2588\u2557   \u2588\u2588\u2557
+\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D\u255A\u2588\u2588\u2557\u2588\u2588\u2554\u255D\u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2551      \u2588\u2588\u2551   \u2588\u2588\u2551
+\u2588\u2588\u2588\u2588\u2588\u2557   \u255A\u2588\u2588\u2588\u2554\u255D \u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2551      \u2588\u2588\u2551   \u2588\u2588\u2551
+\u2588\u2588\u2554\u2550\u2550\u255D   \u2588\u2588\u2554\u2588\u2588\u2557 \u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2551      \u2588\u2588\u2551   \u2588\u2588\u2551
+\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2554\u255D \u2588\u2588\u2557\u255A\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255D\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u255A\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255D
+\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u255D\u255A\u2550\u255D  \u255A\u2550\u255D \u255A\u2550\u2550\u2550\u2550\u2550\u255D \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u255D \u255A\u2550\u2550\u2550\u2550\u2550\u255D 
+Intelligence Management Platform
+\x1B[0m
+\x1B[41m -- Your account has not been enabled to use Claude Code, please contact your admin or enable Claude Code in the user settings. --
+\x1B[0m`
+};
+
+// src/registry/routes.ts
 var REQUEST_SIZE_LIMIT = "50mb";
 var global_queues = {
   logs_cleaner: "logs-cleaner"
@@ -3324,8 +3359,8 @@ var createExpressRoutes = async (app, agents, tools, workflows, contexts) => {
         name: agent.name,
         id: agent.id,
         description: agent.description,
-        provider: backend?.model?.provider,
-        model: backend?.model?.modelId,
+        provider: backend?.model?.create({ apiKey: "" }).provider,
+        model: backend?.model?.create({ apiKey: "" }).modelId,
         active: agent.active,
         public: agent.public,
         type: agent.type,
@@ -3333,6 +3368,7 @@ var createExpressRoutes = async (app, agents, tools, workflows, contexts) => {
         rateLimit: backend?.rateLimit,
         streaming: backend?.streaming,
         capabilities: backend?.capabilities,
+        providerApiKey: agent.providerApiKey,
         // todo add contexts
         availableTools: tools,
         enabledTools: agent.tools
@@ -4057,13 +4093,33 @@ var createExpressRoutes = async (app, agents, tools, workflows, contexts) => {
         return;
       }
       console.log("[EXULU] agent tools", agentInstance.tools);
-      const enabledTools = agentInstance.tools.map((tool2) => tools.find(({ id }) => id === tool2)).filter(Boolean);
+      const enabledTools = agentInstance.tools.map(({ config, toolId }) => tools.find(({ id }) => id === toolId)).filter(Boolean);
       console.log("[EXULU] enabled tools", enabledTools);
+      const variableName = agentInstance.providerApiKey;
+      const variable = await db3.from("variables").where({ name: variableName }).first();
+      if (!variable) {
+        res.status(400).json({
+          message: "Provider API key variable not found."
+        });
+        return;
+      }
+      let providerApiKey = variable.value;
+      if (!variable.encrypted) {
+        res.status(400).json({
+          message: "Provider API key variable not encrypted, for security reasons you are only allowed to use encrypted variables for provider API keys."
+        });
+        return;
+      }
+      if (variable.encrypted) {
+        const bytes = import_crypto_js3.default.AES.decrypt(variable.value, process.env.NEXTAUTH_SECRET);
+        providerApiKey = bytes.toString(import_crypto_js3.default.enc.Utf8);
+      }
       if (!!stream) {
         const result = agent.generateStream({
           messages: req.body.messages,
           tools: enabledTools,
-          configs: agentInstance.tools,
+          providerApiKey,
+          toolConfigs: agentInstance.tools,
           statistics: {
             label: agent.name,
             trigger: "agent"
@@ -4075,7 +4131,8 @@ var createExpressRoutes = async (app, agents, tools, workflows, contexts) => {
         const response = await agent.generateSync({
           messages: req.body.messages,
           tools: enabledTools.map((tool2) => tool2.tool),
-          configs: agentInstance.tools,
+          providerApiKey,
+          toolConfigs: agentInstance.tools,
           statistics: {
             label: agent.name,
             trigger: "agent"
@@ -4690,7 +4747,6 @@ var claudeCodeAgent = new ExuluAgent({
 
 // src/templates/agents/claude-opus-4.ts
 var import_anthropic = require("@ai-sdk/anthropic");
-var import_zod4 = require("zod");
 var agentId2 = "5434-5678-9143-2590";
 var defaultAgent = new ExuluAgent({
   id: `${agentId2}-default-claude-4-opus-agent`,
@@ -4708,17 +4764,21 @@ var defaultAgent = new ExuluAgent({
   config: {
     name: `Default agent`,
     instructions: "You are a helpful assistant.",
-    model: (0, import_anthropic.anthropic)("claude-4-opus-20250514"),
-    // todo add a field of type string that adds a dropdown list from which the user can select the model
-    // todo for each model, check which provider is used, and require the admin to add one or multiple
-    //   API keys for the provider (which we can then auto-rotate).
-    // todo also add custom fields for rate limiting, so the admin can set custom rate limits for the agent
-    //   and allow him/her to decide if the rate limit is per user or per agent.
-    // todo finally allow switching on or off immutable audit logs on the agent. Which then enables OTEL
-    //   and stores the logs into the pre-defined storage.
-    custom: import_zod4.z.object({
-      apiKey: import_zod4.z.string()
-    })
+    model: {
+      create: ({ apiKey }) => {
+        const anthropic2 = (0, import_anthropic.createAnthropic)({
+          apiKey
+        });
+        return anthropic2("claude-4-opus-20250514");
+      }
+      // todo add a field of type string that adds a dropdown list from which the user can select the model
+      // todo for each model, check which provider is used, and require the admin to add one or multiple
+      //   API keys for the provider (which we can then auto-rotate).
+      // todo also add custom fields for rate limiting, so the admin can set custom rate limits for the agent
+      //   and allow him/her to decide if the rate limit is per user or per agent.
+      // todo finally allow switching on or off immutable audit logs on the agent. Which then enables OTEL
+      //   and stores the logs into the pre-defined storage.
+    }
   }
 });
 

package/dist/index.d.cts

@@ -91,9 +91,16 @@ declare const ExuluZodFileType: ({ name, label, description, allowedFileTypes }:
 type ExuluAgentConfig = {
     name: string;
     instructions: string;
-    model: LanguageModelV1;
+    model: {
+        create: ({ apiKey }: {
+            apiKey: string;
+        }) => LanguageModelV1;
+    };
     outputSchema?: ZodSchema;
-    custom?: ZodSchema;
+    custom?: {
+        name: string;
+        description: string;
+    }[];
     memory?: {
         lastMessages: number;
         vector: boolean;
@@ -141,7 +148,11 @@ declare class ExuluAgent {
     rateLimit?: RateLimiterRule;
     config?: ExuluAgentConfig | undefined;
     evals?: ExuluAgentEval[];
-    model?: LanguageModelV1;
+    model?: {
+        create: ({ apiKey }: {
+            apiKey: string;
+        }) => LanguageModelV1;
+    };
     capabilities: {
         images: string[];
         files: string[];
@@ -150,19 +161,21 @@ declare class ExuluAgent {
     };
     constructor({ id, name, description, config, rateLimit, capabilities, type, evals }: ExuluAgentParams);
     tool: () => ExuluTool;
-    generateSync: ({ messages, prompt, tools, statistics, configs }: {
+    generateSync: ({ messages, prompt, tools, statistics, toolConfigs, providerApiKey }: {
         messages?: Message[];
         prompt?: string;
         tools?: ExuluTool[];
         statistics?: ExuluStatisticParams;
-        configs?: ExuluAgentToolConfig[];
+        toolConfigs?: ExuluAgentToolConfig[];
+        providerApiKey: string;
     }) => Promise<string>;
-    generateStream: ({ messages, prompt, tools, statistics, configs }: {
+    generateStream: ({ messages, prompt, tools, statistics, toolConfigs, providerApiKey }: {
         messages?: Message[];
         prompt?: string;
         tools?: ExuluTool[];
         statistics?: ExuluStatisticParams;
-        configs?: ExuluAgentToolConfig[];
+        toolConfigs?: ExuluAgentToolConfig[];
+        providerApiKey: string;
     }) => ai.StreamTextResult<Record<string, Tool>, never>;
 }
 type VectorOperationResponse = Promise<{
@@ -268,7 +281,9 @@ type ExuluEvalRunnerInstance = {
 type ExuluEvalRunner = ({ data, runner }: {
     data: ExuluEvalInput;
     runner: {
-        agent?: ExuluAgent;
+        agent?: ExuluAgent & {
+            providerApiKey: string;
+        };
         workflow?: ExuluWorkflow;
     };
 }) => Promise<{

package/dist/index.d.ts

@@ -91,9 +91,16 @@ declare const ExuluZodFileType: ({ name, label, description, allowedFileTypes }:
 type ExuluAgentConfig = {
     name: string;
     instructions: string;
-    model: LanguageModelV1;
+    model: {
+        create: ({ apiKey }: {
+            apiKey: string;
+        }) => LanguageModelV1;
+    };
     outputSchema?: ZodSchema;
-    custom?: ZodSchema;
+    custom?: {
+        name: string;
+        description: string;
+    }[];
     memory?: {
         lastMessages: number;
         vector: boolean;
@@ -141,7 +148,11 @@ declare class ExuluAgent {
     rateLimit?: RateLimiterRule;
     config?: ExuluAgentConfig | undefined;
     evals?: ExuluAgentEval[];
-    model?: LanguageModelV1;
+    model?: {
+        create: ({ apiKey }: {
+            apiKey: string;
+        }) => LanguageModelV1;
+    };
     capabilities: {
         images: string[];
         files: string[];
@@ -150,19 +161,21 @@ declare class ExuluAgent {
     };
     constructor({ id, name, description, config, rateLimit, capabilities, type, evals }: ExuluAgentParams);
     tool: () => ExuluTool;
-    generateSync: ({ messages, prompt, tools, statistics, configs }: {
+    generateSync: ({ messages, prompt, tools, statistics, toolConfigs, providerApiKey }: {
         messages?: Message[];
         prompt?: string;
         tools?: ExuluTool[];
         statistics?: ExuluStatisticParams;
-        configs?: ExuluAgentToolConfig[];
+        toolConfigs?: ExuluAgentToolConfig[];
+        providerApiKey: string;
     }) => Promise<string>;
-    generateStream: ({ messages, prompt, tools, statistics, configs }: {
+    generateStream: ({ messages, prompt, tools, statistics, toolConfigs, providerApiKey }: {
         messages?: Message[];
         prompt?: string;
         tools?: ExuluTool[];
         statistics?: ExuluStatisticParams;
-        configs?: ExuluAgentToolConfig[];
+        toolConfigs?: ExuluAgentToolConfig[];
+        providerApiKey: string;
     }) => ai.StreamTextResult<Record<string, Tool>, never>;
 }
 type VectorOperationResponse = Promise<{
@@ -268,7 +281,9 @@ type ExuluEvalRunnerInstance = {
 type ExuluEvalRunner = ({ data, runner }: {
     data: ExuluEvalInput;
     runner: {
-        agent?: ExuluAgent;
+        agent?: ExuluAgent & {
+            providerApiKey: string;
+        };
         workflow?: ExuluWorkflow;
     };
 }) => Promise<{

package/dist/index.js

@@ -403,37 +403,6 @@ var ExuluEvalUtils = {
   }
 };
 
-// src/registry/utils/claude-messages.ts
-var CLAUDE_MESSAGES = {
-  anthropic_token_variable_not_encrypted: `
-\x1B[41m -- Anthropic token variable set by your admin is not encrypted. This poses a security risk. Please contact your admin to fix the variable used for your key. --
-\x1B[0m`,
-  anthropic_token_variable_not_found: `
-\x1B[41m -- Anthropic token variable not found. Please contact to fix the variable used for your key. --
-\x1B[0m`,
-  authentication_error: `
-\x1B[41m -- Authentication error please check your IMP token and try again. --
-\x1B[0m`,
-  missing_body: `
-\x1B[41m -- Missing body Anthropic response. --
-\x1B[0m`,
-  missing_nextauth_secret: `
-\x1B[41m -- Missing NEXTAUTH_SECRET in environment variables on the server. --
-\x1B[0m`,
-  not_enabled: `
-\x1B[31m
-\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2557  \u2588\u2588\u2557\u2588\u2588\u2557   \u2588\u2588\u2557\u2588\u2588\u2557      \u2588\u2588\u2557   \u2588\u2588\u2557
-\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D\u255A\u2588\u2588\u2557\u2588\u2588\u2554\u255D\u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2551      \u2588\u2588\u2551   \u2588\u2588\u2551
-\u2588\u2588\u2588\u2588\u2588\u2557   \u255A\u2588\u2588\u2588\u2554\u255D \u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2551      \u2588\u2588\u2551   \u2588\u2588\u2551
-\u2588\u2588\u2554\u2550\u2550\u255D   \u2588\u2588\u2554\u2588\u2588\u2557 \u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2551      \u2588\u2588\u2551   \u2588\u2588\u2551
-\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2554\u255D \u2588\u2588\u2557\u255A\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255D\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u255A\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255D
-\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u255D\u255A\u2550\u255D  \u255A\u2550\u255D \u255A\u2550\u2550\u2550\u2550\u2550\u255D \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u255D \u255A\u2550\u2550\u2550\u2550\u2550\u255D 
-Intelligence Management Platform
-\x1B[0m
-\x1B[41m -- Your account has not been enabled to use Claude Code, please contact your admin or enable Claude Code in the user settings. --
-\x1B[0m`
-};
-
 // src/registry/classes.ts
 import CryptoJS from "crypto-js";
 function sanitizeToolName(name) {
@@ -445,12 +414,13 @@ function sanitizeToolName(name) {
   }
   return sanitized;
 }
-var convertToolsArrayToObject = (tools, configs) => {
+var convertToolsArrayToObject = (tools, configs, providerApiKey) => {
   if (!tools) return {};
   const sanitizedTools = tools ? tools.map((tool2) => ({
     ...tool2,
     name: sanitizeToolName(tool2.name)
   })) : [];
+  console.log("[EXULU] Sanitized tools", sanitizedTools);
   const askForConfirmation = {
     description: "Ask the user for confirmation.",
     parameters: z.object({
@@ -472,11 +442,13 @@ var convertToolsArrayToObject = (tools, configs) => {
             if (config) {
               config = await hydrateVariables(config || []);
             }
+            console.log("[EXULU] Config", config);
             return await cur.tool.execute({
               ...inputs,
               // Convert config to object format if a config object 
               // is available, after we added the .value property
               // by hydrating it from the variables table.
+              providerApiKey,
               config: config ? config.config.reduce((acc, curr) => {
                 acc[curr.name] = curr.value;
                 return acc;
@@ -573,9 +545,10 @@ var ExuluAgent = class {
       }),
       description: `A function that calls an AI agent named: ${this.name}. The agent does the following: ${this.description}.`,
       config: [],
-      execute: async ({ prompt }) => {
+      execute: async ({ prompt, config, providerApiKey }) => {
         return await this.generateSync({
           prompt,
+          providerApiKey,
           statistics: {
             label: "",
             trigger: "tool"
@@ -584,7 +557,7 @@ var ExuluAgent = class {
       }
     });
   };
-  generateSync = async ({ messages, prompt, tools, statistics, configs }) => {
+  generateSync = async ({ messages, prompt, tools, statistics, toolConfigs, providerApiKey }) => {
     if (!this.model) {
       throw new Error("Model is required for streaming.");
     }
@@ -594,13 +567,17 @@ var ExuluAgent = class {
     if (prompt && messages) {
       throw new Error("Prompt and messages cannot be provided at the same time.");
     }
+    const model = this.model.create({
+      apiKey: providerApiKey
+    });
     const { text } = await generateText({
-      model: this.model,
+      model,
+      // Should be a LanguageModelV1
       system: "You are a helpful assistant. When you use a tool to answer a question do not explicitly comment on the result of the tool call unless the user has explicitly you to do something with the result.",
       messages,
       prompt,
       maxRetries: 2,
-      tools: convertToolsArrayToObject(tools, configs),
+      tools: convertToolsArrayToObject(tools, toolConfigs, providerApiKey),
       maxSteps: 5
     });
     if (statistics) {
@@ -614,7 +591,7 @@ var ExuluAgent = class {
     }
     return text;
   };
-  generateStream = ({ messages, prompt, tools, statistics, configs }) => {
+  generateStream = ({ messages, prompt, tools, statistics, toolConfigs, providerApiKey }) => {
     if (!this.model) {
       throw new Error("Model is required for streaming.");
     }
@@ -624,13 +601,19 @@ var ExuluAgent = class {
     if (prompt && messages) {
       throw new Error("Prompt and messages cannot be provided at the same time.");
     }
+    const model = this.model.create({
+      apiKey: providerApiKey
+    });
+    console.log("[EXULU] Model provider key", providerApiKey);
+    console.log("[EXULU] Tool configs", toolConfigs);
     return streamText({
-      model: this.model,
+      model,
+      // Should be a LanguageModelV1
       messages,
       prompt,
       system: "You are a helpful assistant. When you use a tool to answer a question do not explicitly comment on the result of the tool call unless the user has explicitly you to do something with the result.",
       maxRetries: 2,
-      tools: convertToolsArrayToObject(tools, configs),
+      tools: convertToolsArrayToObject(tools, toolConfigs, providerApiKey),
       maxSteps: 5,
       onError: (error) => console.error("[EXULU] chat stream error.", error),
       onFinish: async ({ response, usage }) => {
@@ -887,8 +870,23 @@ var ExuluEval = class {
               if (!data.prompt) {
                 throw new Error("Prompt is required for running an agent.");
               }
+              const { db: db4 } = await postgresClient();
+              const variableName = runner.agent.providerApiKey;
+              const variable = await db4.from("variables").where({ name: variableName }).first();
+              if (!variable) {
+                throw new Error(`Provider API key for variable "${runner.agent.providerApiKey}" not found.`);
+              }
+              let providerApiKey = variable.value;
+              if (!variable.encrypted) {
+                throw new Error(`Provider API key for variable "${runner.agent.providerApiKey}" is not encrypted, for security reasons you are only allowed to use encrypted variables for provider API keys.`);
+              }
+              if (variable.encrypted) {
+                const bytes = CryptoJS.AES.decrypt(variable.value, process.env.NEXTAUTH_SECRET);
+                providerApiKey = bytes.toString(CryptoJS.enc.Utf8);
+              }
               const result = await runner.agent.generateSync({
-                prompt: data.prompt
+                prompt: data.prompt,
+                providerApiKey
               });
               data.result = result;
             }
@@ -2632,6 +2630,10 @@ var agentsSchema = {
       name: "description",
       type: "text"
     },
+    {
+      name: "providerApiKey",
+      type: "text"
+    },
     {
       name: "extensions",
       type: "json"
@@ -3079,6 +3081,39 @@ var createUppyRoutes = async (app) => {
 import { InMemoryLRUCache } from "@apollo/utils.keyvaluecache";
 import bodyParser from "body-parser";
 import CryptoJS3 from "crypto-js";
+
+// src/registry/utils/claude-messages.ts
+var CLAUDE_MESSAGES = {
+  anthropic_token_variable_not_encrypted: `
+\x1B[41m -- Anthropic token variable set by your admin is not encrypted. This poses a security risk. Please contact your admin to fix the variable used for your key. --
+\x1B[0m`,
+  anthropic_token_variable_not_found: `
+\x1B[41m -- Anthropic token variable not found. Please contact to fix the variable used for your key. --
+\x1B[0m`,
+  authentication_error: `
+\x1B[41m -- Authentication error please check your IMP token and try again. --
+\x1B[0m`,
+  missing_body: `
+\x1B[41m -- Missing body Anthropic response. --
+\x1B[0m`,
+  missing_nextauth_secret: `
+\x1B[41m -- Missing NEXTAUTH_SECRET in environment variables on the server. --
+\x1B[0m`,
+  not_enabled: `
+\x1B[31m
+\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2557  \u2588\u2588\u2557\u2588\u2588\u2557   \u2588\u2588\u2557\u2588\u2588\u2557      \u2588\u2588\u2557   \u2588\u2588\u2557
+\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D\u255A\u2588\u2588\u2557\u2588\u2588\u2554\u255D\u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2551      \u2588\u2588\u2551   \u2588\u2588\u2551
+\u2588\u2588\u2588\u2588\u2588\u2557   \u255A\u2588\u2588\u2588\u2554\u255D \u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2551      \u2588\u2588\u2551   \u2588\u2588\u2551
+\u2588\u2588\u2554\u2550\u2550\u255D   \u2588\u2588\u2554\u2588\u2588\u2557 \u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2551      \u2588\u2588\u2551   \u2588\u2588\u2551
+\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2554\u255D \u2588\u2588\u2557\u255A\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255D\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u255A\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255D
+\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u255D\u255A\u2550\u255D  \u255A\u2550\u255D \u255A\u2550\u2550\u2550\u2550\u2550\u255D \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u255D \u255A\u2550\u2550\u2550\u2550\u2550\u255D 
+Intelligence Management Platform
+\x1B[0m
+\x1B[41m -- Your account has not been enabled to use Claude Code, please contact your admin or enable Claude Code in the user settings. --
+\x1B[0m`
+};
+
+// src/registry/routes.ts
 var REQUEST_SIZE_LIMIT = "50mb";
 var global_queues = {
   logs_cleaner: "logs-cleaner"
@@ -3281,8 +3316,8 @@ var createExpressRoutes = async (app, agents, tools, workflows, contexts) => {
         name: agent.name,
         id: agent.id,
         description: agent.description,
-        provider: backend?.model?.provider,
-        model: backend?.model?.modelId,
+        provider: backend?.model?.create({ apiKey: "" }).provider,
+        model: backend?.model?.create({ apiKey: "" }).modelId,
         active: agent.active,
         public: agent.public,
         type: agent.type,
@@ -3290,6 +3325,7 @@ var createExpressRoutes = async (app, agents, tools, workflows, contexts) => {
         rateLimit: backend?.rateLimit,
         streaming: backend?.streaming,
         capabilities: backend?.capabilities,
+        providerApiKey: agent.providerApiKey,
         // todo add contexts
         availableTools: tools,
         enabledTools: agent.tools
@@ -4014,13 +4050,33 @@ var createExpressRoutes = async (app, agents, tools, workflows, contexts) => {
         return;
       }
       console.log("[EXULU] agent tools", agentInstance.tools);
-      const enabledTools = agentInstance.tools.map((tool2) => tools.find(({ id }) => id === tool2)).filter(Boolean);
+      const enabledTools = agentInstance.tools.map(({ config, toolId }) => tools.find(({ id }) => id === toolId)).filter(Boolean);
       console.log("[EXULU] enabled tools", enabledTools);
+      const variableName = agentInstance.providerApiKey;
+      const variable = await db3.from("variables").where({ name: variableName }).first();
+      if (!variable) {
+        res.status(400).json({
+          message: "Provider API key variable not found."
+        });
+        return;
+      }
+      let providerApiKey = variable.value;
+      if (!variable.encrypted) {
+        res.status(400).json({
+          message: "Provider API key variable not encrypted, for security reasons you are only allowed to use encrypted variables for provider API keys."
+        });
+        return;
+      }
+      if (variable.encrypted) {
+        const bytes = CryptoJS3.AES.decrypt(variable.value, process.env.NEXTAUTH_SECRET);
+        providerApiKey = bytes.toString(CryptoJS3.enc.Utf8);
+      }
       if (!!stream) {
         const result = agent.generateStream({
           messages: req.body.messages,
           tools: enabledTools,
-          configs: agentInstance.tools,
+          providerApiKey,
+          toolConfigs: agentInstance.tools,
           statistics: {
             label: agent.name,
             trigger: "agent"
@@ -4032,7 +4088,8 @@ var createExpressRoutes = async (app, agents, tools, workflows, contexts) => {
         const response = await agent.generateSync({
           messages: req.body.messages,
           tools: enabledTools.map((tool2) => tool2.tool),
-          configs: agentInstance.tools,
+          providerApiKey,
+          toolConfigs: agentInstance.tools,
           statistics: {
             label: agent.name,
             trigger: "agent"
@@ -4646,8 +4703,7 @@ var claudeCodeAgent = new ExuluAgent({
 });
 
 // src/templates/agents/claude-opus-4.ts
-import { anthropic } from "@ai-sdk/anthropic";
-import { z as z3 } from "zod";
+import { createAnthropic } from "@ai-sdk/anthropic";
 var agentId2 = "5434-5678-9143-2590";
 var defaultAgent = new ExuluAgent({
   id: `${agentId2}-default-claude-4-opus-agent`,
@@ -4665,17 +4721,21 @@ var defaultAgent = new ExuluAgent({
   config: {
     name: `Default agent`,
     instructions: "You are a helpful assistant.",
-    model: anthropic("claude-4-opus-20250514"),
-    // todo add a field of type string that adds a dropdown list from which the user can select the model
-    // todo for each model, check which provider is used, and require the admin to add one or multiple
-    //   API keys for the provider (which we can then auto-rotate).
-    // todo also add custom fields for rate limiting, so the admin can set custom rate limits for the agent
-    //   and allow him/her to decide if the rate limit is per user or per agent.
-    // todo finally allow switching on or off immutable audit logs on the agent. Which then enables OTEL
-    //   and stores the logs into the pre-defined storage.
-    custom: z3.object({
-      apiKey: z3.string()
-    })
+    model: {
+      create: ({ apiKey }) => {
+        const anthropic2 = createAnthropic({
+          apiKey
+        });
+        return anthropic2("claude-4-opus-20250514");
+      }
+      // todo add a field of type string that adds a dropdown list from which the user can select the model
+      // todo for each model, check which provider is used, and require the admin to add one or multiple
+      //   API keys for the provider (which we can then auto-rotate).
+      // todo also add custom fields for rate limiting, so the admin can set custom rate limits for the agent
+      //   and allow him/her to decide if the rate limit is per user or per agent.
+      // todo finally allow switching on or off immutable audit logs on the agent. Which then enables OTEL
+      //   and stores the logs into the pre-defined storage.
+    }
   }
 });
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@exulu/backend",
   "author": "Qventu Bv.",
-  "version": "1.8.1",
+  "version": "1.9.0",
   "main": "./dist/index.js",
   "private": false,
   "publishConfig": {