@inkeep/agents-api 0.0.0-dev-20260209221416 → 0.0.0-dev-20260209233018

package/dist/.well-known/workflow/v1/manifest.debug.json

@@ -41,15 +41,15 @@
     }
   },
   "workflows": {
-    "src/domains/evals/workflow/functions/runDatasetItem.ts": {
-      "_runDatasetItemWorkflow": {
-        "workflowId": "workflow//src/domains/evals/workflow/functions/runDatasetItem.ts//_runDatasetItemWorkflow"
-      }
-    },
     "src/domains/evals/workflow/functions/evaluateConversation.ts": {
       "_evaluateConversationWorkflow": {
         "workflowId": "workflow//src/domains/evals/workflow/functions/evaluateConversation.ts//_evaluateConversationWorkflow"
       }
+    },
+    "src/domains/evals/workflow/functions/runDatasetItem.ts": {
+      "_runDatasetItemWorkflow": {
+        "workflowId": "workflow//src/domains/evals/workflow/functions/runDatasetItem.ts//_runDatasetItemWorkflow"
+      }
     }
   }
 }

package/dist/.well-known/workflow/v1/step.cjs

@@ -180088,7 +180088,11 @@ function createAgentsManageDatabasePool(config4) {
   if (!connectionString) throw new Error("INKEEP_AGENTS_MANAGE_DATABASE_URL environment variable is required. Please set it to your PostgreSQL connection string.");
   const pool2 = new Pool({
     connectionString,
-    max: config4.poolSize || Number(env.POSTGRES_POOL_SIZE) || 100
+    max: config4.poolSize || Number(env.POSTGRES_POOL_SIZE) || 100,
+    keepAlive: true,
+    keepAliveInitialDelayMillis: 6e4,
+    connectionTimeoutMillis: 1e4,
+    idleTimeoutMillis: 3e4
   });
   pool2.on("error", (err2) => {
     console.error("Unexpected PostgreSQL pool error:", err2);
@@ -180102,7 +180106,11 @@ function createAgentsManageDatabaseClient(config4) {
   if (!connectionString) throw new Error("INKEEP_AGENTS_MANAGE_DATABASE_URL environment variable is required. Please set it to your PostgreSQL connection string.");
   const pool2 = new Pool({
     connectionString,
-    max: config4.poolSize || Number(env.POSTGRES_POOL_SIZE) || 100
+    max: config4.poolSize || Number(env.POSTGRES_POOL_SIZE) || 100,
+    keepAlive: true,
+    keepAliveInitialDelayMillis: 6e4,
+    connectionTimeoutMillis: 1e4,
+    idleTimeoutMillis: 3e4
   });
   pool2.on("error", (err2) => {
     console.error("Unexpected PostgreSQL pool error:", err2);
@@ -180130,7 +180138,11 @@ function createAgentsRunDatabaseClient(config4) {
   if (!connectionString) throw new Error("INKEEP_AGENTS_RUN_DATABASE_URL environment variable is required. Please set it to your PostgreSQL connection string.");
   const pool2 = new Pool({
     connectionString,
-    max: config4?.poolSize || Number(env.POSTGRES_POOL_SIZE) || 100
+    max: config4?.poolSize || Number(env.POSTGRES_POOL_SIZE) || 100,
+    keepAlive: true,
+    keepAliveInitialDelayMillis: 6e4,
+    connectionTimeoutMillis: 1e4,
+    idleTimeoutMillis: 3e4
   });
   pool2.on("error", (err2) => {
     console.error("Unexpected PostgreSQL pool error:", err2);

package/dist/createApp.d.ts

@@ -1,10 +1,10 @@
 import { AppConfig } from "./types/app.js";
 import "./types/index.js";
 import { Hono } from "hono";
-import * as hono_types11 from "hono/types";
+import * as hono_types0 from "hono/types";
 
 //#region src/createApp.d.ts
 declare const isWebhookRoute: (path: string) => boolean;
-declare function createAgentsHono(config: AppConfig): Hono<hono_types11.BlankEnv, hono_types11.BlankSchema, "/">;
+declare function createAgentsHono(config: AppConfig): Hono<hono_types0.BlankEnv, hono_types0.BlankSchema, "/">;
 //#endregion
 export { createAgentsHono, isWebhookRoute };

package/dist/data/db/runDbClient.d.ts

@@ -1,6 +1,6 @@
-import * as _inkeep_agents_core2 from "@inkeep/agents-core";
+import * as _inkeep_agents_core0 from "@inkeep/agents-core";
 
 //#region src/data/db/runDbClient.d.ts
-declare const runDbClient: _inkeep_agents_core2.AgentsRunDatabaseClient;
+declare const runDbClient: _inkeep_agents_core0.AgentsRunDatabaseClient;
 //#endregion
 export { runDbClient as default };

package/dist/domains/evals/routes/datasetTriggers.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono14 from "hono";
+import * as hono15 from "hono";
 
 //#region src/domains/evals/routes/datasetTriggers.d.ts
-declare const app: OpenAPIHono<hono14.Env, {}, "/">;
+declare const app: OpenAPIHono<hono15.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/evals/routes/index.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono18 from "hono";
+import * as hono16 from "hono";
 
 //#region src/domains/evals/routes/index.d.ts
-declare const app: OpenAPIHono<hono18.Env, {}, "/">;
+declare const app: OpenAPIHono<hono16.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/evals/workflow/routes.d.ts

@@ -1,7 +1,7 @@
 import { Hono } from "hono";
-import * as hono_types5 from "hono/types";
+import * as hono_types6 from "hono/types";
 
 //#region src/domains/evals/workflow/routes.d.ts
-declare const workflowRoutes: Hono<hono_types5.BlankEnv, hono_types5.BlankSchema, "/">;
+declare const workflowRoutes: Hono<hono_types6.BlankEnv, hono_types6.BlankSchema, "/">;
 //#endregion
 export { workflowRoutes };

package/dist/domains/manage/routes/availableAgents.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono15 from "hono";
+import * as hono14 from "hono";
 
 //#region src/domains/manage/routes/availableAgents.d.ts
-declare const app: OpenAPIHono<hono15.Env, {}, "/">;
+declare const app: OpenAPIHono<hono14.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/conversations.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono16 from "hono";
+import * as hono17 from "hono";
 
 //#region src/domains/manage/routes/conversations.d.ts
-declare const app: OpenAPIHono<hono16.Env, {}, "/">;
+declare const app: OpenAPIHono<hono17.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/index.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono17 from "hono";
+import * as hono9 from "hono";
 
 //#region src/domains/manage/routes/index.d.ts
-declare const app: OpenAPIHono<hono17.Env, {}, "/">;
+declare const app: OpenAPIHono<hono9.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/mcp.d.ts

@@ -1,7 +1,7 @@
 import { Hono } from "hono";
-import * as hono_types9 from "hono/types";
+import * as hono_types4 from "hono/types";
 
 //#region src/domains/manage/routes/mcp.d.ts
-declare const app: Hono<hono_types9.BlankEnv, hono_types9.BlankSchema, "/">;
+declare const app: Hono<hono_types4.BlankEnv, hono_types4.BlankSchema, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/passwordResetLinks.d.ts

@@ -1,10 +1,10 @@
 import { ManageAppVariables } from "../../../types/app.js";
 import { Hono } from "hono";
-import * as hono_types4 from "hono/types";
+import * as hono_types8 from "hono/types";
 
 //#region src/domains/manage/routes/passwordResetLinks.d.ts
 declare const passwordResetLinksRoutes: Hono<{
   Variables: ManageAppVariables;
-}, hono_types4.BlankSchema, "/">;
+}, hono_types8.BlankSchema, "/">;
 //#endregion
 export { passwordResetLinksRoutes as default };

package/dist/domains/manage/routes/signoz.d.ts

@@ -1,10 +1,10 @@
 import { ManageAppVariables } from "../../../types/app.js";
 import { Hono } from "hono";
-import * as hono_types2 from "hono/types";
+import * as hono_types10 from "hono/types";
 
 //#region src/domains/manage/routes/signoz.d.ts
 declare const app: Hono<{
   Variables: ManageAppVariables;
-}, hono_types2.BlankSchema, "/">;
+}, hono_types10.BlankSchema, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/users.d.ts

@@ -1,10 +1,10 @@
 import { ManageAppVariables } from "../../../types/app.js";
 import { Hono } from "hono";
-import * as hono_types1 from "hono/types";
+import * as hono_types9 from "hono/types";
 
 //#region src/domains/manage/routes/users.d.ts
 declare const usersRoutes: Hono<{
   Variables: ManageAppVariables;
-}, hono_types1.BlankSchema, "/">;
+}, hono_types9.BlankSchema, "/">;
 //#endregion
 export { usersRoutes as default };

package/dist/domains/mcp/routes/mcp.d.ts

@@ -1,7 +1,7 @@
 import { Hono } from "hono";
-import * as hono_types7 from "hono/types";
+import * as hono_types1 from "hono/types";
 
 //#region src/domains/mcp/routes/mcp.d.ts
-declare const app: Hono<hono_types7.BlankEnv, hono_types7.BlankSchema, "/">;
+declare const app: Hono<hono_types1.BlankEnv, hono_types1.BlankSchema, "/">;
 //#endregion
 export { app as default };

package/dist/domains/run/agents/Agent.js

@@ -21,6 +21,7 @@ import { generateToolId } from "../utils/agent-operations.js";
 import { ArtifactCreateSchema, ArtifactReferenceSchema } from "../utils/artifact-component-schema.js";
 import { withJsonPostProcessing } from "../utils/json-postprocessor.js";
 import { calculateBreakdownTotal, estimateTokens } from "../utils/token-estimator.js";
+import { createDeniedToolResult, isToolResultDenied } from "../utils/tool-result.js";
 import { createDelegateToAgentTool, createTransferToAgentTool } from "./relationTools.js";
 import { SystemPromptBuilder } from "./SystemPromptBuilder.js";
 import { PromptConfig, V1_BREAKDOWN_SCHEMA } from "./versions/v1/PromptConfig.js";
@@ -354,7 +355,7 @@ var Agent = class {
 						needsApproval,
 						inDelegatedAgent: this.isDelegatedAgent
 					});
-					const isDeniedResult = !!result && typeof result === "object" && "__inkeepToolDenied" in result && result.__inkeepToolDenied === true;
+					const isDeniedResult = isToolResultDenied(result);
 					if (streamRequestId && streamHelper && !isInternalToolForUi) if (isDeniedResult) await streamHelper.writeToolOutputDenied({ toolCallId });
 					else await streamHelper.writeToolOutputAvailable({
 						toolCallId,
@@ -508,14 +509,16 @@ var Agent = class {
 								if (streamRequestId$1) await toolApprovalUiBus.publish(streamRequestId$1, {
 									type: "approval-resolved",
 									toolCallId,
-									approved: false
+									approved: false,
+									reason: approvalResult.reason
 								});
 							}
 							return tracer.startActiveSpan("tool.approval_denied", { attributes: {
 								"tool.name": toolName,
 								"tool.callId": toolCallId,
 								"subAgent.id": this.config.id,
-								"subAgent.name": this.config.name
+								"subAgent.name": this.config.name,
+								"tool.approval.reason": approvalResult.reason
 							} }, (denialSpan) => {
 								logger.info({
 									toolName,
@@ -524,11 +527,7 @@ var Agent = class {
 								}, "Tool execution denied by user");
 								denialSpan.setStatus({ code: SpanStatusCode.OK });
 								denialSpan.end();
-								return {
-									__inkeepToolDenied: true,
-									toolCallId,
-									reason: approvalResult.reason
-								};
+								return createDeniedToolResult(toolCallId, approvalResult.reason);
 							});
 						}
 						tracer.startActiveSpan("tool.approval_approved", { attributes: {
@@ -926,7 +925,8 @@ var Agent = class {
 									if (streamRequestId$1) await toolApprovalUiBus.publish(streamRequestId$1, {
 										type: "approval-resolved",
 										toolCallId,
-										approved: false
+										approved: false,
+										reason: approvalResult.reason
 									});
 								}
 								return tracer.startActiveSpan("tool.approval_denied", { attributes: {
@@ -942,11 +942,7 @@ var Agent = class {
 									}, "Function tool execution denied by user");
 									denialSpan.setStatus({ code: SpanStatusCode.OK });
 									denialSpan.end();
-									return {
-										__inkeepToolDenied: true,
-										toolCallId,
-										reason: approvalResult.reason
-									};
+									return createDeniedToolResult(toolCallId, approvalResult.reason);
 								});
 							}
 							tracer.startActiveSpan("tool.approval_approved", { attributes: {
@@ -1445,6 +1441,14 @@ var Agent = class {
 	*/
 	formatToolResult(toolName, args, result, toolCallId) {
 		const input = args ? JSON.stringify(args, null, 2) : "No input";
+		if (isToolResultDenied(result)) return [
+			`## Tool: ${toolName}`,
+			"",
+			`### 🔧 TOOL_CALL_ID: ${toolCallId}`,
+			"",
+			`### Output`,
+			result.reason
+		].join("\n");
 		let parsedResult = result;
 		if (typeof result === "string") try {
 			parsedResult = JSON.parse(result);

package/dist/domains/run/agents/relationTools.d.ts

@@ -1,6 +1,6 @@
 import { AgentConfig, DelegateRelation } from "./Agent.js";
 import { InternalRelation } from "../utils/project.js";
-import * as _inkeep_agents_core0 from "@inkeep/agents-core";
+import * as _inkeep_agents_core1 from "@inkeep/agents-core";
 import { CredentialStoreRegistry, FullExecutionContext } from "@inkeep/agents-core";
 import * as ai0 from "ai";
 
@@ -44,7 +44,7 @@ declare function createDelegateToAgentTool({
   message: string;
 }, {
   toolCallId: any;
-  result: _inkeep_agents_core0.Message | _inkeep_agents_core0.Task;
+  result: _inkeep_agents_core1.Message | _inkeep_agents_core1.Task;
 }>;
 /**
  * Parameters for building a transfer relation config

package/dist/domains/run/services/PendingToolApprovalManager.js

@@ -89,7 +89,7 @@ var PendingToolApprovalManager = class PendingToolApprovalManager {
 		this.pendingApprovals.delete(toolCallId);
 		approval.resolve({
 			approved: false,
-			reason: reason || "User denied approval"
+			reason: `The user declined to run this tool. ${reason ? `Reason: ${reason}` : ""}`
 		});
 		return true;
 	}

package/dist/domains/run/services/ToolApprovalUiBus.d.ts

@@ -10,6 +10,7 @@ type ToolApprovalUiEvent = {
   type: 'approval-resolved';
   toolCallId: string;
   approved: boolean;
+  reason?: string;
 };
 type Listener = (event: ToolApprovalUiEvent) => void | Promise<void>;
 /**

package/dist/domains/run/services/ToolApprovalUiBus.js

@@ -33,7 +33,8 @@ var ToolApprovalUiBus = class {
 				streamRequestId,
 				eventType: event.type,
 				toolCallId: event.toolCallId,
-				error: error instanceof Error ? error.message : String(error)
+				error: error instanceof Error ? error.message : String(error),
+				reason: event.reason
 			}, "ToolApprovalUiBus listener failed");
 		}
 	}

package/dist/domains/run/utils/tool-result.d.ts

@@ -0,0 +1,11 @@
+//#region src/domains/run/utils/tool-result.d.ts
+declare const INKEEP_TOOL_DENIED_KEY = "__inkeepToolDenied";
+interface DeniedToolResult {
+  [INKEEP_TOOL_DENIED_KEY]: true;
+  toolCallId: string;
+  reason?: string;
+}
+declare function isToolResultDenied(result: unknown): result is DeniedToolResult;
+declare function createDeniedToolResult(toolCallId: string, reason?: string): DeniedToolResult;
+//#endregion
+export { DeniedToolResult, INKEEP_TOOL_DENIED_KEY, createDeniedToolResult, isToolResultDenied };

package/dist/domains/run/utils/tool-result.js

@@ -0,0 +1,15 @@
+//#region src/domains/run/utils/tool-result.ts
+const INKEEP_TOOL_DENIED_KEY = "__inkeepToolDenied";
+function isToolResultDenied(result) {
+	return !!result && typeof result === "object" && INKEEP_TOOL_DENIED_KEY in result && result[INKEEP_TOOL_DENIED_KEY] === true;
+}
+function createDeniedToolResult(toolCallId, reason) {
+	return {
+		[INKEEP_TOOL_DENIED_KEY]: true,
+		toolCallId,
+		reason
+	};
+}
+
+//#endregion
+export { INKEEP_TOOL_DENIED_KEY, createDeniedToolResult, isToolResultDenied };

package/dist/env.d.ts

@@ -14,11 +14,11 @@ declare const envSchema: z.ZodObject<{
     pentest: "pentest";
   }>>;
   LOG_LEVEL: z.ZodDefault<z.ZodEnum<{
+    error: "error";
     trace: "trace";
     debug: "debug";
     info: "info";
     warn: "warn";
-    error: "error";
   }>>;
   INKEEP_AGENTS_MANAGE_DATABASE_URL: z.ZodString;
   INKEEP_AGENTS_RUN_DATABASE_URL: z.ZodString;
@@ -59,7 +59,7 @@ declare const envSchema: z.ZodObject<{
 declare const env: {
   NODE_ENV: "development" | "production" | "test";
   ENVIRONMENT: "development" | "production" | "test" | "pentest";
-  LOG_LEVEL: "trace" | "debug" | "info" | "warn" | "error";
+  LOG_LEVEL: "error" | "trace" | "debug" | "info" | "warn";
   INKEEP_AGENTS_MANAGE_DATABASE_URL: string;
   INKEEP_AGENTS_RUN_DATABASE_URL: string;
   INKEEP_AGENTS_API_URL: string;

package/dist/factory.d.ts

@@ -3,10 +3,10 @@ import "./types/index.js";
 import { createAgentsHono } from "./createApp.js";
 import { createAuth0Provider, createOIDCProvider } from "./ssoHelpers.js";
 import { CredentialStore, ServerConfig } from "@inkeep/agents-core";
-import * as hono0 from "hono";
+import * as hono18 from "hono";
 import * as zod0 from "zod";
 import { SSOProviderConfig, UserAuthConfig } from "@inkeep/agents-core/auth";
-import * as hono_types0 from "hono/types";
+import * as hono_types11 from "hono/types";
 import * as better_auth0 from "better-auth";
 import * as better_auth_plugins0 from "better-auth/plugins";
 import * as _better_auth_sso0 from "@better-auth/sso";
@@ -804,25 +804,25 @@ declare function createAgentsAuth(userAuthConfig?: UserAuthConfig): better_auth0
       ac: better_auth_plugins0.AccessControl;
       roles: {
         member: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>;
         };
         admin: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>;
         };
         owner: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>;
         };
       };
       creatorRole: "admin";
@@ -1127,25 +1127,25 @@ declare function createAgentsAuth(userAuthConfig?: UserAuthConfig): better_auth0
       ac: better_auth_plugins0.AccessControl;
       roles: {
         member: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>;
         };
         admin: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>;
         };
         owner: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>;
         };
       };
       creatorRole: "admin";
@@ -1570,6 +1570,6 @@ declare function createAgentsApp(config?: {
   credentialStores?: CredentialStore[];
   auth?: UserAuthConfig;
   sandboxConfig?: SandboxConfig;
-}): hono0.Hono<hono_types0.BlankEnv, hono_types0.BlankSchema, "/">;
+}): hono18.Hono<hono_types11.BlankEnv, hono_types11.BlankSchema, "/">;
 //#endregion
 export { type SSOProviderConfig, type UserAuthConfig, createAgentsApp, createAgentsAuth, createAgentsHono, createAuth0Provider, createOIDCProvider };

package/dist/index.d.ts

@@ -805,25 +805,25 @@ declare const auth: better_auth79.Auth<{
       ac: better_auth_plugins69.AccessControl;
       roles: {
         member: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key] | {
-            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>[key] | {
+            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
-          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>;
+          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>;
         };
         admin: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key] | {
-            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>[key] | {
+            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
-          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>;
+          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>;
         };
         owner: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key] | {
-            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>[key] | {
+            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
-          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>;
+          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>;
         };
       };
       creatorRole: "admin";
@@ -1128,25 +1128,25 @@ declare const auth: better_auth79.Auth<{
       ac: better_auth_plugins69.AccessControl;
       roles: {
         member: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key] | {
-            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>[key] | {
+            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
-          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>;
+          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>;
         };
         admin: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key] | {
-            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>[key] | {
+            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
-          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>;
+          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>;
         };
         owner: {
-          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key] | {
-            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>[key] | {
+            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
-          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "team" | "ac", better_auth_plugins69.Statements>;
+          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>;
         };
       };
       creatorRole: "admin";

package/dist/middleware/projectConfig.d.ts

@@ -1,11 +1,11 @@
 import { BaseExecutionContext, ResolvedRef } from "@inkeep/agents-core";
-import * as hono10 from "hono";
+import * as hono0 from "hono";
 
 //#region src/middleware/projectConfig.d.ts
 /**
  * Middleware that fetches the full project definition from the Management API
  */
-declare const projectConfigMiddleware: hono10.MiddlewareHandler<{
+declare const projectConfigMiddleware: hono0.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
     resolvedRef: ResolvedRef;
@@ -15,7 +15,7 @@ declare const projectConfigMiddleware: hono10.MiddlewareHandler<{
  * Creates a middleware that applies project config fetching except for specified route patterns
  * @param skipRouteCheck - Function that returns true if the route should skip the middleware
  */
-declare const projectConfigMiddlewareExcept: (skipRouteCheck: (path: string) => boolean) => hono10.MiddlewareHandler<{
+declare const projectConfigMiddlewareExcept: (skipRouteCheck: (path: string) => boolean) => hono0.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
     resolvedRef: ResolvedRef;

package/dist/middleware/requirePermission.d.ts

@@ -1,5 +1,5 @@
 import { ManageAppVariables } from "../types/app.js";
-import * as hono4 from "hono";
+import * as hono11 from "hono";
 
 //#region src/middleware/requirePermission.d.ts
 type Permission = {
@@ -9,6 +9,6 @@ declare const requirePermission: <Env$1 extends {
   Variables: ManageAppVariables;
 } = {
   Variables: ManageAppVariables;
-}>(permissions: Permission) => hono4.MiddlewareHandler<Env$1, string, {}, Response>;
+}>(permissions: Permission) => hono11.MiddlewareHandler<Env$1, string, {}, Response>;
 //#endregion
 export { requirePermission };

package/dist/middleware/runAuth.d.ts

@@ -1,8 +1,8 @@
 import { BaseExecutionContext } from "@inkeep/agents-core";
-import * as hono5 from "hono";
+import * as hono4 from "hono";
 
 //#region src/middleware/runAuth.d.ts
-declare const runApiKeyAuth: () => hono5.MiddlewareHandler<{
+declare const runApiKeyAuth: () => hono4.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };
@@ -11,7 +11,7 @@ declare const runApiKeyAuth: () => hono5.MiddlewareHandler<{
  * Creates a middleware that applies API key authentication except for specified route patterns
  * @param skipRouteCheck - Function that returns true if the route should skip authentication
  */
-declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) => hono5.MiddlewareHandler<{
+declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) => hono4.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };
@@ -20,7 +20,7 @@ declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) =
  * Helper middleware for endpoints that optionally support API key authentication
  * If no auth header is present, it continues without setting the executionContext
  */
-declare const runOptionalAuth: () => hono5.MiddlewareHandler<{
+declare const runOptionalAuth: () => hono4.MiddlewareHandler<{
   Variables: {
     executionContext?: BaseExecutionContext;
   };

package/dist/middleware/sessionAuth.d.ts

@@ -1,4 +1,4 @@
-import * as hono8 from "hono";
+import * as hono7 from "hono";
 
 //#region src/middleware/sessionAuth.d.ts
 
@@ -7,11 +7,11 @@ import * as hono8 from "hono";
  * Requires that a user has already been authenticated via Better Auth session.
  * Used primarily for manage routes that require an active user session.
  */
-declare const sessionAuth: () => hono8.MiddlewareHandler<any, string, {}, Response>;
+declare const sessionAuth: () => hono7.MiddlewareHandler<any, string, {}, Response>;
 /**
  * Global session middleware - sets user and session in context for all routes
  * Used for all routes that require an active user session.
  */
-declare const sessionContext: () => hono8.MiddlewareHandler<any, string, {}, Response>;
+declare const sessionContext: () => hono7.MiddlewareHandler<any, string, {}, Response>;
 //#endregion
 export { sessionAuth, sessionContext };

package/dist/middleware/tenantAccess.d.ts

@@ -1,4 +1,4 @@
-import * as hono0 from "hono";
+import * as hono10 from "hono";
 
 //#region src/middleware/tenantAccess.d.ts
 
@@ -11,7 +11,7 @@ import * as hono0 from "hono";
  * - API key user: Access only to the tenant associated with the API key
  * - Session user: Access based on organization membership
  */
-declare const requireTenantAccess: () => hono0.MiddlewareHandler<{
+declare const requireTenantAccess: () => hono10.MiddlewareHandler<{
   Variables: {
     userId: string;
     tenantId: string;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inkeep/agents-api",
-  "version": "0.0.0-dev-20260209221416",
+  "version": "0.0.0-dev-20260209233018",
   "description": "Unified Inkeep Agents API - combines management, runtime, and evaluation capabilities",
   "types": "dist/index.d.ts",
   "exports": {
@@ -66,10 +66,10 @@
     "openid-client": "^6.8.1",
     "pg": "^8.16.3",
     "workflow": "4.0.1-beta.33",
-    "@inkeep/agents-core": "^0.0.0-dev-20260209221416",
-    "@inkeep/agents-manage-mcp": "^0.0.0-dev-20260209221416",
-    "@inkeep/agents-mcp": "^0.0.0-dev-20260209221416",
-    "@inkeep/agents-work-apps": "^0.0.0-dev-20260209221416"
+    "@inkeep/agents-core": "^0.0.0-dev-20260209233018",
+    "@inkeep/agents-manage-mcp": "^0.0.0-dev-20260209233018",
+    "@inkeep/agents-mcp": "^0.0.0-dev-20260209233018",
+    "@inkeep/agents-work-apps": "^0.0.0-dev-20260209233018"
   },
   "peerDependencies": {
     "@hono/zod-openapi": "^1.1.5",