@inkeep/agents-api 0.0.0-dev-20260123202200 → 0.0.0-dev-20260123211824

package/dist/createApp.d.ts

@@ -1,10 +1,10 @@
 import { AppConfig } from "./types/app.js";
 import "./types/index.js";
 import { Hono } from "hono";
-import * as hono_types0 from "hono/types";
+import * as hono_types3 from "hono/types";
 
 //#region src/createApp.d.ts
 declare const isWebhookRoute: (path: string) => boolean;
-declare function createAgentsHono(config: AppConfig): Hono<hono_types0.BlankEnv, hono_types0.BlankSchema, "/">;
+declare function createAgentsHono(config: AppConfig): Hono<hono_types3.BlankEnv, hono_types3.BlankSchema, "/">;
 //#endregion
 export { createAgentsHono, isWebhookRoute };

package/dist/data/db/runDbClient.d.ts

@@ -1,6 +1,6 @@
-import * as _inkeep_agents_core2 from "@inkeep/agents-core";
+import * as _inkeep_agents_core0 from "@inkeep/agents-core";
 
 //#region src/data/db/runDbClient.d.ts
-declare const runDbClient: _inkeep_agents_core2.AgentsRunDatabaseClient;
+declare const runDbClient: _inkeep_agents_core0.AgentsRunDatabaseClient;
 //#endregion
 export { runDbClient as default };

package/dist/domains/evals/routes/datasetTriggers.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono18 from "hono";
+import * as hono14 from "hono";
 
 //#region src/domains/evals/routes/datasetTriggers.d.ts
-declare const app: OpenAPIHono<hono18.Env, {}, "/">;
+declare const app: OpenAPIHono<hono14.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/evals/routes/index.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono16 from "hono";
+import * as hono15 from "hono";
 
 //#region src/domains/evals/routes/index.d.ts
-declare const app: OpenAPIHono<hono16.Env, {}, "/">;
+declare const app: OpenAPIHono<hono15.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/evals/workflow/routes.d.ts

@@ -1,7 +1,7 @@
 import { Hono } from "hono";
-import * as hono_types8 from "hono/types";
+import * as hono_types6 from "hono/types";
 
 //#region src/domains/evals/workflow/routes.d.ts
-declare const workflowRoutes: Hono<hono_types8.BlankEnv, hono_types8.BlankSchema, "/">;
+declare const workflowRoutes: Hono<hono_types6.BlankEnv, hono_types6.BlankSchema, "/">;
 //#endregion
 export { workflowRoutes };

package/dist/domains/manage/index.js

@@ -1,5 +1,4 @@
 import cliAuth_default from "./routes/cliAuth.js";
-import evals_default from "./routes/evals/index.js";
 import routes_default from "./routes/index.js";
 import invitations_default from "./routes/invitations.js";
 import mcp_default from "./routes/mcp.js";
@@ -20,7 +19,6 @@ function createManageRoutes() {
 	app.route("/tenants/:tenantId/playground/token", playgroundToken_default);
 	app.route("/tenants/:tenantId/signoz", signoz_default);
 	app.route("/tenants/:tenantId", projectFull_default);
-	app.route("/tenants/:tenantId/projects/:projectId/evals", evals_default);
 	app.route("/oauth", oauth_default);
 	app.route("/mcp", mcp_default);
 	return app;

package/dist/domains/manage/routes/agent.js

@@ -11,8 +11,11 @@ app.use("/", async (c, next) => {
 	return next();
 });
 app.use("/:id", async (c, next) => {
-	if (c.req.method === "PUT") return requireProjectPermission("edit")(c, next);
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
+	if ([
+		"PUT",
+		"PATCH",
+		"DELETE"
+	].includes(c.req.method)) return requireProjectPermission("edit")(c, next);
 	return next();
 });
 app.openapi(createRoute({

package/dist/domains/manage/routes/agentFull.js

@@ -12,8 +12,11 @@ app.use("/", async (c, next) => {
 	return next();
 });
 app.use("/:agentId", async (c, next) => {
-	if (c.req.method === "PUT") return requireProjectPermission("edit")(c, next);
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
+	if ([
+		"PUT",
+		"PATCH",
+		"DELETE"
+	].includes(c.req.method)) return requireProjectPermission("edit")(c, next);
 	return next();
 });
 app.openapi(createRoute({

package/dist/domains/manage/routes/agentToolRelations.js

@@ -10,8 +10,11 @@ app.use("/", async (c, next) => {
 	return next();
 });
 app.use("/:id", async (c, next) => {
-	if (c.req.method === "PUT") return requireProjectPermission("edit")(c, next);
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
+	if ([
+		"PUT",
+		"PATCH",
+		"DELETE"
+	].includes(c.req.method)) return requireProjectPermission("edit")(c, next);
 	return next();
 });
 app.openapi(createRoute({

package/dist/domains/manage/routes/apiKeys.js

@@ -11,8 +11,7 @@ app.use("/", async (c, next) => {
 	return next();
 });
 app.use("/:id", async (c, next) => {
-	if (c.req.method === "PATCH") return requireProjectPermission("edit")(c, next);
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
+	if (c.req.method === "PUT" || c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
 	return next();
 });
 app.openapi(createRoute({

package/dist/domains/manage/routes/cliAuth.js

@@ -1,7 +1,7 @@
 import runDbClient_default from "../../../data/db/runDbClient.js";
 import { sessionAuth } from "../../../middleware/sessionAuth.js";
 import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
-import { getUserOrganizations } from "@inkeep/agents-core";
+import { getUserOrganizationsFromDb } from "@inkeep/agents-core";
 
 //#region src/domains/manage/routes/cliAuth.ts
 const cliAuthRoutes = new OpenAPIHono();
@@ -37,7 +37,7 @@ cliAuthRoutes.openapi(createRoute({
 	const user = c.get("user");
 	const userId = c.get("userId");
 	if (!user || !userId) return c.json({ error: "Not authenticated" }, 401);
-	const organizations = await getUserOrganizations(runDbClient_default)(userId);
+	const organizations = await getUserOrganizationsFromDb(runDbClient_default)(userId);
 	if (organizations.length === 0) return c.json({ error: "User has no organization" }, 404);
 	const org = organizations[0];
 	return c.json({

package/dist/domains/manage/routes/conversations.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono17 from "hono";
+import * as hono16 from "hono";
 
 //#region src/domains/manage/routes/conversations.d.ts
-declare const app: OpenAPIHono<hono17.Env, {}, "/">;
+declare const app: OpenAPIHono<hono16.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/credentials.js

@@ -10,8 +10,7 @@ app.use("/", async (c, next) => {
 	return next();
 });
 app.use("/:id", async (c, next) => {
-	if (c.req.method === "PATCH") return requireProjectPermission("edit")(c, next);
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
+	if (c.req.method === "PATCH" || c.req.method === "DELETE" || c.req.method === "PUT") return requireProjectPermission("edit")(c, next);
 	return next();
 });
 app.openapi(createRoute({

package/dist/domains/manage/routes/dataComponents.js

@@ -10,8 +10,7 @@ app.use("/", async (c, next) => {
 	return next();
 });
 app.use("/:id", async (c, next) => {
-	if (c.req.method === "PATCH") return requireProjectPermission("edit")(c, next);
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
+	if (c.req.method === "PUT" || c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
 	return next();
 });
 app.openapi(createRoute({

package/dist/domains/manage/routes/evals/evaluationResults.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono14 from "hono";
+import * as hono18 from "hono";
 
 //#region src/domains/manage/routes/evals/evaluationResults.d.ts
-declare const app: OpenAPIHono<hono14.Env, {}, "/">;
+declare const app: OpenAPIHono<hono18.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/externalAgents.js

@@ -10,8 +10,7 @@ app.use("/", async (c, next) => {
 	return next();
 });
 app.use("/:id", async (c, next) => {
-	if (c.req.method === "PATCH") return requireProjectPermission("edit")(c, next);
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
+	if (c.req.method === "PUT" || c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
 	return next();
 });
 app.openapi(createRoute({

package/dist/domains/manage/routes/index.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono15 from "hono";
+import * as hono17 from "hono";
 
 //#region src/domains/manage/routes/index.d.ts
-declare const app: OpenAPIHono<hono15.Env, {}, "/">;
+declare const app: OpenAPIHono<hono17.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/index.js

@@ -9,6 +9,7 @@ import conversations_default from "./conversations.js";
 import credentialStores_default from "./credentialStores.js";
 import credentials_default from "./credentials.js";
 import dataComponents_default from "./dataComponents.js";
+import evals_default from "./evals/index.js";
 import externalAgents_default from "./externalAgents.js";
 import functions_default from "./functions.js";
 import functionTools_default from "./functionTools.js";
@@ -28,6 +29,7 @@ import subAgentToolRelations_default from "./subAgentToolRelations.js";
 import thirdPartyMCPServers_default from "./thirdPartyMCPServers.js";
 import tools_default from "./tools.js";
 import triggers_default from "./triggers.js";
+import userProjectMemberships_default from "./userProjectMemberships.js";
 import { OpenAPIHono } from "@hono/zod-openapi";
 
 //#region src/domains/manage/routes/index.ts
@@ -62,6 +64,8 @@ app.route("/projects/:projectId/agent", agentFull_default);
 app.route("/projects/:projectId/mcp-catalog", mcpCatalog_default);
 app.route("/projects/:projectId/third-party-mcp-servers", thirdPartyMCPServers_default);
 app.route("/projects/:projectId/agents/:agentId/triggers", triggers_default);
+app.route("/projects/:projectId/evals", evals_default);
+app.route("/users/:userId/project-memberships", userProjectMemberships_default);
 var routes_default = app;
 
 //#endregion

package/dist/domains/manage/routes/mcp.d.ts

@@ -1,7 +1,7 @@
 import { Hono } from "hono";
-import * as hono_types5 from "hono/types";
+import * as hono_types8 from "hono/types";
 
 //#region src/domains/manage/routes/mcp.d.ts
-declare const app: Hono<hono_types5.BlankEnv, hono_types5.BlankSchema, "/">;
+declare const app: Hono<hono_types8.BlankEnv, hono_types8.BlankSchema, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/playgroundToken.js

@@ -53,7 +53,6 @@ app.openapi(createRoute({
 		agentId
 	}, "Generating temporary JWT token for playground");
 	if (!await canUseProject({
-		tenantId,
 		userId,
 		projectId,
 		orgRole: tenantRole

package/dist/domains/manage/routes/projectFull.js

@@ -14,10 +14,27 @@ app.use("/project-full", async (c, next) => {
 	return next();
 });
 app.use("/project-full/:projectId", async (c, next) => {
-	if (c.req.method === "PUT") return requireProjectPermission("edit")(c, next);
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
+	if (c.req.method === "GET") return requireProjectPermission("view")(c, next);
 	return next();
 });
+app.use("/project-full/:projectId/with-relation-ids", async (c, next) => {
+	if (c.req.method === "GET") return requireProjectPermission("view")(c, next);
+	return next();
+});
+const requireProjectUpsertPermission = async (c, next) => {
+	const tenantId = c.get("tenantId");
+	const projectId = c.req.param("projectId");
+	if (!tenantId || !projectId) throw createApiError({
+		code: "bad_request",
+		message: "Missing tenantId or projectId"
+	});
+	const exists = await getProjectMetadata(runDbClient_default)({
+		tenantId,
+		projectId
+	});
+	c.set("isProjectCreate", !exists);
+	return exists ? requireProjectPermission("edit")(c, next) : requirePermission({ project: ["create"] })(c, next);
+};
 app.openapi(createRoute({
 	method: "post",
 	path: "/project-full",
@@ -163,6 +180,10 @@ app.openapi(createRoute({
 		});
 	}
 });
+app.use("/project-full/:projectId", async (c, next) => {
+	if (c.req.method === "PUT") return requireProjectUpsertPermission(c, next);
+	return next();
+});
 app.openapi(createRoute({
 	method: "put",
 	path: "/project-full/{projectId}",
@@ -196,10 +217,7 @@ app.openapi(createRoute({
 			code: "bad_request",
 			message: `Project ID mismatch: expected ${projectId}, got ${validatedProjectData.id}`
 		});
-		const isCreate = !await getProjectMetadata(runDbClient_default)({
-			tenantId,
-			projectId
-		});
+		const isCreate = c.get("isProjectCreate") ?? false;
 		if (isCreate) {
 			await createProjectMetadataAndBranch(runDbClient_default, configDb)({
 				tenantId,
@@ -245,6 +263,10 @@ app.openapi(createRoute({
 		});
 	}
 });
+app.use("/project-full/:projectId", async (c, next) => {
+	if (c.req.method === "DELETE") return requirePermission({ project: ["delete"] })(c, next);
+	return next();
+});
 app.openapi(createRoute({
 	method: "delete",
 	path: "/project-full/{projectId}",

package/dist/domains/manage/routes/projectMembers.js

@@ -1,24 +1,21 @@
 import { requireProjectPermission } from "../../../middleware/projectAccess.js";
 import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
-import { changeProjectRole, commonGetErrorResponses, createApiError, grantProjectAccess, isAuthzEnabled, listProjectMembers, revokeProjectAccess } from "@inkeep/agents-core";
+import { ProjectRoles, changeProjectRole, commonGetErrorResponses, createApiError, grantProjectAccess, isAuthzEnabled, listProjectMembers, revokeProjectAccess } from "@inkeep/agents-core";
 
 //#region src/domains/manage/routes/projectMembers.ts
 const app = new OpenAPIHono();
+const projectRoleEnum = z.enum([
+	ProjectRoles.ADMIN,
+	ProjectRoles.MEMBER,
+	ProjectRoles.VIEWER
+]);
 const ProjectMemberSchema = z.object({
 	userId: z.string().min(1),
-	role: z.enum([
-		"project_admin",
-		"project_member",
-		"project_viewer"
-	])
+	role: projectRoleEnum
 });
 const ProjectMemberResponseSchema = z.object({ data: z.object({
 	userId: z.string(),
-	role: z.enum([
-		"project_admin",
-		"project_member",
-		"project_viewer"
-	]),
+	role: projectRoleEnum,
 	projectId: z.string()
 }) });
 const ProjectMemberParamsSchema = z.object({
@@ -31,16 +28,8 @@ const ProjectMemberUserParamsSchema = z.object({
 	userId: z.string()
 });
 const UpdateRoleSchema = z.object({
-	role: z.enum([
-		"project_admin",
-		"project_member",
-		"project_viewer"
-	]),
-	previousRole: z.enum([
-		"project_admin",
-		"project_member",
-		"project_viewer"
-	]).optional()
+	role: projectRoleEnum,
+	previousRole: projectRoleEnum.optional()
 });
 app.openapi(createRoute({
 	method: "get",
@@ -55,18 +44,14 @@ app.openapi(createRoute({
 			description: "List of project members",
 			content: { "application/json": { schema: z.object({ data: z.array(z.object({
 				userId: z.string(),
-				role: z.enum([
-					"project_admin",
-					"project_member",
-					"project_viewer"
-				])
+				role: projectRoleEnum
 			})) }) } }
 		},
 		...commonGetErrorResponses
 	}
 }), async (c) => {
 	const { projectId, tenantId } = c.req.valid("param");
-	if (!isAuthzEnabled(tenantId)) return c.json({ data: [] });
+	if (!isAuthzEnabled()) return c.json({ data: [] });
 	const members = await listProjectMembers({
 		tenantId,
 		projectId
@@ -98,7 +83,7 @@ app.openapi(createRoute({
 }), async (c) => {
 	const { projectId, tenantId } = c.req.valid("param");
 	const { userId, role } = c.req.valid("json");
-	if (!isAuthzEnabled(tenantId)) throw createApiError({
+	if (!isAuthzEnabled()) throw createApiError({
 		code: "bad_request",
 		message: "Project member management requires authorization to be enabled (ENABLE_AUTHZ=true)"
 	});
@@ -135,7 +120,7 @@ app.openapi(createRoute({
 }), async (c) => {
 	const { projectId, userId, tenantId } = c.req.valid("param");
 	const { role: newRole, previousRole } = c.req.valid("json");
-	if (!isAuthzEnabled(tenantId)) throw createApiError({
+	if (!isAuthzEnabled()) throw createApiError({
 		code: "bad_request",
 		message: "Project member management requires authorization to be enabled (ENABLE_AUTHZ=true)"
 	});
@@ -170,11 +155,7 @@ app.openapi(createRoute({
 	tags: ["Project Members"],
 	request: {
 		params: ProjectMemberUserParamsSchema,
-		query: z.object({ role: z.enum([
-			"project_admin",
-			"project_member",
-			"project_viewer"
-		]) })
+		query: z.object({ role: projectRoleEnum })
 	},
 	responses: {
 		204: { description: "Member removed successfully" },
@@ -183,7 +164,7 @@ app.openapi(createRoute({
 }), async (c) => {
 	const { projectId, userId, tenantId } = c.req.valid("param");
 	const { role } = c.req.valid("query");
-	if (!isAuthzEnabled(tenantId)) throw createApiError({
+	if (!isAuthzEnabled()) throw createApiError({
 		code: "bad_request",
 		message: "Project member management requires authorization to be enabled (ENABLE_AUTHZ=true)"
 	});

package/dist/domains/manage/routes/projectPermissions.js

@@ -1,5 +1,6 @@
+import { env } from "../../../env.js";
 import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
-import { SpiceDbPermissions, SpiceDbResourceTypes, checkBulkPermissions, commonGetErrorResponses, createApiError, isAuthzEnabled } from "@inkeep/agents-core";
+import { OrgRoles, SpiceDbProjectPermissions, SpiceDbResourceTypes, checkBulkPermissions, commonGetErrorResponses, createApiError, isAuthzEnabled } from "@inkeep/agents-core";
 
 //#region src/domains/manage/routes/projectPermissions.ts
 const app = new OpenAPIHono();
@@ -28,15 +29,21 @@ app.openapi(createRoute({
 		...commonGetErrorResponses
 	}
 }), async (c) => {
-	const { projectId, tenantId } = c.req.valid("param");
+	const { projectId } = c.req.valid("param");
 	const userId = c.get("userId");
 	const tenantRole = c.get("tenantRole");
-	if (tenantRole === "owner" || tenantRole === "admin") return c.json({ data: {
+	const isTestEnvironment = process.env.ENVIRONMENT === "test";
+	if (env.DISABLE_AUTH || isTestEnvironment) return c.json({ data: {
 		canView: true,
 		canUse: true,
 		canEdit: true
 	} });
-	if (!isAuthzEnabled(tenantId)) return c.json({ data: {
+	if (tenantRole === OrgRoles.OWNER || tenantRole === OrgRoles.ADMIN) return c.json({ data: {
+		canView: true,
+		canUse: true,
+		canEdit: true
+	} });
+	if (!isAuthzEnabled()) return c.json({ data: {
 		canView: true,
 		canUse: true,
 		canEdit: false
@@ -49,17 +56,17 @@ app.openapi(createRoute({
 		resourceType: SpiceDbResourceTypes.PROJECT,
 		resourceId: projectId,
 		permissions: [
-			SpiceDbPermissions.VIEW,
-			SpiceDbPermissions.USE,
-			SpiceDbPermissions.EDIT
+			SpiceDbProjectPermissions.VIEW,
+			SpiceDbProjectPermissions.USE,
+			SpiceDbProjectPermissions.EDIT
 		],
 		subjectType: SpiceDbResourceTypes.USER,
 		subjectId: userId
 	});
 	return c.json({ data: {
-		canView: permissions[SpiceDbPermissions.VIEW] ?? false,
-		canUse: permissions[SpiceDbPermissions.USE] ?? false,
-		canEdit: permissions[SpiceDbPermissions.EDIT] ?? false
+		canView: permissions[SpiceDbProjectPermissions.VIEW] ?? false,
+		canUse: permissions[SpiceDbProjectPermissions.USE] ?? false,
+		canEdit: permissions[SpiceDbProjectPermissions.EDIT] ?? false
 	} });
 });
 var projectPermissions_default = app;

package/dist/domains/manage/routes/projects.js

@@ -15,7 +15,7 @@ app.use("/", async (c, next) => {
 app.use("/:id", async (c, next) => {
 	if (c.req.method === "GET") return requireProjectPermission("view")(c, next);
 	if (c.req.method === "PATCH") return requireProjectPermission("edit")(c, next);
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
+	if (c.req.method === "DELETE") return requirePermission({ project: ["delete"] })(c, next);
 	return next();
 });
 app.openapi(createRoute({
@@ -45,9 +45,8 @@ app.openapi(createRoute({
 	const page = Number(c.req.query("page")) || 1;
 	const limit = Math.min(Number(c.req.query("limit")) || 10, 100);
 	let accessibleIds;
-	if (isAuthzEnabled(tenantId) && userId) {
+	if (isAuthzEnabled() && userId) {
 		const result$1 = await listAccessibleProjectIds({
-			tenantId,
 			userId,
 			orgRole: tenantRole
 		});
@@ -149,7 +148,7 @@ app.openapi(createRoute({
 			tenantId,
 			...body
 		});
-		if (isAuthzEnabled(tenantId)) {
+		if (isAuthzEnabled()) {
 			if (!userId) throw createApiError({
 				code: "unauthorized",
 				message: "User not found"
@@ -256,7 +255,7 @@ app.openapi(createRoute({
 			code: "not_found",
 			message: "Project not found"
 		});
-		if (isAuthzEnabled(tenantId)) try {
+		if (isAuthzEnabled()) try {
 			await removeProjectFromSpiceDb({
 				tenantId,
 				projectId: id

package/dist/domains/manage/routes/signoz.d.ts

@@ -1,10 +1,10 @@
 import { ManageAppVariables } from "../../../types/app.js";
 import { Hono } from "hono";
-import * as hono_types7 from "hono/types";
+import * as hono_types5 from "hono/types";
 
 //#region src/domains/manage/routes/signoz.d.ts
 declare const app: Hono<{
   Variables: ManageAppVariables;
-}, hono_types7.BlankSchema, "/">;
+}, hono_types5.BlankSchema, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/userOrganizations.js

@@ -1,6 +1,6 @@
 import runDbClient_default from "../../../data/db/runDbClient.js";
 import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
-import { addUserToOrganization, getUserOrganizations } from "@inkeep/agents-core";
+import { addUserToOrganization, getUserOrganizationsFromDb } from "@inkeep/agents-core";
 import { AddUserToOrganizationRequestSchema, AddUserToOrganizationResponseSchema, UserOrganizationsResponseSchema } from "@inkeep/agents-core/auth/validation";
 
 //#region src/domains/manage/routes/userOrganizations.ts
@@ -18,7 +18,7 @@ userOrganizationsRoutes.openapi(createRoute({
 	} }
 }), async (c) => {
 	const { userId } = c.req.valid("param");
-	const userOrganizations = (await getUserOrganizations(runDbClient_default)(userId)).map((org) => ({
+	const userOrganizations = (await getUserOrganizationsFromDb(runDbClient_default)(userId)).map((org) => ({
 		...org,
 		createdAt: org.createdAt.toISOString()
 	}));

package/dist/domains/manage/routes/userProjectMemberships.d.ts

@@ -0,0 +1,9 @@
+import { ManageAppVariables } from "../../../types/app.js";
+import { OpenAPIHono } from "@hono/zod-openapi";
+
+//#region src/domains/manage/routes/userProjectMemberships.d.ts
+declare const app: OpenAPIHono<{
+  Variables: ManageAppVariables;
+}, {}, "/">;
+//#endregion
+export { app as default };

package/dist/domains/manage/routes/userProjectMemberships.js

@@ -0,0 +1,45 @@
+import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { ProjectRoles, commonGetErrorResponses, isAuthzEnabled, listUserProjectMembershipsInSpiceDb } from "@inkeep/agents-core";
+
+//#region src/domains/manage/routes/userProjectMemberships.ts
+const app = new OpenAPIHono();
+const projectRoleEnum = z.enum([
+	ProjectRoles.ADMIN,
+	ProjectRoles.MEMBER,
+	ProjectRoles.VIEWER
+]);
+const UserProjectMembershipParamsSchema = z.object({
+	tenantId: z.string(),
+	userId: z.string()
+});
+app.openapi(createRoute({
+	method: "get",
+	path: "/",
+	summary: "List User Project Memberships",
+	description: "List all projects a user has explicit access to and their role in each. Requires authz to be enabled.",
+	operationId: "list-user-project-memberships",
+	tags: ["User Project Memberships"],
+	request: { params: UserProjectMembershipParamsSchema },
+	responses: {
+		200: {
+			description: "List of project memberships for the user",
+			content: { "application/json": { schema: z.object({ data: z.array(z.object({
+				projectId: z.string(),
+				role: projectRoleEnum
+			})) }) } }
+		},
+		...commonGetErrorResponses
+	}
+}), async (c) => {
+	const { tenantId, userId } = c.req.valid("param");
+	if (!isAuthzEnabled()) return c.json({ data: [] });
+	const memberships = await listUserProjectMembershipsInSpiceDb({
+		tenantId,
+		userId
+	});
+	return c.json({ data: memberships });
+});
+var userProjectMemberships_default = app;
+
+//#endregion
+export { userProjectMemberships_default as default };