@inkeep/agents-api 0.0.0-dev-20260123205017 → 0.0.0-dev-20260123211824

package/dist/index.d.ts

@@ -8,7 +8,7 @@ import { createAuth0Provider, createOIDCProvider } from "./ssoHelpers.js";
 import { SSOProviderConfig, UserAuthConfig, createAgentsApp } from "./factory.js";
 import { Hono } from "hono";
 import * as zod205 from "zod";
-import * as hono_types3 from "hono/types";
+import * as hono_types1 from "hono/types";
 import * as better_auth78 from "better-auth";
 import * as better_auth_plugins69 from "better-auth/plugins";
 import * as _better_auth_sso10 from "@better-auth/sso";
@@ -841,13 +841,13 @@ declare const auth: better_auth78.Auth<{
           user: better_auth78.User & Record<string, any>;
           organization: better_auth_plugins69.Organization & Record<string, any>;
         }) => Promise<void>;
-        afterUpdateMemberRole: ({
+        beforeUpdateMemberRole: ({
           member,
           organization: org,
-          previousRole
+          newRole
         }: {
           member: better_auth_plugins69.Member & Record<string, any>;
-          previousRole: string;
+          newRole: string;
           user: better_auth78.User & Record<string, any>;
           organization: better_auth_plugins69.Organization & Record<string, any>;
         }) => Promise<void>;
@@ -1150,13 +1150,13 @@ declare const auth: better_auth78.Auth<{
           user: better_auth78.User & Record<string, any>;
           organization: better_auth_plugins69.Organization & Record<string, any>;
         }) => Promise<void>;
-        afterUpdateMemberRole: ({
+        beforeUpdateMemberRole: ({
           member,
           organization: org,
-          previousRole
+          newRole
         }: {
           member: better_auth_plugins69.Member & Record<string, any>;
-          previousRole: string;
+          newRole: string;
           user: better_auth78.User & Record<string, any>;
           organization: better_auth_plugins69.Organization & Record<string, any>;
         }) => Promise<void>;
@@ -1531,6 +1531,6 @@ declare const auth: better_auth78.Auth<{
     }>;
   }];
 }> | null;
-declare const app: Hono<hono_types3.BlankEnv, hono_types3.BlankSchema, "/">;
+declare const app: Hono<hono_types1.BlankEnv, hono_types1.BlankSchema, "/">;
 //#endregion
 export { type AppConfig, type AppVariables, Hono, type NativeSandboxConfig, type SSOProviderConfig, type SandboxConfig, type UserAuthConfig, type VercelSandboxConfig, auth, createAgentsApp, createAgentsHono, createAuth0Provider, createOIDCProvider, app as default, initializeDefaultUser };

package/dist/initialization.js

@@ -1,7 +1,7 @@
 import { getLogger as getLogger$1 } from "./logger.js";
 import { env } from "./env.js";
 import runDbClient_default from "./data/db/runDbClient.js";
-import { addUserToOrganization, getUserByEmail, upsertOrganization } from "@inkeep/agents-core";
+import { OrgRoles, addUserToOrganization, getUserByEmail, upsertOrganization } from "@inkeep/agents-core";
 
 //#region src/initialization.ts
 const logger = getLogger$1("initialization");
@@ -45,7 +45,7 @@ async function initializeDefaultUser(authInstance) {
 		await addUserToOrganization(runDbClient_default)({
 			userId: user.id,
 			organizationId: orgId,
-			role: "owner"
+			role: OrgRoles.ADMIN
 		});
 		logger.info({
 			organizationId: orgId,

package/dist/middleware/evalsAuth.d.ts

@@ -1,4 +1,4 @@
-import * as hono0 from "hono";
+import * as hono4 from "hono";
 import { BaseExecutionContext } from "@inkeep/agents-core";
 
 //#region src/middleware/evalsAuth.d.ts
@@ -7,7 +7,7 @@ import { BaseExecutionContext } from "@inkeep/agents-core";
  * Middleware to authenticate API requests using Bearer token authentication
  * First checks if token matches INKEEP_AGENTS_EVAL_API_BYPASS_SECRET,
  */
-declare const evalApiKeyAuth: () => hono0.MiddlewareHandler<{
+declare const evalApiKeyAuth: () => hono4.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };

package/dist/middleware/projectAccess.d.ts

@@ -1,16 +1,9 @@
 import { ManageAppVariables } from "../types/app.js";
 import * as hono1 from "hono";
+import { ProjectPermissionLevel } from "@inkeep/agents-core";
 
 //#region src/middleware/projectAccess.d.ts
 
-/**
- * Permission levels for project access
- *
- * - view: Can see project and resources (read-only)
- * - use: Can invoke agents, create API keys, view traces
- * - edit: Can modify configurations and manage members
- */
-type ProjectPermission = 'view' | 'use' | 'edit';
 /**
  * Middleware to check project-level access.
  *
@@ -26,6 +19,6 @@ declare const requireProjectPermission: <Env$1 extends {
   Variables: ManageAppVariables;
 } = {
   Variables: ManageAppVariables;
-}>(permission?: ProjectPermission) => hono1.MiddlewareHandler<Env$1, string, {}, Response>;
+}>(permission?: ProjectPermissionLevel) => hono1.MiddlewareHandler<Env$1, string, {}, Response>;
 //#endregion
-export { ProjectPermission, requireProjectPermission };
+export { requireProjectPermission };

package/dist/middleware/projectAccess.js

@@ -44,7 +44,6 @@ const requireProjectPermission = (permission = "view") => createMiddleware(async
 		switch (permission) {
 			case "view":
 				hasAccess = await canViewProject({
-					tenantId,
 					userId,
 					projectId,
 					orgRole: tenantRole
@@ -52,7 +51,6 @@ const requireProjectPermission = (permission = "view") => createMiddleware(async
 				break;
 			case "use":
 				hasAccess = await canUseProject({
-					tenantId,
 					userId,
 					projectId,
 					orgRole: tenantRole
@@ -60,7 +58,6 @@ const requireProjectPermission = (permission = "view") => createMiddleware(async
 				break;
 			case "edit":
 				hasAccess = await canEditProject({
-					tenantId,
 					userId,
 					projectId,
 					orgRole: tenantRole
@@ -68,20 +65,7 @@ const requireProjectPermission = (permission = "view") => createMiddleware(async
 				break;
 		}
 		if (!hasAccess) {
-			if (isAuthzEnabled(tenantId) && permission !== "view") {
-				if (await canViewProject({
-					tenantId,
-					userId,
-					projectId,
-					orgRole: tenantRole
-				})) throw createApiError({
-					code: "forbidden",
-					message: `Permission denied. Required: project:${permission}`,
-					instance: c.req.path,
-					extensions: { requiredPermissions: [`project:${permission}`] }
-				});
-			}
-			if (isAuthzEnabled(tenantId)) throw createApiError({
+			if (isAuthzEnabled()) throw createApiError({
 				code: "not_found",
 				message: "Project not found",
 				instance: c.req.path

package/dist/middleware/requirePermission.d.ts

@@ -1,5 +1,5 @@
 import { ManageAppVariables } from "../types/app.js";
-import * as hono4 from "hono";
+import * as hono5 from "hono";
 
 //#region src/middleware/requirePermission.d.ts
 type Permission = {
@@ -9,6 +9,6 @@ declare const requirePermission: <Env$1 extends {
   Variables: ManageAppVariables;
 } = {
   Variables: ManageAppVariables;
-}>(permissions: Permission) => hono4.MiddlewareHandler<Env$1, string, {}, Response>;
+}>(permissions: Permission) => hono5.MiddlewareHandler<Env$1, string, {}, Response>;
 //#endregion
 export { requirePermission };

package/dist/middleware/runAuth.d.ts

@@ -1,8 +1,8 @@
-import * as hono5 from "hono";
+import * as hono6 from "hono";
 import { BaseExecutionContext } from "@inkeep/agents-core";
 
 //#region src/middleware/runAuth.d.ts
-declare const runApiKeyAuth: () => hono5.MiddlewareHandler<{
+declare const runApiKeyAuth: () => hono6.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };
@@ -11,7 +11,7 @@ declare const runApiKeyAuth: () => hono5.MiddlewareHandler<{
  * Creates a middleware that applies API key authentication except for specified route patterns
  * @param skipRouteCheck - Function that returns true if the route should skip authentication
  */
-declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) => hono5.MiddlewareHandler<{
+declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) => hono6.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };
@@ -20,7 +20,7 @@ declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) =
  * Helper middleware for endpoints that optionally support API key authentication
  * If no auth header is present, it continues without setting the executionContext
  */
-declare const runOptionalAuth: () => hono5.MiddlewareHandler<{
+declare const runOptionalAuth: () => hono6.MiddlewareHandler<{
   Variables: {
     executionContext?: BaseExecutionContext;
   };

package/dist/middleware/sessionAuth.d.ts

@@ -1,4 +1,4 @@
-import * as hono8 from "hono";
+import * as hono9 from "hono";
 
 //#region src/middleware/sessionAuth.d.ts
 
@@ -7,11 +7,11 @@ import * as hono8 from "hono";
  * Requires that a user has already been authenticated via Better Auth session.
  * Used primarily for manage routes that require an active user session.
  */
-declare const sessionAuth: () => hono8.MiddlewareHandler<any, string, {}, Response>;
+declare const sessionAuth: () => hono9.MiddlewareHandler<any, string, {}, Response>;
 /**
  * Global session middleware - sets user and session in context for all routes
  * Used for all routes that require an active user session.
  */
-declare const sessionContext: () => hono8.MiddlewareHandler<any, string, {}, Response>;
+declare const sessionContext: () => hono9.MiddlewareHandler<any, string, {}, Response>;
 //#endregion
 export { sessionAuth, sessionContext };

package/dist/middleware/tenantAccess.d.ts

@@ -1,4 +1,4 @@
-import * as hono10 from "hono";
+import * as hono11 from "hono";
 
 //#region src/middleware/tenantAccess.d.ts
 
@@ -11,7 +11,7 @@ import * as hono10 from "hono";
  * - API key user: Access only to the tenant associated with the API key
  * - Session user: Access based on organization membership
  */
-declare const requireTenantAccess: () => hono10.MiddlewareHandler<{
+declare const requireTenantAccess: () => hono11.MiddlewareHandler<{
   Variables: {
     userId: string;
     tenantId: string;

package/dist/middleware/tenantAccess.js

@@ -1,5 +1,5 @@
 import runDbClient_default from "../data/db/runDbClient.js";
-import { createApiError, getUserOrganizations } from "@inkeep/agents-core";
+import { OrgRoles, createApiError, getUserOrganizationsFromDb } from "@inkeep/agents-core";
 import { createMiddleware } from "hono/factory";
 import { HTTPException } from "hono/http-exception";
 
@@ -26,7 +26,7 @@ const requireTenantAccess = () => createMiddleware(async (c, next) => {
 	});
 	if (userId === "system") {
 		c.set("tenantId", tenantId);
-		c.set("tenantRole", "owner");
+		c.set("tenantRole", OrgRoles.OWNER);
 		await next();
 		return;
 	}
@@ -37,12 +37,12 @@ const requireTenantAccess = () => createMiddleware(async (c, next) => {
 			message: "API key does not have access to this organization"
 		});
 		c.set("tenantId", tenantId);
-		c.set("tenantRole", "owner");
+		c.set("tenantRole", OrgRoles.OWNER);
 		await next();
 		return;
 	}
 	try {
-		const organizationAccess = (await getUserOrganizations(runDbClient_default)(userId)).find((org) => org.organizationId === tenantId);
+		const organizationAccess = (await getUserOrganizationsFromDb(runDbClient_default)(userId)).find((org) => org.organizationId === tenantId);
 		if (!organizationAccess) throw createApiError({
 			code: "forbidden",
 			message: "Access denied to this organization"

package/dist/middleware/tracing.d.ts

@@ -1,7 +1,7 @@
-import * as hono11 from "hono";
+import * as hono12 from "hono";
 
 //#region src/middleware/tracing.d.ts
-declare const otelBaggageMiddleware: () => hono11.MiddlewareHandler<any, string, {}, Response>;
-declare const executionBaggageMiddleware: () => hono11.MiddlewareHandler<any, string, {}, Response>;
+declare const otelBaggageMiddleware: () => hono12.MiddlewareHandler<any, string, {}, Response>;
+declare const executionBaggageMiddleware: () => hono12.MiddlewareHandler<any, string, {}, Response>;
 //#endregion
 export { executionBaggageMiddleware, otelBaggageMiddleware };

package/dist/types/app.d.ts

@@ -38,6 +38,8 @@ type ManageAppVariables = AppVariables & {
   db: AgentsManageDatabaseClient;
   auth: ReturnType<typeof createAuth> | null;
   resolvedRef: ResolvedRef;
+  /** Cached by projectFull middleware to avoid duplicate DB lookup for PUT upsert */
+  isProjectCreate?: boolean;
 };
 type AppConfig = {
   serverConfig: ServerConfig;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inkeep/agents-api",
-  "version": "0.0.0-dev-20260123205017",
+  "version": "0.0.0-dev-20260123211824",
   "description": "Unified Inkeep Agents API - combines management, runtime, and evaluation capabilities",
   "types": "dist/index.d.ts",
   "exports": {
@@ -71,8 +71,8 @@
     "openid-client": "^6.8.1",
     "pg": "^8.16.3",
     "workflow": "4.0.1-beta.33",
-    "@inkeep/agents-core": "^0.0.0-dev-20260123205017",
-    "@inkeep/agents-manage-mcp": "^0.0.0-dev-20260123205017"
+    "@inkeep/agents-core": "^0.0.0-dev-20260123211824",
+    "@inkeep/agents-manage-mcp": "^0.0.0-dev-20260123211824"
   },
   "peerDependencies": {
     "@hono/zod-openapi": "^1.1.5",