npm - @inkeep/agents-api - Versions diffs - 0.0.0-dev-20260219033751 → 0.0.0-dev-20260219045007 - Mend

@inkeep/agents-api 0.0.0-dev-20260219033751 → 0.0.0-dev-20260219045007

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (109) hide show

package/dist/.well-known/workflow/v1/manifest.json +34 -34
package/dist/createApp.js +16 -90
package/dist/data/db/manageDbClient.d.ts +2 -2
package/dist/domains/evals/routes/datasetTriggers.d.ts +2 -2
package/dist/domains/evals/routes/datasetTriggers.js +5 -2
package/dist/domains/evals/routes/evaluationTriggers.js +9 -4
package/dist/domains/evals/routes/index.d.ts +2 -2
package/dist/domains/evals/workflow/routes.d.ts +2 -2
package/dist/domains/manage/index.js +4 -0
package/dist/domains/manage/routes/agent.js +16 -20
package/dist/domains/manage/routes/agentFull.js +10 -17
package/dist/domains/manage/routes/apiKeys.js +12 -14
package/dist/domains/manage/routes/artifactComponents.js +12 -15
package/dist/domains/manage/routes/availableAgents.d.ts +2 -2
package/dist/domains/manage/routes/availableAgents.js +4 -2
package/dist/domains/manage/routes/branches.js +12 -14
package/dist/domains/manage/routes/cliAuth.js +4 -3
package/dist/domains/manage/routes/contextConfigs.js +12 -15
package/dist/domains/manage/routes/conversations.d.ts +2 -2
package/dist/domains/manage/routes/conversations.js +5 -2
package/dist/domains/manage/routes/credentialStores.js +7 -8
package/dist/domains/manage/routes/credentials.js +12 -14
package/dist/domains/manage/routes/dataComponents.js +12 -14
package/dist/domains/manage/routes/evals/datasetItems.js +14 -19
package/dist/domains/manage/routes/evals/datasetRunConfigs.js +13 -6
package/dist/domains/manage/routes/evals/datasetRuns.js +7 -3
package/dist/domains/manage/routes/evals/datasets.js +12 -14
package/dist/domains/manage/routes/evals/evaluationJobConfigEvaluatorRelations.js +8 -8
package/dist/domains/manage/routes/evals/evaluationJobConfigs.js +12 -14
package/dist/domains/manage/routes/evals/evaluationResults.js +10 -13
package/dist/domains/manage/routes/evals/evaluationRunConfigs.js +14 -15
package/dist/domains/manage/routes/evals/evaluationSuiteConfigEvaluatorRelations.js +8 -8
package/dist/domains/manage/routes/evals/evaluationSuiteConfigs.js +12 -14
package/dist/domains/manage/routes/evals/evaluators.js +14 -15
package/dist/domains/manage/routes/externalAgents.js +12 -14
package/dist/domains/manage/routes/functionTools.js +12 -15
package/dist/domains/manage/routes/functions.js +12 -15
package/dist/domains/manage/routes/github.js +16 -8
package/dist/domains/manage/routes/index.d.ts +2 -2
package/dist/domains/manage/routes/index.js +0 -4
package/dist/domains/manage/routes/invitations.d.ts +2 -2
package/dist/domains/manage/routes/mcpCatalog.js +5 -2
package/dist/domains/manage/routes/mcpToolGithubAccess.js +6 -4
package/dist/domains/manage/routes/oauth.js +6 -66
package/dist/domains/manage/routes/passwordResetLinks.d.ts +2 -2
package/dist/domains/manage/routes/playgroundToken.js +4 -2
package/dist/domains/manage/routes/projectFull.js +13 -26
package/dist/domains/manage/routes/projectGithubAccess.js +7 -3
package/dist/domains/manage/routes/projectMembers.js +14 -13
package/dist/domains/manage/routes/projectPermissions.js +5 -2
package/dist/domains/manage/routes/projects.js +12 -16
package/dist/domains/manage/routes/ref.js +5 -2
package/dist/domains/manage/routes/scheduledTriggers.js +24 -21
package/dist/domains/manage/routes/signoz.d.ts +2 -2
package/dist/domains/manage/routes/skills.js +12 -15
package/dist/domains/manage/routes/subAgentArtifactComponents.js +12 -14
package/dist/domains/manage/routes/subAgentDataComponents.js +12 -14
package/dist/domains/manage/routes/subAgentExternalAgentRelations.js +12 -15
package/dist/domains/manage/routes/subAgentFunctionTools.js +12 -14
package/dist/domains/manage/routes/subAgentRelations.js +12 -15
package/dist/domains/manage/routes/subAgentSkills.js +8 -12
package/dist/domains/manage/routes/subAgentTeamAgentRelations.js +12 -15
package/dist/domains/manage/routes/subAgentToolRelations.js +14 -16
package/dist/domains/manage/routes/subAgents.js +12 -15
package/dist/domains/manage/routes/thirdPartyMCPServers.js +7 -3
package/dist/domains/manage/routes/tools.js +79 -16
package/dist/domains/manage/routes/triggers.js +18 -22
package/dist/domains/manage/routes/userProjectMemberships.js +5 -3
package/dist/domains/manage/routes/users.d.ts +2 -2
package/dist/domains/mcp/routes/mcp.d.ts +2 -2
package/dist/domains/run/agents/relationTools.d.ts +2 -2
package/dist/domains/run/routes/agents.js +4 -2
package/dist/domains/run/routes/chat.js +4 -2
package/dist/domains/run/routes/chatDataStream.js +6 -3
package/dist/domains/run/routes/mcp.js +4 -2
package/dist/domains/run/routes/webhooks.js +5 -3
package/dist/domains/run/tools/distill-conversation-history-tool.d.ts +1 -1
package/dist/domains/run/types/chat.d.ts +4 -4
package/dist/domains/run/utils/token-estimator.d.ts +2 -2
package/dist/domains/run/workflow/steps/scheduledTriggerSteps.d.ts +5 -5
package/dist/factory.d.ts +21 -21
package/dist/index.d.ts +18 -18
package/dist/middleware/evalsAuth.d.ts +2 -2
package/dist/middleware/evalsAuth.js +37 -32
package/dist/middleware/index.d.ts +2 -3
package/dist/middleware/index.js +3 -4
package/dist/middleware/manageAuth.d.ts +9 -4
package/dist/middleware/manageAuth.js +24 -2
package/dist/middleware/projectAccess.d.ts +4 -3
package/dist/middleware/projectAccess.js +78 -64
package/dist/middleware/projectConfig.d.ts +3 -3
package/dist/middleware/ref.d.ts +1 -5
package/dist/middleware/ref.js +1 -21
package/dist/middleware/requirePermission.d.ts +2 -2
package/dist/middleware/requirePermission.js +64 -64
package/dist/middleware/runAuth.d.ts +4 -4
package/dist/middleware/sessionAuth.d.ts +3 -3
package/dist/middleware/sessionAuth.js +23 -18
package/dist/middleware/tenantAccess.d.ts +3 -2
package/dist/middleware/tenantAccess.js +12 -1
package/dist/middleware/tracing.d.ts +3 -3
package/dist/middleware/tracing.js +1 -1
package/dist/routes/capabilities.d.ts +10 -0
package/dist/routes/capabilities.js +35 -0
package/dist/routes/healthChecks.js +6 -3
package/dist/routes/workflowProcess.d.ts +10 -0
package/dist/routes/workflowProcess.js +23 -0
package/dist/types/app.d.ts +3 -3
package/package.json +4 -4

package/dist/middleware/ref.js CHANGED Viewed

@@ -214,26 +214,6 @@ const runRefMiddleware = createRefMiddleware(manageDbClient_default, {
 	extractProjectId: extractProjectIdFromExecutionContext,
 	allowProjectIdFromBody: false
 });
-/**
-* Extract tenantId from query parameters (for OAuth routes)
-*/
-const extractTenantIdFromQuery = (c) => {
-	return c.req.query("tenantId");
-};
-/**
-* Extract projectId from query parameters (for OAuth routes)
-*/
-const extractProjectIdFromQuery = (c) => {
-	return c.req.query("projectId");
-};
-/**
-* Ref middleware for OAuth routes - extracts tenant/project from query params
-*/
-const oauthRefMiddleware = createRefMiddleware(manageDbClient_default, {
-	extractTenantId: extractTenantIdFromQuery,
-	extractProjectId: extractProjectIdFromQuery,
-	allowProjectIdFromBody: false
-});
 //#endregion
-export { createRefMiddleware, manageRefMiddleware, oauthRefMiddleware, runRefMiddleware, writeProtectionMiddleware };
+export { createRefMiddleware, manageRefMiddleware, runRefMiddleware, writeProtectionMiddleware };

package/dist/middleware/requirePermission.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { ManageAppVariables } from "../types/app.js";
-import * as hono12 from "hono";
+import * as hono11 from "hono";
 //#region src/middleware/requirePermission.d.ts
 type Permission = {
@@ -9,6 +9,6 @@ declare const requirePermission: <Env$1 extends {
   Variables: ManageAppVariables;
 } = {
   Variables: ManageAppVariables;
-}>(permissions: Permission) => hono12.MiddlewareHandler<Env$1, string, {}, Response>;
+}>(permissions: Permission) => hono11.MiddlewareHandler<Env$1, string, {}, Response>;
 //#endregion
 export { requirePermission };

package/dist/middleware/requirePermission.js CHANGED Viewed

@@ -1,79 +1,79 @@
 import { createApiError } from "@inkeep/agents-core";
+import { registerAuthzMeta } from "@inkeep/agents-core/middleware";
 import { createMiddleware } from "hono/factory";
 import { HTTPException } from "hono/http-exception";
 //#region src/middleware/requirePermission.ts
-function formatPermissionsForDisplay(permissions) {
-	const formatted = [];
-	for (const [resource, actions] of Object.entries(permissions)) {
-		const actionList = Array.isArray(actions) ? actions : [actions];
-		for (const action of actionList) formatted.push(`${resource}:${action}`);
-	}
-	return formatted;
-}
-const requirePermission = (permissions) => createMiddleware(async (c, next) => {
-	const isTestEnvironment = process.env.ENVIRONMENT === "test";
-	const auth = c.get("auth");
-	if (isTestEnvironment || !auth) {
-		await next();
-		return;
-	}
-	const userId = c.get("userId");
-	const tenantId = c.get("tenantId");
-	const tenantRole = c.get("tenantRole");
-	const requiredPermissions = formatPermissionsForDisplay(permissions);
-	if (userId === "system" || userId?.startsWith("apikey:")) {
-		await next();
-		return;
-	}
-	if (!userId || !tenantId) throw createApiError({
-		code: "unauthorized",
-		message: "User or organization context not found. Ensure you are authenticated and belong to an organization.",
-		instance: c.req.path,
-		extensions: {
-			requiredPermissions,
-			context: {
-				hasUserId: !!userId,
-				hasTenantId: !!tenantId
-			}
+const requirePermission = (permissions) => {
+	const mw = createMiddleware(async (c, next) => {
+		const isTestEnvironment = process.env.ENVIRONMENT === "test";
+		const auth = c.get("auth");
+		if (isTestEnvironment || !auth) {
+			await next();
+			return;
 		}
-	});
-	try {
-		const result = await auth.api.hasPermission({
-			body: {
-				permissions,
-				organizationId: tenantId
-			},
-			headers: c.req.raw.headers
-		});
-		if (!result || !result.success) throw createApiError({
-			code: "forbidden",
-			message: `Permission denied. Required: ${requiredPermissions.join(", ")}`,
+		const userId = c.get("userId");
+		const tenantId = c.get("tenantId");
+		const tenantRole = c.get("tenantRole");
+		if (userId === "system" || userId?.startsWith("apikey:")) {
+			await next();
+			return;
+		}
+		if (!userId || !tenantId) throw createApiError({
+			code: "unauthorized",
+			message: "User or organization context not found. Ensure you are authenticated and belong to an organization.",
 			instance: c.req.path,
 			extensions: {
-				requiredPermissions,
+				permissions,
 				context: {
-					userId,
-					organizationId: tenantId,
-					currentRole: tenantRole || "unknown"
+					hasUserId: !!userId,
+					hasTenantId: !!tenantId
 				}
 			}
 		});
-		await next();
-	} catch (error) {
-		if (error instanceof HTTPException) throw error;
-		const errorMessage = error instanceof Error ? error.message : "Unknown error";
-		throw createApiError({
-			code: "internal_server_error",
-			message: "Failed to verify permissions",
-			instance: c.req.path,
-			extensions: {
-				requiredPermissions,
-				internalError: errorMessage
-			}
-		});
-	}
-});
+		try {
+			const result = await auth.api.hasPermission({
+				body: {
+					permissions,
+					organizationId: tenantId
+				},
+				headers: c.req.raw.headers
+			});
+			if (!result || !result.success) throw createApiError({
+				code: "forbidden",
+				message: "Permission denied. Required: organization admin.",
+				instance: c.req.path,
+				extensions: {
+					permissions,
+					context: {
+						userId,
+						organizationId: tenantId,
+						currentRole: tenantRole || "unknown"
+					}
+				}
+			});
+			await next();
+		} catch (error) {
+			if (error instanceof HTTPException) throw error;
+			const errorMessage = error instanceof Error ? error.message : "Unknown error";
+			throw createApiError({
+				code: "internal_server_error",
+				message: "Failed to verify permissions",
+				instance: c.req.path,
+				extensions: {
+					permissions,
+					internalError: errorMessage
+				}
+			});
+		}
+	});
+	registerAuthzMeta(mw, {
+		resource: "organization",
+		permission: "admin",
+		description: "Requires organization admin role"
+	});
+	return mw;
+};
 //#endregion
 export { requirePermission };

package/dist/middleware/runAuth.d.ts CHANGED Viewed

@@ -1,8 +1,8 @@
 import { BaseExecutionContext } from "@inkeep/agents-core";
-import * as hono0 from "hono";
+import * as hono3 from "hono";
 //#region src/middleware/runAuth.d.ts
-declare const runApiKeyAuth: () => hono0.MiddlewareHandler<{
+declare const runApiKeyAuth: () => hono3.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };
@@ -11,7 +11,7 @@ declare const runApiKeyAuth: () => hono0.MiddlewareHandler<{
  * Creates a middleware that applies API key authentication except for specified route patterns
  * @param skipRouteCheck - Function that returns true if the route should skip authentication
  */
-declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) => hono0.MiddlewareHandler<{
+declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) => hono3.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };
@@ -20,7 +20,7 @@ declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) =
  * Helper middleware for endpoints that optionally support API key authentication
  * If no auth header is present, it continues without setting the executionContext
  */
-declare const runOptionalAuth: () => hono0.MiddlewareHandler<{
+declare const runOptionalAuth: () => hono3.MiddlewareHandler<{
   Variables: {
     executionContext?: BaseExecutionContext;
   };

package/dist/middleware/sessionAuth.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import * as hono13 from "hono";
+import * as hono12 from "hono";
 //#region src/middleware/sessionAuth.d.ts
@@ -7,11 +7,11 @@ import * as hono13 from "hono";
  * Requires that a user has already been authenticated via Better Auth session.
  * Used primarily for manage routes that require an active user session.
  */
-declare const sessionAuth: () => hono13.MiddlewareHandler<any, string, {}, Response>;
+declare const sessionAuth: () => hono12.MiddlewareHandler<any, string, {}, Response>;
 /**
  * Global session middleware - sets user and session in context for all routes
  * Used for all routes that require an active user session.
  */
-declare const sessionContext: () => hono13.MiddlewareHandler<any, string, {}, Response>;
+declare const sessionContext: () => hono12.MiddlewareHandler<any, string, {}, Response>;
 //#endregion
 export { sessionAuth, sessionContext };

package/dist/middleware/sessionAuth.js CHANGED Viewed

@@ -1,4 +1,5 @@
 import { createApiError } from "@inkeep/agents-core";
+import { registerAuthzMeta } from "@inkeep/agents-core/middleware";
 import { createMiddleware } from "hono/factory";
 import { HTTPException } from "hono/http-exception";
@@ -8,24 +9,28 @@ import { HTTPException } from "hono/http-exception";
 * Requires that a user has already been authenticated via Better Auth session.
 * Used primarily for manage routes that require an active user session.
 */
-const sessionAuth = () => createMiddleware(async (c, next) => {
-	try {
-		const user = c.get("user");
-		if (!user) throw createApiError({
-			code: "unauthorized",
-			message: "Please log in to access this resource"
-		});
-		c.set("userId", user.id);
-		c.set("userEmail", user.email);
-		await next();
-	} catch (error) {
-		if (error instanceof HTTPException) throw error;
-		throw createApiError({
-			code: "unauthorized",
-			message: "Authentication failed"
-		});
-	}
-});
+const sessionAuth = () => {
+	const mw = createMiddleware(async (c, next) => {
+		try {
+			const user = c.get("user");
+			if (!user) throw createApiError({
+				code: "unauthorized",
+				message: "Please log in to access this resource"
+			});
+			c.set("userId", user.id);
+			c.set("userEmail", user.email);
+			await next();
+		} catch (error) {
+			if (error instanceof HTTPException) throw error;
+			throw createApiError({
+				code: "unauthorized",
+				message: "Authentication failed"
+			});
+		}
+	});
+	registerAuthzMeta(mw, { description: "Requires an active user session (cookie-based)" });
+	return mw;
+};
 /**
 * Global session middleware - sets user and session in context for all routes
 * Used for all routes that require an active user session.

package/dist/middleware/tenantAccess.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import * as hono17 from "hono";
+import * as hono6 from "hono";
 //#region src/middleware/tenantAccess.d.ts
@@ -7,11 +7,12 @@ import * as hono17 from "hono";
  * Verifies that the authenticated user has access to the requested tenant/organization.
  *
  * Access rules:
+ * - Test environment: Grants anonymous owner access (bypasses all checks)
  * - System user (bypass auth): Full access to all tenants
  * - API key user: Access only to the tenant associated with the API key
  * - Session user: Access based on organization membership
  */
-declare const requireTenantAccess: () => hono17.MiddlewareHandler<{
+declare const requireTenantAccess: () => hono6.MiddlewareHandler<{
   Variables: {
     userId: string;
     tenantId: string;

package/dist/middleware/tenantAccess.js CHANGED Viewed

@@ -1,3 +1,4 @@
+import { env } from "../env.js";
 import runDbClient_default from "../data/db/runDbClient.js";
 import { OrgRoles, createApiError, getUserOrganizationsFromDb } from "@inkeep/agents-core";
 import { createMiddleware } from "hono/factory";
@@ -9,13 +10,23 @@ import { HTTPException } from "hono/http-exception";
 * Verifies that the authenticated user has access to the requested tenant/organization.
 *
 * Access rules:
+* - Test environment: Grants anonymous owner access (bypasses all checks)
 * - System user (bypass auth): Full access to all tenants
 * - API key user: Access only to the tenant associated with the API key
 * - Session user: Access based on organization membership
 */
 const requireTenantAccess = () => createMiddleware(async (c, next) => {
-	const userId = c.get("userId");
 	const tenantId = c.req.param("tenantId");
+	if (env.ENVIRONMENT === "test") {
+		if (tenantId) {
+			c.set("tenantId", tenantId);
+			c.set("userId", "anonymous");
+			c.set("tenantRole", OrgRoles.OWNER);
+		}
+		await next();
+		return;
+	}
+	const userId = c.get("userId");
 	if (!userId) throw createApiError({
 		code: "unauthorized",
 		message: "User ID not found"

package/dist/middleware/tracing.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
-import * as hono9 from "hono";
+import * as hono7 from "hono";
 //#region src/middleware/tracing.d.ts
-declare const otelBaggageMiddleware: () => hono9.MiddlewareHandler<any, string, {}, Response>;
-declare const executionBaggageMiddleware: () => hono9.MiddlewareHandler<any, string, {}, Response>;
+declare const otelBaggageMiddleware: () => hono7.MiddlewareHandler<any, string, {}, Response>;
+declare const executionBaggageMiddleware: () => hono7.MiddlewareHandler<any, string, {}, Response>;
 //#endregion
 export { executionBaggageMiddleware, otelBaggageMiddleware };

package/dist/middleware/tracing.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { getLogger } from "../logger.js";
-import { context, propagation } from "@opentelemetry/api";
 import { createMiddleware } from "hono/factory";
+import { context, propagation } from "@opentelemetry/api";
 //#region src/middleware/tracing.ts
 const logger = getLogger("tracing-middleware");

package/dist/routes/capabilities.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import { AppVariables } from "../types/app.js";
+import "../types/index.js";
+import { OpenAPIHono } from "@hono/zod-openapi";
+//#region src/routes/capabilities.d.ts
+declare const capabilitiesHandler: OpenAPIHono<{
+  Variables: AppVariables;
+}, {}, "/">;
+//#endregion
+export { capabilitiesHandler };

package/dist/routes/capabilities.js ADDED Viewed

@@ -0,0 +1,35 @@
+import { manageApiKeyOrSessionAuth } from "../middleware/manageAuth.js";
+import "../middleware/index.js";
+import { OpenAPIHono, z } from "@hono/zod-openapi";
+import { createProtectedRoute } from "@inkeep/agents-core/middleware";
+//#region src/routes/capabilities.ts
+const capabilitiesHandler = new OpenAPIHono();
+const CapabilitiesResponseSchema = z.object({ sandbox: z.object({
+	configured: z.boolean().describe("Whether a sandbox provider is configured. Required for Function Tools execution."),
+	provider: z.enum(["native", "vercel"]).optional().describe("The configured sandbox provider, if enabled."),
+	runtime: z.enum(["node22", "typescript"]).optional().describe("The configured sandbox runtime, if enabled.")
+}).describe("Sandbox execution capabilities (used by Function Tools).") }).describe("Optional server capabilities and configuration.").openapi("CapabilitiesResponseSchema");
+capabilitiesHandler.openapi(createProtectedRoute({
+	method: "get",
+	path: "/",
+	operationId: "capabilities",
+	summary: "Get server capabilities",
+	description: "Get information about optional server-side capabilities and configuration.",
+	permission: manageApiKeyOrSessionAuth(),
+	responses: { 200: {
+		description: "Server capabilities",
+		content: { "application/json": { schema: CapabilitiesResponseSchema } }
+	} }
+}), (c) => {
+	const sandboxConfig = c.get("sandboxConfig");
+	if (!sandboxConfig) return c.json({ sandbox: { configured: false } });
+	return c.json({ sandbox: {
+		configured: true,
+		provider: sandboxConfig.provider,
+		runtime: sandboxConfig.runtime
+	} });
+});
+//#endregion
+export { capabilitiesHandler };

package/dist/routes/healthChecks.js CHANGED Viewed

@@ -1,17 +1,19 @@
 import manageDbPool_default from "../data/db/manageDbPool.js";
 import runDbClient_default from "../data/db/runDbClient.js";
 import { checkManageDb, checkRunDb } from "../utils/healthChecks.js";
-import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { OpenAPIHono, z } from "@hono/zod-openapi";
+import { createProtectedRoute, noAuth } from "@inkeep/agents-core/middleware";
 //#region src/routes/healthChecks.ts
 const healthChecksHandler = new OpenAPIHono();
-healthChecksHandler.openapi(createRoute({
+healthChecksHandler.openapi(createProtectedRoute({
 	method: "get",
 	path: "/health",
 	operationId: "health",
 	tags: ["Health"],
 	summary: "Health check",
 	description: "Check if the management service is healthy",
+	permission: noAuth(),
 	responses: { 204: { description: "Service is healthy" } }
 }), (c) => {
 	return c.body(null, 204);
@@ -32,13 +34,14 @@ const ReadyErrorResponseSchema = z.object({
 	detail: z.string().describe("A human-readable explanation specific to this occurrence"),
 	checks: ReadyErrorChecksSchema
 }).openapi("ReadyErrorResponse");
-healthChecksHandler.openapi(createRoute({
+healthChecksHandler.openapi(createProtectedRoute({
 	method: "get",
 	path: "/ready",
 	operationId: "ready",
 	tags: ["Health"],
 	summary: "Readiness check",
 	description: "Check if the service is ready to serve traffic by verifying database connectivity",
+	permission: noAuth(),
 	responses: {
 		200: {
 			description: "Service is ready - all health checks passed",

package/dist/routes/workflowProcess.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import { AppVariables } from "../types/app.js";
+import "../types/index.js";
+import { OpenAPIHono } from "@hono/zod-openapi";
+//#region src/routes/workflowProcess.d.ts
+declare const workflowProcessHandler: OpenAPIHono<{
+  Variables: AppVariables;
+}, {}, "/">;
+//#endregion
+export { workflowProcessHandler };

package/dist/routes/workflowProcess.js ADDED Viewed

@@ -0,0 +1,23 @@
+import { OpenAPIHono } from "@hono/zod-openapi";
+import { createProtectedRoute, noAuth } from "@inkeep/agents-core/middleware";
+//#region src/routes/workflowProcess.ts
+const workflowProcessHandler = new OpenAPIHono();
+workflowProcessHandler.openapi(createProtectedRoute({
+	method: "get",
+	path: "/api/workflow/process",
+	tags: ["Workflows"],
+	summary: "Process workflow jobs",
+	description: "Keeps the workflow worker active to process queued jobs (called by cron)",
+	permission: noAuth(),
+	responses: { 200: { description: "Processing complete" } }
+}), async (c) => {
+	await new Promise((resolve) => setTimeout(resolve, 5e4));
+	return c.json({
+		processed: true,
+		timestamp: (/* @__PURE__ */ new Date()).toISOString()
+	});
+});
+//#endregion
+export { workflowProcessHandler };

package/dist/types/app.d.ts CHANGED Viewed

@@ -28,7 +28,7 @@ type BaseAppVariables = {
 type AppVariables = BaseAppVariables & {
   serverConfig: ServerConfig;
   credentialStores: CredentialStoreRegistry;
-  auth: ReturnType<typeof createAuth> | null;
+  auth: ReturnType<typeof createAuth>;
   user: typeof auth.$Infer.Session.user | null;
   session: typeof auth.$Infer.Session.session | null;
   sandboxConfig?: SandboxConfig;
@@ -36,7 +36,7 @@ type AppVariables = BaseAppVariables & {
 };
 type ManageAppVariables = AppVariables & {
   db: AgentsManageDatabaseClient;
-  auth: ReturnType<typeof createAuth> | null;
+  auth: ReturnType<typeof createAuth>;
   resolvedRef: ResolvedRef;
   /** Cached by projectFull middleware to avoid duplicate DB lookup for PUT upsert */
   isProjectCreate?: boolean;
@@ -44,7 +44,7 @@ type ManageAppVariables = AppVariables & {
 type AppConfig = {
   serverConfig: ServerConfig;
   credentialStores: CredentialStoreRegistry;
-  auth: ReturnType<typeof createAuth> | null;
+  auth: ReturnType<typeof createAuth>;
   sandboxConfig?: SandboxConfig;
 };
 /**

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@inkeep/agents-api",
-  "version": "0.0.0-dev-20260219033751",
+  "version": "0.0.0-dev-20260219045007",
   "description": "Unified Inkeep Agents API - combines management, runtime, and evaluation capabilities",
   "types": "dist/index.d.ts",
   "exports": {
@@ -67,9 +67,9 @@
     "openid-client": "^6.8.1",
     "pg": "^8.16.3",
     "workflow": "^4.1.0-beta.54",
-    "@inkeep/agents-core": "^0.0.0-dev-20260219033751",
-    "@inkeep/agents-work-apps": "^0.0.0-dev-20260219033751",
-    "@inkeep/agents-mcp": "^0.0.0-dev-20260219033751"
+    "@inkeep/agents-core": "^0.0.0-dev-20260219045007",
+    "@inkeep/agents-mcp": "^0.0.0-dev-20260219045007",
+    "@inkeep/agents-work-apps": "^0.0.0-dev-20260219045007"
   },
   "peerDependencies": {
     "@hono/zod-openapi": "^1.1.5",