npm - @inkeep/agents-api - Versions diffs - 0.0.0-dev-20260121145510 - Mend

@inkeep/agents-api 0.0.0-dev-20260121145510

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (352) hide show

package/LICENSE.md +56 -0
package/SUPPLEMENTAL_TERMS.md +40 -0
package/dist/.well-known/workflow/v1/flow.cjs +46383 -0
package/dist/.well-known/workflow/v1/flow.cjs.debug.json +6 -0
package/dist/.well-known/workflow/v1/manifest.debug.json +55 -0
package/dist/.well-known/workflow/v1/step.cjs +218683 -0
package/dist/.well-known/workflow/v1/step.cjs.debug.json +6 -0
package/dist/.well-known/workflow/v1/webhook.mjs +29 -0
package/dist/createApp.d.ts +10 -0
package/dist/createApp.js +170 -0
package/dist/data/db/index.d.ts +4 -0
package/dist/data/db/index.js +5 -0
package/dist/data/db/manageDbClient.d.ts +6 -0
package/dist/data/db/manageDbClient.js +9 -0
package/dist/data/db/manageDbPool.d.ts +6 -0
package/dist/data/db/manageDbPool.js +9 -0
package/dist/data/db/runDbClient.d.ts +6 -0
package/dist/data/db/runDbClient.js +9 -0
package/dist/domains/evals/index.d.ts +13 -0
package/dist/domains/evals/index.js +13 -0
package/dist/domains/evals/routes/datasetTriggers.d.ts +7 -0
package/dist/domains/evals/routes/datasetTriggers.js +65 -0
package/dist/domains/evals/routes/evaluationTriggers.d.ts +11 -0
package/dist/domains/evals/routes/evaluationTriggers.js +311 -0
package/dist/domains/evals/routes/index.d.ts +7 -0
package/dist/domains/evals/routes/index.js +12 -0
package/dist/domains/evals/scripts/build-workflow.d.ts +1 -0
package/dist/domains/evals/scripts/build-workflow.js +31 -0
package/dist/domains/evals/services/EvaluationService.d.ts +96 -0
package/dist/domains/evals/services/EvaluationService.js +863 -0
package/dist/domains/evals/services/conversationEvaluation.d.ts +15 -0
package/dist/domains/evals/services/conversationEvaluation.js +102 -0
package/dist/domains/evals/services/datasetRun.d.ts +16 -0
package/dist/domains/evals/services/datasetRun.js +43 -0
package/dist/domains/evals/services/evaluationJob.d.ts +17 -0
package/dist/domains/evals/services/evaluationJob.js +65 -0
package/dist/domains/evals/services/startEvaluation.d.ts +19 -0
package/dist/domains/evals/services/startEvaluation.js +18 -0
package/dist/domains/evals/workflow/functions/evaluateConversation.d.ts +31 -0
package/dist/domains/evals/workflow/functions/evaluateConversation.js +135 -0
package/dist/domains/evals/workflow/functions/runDatasetItem.d.ts +39 -0
package/dist/domains/evals/workflow/functions/runDatasetItem.js +205 -0
package/dist/domains/evals/workflow/index.d.ts +4 -0
package/dist/domains/evals/workflow/index.js +5 -0
package/dist/domains/evals/workflow/routes.d.ts +7 -0
package/dist/domains/evals/workflow/routes.js +106 -0
package/dist/domains/evals/workflow/world.d.ts +4 -0
package/dist/domains/evals/workflow/world.js +36 -0
package/dist/domains/index.d.ts +4 -0
package/dist/domains/index.js +5 -0
package/dist/domains/manage/index.d.ts +12 -0
package/dist/domains/manage/index.js +31 -0
package/dist/domains/manage/routes/agent.d.ts +9 -0
package/dist/domains/manage/routes/agent.js +266 -0
package/dist/domains/manage/routes/agentFull.d.ts +9 -0
package/dist/domains/manage/routes/agentFull.js +207 -0
package/dist/domains/manage/routes/agentToolRelations.d.ts +9 -0
package/dist/domains/manage/routes/agentToolRelations.js +289 -0
package/dist/domains/manage/routes/apiKeys.d.ts +9 -0
package/dist/domains/manage/routes/apiKeys.js +217 -0
package/dist/domains/manage/routes/artifactComponents.d.ts +9 -0
package/dist/domains/manage/routes/artifactComponents.js +210 -0
package/dist/domains/manage/routes/branches.d.ts +9 -0
package/dist/domains/manage/routes/branches.js +182 -0
package/dist/domains/manage/routes/cliAuth.d.ts +9 -0
package/dist/domains/manage/routes/cliAuth.js +60 -0
package/dist/domains/manage/routes/contextConfigs.d.ts +9 -0
package/dist/domains/manage/routes/contextConfigs.js +189 -0
package/dist/domains/manage/routes/conversations.d.ts +7 -0
package/dist/domains/manage/routes/conversations.js +59 -0
package/dist/domains/manage/routes/credentialStores.d.ts +9 -0
package/dist/domains/manage/routes/credentialStores.js +86 -0
package/dist/domains/manage/routes/credentials.d.ts +9 -0
package/dist/domains/manage/routes/credentials.js +207 -0
package/dist/domains/manage/routes/dataComponents.d.ts +9 -0
package/dist/domains/manage/routes/dataComponents.js +192 -0
package/dist/domains/manage/routes/evals/datasetItems.d.ts +9 -0
package/dist/domains/manage/routes/evals/datasetItems.js +310 -0
package/dist/domains/manage/routes/evals/datasetRunConfigs.d.ts +9 -0
package/dist/domains/manage/routes/evals/datasetRunConfigs.js +402 -0
package/dist/domains/manage/routes/evals/datasetRuns.d.ts +9 -0
package/dist/domains/manage/routes/evals/datasetRuns.js +256 -0
package/dist/domains/manage/routes/evals/datasets.d.ts +9 -0
package/dist/domains/manage/routes/evals/datasets.js +238 -0
package/dist/domains/manage/routes/evals/evaluationJobConfigEvaluatorRelations.d.ts +9 -0
package/dist/domains/manage/routes/evals/evaluationJobConfigEvaluatorRelations.js +146 -0
package/dist/domains/manage/routes/evals/evaluationJobConfigs.d.ts +9 -0
package/dist/domains/manage/routes/evals/evaluationJobConfigs.js +364 -0
package/dist/domains/manage/routes/evals/evaluationResults.d.ts +7 -0
package/dist/domains/manage/routes/evals/evaluationResults.js +192 -0
package/dist/domains/manage/routes/evals/evaluationRunConfigs.d.ts +9 -0
package/dist/domains/manage/routes/evals/evaluationRunConfigs.js +403 -0
package/dist/domains/manage/routes/evals/evaluationSuiteConfigEvaluatorRelations.d.ts +9 -0
package/dist/domains/manage/routes/evals/evaluationSuiteConfigEvaluatorRelations.js +146 -0
package/dist/domains/manage/routes/evals/evaluationSuiteConfigs.d.ts +9 -0
package/dist/domains/manage/routes/evals/evaluationSuiteConfigs.js +246 -0
package/dist/domains/manage/routes/evals/evaluators.d.ts +9 -0
package/dist/domains/manage/routes/evals/evaluators.js +281 -0
package/dist/domains/manage/routes/evals/index.d.ts +9 -0
package/dist/domains/manage/routes/evals/index.js +26 -0
package/dist/domains/manage/routes/externalAgents.d.ts +9 -0
package/dist/domains/manage/routes/externalAgents.js +199 -0
package/dist/domains/manage/routes/functionTools.d.ts +9 -0
package/dist/domains/manage/routes/functionTools.js +256 -0
package/dist/domains/manage/routes/functions.d.ts +9 -0
package/dist/domains/manage/routes/functions.js +285 -0
package/dist/domains/manage/routes/index.d.ts +7 -0
package/dist/domains/manage/routes/index.js +68 -0
package/dist/domains/manage/routes/invitations.d.ts +9 -0
package/dist/domains/manage/routes/invitations.js +41 -0
package/dist/domains/manage/routes/mcp.d.ts +7 -0
package/dist/domains/manage/routes/mcp.js +45 -0
package/dist/domains/manage/routes/mcpCatalog.d.ts +9 -0
package/dist/domains/manage/routes/mcpCatalog.js +454 -0
package/dist/domains/manage/routes/oauth.d.ts +10 -0
package/dist/domains/manage/routes/oauth.js +327 -0
package/dist/domains/manage/routes/playgroundToken.d.ts +9 -0
package/dist/domains/manage/routes/playgroundToken.js +127 -0
package/dist/domains/manage/routes/projectFull.d.ts +9 -0
package/dist/domains/manage/routes/projectFull.js +304 -0
package/dist/domains/manage/routes/projectMembers.d.ts +9 -0
package/dist/domains/manage/routes/projectMembers.js +201 -0
package/dist/domains/manage/routes/projectPermissions.d.ts +9 -0
package/dist/domains/manage/routes/projectPermissions.js +68 -0
package/dist/domains/manage/routes/projects.d.ts +9 -0
package/dist/domains/manage/routes/projects.js +279 -0
package/dist/domains/manage/routes/ref.d.ts +9 -0
package/dist/domains/manage/routes/ref.js +33 -0
package/dist/domains/manage/routes/signoz.d.ts +10 -0
package/dist/domains/manage/routes/signoz.js +159 -0
package/dist/domains/manage/routes/subAgentArtifactComponents.d.ts +9 -0
package/dist/domains/manage/routes/subAgentArtifactComponents.js +202 -0
package/dist/domains/manage/routes/subAgentDataComponents.d.ts +9 -0
package/dist/domains/manage/routes/subAgentDataComponents.js +201 -0
package/dist/domains/manage/routes/subAgentExternalAgentRelations.d.ts +9 -0
package/dist/domains/manage/routes/subAgentExternalAgentRelations.js +216 -0
package/dist/domains/manage/routes/subAgentFunctionTools.d.ts +9 -0
package/dist/domains/manage/routes/subAgentFunctionTools.js +205 -0
package/dist/domains/manage/routes/subAgentRelations.d.ts +9 -0
package/dist/domains/manage/routes/subAgentRelations.js +263 -0
package/dist/domains/manage/routes/subAgentTeamAgentRelations.d.ts +9 -0
package/dist/domains/manage/routes/subAgentTeamAgentRelations.js +216 -0
package/dist/domains/manage/routes/subAgentToolRelations.d.ts +9 -0
package/dist/domains/manage/routes/subAgentToolRelations.js +289 -0
package/dist/domains/manage/routes/subAgents.d.ts +9 -0
package/dist/domains/manage/routes/subAgents.js +220 -0
package/dist/domains/manage/routes/thirdPartyMCPServers.d.ts +9 -0
package/dist/domains/manage/routes/thirdPartyMCPServers.js +72 -0
package/dist/domains/manage/routes/tools.d.ts +9 -0
package/dist/domains/manage/routes/tools.js +261 -0
package/dist/domains/manage/routes/triggers.d.ts +9 -0
package/dist/domains/manage/routes/triggers.js +455 -0
package/dist/domains/manage/routes/userOrganizations.d.ts +9 -0
package/dist/domains/manage/routes/userOrganizations.js +58 -0
package/dist/domains/run/a2a/client.d.ts +186 -0
package/dist/domains/run/a2a/client.js +524 -0
package/dist/domains/run/a2a/handlers.d.ts +7 -0
package/dist/domains/run/a2a/handlers.js +574 -0
package/dist/domains/run/a2a/transfer.d.ts +27 -0
package/dist/domains/run/a2a/transfer.js +50 -0
package/dist/domains/run/a2a/types.d.ts +75 -0
package/dist/domains/run/a2a/types.js +22 -0
package/dist/domains/run/agents/Agent.d.ts +273 -0
package/dist/domains/run/agents/Agent.js +2104 -0
package/dist/domains/run/agents/ModelFactory.d.ts +63 -0
package/dist/domains/run/agents/ModelFactory.js +194 -0
package/dist/domains/run/agents/SystemPromptBuilder.d.ts +21 -0
package/dist/domains/run/agents/SystemPromptBuilder.js +48 -0
package/dist/domains/run/agents/ToolSessionManager.d.ts +63 -0
package/dist/domains/run/agents/ToolSessionManager.js +146 -0
package/dist/domains/run/agents/generateTaskHandler.d.ts +44 -0
package/dist/domains/run/agents/generateTaskHandler.js +396 -0
package/dist/domains/run/agents/relationTools.d.ts +64 -0
package/dist/domains/run/agents/relationTools.js +365 -0
package/dist/domains/run/agents/types.d.ts +31 -0
package/dist/domains/run/agents/types.js +1 -0
package/dist/domains/run/agents/versions/v1/Phase1Config.d.ts +29 -0
package/dist/domains/run/agents/versions/v1/Phase1Config.js +458 -0
package/dist/domains/run/agents/versions/v1/Phase2Config.d.ts +33 -0
package/dist/domains/run/agents/versions/v1/Phase2Config.js +341 -0
package/dist/domains/run/constants/execution-limits/defaults.d.ts +51 -0
package/dist/domains/run/constants/execution-limits/defaults.js +52 -0
package/dist/domains/run/constants/execution-limits/index.d.ts +6 -0
package/dist/domains/run/constants/execution-limits/index.js +21 -0
package/dist/domains/run/context/ContextFetcher.d.ts +68 -0
package/dist/domains/run/context/ContextFetcher.js +276 -0
package/dist/domains/run/context/ContextResolver.d.ts +56 -0
package/dist/domains/run/context/ContextResolver.js +273 -0
package/dist/domains/run/context/context.d.ts +19 -0
package/dist/domains/run/context/context.js +108 -0
package/dist/domains/run/context/contextCache.d.ts +56 -0
package/dist/domains/run/context/contextCache.js +174 -0
package/dist/domains/run/context/index.d.ts +6 -0
package/dist/domains/run/context/index.js +7 -0
package/dist/domains/run/context/validation.d.ts +39 -0
package/dist/domains/run/context/validation.js +255 -0
package/dist/domains/run/data/agent.d.ts +7 -0
package/dist/domains/run/data/agent.js +67 -0
package/dist/domains/run/data/agents.d.ts +34 -0
package/dist/domains/run/data/agents.js +131 -0
package/dist/domains/run/data/conversations.d.ts +129 -0
package/dist/domains/run/data/conversations.js +517 -0
package/dist/domains/run/handlers/executionHandler.d.ts +44 -0
package/dist/domains/run/handlers/executionHandler.js +485 -0
package/dist/domains/run/index.d.ts +13 -0
package/dist/domains/run/index.js +21 -0
package/dist/domains/run/routes/agents.d.ts +13 -0
package/dist/domains/run/routes/agents.js +141 -0
package/dist/domains/run/routes/chat.d.ts +14 -0
package/dist/domains/run/routes/chat.js +300 -0
package/dist/domains/run/routes/chatDataStream.d.ts +14 -0
package/dist/domains/run/routes/chatDataStream.js +381 -0
package/dist/domains/run/routes/mcp.d.ts +14 -0
package/dist/domains/run/routes/mcp.js +483 -0
package/dist/domains/run/routes/webhooks.d.ts +15 -0
package/dist/domains/run/routes/webhooks.js +416 -0
package/dist/domains/run/services/AgentSession.d.ts +354 -0
package/dist/domains/run/services/AgentSession.js +1203 -0
package/dist/domains/run/services/ArtifactParser.d.ts +105 -0
package/dist/domains/run/services/ArtifactParser.js +338 -0
package/dist/domains/run/services/ArtifactService.d.ts +122 -0
package/dist/domains/run/services/ArtifactService.js +629 -0
package/dist/domains/run/services/BaseCompressor.d.ts +183 -0
package/dist/domains/run/services/BaseCompressor.js +500 -0
package/dist/domains/run/services/ConversationCompressor.d.ts +32 -0
package/dist/domains/run/services/ConversationCompressor.js +91 -0
package/dist/domains/run/services/IncrementalStreamParser.d.ts +98 -0
package/dist/domains/run/services/IncrementalStreamParser.js +327 -0
package/dist/domains/run/services/MidGenerationCompressor.d.ts +63 -0
package/dist/domains/run/services/MidGenerationCompressor.js +104 -0
package/dist/domains/run/services/PendingToolApprovalManager.d.ts +62 -0
package/dist/domains/run/services/PendingToolApprovalManager.js +133 -0
package/dist/domains/run/services/ResponseFormatter.d.ts +39 -0
package/dist/domains/run/services/ResponseFormatter.js +152 -0
package/dist/domains/run/services/evaluationRunConfigMatcher.d.ts +4 -0
package/dist/domains/run/services/evaluationRunConfigMatcher.js +7 -0
package/dist/domains/run/tools/NativeSandboxExecutor.d.ts +38 -0
package/dist/domains/run/tools/NativeSandboxExecutor.js +432 -0
package/dist/domains/run/tools/SandboxExecutorFactory.d.ts +36 -0
package/dist/domains/run/tools/SandboxExecutorFactory.js +80 -0
package/dist/domains/run/tools/VercelSandboxExecutor.d.ts +71 -0
package/dist/domains/run/tools/VercelSandboxExecutor.js +340 -0
package/dist/domains/run/tools/distill-conversation-history-tool.d.ts +62 -0
package/dist/domains/run/tools/distill-conversation-history-tool.js +206 -0
package/dist/domains/run/tools/distill-conversation-tool.d.ts +41 -0
package/dist/domains/run/tools/distill-conversation-tool.js +141 -0
package/dist/domains/run/tools/sandbox-utils.d.ts +18 -0
package/dist/domains/run/tools/sandbox-utils.js +53 -0
package/dist/domains/run/types/chat.d.ts +27 -0
package/dist/domains/run/types/chat.js +1 -0
package/dist/domains/run/types/executionContext.d.ts +40 -0
package/dist/domains/run/types/executionContext.js +28 -0
package/dist/domains/run/types/xml.d.ts +5 -0
package/dist/domains/run/utils/SchemaProcessor.d.ts +52 -0
package/dist/domains/run/utils/SchemaProcessor.js +182 -0
package/dist/domains/run/utils/agent-operations.d.ts +62 -0
package/dist/domains/run/utils/agent-operations.js +53 -0
package/dist/domains/run/utils/artifact-component-schema.d.ts +42 -0
package/dist/domains/run/utils/artifact-component-schema.js +186 -0
package/dist/domains/run/utils/cleanup.d.ts +21 -0
package/dist/domains/run/utils/cleanup.js +59 -0
package/dist/domains/run/utils/data-component-schema.d.ts +2 -0
package/dist/domains/run/utils/data-component-schema.js +3 -0
package/dist/domains/run/utils/default-status-schemas.d.ts +20 -0
package/dist/domains/run/utils/default-status-schemas.js +24 -0
package/dist/domains/run/utils/json-postprocessor.d.ts +13 -0
package/dist/domains/run/utils/json-postprocessor.js +19 -0
package/dist/domains/run/utils/model-context-utils.d.ts +39 -0
package/dist/domains/run/utils/model-context-utils.js +181 -0
package/dist/domains/run/utils/model-resolver.d.ts +6 -0
package/dist/domains/run/utils/model-resolver.js +24 -0
package/dist/domains/run/utils/project.d.ts +207 -0
package/dist/domains/run/utils/project.js +315 -0
package/dist/domains/run/utils/schema-validation.d.ts +44 -0
package/dist/domains/run/utils/schema-validation.js +97 -0
package/dist/domains/run/utils/stream-helpers.d.ts +193 -0
package/dist/domains/run/utils/stream-helpers.js +510 -0
package/dist/domains/run/utils/stream-registry.d.ts +22 -0
package/dist/domains/run/utils/stream-registry.js +33 -0
package/dist/domains/run/utils/token-estimator.d.ts +23 -0
package/dist/domains/run/utils/token-estimator.js +17 -0
package/dist/domains/run/utils/tracer.d.ts +7 -0
package/dist/domains/run/utils/tracer.js +7 -0
package/dist/env.d.ts +89 -0
package/dist/env.js +69 -0
package/dist/factory.d.ts +1535 -0
package/dist/factory.js +42 -0
package/dist/index.d.ts +1530 -0
package/dist/index.js +59 -0
package/dist/initialization.d.ts +6 -0
package/dist/initialization.js +65 -0
package/dist/instrumentation.d.ts +17 -0
package/dist/instrumentation.js +68 -0
package/dist/logger.d.ts +2 -0
package/dist/logger.js +3 -0
package/dist/middleware/branchScopedDb.d.ts +31 -0
package/dist/middleware/branchScopedDb.js +137 -0
package/dist/middleware/cors.d.ts +36 -0
package/dist/middleware/cors.js +131 -0
package/dist/middleware/errorHandler.d.ts +12 -0
package/dist/middleware/errorHandler.js +88 -0
package/dist/middleware/evalsAuth.d.ts +16 -0
package/dist/middleware/evalsAuth.js +52 -0
package/dist/middleware/index.d.ts +8 -0
package/dist/middleware/index.js +9 -0
package/dist/middleware/manageAuth.d.ts +25 -0
package/dist/middleware/manageAuth.js +80 -0
package/dist/middleware/projectAccess.d.ts +31 -0
package/dist/middleware/projectAccess.js +118 -0
package/dist/middleware/projectConfig.d.ts +25 -0
package/dist/middleware/projectConfig.js +89 -0
package/dist/middleware/ref.d.ts +61 -0
package/dist/middleware/ref.js +239 -0
package/dist/middleware/requirePermission.d.ts +14 -0
package/dist/middleware/requirePermission.js +80 -0
package/dist/middleware/runAuth.d.ts +29 -0
package/dist/middleware/runAuth.js +253 -0
package/dist/middleware/sessionAuth.d.ts +17 -0
package/dist/middleware/sessionAuth.js +58 -0
package/dist/middleware/tenantAccess.d.ts +22 -0
package/dist/middleware/tenantAccess.js +63 -0
package/dist/middleware/tracing.d.ts +7 -0
package/dist/middleware/tracing.js +50 -0
package/dist/openapi.d.ts +7 -0
package/dist/openapi.js +156 -0
package/dist/ssoHelpers.d.ts +20 -0
package/dist/ssoHelpers.js +51 -0
package/dist/templates/v1/phase1/system-prompt.js +5 -0
package/dist/templates/v1/phase1/thinking-preparation.js +5 -0
package/dist/templates/v1/phase1/tool.js +5 -0
package/dist/templates/v1/phase2/data-component.js +5 -0
package/dist/templates/v1/phase2/data-components.js +5 -0
package/dist/templates/v1/phase2/system-prompt.js +5 -0
package/dist/templates/v1/shared/artifact-retrieval-guidance.js +5 -0
package/dist/templates/v1/shared/artifact.js +5 -0
package/dist/types/app.d.ts +64 -0
package/dist/types/app.js +1 -0
package/dist/types/index.d.ts +2 -0
package/dist/types/index.js +1 -0
package/dist/types/runExecutionContext.d.ts +25 -0
package/dist/types/runExecutionContext.js +28 -0
package/dist/utils/oauthService.d.ts +71 -0
package/dist/utils/oauthService.js +106 -0
package/dist/utils/signozHelpers.d.ts +9 -0
package/dist/utils/signozHelpers.js +33 -0
package/dist/utils/speakeasy.d.ts +93 -0
package/dist/utils/speakeasy.js +44 -0
package/dist/utils/tempApiKeys.d.ts +17 -0
package/dist/utils/tempApiKeys.js +26 -0
package/dist/utils/workflowApiHelpers.d.ts +1 -0
package/dist/utils/workflowApiHelpers.js +1 -0
package/package.json +125 -0

package/dist/middleware/ref.js ADDED Viewed

@@ -0,0 +1,239 @@
+import manageDbClient_default from "../data/db/manageDbClient.js";
+import "../data/db/index.js";
+import { createApiError, ensureBranchExists, getLogger, getProjectScopedRef, getTenantScopedRef, isRefWritable, resolveRef } from "@inkeep/agents-core";
+//#region src/middleware/ref.ts
+const logger = getLogger("ref-middleware");
+/**
+* Default tenant ID extractor - extracts from /tenants/{tenantId} path pattern
+*/
+const defaultExtractTenantId = (c) => {
+	return c.req.path.match(/^\/(?:manage|run)\/tenants\/([^/]+)/)?.[1];
+};
+/**
+* Default project ID extractor - extracts from /tenants/{tenantId}/projects/{projectId} or
+* /tenants/{tenantId}/project-full/{projectId} path patterns
+*/
+const defaultExtractProjectId = (c) => {
+	return c.req.path.match(/^\/(?:manage|run)\/tenants\/[^/]+\/(?:projects|project-full)(?:\/([^/]+))?/)?.[1];
+};
+/**
+* Extract tenantId from the executionContext set by apiKeyAuth middleware.
+*/
+const extractTenantIdFromExecutionContext = (c) => {
+	const executionContext = c.get("executionContext");
+	let tenantId;
+	if (executionContext) tenantId = executionContext.tenantId;
+	else tenantId = defaultExtractTenantId(c);
+	return tenantId;
+};
+/**
+* Extract projectId from the executionContext set by apiKeyAuth middleware.
+*/
+const extractProjectIdFromExecutionContext = (c) => {
+	const executionContext = c.get("executionContext");
+	let projectId;
+	if (executionContext) projectId = executionContext.projectId;
+	else projectId = defaultExtractProjectId(c);
+	return projectId;
+};
+/**
+* Creates a ref resolution middleware factory.
+*
+* This middleware:
+* 1. Extracts tenantId and projectId from the request
+* 2. Resolves the `ref` query parameter to a ResolvedRef
+* 3. Creates branches if needed (tenant_main, project_main)
+* 4. Sets `resolvedRef` in the Hono context for downstream handlers
+*
+* @param db - The Doltgres database client to use for ref resolution
+* @param options - Optional configuration for extraction and validation
+* @returns Hono middleware function
+*
+* @example
+* ```typescript
+* import { createRefMiddleware } from '@inkeep/agents-core';
+* import { manageDbClient } from './db';
+*
+* const refMiddleware = createRefMiddleware(manageDbClient);
+* app.use('/tenants/*', refMiddleware);
+* ```
+*/
+const createRefMiddleware = (db, options = {}) => {
+	const { extractTenantId = defaultExtractTenantId, extractProjectId = defaultExtractProjectId, allowProjectIdFromBody = true } = options;
+	return async (c, next) => {
+		const ref = c.req.query("ref");
+		const pathSplit = c.req.path.split("/");
+		const tenantId = extractTenantId(c);
+		let projectId = extractProjectId(c);
+		if (!projectId && allowProjectIdFromBody && [
+			"POST",
+			"PUT",
+			"PATCH"
+		].includes(c.req.method)) try {
+			const body = await c.req.json();
+			if (body && typeof body.projectId === "string") {
+				projectId = body.projectId;
+				logger.debug({ projectId }, "Extracted projectId from request body");
+			}
+		} catch {
+			logger.debug({}, "Could not extract projectId from body");
+		}
+		if (!tenantId) throw createApiError({
+			code: "bad_request",
+			message: "Missing tenantId"
+		});
+		if (process.env.ENVIRONMENT === "test") {
+			const defaultRef = {
+				type: "branch",
+				name: projectId ? getProjectScopedRef(tenantId, projectId, "main") : getTenantScopedRef(tenantId, "main"),
+				hash: "test-hash"
+			};
+			c.set("resolvedRef", defaultRef);
+			await next();
+			return;
+		}
+		if (pathSplit.length < 4 && ref !== "main" && ref !== void 0) throw createApiError({
+			code: "bad_request",
+			message: "Ref is not supported for this path"
+		});
+		let resolvedRef;
+		if (projectId) resolvedRef = await resolveProjectRef(db, c, tenantId, projectId, ref);
+		else resolvedRef = await resolveTenantRef(db, tenantId, ref);
+		if (c.req.path.includes("/signoz/")) logger.debug({
+			resolvedRef,
+			projectId,
+			tenantId
+		}, "Resolved ref");
+		else logger.info({
+			resolvedRef,
+			projectId,
+			tenantId
+		}, "Resolved ref");
+		c.set("resolvedRef", resolvedRef);
+		await next();
+	};
+};
+/**
+* Resolve ref for project-scoped requests
+*/
+async function resolveProjectRef(db, c, tenantId, projectId, ref) {
+	const projectMain = getProjectScopedRef(tenantId, projectId, "main");
+	const projectScopedRef = ref ? getProjectScopedRef(tenantId, projectId, ref) : projectMain;
+	if (ref && ref !== "main") {
+		let refResult$1 = await resolveRef(db)(projectScopedRef);
+		if (!refResult$1) refResult$1 = await resolveRef(db)(ref);
+		if (!refResult$1) throw createApiError({
+			code: "not_found",
+			message: `Unknown ref: ${ref}`
+		});
+		return refResult$1;
+	}
+	let refResult = null;
+	try {
+		refResult = await resolveRef(db)(projectMain);
+	} catch (error) {
+		logger.warn({
+			error,
+			projectMain
+		}, "Failed to resolve project main branch");
+		refResult = null;
+	}
+	if (!refResult) {
+		if (c.req.method === "PUT") {
+			const tenantMain = `${tenantId}_main`;
+			let tenantRefResult = await resolveRef(db)(tenantMain);
+			if (!tenantRefResult) {
+				await ensureBranchExists(db, tenantMain);
+				tenantRefResult = await resolveRef(db)(tenantMain);
+			}
+			if (tenantRefResult) return tenantRefResult;
+			throw createApiError({
+				code: "internal_server_error",
+				message: `Failed to create tenant main branch for upsert`
+			});
+		}
+		throw createApiError({
+			code: "not_found",
+			message: `Project not found: ${projectId}`
+		});
+	}
+	return refResult;
+}
+/**
+* Resolve ref for tenant-level requests
+*/
+async function resolveTenantRef(db, tenantId, ref) {
+	const tenantMain = `${tenantId}_main`;
+	if (ref && ref !== "main") {
+		const tenantScopedRef = `${tenantId}_${ref}`;
+		let refResult$1 = await resolveRef(db)(tenantScopedRef);
+		if (!refResult$1) refResult$1 = await resolveRef(db)(ref);
+		if (!refResult$1) throw createApiError({
+			code: "not_found",
+			message: `Unknown ref: ${ref}`
+		});
+		return refResult$1;
+	}
+	let refResult = await resolveRef(db)(tenantMain);
+	if (!refResult) {
+		await ensureBranchExists(db, tenantMain);
+		refResult = await resolveRef(db)(tenantMain);
+		if (!refResult) throw createApiError({
+			code: "internal_server_error",
+			message: `Failed to create tenant main branch: ${tenantMain}`
+		});
+	}
+	return refResult;
+}
+const writeProtectionMiddleware = async (c, next) => {
+	if (process.env.ENVIRONMENT === "test") {
+		await next();
+		return;
+	}
+	const resolvedRef = c.get("resolvedRef");
+	if (!resolvedRef) {
+		await next();
+		return;
+	}
+	const method = c.req.method;
+	if ([
+		"POST",
+		"PUT",
+		"PATCH",
+		"DELETE"
+	].includes(method) && !isRefWritable(resolvedRef)) throw createApiError({
+		code: "bad_request",
+		message: `Cannot perform write operation on ${resolvedRef.type}. Tags and commits are immutable. Write to a branch instead.`
+	});
+	await next();
+};
+const manageRefMiddleware = createRefMiddleware(manageDbClient_default);
+const runRefMiddleware = createRefMiddleware(manageDbClient_default, {
+	extractTenantId: extractTenantIdFromExecutionContext,
+	extractProjectId: extractProjectIdFromExecutionContext,
+	allowProjectIdFromBody: false
+});
+/**
+* Extract tenantId from query parameters (for OAuth routes)
+*/
+const extractTenantIdFromQuery = (c) => {
+	return c.req.query("tenantId");
+};
+/**
+* Extract projectId from query parameters (for OAuth routes)
+*/
+const extractProjectIdFromQuery = (c) => {
+	return c.req.query("projectId");
+};
+/**
+* Ref middleware for OAuth routes - extracts tenant/project from query params
+*/
+const oauthRefMiddleware = createRefMiddleware(manageDbClient_default, {
+	extractTenantId: extractTenantIdFromQuery,
+	extractProjectId: extractProjectIdFromQuery,
+	allowProjectIdFromBody: false
+});
+//#endregion
+export { createRefMiddleware, manageRefMiddleware, oauthRefMiddleware, runRefMiddleware, writeProtectionMiddleware };

package/dist/middleware/requirePermission.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import { ManageAppVariables } from "../types/app.js";
+import * as hono5 from "hono";
+//#region src/middleware/requirePermission.d.ts
+type Permission = {
+  [resource: string]: string | string[];
+};
+declare const requirePermission: <Env$1 extends {
+  Variables: ManageAppVariables;
+} = {
+  Variables: ManageAppVariables;
+}>(permissions: Permission) => hono5.MiddlewareHandler<Env$1, string, {}, Response>;
+//#endregion
+export { requirePermission };

package/dist/middleware/requirePermission.js ADDED Viewed

@@ -0,0 +1,80 @@
+import { env } from "../env.js";
+import { createApiError } from "@inkeep/agents-core";
+import { createMiddleware } from "hono/factory";
+import { HTTPException } from "hono/http-exception";
+//#region src/middleware/requirePermission.ts
+function formatPermissionsForDisplay(permissions) {
+	const formatted = [];
+	for (const [resource, actions] of Object.entries(permissions)) {
+		const actionList = Array.isArray(actions) ? actions : [actions];
+		for (const action of actionList) formatted.push(`${resource}:${action}`);
+	}
+	return formatted;
+}
+const requirePermission = (permissions) => createMiddleware(async (c, next) => {
+	const isTestEnvironment = process.env.ENVIRONMENT === "test";
+	const auth = c.get("auth");
+	if (env.DISABLE_AUTH || isTestEnvironment || !auth) {
+		await next();
+		return;
+	}
+	const userId = c.get("userId");
+	const tenantId = c.get("tenantId");
+	const tenantRole = c.get("tenantRole");
+	const requiredPermissions = formatPermissionsForDisplay(permissions);
+	if (userId === "system" || userId?.startsWith("apikey:")) {
+		await next();
+		return;
+	}
+	if (!userId || !tenantId) throw createApiError({
+		code: "unauthorized",
+		message: "User or organization context not found. Ensure you are authenticated and belong to an organization.",
+		instance: c.req.path,
+		extensions: {
+			requiredPermissions,
+			context: {
+				hasUserId: !!userId,
+				hasTenantId: !!tenantId
+			}
+		}
+	});
+	try {
+		const result = await auth.api.hasPermission({
+			body: {
+				permissions,
+				organizationId: tenantId
+			},
+			headers: c.req.raw.headers
+		});
+		if (!result || !result.success) throw createApiError({
+			code: "forbidden",
+			message: `Permission denied. Required: ${requiredPermissions.join(", ")}`,
+			instance: c.req.path,
+			extensions: {
+				requiredPermissions,
+				context: {
+					userId,
+					organizationId: tenantId,
+					currentRole: tenantRole || "unknown"
+				}
+			}
+		});
+		await next();
+	} catch (error) {
+		if (error instanceof HTTPException) throw error;
+		const errorMessage = error instanceof Error ? error.message : "Unknown error";
+		throw createApiError({
+			code: "internal_server_error",
+			message: "Failed to verify permissions",
+			instance: c.req.path,
+			extensions: {
+				requiredPermissions,
+				internalError: errorMessage
+			}
+		});
+	}
+});
+//#endregion
+export { requirePermission };

package/dist/middleware/runAuth.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+import * as hono6 from "hono";
+import { BaseExecutionContext } from "@inkeep/agents-core";
+//#region src/middleware/runAuth.d.ts
+declare const runApiKeyAuth: () => hono6.MiddlewareHandler<{
+  Variables: {
+    executionContext: BaseExecutionContext;
+  };
+}, string, {}, Response>;
+/**
+ * Creates a middleware that applies API key authentication except for specified route patterns
+ * @param skipRouteCheck - Function that returns true if the route should skip authentication
+ */
+declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) => hono6.MiddlewareHandler<{
+  Variables: {
+    executionContext: BaseExecutionContext;
+  };
+}, string, {}, Response>;
+/**
+ * Helper middleware for endpoints that optionally support API key authentication
+ * If no auth header is present, it continues without setting the executionContext
+ */
+declare const runOptionalAuth: () => hono6.MiddlewareHandler<{
+  Variables: {
+    executionContext?: BaseExecutionContext;
+  };
+}, string, {}, Response>;
+//#endregion
+export { runApiKeyAuth, runApiKeyAuthExcept, runOptionalAuth };

package/dist/middleware/runAuth.js ADDED Viewed

@@ -0,0 +1,253 @@
+import { getLogger as getLogger$1 } from "../logger.js";
+import { env } from "../env.js";
+import runDbClient_default from "../data/db/runDbClient.js";
+import { createBaseExecutionContext } from "../types/runExecutionContext.js";
+import { validateAndGetApiKey, validateTargetAgent, verifyServiceToken, verifyTempToken } from "@inkeep/agents-core";
+import { createMiddleware } from "hono/factory";
+import { HTTPException } from "hono/http-exception";
+//#region src/middleware/runAuth.ts
+const logger = getLogger$1("env-key-auth");
+/**
+* Extract common request data from the Hono context
+*/
+function extractRequestData(c) {
+	const authHeader = c.req.header("Authorization");
+	const tenantId = c.req.header("x-inkeep-tenant-id");
+	const projectId = c.req.header("x-inkeep-project-id");
+	const agentId = c.req.header("x-inkeep-agent-id");
+	const subAgentId = c.req.header("x-inkeep-sub-agent-id");
+	const proto = c.req.header("x-forwarded-proto")?.split(",")[0].trim();
+	const host = c.req.header("x-forwarded-host")?.split(",")[0].trim() ?? c.req.header("host");
+	const reqUrl = new URL(c.req.url);
+	const ref = c.req.query("ref");
+	const baseUrl = proto && host ? `${proto}://${host}` : host ? `${reqUrl.protocol}//${host}` : `${reqUrl.origin}`;
+	return {
+		authHeader,
+		apiKey: authHeader?.startsWith("Bearer ") ? authHeader.substring(7) : void 0,
+		tenantId,
+		projectId,
+		agentId,
+		subAgentId,
+		ref,
+		baseUrl
+	};
+}
+/**
+* Build the final execution context from auth result and request data
+*/
+function buildExecutionContext(authResult, reqData) {
+	return createBaseExecutionContext({
+		apiKey: authResult.apiKey,
+		tenantId: authResult.tenantId,
+		projectId: authResult.projectId,
+		agentId: authResult.agentId,
+		apiKeyId: authResult.apiKeyId,
+		baseUrl: reqData.baseUrl,
+		subAgentId: reqData.subAgentId,
+		ref: reqData.ref,
+		metadata: authResult.metadata
+	});
+}
+/**
+* Attempts to authenticate using a JWT temporary token
+*/
+async function tryTempJwtAuth(apiKey) {
+	if (!apiKey.startsWith("eyJ") || !env.INKEEP_AGENTS_TEMP_JWT_PUBLIC_KEY) return null;
+	try {
+		const payload = await verifyTempToken(Buffer.from(env.INKEEP_AGENTS_TEMP_JWT_PUBLIC_KEY, "base64").toString("utf-8"), apiKey);
+		logger.info({}, "JWT temp token authenticated successfully");
+		return {
+			apiKey,
+			tenantId: payload.tenantId,
+			projectId: payload.projectId,
+			agentId: payload.agentId,
+			apiKeyId: "temp-jwt",
+			metadata: { initiatedBy: payload.initiatedBy }
+		};
+	} catch (error) {
+		logger.debug({ error }, "JWT verification failed");
+		return null;
+	}
+}
+/**
+* Authenticate using a regular API key
+*/
+async function tryApiKeyAuth(apiKey) {
+	const apiKeyRecord = await validateAndGetApiKey(apiKey, runDbClient_default);
+	if (!apiKeyRecord) return null;
+	logger.debug({
+		tenantId: apiKeyRecord.tenantId,
+		projectId: apiKeyRecord.projectId,
+		agentId: apiKeyRecord.agentId
+	}, "API key authenticated successfully");
+	return {
+		apiKey,
+		tenantId: apiKeyRecord.tenantId,
+		projectId: apiKeyRecord.projectId,
+		agentId: apiKeyRecord.agentId,
+		apiKeyId: apiKeyRecord.id
+	};
+}
+/**
+* Authenticate using a team agent JWT token (for intra-tenant delegation)
+*/
+async function tryTeamAgentAuth(token, expectedSubAgentId) {
+	const result = await verifyServiceToken(token);
+	if (!result.valid || !result.payload) {
+		logger.warn({ error: result.error }, "Invalid team agent JWT token");
+		return {
+			authResult: null,
+			failureMessage: `Invalid team agent token: ${result.error || "Invalid token"}`
+		};
+	}
+	const payload = result.payload;
+	if (expectedSubAgentId && !validateTargetAgent(payload, expectedSubAgentId)) {
+		logger.error({
+			tokenTargetAgentId: payload.aud,
+			expectedSubAgentId,
+			originAgentId: payload.sub
+		}, "Team agent token target mismatch");
+		throw new HTTPException(403, { message: "Token not valid for the requested agent" });
+	}
+	logger.info({
+		originAgentId: payload.sub,
+		targetAgentId: payload.aud,
+		tenantId: payload.tenantId,
+		projectId: payload.projectId
+	}, "Team agent JWT token authenticated successfully");
+	return { authResult: {
+		apiKey: "team-agent-jwt",
+		tenantId: payload.tenantId,
+		projectId: payload.projectId,
+		agentId: payload.aud,
+		apiKeyId: "team-agent-token",
+		metadata: {
+			teamDelegation: true,
+			originAgentId: payload.sub
+		}
+	} };
+}
+/**
+* Authenticate using bypass secret (production mode bypass)
+*/
+function tryBypassAuth(apiKey, reqData) {
+	if (!env.INKEEP_AGENTS_RUN_API_BYPASS_SECRET) return null;
+	if (apiKey !== env.INKEEP_AGENTS_RUN_API_BYPASS_SECRET) return null;
+	if (!reqData.tenantId || !reqData.projectId || !reqData.agentId) throw new HTTPException(401, { message: "Missing or invalid tenant, project, or agent ID" });
+	logger.info({}, "Bypass secret authenticated successfully");
+	return {
+		apiKey,
+		tenantId: reqData.tenantId,
+		projectId: reqData.projectId,
+		agentId: reqData.agentId,
+		apiKeyId: "bypass"
+	};
+}
+/**
+* Create default development context
+*/
+function createDevContext(reqData) {
+	const result = {
+		apiKey: "development",
+		tenantId: reqData.tenantId || "test-tenant",
+		projectId: reqData.projectId || "test-project",
+		agentId: reqData.agentId || "test-agent",
+		apiKeyId: "test-key"
+	};
+	if (!reqData.tenantId || !reqData.projectId) logger.warn({
+		hasTenantId: !!reqData.tenantId,
+		hasProjectId: !!reqData.projectId,
+		hasApiKey: !!reqData.apiKey,
+		apiKeyPrefix: reqData.apiKey?.substring(0, 10),
+		resultTenantId: result.tenantId,
+		resultProjectId: result.projectId
+	}, "createDevContext: Using fallback test values due to missing tenant/project in request");
+	return result;
+}
+/**
+* Try all auth strategies in order, returning the first successful result
+*/
+async function authenticateRequest(reqData) {
+	const { apiKey, subAgentId } = reqData;
+	if (!apiKey) return { authResult: null };
+	const jwtResult = await tryTempJwtAuth(apiKey);
+	if (jwtResult) return { authResult: jwtResult };
+	const bypassResult = tryBypassAuth(apiKey, reqData);
+	if (bypassResult) return { authResult: bypassResult };
+	const apiKeyResult = await tryApiKeyAuth(apiKey);
+	if (apiKeyResult) return { authResult: apiKeyResult };
+	const teamAttempt = await tryTeamAgentAuth(apiKey, subAgentId);
+	if (teamAttempt.authResult) return { authResult: teamAttempt.authResult };
+	return {
+		authResult: null,
+		failureMessage: teamAttempt.failureMessage
+	};
+}
+/**
+* Core authentication handler that can be reused across middleware
+*/
+async function runApiKeyAuthHandler(c, next) {
+	if (c.req.method === "OPTIONS") {
+		await next();
+		return;
+	}
+	const reqData = extractRequestData(c);
+	if (process.env.ENVIRONMENT === "development" || process.env.ENVIRONMENT === "test") {
+		logger.info({}, "development environment");
+		const attempt$1 = await authenticateRequest(reqData);
+		if (attempt$1.authResult) c.set("executionContext", buildExecutionContext(attempt$1.authResult, reqData));
+		else {
+			logger.info({}, reqData.apiKey ? "Development/test environment - fallback to default context due to invalid API key" : "Development/test environment - no API key provided, using default context");
+			c.set("executionContext", buildExecutionContext(createDevContext(reqData), reqData));
+		}
+		await next();
+		return;
+	}
+	if (!reqData.authHeader || !reqData.authHeader.startsWith("Bearer ")) throw new HTTPException(401, { message: "Missing or invalid authorization header. Expected: Bearer <api_key>" });
+	if (!reqData.apiKey || reqData.apiKey.length < 16) throw new HTTPException(401, { message: "Invalid API key format" });
+	let attempt = { authResult: null };
+	try {
+		attempt = await authenticateRequest(reqData);
+	} catch (error) {
+		if (error instanceof HTTPException) throw error;
+		logger.error({ error }, "Authentication failed");
+		throw new HTTPException(500, { message: "Authentication failed" });
+	}
+	if (!attempt.authResult) {
+		logger.error({}, "API key authentication error - no valid auth method found");
+		throw new HTTPException(401, { message: attempt.failureMessage || "Invalid Token" });
+	}
+	logger.debug({
+		tenantId: attempt.authResult.tenantId,
+		projectId: attempt.authResult.projectId,
+		agentId: attempt.authResult.agentId,
+		subAgentId: reqData.subAgentId
+	}, "API key authenticated successfully");
+	c.set("executionContext", buildExecutionContext(attempt.authResult, reqData));
+	await next();
+}
+const runApiKeyAuth = () => createMiddleware(runApiKeyAuthHandler);
+/**
+* Creates a middleware that applies API key authentication except for specified route patterns
+* @param skipRouteCheck - Function that returns true if the route should skip authentication
+*/
+const runApiKeyAuthExcept = (skipRouteCheck) => createMiddleware(async (c, next) => {
+	if (skipRouteCheck(c.req.path)) return next();
+	return runApiKeyAuthHandler(c, next);
+});
+/**
+* Helper middleware for endpoints that optionally support API key authentication
+* If no auth header is present, it continues without setting the executionContext
+*/
+const runOptionalAuth = () => createMiddleware(async (c, next) => {
+	const authHeader = c.req.header("Authorization");
+	if (!authHeader || !authHeader.startsWith("Bearer ")) {
+		await next();
+		return;
+	}
+	return runApiKeyAuthHandler(c, next);
+});
+//#endregion
+export { runApiKeyAuth, runApiKeyAuthExcept, runOptionalAuth };

package/dist/middleware/sessionAuth.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import * as hono9 from "hono";
+//#region src/middleware/sessionAuth.d.ts
+/**
+ * Middleware to enforce session-based authentication.
+ * Requires that a user has already been authenticated via Better Auth session.
+ * Used primarily for manage routes that require an active user session.
+ */
+declare const sessionAuth: () => hono9.MiddlewareHandler<any, string, {}, Response>;
+/**
+ * Global session middleware - sets user and session in context for all routes
+ * Used for all routes that require an active user session.
+ */
+declare const sessionContext: () => hono9.MiddlewareHandler<any, string, {}, Response>;
+//#endregion
+export { sessionAuth, sessionContext };

package/dist/middleware/sessionAuth.js ADDED Viewed

@@ -0,0 +1,58 @@
+import { env } from "../env.js";
+import { createApiError } from "@inkeep/agents-core";
+import { createMiddleware } from "hono/factory";
+import { HTTPException } from "hono/http-exception";
+//#region src/middleware/sessionAuth.ts
+/**
+* Middleware to enforce session-based authentication.
+* Requires that a user has already been authenticated via Better Auth session.
+* Used primarily for manage routes that require an active user session.
+*/
+const sessionAuth = () => createMiddleware(async (c, next) => {
+	try {
+		const user = c.get("user");
+		if (!user) throw createApiError({
+			code: "unauthorized",
+			message: "Please log in to access this resource"
+		});
+		c.set("userId", user.id);
+		c.set("userEmail", user.email);
+		await next();
+	} catch (error) {
+		if (error instanceof HTTPException) throw error;
+		throw createApiError({
+			code: "unauthorized",
+			message: "Authentication failed"
+		});
+	}
+});
+/**
+* Global session middleware - sets user and session in context for all routes
+* Used for all routes that require an active user session.
+*/
+const sessionContext = () => createMiddleware(async (c, next) => {
+	const auth = c.get("auth");
+	if (env.DISABLE_AUTH || !auth) {
+		c.set("user", null);
+		c.set("session", null);
+		await next();
+		return;
+	}
+	const headers$1 = new Headers(c.req.raw.headers);
+	const forwardedCookie = headers$1.get("x-forwarded-cookie");
+	if (forwardedCookie && !headers$1.get("cookie")) headers$1.set("cookie", forwardedCookie);
+	const session = await auth.api.getSession({ headers: headers$1 });
+	if (!session) {
+		c.set("user", null);
+		c.set("session", null);
+		await next();
+		return;
+	}
+	c.set("user", session.user);
+	c.set("session", session.session);
+	await next();
+});
+//#endregion
+export { sessionAuth, sessionContext };