@inkeep/agents-api 0.0.0-dev-20260205203133 → 0.0.0-dev-20260205231249

package/dist/middleware/cors.d.ts

@@ -6,10 +6,15 @@ type CorsOptions = Parameters<typeof cors>[0];
  * Extract the base domain from a hostname (e.g., 'app.preview.inkeep.com' -> 'preview.inkeep.com')
  */
 declare function getBaseDomain(hostname: string): string;
+/**
+ * Extract the registrable domain (eTLD+1) from a hostname.
+ * e.g., 'api.agents.inkeep.com' -> 'inkeep.com', 'app.inkeep.com' -> 'inkeep.com'
+ */
+declare function getRootDomain(hostname: string): string;
 /**
  * Check if a request origin is allowed for CORS
  * Development: Allow any localhost origin
- * Production: Allow same base domain or configured UI URL
+ * Production: Allow same base domain, same root domain (when UI URL is configured), or configured UI URL
  */
 declare function isOriginAllowed(origin: string | undefined): origin is string;
 /**
@@ -33,4 +38,4 @@ declare const runCorsConfig: CorsOptions;
  */
 declare const signozCorsConfig: CorsOptions;
 //#endregion
-export { authCorsConfig, defaultCorsConfig, getBaseDomain, isOriginAllowed, playgroundCorsConfig, runCorsConfig, signozCorsConfig };
+export { authCorsConfig, defaultCorsConfig, getBaseDomain, getRootDomain, isOriginAllowed, playgroundCorsConfig, runCorsConfig, signozCorsConfig };

package/dist/middleware/cors.js

@@ -10,9 +10,18 @@ function getBaseDomain(hostname) {
 	return hostname;
 }
 /**
+* Extract the registrable domain (eTLD+1) from a hostname.
+* e.g., 'api.agents.inkeep.com' -> 'inkeep.com', 'app.inkeep.com' -> 'inkeep.com'
+*/
+function getRootDomain(hostname) {
+	const parts = hostname.split(".");
+	if (parts.length >= 2) return parts.slice(-2).join(".");
+	return hostname;
+}
+/**
 * Check if a request origin is allowed for CORS
 * Development: Allow any localhost origin
-* Production: Allow same base domain or configured UI URL
+* Production: Allow same base domain, same root domain (when UI URL is configured), or configured UI URL
 */
 function isOriginAllowed(origin) {
 	if (!origin) return false;
@@ -23,6 +32,12 @@ function isOriginAllowed(origin) {
 		if (requestUrl.hostname === "localhost" || requestUrl.hostname === "127.0.0.1") return true;
 		if (uiUrl && requestUrl.hostname === uiUrl.hostname) return true;
 		if (getBaseDomain(requestUrl.hostname) === getBaseDomain(apiUrl.hostname)) return true;
+		if (uiUrl) {
+			const requestRootDomain = getRootDomain(requestUrl.hostname);
+			const apiRootDomain = getRootDomain(apiUrl.hostname);
+			const uiRootDomain = getRootDomain(uiUrl.hostname);
+			if (requestRootDomain === apiRootDomain && apiRootDomain === uiRootDomain && requestRootDomain === uiRootDomain) return true;
+		}
 		return false;
 	} catch {
 		return false;
@@ -128,4 +143,4 @@ const signozCorsConfig = {
 };
 
 //#endregion
-export { authCorsConfig, defaultCorsConfig, getBaseDomain, isOriginAllowed, playgroundCorsConfig, runCorsConfig, signozCorsConfig };
+export { authCorsConfig, defaultCorsConfig, getBaseDomain, getRootDomain, isOriginAllowed, playgroundCorsConfig, runCorsConfig, signozCorsConfig };

package/dist/middleware/evalsAuth.d.ts

@@ -1,5 +1,5 @@
 import { BaseExecutionContext } from "@inkeep/agents-core";
-import * as hono4 from "hono";
+import * as hono0 from "hono";
 
 //#region src/middleware/evalsAuth.d.ts
 
@@ -7,7 +7,7 @@ import * as hono4 from "hono";
  * Middleware to authenticate API requests using Bearer token authentication
  * First checks if token matches INKEEP_AGENTS_EVAL_API_BYPASS_SECRET,
  */
-declare const evalApiKeyAuth: () => hono4.MiddlewareHandler<{
+declare const evalApiKeyAuth: () => hono0.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };

package/dist/middleware/manageAuth.d.ts

@@ -1,5 +1,5 @@
 import { BaseExecutionContext } from "@inkeep/agents-core";
-import * as hono0 from "hono";
+import * as hono5 from "hono";
 import { createAuth } from "@inkeep/agents-core/auth";
 
 //#region src/middleware/manageAuth.d.ts
@@ -12,7 +12,7 @@ import { createAuth } from "@inkeep/agents-core/auth";
  * 3. Database API key
  * 4. Internal service token
  */
-declare const manageApiKeyAuth: () => hono0.MiddlewareHandler<{
+declare const manageApiKeyAuth: () => hono5.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
     userId?: string;

package/dist/middleware/projectConfig.d.ts

@@ -1,11 +1,11 @@
 import { BaseExecutionContext, ResolvedRef } from "@inkeep/agents-core";
-import * as hono9 from "hono";
+import * as hono0 from "hono";
 
 //#region src/middleware/projectConfig.d.ts
 /**
  * Middleware that fetches the full project definition from the Management API
  */
-declare const projectConfigMiddleware: hono9.MiddlewareHandler<{
+declare const projectConfigMiddleware: hono0.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
     resolvedRef: ResolvedRef;
@@ -15,7 +15,7 @@ declare const projectConfigMiddleware: hono9.MiddlewareHandler<{
  * Creates a middleware that applies project config fetching except for specified route patterns
  * @param skipRouteCheck - Function that returns true if the route should skip the middleware
  */
-declare const projectConfigMiddlewareExcept: (skipRouteCheck: (path: string) => boolean) => hono9.MiddlewareHandler<{
+declare const projectConfigMiddlewareExcept: (skipRouteCheck: (path: string) => boolean) => hono0.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
     resolvedRef: ResolvedRef;

package/dist/middleware/requirePermission.d.ts

@@ -1,5 +1,5 @@
 import { ManageAppVariables } from "../types/app.js";
-import * as hono1 from "hono";
+import * as hono6 from "hono";
 
 //#region src/middleware/requirePermission.d.ts
 type Permission = {
@@ -9,6 +9,6 @@ declare const requirePermission: <Env$1 extends {
   Variables: ManageAppVariables;
 } = {
   Variables: ManageAppVariables;
-}>(permissions: Permission) => hono1.MiddlewareHandler<Env$1, string, {}, Response>;
+}>(permissions: Permission) => hono6.MiddlewareHandler<Env$1, string, {}, Response>;
 //#endregion
 export { requirePermission };

package/dist/middleware/runAuth.d.ts

@@ -1,8 +1,8 @@
 import { BaseExecutionContext } from "@inkeep/agents-core";
-import * as hono5 from "hono";
+import * as hono2 from "hono";
 
 //#region src/middleware/runAuth.d.ts
-declare const runApiKeyAuth: () => hono5.MiddlewareHandler<{
+declare const runApiKeyAuth: () => hono2.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };
@@ -11,7 +11,7 @@ declare const runApiKeyAuth: () => hono5.MiddlewareHandler<{
  * Creates a middleware that applies API key authentication except for specified route patterns
  * @param skipRouteCheck - Function that returns true if the route should skip authentication
  */
-declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) => hono5.MiddlewareHandler<{
+declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) => hono2.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };
@@ -20,7 +20,7 @@ declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) =
  * Helper middleware for endpoints that optionally support API key authentication
  * If no auth header is present, it continues without setting the executionContext
  */
-declare const runOptionalAuth: () => hono5.MiddlewareHandler<{
+declare const runOptionalAuth: () => hono2.MiddlewareHandler<{
   Variables: {
     executionContext?: BaseExecutionContext;
   };

package/dist/middleware/sessionAuth.d.ts

@@ -1,4 +1,4 @@
-import * as hono2 from "hono";
+import * as hono11 from "hono";
 
 //#region src/middleware/sessionAuth.d.ts
 
@@ -7,11 +7,11 @@ import * as hono2 from "hono";
  * Requires that a user has already been authenticated via Better Auth session.
  * Used primarily for manage routes that require an active user session.
  */
-declare const sessionAuth: () => hono2.MiddlewareHandler<any, string, {}, Response>;
+declare const sessionAuth: () => hono11.MiddlewareHandler<any, string, {}, Response>;
 /**
  * Global session middleware - sets user and session in context for all routes
  * Used for all routes that require an active user session.
  */
-declare const sessionContext: () => hono2.MiddlewareHandler<any, string, {}, Response>;
+declare const sessionContext: () => hono11.MiddlewareHandler<any, string, {}, Response>;
 //#endregion
 export { sessionAuth, sessionContext };

package/dist/middleware/tenantAccess.d.ts

@@ -1,4 +1,4 @@
-import * as hono11 from "hono";
+import * as hono13 from "hono";
 
 //#region src/middleware/tenantAccess.d.ts
 
@@ -11,7 +11,7 @@ import * as hono11 from "hono";
  * - API key user: Access only to the tenant associated with the API key
  * - Session user: Access based on organization membership
  */
-declare const requireTenantAccess: () => hono11.MiddlewareHandler<{
+declare const requireTenantAccess: () => hono13.MiddlewareHandler<{
   Variables: {
     userId: string;
     tenantId: string;

package/dist/middleware/tracing.d.ts

@@ -1,7 +1,7 @@
-import * as hono12 from "hono";
+import * as hono9 from "hono";
 
 //#region src/middleware/tracing.d.ts
-declare const otelBaggageMiddleware: () => hono12.MiddlewareHandler<any, string, {}, Response>;
-declare const executionBaggageMiddleware: () => hono12.MiddlewareHandler<any, string, {}, Response>;
+declare const otelBaggageMiddleware: () => hono9.MiddlewareHandler<any, string, {}, Response>;
+declare const executionBaggageMiddleware: () => hono9.MiddlewareHandler<any, string, {}, Response>;
 //#endregion
 export { executionBaggageMiddleware, otelBaggageMiddleware };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inkeep/agents-api",
-  "version": "0.0.0-dev-20260205203133",
+  "version": "0.0.0-dev-20260205231249",
   "description": "Unified Inkeep Agents API - combines management, runtime, and evaluation capabilities",
   "types": "dist/index.d.ts",
   "exports": {
@@ -66,10 +66,10 @@
     "openid-client": "^6.8.1",
     "pg": "^8.16.3",
     "workflow": "4.0.1-beta.33",
-    "@inkeep/agents-core": "^0.0.0-dev-20260205203133",
-    "@inkeep/agents-manage-mcp": "^0.0.0-dev-20260205203133",
-    "@inkeep/agents-mcp": "^0.0.0-dev-20260205203133",
-    "@inkeep/agents-work-apps": "^0.0.0-dev-20260205203133"
+    "@inkeep/agents-core": "^0.0.0-dev-20260205231249",
+    "@inkeep/agents-manage-mcp": "^0.0.0-dev-20260205231249",
+    "@inkeep/agents-mcp": "^0.0.0-dev-20260205231249",
+    "@inkeep/agents-work-apps": "^0.0.0-dev-20260205231249"
   },
   "peerDependencies": {
     "@hono/zod-openapi": "^1.1.5",