@inkeep/agents-api 0.0.0-dev-20260121145510

package/dist/domains/manage/routes/projectFull.js

@@ -0,0 +1,304 @@
+import { getLogger as getLogger$1 } from "../../../logger.js";
+import manageDbClient_default from "../../../data/db/manageDbClient.js";
+import runDbClient_default from "../../../data/db/runDbClient.js";
+import { requireProjectPermission } from "../../../middleware/projectAccess.js";
+import { requirePermission } from "../../../middleware/requirePermission.js";
+import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { ErrorResponseSchema, FullProjectDefinitionSchema, FullProjectSelectResponse, FullProjectSelectWithRelationIdsResponse, TenantParamsSchema, TenantProjectParamsSchema, cascadeDeleteByProject, checkoutBranch, commonGetErrorResponses, createApiError, createFullProjectServerSide, createProjectMetadataAndBranch, deleteFullProject, deleteProjectWithBranch, doltCheckout, getFullProject, getFullProjectWithRelationIds, getProjectMainBranchName, getProjectMetadata, updateFullProjectServerSide } from "@inkeep/agents-core";
+
+//#region src/domains/manage/routes/projectFull.ts
+const logger = getLogger$1("projectFull");
+const app = new OpenAPIHono();
+app.use("/project-full", async (c, next) => {
+	if (c.req.method === "POST") return requirePermission({ project: ["create"] })(c, next);
+	return next();
+});
+app.use("/project-full/:projectId", async (c, next) => {
+	if (c.req.method === "PUT") return requireProjectPermission("edit")(c, next);
+	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
+	return next();
+});
+app.openapi(createRoute({
+	method: "post",
+	path: "/project-full",
+	summary: "Create Full Project",
+	operationId: "create-full-project",
+	tags: ["Full Project"],
+	description: "Create a complete project with all Agents, Sub Agents, tools, and relationships from JSON definition",
+	request: {
+		params: TenantParamsSchema,
+		body: { content: { "application/json": { schema: FullProjectDefinitionSchema } } }
+	},
+	responses: {
+		201: {
+			description: "Full project created successfully",
+			content: { "application/json": { schema: FullProjectSelectResponse } }
+		},
+		409: {
+			description: "Project already exists",
+			content: { "application/json": { schema: ErrorResponseSchema } }
+		},
+		...commonGetErrorResponses
+	}
+}), async (c) => {
+	const configDb = c.get("db");
+	const userId = c.get("userId");
+	const { tenantId } = c.req.valid("param");
+	const projectData = c.req.valid("json");
+	const validatedProjectData = FullProjectDefinitionSchema.parse(projectData);
+	try {
+		await createProjectMetadataAndBranch(runDbClient_default, configDb)({
+			tenantId,
+			projectId: validatedProjectData.id,
+			createdBy: userId
+		});
+		logger.info({
+			tenantId,
+			projectId: validatedProjectData.id
+		}, "Created project with branch, now populating config");
+		const projectMainBranch = getProjectMainBranchName(tenantId, validatedProjectData.id);
+		await checkoutBranch(configDb)({
+			branchName: projectMainBranch,
+			autoCommitPending: true
+		});
+		const newResolvedRef = {
+			type: "branch",
+			name: projectMainBranch,
+			hash: ""
+		};
+		c.set("resolvedRef", newResolvedRef);
+		logger.debug({ projectMainBranch }, "Checked out project branch for config writes");
+		const createdProject = await createFullProjectServerSide(configDb)({
+			scopes: {
+				tenantId,
+				projectId: validatedProjectData.id
+			},
+			projectData: validatedProjectData
+		});
+		return c.json({ data: createdProject }, 201);
+	} catch (error) {
+		logger.error({ error }, "Error creating project");
+		if (error?.cause?.code === "23505" || error?.message?.includes("already exists")) throw createApiError({
+			code: "conflict",
+			message: `Project with ID '${projectData.id}' already exists`
+		});
+		throw error;
+	}
+});
+app.openapi(createRoute({
+	method: "get",
+	path: "/project-full/{projectId}",
+	summary: "Get Full Project",
+	operationId: "get-full-project",
+	tags: ["Full Project"],
+	description: "Retrieve a complete project definition with all Agents, Sub Agents, tools, and relationships",
+	request: { params: TenantProjectParamsSchema },
+	responses: {
+		200: {
+			description: "Full project found",
+			content: { "application/json": { schema: FullProjectSelectResponse } }
+		},
+		...commonGetErrorResponses
+	}
+}), async (c) => {
+	const { tenantId, projectId } = c.req.valid("param");
+	const db = c.get("db");
+	try {
+		const project = await getFullProject(db)({ scopes: {
+			tenantId,
+			projectId
+		} });
+		if (!project) throw createApiError({
+			code: "not_found",
+			message: "Project not found"
+		});
+		return c.json({ data: project });
+	} catch (error) {
+		if (error instanceof Error && error.message.includes("not found")) throw createApiError({
+			code: "not_found",
+			message: "Project not found"
+		});
+		throw createApiError({
+			code: "internal_server_error",
+			message: error instanceof Error ? error.message : "Failed to retrieve project"
+		});
+	}
+});
+app.openapi(createRoute({
+	method: "get",
+	path: "/project-full/{projectId}/with-relation-ids",
+	summary: "Get Full Project with Relation IDs",
+	operationId: "get-full-project-with-relation-ids",
+	tags: ["Full Project"],
+	description: "Retrieve a complete project definition with all Agents, Sub Agents, tools, and relationships",
+	request: { params: TenantProjectParamsSchema },
+	responses: {
+		200: {
+			description: "Full project found",
+			content: { "application/json": { schema: FullProjectSelectWithRelationIdsResponse } }
+		},
+		...commonGetErrorResponses
+	}
+}), async (c) => {
+	const { tenantId, projectId } = c.req.valid("param");
+	const db = c.get("db");
+	try {
+		const project = await getFullProjectWithRelationIds(db)({ scopes: {
+			tenantId,
+			projectId
+		} });
+		if (!project) throw createApiError({
+			code: "not_found",
+			message: "Project not found"
+		});
+		return c.json({ data: project });
+	} catch (error) {
+		if (error instanceof Error && error.message.includes("not found")) throw createApiError({
+			code: "not_found",
+			message: "Project not found"
+		});
+		throw createApiError({
+			code: "internal_server_error",
+			message: error instanceof Error ? error.message : "Failed to retrieve project"
+		});
+	}
+});
+app.openapi(createRoute({
+	method: "put",
+	path: "/project-full/{projectId}",
+	summary: "Update Full Project",
+	operationId: "update-full-project",
+	tags: ["Full Project"],
+	description: "Update or create a complete project with all Agents, Sub Agents, tools, and relationships from JSON definition",
+	request: {
+		params: TenantProjectParamsSchema,
+		body: { content: { "application/json": { schema: FullProjectDefinitionSchema } } }
+	},
+	responses: {
+		200: {
+			description: "Full project updated successfully",
+			content: { "application/json": { schema: FullProjectSelectResponse } }
+		},
+		201: {
+			description: "Full project created successfully",
+			content: { "application/json": { schema: FullProjectSelectResponse } }
+		},
+		...commonGetErrorResponses
+	}
+}), async (c) => {
+	const { tenantId, projectId } = c.req.valid("param");
+	const projectData = c.req.valid("json");
+	const configDb = c.get("db");
+	const userId = c.get("userId");
+	try {
+		const validatedProjectData = FullProjectDefinitionSchema.parse(projectData);
+		if (projectId !== validatedProjectData.id) throw createApiError({
+			code: "bad_request",
+			message: `Project ID mismatch: expected ${projectId}, got ${validatedProjectData.id}`
+		});
+		const isCreate = !await getProjectMetadata(runDbClient_default)({
+			tenantId,
+			projectId
+		});
+		if (isCreate) {
+			await createProjectMetadataAndBranch(runDbClient_default, configDb)({
+				tenantId,
+				projectId,
+				createdBy: userId
+			});
+			logger.info({
+				tenantId,
+				projectId
+			}, "Created project with branch for PUT (upsert)");
+			const projectMainBranch = getProjectMainBranchName(tenantId, projectId);
+			await checkoutBranch(configDb)({
+				branchName: projectMainBranch,
+				autoCommitPending: true
+			});
+		}
+		const updatedProject = isCreate ? await createFullProjectServerSide(configDb)({
+			scopes: {
+				tenantId,
+				projectId
+			},
+			projectData: validatedProjectData
+		}) : await updateFullProjectServerSide(configDb)({
+			scopes: {
+				tenantId,
+				projectId
+			},
+			projectData: validatedProjectData
+		});
+		return c.json({ data: updatedProject }, isCreate ? 201 : 200);
+	} catch (error) {
+		if (error instanceof z.ZodError) throw createApiError({
+			code: "bad_request",
+			message: "Invalid project definition"
+		});
+		if (error instanceof Error && error.message.includes("ID mismatch")) throw createApiError({
+			code: "bad_request",
+			message: error.message
+		});
+		throw createApiError({
+			code: "internal_server_error",
+			message: error instanceof Error ? error.message : "Failed to update project"
+		});
+	}
+});
+app.openapi(createRoute({
+	method: "delete",
+	path: "/project-full/{projectId}",
+	summary: "Delete Full Project",
+	operationId: "delete-full-project",
+	tags: ["Full Project"],
+	description: "Delete a complete project and cascade to all related entities (Agents, Sub Agents, tools, relationships)",
+	request: { params: TenantProjectParamsSchema },
+	responses: {
+		204: { description: "Project deleted successfully" },
+		...commonGetErrorResponses
+	}
+}), async (c) => {
+	const { tenantId, projectId } = c.req.valid("param");
+	const configDb = c.get("db");
+	const resolvedRef = c.get("resolvedRef");
+	const expectedMainBranch = `${tenantId}_${projectId}_main`;
+	if (resolvedRef?.name !== expectedMainBranch) throw createApiError({
+		code: "bad_request",
+		message: "Project deletion must be performed from the main branch"
+	});
+	try {
+		await cascadeDeleteByProject(runDbClient_default)({
+			scopes: {
+				tenantId,
+				projectId
+			},
+			fullBranchName: resolvedRef.name
+		});
+		await deleteFullProject(configDb)({ scopes: {
+			tenantId,
+			projectId
+		} });
+		await doltCheckout(configDb)({ branch: "main" });
+		if (!await deleteProjectWithBranch(runDbClient_default, manageDbClient_default)({
+			tenantId,
+			projectId
+		})) throw createApiError({
+			code: "not_found",
+			message: "Project not found"
+		});
+		return c.body(null, 204);
+	} catch (error) {
+		if (error instanceof Error && error.message.includes("not found")) throw createApiError({
+			code: "not_found",
+			message: "Project not found"
+		});
+		throw createApiError({
+			code: "internal_server_error",
+			message: error instanceof Error ? error.message : "Failed to delete project"
+		});
+	}
+});
+var projectFull_default = app;
+
+//#endregion
+export { projectFull_default as default };

package/dist/domains/manage/routes/projectMembers.d.ts

@@ -0,0 +1,9 @@
+import { ManageAppVariables } from "../../../types/app.js";
+import { OpenAPIHono } from "@hono/zod-openapi";
+
+//#region src/domains/manage/routes/projectMembers.d.ts
+declare const app: OpenAPIHono<{
+  Variables: ManageAppVariables;
+}, {}, "/">;
+//#endregion
+export { app as default };

package/dist/domains/manage/routes/projectMembers.js

@@ -0,0 +1,201 @@
+import { requireProjectPermission } from "../../../middleware/projectAccess.js";
+import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { changeProjectRole, commonGetErrorResponses, createApiError, grantProjectAccess, isAuthzEnabled, listProjectMembers, revokeProjectAccess } from "@inkeep/agents-core";
+
+//#region src/domains/manage/routes/projectMembers.ts
+const app = new OpenAPIHono();
+const ProjectMemberSchema = z.object({
+	userId: z.string().min(1),
+	role: z.enum([
+		"project_admin",
+		"project_member",
+		"project_viewer"
+	])
+});
+const ProjectMemberResponseSchema = z.object({ data: z.object({
+	userId: z.string(),
+	role: z.enum([
+		"project_admin",
+		"project_member",
+		"project_viewer"
+	]),
+	projectId: z.string()
+}) });
+const ProjectMemberParamsSchema = z.object({
+	tenantId: z.string(),
+	projectId: z.string()
+});
+const ProjectMemberUserParamsSchema = z.object({
+	tenantId: z.string(),
+	projectId: z.string(),
+	userId: z.string()
+});
+const UpdateRoleSchema = z.object({
+	role: z.enum([
+		"project_admin",
+		"project_member",
+		"project_viewer"
+	]),
+	previousRole: z.enum([
+		"project_admin",
+		"project_member",
+		"project_viewer"
+	]).optional()
+});
+app.openapi(createRoute({
+	method: "get",
+	path: "/",
+	summary: "List Project Members",
+	description: "List all users with explicit project access. Requires authz to be enabled.",
+	operationId: "list-project-members",
+	tags: ["Project Members"],
+	request: { params: ProjectMemberParamsSchema },
+	responses: {
+		200: {
+			description: "List of project members",
+			content: { "application/json": { schema: z.object({ data: z.array(z.object({
+				userId: z.string(),
+				role: z.enum([
+					"project_admin",
+					"project_member",
+					"project_viewer"
+				])
+			})) }) } }
+		},
+		...commonGetErrorResponses
+	}
+}), async (c) => {
+	const { projectId, tenantId } = c.req.valid("param");
+	if (!isAuthzEnabled(tenantId)) return c.json({ data: [] });
+	const members = await listProjectMembers({
+		tenantId,
+		projectId
+	});
+	return c.json({ data: members });
+});
+app.use("/*", async (c, next) => {
+	if (c.req.method === "GET") return next();
+	return requireProjectPermission("edit")(c, next);
+});
+app.openapi(createRoute({
+	method: "post",
+	path: "/",
+	summary: "Add Project Member",
+	description: "Add a user to a project with a specified role. Requires authz to be enabled.",
+	operationId: "add-project-member",
+	tags: ["Project Members"],
+	request: {
+		params: ProjectMemberParamsSchema,
+		body: { content: { "application/json": { schema: ProjectMemberSchema } } }
+	},
+	responses: {
+		201: {
+			description: "Member added successfully",
+			content: { "application/json": { schema: ProjectMemberResponseSchema } }
+		},
+		...commonGetErrorResponses
+	}
+}), async (c) => {
+	const { projectId, tenantId } = c.req.valid("param");
+	const { userId, role } = c.req.valid("json");
+	if (!isAuthzEnabled(tenantId)) throw createApiError({
+		code: "bad_request",
+		message: "Project member management requires authorization to be enabled (ENABLE_AUTHZ=true)"
+	});
+	await grantProjectAccess({
+		tenantId,
+		projectId,
+		userId,
+		role
+	});
+	return c.json({ data: {
+		userId,
+		role,
+		projectId
+	} }, 201);
+});
+app.openapi(createRoute({
+	method: "patch",
+	path: "/{userId}",
+	summary: "Update Project Member Role",
+	description: "Update a project member's role. Requires authz to be enabled. Include previousRole to specify which role to revoke.",
+	operationId: "update-project-member",
+	tags: ["Project Members"],
+	request: {
+		params: ProjectMemberUserParamsSchema,
+		body: { content: { "application/json": { schema: UpdateRoleSchema } } }
+	},
+	responses: {
+		200: {
+			description: "Member role updated successfully",
+			content: { "application/json": { schema: ProjectMemberResponseSchema } }
+		},
+		...commonGetErrorResponses
+	}
+}), async (c) => {
+	const { projectId, userId, tenantId } = c.req.valid("param");
+	const { role: newRole, previousRole } = c.req.valid("json");
+	if (!isAuthzEnabled(tenantId)) throw createApiError({
+		code: "bad_request",
+		message: "Project member management requires authorization to be enabled (ENABLE_AUTHZ=true)"
+	});
+	if (!previousRole) throw createApiError({
+		code: "bad_request",
+		message: "previousRole is required to update a member role"
+	});
+	if (previousRole === newRole) return c.json({ data: {
+		userId,
+		role: newRole,
+		projectId
+	} });
+	await changeProjectRole({
+		tenantId,
+		projectId,
+		userId,
+		oldRole: previousRole,
+		newRole
+	});
+	return c.json({ data: {
+		userId,
+		role: newRole,
+		projectId
+	} });
+});
+app.openapi(createRoute({
+	method: "delete",
+	path: "/{userId}",
+	summary: "Remove Project Member",
+	description: "Remove a user from a project. Requires authz to be enabled. Pass role as query param to specify which role to revoke.",
+	operationId: "remove-project-member",
+	tags: ["Project Members"],
+	request: {
+		params: ProjectMemberUserParamsSchema,
+		query: z.object({ role: z.enum([
+			"project_admin",
+			"project_member",
+			"project_viewer"
+		]) })
+	},
+	responses: {
+		204: { description: "Member removed successfully" },
+		...commonGetErrorResponses
+	}
+}), async (c) => {
+	const { projectId, userId, tenantId } = c.req.valid("param");
+	const { role } = c.req.valid("query");
+	if (!isAuthzEnabled(tenantId)) throw createApiError({
+		code: "bad_request",
+		message: "Project member management requires authorization to be enabled (ENABLE_AUTHZ=true)"
+	});
+	await revokeProjectAccess({
+		tenantId,
+		projectId,
+		userId,
+		role
+	});
+	return c.body(null, 204);
+});
+var projectMembers_default = app;
+
+//#endregion
+export { projectMembers_default as default };

package/dist/domains/manage/routes/projectPermissions.d.ts

@@ -0,0 +1,9 @@
+import { ManageAppVariables } from "../../../types/app.js";
+import { OpenAPIHono } from "@hono/zod-openapi";
+
+//#region src/domains/manage/routes/projectPermissions.d.ts
+declare const app: OpenAPIHono<{
+  Variables: ManageAppVariables;
+}, {}, "/">;
+//#endregion
+export { app as default };

package/dist/domains/manage/routes/projectPermissions.js

@@ -0,0 +1,68 @@
+import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { SpiceDbPermissions, SpiceDbResourceTypes, checkBulkPermissions, commonGetErrorResponses, createApiError, isAuthzEnabled } from "@inkeep/agents-core";
+
+//#region src/domains/manage/routes/projectPermissions.ts
+const app = new OpenAPIHono();
+const ProjectPermissionsParamsSchema = z.object({
+	tenantId: z.string(),
+	projectId: z.string()
+});
+const ProjectPermissionsResponseSchema = z.object({ data: z.object({
+	canView: z.boolean(),
+	canUse: z.boolean(),
+	canEdit: z.boolean()
+}) });
+app.openapi(createRoute({
+	method: "get",
+	path: "/",
+	summary: "Get Project Permissions",
+	description: "Get the current user's permissions for a project. Returns which actions the user can perform.",
+	operationId: "get-project-permissions",
+	tags: ["Project Permissions"],
+	request: { params: ProjectPermissionsParamsSchema },
+	responses: {
+		200: {
+			description: "Project permissions for the current user",
+			content: { "application/json": { schema: ProjectPermissionsResponseSchema } }
+		},
+		...commonGetErrorResponses
+	}
+}), async (c) => {
+	const { projectId, tenantId } = c.req.valid("param");
+	const userId = c.get("userId");
+	const tenantRole = c.get("tenantRole");
+	if (tenantRole === "owner" || tenantRole === "admin") return c.json({ data: {
+		canView: true,
+		canUse: true,
+		canEdit: true
+	} });
+	if (!isAuthzEnabled(tenantId)) return c.json({ data: {
+		canView: true,
+		canUse: true,
+		canEdit: false
+	} });
+	if (!userId) throw createApiError({
+		code: "unauthorized",
+		message: "User not found"
+	});
+	const permissions = await checkBulkPermissions({
+		resourceType: SpiceDbResourceTypes.PROJECT,
+		resourceId: projectId,
+		permissions: [
+			SpiceDbPermissions.VIEW,
+			SpiceDbPermissions.USE,
+			SpiceDbPermissions.EDIT
+		],
+		subjectType: SpiceDbResourceTypes.USER,
+		subjectId: userId
+	});
+	return c.json({ data: {
+		canView: permissions[SpiceDbPermissions.VIEW] ?? false,
+		canUse: permissions[SpiceDbPermissions.USE] ?? false,
+		canEdit: permissions[SpiceDbPermissions.EDIT] ?? false
+	} });
+});
+var projectPermissions_default = app;
+
+//#endregion
+export { projectPermissions_default as default };

package/dist/domains/manage/routes/projects.d.ts

@@ -0,0 +1,9 @@
+import { ManageAppVariables } from "../../../types/app.js";
+import { OpenAPIHono } from "@hono/zod-openapi";
+
+//#region src/domains/manage/routes/projects.d.ts
+declare const app: OpenAPIHono<{
+  Variables: ManageAppVariables;
+}, {}, "/">;
+//#endregion
+export { app as default };