@inkeep/agents-api 0.0.0-dev-20260124111014 → 0.0.0-dev-20260125001234

package/dist/.well-known/workflow/v1/manifest.debug.json

@@ -1,14 +1,17 @@
 {
   "steps": {
-    "node_modules/.pnpm/workflow@4.0.1-beta.33_@aws-sdk+client-sts@3.970.0_@opentelemetry+api@1.9.0_@types+reac_d0e39273ec53983ee1a59c0952eb17f2/node_modules/workflow/dist/internal/builtins.js": {
-      "__builtin_response_array_buffer": {
-        "stepId": "__builtin_response_array_buffer"
+    "src/domains/evals/workflow/functions/runDatasetItem.ts": {
+      "callChatApiStep": {
+        "stepId": "step//src/domains/evals/workflow/functions/runDatasetItem.ts//callChatApiStep"
       },
-      "__builtin_response_json": {
-        "stepId": "__builtin_response_json"
+      "createRelationStep": {
+        "stepId": "step//src/domains/evals/workflow/functions/runDatasetItem.ts//createRelationStep"
       },
-      "__builtin_response_text": {
-        "stepId": "__builtin_response_text"
+      "executeEvaluatorStep": {
+        "stepId": "step//src/domains/evals/workflow/functions/runDatasetItem.ts//executeEvaluatorStep"
+      },
+      "logStep": {
+        "stepId": "step//src/domains/evals/workflow/functions/runDatasetItem.ts//logStep"
       }
     },
     "src/domains/evals/workflow/functions/evaluateConversation.ts": {
@@ -25,18 +28,15 @@
         "stepId": "step//src/domains/evals/workflow/functions/evaluateConversation.ts//logStep"
       }
     },
-    "src/domains/evals/workflow/functions/runDatasetItem.ts": {
-      "callChatApiStep": {
-        "stepId": "step//src/domains/evals/workflow/functions/runDatasetItem.ts//callChatApiStep"
-      },
-      "createRelationStep": {
-        "stepId": "step//src/domains/evals/workflow/functions/runDatasetItem.ts//createRelationStep"
+    "node_modules/.pnpm/workflow@4.0.1-beta.33_@aws-sdk+client-sts@3.970.0_@opentelemetry+api@1.9.0_@types+reac_d0e39273ec53983ee1a59c0952eb17f2/node_modules/workflow/dist/internal/builtins.js": {
+      "__builtin_response_array_buffer": {
+        "stepId": "__builtin_response_array_buffer"
       },
-      "executeEvaluatorStep": {
-        "stepId": "step//src/domains/evals/workflow/functions/runDatasetItem.ts//executeEvaluatorStep"
+      "__builtin_response_json": {
+        "stepId": "__builtin_response_json"
       },
-      "logStep": {
-        "stepId": "step//src/domains/evals/workflow/functions/runDatasetItem.ts//logStep"
+      "__builtin_response_text": {
+        "stepId": "__builtin_response_text"
       }
     }
   },

package/dist/createApp.d.ts

@@ -1,10 +1,10 @@
 import { AppConfig } from "./types/app.js";
 import "./types/index.js";
 import { Hono } from "hono";
-import * as hono_types1 from "hono/types";
+import * as hono_types0 from "hono/types";
 
 //#region src/createApp.d.ts
 declare const isWebhookRoute: (path: string) => boolean;
-declare function createAgentsHono(config: AppConfig): Hono<hono_types1.BlankEnv, hono_types1.BlankSchema, "/">;
+declare function createAgentsHono(config: AppConfig): Hono<hono_types0.BlankEnv, hono_types0.BlankSchema, "/">;
 //#endregion
 export { createAgentsHono, isWebhookRoute };

package/dist/data/db/manageDbClient.d.ts

@@ -1,6 +1,6 @@
-import * as _inkeep_agents_core1 from "@inkeep/agents-core";
+import * as _inkeep_agents_core0 from "@inkeep/agents-core";
 
 //#region src/data/db/manageDbClient.d.ts
-declare const manageDbClient: _inkeep_agents_core1.AgentsManageDatabaseClient;
+declare const manageDbClient: _inkeep_agents_core0.AgentsManageDatabaseClient;
 //#endregion
 export { manageDbClient as default };

package/dist/data/db/runDbClient.d.ts

@@ -1,6 +1,6 @@
-import * as _inkeep_agents_core2 from "@inkeep/agents-core";
+import * as _inkeep_agents_core1 from "@inkeep/agents-core";
 
 //#region src/data/db/runDbClient.d.ts
-declare const runDbClient: _inkeep_agents_core2.AgentsRunDatabaseClient;
+declare const runDbClient: _inkeep_agents_core1.AgentsRunDatabaseClient;
 //#endregion
 export { runDbClient as default };

package/dist/domains/evals/routes/datasetTriggers.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono11 from "hono";
+import * as hono15 from "hono";
 
 //#region src/domains/evals/routes/datasetTriggers.d.ts
-declare const app: OpenAPIHono<hono11.Env, {}, "/">;
+declare const app: OpenAPIHono<hono15.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/evals/routes/index.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono12 from "hono";
+import * as hono14 from "hono";
 
 //#region src/domains/evals/routes/index.d.ts
-declare const app: OpenAPIHono<hono12.Env, {}, "/">;
+declare const app: OpenAPIHono<hono14.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/evals/workflow/routes.d.ts

@@ -1,7 +1,7 @@
 import { Hono } from "hono";
-import * as hono_types7 from "hono/types";
+import * as hono_types8 from "hono/types";
 
 //#region src/domains/evals/workflow/routes.d.ts
-declare const workflowRoutes: Hono<hono_types7.BlankEnv, hono_types7.BlankSchema, "/">;
+declare const workflowRoutes: Hono<hono_types8.BlankEnv, hono_types8.BlankSchema, "/">;
 //#endregion
 export { workflowRoutes };

package/dist/domains/manage/routes/conversations.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono2 from "hono";
+import * as hono17 from "hono";
 
 //#region src/domains/manage/routes/conversations.d.ts
-declare const app: OpenAPIHono<hono2.Env, {}, "/">;
+declare const app: OpenAPIHono<hono17.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/evals/evaluationResults.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono14 from "hono";
+import * as hono16 from "hono";
 
 //#region src/domains/manage/routes/evals/evaluationResults.d.ts
-declare const app: OpenAPIHono<hono14.Env, {}, "/">;
+declare const app: OpenAPIHono<hono16.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/index.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono3 from "hono";
+import * as hono18 from "hono";
 
 //#region src/domains/manage/routes/index.d.ts
-declare const app: OpenAPIHono<hono3.Env, {}, "/">;
+declare const app: OpenAPIHono<hono18.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/mcp.d.ts

@@ -1,7 +1,7 @@
 import { Hono } from "hono";
-import * as hono_types3 from "hono/types";
+import * as hono_types6 from "hono/types";
 
 //#region src/domains/manage/routes/mcp.d.ts
-declare const app: Hono<hono_types3.BlankEnv, hono_types3.BlankSchema, "/">;
+declare const app: Hono<hono_types6.BlankEnv, hono_types6.BlankSchema, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/signoz.d.ts

@@ -1,10 +1,10 @@
 import { ManageAppVariables } from "../../../types/app.js";
 import { Hono } from "hono";
-import * as hono_types9 from "hono/types";
+import * as hono_types5 from "hono/types";
 
 //#region src/domains/manage/routes/signoz.d.ts
 declare const app: Hono<{
   Variables: ManageAppVariables;
-}, hono_types9.BlankSchema, "/">;
+}, hono_types5.BlankSchema, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/tools.js

@@ -2,7 +2,8 @@ import { getLogger as getLogger$1 } from "../../../logger.js";
 import { requireProjectPermission } from "../../../middleware/projectAccess.js";
 import { speakeasyOffsetLimitPagination } from "../../../utils/speakeasy.js";
 import { OpenAPIHono, createRoute } from "@hono/zod-openapi";
-import { CredentialReferenceApiSelectSchema, CredentialReferenceResponse, McpToolListResponse, McpToolResponse, PaginationQueryParamsSchema, TenantProjectIdParamsSchema, TenantProjectParamsSchema, ToolApiInsertSchema, ToolApiUpdateSchema, ToolStatusSchema, commonGetErrorResponses, createApiError, createTool, dbResultToMcpTool, deleteTool, generateId, getToolById, getUserScopedCredentialReference, listTools, updateTool } from "@inkeep/agents-core";
+import { CredentialReferenceApiSelectSchema, CredentialReferenceResponse, McpToolListResponse, McpToolResponse, PaginationQueryParamsSchema, TenantProjectIdParamsSchema, TenantProjectParamsSchema, ToolApiInsertSchema, ToolApiUpdateSchema, ToolStatusSchema, commonGetErrorResponses, createApiError, createTool, dbResultToMcpTool, dbResultToMcpToolSkeleton, deleteTool, generateId, getToolById, getUserScopedCredentialReference, listTools, updateTool } from "@inkeep/agents-core";
+import { z as z$1 } from "zod";
 
 //#region src/domains/manage/routes/tools.ts
 const logger = getLogger$1("tools");
@@ -24,7 +25,10 @@ app.openapi(createRoute({
 	tags: ["Tools"],
 	request: {
 		params: TenantProjectParamsSchema,
-		query: PaginationQueryParamsSchema.extend({ status: ToolStatusSchema.optional() })
+		query: PaginationQueryParamsSchema.extend({
+			status: ToolStatusSchema.optional(),
+			skipDiscovery: z$1.enum(["true", "false"]).optional().transform((val) => val === "true").describe("Skip MCP server discovery for faster response. Status will be \"unknown\".")
+		})
 	},
 	responses: {
 		200: {
@@ -37,10 +41,27 @@ app.openapi(createRoute({
 }), async (c) => {
 	const db = c.get("db");
 	const { tenantId, projectId } = c.req.valid("param");
-	const { page, limit, status } = c.req.valid("query");
+	const { page, limit, status, skipDiscovery } = c.req.valid("query");
 	let result;
 	const credentialStores = c.get("credentialStores");
 	const userId = c.get("userId");
+	if (skipDiscovery) {
+		const dbResult = await listTools(db)({
+			scopes: {
+				tenantId,
+				projectId
+			},
+			pagination: {
+				page,
+				limit
+			}
+		});
+		result = {
+			data: dbResult.data.map((tool) => dbResultToMcpToolSkeleton(tool)),
+			pagination: dbResult.pagination
+		};
+		return c.json(result);
+	}
 	if (status) {
 		const dbResult = await listTools(db)({
 			scopes: {

package/dist/domains/run/agents/Agent.js

@@ -26,7 +26,7 @@ import { SystemPromptBuilder } from "./SystemPromptBuilder.js";
 import { Phase1Config, V1_BREAKDOWN_SCHEMA } from "./versions/v1/Phase1Config.js";
 import { Phase2Config } from "./versions/v1/Phase2Config.js";
 import { z } from "@hono/zod-openapi";
-import { CredentialStuffer, JsonTransformer, MCPServerType, MCPTransportType, McpClient, ModelFactory, TemplateEngine, createMessage, generateId, getFunctionToolsForSubAgent, getLedgerArtifacts, listTaskIdsByContextId, parseEmbeddedJson, withRef } from "@inkeep/agents-core";
+import { CredentialStuffer, JsonTransformer, MCPServerType, MCPTransportType, McpClient, ModelFactory, TemplateEngine, buildComposioMCPUrl, createMessage, generateId, getFunctionToolsForSubAgent, getLedgerArtifacts, listTaskIdsByContextId, parseEmbeddedJson, withRef } from "@inkeep/agents-core";
 import { Output, generateText, streamText, tool } from "ai";
 import { SpanStatusCode, trace } from "@opentelemetry/api";
 
@@ -681,12 +681,7 @@ var Agent = class {
 				headers: agentToolRelationHeaders
 			};
 		}
-		if (serverConfig.url?.toString().includes("composio.dev")) {
-			const urlObj = new URL(serverConfig.url.toString());
-			if (isUserScoped && userId) urlObj.searchParams.set("user_id", userId);
-			else urlObj.searchParams.set("user_id", `${this.config.tenantId}||${this.config.projectId}`);
-			serverConfig.url = urlObj.toString();
-		}
+		if (serverConfig.url) serverConfig.url = buildComposioMCPUrl(serverConfig.url.toString(), this.config.tenantId, this.config.projectId, isUserScoped ? "user" : "project", userId);
 		if (this.config.forwardedHeaders && Object.keys(this.config.forwardedHeaders).length > 0) serverConfig.headers = {
 			...serverConfig.headers,
 			...this.config.forwardedHeaders

package/dist/domains/run/agents/relationTools.d.ts

@@ -1,6 +1,6 @@
 import { AgentConfig, DelegateRelation } from "./Agent.js";
 import { InternalRelation } from "../utils/project.js";
-import * as _inkeep_agents_core0 from "@inkeep/agents-core";
+import * as _inkeep_agents_core2 from "@inkeep/agents-core";
 import { CredentialStoreRegistry, FullExecutionContext } from "@inkeep/agents-core";
 import * as ai0 from "ai";
 
@@ -44,7 +44,7 @@ declare function createDelegateToAgentTool({
   message: string;
 }, {
   toolCallId: any;
-  result: _inkeep_agents_core0.Message | _inkeep_agents_core0.Task;
+  result: _inkeep_agents_core2.Message | _inkeep_agents_core2.Task;
 }>;
 /**
  * Parameters for building a transfer relation config

package/dist/domains/run/utils/token-estimator.d.ts

@@ -1,4 +1,4 @@
-import * as _inkeep_agents_core3 from "@inkeep/agents-core";
+import * as _inkeep_agents_core0 from "@inkeep/agents-core";
 import { BreakdownComponentDef, ContextBreakdown, calculateBreakdownTotal, createEmptyBreakdown } from "@inkeep/agents-core";
 
 //#region src/domains/run/utils/token-estimator.d.ts
@@ -17,7 +17,7 @@ interface AssembleResult {
   /** The assembled prompt string */
   prompt: string;
   /** Token breakdown for each component */
-  breakdown: _inkeep_agents_core3.ContextBreakdown;
+  breakdown: _inkeep_agents_core0.ContextBreakdown;
 }
 //#endregion
 export { AssembleResult, type BreakdownComponentDef, type ContextBreakdown, calculateBreakdownTotal, createEmptyBreakdown, estimateTokens };

package/dist/factory.d.ts

@@ -7,7 +7,7 @@ import * as hono0 from "hono";
 import { CredentialStore, ServerConfig } from "@inkeep/agents-core";
 import * as zod0 from "zod";
 import { SSOProviderConfig, UserAuthConfig } from "@inkeep/agents-core/auth";
-import * as hono_types0 from "hono/types";
+import * as hono_types1 from "hono/types";
 import * as better_auth0 from "better-auth";
 import * as better_auth_plugins0 from "better-auth/plugins";
 import * as _better_auth_sso0 from "@better-auth/sso";
@@ -795,25 +795,25 @@ declare function createAgentsAuth(userAuthConfig?: UserAuthConfig): better_auth0
       ac: better_auth_plugins0.AccessControl;
       roles: {
         member: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>;
         };
         admin: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>;
         };
         owner: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>;
         };
       };
       membershipLimit: number;
@@ -1104,25 +1104,25 @@ declare function createAgentsAuth(userAuthConfig?: UserAuthConfig): better_auth0
       ac: better_auth_plugins0.AccessControl;
       roles: {
         member: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>;
         };
         admin: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>;
         };
         owner: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>;
         };
       };
       membershipLimit: number;
@@ -1536,6 +1536,6 @@ declare function createAgentsApp(config?: {
   auth?: UserAuthConfig;
   sandboxConfig?: SandboxConfig;
   skipInitialization?: boolean;
-}): hono0.Hono<hono_types0.BlankEnv, hono_types0.BlankSchema, "/">;
+}): hono0.Hono<hono_types1.BlankEnv, hono_types1.BlankSchema, "/">;
 //#endregion
 export { type SSOProviderConfig, type UserAuthConfig, createAgentsApp, createAgentsAuth, createAgentsHono, createAuth0Provider, createOIDCProvider, initializeDefaultUser };

package/dist/index.d.ts

@@ -8,7 +8,7 @@ import { createAuth0Provider, createOIDCProvider } from "./ssoHelpers.js";
 import { SSOProviderConfig, UserAuthConfig, createAgentsApp } from "./factory.js";
 import { Hono } from "hono";
 import * as zod205 from "zod";
-import * as hono_types5 from "hono/types";
+import * as hono_types3 from "hono/types";
 import * as better_auth78 from "better-auth";
 import * as better_auth_plugins69 from "better-auth/plugins";
 import * as _better_auth_sso10 from "@better-auth/sso";
@@ -796,25 +796,25 @@ declare const auth: better_auth78.Auth<{
       ac: better_auth_plugins69.AccessControl;
       roles: {
         member: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key] | {
-            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key] | {
+            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
-          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>;
+          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>;
         };
         admin: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key] | {
-            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key] | {
+            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
-          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>;
+          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>;
         };
         owner: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key] | {
-            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key] | {
+            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
-          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>;
+          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>;
         };
       };
       membershipLimit: number;
@@ -1105,25 +1105,25 @@ declare const auth: better_auth78.Auth<{
       ac: better_auth_plugins69.AccessControl;
       roles: {
         member: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key] | {
-            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key] | {
+            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
-          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>;
+          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>;
         };
         admin: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key] | {
-            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key] | {
+            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
-          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>;
+          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>;
         };
         owner: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key] | {
-            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key] | {
+            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
-          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>;
+          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>;
         };
       };
       membershipLimit: number;
@@ -1531,6 +1531,6 @@ declare const auth: better_auth78.Auth<{
     }>;
   }];
 }> | null;
-declare const app: Hono<hono_types5.BlankEnv, hono_types5.BlankSchema, "/">;
+declare const app: Hono<hono_types3.BlankEnv, hono_types3.BlankSchema, "/">;
 //#endregion
 export { type AppConfig, type AppVariables, Hono, type NativeSandboxConfig, type SSOProviderConfig, type SandboxConfig, type UserAuthConfig, type VercelSandboxConfig, auth, createAgentsApp, createAgentsHono, createAuth0Provider, createOIDCProvider, app as default, initializeDefaultUser };

package/dist/initialization.js

@@ -1,7 +1,7 @@
 import { getLogger as getLogger$1 } from "./logger.js";
 import { env } from "./env.js";
 import runDbClient_default from "./data/db/runDbClient.js";
-import { OrgRoles, addUserToOrganization, getUserByEmail, upsertOrganization } from "@inkeep/agents-core";
+import { OrgRoles, addUserToOrganization, getUserByEmail, syncOrgMemberToSpiceDb, upsertOrganization } from "@inkeep/agents-core";
 
 //#region src/initialization.ts
 const logger = getLogger$1("initialization");
@@ -47,6 +47,13 @@ async function initializeDefaultUser(authInstance) {
 			organizationId: orgId,
 			role: OrgRoles.ADMIN
 		});
+		await syncOrgMemberToSpiceDb({
+			tenantId: orgId,
+			userId: user.id,
+			role: OrgRoles.ADMIN,
+			action: "add"
+		});
+		console.log(`🔐 SpiceDB: Synced member ${user.email} as ${OrgRoles.ADMIN} to org ${orgId}`);
 		logger.info({
 			organizationId: orgId,
 			organizationSlug: env.TENANT_ID,

package/dist/middleware/evalsAuth.d.ts

@@ -1,4 +1,4 @@
-import * as hono16 from "hono";
+import * as hono0 from "hono";
 import { BaseExecutionContext } from "@inkeep/agents-core";
 
 //#region src/middleware/evalsAuth.d.ts
@@ -7,7 +7,7 @@ import { BaseExecutionContext } from "@inkeep/agents-core";
  * Middleware to authenticate API requests using Bearer token authentication
  * First checks if token matches INKEEP_AGENTS_EVAL_API_BYPASS_SECRET,
  */
-declare const evalApiKeyAuth: () => hono16.MiddlewareHandler<{
+declare const evalApiKeyAuth: () => hono0.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };

package/dist/middleware/manageAuth.d.ts

@@ -1,4 +1,4 @@
-import * as hono17 from "hono";
+import * as hono1 from "hono";
 import { BaseExecutionContext } from "@inkeep/agents-core";
 import { createAuth } from "@inkeep/agents-core/auth";
 
@@ -12,7 +12,7 @@ import { createAuth } from "@inkeep/agents-core/auth";
  * 3. Database API key
  * 4. Internal service token
  */
-declare const manageApiKeyAuth: () => hono17.MiddlewareHandler<{
+declare const manageApiKeyAuth: () => hono1.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
     userId?: string;

package/dist/middleware/projectAccess.d.ts

@@ -1,5 +1,5 @@
 import { ManageAppVariables } from "../types/app.js";
-import * as hono18 from "hono";
+import * as hono2 from "hono";
 import { ProjectPermissionLevel } from "@inkeep/agents-core";
 
 //#region src/middleware/projectAccess.d.ts
@@ -19,6 +19,6 @@ declare const requireProjectPermission: <Env$1 extends {
   Variables: ManageAppVariables;
 } = {
   Variables: ManageAppVariables;
-}>(permission?: ProjectPermissionLevel) => hono18.MiddlewareHandler<Env$1, string, {}, Response>;
+}>(permission?: ProjectPermissionLevel) => hono2.MiddlewareHandler<Env$1, string, {}, Response>;
 //#endregion
 export { requireProjectPermission };

package/dist/middleware/projectConfig.d.ts

@@ -1,11 +1,11 @@
-import * as hono0 from "hono";
+import * as hono3 from "hono";
 import { BaseExecutionContext, ResolvedRef } from "@inkeep/agents-core";
 
 //#region src/middleware/projectConfig.d.ts
 /**
  * Middleware that fetches the full project definition from the Management API
  */
-declare const projectConfigMiddleware: hono0.MiddlewareHandler<{
+declare const projectConfigMiddleware: hono3.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
     resolvedRef: ResolvedRef;
@@ -15,7 +15,7 @@ declare const projectConfigMiddleware: hono0.MiddlewareHandler<{
  * Creates a middleware that applies project config fetching except for specified route patterns
  * @param skipRouteCheck - Function that returns true if the route should skip the middleware
  */
-declare const projectConfigMiddlewareExcept: (skipRouteCheck: (path: string) => boolean) => hono0.MiddlewareHandler<{
+declare const projectConfigMiddlewareExcept: (skipRouteCheck: (path: string) => boolean) => hono3.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
     resolvedRef: ResolvedRef;

package/dist/middleware/requirePermission.d.ts

@@ -1,5 +1,5 @@
 import { ManageAppVariables } from "../types/app.js";
-import * as hono15 from "hono";
+import * as hono5 from "hono";
 
 //#region src/middleware/requirePermission.d.ts
 type Permission = {
@@ -9,6 +9,6 @@ declare const requirePermission: <Env$1 extends {
   Variables: ManageAppVariables;
 } = {
   Variables: ManageAppVariables;
-}>(permissions: Permission) => hono15.MiddlewareHandler<Env$1, string, {}, Response>;
+}>(permissions: Permission) => hono5.MiddlewareHandler<Env$1, string, {}, Response>;
 //#endregion
 export { requirePermission };

package/dist/middleware/runAuth.d.ts

@@ -1,8 +1,8 @@
-import * as hono4 from "hono";
+import * as hono8 from "hono";
 import { BaseExecutionContext } from "@inkeep/agents-core";
 
 //#region src/middleware/runAuth.d.ts
-declare const runApiKeyAuth: () => hono4.MiddlewareHandler<{
+declare const runApiKeyAuth: () => hono8.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };
@@ -11,7 +11,7 @@ declare const runApiKeyAuth: () => hono4.MiddlewareHandler<{
  * Creates a middleware that applies API key authentication except for specified route patterns
  * @param skipRouteCheck - Function that returns true if the route should skip authentication
  */
-declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) => hono4.MiddlewareHandler<{
+declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) => hono8.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };
@@ -20,7 +20,7 @@ declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) =
  * Helper middleware for endpoints that optionally support API key authentication
  * If no auth header is present, it continues without setting the executionContext
  */
-declare const runOptionalAuth: () => hono4.MiddlewareHandler<{
+declare const runOptionalAuth: () => hono8.MiddlewareHandler<{
   Variables: {
     executionContext?: BaseExecutionContext;
   };

package/dist/middleware/sessionAuth.d.ts

@@ -1,4 +1,4 @@
-import * as hono7 from "hono";
+import * as hono6 from "hono";
 
 //#region src/middleware/sessionAuth.d.ts
 
@@ -7,11 +7,11 @@ import * as hono7 from "hono";
  * Requires that a user has already been authenticated via Better Auth session.
  * Used primarily for manage routes that require an active user session.
  */
-declare const sessionAuth: () => hono7.MiddlewareHandler<any, string, {}, Response>;
+declare const sessionAuth: () => hono6.MiddlewareHandler<any, string, {}, Response>;
 /**
  * Global session middleware - sets user and session in context for all routes
  * Used for all routes that require an active user session.
  */
-declare const sessionContext: () => hono7.MiddlewareHandler<any, string, {}, Response>;
+declare const sessionContext: () => hono6.MiddlewareHandler<any, string, {}, Response>;
 //#endregion
 export { sessionAuth, sessionContext };

package/dist/middleware/tenantAccess.d.ts

@@ -1,4 +1,4 @@
-import * as hono13 from "hono";
+import * as hono11 from "hono";
 
 //#region src/middleware/tenantAccess.d.ts
 
@@ -11,7 +11,7 @@ import * as hono13 from "hono";
  * - API key user: Access only to the tenant associated with the API key
  * - Session user: Access based on organization membership
  */
-declare const requireTenantAccess: () => hono13.MiddlewareHandler<{
+declare const requireTenantAccess: () => hono11.MiddlewareHandler<{
   Variables: {
     userId: string;
     tenantId: string;

package/dist/middleware/tracing.d.ts

@@ -1,7 +1,7 @@
-import * as hono9 from "hono";
+import * as hono12 from "hono";
 
 //#region src/middleware/tracing.d.ts
-declare const otelBaggageMiddleware: () => hono9.MiddlewareHandler<any, string, {}, Response>;
-declare const executionBaggageMiddleware: () => hono9.MiddlewareHandler<any, string, {}, Response>;
+declare const otelBaggageMiddleware: () => hono12.MiddlewareHandler<any, string, {}, Response>;
+declare const executionBaggageMiddleware: () => hono12.MiddlewareHandler<any, string, {}, Response>;
 //#endregion
 export { executionBaggageMiddleware, otelBaggageMiddleware };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inkeep/agents-api",
-  "version": "0.0.0-dev-20260124111014",
+  "version": "0.0.0-dev-20260125001234",
   "description": "Unified Inkeep Agents API - combines management, runtime, and evaluation capabilities",
   "types": "dist/index.d.ts",
   "exports": {
@@ -71,8 +71,8 @@
     "openid-client": "^6.8.1",
     "pg": "^8.16.3",
     "workflow": "4.0.1-beta.33",
-    "@inkeep/agents-core": "^0.0.0-dev-20260124111014",
-    "@inkeep/agents-manage-mcp": "^0.0.0-dev-20260124111014"
+    "@inkeep/agents-core": "^0.0.0-dev-20260125001234",
+    "@inkeep/agents-manage-mcp": "^0.0.0-dev-20260125001234"
   },
   "peerDependencies": {
     "@hono/zod-openapi": "^1.1.5",