@inkeep/agents-api 0.0.0-dev-20260211191741 → 0.0.0-dev-20260211220939
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/.well-known/workflow/v1/manifest.debug.json +19 -19
- package/dist/.well-known/workflow/v1/step.cjs +424 -250
- package/dist/createApp.js +12 -1
- package/dist/domains/evals/routes/datasetTriggers.d.ts +2 -2
- package/dist/domains/evals/routes/index.d.ts +2 -2
- package/dist/domains/evals/services/EvaluationService.d.ts +0 -5
- package/dist/domains/evals/services/EvaluationService.js +2 -51
- package/dist/domains/evals/workflow/routes.d.ts +2 -2
- package/dist/domains/manage/routes/availableAgents.d.ts +2 -2
- package/dist/domains/manage/routes/conversations.d.ts +2 -2
- package/dist/domains/manage/routes/index.d.ts +2 -2
- package/dist/domains/manage/routes/invitations.d.ts +2 -2
- package/dist/domains/manage/routes/mcp.d.ts +2 -2
- package/dist/domains/manage/routes/passwordResetLinks.d.ts +2 -2
- package/dist/domains/manage/routes/users.d.ts +2 -2
- package/dist/domains/mcp/routes/mcp.d.ts +2 -2
- package/dist/domains/run/agents/Agent.js +2 -2
- package/dist/domains/run/agents/relationTools.d.ts +2 -2
- package/dist/domains/run/utils/SchemaProcessor.d.ts +1 -1
- package/dist/domains/run/utils/project.js +2 -2
- package/dist/domains/run/utils/token-estimator.d.ts +2 -2
- package/dist/domains/work-apps/index.d.ts +13 -0
- package/dist/domains/work-apps/index.js +23 -0
- package/dist/env.d.ts +2 -2
- package/dist/factory.d.ts +20 -20
- package/dist/index.d.ts +18 -18
- package/dist/middleware/cors.d.ts +6 -1
- package/dist/middleware/cors.js +27 -1
- package/dist/middleware/evalsAuth.d.ts +2 -2
- package/dist/middleware/index.d.ts +3 -2
- package/dist/middleware/index.js +3 -2
- package/dist/middleware/manageAuth.d.ts +2 -2
- package/dist/middleware/manageAuth.js +16 -1
- package/dist/middleware/projectAccess.d.ts +2 -2
- package/dist/middleware/projectConfig.d.ts +3 -3
- package/dist/middleware/requirePermission.d.ts +2 -2
- package/dist/middleware/runAuth.d.ts +4 -4
- package/dist/middleware/runAuth.js +71 -1
- package/dist/middleware/sessionAuth.d.ts +3 -3
- package/dist/middleware/tenantAccess.d.ts +2 -2
- package/dist/middleware/tracing.d.ts +3 -3
- package/dist/middleware/workAppsAuth.d.ts +7 -0
- package/dist/middleware/workAppsAuth.js +30 -0
- package/dist/openapi.d.ts +5 -0
- package/dist/openapi.js +6 -1
- package/package.json +5 -5
package/dist/middleware/cors.js
CHANGED
|
@@ -141,6 +141,32 @@ const signozCorsConfig = {
|
|
|
141
141
|
maxAge: 600,
|
|
142
142
|
credentials: true
|
|
143
143
|
};
|
|
144
|
+
/**
|
|
145
|
+
* CORS configuration for work-apps routes (Slack, etc.)
|
|
146
|
+
* Needs to allow cross-origin requests with credentials for dashboard integration
|
|
147
|
+
*/
|
|
148
|
+
const workAppsCorsConfig = {
|
|
149
|
+
origin: originHandler,
|
|
150
|
+
allowHeaders: [
|
|
151
|
+
"content-type",
|
|
152
|
+
"Content-Type",
|
|
153
|
+
"authorization",
|
|
154
|
+
"Authorization",
|
|
155
|
+
"User-Agent",
|
|
156
|
+
"Cookie"
|
|
157
|
+
],
|
|
158
|
+
allowMethods: [
|
|
159
|
+
"GET",
|
|
160
|
+
"POST",
|
|
161
|
+
"PUT",
|
|
162
|
+
"DELETE",
|
|
163
|
+
"OPTIONS",
|
|
164
|
+
"PATCH"
|
|
165
|
+
],
|
|
166
|
+
exposeHeaders: ["Content-Length"],
|
|
167
|
+
maxAge: 600,
|
|
168
|
+
credentials: true
|
|
169
|
+
};
|
|
144
170
|
|
|
145
171
|
//#endregion
|
|
146
|
-
export { authCorsConfig, defaultCorsConfig, getBaseDomain, getRootDomain, isOriginAllowed, playgroundCorsConfig, runCorsConfig, signozCorsConfig };
|
|
172
|
+
export { authCorsConfig, defaultCorsConfig, getBaseDomain, getRootDomain, isOriginAllowed, playgroundCorsConfig, runCorsConfig, signozCorsConfig, workAppsCorsConfig };
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { BaseExecutionContext } from "@inkeep/agents-core";
|
|
2
|
-
import * as
|
|
2
|
+
import * as hono0 from "hono";
|
|
3
3
|
|
|
4
4
|
//#region src/middleware/evalsAuth.d.ts
|
|
5
5
|
|
|
@@ -7,7 +7,7 @@ import * as hono6 from "hono";
|
|
|
7
7
|
* Middleware to authenticate API requests using Bearer token authentication
|
|
8
8
|
* First checks if token matches INKEEP_AGENTS_EVAL_API_BYPASS_SECRET,
|
|
9
9
|
*/
|
|
10
|
-
declare const evalApiKeyAuth: () =>
|
|
10
|
+
declare const evalApiKeyAuth: () => hono0.MiddlewareHandler<{
|
|
11
11
|
Variables: {
|
|
12
12
|
executionContext: BaseExecutionContext;
|
|
13
13
|
};
|
|
@@ -1,8 +1,9 @@
|
|
|
1
|
-
import { authCorsConfig, defaultCorsConfig, getBaseDomain, isOriginAllowed, playgroundCorsConfig, runCorsConfig, signozCorsConfig } from "./cors.js";
|
|
1
|
+
import { authCorsConfig, defaultCorsConfig, getBaseDomain, isOriginAllowed, playgroundCorsConfig, runCorsConfig, signozCorsConfig, workAppsCorsConfig } from "./cors.js";
|
|
2
2
|
import { errorHandler } from "./errorHandler.js";
|
|
3
3
|
import { manageApiKeyAuth } from "./manageAuth.js";
|
|
4
4
|
import { oauthRefMiddleware } from "./ref.js";
|
|
5
5
|
import { runApiKeyAuth, runApiKeyAuthExcept, runOptionalAuth } from "./runAuth.js";
|
|
6
6
|
import { sessionAuth } from "./sessionAuth.js";
|
|
7
7
|
import { requireTenantAccess } from "./tenantAccess.js";
|
|
8
|
-
|
|
8
|
+
import { workAppsAuth } from "./workAppsAuth.js";
|
|
9
|
+
export { authCorsConfig, defaultCorsConfig, errorHandler, getBaseDomain, isOriginAllowed, manageApiKeyAuth, oauthRefMiddleware, playgroundCorsConfig, requireTenantAccess, runApiKeyAuth, runApiKeyAuthExcept, runCorsConfig, runOptionalAuth, sessionAuth, signozCorsConfig, workAppsAuth, workAppsCorsConfig };
|
package/dist/middleware/index.js
CHANGED
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
import { sessionAuth } from "./sessionAuth.js";
|
|
2
|
-
import { authCorsConfig, defaultCorsConfig, getBaseDomain, isOriginAllowed, playgroundCorsConfig, runCorsConfig, signozCorsConfig } from "./cors.js";
|
|
2
|
+
import { authCorsConfig, defaultCorsConfig, getBaseDomain, isOriginAllowed, playgroundCorsConfig, runCorsConfig, signozCorsConfig, workAppsCorsConfig } from "./cors.js";
|
|
3
3
|
import { errorHandler } from "./errorHandler.js";
|
|
4
4
|
import { manageApiKeyAuth } from "./manageAuth.js";
|
|
5
5
|
import { oauthRefMiddleware } from "./ref.js";
|
|
6
6
|
import { runApiKeyAuth, runApiKeyAuthExcept, runOptionalAuth } from "./runAuth.js";
|
|
7
7
|
import { requireTenantAccess } from "./tenantAccess.js";
|
|
8
|
+
import { workAppsAuth } from "./workAppsAuth.js";
|
|
8
9
|
|
|
9
|
-
export { authCorsConfig, defaultCorsConfig, errorHandler, getBaseDomain, isOriginAllowed, manageApiKeyAuth, oauthRefMiddleware, playgroundCorsConfig, requireTenantAccess, runApiKeyAuth, runApiKeyAuthExcept, runCorsConfig, runOptionalAuth, sessionAuth, signozCorsConfig };
|
|
10
|
+
export { authCorsConfig, defaultCorsConfig, errorHandler, getBaseDomain, isOriginAllowed, manageApiKeyAuth, oauthRefMiddleware, playgroundCorsConfig, requireTenantAccess, runApiKeyAuth, runApiKeyAuthExcept, runCorsConfig, runOptionalAuth, sessionAuth, signozCorsConfig, workAppsAuth, workAppsCorsConfig };
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { BaseExecutionContext } from "@inkeep/agents-core";
|
|
2
|
-
import * as
|
|
2
|
+
import * as hono1 from "hono";
|
|
3
3
|
import { createAuth } from "@inkeep/agents-core/auth";
|
|
4
4
|
|
|
5
5
|
//#region src/middleware/manageAuth.d.ts
|
|
@@ -12,7 +12,7 @@ import { createAuth } from "@inkeep/agents-core/auth";
|
|
|
12
12
|
* 3. Database API key
|
|
13
13
|
* 4. Internal service token
|
|
14
14
|
*/
|
|
15
|
-
declare const manageApiKeyAuth: () =>
|
|
15
|
+
declare const manageApiKeyAuth: () => hono1.MiddlewareHandler<{
|
|
16
16
|
Variables: {
|
|
17
17
|
executionContext: BaseExecutionContext;
|
|
18
18
|
userId?: string;
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { env } from "../env.js";
|
|
2
2
|
import runDbClient_default from "../data/db/runDbClient.js";
|
|
3
|
-
import { getLogger, isInternalServiceToken, validateAndGetApiKey, verifyInternalServiceAuthHeader } from "@inkeep/agents-core";
|
|
3
|
+
import { getLogger, isInternalServiceToken, isSlackUserToken, validateAndGetApiKey, verifyInternalServiceAuthHeader, verifySlackUserToken } from "@inkeep/agents-core";
|
|
4
4
|
import { createMiddleware } from "hono/factory";
|
|
5
5
|
import { HTTPException } from "hono/http-exception";
|
|
6
6
|
|
|
@@ -58,6 +58,21 @@ const manageApiKeyAuth = () => createMiddleware(async (c, next) => {
|
|
|
58
58
|
await next();
|
|
59
59
|
return;
|
|
60
60
|
}
|
|
61
|
+
if (isSlackUserToken(token)) {
|
|
62
|
+
const result = await verifySlackUserToken(token);
|
|
63
|
+
if (!result.valid || !result.payload) throw new HTTPException(401, { message: result.error || "Invalid Slack user token" });
|
|
64
|
+
logger.info({
|
|
65
|
+
inkeepUserId: result.payload.sub,
|
|
66
|
+
tenantId: result.payload.tenantId,
|
|
67
|
+
slackTeamId: result.payload.slack.teamId,
|
|
68
|
+
slackUserId: result.payload.slack.userId
|
|
69
|
+
}, "Slack user JWT authenticated successfully");
|
|
70
|
+
c.set("userId", result.payload.sub);
|
|
71
|
+
if (result.payload.slack.email) c.set("userEmail", result.payload.slack.email);
|
|
72
|
+
c.set("tenantId", result.payload.tenantId);
|
|
73
|
+
await next();
|
|
74
|
+
return;
|
|
75
|
+
}
|
|
61
76
|
if (isInternalServiceToken(token)) {
|
|
62
77
|
const result = await verifyInternalServiceAuthHeader(authHeader);
|
|
63
78
|
if (!result.valid || !result.payload) throw new HTTPException(401, { message: result.error || "Invalid internal service token" });
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { ManageAppVariables } from "../types/app.js";
|
|
2
2
|
import { ProjectPermissionLevel } from "@inkeep/agents-core";
|
|
3
|
-
import * as
|
|
3
|
+
import * as hono2 from "hono";
|
|
4
4
|
|
|
5
5
|
//#region src/middleware/projectAccess.d.ts
|
|
6
6
|
/**
|
|
@@ -10,6 +10,6 @@ declare const requireProjectPermission: <Env$1 extends {
|
|
|
10
10
|
Variables: ManageAppVariables;
|
|
11
11
|
} = {
|
|
12
12
|
Variables: ManageAppVariables;
|
|
13
|
-
}>(permission?: ProjectPermissionLevel) =>
|
|
13
|
+
}>(permission?: ProjectPermissionLevel) => hono2.MiddlewareHandler<Env$1, string, {}, Response>;
|
|
14
14
|
//#endregion
|
|
15
15
|
export { requireProjectPermission };
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
import { BaseExecutionContext, ResolvedRef } from "@inkeep/agents-core";
|
|
2
|
-
import * as
|
|
2
|
+
import * as hono3 from "hono";
|
|
3
3
|
|
|
4
4
|
//#region src/middleware/projectConfig.d.ts
|
|
5
5
|
/**
|
|
6
6
|
* Middleware that fetches the full project definition from the Management API
|
|
7
7
|
*/
|
|
8
|
-
declare const projectConfigMiddleware:
|
|
8
|
+
declare const projectConfigMiddleware: hono3.MiddlewareHandler<{
|
|
9
9
|
Variables: {
|
|
10
10
|
executionContext: BaseExecutionContext;
|
|
11
11
|
resolvedRef: ResolvedRef;
|
|
@@ -15,7 +15,7 @@ declare const projectConfigMiddleware: hono0.MiddlewareHandler<{
|
|
|
15
15
|
* Creates a middleware that applies project config fetching except for specified route patterns
|
|
16
16
|
* @param skipRouteCheck - Function that returns true if the route should skip the middleware
|
|
17
17
|
*/
|
|
18
|
-
declare const projectConfigMiddlewareExcept: (skipRouteCheck: (path: string) => boolean) =>
|
|
18
|
+
declare const projectConfigMiddlewareExcept: (skipRouteCheck: (path: string) => boolean) => hono3.MiddlewareHandler<{
|
|
19
19
|
Variables: {
|
|
20
20
|
executionContext: BaseExecutionContext;
|
|
21
21
|
resolvedRef: ResolvedRef;
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { ManageAppVariables } from "../types/app.js";
|
|
2
|
-
import * as
|
|
2
|
+
import * as hono5 from "hono";
|
|
3
3
|
|
|
4
4
|
//#region src/middleware/requirePermission.d.ts
|
|
5
5
|
type Permission = {
|
|
@@ -9,6 +9,6 @@ declare const requirePermission: <Env$1 extends {
|
|
|
9
9
|
Variables: ManageAppVariables;
|
|
10
10
|
} = {
|
|
11
11
|
Variables: ManageAppVariables;
|
|
12
|
-
}>(permissions: Permission) =>
|
|
12
|
+
}>(permissions: Permission) => hono5.MiddlewareHandler<Env$1, string, {}, Response>;
|
|
13
13
|
//#endregion
|
|
14
14
|
export { requirePermission };
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
import { BaseExecutionContext } from "@inkeep/agents-core";
|
|
2
|
-
import * as
|
|
2
|
+
import * as hono6 from "hono";
|
|
3
3
|
|
|
4
4
|
//#region src/middleware/runAuth.d.ts
|
|
5
|
-
declare const runApiKeyAuth: () =>
|
|
5
|
+
declare const runApiKeyAuth: () => hono6.MiddlewareHandler<{
|
|
6
6
|
Variables: {
|
|
7
7
|
executionContext: BaseExecutionContext;
|
|
8
8
|
};
|
|
@@ -11,7 +11,7 @@ declare const runApiKeyAuth: () => hono12.MiddlewareHandler<{
|
|
|
11
11
|
* Creates a middleware that applies API key authentication except for specified route patterns
|
|
12
12
|
* @param skipRouteCheck - Function that returns true if the route should skip authentication
|
|
13
13
|
*/
|
|
14
|
-
declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) =>
|
|
14
|
+
declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) => hono6.MiddlewareHandler<{
|
|
15
15
|
Variables: {
|
|
16
16
|
executionContext: BaseExecutionContext;
|
|
17
17
|
};
|
|
@@ -20,7 +20,7 @@ declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) =
|
|
|
20
20
|
* Helper middleware for endpoints that optionally support API key authentication
|
|
21
21
|
* If no auth header is present, it continues without setting the executionContext
|
|
22
22
|
*/
|
|
23
|
-
declare const runOptionalAuth: () =>
|
|
23
|
+
declare const runOptionalAuth: () => hono6.MiddlewareHandler<{
|
|
24
24
|
Variables: {
|
|
25
25
|
executionContext?: BaseExecutionContext;
|
|
26
26
|
};
|
|
@@ -2,7 +2,7 @@ import { getLogger as getLogger$1 } from "../logger.js";
|
|
|
2
2
|
import { env } from "../env.js";
|
|
3
3
|
import runDbClient_default from "../data/db/runDbClient.js";
|
|
4
4
|
import { createBaseExecutionContext } from "../types/runExecutionContext.js";
|
|
5
|
-
import { canUseProjectStrict, validateAndGetApiKey, validateTargetAgent, verifyServiceToken, verifyTempToken } from "@inkeep/agents-core";
|
|
5
|
+
import { canUseProjectStrict, isSlackUserToken, validateAndGetApiKey, validateTargetAgent, verifyServiceToken, verifySlackUserToken, verifyTempToken } from "@inkeep/agents-core";
|
|
6
6
|
import { createMiddleware } from "hono/factory";
|
|
7
7
|
import { HTTPException } from "hono/http-exception";
|
|
8
8
|
|
|
@@ -125,6 +125,73 @@ async function tryApiKeyAuth(apiKey) {
|
|
|
125
125
|
};
|
|
126
126
|
}
|
|
127
127
|
/**
|
|
128
|
+
* Authenticate using a Slack user JWT token (for Slack work app delegation)
|
|
129
|
+
*/
|
|
130
|
+
async function trySlackUserJwtAuth(token, reqData) {
|
|
131
|
+
if (!isSlackUserToken(token)) return { authResult: null };
|
|
132
|
+
const result = await verifySlackUserToken(token);
|
|
133
|
+
if (!result.valid || !result.payload) {
|
|
134
|
+
logger.warn({ error: result.error }, "Invalid Slack user JWT token");
|
|
135
|
+
return {
|
|
136
|
+
authResult: null,
|
|
137
|
+
failureMessage: `Invalid Slack user token: ${result.error || "Invalid token"}`
|
|
138
|
+
};
|
|
139
|
+
}
|
|
140
|
+
const payload = result.payload;
|
|
141
|
+
if (!reqData.projectId || !reqData.agentId) {
|
|
142
|
+
logger.warn({
|
|
143
|
+
hasProjectId: !!reqData.projectId,
|
|
144
|
+
hasAgentId: !!reqData.agentId
|
|
145
|
+
}, "Slack user JWT requires x-inkeep-project-id and x-inkeep-agent-id headers");
|
|
146
|
+
return {
|
|
147
|
+
authResult: null,
|
|
148
|
+
failureMessage: "Slack user token requires x-inkeep-project-id and x-inkeep-agent-id headers"
|
|
149
|
+
};
|
|
150
|
+
}
|
|
151
|
+
try {
|
|
152
|
+
if (!await canUseProjectStrict({
|
|
153
|
+
userId: payload.sub,
|
|
154
|
+
projectId: reqData.projectId
|
|
155
|
+
})) {
|
|
156
|
+
logger.warn({
|
|
157
|
+
userId: payload.sub,
|
|
158
|
+
tenantId: payload.tenantId,
|
|
159
|
+
projectId: reqData.projectId
|
|
160
|
+
}, "Slack user JWT: user does not have access to requested project");
|
|
161
|
+
return {
|
|
162
|
+
authResult: null,
|
|
163
|
+
failureMessage: "Access denied: insufficient permissions for the requested project"
|
|
164
|
+
};
|
|
165
|
+
}
|
|
166
|
+
} catch (error) {
|
|
167
|
+
logger.error({
|
|
168
|
+
error,
|
|
169
|
+
userId: payload.sub,
|
|
170
|
+
projectId: reqData.projectId
|
|
171
|
+
}, "SpiceDB permission check failed for Slack JWT");
|
|
172
|
+
throw new HTTPException(503, { message: "Authorization service temporarily unavailable" });
|
|
173
|
+
}
|
|
174
|
+
logger.info({
|
|
175
|
+
inkeepUserId: payload.sub,
|
|
176
|
+
tenantId: payload.tenantId,
|
|
177
|
+
slackTeamId: payload.slack.teamId,
|
|
178
|
+
slackUserId: payload.slack.userId,
|
|
179
|
+
projectId: reqData.projectId,
|
|
180
|
+
agentId: reqData.agentId
|
|
181
|
+
}, "Slack user JWT token authenticated successfully");
|
|
182
|
+
return { authResult: {
|
|
183
|
+
apiKey: "slack-user-jwt",
|
|
184
|
+
tenantId: payload.tenantId,
|
|
185
|
+
projectId: reqData.projectId,
|
|
186
|
+
agentId: reqData.agentId,
|
|
187
|
+
apiKeyId: "slack-user-token",
|
|
188
|
+
metadata: { initiatedBy: {
|
|
189
|
+
type: "user",
|
|
190
|
+
id: payload.sub
|
|
191
|
+
} }
|
|
192
|
+
} };
|
|
193
|
+
}
|
|
194
|
+
/**
|
|
128
195
|
* Authenticate using a team agent JWT token (for intra-tenant delegation)
|
|
129
196
|
*/
|
|
130
197
|
async function tryTeamAgentAuth(token, expectedSubAgentId) {
|
|
@@ -210,6 +277,9 @@ async function authenticateRequest(reqData) {
|
|
|
210
277
|
if (jwtResult) return { authResult: jwtResult };
|
|
211
278
|
const bypassResult = tryBypassAuth(apiKey, reqData);
|
|
212
279
|
if (bypassResult) return { authResult: bypassResult };
|
|
280
|
+
const slackAttempt = await trySlackUserJwtAuth(apiKey, reqData);
|
|
281
|
+
if (slackAttempt.authResult) return { authResult: slackAttempt.authResult };
|
|
282
|
+
if (slackAttempt.failureMessage) return slackAttempt;
|
|
213
283
|
const apiKeyResult = await tryApiKeyAuth(apiKey);
|
|
214
284
|
if (apiKeyResult) return { authResult: apiKeyResult };
|
|
215
285
|
const teamAttempt = await tryTeamAgentAuth(apiKey, subAgentId);
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import * as
|
|
1
|
+
import * as hono9 from "hono";
|
|
2
2
|
|
|
3
3
|
//#region src/middleware/sessionAuth.d.ts
|
|
4
4
|
|
|
@@ -7,11 +7,11 @@ import * as hono7 from "hono";
|
|
|
7
7
|
* Requires that a user has already been authenticated via Better Auth session.
|
|
8
8
|
* Used primarily for manage routes that require an active user session.
|
|
9
9
|
*/
|
|
10
|
-
declare const sessionAuth: () =>
|
|
10
|
+
declare const sessionAuth: () => hono9.MiddlewareHandler<any, string, {}, Response>;
|
|
11
11
|
/**
|
|
12
12
|
* Global session middleware - sets user and session in context for all routes
|
|
13
13
|
* Used for all routes that require an active user session.
|
|
14
14
|
*/
|
|
15
|
-
declare const sessionContext: () =>
|
|
15
|
+
declare const sessionContext: () => hono9.MiddlewareHandler<any, string, {}, Response>;
|
|
16
16
|
//#endregion
|
|
17
17
|
export { sessionAuth, sessionContext };
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import * as
|
|
1
|
+
import * as hono11 from "hono";
|
|
2
2
|
|
|
3
3
|
//#region src/middleware/tenantAccess.d.ts
|
|
4
4
|
|
|
@@ -11,7 +11,7 @@ import * as hono15 from "hono";
|
|
|
11
11
|
* - API key user: Access only to the tenant associated with the API key
|
|
12
12
|
* - Session user: Access based on organization membership
|
|
13
13
|
*/
|
|
14
|
-
declare const requireTenantAccess: () =>
|
|
14
|
+
declare const requireTenantAccess: () => hono11.MiddlewareHandler<{
|
|
15
15
|
Variables: {
|
|
16
16
|
userId: string;
|
|
17
17
|
tenantId: string;
|
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import * as
|
|
1
|
+
import * as hono12 from "hono";
|
|
2
2
|
|
|
3
3
|
//#region src/middleware/tracing.d.ts
|
|
4
|
-
declare const otelBaggageMiddleware: () =>
|
|
5
|
-
declare const executionBaggageMiddleware: () =>
|
|
4
|
+
declare const otelBaggageMiddleware: () => hono12.MiddlewareHandler<any, string, {}, Response>;
|
|
5
|
+
declare const executionBaggageMiddleware: () => hono12.MiddlewareHandler<any, string, {}, Response>;
|
|
6
6
|
//#endregion
|
|
7
7
|
export { executionBaggageMiddleware, otelBaggageMiddleware };
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
import { env } from "../env.js";
|
|
2
|
+
import { sessionAuth } from "./sessionAuth.js";
|
|
3
|
+
import { manageApiKeyAuth } from "./manageAuth.js";
|
|
4
|
+
|
|
5
|
+
//#region src/middleware/workAppsAuth.ts
|
|
6
|
+
const isTestEnvironment = () => env.ENVIRONMENT === "test";
|
|
7
|
+
const workAppsAuth = async (c, next) => {
|
|
8
|
+
if (isTestEnvironment()) {
|
|
9
|
+
await next();
|
|
10
|
+
return;
|
|
11
|
+
}
|
|
12
|
+
if (env.ENVIRONMENT === "development") {
|
|
13
|
+
const origin = c.req.header("Origin");
|
|
14
|
+
if (origin) try {
|
|
15
|
+
const originUrl = new URL(origin);
|
|
16
|
+
if (originUrl.hostname === "localhost" || originUrl.hostname === "127.0.0.1") {
|
|
17
|
+
c.set("userId", "dev-user");
|
|
18
|
+
c.set("tenantId", "default");
|
|
19
|
+
c.set("tenantRole", "owner");
|
|
20
|
+
await next();
|
|
21
|
+
return;
|
|
22
|
+
}
|
|
23
|
+
} catch {}
|
|
24
|
+
}
|
|
25
|
+
if (c.req.header("Authorization")?.startsWith("Bearer ")) return manageApiKeyAuth()(c, next);
|
|
26
|
+
return sessionAuth()(c, next);
|
|
27
|
+
};
|
|
28
|
+
|
|
29
|
+
//#endregion
|
|
30
|
+
export { workAppsAuth };
|
package/dist/openapi.d.ts
CHANGED
|
@@ -8,6 +8,7 @@ declare const TagToDescription: {
|
|
|
8
8
|
Agents: string;
|
|
9
9
|
'Artifact Components': string;
|
|
10
10
|
Branches: string;
|
|
11
|
+
Channels: string;
|
|
11
12
|
CLI: string;
|
|
12
13
|
Chat: string;
|
|
13
14
|
'Context Configs': string;
|
|
@@ -27,13 +28,17 @@ declare const TagToDescription: {
|
|
|
27
28
|
'Project Permissions': string;
|
|
28
29
|
Projects: string;
|
|
29
30
|
Refs: string;
|
|
31
|
+
Slack: string;
|
|
30
32
|
SubAgents: string;
|
|
31
33
|
'Third-Party MCP Servers': string;
|
|
32
34
|
Tools: string;
|
|
33
35
|
Triggers: string;
|
|
34
36
|
'User Project Memberships': string;
|
|
37
|
+
Users: string;
|
|
35
38
|
Webhooks: string;
|
|
39
|
+
'Work Apps': string;
|
|
36
40
|
Workflows: string;
|
|
41
|
+
Workspaces: string;
|
|
37
42
|
};
|
|
38
43
|
declare function setupOpenAPIRoutes<E extends Env = Env>(app: OpenAPIHono<E>): void;
|
|
39
44
|
//#endregion
|
package/dist/openapi.js
CHANGED
|
@@ -7,6 +7,7 @@ const TagToDescription = {
|
|
|
7
7
|
Agents: "Operations for managing agents",
|
|
8
8
|
"Artifact Components": "Operations for managing artifact components",
|
|
9
9
|
Branches: "Operations for managing branches",
|
|
10
|
+
Channels: "Operations for managing Slack channels",
|
|
10
11
|
CLI: "CLI authentication endpoints",
|
|
11
12
|
Chat: "Chat completions endpoints",
|
|
12
13
|
"Context Configs": "Operations for managing context configurations",
|
|
@@ -26,13 +27,17 @@ const TagToDescription = {
|
|
|
26
27
|
"Project Permissions": "Operations for managing project permissions",
|
|
27
28
|
Projects: "Operations for managing projects",
|
|
28
29
|
Refs: "Operations for the resolved ref (branch name, tag name, or commit hash)",
|
|
30
|
+
Slack: "Slack App integration endpoints",
|
|
29
31
|
SubAgents: "Operations for managing sub agents",
|
|
30
32
|
"Third-Party MCP Servers": "Operations for managing third-party MCP servers",
|
|
31
33
|
Tools: "Operations for managing MCP tools",
|
|
32
34
|
Triggers: "Operations for managing triggers",
|
|
33
35
|
"User Project Memberships": "Operations for managing user project memberships",
|
|
36
|
+
Users: "Operations for managing users",
|
|
34
37
|
Webhooks: "Webhook endpoints",
|
|
35
|
-
|
|
38
|
+
"Work Apps": "Work app integrations (Slack, Teams, etc.)",
|
|
39
|
+
Workflows: "Workflow trigger endpoints",
|
|
40
|
+
Workspaces: "Operations for managing Slack workspaces"
|
|
36
41
|
};
|
|
37
42
|
function setupOpenAPIRoutes(app) {
|
|
38
43
|
app.get("/openapi.json", (c) => {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@inkeep/agents-api",
|
|
3
|
-
"version": "0.0.0-dev-
|
|
3
|
+
"version": "0.0.0-dev-20260211220939",
|
|
4
4
|
"description": "Unified Inkeep Agents API - combines management, runtime, and evaluation capabilities",
|
|
5
5
|
"types": "dist/index.d.ts",
|
|
6
6
|
"exports": {
|
|
@@ -66,10 +66,10 @@
|
|
|
66
66
|
"openid-client": "^6.8.1",
|
|
67
67
|
"pg": "^8.16.3",
|
|
68
68
|
"workflow": "4.0.1-beta.33",
|
|
69
|
-
"@inkeep/agents-core": "^0.0.0-dev-
|
|
70
|
-
"@inkeep/agents-manage-mcp": "^0.0.0-dev-
|
|
71
|
-
"@inkeep/agents-mcp": "^0.0.0-dev-
|
|
72
|
-
"@inkeep/agents-work-apps": "^0.0.0-dev-
|
|
69
|
+
"@inkeep/agents-core": "^0.0.0-dev-20260211220939",
|
|
70
|
+
"@inkeep/agents-manage-mcp": "^0.0.0-dev-20260211220939",
|
|
71
|
+
"@inkeep/agents-mcp": "^0.0.0-dev-20260211220939",
|
|
72
|
+
"@inkeep/agents-work-apps": "^0.0.0-dev-20260211220939"
|
|
73
73
|
},
|
|
74
74
|
"peerDependencies": {
|
|
75
75
|
"@hono/zod-openapi": "^1.1.5",
|