@inkeep/agents-api 0.0.0-dev-20260123080829 → 0.0.0-dev-20260123091222

package/dist/domains/evals/routes/datasetTriggers.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono0 from "hono";
+import * as hono16 from "hono";
 
 //#region src/domains/evals/routes/datasetTriggers.d.ts
-declare const app: OpenAPIHono<hono0.Env, {}, "/">;
+declare const app: OpenAPIHono<hono16.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/evals/routes/index.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono1 from "hono";
+import * as hono0 from "hono";
 
 //#region src/domains/evals/routes/index.d.ts
-declare const app: OpenAPIHono<hono1.Env, {}, "/">;
+declare const app: OpenAPIHono<hono0.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/conversations.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono12 from "hono";
+import * as hono3 from "hono";
 
 //#region src/domains/manage/routes/conversations.d.ts
-declare const app: OpenAPIHono<hono12.Env, {}, "/">;
+declare const app: OpenAPIHono<hono3.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/index.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono16 from "hono";
+import * as hono17 from "hono";
 
 //#region src/domains/manage/routes/index.d.ts
-declare const app: OpenAPIHono<hono16.Env, {}, "/">;
+declare const app: OpenAPIHono<hono17.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/triggers.js

@@ -4,21 +4,11 @@ import runDbClient_default from "../../../data/db/runDbClient.js";
 import { requireProjectPermission } from "../../../middleware/projectAccess.js";
 import { speakeasyOffsetLimitPagination } from "../../../utils/speakeasy.js";
 import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
-import { PaginationQueryParamsSchema, TenantProjectAgentIdParamsSchema, TenantProjectAgentParamsSchema, TriggerApiInsertSchema, TriggerApiSelectSchema, TriggerApiUpdateSchema, TriggerInvocationListResponse, TriggerInvocationResponse, TriggerInvocationStatusEnum, commonGetErrorResponses, createApiError, createTrigger, deleteTrigger, generateId, getTriggerById, getTriggerInvocationById, hashAuthenticationHeaders, listTriggerInvocationsPaginated, listTriggersPaginated, updateTrigger } from "@inkeep/agents-core";
+import { PaginationQueryParamsSchema, TenantProjectAgentIdParamsSchema, TenantProjectAgentParamsSchema, TriggerApiInsertSchema, TriggerApiUpdateSchema, TriggerInvocationListResponse, TriggerInvocationResponse, TriggerInvocationStatusEnum, TriggerWithWebhookUrlListResponse, TriggerWithWebhookUrlResponse, commonGetErrorResponses, createApiError, createTrigger, deleteTrigger, generateId, getCredentialReference, getTriggerById, getTriggerInvocationById, hashAuthenticationHeaders, listTriggerInvocationsPaginated, listTriggersPaginated, updateTrigger } from "@inkeep/agents-core";
 
 //#region src/domains/manage/routes/triggers.ts
 const logger = getLogger$1("triggers");
 const app = new OpenAPIHono();
-const TriggerResponse = z.object({ data: TriggerApiSelectSchema.extend({ webhookUrl: z.string().describe("Fully qualified webhook URL for this trigger") }) });
-const TriggerListResponse = z.object({
-	data: z.array(TriggerApiSelectSchema.extend({ webhookUrl: z.string().describe("Fully qualified webhook URL for this trigger") })),
-	pagination: z.object({
-		page: z.number(),
-		limit: z.number(),
-		total: z.number(),
-		pages: z.number()
-	})
-});
 app.use("/", async (c, next) => {
 	if (c.req.method === "POST") return requireProjectPermission("edit")(c, next);
 	return next();
@@ -51,7 +41,7 @@ app.openapi(createRoute({
 	responses: {
 		200: {
 			description: "List of triggers retrieved successfully",
-			content: { "application/json": { schema: TriggerListResponse } }
+			content: { "application/json": { schema: TriggerWithWebhookUrlListResponse } }
 		},
 		...commonGetErrorResponses
 	},
@@ -103,7 +93,7 @@ app.openapi(createRoute({
 	responses: {
 		200: {
 			description: "Trigger found",
-			content: { "application/json": { schema: TriggerResponse } }
+			content: { "application/json": { schema: TriggerWithWebhookUrlResponse } }
 		},
 		...commonGetErrorResponses
 	}
@@ -151,7 +141,7 @@ app.openapi(createRoute({
 	responses: {
 		201: {
 			description: "Trigger created successfully",
-			content: { "application/json": { schema: TriggerResponse } }
+			content: { "application/json": { schema: TriggerWithWebhookUrlResponse } }
 		},
 		...commonGetErrorResponses
 	}
@@ -161,12 +151,29 @@ app.openapi(createRoute({
 	const body = c.req.valid("json");
 	const apiBaseUrl = env.INKEEP_AGENTS_API_URL;
 	const id = body.id || generateId();
-	logger.info({
+	logger.debug({
 		tenantId,
 		projectId,
 		agentId,
 		triggerId: id
 	}, "Creating trigger");
+	if (body.signingSecretCredentialReferenceId) {
+		const credentialRef = await getCredentialReference(db)({
+			scopes: {
+				tenantId,
+				projectId
+			},
+			id: body.signingSecretCredentialReferenceId
+		});
+		if (!credentialRef) throw createApiError({
+			code: "bad_request",
+			message: `Credential reference not found: ${body.signingSecretCredentialReferenceId}`
+		});
+		if (credentialRef.userId) throw createApiError({
+			code: "bad_request",
+			message: "Only project-scoped credentials can be attached to triggers. User-scoped credentials are not allowed."
+		});
+	}
 	let hashedAuthentication;
 	const authInput = body.authentication;
 	if (authInput?.headers && authInput.headers.length > 0) hashedAuthentication = { headers: await hashAuthenticationHeaders(authInput.headers) };
@@ -182,7 +189,8 @@ app.openapi(createRoute({
 		outputTransform: body.outputTransform,
 		messageTemplate: body.messageTemplate,
 		authentication: hashedAuthentication,
-		signingSecret: body.signingSecret
+		signingSecretCredentialReferenceId: body.signingSecretCredentialReferenceId,
+		signatureVerification: body.signatureVerification
 	});
 	const { tenantId: _tid, projectId: _pid, agentId: _aid, ...triggerWithoutScopes } = trigger;
 	return c.json({ data: {
@@ -212,7 +220,7 @@ app.openapi(createRoute({
 	responses: {
 		200: {
 			description: "Trigger updated successfully",
-			content: { "application/json": { schema: TriggerResponse } }
+			content: { "application/json": { schema: TriggerWithWebhookUrlResponse } }
 		},
 		...commonGetErrorResponses
 	}
@@ -221,16 +229,33 @@ app.openapi(createRoute({
 	const { tenantId, projectId, agentId, id } = c.req.valid("param");
 	const body = c.req.valid("json");
 	const apiBaseUrl = env.INKEEP_AGENTS_API_URL;
-	if (!(body.name !== void 0 || body.description !== void 0 || body.enabled !== void 0 || body.inputSchema !== void 0 || body.outputTransform !== void 0 || body.messageTemplate !== void 0 || body.authentication !== void 0 || body.signingSecret !== void 0 || body.keepExistingSigningSecret !== void 0)) throw createApiError({
+	if (!(body.name !== void 0 || body.description !== void 0 || body.enabled !== void 0 || body.inputSchema !== void 0 || body.outputTransform !== void 0 || body.messageTemplate !== void 0 || body.authentication !== void 0 || body.signingSecretCredentialReferenceId !== void 0 || body.signatureVerification !== void 0)) throw createApiError({
 		code: "bad_request",
 		message: "No fields to update"
 	});
-	logger.info({
+	logger.debug({
 		tenantId,
 		projectId,
 		agentId,
 		triggerId: id
 	}, "Updating trigger");
+	if (body.signingSecretCredentialReferenceId) {
+		const credentialRef = await getCredentialReference(db)({
+			scopes: {
+				tenantId,
+				projectId
+			},
+			id: body.signingSecretCredentialReferenceId
+		});
+		if (!credentialRef) throw createApiError({
+			code: "bad_request",
+			message: `Credential reference not found: ${body.signingSecretCredentialReferenceId}`
+		});
+		if (credentialRef.userId) throw createApiError({
+			code: "bad_request",
+			message: "Only project-scoped credentials can be attached to triggers. User-scoped credentials are not allowed."
+		});
+	}
 	let hashedAuthentication;
 	const authInput = body.authentication;
 	if (authInput?.headers && authInput.headers.length > 0) {
@@ -259,7 +284,6 @@ app.openapi(createRoute({
 		}
 		hashedAuthentication = hashedHeaders.length > 0 ? { headers: hashedHeaders } : void 0;
 	} else if (body.authentication !== void 0) hashedAuthentication = body.authentication;
-	const signingSecretUpdate = body.keepExistingSigningSecret ? void 0 : body.signingSecret;
 	const updatedTrigger = await updateTrigger(db)({
 		scopes: {
 			tenantId,
@@ -275,7 +299,8 @@ app.openapi(createRoute({
 			outputTransform: body.outputTransform,
 			messageTemplate: body.messageTemplate,
 			authentication: hashedAuthentication,
-			signingSecret: signingSecretUpdate
+			signingSecretCredentialReferenceId: body.signingSecretCredentialReferenceId,
+			signatureVerification: body.signatureVerification
 		}
 	});
 	if (!updatedTrigger) throw createApiError({
@@ -311,7 +336,7 @@ app.openapi(createRoute({
 }), async (c) => {
 	const db = c.get("db");
 	const { tenantId, projectId, agentId, id } = c.req.valid("param");
-	logger.info({
+	logger.debug({
 		tenantId,
 		projectId,
 		agentId,
@@ -372,7 +397,7 @@ app.openapi(createRoute({
 }), async (c) => {
 	const { tenantId, projectId, agentId, id: triggerId } = c.req.valid("param");
 	const { page, limit, status, from, to } = c.req.valid("query");
-	logger.info({
+	logger.debug({
 		tenantId,
 		projectId,
 		agentId,
@@ -426,7 +451,7 @@ app.openapi(createRoute({
 	}
 }), async (c) => {
 	const { tenantId, projectId, agentId, id: triggerId, invocationId } = c.req.valid("param");
-	logger.info({
+	logger.debug({
 		tenantId,
 		projectId,
 		agentId,

package/dist/domains/run/routes/webhooks.js

@@ -55,6 +55,10 @@ const triggerWebhookRoute = createRoute({
 		422: {
 			description: "Payload transformation failed",
 			content: { "application/json": { schema: z.object({ error: z.string() }) } }
+		},
+		500: {
+			description: "Internal server error",
+			content: { "application/json": { schema: z.object({ error: z.string() }) } }
 		}
 	}
 });

package/dist/domains/run/services/TriggerService.d.ts

@@ -19,7 +19,7 @@ type TriggerWebhookResult = {
 } | {
   success: false;
   error: string;
-  status: 400 | 401 | 403 | 404 | 422;
+  status: 400 | 401 | 403 | 404 | 422 | 500;
   validationErrors?: string[];
 };
 /**

package/dist/domains/run/services/TriggerService.js

@@ -4,13 +4,15 @@ import manageDbPool_default from "../../../data/db/manageDbPool.js";
 import runDbClient_default from "../../../data/db/runDbClient.js";
 import { createSSEStreamHelper } from "../utils/stream-helpers.js";
 import { ExecutionHandler } from "../handlers/executionHandler.js";
-import { JsonTransformer, createMessage, createOrGetConversation, createTriggerInvocation, generateId, getConversationId, getFullProjectWithRelationIds, getTriggerById, interpolateTemplate, setActiveAgentForConversation, updateTriggerInvocationStatus, verifySigningSecret, verifyTriggerAuth, withRef } from "@inkeep/agents-core";
+import { JsonTransformer, createKeyChainStore, createMessage, createOrGetConversation, createTriggerInvocation, generateId, getConversationId, getCredentialReference, getCredentialStoreLookupKeyFromRetrievalParams, getFullProjectWithRelationIds, getTriggerById, interpolateTemplate, setActiveAgentForConversation, updateTriggerInvocationStatus, verifySignatureWithConfig, verifyTriggerAuth, withRef } from "@inkeep/agents-core";
 import { ROOT_CONTEXT, SpanStatusCode, propagation, trace } from "@opentelemetry/api";
 import Ajv from "ajv";
 
 //#region src/domains/run/services/TriggerService.ts
 const logger = getLogger$1("TriggerService");
 const ajv = new Ajv({ allErrors: true });
+const credentialCache = /* @__PURE__ */ new Map();
+const CACHE_TTL_MS = 300 * 1e3;
 /**
 * Process a trigger webhook request.
 * Handles validation, transformation, and dispatches async execution.
@@ -37,7 +39,14 @@ async function processWebhook(params) {
 	const payload = rawBody ? JSON.parse(rawBody) : {};
 	const authResult = await verifyAuthentication(trigger, honoContext);
 	if (!authResult.success) return authResult;
-	const signatureResult = verifySignature(trigger, honoContext, rawBody);
+	const signatureResult = await verifySignature({
+		trigger,
+		tenantId,
+		projectId,
+		resolvedRef,
+		honoContext,
+		rawBody
+	});
 	if (!signatureResult.success) return signatureResult;
 	const validationResult = validatePayload(trigger, payload);
 	if (!validationResult.success) return validationResult;
@@ -94,15 +103,106 @@ async function verifyAuthentication(trigger, honoContext) {
 	}
 	return { success: true };
 }
-function verifySignature(trigger, honoContext, rawBody) {
-	if (!trigger.signingSecret) return { success: true };
-	const signatureResult = verifySigningSecret(honoContext, trigger.signingSecret, rawBody);
-	if (!signatureResult.success) return {
-		success: false,
-		error: signatureResult.message || "Invalid signature",
-		status: 403
-	};
-	return { success: true };
+/**
+* Resolve signing secret from credential reference with caching
+*/
+async function resolveSigningSecret(params) {
+	const { tenantId, projectId, credentialReferenceId, resolvedRef } = params;
+	const cacheKey = `${tenantId}:${projectId}:${credentialReferenceId}`;
+	const cached = credentialCache.get(cacheKey);
+	if (cached && cached.expiresAt > Date.now()) return cached.secret;
+	const credentialRef = await withRef(manageDbPool_default, resolvedRef, (db) => getCredentialReference(db)({
+		scopes: {
+			tenantId,
+			projectId
+		},
+		id: credentialReferenceId
+	}));
+	if (!credentialRef) {
+		logger.warn({
+			tenantId,
+			projectId,
+			credentialReferenceId
+		}, "Credential reference not found");
+		return null;
+	}
+	const lookupKey = getCredentialStoreLookupKeyFromRetrievalParams({
+		retrievalParams: credentialRef.retrievalParams ?? {},
+		credentialStoreType: credentialRef.type
+	});
+	if (!lookupKey) {
+		logger.warn({
+			tenantId,
+			projectId,
+			credentialReferenceId,
+			retrievalParams: credentialRef.retrievalParams
+		}, "Could not determine lookup key from credential reference");
+		return null;
+	}
+	let secret = null;
+	if (credentialRef.type === "keychain" || credentialRef.credentialStoreId?.startsWith("keychain")) secret = await createKeyChainStore(credentialRef.credentialStoreId ?? "keychain-default").get(lookupKey);
+	else {
+		logger.warn({
+			credentialStoreType: credentialRef.type,
+			credentialStoreId: credentialRef.credentialStoreId
+		}, "Unsupported credential store type for signing secret");
+		return null;
+	}
+	if (!secret) {
+		logger.warn({
+			tenantId,
+			projectId,
+			credentialReferenceId,
+			lookupKey
+		}, "No secret found in credential store");
+		return null;
+	}
+	if (secret.startsWith("{")) try {
+		const parsed = JSON.parse(secret);
+		const extractedSecret = parsed.access_token || parsed.secret || parsed.value || parsed.token || parsed.key;
+		if (extractedSecret && typeof extractedSecret === "string") secret = extractedSecret;
+	} catch {}
+	credentialCache.set(cacheKey, {
+		secret,
+		expiresAt: Date.now() + CACHE_TTL_MS
+	});
+	return secret;
+}
+async function verifySignature(params) {
+	const { trigger, tenantId, projectId, resolvedRef, honoContext, rawBody } = params;
+	if (!trigger.signatureVerification || !trigger.signingSecretCredentialReferenceId) return { success: true };
+	try {
+		const secret = await resolveSigningSecret({
+			tenantId,
+			projectId,
+			credentialReferenceId: trigger.signingSecretCredentialReferenceId,
+			resolvedRef
+		});
+		if (!secret) return {
+			success: false,
+			error: "Failed to resolve signing secret from credential reference",
+			status: 500
+		};
+		const result = verifySignatureWithConfig(honoContext, trigger.signatureVerification, secret, rawBody);
+		if (!result.success) return {
+			success: false,
+			error: result.message || "Invalid signature",
+			status: 403
+		};
+		return { success: true };
+	} catch (error) {
+		const errorMessage = error instanceof Error ? error.message : String(error);
+		logger.error({
+			error: errorMessage,
+			tenantId,
+			projectId
+		}, "Error during signature verification");
+		return {
+			success: false,
+			error: "Signature verification failed",
+			status: 500
+		};
+	}
 }
 function validatePayload(trigger, payload) {
 	if (!trigger.inputSchema) return { success: true };

package/dist/domains/run/tools/NativeSandboxExecutor.js

@@ -312,8 +312,6 @@ var NativeSandboxExecutor = class {
 			mkdirSync(runDir, { recursive: true });
 			writeFileSync(join(runDir, `index.${moduleType === "esm" ? "mjs" : "cjs"}`), executionCode, "utf8");
 			return await this.executeInSandbox(runDir, config.sandboxConfig?.timeout || FUNCTION_TOOL_EXECUTION_TIMEOUT_MS_DEFAULT, moduleType, config.sandboxConfig);
-		} catch (error) {
-			throw error;
 		} finally {
 			if (runDir) try {
 				rmSync(runDir, {

package/dist/middleware/evalsAuth.d.ts

@@ -1,4 +1,4 @@
-import * as hono2 from "hono";
+import * as hono1 from "hono";
 import { BaseExecutionContext } from "@inkeep/agents-core";
 
 //#region src/middleware/evalsAuth.d.ts
@@ -7,7 +7,7 @@ import { BaseExecutionContext } from "@inkeep/agents-core";
  * Middleware to authenticate API requests using Bearer token authentication
  * First checks if token matches INKEEP_AGENTS_EVAL_API_BYPASS_SECRET,
  */
-declare const evalApiKeyAuth: () => hono2.MiddlewareHandler<{
+declare const evalApiKeyAuth: () => hono1.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };

package/dist/middleware/manageAuth.d.ts

@@ -1,4 +1,4 @@
-import * as hono17 from "hono";
+import * as hono2 from "hono";
 import { BaseExecutionContext } from "@inkeep/agents-core";
 import { createAuth } from "@inkeep/agents-core/auth";
 
@@ -12,7 +12,7 @@ import { createAuth } from "@inkeep/agents-core/auth";
  * 3. Database API key
  * 4. Internal service token
  */
-declare const manageApiKeyAuth: () => hono17.MiddlewareHandler<{
+declare const manageApiKeyAuth: () => hono2.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
     userId?: string;

package/dist/middleware/projectAccess.d.ts

@@ -1,5 +1,5 @@
 import { ManageAppVariables } from "../types/app.js";
-import * as hono5 from "hono";
+import * as hono4 from "hono";
 
 //#region src/middleware/projectAccess.d.ts
 
@@ -26,6 +26,6 @@ declare const requireProjectPermission: <Env$1 extends {
   Variables: ManageAppVariables;
 } = {
   Variables: ManageAppVariables;
-}>(permission?: ProjectPermission) => hono5.MiddlewareHandler<Env$1, string, {}, Response>;
+}>(permission?: ProjectPermission) => hono4.MiddlewareHandler<Env$1, string, {}, Response>;
 //#endregion
 export { ProjectPermission, requireProjectPermission };

package/dist/middleware/projectConfig.d.ts

@@ -1,11 +1,11 @@
-import * as hono3 from "hono";
+import * as hono5 from "hono";
 import { BaseExecutionContext, ResolvedRef } from "@inkeep/agents-core";
 
 //#region src/middleware/projectConfig.d.ts
 /**
  * Middleware that fetches the full project definition from the Management API
  */
-declare const projectConfigMiddleware: hono3.MiddlewareHandler<{
+declare const projectConfigMiddleware: hono5.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
     resolvedRef: ResolvedRef;
@@ -15,7 +15,7 @@ declare const projectConfigMiddleware: hono3.MiddlewareHandler<{
  * Creates a middleware that applies project config fetching except for specified route patterns
  * @param skipRouteCheck - Function that returns true if the route should skip the middleware
  */
-declare const projectConfigMiddlewareExcept: (skipRouteCheck: (path: string) => boolean) => hono3.MiddlewareHandler<{
+declare const projectConfigMiddlewareExcept: (skipRouteCheck: (path: string) => boolean) => hono5.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
     resolvedRef: ResolvedRef;

package/dist/middleware/requirePermission.d.ts

@@ -1,5 +1,5 @@
 import { ManageAppVariables } from "../types/app.js";
-import * as hono6 from "hono";
+import * as hono7 from "hono";
 
 //#region src/middleware/requirePermission.d.ts
 type Permission = {
@@ -9,6 +9,6 @@ declare const requirePermission: <Env$1 extends {
   Variables: ManageAppVariables;
 } = {
   Variables: ManageAppVariables;
-}>(permissions: Permission) => hono6.MiddlewareHandler<Env$1, string, {}, Response>;
+}>(permissions: Permission) => hono7.MiddlewareHandler<Env$1, string, {}, Response>;
 //#endregion
 export { requirePermission };

package/dist/middleware/runAuth.d.ts

@@ -1,8 +1,8 @@
-import * as hono7 from "hono";
+import * as hono8 from "hono";
 import { BaseExecutionContext } from "@inkeep/agents-core";
 
 //#region src/middleware/runAuth.d.ts
-declare const runApiKeyAuth: () => hono7.MiddlewareHandler<{
+declare const runApiKeyAuth: () => hono8.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };
@@ -11,7 +11,7 @@ declare const runApiKeyAuth: () => hono7.MiddlewareHandler<{
  * Creates a middleware that applies API key authentication except for specified route patterns
  * @param skipRouteCheck - Function that returns true if the route should skip authentication
  */
-declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) => hono7.MiddlewareHandler<{
+declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) => hono8.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };
@@ -20,7 +20,7 @@ declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) =
  * Helper middleware for endpoints that optionally support API key authentication
  * If no auth header is present, it continues without setting the executionContext
  */
-declare const runOptionalAuth: () => hono7.MiddlewareHandler<{
+declare const runOptionalAuth: () => hono8.MiddlewareHandler<{
   Variables: {
     executionContext?: BaseExecutionContext;
   };

package/dist/middleware/sessionAuth.d.ts

@@ -1,4 +1,4 @@
-import * as hono10 from "hono";
+import * as hono11 from "hono";
 
 //#region src/middleware/sessionAuth.d.ts
 
@@ -7,11 +7,11 @@ import * as hono10 from "hono";
  * Requires that a user has already been authenticated via Better Auth session.
  * Used primarily for manage routes that require an active user session.
  */
-declare const sessionAuth: () => hono10.MiddlewareHandler<any, string, {}, Response>;
+declare const sessionAuth: () => hono11.MiddlewareHandler<any, string, {}, Response>;
 /**
  * Global session middleware - sets user and session in context for all routes
  * Used for all routes that require an active user session.
  */
-declare const sessionContext: () => hono10.MiddlewareHandler<any, string, {}, Response>;
+declare const sessionContext: () => hono11.MiddlewareHandler<any, string, {}, Response>;
 //#endregion
 export { sessionAuth, sessionContext };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inkeep/agents-api",
-  "version": "0.0.0-dev-20260123080829",
+  "version": "0.0.0-dev-20260123091222",
   "description": "Unified Inkeep Agents API - combines management, runtime, and evaluation capabilities",
   "types": "dist/index.d.ts",
   "exports": {
@@ -71,8 +71,8 @@
     "openid-client": "^6.8.1",
     "pg": "^8.16.3",
     "workflow": "4.0.1-beta.33",
-    "@inkeep/agents-core": "^0.0.0-dev-20260123080829",
-    "@inkeep/agents-manage-mcp": "^0.0.0-dev-20260123080829"
+    "@inkeep/agents-core": "^0.0.0-dev-20260123091222",
+    "@inkeep/agents-manage-mcp": "^0.0.0-dev-20260123091222"
   },
   "peerDependencies": {
     "@hono/zod-openapi": "^1.1.5",