@inkeep/agents-api 0.0.0-dev-20260129102848 → 0.0.0-dev-20260129163144

package/dist/factory.d.ts

@@ -1,10 +1,9 @@
 import { SandboxConfig } from "./types/app.js";
 import "./types/index.js";
 import { createAgentsHono } from "./createApp.js";
-import { initializeDefaultUser } from "./initialization.js";
 import { createAuth0Provider, createOIDCProvider } from "./ssoHelpers.js";
-import * as hono0 from "hono";
 import { CredentialStore, ServerConfig } from "@inkeep/agents-core";
+import * as hono0 from "hono";
 import * as zod0 from "zod";
 import { SSOProviderConfig, UserAuthConfig } from "@inkeep/agents-core/auth";
 import * as hono_types0 from "hono/types";
@@ -122,11 +121,11 @@ declare function createAgentsAuth(userAuthConfig?: UserAuthConfig): better_auth0
     useSecureCookies?: boolean | undefined;
     disableCSRFCheck?: boolean | undefined;
     disableOriginCheck?: boolean | undefined;
-    crossSubDomainCookies: {
+    crossSubDomainCookies?: {
       enabled: boolean;
       additionalCookies?: string[];
       domain?: string;
-    };
+    } | undefined;
     cookies?: {
       [key: string]: {
         name?: string;
@@ -795,27 +794,28 @@ declare function createAgentsAuth(userAuthConfig?: UserAuthConfig): better_auth0
       ac: better_auth_plugins0.AccessControl;
       roles: {
         member: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "project" | "organization" | "member" | "invitation" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>;
         };
         admin: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "project" | "organization" | "member" | "invitation" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>;
         };
         owner: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "project" | "organization" | "member" | "invitation" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>;
         };
       };
+      creatorRole: "admin";
       membershipLimit: number;
       invitationLimit: number;
       invitationExpiresIn: number;
@@ -987,7 +987,7 @@ declare function createAgentsAuth(userAuthConfig?: UserAuthConfig): better_auth0
         id: string;
         organizationId: string;
         email: string;
-        role: "member" | "admin" | "owner";
+        role: "owner" | "admin" | "member";
         status: better_auth_plugins0.InvitationStatus;
         inviterId: string;
         expiresAt: Date;
@@ -996,7 +996,7 @@ declare function createAgentsAuth(userAuthConfig?: UserAuthConfig): better_auth0
       Member: {
         id: string;
         organizationId: string;
-        role: "member" | "admin" | "owner";
+        role: "owner" | "admin" | "member";
         createdAt: Date;
         userId: string;
         user: {
@@ -1012,7 +1012,7 @@ declare function createAgentsAuth(userAuthConfig?: UserAuthConfig): better_auth0
         members: {
           id: string;
           organizationId: string;
-          role: "member" | "admin" | "owner";
+          role: "owner" | "admin" | "member";
           createdAt: Date;
           userId: string;
           user: {
@@ -1026,7 +1026,7 @@ declare function createAgentsAuth(userAuthConfig?: UserAuthConfig): better_auth0
           id: string;
           organizationId: string;
           email: string;
-          role: "member" | "admin" | "owner";
+          role: "owner" | "admin" | "member";
           status: better_auth_plugins0.InvitationStatus;
           inviterId: string;
           expiresAt: Date;
@@ -1104,27 +1104,28 @@ declare function createAgentsAuth(userAuthConfig?: UserAuthConfig): better_auth0
       ac: better_auth_plugins0.AccessControl;
       roles: {
         member: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "project" | "organization" | "member" | "invitation" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>;
         };
         admin: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "project" | "organization" | "member" | "invitation" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>;
         };
         owner: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "project" | "organization" | "member" | "invitation" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>;
         };
       };
+      creatorRole: "admin";
       membershipLimit: number;
       invitationLimit: number;
       invitationExpiresIn: number;
@@ -1529,13 +1530,12 @@ declare function createAgentsAuth(userAuthConfig?: UserAuthConfig): better_auth0
       verificationUri?: string | undefined;
     }>;
   }];
-}> | null;
+}>;
 declare function createAgentsApp(config?: {
   serverConfig?: ServerConfig;
   credentialStores?: CredentialStore[];
   auth?: UserAuthConfig;
   sandboxConfig?: SandboxConfig;
-  skipInitialization?: boolean;
 }): hono0.Hono<hono_types0.BlankEnv, hono_types0.BlankSchema, "/">;
 //#endregion
-export { type SSOProviderConfig, type UserAuthConfig, createAgentsApp, createAgentsAuth, createAgentsHono, createAuth0Provider, createOIDCProvider, initializeDefaultUser };
+export { type SSOProviderConfig, type UserAuthConfig, createAgentsApp, createAgentsAuth, createAgentsHono, createAuth0Provider, createOIDCProvider };

package/dist/factory.js

@@ -1,7 +1,6 @@
 import { env } from "./env.js";
 import runDbClient_default from "./data/db/runDbClient.js";
 import { createAgentsHono } from "./createApp.js";
-import { initializeDefaultUser } from "./initialization.js";
 import { createAuth0Provider, createOIDCProvider } from "./ssoHelpers.js";
 import { CredentialStoreRegistry, createDefaultCredentialStores } from "@inkeep/agents-core";
 import { createAuth } from "@inkeep/agents-core/auth";
@@ -16,7 +15,6 @@ const defaultConfig = {
 	}
 };
 function createAgentsAuth(userAuthConfig) {
-	if (env.DISABLE_AUTH) return null;
 	return createAuth({
 		baseURL: env.INKEEP_AGENTS_API_URL || `http://localhost:3002`,
 		secret: env.BETTER_AUTH_SECRET || "development-secret-change-in-production",
@@ -26,17 +24,13 @@ function createAgentsAuth(userAuthConfig) {
 	});
 }
 function createAgentsApp(config) {
-	const serverConfig = config?.serverConfig ?? defaultConfig;
-	const registry = new CredentialStoreRegistry(config?.credentialStores ?? createDefaultCredentialStores());
-	const auth$1 = createAgentsAuth(config?.auth);
-	if (!config?.skipInitialization && env.ENVIRONMENT !== "test") initializeDefaultUser(auth$1);
 	return createAgentsHono({
-		serverConfig,
-		credentialStores: registry,
-		auth: auth$1,
+		serverConfig: config?.serverConfig ?? defaultConfig,
+		credentialStores: new CredentialStoreRegistry(config?.credentialStores ?? createDefaultCredentialStores()),
+		auth: createAgentsAuth(config?.auth),
 		sandboxConfig: config?.sandboxConfig
 	});
 }
 
 //#endregion
-export { createAgentsApp, createAgentsAuth, createAgentsHono, createAuth0Provider, createOIDCProvider, initializeDefaultUser };
+export { createAgentsApp, createAgentsAuth, createAgentsHono, createAuth0Provider, createOIDCProvider };

package/dist/index.d.ts

@@ -3,12 +3,11 @@ import "./types/index.js";
 import { createAgentsHono } from "./createApp.js";
 import { NativeSandboxConfig, SandboxConfig, VercelSandboxConfig } from "./domains/run/types/executionContext.js";
 import "./env.js";
-import { initializeDefaultUser } from "./initialization.js";
 import { createAuth0Provider, createOIDCProvider } from "./ssoHelpers.js";
 import { SSOProviderConfig, UserAuthConfig, createAgentsApp } from "./factory.js";
 import { Hono } from "hono";
 import * as zod205 from "zod";
-import * as hono_types10 from "hono/types";
+import * as hono_types16 from "hono/types";
 import * as better_auth78 from "better-auth";
 import * as better_auth_plugins69 from "better-auth/plugins";
 import * as _better_auth_sso10 from "@better-auth/sso";
@@ -123,11 +122,11 @@ declare const auth: better_auth78.Auth<{
     useSecureCookies?: boolean | undefined;
     disableCSRFCheck?: boolean | undefined;
     disableOriginCheck?: boolean | undefined;
-    crossSubDomainCookies: {
+    crossSubDomainCookies?: {
       enabled: boolean;
       additionalCookies?: string[];
       domain?: string;
-    };
+    } | undefined;
     cookies?: {
       [key: string]: {
         name?: string;
@@ -796,27 +795,28 @@ declare const auth: better_auth78.Auth<{
       ac: better_auth_plugins69.AccessControl;
       roles: {
         member: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key] | {
-            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key];
+          authorize<K_1 extends "project" | "organization" | "member" | "invitation" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins69.Statements>[key] | {
+            actions: better_auth_plugins69.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins69.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
-          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>;
+          statements: better_auth_plugins69.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins69.Statements>;
         };
         admin: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key] | {
-            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key];
+          authorize<K_1 extends "project" | "organization" | "member" | "invitation" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins69.Statements>[key] | {
+            actions: better_auth_plugins69.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins69.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
-          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>;
+          statements: better_auth_plugins69.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins69.Statements>;
         };
         owner: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key] | {
-            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key];
+          authorize<K_1 extends "project" | "organization" | "member" | "invitation" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins69.Statements>[key] | {
+            actions: better_auth_plugins69.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins69.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
-          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>;
+          statements: better_auth_plugins69.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins69.Statements>;
         };
       };
+      creatorRole: "admin";
       membershipLimit: number;
       invitationLimit: number;
       invitationExpiresIn: number;
@@ -988,7 +988,7 @@ declare const auth: better_auth78.Auth<{
         id: string;
         organizationId: string;
         email: string;
-        role: "member" | "admin" | "owner";
+        role: "owner" | "admin" | "member";
         status: better_auth_plugins69.InvitationStatus;
         inviterId: string;
         expiresAt: Date;
@@ -997,7 +997,7 @@ declare const auth: better_auth78.Auth<{
       Member: {
         id: string;
         organizationId: string;
-        role: "member" | "admin" | "owner";
+        role: "owner" | "admin" | "member";
         createdAt: Date;
         userId: string;
         user: {
@@ -1013,7 +1013,7 @@ declare const auth: better_auth78.Auth<{
         members: {
           id: string;
           organizationId: string;
-          role: "member" | "admin" | "owner";
+          role: "owner" | "admin" | "member";
           createdAt: Date;
           userId: string;
           user: {
@@ -1027,7 +1027,7 @@ declare const auth: better_auth78.Auth<{
           id: string;
           organizationId: string;
           email: string;
-          role: "member" | "admin" | "owner";
+          role: "owner" | "admin" | "member";
           status: better_auth_plugins69.InvitationStatus;
           inviterId: string;
           expiresAt: Date;
@@ -1105,27 +1105,28 @@ declare const auth: better_auth78.Auth<{
       ac: better_auth_plugins69.AccessControl;
       roles: {
         member: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key] | {
-            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key];
+          authorize<K_1 extends "project" | "organization" | "member" | "invitation" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins69.Statements>[key] | {
+            actions: better_auth_plugins69.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins69.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
-          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>;
+          statements: better_auth_plugins69.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins69.Statements>;
         };
         admin: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key] | {
-            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key];
+          authorize<K_1 extends "project" | "organization" | "member" | "invitation" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins69.Statements>[key] | {
+            actions: better_auth_plugins69.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins69.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
-          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>;
+          statements: better_auth_plugins69.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins69.Statements>;
         };
         owner: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key] | {
-            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key];
+          authorize<K_1 extends "project" | "organization" | "member" | "invitation" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins69.Statements>[key] | {
+            actions: better_auth_plugins69.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins69.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
-          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>;
+          statements: better_auth_plugins69.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins69.Statements>;
         };
       };
+      creatorRole: "admin";
       membershipLimit: number;
       invitationLimit: number;
       invitationExpiresIn: number;
@@ -1530,7 +1531,7 @@ declare const auth: better_auth78.Auth<{
       verificationUri?: string | undefined;
     }>;
   }];
-}> | null;
-declare const app: Hono<hono_types10.BlankEnv, hono_types10.BlankSchema, "/">;
+}>;
+declare const app: Hono<hono_types16.BlankEnv, hono_types16.BlankSchema, "/">;
 //#endregion
-export { type AppConfig, type AppVariables, Hono, type NativeSandboxConfig, type SSOProviderConfig, type SandboxConfig, type UserAuthConfig, type VercelSandboxConfig, auth, createAgentsApp, createAgentsHono, createAuth0Provider, createOIDCProvider, app as default, initializeDefaultUser };
+export { type AppConfig, type AppVariables, Hono, type NativeSandboxConfig, type SSOProviderConfig, type SandboxConfig, type UserAuthConfig, type VercelSandboxConfig, auth, createAgentsApp, createAgentsHono, createAuth0Provider, createOIDCProvider, app as default };

package/dist/index.js

@@ -1,11 +1,10 @@
-import { env } from "./env.js";
+import "./env.js";
 import { defaultSDK } from "./instrumentation.js";
 import { createAgentsHono } from "./createApp.js";
-import { initializeDefaultUser } from "./initialization.js";
 import { createAuth0Provider, createOIDCProvider } from "./ssoHelpers.js";
 import { createAgentsApp, createAgentsAuth } from "./factory.js";
-import { Hono } from "hono";
 import { CredentialStoreRegistry, createDefaultCredentialStores } from "@inkeep/agents-core";
+import { Hono } from "hono";
 
 //#region src/index.ts
 defaultSDK.start();
@@ -52,8 +51,7 @@ const app = createAgentsHono({
 	auth,
 	sandboxConfig
 });
-if (env.ENVIRONMENT === "development") initializeDefaultUser(auth);
 var src_default = app;
 
 //#endregion
-export { Hono, auth, createAgentsApp, createAgentsHono, createAuth0Provider, createOIDCProvider, src_default as default, initializeDefaultUser };
+export { Hono, auth, createAgentsApp, createAgentsHono, createAuth0Provider, createOIDCProvider, src_default as default };

package/dist/middleware/branchScopedDb.d.ts

@@ -1,5 +1,5 @@
-import { Context, Next } from "hono";
 import { AgentsManageDatabaseClient } from "@inkeep/agents-core";
+import { Context, Next } from "hono";
 import { Pool } from "pg";
 
 //#region src/middleware/branchScopedDb.d.ts

package/dist/middleware/evalsAuth.d.ts

@@ -1,5 +1,5 @@
-import * as hono2 from "hono";
 import { BaseExecutionContext } from "@inkeep/agents-core";
+import * as hono18 from "hono";
 
 //#region src/middleware/evalsAuth.d.ts
 
@@ -7,7 +7,7 @@ import { BaseExecutionContext } from "@inkeep/agents-core";
  * Middleware to authenticate API requests using Bearer token authentication
  * First checks if token matches INKEEP_AGENTS_EVAL_API_BYPASS_SECRET,
  */
-declare const evalApiKeyAuth: () => hono2.MiddlewareHandler<{
+declare const evalApiKeyAuth: () => hono18.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };

package/dist/middleware/manageAuth.d.ts

@@ -1,5 +1,5 @@
-import * as hono12 from "hono";
 import { BaseExecutionContext } from "@inkeep/agents-core";
+import * as hono3 from "hono";
 import { createAuth } from "@inkeep/agents-core/auth";
 
 //#region src/middleware/manageAuth.d.ts
@@ -12,7 +12,7 @@ import { createAuth } from "@inkeep/agents-core/auth";
  * 3. Database API key
  * 4. Internal service token
  */
-declare const manageApiKeyAuth: () => hono12.MiddlewareHandler<{
+declare const manageApiKeyAuth: () => hono3.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
     userId?: string;

package/dist/middleware/projectAccess.d.ts

@@ -1,24 +1,15 @@
 import { ManageAppVariables } from "../types/app.js";
-import * as hono14 from "hono";
 import { ProjectPermissionLevel } from "@inkeep/agents-core";
+import * as hono9 from "hono";
 
 //#region src/middleware/projectAccess.d.ts
-
 /**
  * Middleware to check project-level access.
- *
- * When ENABLE_AUTHZ is false:
- * - 'view' permission: all org members can view
- * - 'edit': only org owner/admin
- *
- * When ENABLE_AUTHZ is true:
- * - Uses SpiceDB to check permissions
- * - Org owner/admin bypass (handled in canViewProject etc.)
  */
 declare const requireProjectPermission: <Env$1 extends {
   Variables: ManageAppVariables;
 } = {
   Variables: ManageAppVariables;
-}>(permission?: ProjectPermissionLevel) => hono14.MiddlewareHandler<Env$1, string, {}, Response>;
+}>(permission?: ProjectPermissionLevel) => hono9.MiddlewareHandler<Env$1, string, {}, Response>;
 //#endregion
 export { requireProjectPermission };

package/dist/middleware/projectAccess.js

@@ -1,23 +1,13 @@
-import { env } from "../env.js";
-import { canEditProject, canUseProject, canViewProject, createApiError, isAuthzEnabled } from "@inkeep/agents-core";
+import { canEditProject, canUseProject, canViewProject, createApiError } from "@inkeep/agents-core";
 import { createMiddleware } from "hono/factory";
 import { HTTPException } from "hono/http-exception";
 
 //#region src/middleware/projectAccess.ts
 /**
 * Middleware to check project-level access.
-*
-* When ENABLE_AUTHZ is false:
-* - 'view' permission: all org members can view
-* - 'edit': only org owner/admin
-*
-* When ENABLE_AUTHZ is true:
-* - Uses SpiceDB to check permissions
-* - Org owner/admin bypass (handled in canViewProject etc.)
 */
 const requireProjectPermission = (permission = "view") => createMiddleware(async (c, next) => {
-	const isTestEnvironment = process.env.ENVIRONMENT === "test";
-	if (env.DISABLE_AUTH || isTestEnvironment) {
+	if (process.env.ENVIRONMENT === "test") {
 		await next();
 		return;
 	}
@@ -64,27 +54,11 @@ const requireProjectPermission = (permission = "view") => createMiddleware(async
 				});
 				break;
 		}
-		if (!hasAccess) {
-			if (isAuthzEnabled()) throw createApiError({
-				code: "not_found",
-				message: "Project not found",
-				instance: c.req.path
-			});
-			throw createApiError({
-				code: "forbidden",
-				message: `Permission denied. Required: project:${permission}`,
-				instance: c.req.path,
-				extensions: {
-					requiredPermissions: [`project:${permission}`],
-					context: {
-						userId,
-						organizationId: tenantId,
-						projectId,
-						currentRole: tenantRole
-					}
-				}
-			});
-		}
+		if (!hasAccess) throw createApiError({
+			code: "not_found",
+			message: "Project not found",
+			instance: c.req.path
+		});
 		await next();
 	} catch (error) {
 		if (error instanceof HTTPException) throw error;

package/dist/middleware/projectConfig.d.ts

@@ -1,11 +1,11 @@
-import * as hono10 from "hono";
 import { BaseExecutionContext, ResolvedRef } from "@inkeep/agents-core";
+import * as hono14 from "hono";
 
 //#region src/middleware/projectConfig.d.ts
 /**
  * Middleware that fetches the full project definition from the Management API
  */
-declare const projectConfigMiddleware: hono10.MiddlewareHandler<{
+declare const projectConfigMiddleware: hono14.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
     resolvedRef: ResolvedRef;
@@ -15,7 +15,7 @@ declare const projectConfigMiddleware: hono10.MiddlewareHandler<{
  * Creates a middleware that applies project config fetching except for specified route patterns
  * @param skipRouteCheck - Function that returns true if the route should skip the middleware
  */
-declare const projectConfigMiddlewareExcept: (skipRouteCheck: (path: string) => boolean) => hono10.MiddlewareHandler<{
+declare const projectConfigMiddlewareExcept: (skipRouteCheck: (path: string) => boolean) => hono14.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
     resolvedRef: ResolvedRef;

package/dist/middleware/ref.d.ts

@@ -1,5 +1,5 @@
-import { Context, Next } from "hono";
 import { AgentsManageDatabaseClient, ResolvedRef } from "@inkeep/agents-core";
+import { Context, Next } from "hono";
 
 //#region src/middleware/ref.d.ts
 type RefContext = {

package/dist/middleware/requirePermission.d.ts

@@ -1,5 +1,5 @@
 import { ManageAppVariables } from "../types/app.js";
-import * as hono13 from "hono";
+import * as hono16 from "hono";
 
 //#region src/middleware/requirePermission.d.ts
 type Permission = {
@@ -9,6 +9,6 @@ declare const requirePermission: <Env$1 extends {
   Variables: ManageAppVariables;
 } = {
   Variables: ManageAppVariables;
-}>(permissions: Permission) => hono13.MiddlewareHandler<Env$1, string, {}, Response>;
+}>(permissions: Permission) => hono16.MiddlewareHandler<Env$1, string, {}, Response>;
 //#endregion
 export { requirePermission };

package/dist/middleware/requirePermission.js

@@ -1,4 +1,3 @@
-import { env } from "../env.js";
 import { createApiError } from "@inkeep/agents-core";
 import { createMiddleware } from "hono/factory";
 import { HTTPException } from "hono/http-exception";
@@ -15,7 +14,7 @@ function formatPermissionsForDisplay(permissions) {
 const requirePermission = (permissions) => createMiddleware(async (c, next) => {
 	const isTestEnvironment = process.env.ENVIRONMENT === "test";
 	const auth = c.get("auth");
-	if (env.DISABLE_AUTH || isTestEnvironment || !auth) {
+	if (isTestEnvironment || !auth) {
 		await next();
 		return;
 	}

package/dist/middleware/runAuth.d.ts

@@ -1,8 +1,8 @@
-import * as hono16 from "hono";
 import { BaseExecutionContext } from "@inkeep/agents-core";
+import * as hono0 from "hono";
 
 //#region src/middleware/runAuth.d.ts
-declare const runApiKeyAuth: () => hono16.MiddlewareHandler<{
+declare const runApiKeyAuth: () => hono0.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };
@@ -11,7 +11,7 @@ declare const runApiKeyAuth: () => hono16.MiddlewareHandler<{
  * Creates a middleware that applies API key authentication except for specified route patterns
  * @param skipRouteCheck - Function that returns true if the route should skip authentication
  */
-declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) => hono16.MiddlewareHandler<{
+declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) => hono0.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };
@@ -20,7 +20,7 @@ declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) =
  * Helper middleware for endpoints that optionally support API key authentication
  * If no auth header is present, it continues without setting the executionContext
  */
-declare const runOptionalAuth: () => hono16.MiddlewareHandler<{
+declare const runOptionalAuth: () => hono0.MiddlewareHandler<{
   Variables: {
     executionContext?: BaseExecutionContext;
   };

package/dist/middleware/sessionAuth.d.ts

@@ -1,4 +1,4 @@
-import * as hono0 from "hono";
+import * as hono4 from "hono";
 
 //#region src/middleware/sessionAuth.d.ts
 
@@ -7,11 +7,11 @@ import * as hono0 from "hono";
  * Requires that a user has already been authenticated via Better Auth session.
  * Used primarily for manage routes that require an active user session.
  */
-declare const sessionAuth: () => hono0.MiddlewareHandler<any, string, {}, Response>;
+declare const sessionAuth: () => hono4.MiddlewareHandler<any, string, {}, Response>;
 /**
  * Global session middleware - sets user and session in context for all routes
  * Used for all routes that require an active user session.
  */
-declare const sessionContext: () => hono0.MiddlewareHandler<any, string, {}, Response>;
+declare const sessionContext: () => hono4.MiddlewareHandler<any, string, {}, Response>;
 //#endregion
 export { sessionAuth, sessionContext };