@inkeep/agents-api 0.0.0-dev-20260202060901 → 0.0.0-dev-20260203023016

package/dist/domains/manage/routes/mcpToolGithubAccess.d.ts

@@ -0,0 +1,9 @@
+import { ManageAppVariables } from "../../../types/app.js";
+import { OpenAPIHono } from "@hono/zod-openapi";
+
+//#region src/domains/manage/routes/mcpToolGithubAccess.d.ts
+declare const app: OpenAPIHono<{
+  Variables: ManageAppVariables;
+}, {}, "/">;
+//#endregion
+export { app as default };

package/dist/domains/manage/routes/mcpToolGithubAccess.js

@@ -0,0 +1,205 @@
+import { getLogger as getLogger$1 } from "../../../logger.js";
+import runDbClient_default from "../../../data/db/runDbClient.js";
+import { requireProjectPermission } from "../../../middleware/projectAccess.js";
+import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { TenantProjectParamsSchema, WorkAppGitHubAccessModeSchema, WorkAppGitHubAccessSetRequestSchema, WorkAppGitHubAccessSetResponseSchema, WorkAppGitHubRepositorySelectSchema, commonGetErrorResponses, commonUpdateErrorResponses, createApiError, getMcpToolAccessMode, getMcpToolRepositoryAccessWithDetails, getToolById, setMcpToolAccessMode, setMcpToolRepositoryAccess, validateRepositoryOwnership } from "@inkeep/agents-core";
+
+//#region src/domains/manage/routes/mcpToolGithubAccess.ts
+const logger = getLogger$1("mcp-tool-github-access");
+const app = new OpenAPIHono();
+const TenantProjectToolParamsSchema = TenantProjectParamsSchema.extend({ toolId: z.string().min(1).describe("The tool ID") });
+const McpToolGitHubAccessModeSchema = WorkAppGitHubAccessModeSchema.describe("Access mode: \"all\" means the MCP tool has access to all project repositories, \"selected\" means the tool is scoped to specific repositories");
+const SetGitHubAccessRequestSchema = WorkAppGitHubAccessSetRequestSchema.extend({ mode: McpToolGitHubAccessModeSchema });
+const GetGitHubAccessResponseSchema = z.object({
+	mode: McpToolGitHubAccessModeSchema,
+	repositories: z.array(WorkAppGitHubRepositorySelectSchema.extend({ installationAccountLogin: z.string().describe("The GitHub account login for the installation") })).describe("List of repositories the MCP tool has access to (only populated when mode=\"selected\")")
+});
+const SetGitHubAccessResponseSchema = WorkAppGitHubAccessSetResponseSchema.extend({
+	mode: McpToolGitHubAccessModeSchema,
+	repositoryCount: z.number().describe("Number of repositories the MCP tool now has access to (0 when mode=\"all\")")
+});
+async function validateGitHubWorkappTool(db, tenantId, projectId, toolId) {
+	const tool = await getToolById(db)({
+		scopes: {
+			tenantId,
+			projectId
+		},
+		toolId
+	});
+	if (!tool) throw createApiError({
+		code: "not_found",
+		message: `Tool not found: ${toolId}`
+	});
+	if (!tool.isWorkApp) throw createApiError({
+		code: "bad_request",
+		message: "GitHub access can only be configured for workapp MCP tools"
+	});
+	if (!tool.config.mcp.server.url?.includes("/github")) throw createApiError({
+		code: "bad_request",
+		message: "GitHub access can only be configured for GitHub MCP tools"
+	});
+}
+app.use("/", requireProjectPermission("edit"));
+app.openapi(createRoute({
+	method: "get",
+	path: "/",
+	summary: "Get MCP tool GitHub repository access",
+	operationId: "get-mcp-tool-github-access",
+	tags: ["Tools"],
+	description: "Returns the current GitHub repository access configuration for an MCP tool. If mode is \"all\", the tool has access to all repositories the project can access. If mode is \"selected\", the tool is scoped to specific repositories. ",
+	request: { params: TenantProjectToolParamsSchema },
+	responses: {
+		200: {
+			description: "GitHub access configuration retrieved successfully",
+			content: { "application/json": { schema: GetGitHubAccessResponseSchema } }
+		},
+		...commonGetErrorResponses
+	}
+}), async (c) => {
+	const { tenantId, projectId, toolId } = c.req.valid("param");
+	const db = c.get("db");
+	logger.info({
+		tenantId,
+		projectId,
+		toolId
+	}, "Getting MCP tool GitHub access configuration");
+	await validateGitHubWorkappTool(db, tenantId, projectId, toolId);
+	if (await getMcpToolAccessMode(runDbClient_default)(toolId) === "all") {
+		logger.info({
+			tenantId,
+			projectId,
+			toolId
+		}, "MCP tool has access to all project repositories (mode=all)");
+		return c.json({
+			mode: "all",
+			repositories: []
+		}, 200);
+	}
+	const repositoriesWithDetails = await getMcpToolRepositoryAccessWithDetails(runDbClient_default)(toolId);
+	logger.info({
+		tenantId,
+		projectId,
+		toolId,
+		repositoryCount: repositoriesWithDetails.length
+	}, "Got MCP tool GitHub access configuration (mode=selected)");
+	return c.json({
+		mode: "selected",
+		repositories: repositoriesWithDetails.map((repo) => ({
+			id: repo.id,
+			installationDbId: repo.installationDbId,
+			repositoryId: repo.repositoryId,
+			repositoryName: repo.repositoryName,
+			repositoryFullName: repo.repositoryFullName,
+			private: repo.private,
+			createdAt: repo.createdAt,
+			updatedAt: repo.updatedAt,
+			installationAccountLogin: repo.installationAccountLogin
+		}))
+	}, 200);
+});
+app.openapi(createRoute({
+	method: "put",
+	path: "/",
+	summary: "Set MCP tool GitHub repository access",
+	operationId: "set-mcp-tool-github-access",
+	tags: ["Tools"],
+	description: "Configures which GitHub repositories an MCP tool can access. When mode is \"all\", the tool has access to all repositories the project can access. When mode is \"selected\", the tool is scoped to specific repositories (repositoryIds required). This replaces any existing access configuration. This endpoint only works for GitHub workapp MCP tools (isWorkApp=true and URL contains /github).",
+	request: {
+		params: TenantProjectToolParamsSchema,
+		body: { content: { "application/json": { schema: SetGitHubAccessRequestSchema } } }
+	},
+	responses: {
+		200: {
+			description: "GitHub access configuration updated successfully",
+			content: { "application/json": { schema: SetGitHubAccessResponseSchema } }
+		},
+		...commonUpdateErrorResponses
+	}
+}), async (c) => {
+	const { tenantId, projectId, toolId } = c.req.valid("param");
+	const { mode, repositoryIds } = c.req.valid("json");
+	const db = c.get("db");
+	logger.info({
+		tenantId,
+		projectId,
+		toolId,
+		mode
+	}, "Setting MCP tool GitHub access configuration");
+	await validateGitHubWorkappTool(db, tenantId, projectId, toolId);
+	if (mode === "selected") {
+		if (!repositoryIds || repositoryIds.length === 0) {
+			logger.warn({
+				tenantId,
+				projectId,
+				toolId
+			}, "repositoryIds required when mode is selected");
+			throw createApiError({
+				code: "bad_request",
+				message: "repositoryIds is required when mode is \"selected\""
+			});
+		}
+		const invalidRepoIds = await validateRepositoryOwnership(runDbClient_default)({
+			tenantId,
+			repositoryIds
+		});
+		if (invalidRepoIds.length > 0) {
+			logger.warn({
+				tenantId,
+				projectId,
+				toolId,
+				invalidRepoIds
+			}, "Some repository IDs do not belong to tenant installations");
+			throw createApiError({
+				code: "bad_request",
+				message: `Invalid repository IDs: ${invalidRepoIds.join(", ")}. Repositories must belong to GitHub installations owned by this tenant.`
+			});
+		}
+		await setMcpToolAccessMode(runDbClient_default)({
+			toolId,
+			tenantId,
+			projectId,
+			mode: "selected"
+		});
+		await setMcpToolRepositoryAccess(runDbClient_default)({
+			toolId,
+			tenantId,
+			projectId,
+			repositoryIds
+		});
+		logger.info({
+			tenantId,
+			projectId,
+			toolId,
+			repositoryCount: repositoryIds.length
+		}, "MCP tool GitHub access set to selected repositories");
+		return c.json({
+			mode: "selected",
+			repositoryCount: repositoryIds.length
+		}, 200);
+	}
+	await setMcpToolAccessMode(runDbClient_default)({
+		toolId,
+		tenantId,
+		projectId,
+		mode: "all"
+	});
+	await setMcpToolRepositoryAccess(runDbClient_default)({
+		toolId,
+		tenantId,
+		projectId,
+		repositoryIds: []
+	});
+	logger.info({
+		tenantId,
+		projectId,
+		toolId
+	}, "MCP tool GitHub access set to all project repositories");
+	return c.json({
+		mode: "all",
+		repositoryCount: 0
+	}, 200);
+});
+var mcpToolGithubAccess_default = app;
+
+//#endregion
+export { mcpToolGithubAccess_default as default };

package/dist/domains/manage/routes/projectGithubAccess.d.ts

@@ -0,0 +1,9 @@
+import { ManageAppVariables } from "../../../types/app.js";
+import { OpenAPIHono } from "@hono/zod-openapi";
+
+//#region src/domains/manage/routes/projectGithubAccess.d.ts
+declare const app: OpenAPIHono<{
+  Variables: ManageAppVariables;
+}, {}, "/">;
+//#endregion
+export { app as default };

package/dist/domains/manage/routes/projectGithubAccess.js

@@ -0,0 +1,167 @@
+import { getLogger as getLogger$1 } from "../../../logger.js";
+import runDbClient_default from "../../../data/db/runDbClient.js";
+import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { TenantProjectParamsSchema, WorkAppGitHubAccessGetResponseSchema, WorkAppGitHubAccessModeSchema, WorkAppGitHubAccessSetRequestSchema, WorkAppGitHubAccessSetResponseSchema, commonGetErrorResponses, commonUpdateErrorResponses, createApiError, getProjectAccessMode, getProjectRepositoryAccessWithDetails, setProjectAccessMode, setProjectRepositoryAccess, validateRepositoryOwnership } from "@inkeep/agents-core";
+
+//#region src/domains/manage/routes/projectGithubAccess.ts
+const logger = getLogger$1("project-github-access");
+const app = new OpenAPIHono();
+const ProjectGitHubAccessModeSchema = WorkAppGitHubAccessModeSchema.describe("Access mode: \"all\" means project has access to all tenant repositories, \"selected\" means project is scoped to specific repositories");
+const SetGitHubAccessRequestSchema = WorkAppGitHubAccessSetRequestSchema.extend({ mode: ProjectGitHubAccessModeSchema });
+const GetGitHubAccessResponseSchema = WorkAppGitHubAccessGetResponseSchema.extend({ mode: ProjectGitHubAccessModeSchema }).describe("GitHub access configuration for a project");
+const SetGitHubAccessResponseSchema = WorkAppGitHubAccessSetResponseSchema.extend({
+	mode: ProjectGitHubAccessModeSchema,
+	repositoryCount: z.number().describe("Number of repositories the project now has access to (0 when mode=\"all\")")
+});
+app.openapi(createRoute({
+	method: "get",
+	path: "/",
+	summary: "Get project GitHub repository access",
+	operationId: "get-project-github-access",
+	tags: ["Projects"],
+	description: "Returns the current GitHub repository access configuration for a project. If mode is \"all\", the project has access to all repositories from tenant GitHub installations. If mode is \"selected\", the project is scoped to specific repositories.",
+	request: { params: TenantProjectParamsSchema },
+	responses: {
+		200: {
+			description: "GitHub access configuration retrieved successfully",
+			content: { "application/json": { schema: GetGitHubAccessResponseSchema } }
+		},
+		...commonGetErrorResponses
+	}
+}), async (c) => {
+	const { tenantId, projectId } = c.req.valid("param");
+	logger.info({
+		tenantId,
+		projectId
+	}, "Getting project GitHub access configuration");
+	if (await getProjectAccessMode(runDbClient_default)({
+		tenantId,
+		projectId
+	}) === "all") {
+		logger.info({
+			tenantId,
+			projectId
+		}, "Project has access to all repositories (mode=all)");
+		return c.json({
+			mode: "all",
+			repositories: []
+		}, 200);
+	}
+	const repositoriesWithDetails = await getProjectRepositoryAccessWithDetails(runDbClient_default)({
+		tenantId,
+		projectId
+	});
+	logger.info({
+		tenantId,
+		projectId,
+		repositoryCount: repositoriesWithDetails.length
+	}, "Got project GitHub access configuration (mode=selected)");
+	return c.json({
+		mode: "selected",
+		repositories: repositoriesWithDetails.map((repo) => ({
+			id: repo.id,
+			installationDbId: repo.installationDbId,
+			repositoryId: repo.repositoryId,
+			repositoryName: repo.repositoryName,
+			repositoryFullName: repo.repositoryFullName,
+			private: repo.private,
+			createdAt: repo.createdAt,
+			updatedAt: repo.updatedAt
+		}))
+	}, 200);
+});
+app.openapi(createRoute({
+	method: "put",
+	path: "/",
+	summary: "Set project GitHub repository access",
+	operationId: "set-project-github-access",
+	tags: ["Projects"],
+	description: "Configures which GitHub repositories a project can access. When mode is \"all\", the project has access to all repositories from tenant GitHub installations. When mode is \"selected\", the project is scoped to specific repositories (repositoryIds required). This replaces any existing access configuration.",
+	request: {
+		params: TenantProjectParamsSchema,
+		body: { content: { "application/json": { schema: SetGitHubAccessRequestSchema } } }
+	},
+	responses: {
+		200: {
+			description: "GitHub access configuration updated successfully",
+			content: { "application/json": { schema: SetGitHubAccessResponseSchema } }
+		},
+		...commonUpdateErrorResponses
+	}
+}), async (c) => {
+	const { tenantId, projectId } = c.req.valid("param");
+	const { mode, repositoryIds } = c.req.valid("json");
+	logger.info({
+		tenantId,
+		projectId,
+		mode
+	}, "Setting project GitHub access configuration");
+	if (mode === "selected") {
+		if (!repositoryIds || repositoryIds.length === 0) {
+			logger.warn({
+				tenantId,
+				projectId
+			}, "repositoryIds required when mode is selected");
+			throw createApiError({
+				code: "bad_request",
+				message: "repositoryIds is required when mode is \"selected\""
+			});
+		}
+		const invalidRepoIds = await validateRepositoryOwnership(runDbClient_default)({
+			tenantId,
+			repositoryIds
+		});
+		if (invalidRepoIds.length > 0) {
+			logger.warn({
+				tenantId,
+				projectId,
+				invalidRepoIds
+			}, "Some repository IDs do not belong to tenant installations");
+			throw createApiError({
+				code: "bad_request",
+				message: `Invalid repository IDs: ${invalidRepoIds.join(", ")}. Repositories must belong to GitHub installations owned by this tenant.`
+			});
+		}
+		await setProjectAccessMode(runDbClient_default)({
+			tenantId,
+			projectId,
+			mode: "selected"
+		});
+		await setProjectRepositoryAccess(runDbClient_default)({
+			tenantId,
+			projectId,
+			repositoryIds
+		});
+		logger.info({
+			tenantId,
+			projectId,
+			repositoryCount: repositoryIds.length
+		}, "Project GitHub access set to selected repositories");
+		return c.json({
+			mode: "selected",
+			repositoryCount: repositoryIds.length
+		}, 200);
+	}
+	await setProjectAccessMode(runDbClient_default)({
+		tenantId,
+		projectId,
+		mode: "all"
+	});
+	await setProjectRepositoryAccess(runDbClient_default)({
+		tenantId,
+		projectId,
+		repositoryIds: []
+	});
+	logger.info({
+		tenantId,
+		projectId
+	}, "Project GitHub access set to all repositories");
+	return c.json({
+		mode: "all",
+		repositoryCount: 0
+	}, 200);
+});
+var projectGithubAccess_default = app;
+
+//#endregion
+export { projectGithubAccess_default as default };

package/dist/domains/manage/routes/tools.js

@@ -161,7 +161,8 @@ app.openapi(createRoute({
 		credentialReferenceId: body.credentialReferenceId,
 		credentialScope: body.credentialScope,
 		imageUrl: body.imageUrl,
-		headers: body.headers
+		headers: body.headers,
+		isWorkApp: body.isWorkApp
 	});
 	return c.json({ data: await dbResultToMcpTool(tool, db, credentialStores, void 0, userId) }, 201);
 });
@@ -204,7 +205,8 @@ app.openapi(createRoute({
 			credentialReferenceId: body.credentialReferenceId,
 			credentialScope: body.credentialScope,
 			imageUrl: body.imageUrl,
-			headers: body.headers
+			headers: body.headers,
+			isWorkApp: body.isWorkApp
 		}
 	});
 	if (!updatedTool) throw createApiError({

package/dist/domains/mcp/routes/mcp.d.ts

@@ -1,7 +1,7 @@
 import { Hono } from "hono";
-import * as hono_types16 from "hono/types";
+import * as hono_types9 from "hono/types";
 
 //#region src/domains/mcp/routes/mcp.d.ts
-declare const app: Hono<hono_types16.BlankEnv, hono_types16.BlankSchema, "/">;
+declare const app: Hono<hono_types9.BlankEnv, hono_types9.BlankSchema, "/">;
 //#endregion
 export { app as default };

package/dist/domains/run/agents/Agent.js

@@ -1,4 +1,5 @@
 import { getLogger as getLogger$1 } from "../../../logger.js";
+import { env } from "../../../env.js";
 import manageDbPool_default from "../../../data/db/manageDbPool.js";
 import runDbClient_default from "../../../data/db/runDbClient.js";
 import { AGENT_EXECUTION_MAX_GENERATION_STEPS, FUNCTION_TOOL_EXECUTION_TIMEOUT_MS_DEFAULT, FUNCTION_TOOL_SANDBOX_VCPUS_DEFAULT, LLM_GENERATION_FIRST_CALL_TIMEOUT_MS_NON_STREAMING, LLM_GENERATION_FIRST_CALL_TIMEOUT_MS_STREAMING, LLM_GENERATION_MAX_ALLOWED_TIMEOUT_MS, LLM_GENERATION_SUBSEQUENT_CALL_TIMEOUT_MS } from "../constants/execution-limits/index.js";
@@ -26,7 +27,7 @@ import { SystemPromptBuilder } from "./SystemPromptBuilder.js";
 import { Phase1Config, V1_BREAKDOWN_SCHEMA } from "./versions/v1/Phase1Config.js";
 import { Phase2Config } from "./versions/v1/Phase2Config.js";
 import { z } from "@hono/zod-openapi";
-import { CredentialStuffer, JsonTransformer, MCPServerType, MCPTransportType, McpClient, ModelFactory, TemplateEngine, buildComposioMCPUrl, createMessage, generateId, getFunctionToolsForSubAgent, getLedgerArtifacts, listTaskIdsByContextId, parseEmbeddedJson, withRef } from "@inkeep/agents-core";
+import { CredentialStuffer, JsonTransformer, MCPServerType, MCPTransportType, McpClient, ModelFactory, TemplateEngine, buildComposioMCPUrl, createMessage, generateId, getFunctionToolsForSubAgent, getLedgerArtifacts, isGithubWorkAppTool, listTaskIdsByContextId, parseEmbeddedJson, withRef } from "@inkeep/agents-core";
 import { Output, generateText, streamText, tool } from "ai";
 import { SpanStatusCode, trace } from "@opentelemetry/api";
 
@@ -681,6 +682,11 @@ var Agent = class {
 				headers: agentToolRelationHeaders
 			};
 		}
+		if (isGithubWorkAppTool(tool$1)) serverConfig.headers = {
+			...serverConfig.headers,
+			"x-inkeep-tool-id": tool$1.id,
+			Authorization: `Bearer ${env.GITHUB_MCP_API_KEY}`
+		};
 		if (serverConfig.url) serverConfig.url = buildComposioMCPUrl(serverConfig.url.toString(), this.config.tenantId, this.config.projectId, isUserScoped ? "user" : "project", userId);
 		if (this.config.forwardedHeaders && Object.keys(this.config.forwardedHeaders).length > 0) serverConfig.headers = {
 			...serverConfig.headers,

package/dist/domains/run/constants/execution-limits/defaults.d.ts

@@ -5,7 +5,7 @@
  */
 declare const executionLimitsDefaults: {
   readonly AGENT_EXECUTION_MAX_CONSECUTIVE_ERRORS: 3;
-  readonly AGENT_EXECUTION_MAX_GENERATION_STEPS: 5;
+  readonly AGENT_EXECUTION_MAX_GENERATION_STEPS: 50;
   readonly LLM_GENERATION_FIRST_CALL_TIMEOUT_MS_STREAMING: 270000;
   readonly LLM_GENERATION_FIRST_CALL_TIMEOUT_MS_NON_STREAMING: 90000;
   readonly LLM_GENERATION_SUBSEQUENT_CALL_TIMEOUT_MS: 90000;

package/dist/domains/run/constants/execution-limits/defaults.js

@@ -5,7 +5,7 @@
 */
 const executionLimitsDefaults = {
 	AGENT_EXECUTION_MAX_CONSECUTIVE_ERRORS: 3,
-	AGENT_EXECUTION_MAX_GENERATION_STEPS: 5,
+	AGENT_EXECUTION_MAX_GENERATION_STEPS: 50,
 	LLM_GENERATION_FIRST_CALL_TIMEOUT_MS_STREAMING: 27e4,
 	LLM_GENERATION_FIRST_CALL_TIMEOUT_MS_NON_STREAMING: 9e4,
 	LLM_GENERATION_SUBSEQUENT_CALL_TIMEOUT_MS: 9e4,

package/dist/domains/run/constants/execution-limits/index.d.ts

@@ -1,6 +1,6 @@
 import { executionLimitsDefaults } from "./defaults.js";
 
 //#region src/domains/run/constants/execution-limits/index.d.ts
-declare const AGENT_EXECUTION_MAX_CONSECUTIVE_ERRORS: 3, AGENT_EXECUTION_MAX_GENERATION_STEPS: 5, LLM_GENERATION_FIRST_CALL_TIMEOUT_MS_STREAMING: 270000, LLM_GENERATION_FIRST_CALL_TIMEOUT_MS_NON_STREAMING: 90000, LLM_GENERATION_SUBSEQUENT_CALL_TIMEOUT_MS: 90000, LLM_GENERATION_MAX_ALLOWED_TIMEOUT_MS: 600000, FUNCTION_TOOL_EXECUTION_TIMEOUT_MS_DEFAULT: 30000, FUNCTION_TOOL_SANDBOX_VCPUS_DEFAULT: 4, FUNCTION_TOOL_SANDBOX_POOL_TTL_MS: 300000, FUNCTION_TOOL_SANDBOX_MAX_USE_COUNT: 50, FUNCTION_TOOL_SANDBOX_MAX_OUTPUT_SIZE_BYTES: 1048576, FUNCTION_TOOL_SANDBOX_QUEUE_WAIT_TIMEOUT_MS: 30000, FUNCTION_TOOL_SANDBOX_CLEANUP_INTERVAL_MS: 60000, MCP_TOOL_REQUEST_TIMEOUT_MS_DEFAULT: 60000, DELEGATION_TOOL_BACKOFF_INITIAL_INTERVAL_MS: 100, DELEGATION_TOOL_BACKOFF_MAX_INTERVAL_MS: 10000, DELEGATION_TOOL_BACKOFF_EXPONENT: 2, DELEGATION_TOOL_BACKOFF_MAX_ELAPSED_TIME_MS: 20000, A2A_BACKOFF_INITIAL_INTERVAL_MS: 500, A2A_BACKOFF_MAX_INTERVAL_MS: 60000, A2A_BACKOFF_EXPONENT: 1.5, A2A_BACKOFF_MAX_ELAPSED_TIME_MS: 30000, ARTIFACT_GENERATION_MAX_RETRIES: 3, ARTIFACT_SESSION_MAX_PENDING: 100, ARTIFACT_SESSION_MAX_PREVIOUS_SUMMARIES: 3, ARTIFACT_GENERATION_BACKOFF_INITIAL_MS: 1000, ARTIFACT_GENERATION_BACKOFF_MAX_MS: 10000, SESSION_TOOL_RESULT_CACHE_TIMEOUT_MS: 300000, SESSION_CLEANUP_INTERVAL_MS: 60000, STATUS_UPDATE_DEFAULT_NUM_EVENTS: 1, STATUS_UPDATE_DEFAULT_INTERVAL_SECONDS: 2, STREAM_PARSER_MAX_SNAPSHOT_SIZE: 100, STREAM_PARSER_MAX_STREAMED_SIZE: 1000, STREAM_PARSER_MAX_COLLECTED_PARTS: 10000, STREAM_BUFFER_MAX_SIZE_BYTES: 5242880, STREAM_TEXT_GAP_THRESHOLD_MS: 2000, STREAM_MAX_LIFETIME_MS: 600000, CONVERSATION_HISTORY_DEFAULT_LIMIT: 50, CONVERSATION_ARTIFACTS_LIMIT: 12, COMPRESSION_HARD_LIMIT: 120000, COMPRESSION_SAFETY_BUFFER: 20000, COMPRESSION_ENABLED: true;
+declare const AGENT_EXECUTION_MAX_CONSECUTIVE_ERRORS: 3, AGENT_EXECUTION_MAX_GENERATION_STEPS: 50, LLM_GENERATION_FIRST_CALL_TIMEOUT_MS_STREAMING: 270000, LLM_GENERATION_FIRST_CALL_TIMEOUT_MS_NON_STREAMING: 90000, LLM_GENERATION_SUBSEQUENT_CALL_TIMEOUT_MS: 90000, LLM_GENERATION_MAX_ALLOWED_TIMEOUT_MS: 600000, FUNCTION_TOOL_EXECUTION_TIMEOUT_MS_DEFAULT: 30000, FUNCTION_TOOL_SANDBOX_VCPUS_DEFAULT: 4, FUNCTION_TOOL_SANDBOX_POOL_TTL_MS: 300000, FUNCTION_TOOL_SANDBOX_MAX_USE_COUNT: 50, FUNCTION_TOOL_SANDBOX_MAX_OUTPUT_SIZE_BYTES: 1048576, FUNCTION_TOOL_SANDBOX_QUEUE_WAIT_TIMEOUT_MS: 30000, FUNCTION_TOOL_SANDBOX_CLEANUP_INTERVAL_MS: 60000, MCP_TOOL_REQUEST_TIMEOUT_MS_DEFAULT: 60000, DELEGATION_TOOL_BACKOFF_INITIAL_INTERVAL_MS: 100, DELEGATION_TOOL_BACKOFF_MAX_INTERVAL_MS: 10000, DELEGATION_TOOL_BACKOFF_EXPONENT: 2, DELEGATION_TOOL_BACKOFF_MAX_ELAPSED_TIME_MS: 20000, A2A_BACKOFF_INITIAL_INTERVAL_MS: 500, A2A_BACKOFF_MAX_INTERVAL_MS: 60000, A2A_BACKOFF_EXPONENT: 1.5, A2A_BACKOFF_MAX_ELAPSED_TIME_MS: 30000, ARTIFACT_GENERATION_MAX_RETRIES: 3, ARTIFACT_SESSION_MAX_PENDING: 100, ARTIFACT_SESSION_MAX_PREVIOUS_SUMMARIES: 3, ARTIFACT_GENERATION_BACKOFF_INITIAL_MS: 1000, ARTIFACT_GENERATION_BACKOFF_MAX_MS: 10000, SESSION_TOOL_RESULT_CACHE_TIMEOUT_MS: 300000, SESSION_CLEANUP_INTERVAL_MS: 60000, STATUS_UPDATE_DEFAULT_NUM_EVENTS: 1, STATUS_UPDATE_DEFAULT_INTERVAL_SECONDS: 2, STREAM_PARSER_MAX_SNAPSHOT_SIZE: 100, STREAM_PARSER_MAX_STREAMED_SIZE: 1000, STREAM_PARSER_MAX_COLLECTED_PARTS: 10000, STREAM_BUFFER_MAX_SIZE_BYTES: 5242880, STREAM_TEXT_GAP_THRESHOLD_MS: 2000, STREAM_MAX_LIFETIME_MS: 600000, CONVERSATION_HISTORY_DEFAULT_LIMIT: 50, CONVERSATION_ARTIFACTS_LIMIT: 12, COMPRESSION_HARD_LIMIT: 120000, COMPRESSION_SAFETY_BUFFER: 20000, COMPRESSION_ENABLED: true;
 //#endregion
 export { A2A_BACKOFF_EXPONENT, A2A_BACKOFF_INITIAL_INTERVAL_MS, A2A_BACKOFF_MAX_ELAPSED_TIME_MS, A2A_BACKOFF_MAX_INTERVAL_MS, AGENT_EXECUTION_MAX_CONSECUTIVE_ERRORS, AGENT_EXECUTION_MAX_GENERATION_STEPS, ARTIFACT_GENERATION_BACKOFF_INITIAL_MS, ARTIFACT_GENERATION_BACKOFF_MAX_MS, ARTIFACT_GENERATION_MAX_RETRIES, ARTIFACT_SESSION_MAX_PENDING, ARTIFACT_SESSION_MAX_PREVIOUS_SUMMARIES, COMPRESSION_ENABLED, COMPRESSION_HARD_LIMIT, COMPRESSION_SAFETY_BUFFER, CONVERSATION_ARTIFACTS_LIMIT, CONVERSATION_HISTORY_DEFAULT_LIMIT, DELEGATION_TOOL_BACKOFF_EXPONENT, DELEGATION_TOOL_BACKOFF_INITIAL_INTERVAL_MS, DELEGATION_TOOL_BACKOFF_MAX_ELAPSED_TIME_MS, DELEGATION_TOOL_BACKOFF_MAX_INTERVAL_MS, FUNCTION_TOOL_EXECUTION_TIMEOUT_MS_DEFAULT, FUNCTION_TOOL_SANDBOX_CLEANUP_INTERVAL_MS, FUNCTION_TOOL_SANDBOX_MAX_OUTPUT_SIZE_BYTES, FUNCTION_TOOL_SANDBOX_MAX_USE_COUNT, FUNCTION_TOOL_SANDBOX_POOL_TTL_MS, FUNCTION_TOOL_SANDBOX_QUEUE_WAIT_TIMEOUT_MS, FUNCTION_TOOL_SANDBOX_VCPUS_DEFAULT, LLM_GENERATION_FIRST_CALL_TIMEOUT_MS_NON_STREAMING, LLM_GENERATION_FIRST_CALL_TIMEOUT_MS_STREAMING, LLM_GENERATION_MAX_ALLOWED_TIMEOUT_MS, LLM_GENERATION_SUBSEQUENT_CALL_TIMEOUT_MS, MCP_TOOL_REQUEST_TIMEOUT_MS_DEFAULT, SESSION_CLEANUP_INTERVAL_MS, SESSION_TOOL_RESULT_CACHE_TIMEOUT_MS, STATUS_UPDATE_DEFAULT_INTERVAL_SECONDS, STATUS_UPDATE_DEFAULT_NUM_EVENTS, STREAM_BUFFER_MAX_SIZE_BYTES, STREAM_MAX_LIFETIME_MS, STREAM_PARSER_MAX_COLLECTED_PARTS, STREAM_PARSER_MAX_SNAPSHOT_SIZE, STREAM_PARSER_MAX_STREAMED_SIZE, STREAM_TEXT_GAP_THRESHOLD_MS, executionLimitsDefaults };

package/dist/domains/run/context/ContextResolver.js

@@ -1,8 +1,8 @@
 import { ContextCache } from "./contextCache.js";
 import { ContextFetcher, MissingRequiredVariableError } from "./ContextFetcher.js";
 import { getLogger, getTracer, setSpanWithError } from "@inkeep/agents-core";
-import crypto from "node:crypto";
 import { SpanStatusCode } from "@opentelemetry/api";
+import crypto from "node:crypto";
 
 //#region src/domains/run/context/ContextResolver.ts
 const logger = getLogger("context-resolver");

package/dist/domains/run/services/AgentSession.js

@@ -1129,7 +1129,11 @@ var AgentSessionManager = class {
 	recordEvent(sessionId, eventType, subAgentId, data) {
 		const session = this.sessions.get(sessionId);
 		if (!session) {
-			logger.warn({ sessionId }, "Attempted to record event in non-existent session");
+			logger.warn({
+				sessionId,
+				eventType,
+				subAgentId
+			}, "Attempted to record event in non-existent session (likely session already ended)");
 			return;
 		}
 		session.recordEvent(eventType, subAgentId, data);

package/dist/domains/run/services/BaseCompressor.js

@@ -5,8 +5,8 @@ import { getCompressionConfigForModel } from "../utils/model-context-utils.js";
 import { tracer } from "../utils/tracer.js";
 import { agentSessionManager } from "./AgentSession.js";
 import { getLedgerArtifacts } from "@inkeep/agents-core";
-import { randomUUID } from "node:crypto";
 import { SpanStatusCode } from "@opentelemetry/api";
+import { randomUUID } from "node:crypto";
 
 //#region src/domains/run/services/BaseCompressor.ts
 const logger = getLogger$1("BaseCompressor");

package/dist/domains/run/types/executionContext.js

@@ -1,3 +1,5 @@
+import { env } from "../../../env.js";
+
 //#region src/domains/run/types/executionContext.ts
 /**
 * Extract userId from execution context metadata (when available)
@@ -16,7 +18,7 @@ function createBaseExecutionContext(params) {
 		tenantId: params.tenantId,
 		projectId: params.projectId,
 		agentId: params.agentId,
-		baseUrl: params.baseUrl || process.env.API_URL || "http://localhost:3003",
+		baseUrl: params.baseUrl || env.INKEEP_AGENTS_API_URL,
 		apiKeyId: params.apiKeyId,
 		subAgentId: params.subAgentId,
 		ref: params.ref,

package/dist/env.d.ts

@@ -48,6 +48,12 @@ declare const envSchema: z.ZodObject<{
   WORKFLOW_POSTGRES_URL: z.ZodOptional<z.ZodString>;
   WORKFLOW_POSTGRES_JOB_PREFIX: z.ZodOptional<z.ZodString>;
   WORKFLOW_POSTGRES_WORKER_CONCURRENCY: z.ZodOptional<z.ZodString>;
+  GITHUB_APP_ID: z.ZodOptional<z.ZodString>;
+  GITHUB_APP_PRIVATE_KEY: z.ZodOptional<z.ZodString>;
+  GITHUB_WEBHOOK_SECRET: z.ZodOptional<z.ZodString>;
+  GITHUB_STATE_SIGNING_SECRET: z.ZodOptional<z.ZodString>;
+  GITHUB_APP_NAME: z.ZodOptional<z.ZodString>;
+  GITHUB_MCP_API_KEY: z.ZodOptional<z.ZodString>;
 }, z.core.$strip>;
 declare const env: {
   NODE_ENV: "development" | "production" | "test";
@@ -81,6 +87,12 @@ declare const env: {
   WORKFLOW_POSTGRES_URL?: string | undefined;
   WORKFLOW_POSTGRES_JOB_PREFIX?: string | undefined;
   WORKFLOW_POSTGRES_WORKER_CONCURRENCY?: string | undefined;
+  GITHUB_APP_ID?: string | undefined;
+  GITHUB_APP_PRIVATE_KEY?: string | undefined;
+  GITHUB_WEBHOOK_SECRET?: string | undefined;
+  GITHUB_STATE_SIGNING_SECRET?: string | undefined;
+  GITHUB_APP_NAME?: string | undefined;
+  GITHUB_MCP_API_KEY?: string | undefined;
 };
 type Env = z.infer<typeof envSchema>;
 //#endregion

package/dist/env.js

@@ -49,7 +49,13 @@ const envSchema = z.object({
 	WORKFLOW_TARGET_WORLD: z.string().optional(),
 	WORKFLOW_POSTGRES_URL: z.string().optional(),
 	WORKFLOW_POSTGRES_JOB_PREFIX: z.string().optional(),
-	WORKFLOW_POSTGRES_WORKER_CONCURRENCY: z.string().optional()
+	WORKFLOW_POSTGRES_WORKER_CONCURRENCY: z.string().optional(),
+	GITHUB_APP_ID: z.string().optional(),
+	GITHUB_APP_PRIVATE_KEY: z.string().optional(),
+	GITHUB_WEBHOOK_SECRET: z.string().optional(),
+	GITHUB_STATE_SIGNING_SECRET: z.string().min(32, "GITHUB_STATE_SIGNING_SECRET must be at least 32 characters").optional(),
+	GITHUB_APP_NAME: z.string().optional(),
+	GITHUB_MCP_API_KEY: z.string().optional().describe("API key for the GitHub MCP")
 });
 const parseEnv = () => {
 	try {