@inkeep/agents-api 0.0.0-dev-20260219033751 → 0.0.0-dev-20260219045007

package/dist/domains/manage/routes/dataComponents.js

@@ -1,24 +1,18 @@
 import { requireProjectPermission } from "../../../middleware/projectAccess.js";
 import { speakeasyOffsetLimitPagination } from "../../../utils/speakeasy.js";
-import { OpenAPIHono, createRoute } from "@hono/zod-openapi";
+import { OpenAPIHono } from "@hono/zod-openapi";
 import { DataComponentApiInsertSchema, DataComponentApiUpdateSchema, DataComponentListResponse, DataComponentResponse, ErrorResponseSchema, PaginationQueryParamsSchema, TenantProjectIdParamsSchema, TenantProjectParamsSchema, commonGetErrorResponses, createApiError, createDataComponent, deleteDataComponent, getDataComponent, listDataComponentsPaginated, updateDataComponent, validatePropsAsJsonSchema } from "@inkeep/agents-core";
+import { createProtectedRoute } from "@inkeep/agents-core/middleware";
 
 //#region src/domains/manage/routes/dataComponents.ts
 const app = new OpenAPIHono();
-app.use("/", async (c, next) => {
-	if (c.req.method === "POST") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.use("/:id", async (c, next) => {
-	if (c.req.method === "PUT" || c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/",
 	summary: "List Data Components",
 	operationId: "list-data-components",
 	tags: ["Data Components"],
+	permission: requireProjectPermission("view"),
 	request: {
 		params: TenantProjectParamsSchema,
 		query: PaginationQueryParamsSchema
@@ -48,12 +42,13 @@ app.openapi(createRoute({
 	});
 	return c.json(result);
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/{id}",
 	summary: "Get Data Component",
 	operationId: "get-data-component-by-id",
 	tags: ["Data Components"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectIdParamsSchema },
 	responses: {
 		200: {
@@ -78,12 +73,13 @@ app.openapi(createRoute({
 	});
 	return c.json({ data: dataComponent });
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/",
 	summary: "Create Data Component",
 	operationId: "create-data-component",
 	tags: ["Data Components"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectParamsSchema,
 		body: { content: { "application/json": { schema: DataComponentApiInsertSchema } } }
@@ -114,12 +110,13 @@ app.openapi(createRoute({
 	const dataComponent = await createDataComponent(db)(dataComponentData);
 	return c.json({ data: dataComponent }, 201);
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "put",
 	path: "/{id}",
 	summary: "Update Data Component",
 	operationId: "update-data-component",
 	tags: ["Data Components"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectIdParamsSchema,
 		body: { content: { "application/json": { schema: DataComponentApiUpdateSchema } } }
@@ -156,12 +153,13 @@ app.openapi(createRoute({
 	});
 	return c.json({ data: updatedDataComponent });
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "delete",
 	path: "/{id}",
 	summary: "Delete Data Component",
 	operationId: "delete-data-component",
 	tags: ["Data Components"],
+	permission: requireProjectPermission("edit"),
 	request: { params: TenantProjectIdParamsSchema },
 	responses: {
 		204: { description: "Data component deleted successfully" },

package/dist/domains/manage/routes/evals/datasetItems.js

@@ -1,29 +1,19 @@
 import { getLogger as getLogger$1 } from "../../../../logger.js";
 import { requireProjectPermission } from "../../../../middleware/projectAccess.js";
-import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { OpenAPIHono, z } from "@hono/zod-openapi";
 import { DatasetItemApiInsertSchema, DatasetItemApiSelectSchema, DatasetItemApiUpdateSchema, ListResponseSchema, SingleResponseSchema, TenantProjectParamsSchema, commonGetErrorResponses, createApiError, createDatasetItem, createDatasetItems, deleteDatasetItem, generateId, getDatasetItemById, listDatasetItems, updateDatasetItem } from "@inkeep/agents-core";
+import { createProtectedRoute } from "@inkeep/agents-core/middleware";
 
 //#region src/domains/manage/routes/evals/datasetItems.ts
 const app = new OpenAPIHono();
 const logger = getLogger$1("datasetItems");
-app.use("/:datasetId/items", async (c, next) => {
-	if (c.req.method === "POST") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.use("/:datasetId/items/bulk", async (c, next) => {
-	if (c.req.method === "POST") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.use("/:datasetId/items/:itemId", async (c, next) => {
-	if (["PATCH", "DELETE"].includes(c.req.method)) return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/{datasetId}",
 	summary: "List Dataset Items by Dataset ID",
 	operationId: "list-dataset-items",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectParamsSchema.extend({ datasetId: z.string() }) },
 	responses: {
 		200: {
@@ -63,12 +53,13 @@ app.openapi(createRoute({
 		}), 500);
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/{datasetId}/items/{itemId}",
 	summary: "Get Dataset Item by ID",
 	operationId: "get-dataset-item",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectParamsSchema.extend({
 		datasetId: z.string(),
 		itemId: z.string()
@@ -107,12 +98,13 @@ app.openapi(createRoute({
 		}), 500);
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/{datasetId}/items",
 	summary: "Create Dataset Item",
 	operationId: "create-dataset-item",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectParamsSchema.extend({ datasetId: z.string() }),
 		body: { content: { "application/json": { schema: DatasetItemApiInsertSchema } } }
@@ -158,12 +150,13 @@ app.openapi(createRoute({
 		}), 500);
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/{datasetId}/items/bulk",
 	summary: "Create Multiple Dataset Items",
 	operationId: "create-dataset-items-bulk",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectParamsSchema.extend({ datasetId: z.string() }),
 		body: { content: { "application/json": { schema: z.array(DatasetItemApiInsertSchema) } } }
@@ -216,12 +209,13 @@ app.openapi(createRoute({
 		}), 500);
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "patch",
 	path: "/{datasetId}/items/{itemId}",
 	summary: "Update Dataset Item",
 	operationId: "update-dataset-item",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectParamsSchema.extend({
 			datasetId: z.string(),
@@ -272,12 +266,13 @@ app.openapi(createRoute({
 		}), 500);
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "delete",
 	path: "/{datasetId}/items/{itemId}",
 	summary: "Delete Dataset Item by ID",
 	operationId: "delete-dataset-item",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("edit"),
 	request: { params: TenantProjectParamsSchema.extend({
 		datasetId: z.string(),
 		itemId: z.string()

package/dist/domains/manage/routes/evals/datasetRunConfigs.js

@@ -1,18 +1,21 @@
 import { getLogger as getLogger$1 } from "../../../../logger.js";
 import runDbClient_default from "../../../../data/db/runDbClient.js";
 import { queueDatasetRunItems } from "../../../evals/services/datasetRun.js";
-import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { requireProjectPermission } from "../../../../middleware/projectAccess.js";
+import { OpenAPIHono, z } from "@hono/zod-openapi";
 import { DatasetRunConfigApiInsertSchema, DatasetRunConfigApiSelectSchema, DatasetRunConfigApiUpdateSchema, ListResponseSchema, SingleResponseSchema, TenantProjectParamsSchema, commonGetErrorResponses, createApiError, createDatasetRun, createDatasetRunConfig, createDatasetRunConfigAgentRelation, createEvaluationJobConfig, createEvaluationJobConfigEvaluatorRelation, createEvaluationRun, deleteDatasetRunConfig, deleteDatasetRunConfigAgentRelation, generateId, getDatasetRunConfigAgentRelations, getDatasetRunConfigById, linkDatasetRunToEvaluationJobConfig, listDatasetItems, listDatasetRunConfigs, updateDatasetRunConfig } from "@inkeep/agents-core";
+import { createProtectedRoute } from "@inkeep/agents-core/middleware";
 
 //#region src/domains/manage/routes/evals/datasetRunConfigs.ts
 const app = new OpenAPIHono();
 const logger = getLogger$1("datasetRunConfigs");
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/by-dataset/{datasetId}",
 	summary: "List Dataset Run Configs by Dataset ID",
 	operationId: "list-dataset-run-configs",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectParamsSchema.extend({ datasetId: z.string() }) },
 	responses: {
 		200: {
@@ -50,12 +53,13 @@ app.openapi(createRoute({
 		}), 500);
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/{runConfigId}",
 	summary: "Get Dataset Run Config by ID",
 	operationId: "get-dataset-run-config",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectParamsSchema.extend({ runConfigId: z.string() }) },
 	responses: {
 		200: {
@@ -91,12 +95,13 @@ app.openapi(createRoute({
 		}), 500);
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/",
 	summary: "Create Dataset Run Config",
 	operationId: "create-dataset-run-config",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectParamsSchema,
 		body: { content: { "application/json": { schema: DatasetRunConfigApiInsertSchema.extend({
@@ -269,12 +274,13 @@ app.openapi(createRoute({
 		}), 500);
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "patch",
 	path: "/{runConfigId}",
 	summary: "Update Dataset Run Config",
 	operationId: "update-dataset-run-config",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectParamsSchema.extend({ runConfigId: z.string() }),
 		body: { content: { "application/json": { schema: DatasetRunConfigApiUpdateSchema.extend({
@@ -350,12 +356,13 @@ app.openapi(createRoute({
 		}), 500);
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "delete",
 	path: "/{runConfigId}",
 	summary: "Delete Dataset Run Config",
 	operationId: "delete-dataset-run-config",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("edit"),
 	request: { params: TenantProjectParamsSchema.extend({ runConfigId: z.string() }) },
 	responses: {
 		204: { description: "Dataset run config deleted" },

package/dist/domains/manage/routes/evals/datasetRuns.js

@@ -1,17 +1,20 @@
 import { getLogger as getLogger$1 } from "../../../../logger.js";
 import runDbClient_default from "../../../../data/db/runDbClient.js";
-import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { requireProjectPermission } from "../../../../middleware/projectAccess.js";
+import { OpenAPIHono, z } from "@hono/zod-openapi";
 import { DatasetRunApiSelectSchema, ListResponseSchema, SingleResponseSchema, TenantProjectParamsSchema, commonGetErrorResponses, createApiError, getConversation, getDatasetRunById, getDatasetRunConfigById, getDatasetRunConversationRelations, getMessagesByConversation, listDatasetItems, listDatasetRuns } from "@inkeep/agents-core";
+import { createProtectedRoute } from "@inkeep/agents-core/middleware";
 
 //#region src/domains/manage/routes/evals/datasetRuns.ts
 const app = new OpenAPIHono();
 const logger = getLogger$1("datasetRuns");
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/by-dataset/{datasetId}",
 	summary: "List Dataset Runs by Dataset ID",
 	operationId: "list-dataset-runs",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectParamsSchema.extend({ datasetId: z.string() }) },
 	responses: {
 		200: {
@@ -67,12 +70,13 @@ app.openapi(createRoute({
 		}), 500);
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/{runId}",
 	summary: "Get Dataset Run by ID",
 	operationId: "get-dataset-run",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectParamsSchema.extend({ runId: z.string() }) },
 	responses: {
 		200: {

package/dist/domains/manage/routes/evals/datasets.js

@@ -1,25 +1,19 @@
 import { getLogger as getLogger$1 } from "../../../../logger.js";
 import { requireProjectPermission } from "../../../../middleware/projectAccess.js";
-import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { OpenAPIHono, z } from "@hono/zod-openapi";
 import { DatasetApiInsertSchema, DatasetApiSelectSchema, DatasetApiUpdateSchema, ListResponseSchema, SingleResponseSchema, TenantProjectParamsSchema, commonGetErrorResponses, createApiError, createDataset, deleteDataset, generateId, getDatasetById, listDatasets, updateDataset } from "@inkeep/agents-core";
+import { createProtectedRoute } from "@inkeep/agents-core/middleware";
 
 //#region src/domains/manage/routes/evals/datasets.ts
 const app = new OpenAPIHono();
 const logger = getLogger$1("datasets");
-app.use("/", async (c, next) => {
-	if (c.req.method === "POST") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.use("/:datasetId", async (c, next) => {
-	if (["PATCH", "DELETE"].includes(c.req.method)) return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/",
 	summary: "List all Datasets",
 	operationId: "list-datasets",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectParamsSchema },
 	responses: {
 		200: {
@@ -57,12 +51,13 @@ app.openapi(createRoute({
 		}), 500);
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/{datasetId}",
 	summary: "Get Dataset by ID",
 	operationId: "get-dataset",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectParamsSchema.extend({ datasetId: z.string() }) },
 	responses: {
 		200: {
@@ -98,12 +93,13 @@ app.openapi(createRoute({
 		}), 500);
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/",
 	summary: "Create Dataset",
 	operationId: "create-dataset",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectParamsSchema,
 		body: { content: { "application/json": { schema: DatasetApiInsertSchema } } }
@@ -146,12 +142,13 @@ app.openapi(createRoute({
 		}), 500);
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "patch",
 	path: "/{datasetId}",
 	summary: "Update Dataset by ID",
 	operationId: "update-dataset",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectParamsSchema.extend({ datasetId: z.string() }),
 		body: { content: { "application/json": { schema: DatasetApiUpdateSchema } } }
@@ -199,12 +196,13 @@ app.openapi(createRoute({
 		}), 500);
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "delete",
 	path: "/{datasetId}",
 	summary: "Delete Dataset by ID",
 	operationId: "delete-dataset",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("edit"),
 	request: { params: TenantProjectParamsSchema.extend({ datasetId: z.string() }) },
 	responses: {
 		204: { description: "Dataset deleted" },

package/dist/domains/manage/routes/evals/evaluationJobConfigEvaluatorRelations.js

@@ -1,21 +1,19 @@
 import { getLogger as getLogger$1 } from "../../../../logger.js";
 import { requireProjectPermission } from "../../../../middleware/projectAccess.js";
-import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { OpenAPIHono, z } from "@hono/zod-openapi";
 import { TenantProjectParamsSchema, commonGetErrorResponses, createApiError, createEvaluationJobConfigEvaluatorRelation, deleteEvaluationJobConfigEvaluatorRelation, generateId, getEvaluationJobConfigEvaluatorRelations } from "@inkeep/agents-core";
+import { createProtectedRoute } from "@inkeep/agents-core/middleware";
 
 //#region src/domains/manage/routes/evals/evaluationJobConfigEvaluatorRelations.ts
 const app = new OpenAPIHono();
 const logger = getLogger$1("evaluationJobConfigEvaluatorRelations");
-app.use("/:configId/evaluators/:evaluatorId", async (c, next) => {
-	if (["POST", "DELETE"].includes(c.req.method)) return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/{configId}/evaluators",
 	summary: "List Evaluators for Evaluation Job Config",
 	operationId: "list-evaluation-job-config-evaluators",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectParamsSchema.extend({ configId: z.string() }) },
 	responses: {
 		200: {
@@ -47,12 +45,13 @@ app.openapi(createRoute({
 		}), 500);
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/{configId}/evaluators/{evaluatorId}",
 	summary: "Add Evaluator to Evaluation Job Config",
 	operationId: "add-evaluator-to-job-config",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("edit"),
 	request: { params: TenantProjectParamsSchema.extend({
 		configId: z.string(),
 		evaluatorId: z.string()
@@ -97,12 +96,13 @@ app.openapi(createRoute({
 		}), 500);
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "delete",
 	path: "/{configId}/evaluators/{evaluatorId}",
 	summary: "Remove Evaluator from Evaluation Job Config",
 	operationId: "remove-evaluator-from-job-config",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("edit"),
 	request: { params: TenantProjectParamsSchema.extend({
 		configId: z.string(),
 		evaluatorId: z.string()

package/dist/domains/manage/routes/evals/evaluationJobConfigs.js

@@ -2,20 +2,13 @@ import { getLogger as getLogger$1 } from "../../../../logger.js";
 import runDbClient_default from "../../../../data/db/runDbClient.js";
 import { queueEvaluationJobConversations } from "../../../evals/services/evaluationJob.js";
 import { requireProjectPermission } from "../../../../middleware/projectAccess.js";
-import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { OpenAPIHono, z } from "@hono/zod-openapi";
 import { EvaluationJobConfigApiInsertSchema, EvaluationJobConfigApiSelectSchema, EvaluationResultApiSelectSchema, ListResponseSchema, SingleResponseSchema, TenantProjectParamsSchema, commonGetErrorResponses, createApiError, createEvaluationJobConfig, createEvaluationJobConfigEvaluatorRelation, deleteEvaluationJobConfig, generateId, getConversation, getEvaluationJobConfigById, getMessagesByConversation, listEvaluationJobConfigs, listEvaluationResultsByRun, listEvaluationRuns } from "@inkeep/agents-core";
+import { createProtectedRoute } from "@inkeep/agents-core/middleware";
 
 //#region src/domains/manage/routes/evals/evaluationJobConfigs.ts
 const app = new OpenAPIHono();
 const logger = getLogger$1("evaluationJobConfigs");
-app.use("/", async (c, next) => {
-	if (c.req.method === "POST") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.use("/:configId", async (c, next) => {
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
-	return next();
-});
 /**
 * Extract plain filter criteria from a potential Filter wrapper.
 * Returns null if the filter is a complex and/or combinator.
@@ -25,12 +18,13 @@ function getPlainJobFilters(filter) {
 	if ("and" in filter || "or" in filter) return null;
 	return filter;
 }
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/",
 	summary: "List Evaluation Job Configs",
 	operationId: "list-evaluation-job-configs",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectParamsSchema },
 	responses: {
 		200: {
@@ -68,12 +62,13 @@ app.openapi(createRoute({
 		}), 500);
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/{configId}",
 	summary: "Get Evaluation Job Config by ID",
 	operationId: "get-evaluation-job-config",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectParamsSchema.extend({ configId: z.string() }) },
 	responses: {
 		200: {
@@ -109,12 +104,13 @@ app.openapi(createRoute({
 		}), 500);
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/",
 	summary: "Create Evaluation Job Config",
 	operationId: "create-evaluation-job-config",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectParamsSchema,
 		body: { content: { "application/json": { schema: EvaluationJobConfigApiInsertSchema } } }
@@ -194,12 +190,13 @@ app.openapi(createRoute({
 		}), 500);
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "delete",
 	path: "/{configId}",
 	summary: "Delete Evaluation Job Config",
 	operationId: "delete-evaluation-job-config",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("edit"),
 	request: { params: TenantProjectParamsSchema.extend({ configId: z.string() }) },
 	responses: {
 		204: { description: "Evaluation job config deleted" },
@@ -236,12 +233,13 @@ app.openapi(createRoute({
 		}), 500);
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/{configId}/results",
 	summary: "Get Evaluation Results by Job Config ID",
 	operationId: "get-evaluation-job-config-results",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectParamsSchema.extend({ configId: z.string() }) },
 	responses: {
 		200: {

package/dist/domains/manage/routes/evals/evaluationResults.js

@@ -1,26 +1,20 @@
 import { getLogger as getLogger$1 } from "../../../../logger.js";
 import runDbClient_default from "../../../../data/db/runDbClient.js";
 import { requireProjectPermission } from "../../../../middleware/projectAccess.js";
-import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { OpenAPIHono, z } from "@hono/zod-openapi";
 import { EvaluationResultApiInsertSchema, EvaluationResultApiSelectSchema, EvaluationResultApiUpdateSchema, SingleResponseSchema, TenantProjectParamsSchema, commonGetErrorResponses, createApiError, createEvaluationResult, deleteEvaluationResult, generateId, getEvaluationResultById, updateEvaluationResult } from "@inkeep/agents-core";
+import { createProtectedRoute } from "@inkeep/agents-core/middleware";
 
 //#region src/domains/manage/routes/evals/evaluationResults.ts
 const app = new OpenAPIHono();
 const logger = getLogger$1("evaluationResults");
-app.use("/", async (c, next) => {
-	if (c.req.method === "POST") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.use("/:resultId", async (c, next) => {
-	if (["PATCH", "DELETE"].includes(c.req.method)) return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/{resultId}",
 	summary: "Get Evaluation Result by ID",
 	operationId: "get-evaluation-result",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectParamsSchema.extend({ resultId: z.string() }) },
 	responses: {
 		200: {
@@ -55,12 +49,13 @@ app.openapi(createRoute({
 		}), 500);
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/",
 	summary: "Create Evaluation Result",
 	operationId: "create-evaluation-result",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectParamsSchema,
 		body: { content: { "application/json": { schema: EvaluationResultApiInsertSchema } } }
@@ -102,12 +97,13 @@ app.openapi(createRoute({
 		}), 500);
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "patch",
 	path: "/{resultId}",
 	summary: "Update Evaluation Result",
 	operationId: "update-evaluation-result",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectParamsSchema.extend({ resultId: z.string() }),
 		body: { content: { "application/json": { schema: EvaluationResultApiUpdateSchema } } }
@@ -154,12 +150,13 @@ app.openapi(createRoute({
 		}), 500);
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "delete",
 	path: "/{resultId}",
 	summary: "Delete Evaluation Result",
 	operationId: "delete-evaluation-result",
 	tags: ["Evaluations"],
+	permission: requireProjectPermission("edit"),
 	request: { params: TenantProjectParamsSchema.extend({ resultId: z.string() }) },
 	responses: {
 		204: { description: "Evaluation result deleted" },