@inkeep/agents-api 0.0.0-dev-20260123205017 → 0.0.0-dev-20260123212735
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/.well-known/workflow/v1/manifest.debug.json +14 -14
- package/dist/.well-known/workflow/v1/step.cjs +942 -24
- package/dist/domains/evals/routes/datasetTriggers.d.ts +2 -2
- package/dist/domains/evals/routes/index.d.ts +2 -2
- package/dist/domains/evals/workflow/routes.d.ts +2 -2
- package/dist/domains/manage/index.js +0 -2
- package/dist/domains/manage/routes/agent.js +5 -2
- package/dist/domains/manage/routes/agentFull.js +5 -2
- package/dist/domains/manage/routes/agentToolRelations.js +5 -2
- package/dist/domains/manage/routes/apiKeys.js +1 -2
- package/dist/domains/manage/routes/cliAuth.js +2 -2
- package/dist/domains/manage/routes/credentials.js +1 -2
- package/dist/domains/manage/routes/dataComponents.js +1 -2
- package/dist/domains/manage/routes/evals/evaluationResults.d.ts +2 -2
- package/dist/domains/manage/routes/externalAgents.js +1 -2
- package/dist/domains/manage/routes/index.d.ts +2 -2
- package/dist/domains/manage/routes/index.js +4 -0
- package/dist/domains/manage/routes/mcp.d.ts +2 -2
- package/dist/domains/manage/routes/playgroundToken.js +0 -1
- package/dist/domains/manage/routes/projectFull.js +28 -6
- package/dist/domains/manage/routes/projectMembers.js +16 -35
- package/dist/domains/manage/routes/projectPermissions.js +17 -10
- package/dist/domains/manage/routes/projects.js +4 -5
- package/dist/domains/manage/routes/signoz.d.ts +2 -2
- package/dist/domains/manage/routes/userOrganizations.js +2 -2
- package/dist/domains/manage/routes/userProjectMemberships.d.ts +9 -0
- package/dist/domains/manage/routes/userProjectMemberships.js +45 -0
- package/dist/domains/run/agents/relationTools.d.ts +2 -2
- package/dist/domains/run/utils/token-estimator.d.ts +2 -2
- package/dist/env.d.ts +2 -2
- package/dist/factory.d.ts +272 -272
- package/dist/index.d.ts +271 -271
- package/dist/initialization.js +2 -2
- package/dist/middleware/evalsAuth.d.ts +2 -2
- package/dist/middleware/manageAuth.d.ts +2 -2
- package/dist/middleware/projectAccess.d.ts +4 -11
- package/dist/middleware/projectAccess.js +1 -17
- package/dist/middleware/projectConfig.d.ts +3 -3
- package/dist/middleware/requirePermission.d.ts +2 -2
- package/dist/middleware/runAuth.d.ts +4 -4
- package/dist/middleware/sessionAuth.d.ts +3 -3
- package/dist/middleware/tenantAccess.d.ts +2 -2
- package/dist/middleware/tenantAccess.js +4 -4
- package/dist/middleware/tracing.d.ts +3 -3
- package/dist/types/app.d.ts +2 -0
- package/package.json +3 -3
package/dist/initialization.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { getLogger as getLogger$1 } from "./logger.js";
|
|
2
2
|
import { env } from "./env.js";
|
|
3
3
|
import runDbClient_default from "./data/db/runDbClient.js";
|
|
4
|
-
import { addUserToOrganization, getUserByEmail, upsertOrganization } from "@inkeep/agents-core";
|
|
4
|
+
import { OrgRoles, addUserToOrganization, getUserByEmail, upsertOrganization } from "@inkeep/agents-core";
|
|
5
5
|
|
|
6
6
|
//#region src/initialization.ts
|
|
7
7
|
const logger = getLogger$1("initialization");
|
|
@@ -45,7 +45,7 @@ async function initializeDefaultUser(authInstance) {
|
|
|
45
45
|
await addUserToOrganization(runDbClient_default)({
|
|
46
46
|
userId: user.id,
|
|
47
47
|
organizationId: orgId,
|
|
48
|
-
role:
|
|
48
|
+
role: OrgRoles.ADMIN
|
|
49
49
|
});
|
|
50
50
|
logger.info({
|
|
51
51
|
organizationId: orgId,
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import * as
|
|
1
|
+
import * as hono1 from "hono";
|
|
2
2
|
import { BaseExecutionContext } from "@inkeep/agents-core";
|
|
3
3
|
|
|
4
4
|
//#region src/middleware/evalsAuth.d.ts
|
|
@@ -7,7 +7,7 @@ import { BaseExecutionContext } from "@inkeep/agents-core";
|
|
|
7
7
|
* Middleware to authenticate API requests using Bearer token authentication
|
|
8
8
|
* First checks if token matches INKEEP_AGENTS_EVAL_API_BYPASS_SECRET,
|
|
9
9
|
*/
|
|
10
|
-
declare const evalApiKeyAuth: () =>
|
|
10
|
+
declare const evalApiKeyAuth: () => hono1.MiddlewareHandler<{
|
|
11
11
|
Variables: {
|
|
12
12
|
executionContext: BaseExecutionContext;
|
|
13
13
|
};
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import * as
|
|
1
|
+
import * as hono3 from "hono";
|
|
2
2
|
import { BaseExecutionContext } from "@inkeep/agents-core";
|
|
3
3
|
import { createAuth } from "@inkeep/agents-core/auth";
|
|
4
4
|
|
|
@@ -12,7 +12,7 @@ import { createAuth } from "@inkeep/agents-core/auth";
|
|
|
12
12
|
* 3. Database API key
|
|
13
13
|
* 4. Internal service token
|
|
14
14
|
*/
|
|
15
|
-
declare const manageApiKeyAuth: () =>
|
|
15
|
+
declare const manageApiKeyAuth: () => hono3.MiddlewareHandler<{
|
|
16
16
|
Variables: {
|
|
17
17
|
executionContext: BaseExecutionContext;
|
|
18
18
|
userId?: string;
|
|
@@ -1,16 +1,9 @@
|
|
|
1
1
|
import { ManageAppVariables } from "../types/app.js";
|
|
2
|
-
import * as
|
|
2
|
+
import * as hono4 from "hono";
|
|
3
|
+
import { ProjectPermissionLevel } from "@inkeep/agents-core";
|
|
3
4
|
|
|
4
5
|
//#region src/middleware/projectAccess.d.ts
|
|
5
6
|
|
|
6
|
-
/**
|
|
7
|
-
* Permission levels for project access
|
|
8
|
-
*
|
|
9
|
-
* - view: Can see project and resources (read-only)
|
|
10
|
-
* - use: Can invoke agents, create API keys, view traces
|
|
11
|
-
* - edit: Can modify configurations and manage members
|
|
12
|
-
*/
|
|
13
|
-
type ProjectPermission = 'view' | 'use' | 'edit';
|
|
14
7
|
/**
|
|
15
8
|
* Middleware to check project-level access.
|
|
16
9
|
*
|
|
@@ -26,6 +19,6 @@ declare const requireProjectPermission: <Env$1 extends {
|
|
|
26
19
|
Variables: ManageAppVariables;
|
|
27
20
|
} = {
|
|
28
21
|
Variables: ManageAppVariables;
|
|
29
|
-
}>(permission?:
|
|
22
|
+
}>(permission?: ProjectPermissionLevel) => hono4.MiddlewareHandler<Env$1, string, {}, Response>;
|
|
30
23
|
//#endregion
|
|
31
|
-
export {
|
|
24
|
+
export { requireProjectPermission };
|
|
@@ -44,7 +44,6 @@ const requireProjectPermission = (permission = "view") => createMiddleware(async
|
|
|
44
44
|
switch (permission) {
|
|
45
45
|
case "view":
|
|
46
46
|
hasAccess = await canViewProject({
|
|
47
|
-
tenantId,
|
|
48
47
|
userId,
|
|
49
48
|
projectId,
|
|
50
49
|
orgRole: tenantRole
|
|
@@ -52,7 +51,6 @@ const requireProjectPermission = (permission = "view") => createMiddleware(async
|
|
|
52
51
|
break;
|
|
53
52
|
case "use":
|
|
54
53
|
hasAccess = await canUseProject({
|
|
55
|
-
tenantId,
|
|
56
54
|
userId,
|
|
57
55
|
projectId,
|
|
58
56
|
orgRole: tenantRole
|
|
@@ -60,7 +58,6 @@ const requireProjectPermission = (permission = "view") => createMiddleware(async
|
|
|
60
58
|
break;
|
|
61
59
|
case "edit":
|
|
62
60
|
hasAccess = await canEditProject({
|
|
63
|
-
tenantId,
|
|
64
61
|
userId,
|
|
65
62
|
projectId,
|
|
66
63
|
orgRole: tenantRole
|
|
@@ -68,20 +65,7 @@ const requireProjectPermission = (permission = "view") => createMiddleware(async
|
|
|
68
65
|
break;
|
|
69
66
|
}
|
|
70
67
|
if (!hasAccess) {
|
|
71
|
-
if (isAuthzEnabled(
|
|
72
|
-
if (await canViewProject({
|
|
73
|
-
tenantId,
|
|
74
|
-
userId,
|
|
75
|
-
projectId,
|
|
76
|
-
orgRole: tenantRole
|
|
77
|
-
})) throw createApiError({
|
|
78
|
-
code: "forbidden",
|
|
79
|
-
message: `Permission denied. Required: project:${permission}`,
|
|
80
|
-
instance: c.req.path,
|
|
81
|
-
extensions: { requiredPermissions: [`project:${permission}`] }
|
|
82
|
-
});
|
|
83
|
-
}
|
|
84
|
-
if (isAuthzEnabled(tenantId)) throw createApiError({
|
|
68
|
+
if (isAuthzEnabled()) throw createApiError({
|
|
85
69
|
code: "not_found",
|
|
86
70
|
message: "Project not found",
|
|
87
71
|
instance: c.req.path
|
|
@@ -1,11 +1,11 @@
|
|
|
1
|
-
import * as
|
|
1
|
+
import * as hono5 from "hono";
|
|
2
2
|
import { BaseExecutionContext, ResolvedRef } from "@inkeep/agents-core";
|
|
3
3
|
|
|
4
4
|
//#region src/middleware/projectConfig.d.ts
|
|
5
5
|
/**
|
|
6
6
|
* Middleware that fetches the full project definition from the Management API
|
|
7
7
|
*/
|
|
8
|
-
declare const projectConfigMiddleware:
|
|
8
|
+
declare const projectConfigMiddleware: hono5.MiddlewareHandler<{
|
|
9
9
|
Variables: {
|
|
10
10
|
executionContext: BaseExecutionContext;
|
|
11
11
|
resolvedRef: ResolvedRef;
|
|
@@ -15,7 +15,7 @@ declare const projectConfigMiddleware: hono2.MiddlewareHandler<{
|
|
|
15
15
|
* Creates a middleware that applies project config fetching except for specified route patterns
|
|
16
16
|
* @param skipRouteCheck - Function that returns true if the route should skip the middleware
|
|
17
17
|
*/
|
|
18
|
-
declare const projectConfigMiddlewareExcept: (skipRouteCheck: (path: string) => boolean) =>
|
|
18
|
+
declare const projectConfigMiddlewareExcept: (skipRouteCheck: (path: string) => boolean) => hono5.MiddlewareHandler<{
|
|
19
19
|
Variables: {
|
|
20
20
|
executionContext: BaseExecutionContext;
|
|
21
21
|
resolvedRef: ResolvedRef;
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { ManageAppVariables } from "../types/app.js";
|
|
2
|
-
import * as
|
|
2
|
+
import * as hono0 from "hono";
|
|
3
3
|
|
|
4
4
|
//#region src/middleware/requirePermission.d.ts
|
|
5
5
|
type Permission = {
|
|
@@ -9,6 +9,6 @@ declare const requirePermission: <Env$1 extends {
|
|
|
9
9
|
Variables: ManageAppVariables;
|
|
10
10
|
} = {
|
|
11
11
|
Variables: ManageAppVariables;
|
|
12
|
-
}>(permissions: Permission) =>
|
|
12
|
+
}>(permissions: Permission) => hono0.MiddlewareHandler<Env$1, string, {}, Response>;
|
|
13
13
|
//#endregion
|
|
14
14
|
export { requirePermission };
|
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
import * as
|
|
1
|
+
import * as hono7 from "hono";
|
|
2
2
|
import { BaseExecutionContext } from "@inkeep/agents-core";
|
|
3
3
|
|
|
4
4
|
//#region src/middleware/runAuth.d.ts
|
|
5
|
-
declare const runApiKeyAuth: () =>
|
|
5
|
+
declare const runApiKeyAuth: () => hono7.MiddlewareHandler<{
|
|
6
6
|
Variables: {
|
|
7
7
|
executionContext: BaseExecutionContext;
|
|
8
8
|
};
|
|
@@ -11,7 +11,7 @@ declare const runApiKeyAuth: () => hono5.MiddlewareHandler<{
|
|
|
11
11
|
* Creates a middleware that applies API key authentication except for specified route patterns
|
|
12
12
|
* @param skipRouteCheck - Function that returns true if the route should skip authentication
|
|
13
13
|
*/
|
|
14
|
-
declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) =>
|
|
14
|
+
declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) => hono7.MiddlewareHandler<{
|
|
15
15
|
Variables: {
|
|
16
16
|
executionContext: BaseExecutionContext;
|
|
17
17
|
};
|
|
@@ -20,7 +20,7 @@ declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) =
|
|
|
20
20
|
* Helper middleware for endpoints that optionally support API key authentication
|
|
21
21
|
* If no auth header is present, it continues without setting the executionContext
|
|
22
22
|
*/
|
|
23
|
-
declare const runOptionalAuth: () =>
|
|
23
|
+
declare const runOptionalAuth: () => hono7.MiddlewareHandler<{
|
|
24
24
|
Variables: {
|
|
25
25
|
executionContext?: BaseExecutionContext;
|
|
26
26
|
};
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import * as
|
|
1
|
+
import * as hono10 from "hono";
|
|
2
2
|
|
|
3
3
|
//#region src/middleware/sessionAuth.d.ts
|
|
4
4
|
|
|
@@ -7,11 +7,11 @@ import * as hono8 from "hono";
|
|
|
7
7
|
* Requires that a user has already been authenticated via Better Auth session.
|
|
8
8
|
* Used primarily for manage routes that require an active user session.
|
|
9
9
|
*/
|
|
10
|
-
declare const sessionAuth: () =>
|
|
10
|
+
declare const sessionAuth: () => hono10.MiddlewareHandler<any, string, {}, Response>;
|
|
11
11
|
/**
|
|
12
12
|
* Global session middleware - sets user and session in context for all routes
|
|
13
13
|
* Used for all routes that require an active user session.
|
|
14
14
|
*/
|
|
15
|
-
declare const sessionContext: () =>
|
|
15
|
+
declare const sessionContext: () => hono10.MiddlewareHandler<any, string, {}, Response>;
|
|
16
16
|
//#endregion
|
|
17
17
|
export { sessionAuth, sessionContext };
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import * as
|
|
1
|
+
import * as hono12 from "hono";
|
|
2
2
|
|
|
3
3
|
//#region src/middleware/tenantAccess.d.ts
|
|
4
4
|
|
|
@@ -11,7 +11,7 @@ import * as hono10 from "hono";
|
|
|
11
11
|
* - API key user: Access only to the tenant associated with the API key
|
|
12
12
|
* - Session user: Access based on organization membership
|
|
13
13
|
*/
|
|
14
|
-
declare const requireTenantAccess: () =>
|
|
14
|
+
declare const requireTenantAccess: () => hono12.MiddlewareHandler<{
|
|
15
15
|
Variables: {
|
|
16
16
|
userId: string;
|
|
17
17
|
tenantId: string;
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import runDbClient_default from "../data/db/runDbClient.js";
|
|
2
|
-
import { createApiError,
|
|
2
|
+
import { OrgRoles, createApiError, getUserOrganizationsFromDb } from "@inkeep/agents-core";
|
|
3
3
|
import { createMiddleware } from "hono/factory";
|
|
4
4
|
import { HTTPException } from "hono/http-exception";
|
|
5
5
|
|
|
@@ -26,7 +26,7 @@ const requireTenantAccess = () => createMiddleware(async (c, next) => {
|
|
|
26
26
|
});
|
|
27
27
|
if (userId === "system") {
|
|
28
28
|
c.set("tenantId", tenantId);
|
|
29
|
-
c.set("tenantRole",
|
|
29
|
+
c.set("tenantRole", OrgRoles.OWNER);
|
|
30
30
|
await next();
|
|
31
31
|
return;
|
|
32
32
|
}
|
|
@@ -37,12 +37,12 @@ const requireTenantAccess = () => createMiddleware(async (c, next) => {
|
|
|
37
37
|
message: "API key does not have access to this organization"
|
|
38
38
|
});
|
|
39
39
|
c.set("tenantId", tenantId);
|
|
40
|
-
c.set("tenantRole",
|
|
40
|
+
c.set("tenantRole", OrgRoles.OWNER);
|
|
41
41
|
await next();
|
|
42
42
|
return;
|
|
43
43
|
}
|
|
44
44
|
try {
|
|
45
|
-
const organizationAccess = (await
|
|
45
|
+
const organizationAccess = (await getUserOrganizationsFromDb(runDbClient_default)(userId)).find((org) => org.organizationId === tenantId);
|
|
46
46
|
if (!organizationAccess) throw createApiError({
|
|
47
47
|
code: "forbidden",
|
|
48
48
|
message: "Access denied to this organization"
|
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import * as
|
|
1
|
+
import * as hono13 from "hono";
|
|
2
2
|
|
|
3
3
|
//#region src/middleware/tracing.d.ts
|
|
4
|
-
declare const otelBaggageMiddleware: () =>
|
|
5
|
-
declare const executionBaggageMiddleware: () =>
|
|
4
|
+
declare const otelBaggageMiddleware: () => hono13.MiddlewareHandler<any, string, {}, Response>;
|
|
5
|
+
declare const executionBaggageMiddleware: () => hono13.MiddlewareHandler<any, string, {}, Response>;
|
|
6
6
|
//#endregion
|
|
7
7
|
export { executionBaggageMiddleware, otelBaggageMiddleware };
|
package/dist/types/app.d.ts
CHANGED
|
@@ -38,6 +38,8 @@ type ManageAppVariables = AppVariables & {
|
|
|
38
38
|
db: AgentsManageDatabaseClient;
|
|
39
39
|
auth: ReturnType<typeof createAuth> | null;
|
|
40
40
|
resolvedRef: ResolvedRef;
|
|
41
|
+
/** Cached by projectFull middleware to avoid duplicate DB lookup for PUT upsert */
|
|
42
|
+
isProjectCreate?: boolean;
|
|
41
43
|
};
|
|
42
44
|
type AppConfig = {
|
|
43
45
|
serverConfig: ServerConfig;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@inkeep/agents-api",
|
|
3
|
-
"version": "0.0.0-dev-
|
|
3
|
+
"version": "0.0.0-dev-20260123212735",
|
|
4
4
|
"description": "Unified Inkeep Agents API - combines management, runtime, and evaluation capabilities",
|
|
5
5
|
"types": "dist/index.d.ts",
|
|
6
6
|
"exports": {
|
|
@@ -71,8 +71,8 @@
|
|
|
71
71
|
"openid-client": "^6.8.1",
|
|
72
72
|
"pg": "^8.16.3",
|
|
73
73
|
"workflow": "4.0.1-beta.33",
|
|
74
|
-
"@inkeep/agents-core": "^0.0.0-dev-
|
|
75
|
-
"@inkeep/agents-manage-mcp": "^0.0.0-dev-
|
|
74
|
+
"@inkeep/agents-core": "^0.0.0-dev-20260123212735",
|
|
75
|
+
"@inkeep/agents-manage-mcp": "^0.0.0-dev-20260123212735"
|
|
76
76
|
},
|
|
77
77
|
"peerDependencies": {
|
|
78
78
|
"@hono/zod-openapi": "^1.1.5",
|