@inkeep/agents-api 0.0.0-dev-20260219033751 → 0.0.0-dev-20260219045007

package/dist/domains/manage/routes/projects.js

@@ -3,28 +3,20 @@ import runDbClient_default from "../../../data/db/runDbClient.js";
 import { requireProjectPermission } from "../../../middleware/projectAccess.js";
 import { speakeasyOffsetLimitPagination } from "../../../utils/speakeasy.js";
 import { requirePermission } from "../../../middleware/requirePermission.js";
-import { OpenAPIHono, createRoute } from "@hono/zod-openapi";
+import { OpenAPIHono } from "@hono/zod-openapi";
 import { ErrorResponseSchema, PaginationQueryParamsSchema, ProjectApiInsertSchema, ProjectApiUpdateSchema, ProjectListResponse, ProjectResponse, TenantIdParamsSchema, TenantParamsSchema, cascadeDeleteByProject, commonGetErrorResponses, createApiError, createProject, createProjectMetadataAndBranch, deleteProject, deleteProjectWithBranch, doltCheckout, getProject, getProjectMainBranchName, listAccessibleProjectIds, listProjectsWithMetadataPaginated, removeProjectFromSpiceDb, syncProjectToSpiceDb, updateProject } from "@inkeep/agents-core";
+import { createProtectedRoute, inheritedManageTenantAuth } from "@inkeep/agents-core/middleware";
 
 //#region src/domains/manage/routes/projects.ts
 const app = new OpenAPIHono();
-app.use("/", async (c, next) => {
-	if (c.req.method === "POST") return requirePermission({ project: ["create"] })(c, next);
-	return next();
-});
-app.use("/:id", async (c, next) => {
-	if (c.req.method === "GET") return requireProjectPermission("view")(c, next);
-	if (c.req.method === "PATCH") return requireProjectPermission("edit")(c, next);
-	if (c.req.method === "DELETE") return requirePermission({ project: ["delete"] })(c, next);
-	return next();
-});
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/",
 	summary: "List Projects",
 	description: "List all projects within a tenant with pagination. When authorization is enabled, only returns projects the user has access to.",
 	operationId: "list-projects",
 	tags: ["Projects"],
+	permission: inheritedManageTenantAuth(),
 	request: {
 		params: TenantParamsSchema,
 		query: PaginationQueryParamsSchema
@@ -76,13 +68,14 @@ app.openapi(createRoute({
 		pagination: result.pagination
 	});
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/{id}",
 	summary: "Get Project",
 	description: "Get a single project by ID",
 	operationId: "get-project-by-id",
 	tags: ["Projects"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantIdParamsSchema },
 	responses: {
 		200: {
@@ -104,13 +97,14 @@ app.openapi(createRoute({
 	});
 	return c.json({ data: project });
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/",
 	summary: "Create Project",
 	description: "Create a new project. When authorization is enabled, the creator is automatically granted admin role.",
 	operationId: "create-project",
 	tags: ["Projects"],
+	permission: requirePermission({ project: ["create"] }),
 	request: {
 		params: TenantParamsSchema,
 		body: { content: { "application/json": { schema: ProjectApiInsertSchema } } }
@@ -174,13 +168,14 @@ app.openapi(createRoute({
 		throw error;
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "patch",
 	path: "/{id}",
 	summary: "Update Project",
 	description: "Update an existing project",
 	operationId: "update-project",
 	tags: ["Projects"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantIdParamsSchema,
 		body: { content: { "application/json": { schema: ProjectApiUpdateSchema } } }
@@ -209,13 +204,14 @@ app.openapi(createRoute({
 	});
 	return c.json({ data: project });
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "delete",
 	path: "/{id}",
 	summary: "Delete Project",
 	description: "Delete a project and its branch. Must be called from the main branch.",
 	operationId: "delete-project",
 	tags: ["Projects"],
+	permission: requirePermission({ project: ["delete"] }),
 	request: { params: TenantIdParamsSchema },
 	responses: {
 		204: { description: "Project deleted successfully" },

package/dist/domains/manage/routes/ref.js

@@ -1,16 +1,19 @@
-import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { requireProjectPermission } from "../../../middleware/projectAccess.js";
+import { OpenAPIHono, z } from "@hono/zod-openapi";
 import { ResolvedRefSchema, TenantProjectParamsSchema, commonGetErrorResponses, createApiError } from "@inkeep/agents-core";
+import { createProtectedRoute } from "@inkeep/agents-core/middleware";
 
 //#region src/domains/manage/routes/ref.ts
 const app = new OpenAPIHono();
 const ResolvedRefResponseSchema = z.object({ data: ResolvedRefSchema }).openapi("ResolvedRefResponse");
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/resolve",
 	summary: "Resolve Ref",
 	description: "Resolve a ref string (branch name, tag name, or commit hash) to its full resolved ref with type and commit hash. Pass the ref as a query parameter.",
 	operationId: "resolve-ref",
 	tags: ["Refs"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectParamsSchema },
 	responses: {
 		200: {

package/dist/domains/manage/routes/scheduledTriggers.js

@@ -6,32 +6,25 @@ import { requireProjectPermission } from "../../../middleware/projectAccess.js";
 import { speakeasyOffsetLimitPagination } from "../../../utils/speakeasy.js";
 import { executeAgentAsync } from "../../run/services/TriggerService.js";
 import { onTriggerCreated, onTriggerDeleted, onTriggerUpdated } from "../../run/services/ScheduledTriggerService.js";
-import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { OpenAPIHono, z } from "@hono/zod-openapi";
 import { DateTimeFilterQueryParamsSchema, PaginationQueryParamsSchema, ScheduledTriggerApiInsertSchema, ScheduledTriggerApiUpdateSchema, ScheduledTriggerInvocationListResponse, ScheduledTriggerInvocationResponse, ScheduledTriggerInvocationStatusEnum, ScheduledTriggerResponse, ScheduledTriggerWithRunInfoListResponse, TenantProjectAgentParamsSchema, addConversationIdToInvocation, cancelPendingInvocationsForTrigger, commonGetErrorResponses, createApiError, createScheduledTrigger, createScheduledTriggerInvocation, deleteScheduledTrigger, generateId, getProjectScopedRef, getScheduledTriggerById, getScheduledTriggerInvocationById, getScheduledTriggerRunInfoBatch, getWaitUntil, interpolateTemplate, listScheduledTriggerInvocationsPaginated, listScheduledTriggersPaginated, listUpcomingInvocationsForAgentPaginated, markScheduledTriggerInvocationCancelled, markScheduledTriggerInvocationCompleted, markScheduledTriggerInvocationFailed, markScheduledTriggerInvocationRunning, resolveRef, updateScheduledTrigger, updateScheduledTriggerInvocationStatus } from "@inkeep/agents-core";
+import { createProtectedRoute } from "@inkeep/agents-core/middleware";
 import { CronExpressionParser } from "cron-parser";
 
 //#region src/domains/manage/routes/scheduledTriggers.ts
 const logger = getLogger$1("scheduled-triggers");
 const app = new OpenAPIHono();
 const ScheduledTriggerIdParamsSchema = TenantProjectAgentParamsSchema.extend({ id: z.string().describe("Scheduled Trigger ID") });
-app.use("/", async (c, next) => {
-	if (c.req.method === "POST") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.use("/:id", async (c, next) => {
-	if (c.req.method === "PATCH") return requireProjectPermission("edit")(c, next);
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
-	return next();
-});
 /**
 * List Scheduled Triggers for an Agent
 */
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/",
 	summary: "List Scheduled Triggers",
 	operationId: "list-scheduled-triggers",
 	tags: ["Scheduled Triggers"],
+	permission: requireProjectPermission("view"),
 	request: {
 		params: TenantProjectAgentParamsSchema,
 		query: PaginationQueryParamsSchema
@@ -110,12 +103,13 @@ const UpcomingRunsQueryParamsSchema = PaginationQueryParamsSchema.extend({ inclu
 * List Upcoming Runs Across All Scheduled Triggers
 * Dashboard endpoint to view all pending/running invocations for an agent
 */
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/upcoming-runs",
 	summary: "List Upcoming Runs",
 	operationId: "list-upcoming-scheduled-runs",
 	tags: ["Scheduled Triggers"],
+	permission: requireProjectPermission("view"),
 	request: {
 		params: TenantProjectAgentParamsSchema,
 		query: UpcomingRunsQueryParamsSchema
@@ -170,12 +164,13 @@ app.openapi(createRoute({
 /**
 * Get Scheduled Trigger by ID
 */
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/{id}",
 	summary: "Get Scheduled Trigger",
 	operationId: "get-scheduled-trigger-by-id",
 	tags: ["Scheduled Triggers"],
+	permission: requireProjectPermission("view"),
 	request: { params: ScheduledTriggerIdParamsSchema },
 	responses: {
 		200: {
@@ -205,12 +200,13 @@ app.openapi(createRoute({
 /**
 * Create Scheduled Trigger
 */
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/",
 	summary: "Create Scheduled Trigger",
 	operationId: "create-scheduled-trigger",
 	tags: ["Scheduled Triggers"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectAgentParamsSchema,
 		body: { content: { "application/json": { schema: ScheduledTriggerApiInsertSchema } } }
@@ -267,12 +263,13 @@ app.openapi(createRoute({
 /**
 * Update Scheduled Trigger
 */
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "patch",
 	path: "/{id}",
 	summary: "Update Scheduled Trigger",
 	operationId: "update-scheduled-trigger",
 	tags: ["Scheduled Triggers"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: ScheduledTriggerIdParamsSchema,
 		body: { content: { "application/json": { schema: ScheduledTriggerApiUpdateSchema } } }
@@ -371,12 +368,13 @@ app.openapi(createRoute({
 /**
 * Delete Scheduled Trigger
 */
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "delete",
 	path: "/{id}",
 	summary: "Delete Scheduled Trigger",
 	operationId: "delete-scheduled-trigger",
 	tags: ["Scheduled Triggers"],
+	permission: requireProjectPermission("edit"),
 	request: { params: ScheduledTriggerIdParamsSchema },
 	responses: {
 		204: { description: "Scheduled trigger deleted successfully" },
@@ -443,12 +441,13 @@ const ScheduledTriggerInvocationQueryParamsSchema = PaginationQueryParamsSchema.
 /**
 * List Scheduled Trigger Invocations
 */
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/{id}/invocations",
 	summary: "List Scheduled Trigger Invocations",
 	operationId: "list-scheduled-trigger-invocations",
 	tags: ["Scheduled Triggers"],
+	permission: requireProjectPermission("view"),
 	request: {
 		params: ScheduledTriggerIdParamsSchema,
 		query: ScheduledTriggerInvocationQueryParamsSchema
@@ -502,12 +501,13 @@ app.openapi(createRoute({
 /**
 * Get Scheduled Trigger Invocation by ID
 */
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/{id}/invocations/{invocationId}",
 	summary: "Get Scheduled Trigger Invocation",
 	operationId: "get-scheduled-trigger-invocation-by-id",
 	tags: ["Scheduled Triggers"],
+	permission: requireProjectPermission("view"),
 	request: { params: ScheduledTriggerIdParamsSchema.extend({ invocationId: z.string().describe("Scheduled Trigger Invocation ID") }) },
 	responses: {
 		200: {
@@ -544,12 +544,13 @@ app.openapi(createRoute({
 /**
 * Cancel Scheduled Trigger Invocation
 */
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/{id}/invocations/{invocationId}/cancel",
 	summary: "Cancel Scheduled Trigger Invocation",
 	operationId: "cancel-scheduled-trigger-invocation",
 	tags: ["Scheduled Triggers"],
+	permission: requireProjectPermission("edit"),
 	request: { params: ScheduledTriggerIdParamsSchema.extend({ invocationId: z.string().describe("Scheduled Trigger Invocation ID") }) },
 	responses: {
 		200: {
@@ -621,12 +622,13 @@ app.openapi(createRoute({
 * Rerun Scheduled Trigger Invocation
 * Creates a new invocation and executes it immediately (manual rerun of a past run)
 */
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/{id}/invocations/{invocationId}/rerun",
 	summary: "Rerun Scheduled Trigger Invocation",
 	operationId: "rerun-scheduled-trigger-invocation",
 	tags: ["Scheduled Triggers"],
+	permission: requireProjectPermission("edit"),
 	request: { params: ScheduledTriggerIdParamsSchema.extend({ invocationId: z.string().describe("Scheduled Trigger Invocation ID to rerun") }) },
 	responses: {
 		200: {
@@ -857,12 +859,13 @@ app.openapi(createRoute({
 * Run Scheduled Trigger Now
 * Creates a new invocation and executes it immediately (manual trigger)
 */
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/{id}/run",
 	summary: "Run Scheduled Trigger Now",
 	operationId: "run-scheduled-trigger-now",
 	tags: ["Scheduled Triggers"],
+	permission: requireProjectPermission("edit"),
 	request: { params: ScheduledTriggerIdParamsSchema },
 	responses: {
 		200: {

package/dist/domains/manage/routes/signoz.d.ts

@@ -1,10 +1,10 @@
 import { ManageAppVariables } from "../../../types/app.js";
 import { Hono } from "hono";
-import * as hono_types3 from "hono/types";
+import * as hono_types9 from "hono/types";
 
 //#region src/domains/manage/routes/signoz.d.ts
 declare const app: Hono<{
   Variables: ManageAppVariables;
-}, hono_types3.BlankSchema, "/">;
+}, hono_types9.BlankSchema, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/skills.js

@@ -1,25 +1,18 @@
 import { requireProjectPermission } from "../../../middleware/projectAccess.js";
 import { speakeasyOffsetLimitPagination } from "../../../utils/speakeasy.js";
-import { OpenAPIHono, createRoute } from "@hono/zod-openapi";
+import { OpenAPIHono } from "@hono/zod-openapi";
 import { PaginationQueryParamsSchema, SkillApiInsertSchema, SkillApiUpdateSchema, SkillListResponse, SkillResponse, TenantProjectIdParamsSchema, TenantProjectParamsSchema, commonGetErrorResponses, createApiError, createSkill, deleteSkill, getSkillById, listSkills, updateSkill } from "@inkeep/agents-core";
+import { createProtectedRoute } from "@inkeep/agents-core/middleware";
 
 //#region src/domains/manage/routes/skills.ts
 const app = new OpenAPIHono();
-app.use("/", (c, next) => {
-	if (c.req.method === "POST") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.use("/:id", (c, next) => {
-	if (c.req.method === "PUT") return requireProjectPermission("edit")(c, next);
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/",
 	summary: "List Skills",
 	operationId: "list-skills",
 	tags: ["Skills"],
+	permission: requireProjectPermission("view"),
 	request: {
 		params: TenantProjectParamsSchema,
 		query: PaginationQueryParamsSchema
@@ -48,12 +41,13 @@ app.openapi(createRoute({
 	});
 	return c.json(result);
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/{id}",
 	summary: "Get Skill",
 	operationId: "get-skill",
 	tags: ["Skills"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectIdParamsSchema },
 	responses: {
 		200: {
@@ -78,12 +72,13 @@ app.openapi(createRoute({
 	});
 	return c.json({ data: skill });
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/",
 	summary: "Create Skill",
 	operationId: "create-skill",
 	tags: ["Skills"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectParamsSchema,
 		body: { content: { "application/json": { schema: SkillApiInsertSchema } } }
@@ -106,12 +101,13 @@ app.openapi(createRoute({
 	});
 	return c.json({ data: skill }, 201);
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "put",
 	path: "/{id}",
 	summary: "Update Skill",
 	operationId: "update-skill",
 	tags: ["Skills"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectIdParamsSchema,
 		body: { content: { "application/json": { schema: SkillApiUpdateSchema } } }
@@ -141,12 +137,13 @@ app.openapi(createRoute({
 	});
 	return c.json({ data: skill });
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "delete",
 	path: "/{id}",
 	summary: "Delete Skill",
 	operationId: "delete-skill",
 	tags: ["Skills"],
+	permission: requireProjectPermission("edit"),
 	request: { params: TenantProjectIdParamsSchema },
 	responses: {
 		204: { description: "Skill deleted successfully" },

package/dist/domains/manage/routes/subAgentArtifactComponents.js

@@ -1,23 +1,17 @@
 import { requireProjectPermission } from "../../../middleware/projectAccess.js";
-import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { OpenAPIHono, z } from "@hono/zod-openapi";
 import { ArtifactComponentArrayResponse, ComponentAssociationListResponse, ErrorResponseSchema, ExistsResponseSchema, RemovedResponseSchema, SubAgentArtifactComponentApiInsertSchema, SubAgentArtifactComponentResponse, TenantProjectAgentParamsSchema, TenantProjectAgentSubAgentParamsSchema, associateArtifactComponentWithAgent, commonGetErrorResponses, createApiError, getAgentsUsingArtifactComponent, getArtifactComponentById, getArtifactComponentsForAgent, getSubAgentById, isArtifactComponentAssociatedWithAgent, removeArtifactComponentFromAgent } from "@inkeep/agents-core";
+import { createProtectedRoute } from "@inkeep/agents-core/middleware";
 
 //#region src/domains/manage/routes/subAgentArtifactComponents.ts
 const app = new OpenAPIHono();
-app.use("/", async (c, next) => {
-	if (c.req.method === "POST") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.use("/agent/:subAgentId/component/:artifactComponentId", async (c, next) => {
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/agent/{subAgentId}",
 	summary: "Get Artifact Components for Agent",
 	operationId: "get-artifact-components-for-agent",
 	tags: ["Agents", "Artifact Components"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectAgentSubAgentParamsSchema },
 	responses: {
 		200: {
@@ -37,12 +31,13 @@ app.openapi(createRoute({
 	} });
 	return c.json({ data: artifactComponents });
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/component/{artifactComponentId}/agents",
 	summary: "Get Agents Using Artifact Component",
 	operationId: "get-agents-using-artifact-component",
 	tags: ["Agents", "Artifact Components"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectAgentParamsSchema.extend({ artifactComponentId: z.string() }) },
 	responses: {
 		200: {
@@ -63,12 +58,13 @@ app.openapi(createRoute({
 	});
 	return c.json({ data: agents });
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/",
 	summary: "Associate Artifact Component with Agent",
 	operationId: "associate-artifact-component-with-agent",
 	tags: ["Agents", "Artifact Components"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectAgentParamsSchema,
 		body: { content: { "application/json": { schema: SubAgentArtifactComponentApiInsertSchema } } }
@@ -134,12 +130,13 @@ app.openapi(createRoute({
 	});
 	return c.json({ data: association }, 201);
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "delete",
 	path: "/agent/{subAgentId}/component/{artifactComponentId}",
 	summary: "Remove Artifact Component from Agent",
 	operationId: "remove-artifact-component-from-agent",
 	tags: ["Agents", "Artifact Components"],
+	permission: requireProjectPermission("edit"),
 	request: { params: TenantProjectAgentSubAgentParamsSchema.extend({ artifactComponentId: z.string() }) },
 	responses: {
 		200: {
@@ -168,12 +165,13 @@ app.openapi(createRoute({
 		removed: true
 	});
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/agent/{subAgentId}/component/{artifactComponentId}/exists",
 	summary: "Check if Artifact Component is Associated with Agent",
 	operationId: "check-artifact-component-agent-association",
 	tags: ["Agents", "Artifact Components"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectAgentSubAgentParamsSchema.extend({ artifactComponentId: z.string() }) },
 	responses: {
 		200: {

package/dist/domains/manage/routes/subAgentDataComponents.js

@@ -1,23 +1,17 @@
 import { requireProjectPermission } from "../../../middleware/projectAccess.js";
-import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { OpenAPIHono, z } from "@hono/zod-openapi";
 import { ComponentAssociationListResponse, DataComponentArrayResponse, ErrorResponseSchema, ExistsResponseSchema, RemovedResponseSchema, SubAgentDataComponentApiInsertSchema, SubAgentDataComponentResponse, TenantProjectAgentParamsSchema, TenantProjectAgentSubAgentParamsSchema, associateDataComponentWithAgent, commonGetErrorResponses, createApiError, getAgentsUsingDataComponent, getDataComponent, getDataComponentsForAgent, getSubAgentById, isDataComponentAssociatedWithAgent, removeDataComponentFromAgent } from "@inkeep/agents-core";
+import { createProtectedRoute } from "@inkeep/agents-core/middleware";
 
 //#region src/domains/manage/routes/subAgentDataComponents.ts
 const app = new OpenAPIHono();
-app.use("/", async (c, next) => {
-	if (c.req.method === "POST") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.use("/agent/:subAgentId/component/:dataComponentId", async (c, next) => {
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/agent/{subAgentId}",
 	summary: "Get Data Components for Agent",
 	operationId: "get-data-components-for-agent",
 	tags: ["Agents", "Data Components"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectAgentSubAgentParamsSchema },
 	responses: {
 		200: {
@@ -37,12 +31,13 @@ app.openapi(createRoute({
 	} });
 	return c.json({ data: dataComponents });
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/component/{dataComponentId}/agents",
 	summary: "Get Agents Using Data Component",
 	operationId: "get-agents-using-data-component",
 	tags: ["Agents", "Data Components"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectAgentParamsSchema.extend({ dataComponentId: z.string() }) },
 	responses: {
 		200: {
@@ -63,12 +58,13 @@ app.openapi(createRoute({
 	});
 	return c.json({ data: agents });
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/",
 	summary: "Associate Data Component with Agent",
 	operationId: "associate-data-component-with-agent",
 	tags: ["Agents", "Data Components"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectAgentParamsSchema,
 		body: { content: { "application/json": { schema: SubAgentDataComponentApiInsertSchema } } }
@@ -133,12 +129,13 @@ app.openapi(createRoute({
 	});
 	return c.json({ data: association }, 201);
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "delete",
 	path: "/agent/{subAgentId}/component/{dataComponentId}",
 	summary: "Remove Data Component from Agent",
 	operationId: "remove-data-component-from-agent",
 	tags: ["Agents", "Data Components"],
+	permission: requireProjectPermission("edit"),
 	request: { params: TenantProjectAgentSubAgentParamsSchema.extend({ dataComponentId: z.string() }) },
 	responses: {
 		200: {
@@ -167,12 +164,13 @@ app.openapi(createRoute({
 		removed: true
 	});
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/agent/{subAgentId}/component/{dataComponentId}/exists",
 	summary: "Check if Data Component is Associated with Agent",
 	operationId: "check-data-component-agent-association",
 	tags: ["Agents", "Data Components"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectAgentSubAgentParamsSchema.extend({ dataComponentId: z.string() }) },
 	responses: {
 		200: {

package/dist/domains/manage/routes/subAgentExternalAgentRelations.js

@@ -1,25 +1,18 @@
 import { requireProjectPermission } from "../../../middleware/projectAccess.js";
 import { speakeasyOffsetLimitPagination } from "../../../utils/speakeasy.js";
-import { OpenAPIHono, createRoute } from "@hono/zod-openapi";
+import { OpenAPIHono } from "@hono/zod-openapi";
 import { ErrorResponseSchema, PaginationQueryParamsSchema, SubAgentExternalAgentRelationApiInsertSchema, SubAgentExternalAgentRelationApiUpdateSchema, SubAgentExternalAgentRelationListResponse, SubAgentExternalAgentRelationResponse, TenantProjectAgentSubAgentIdParamsSchema, TenantProjectAgentSubAgentParamsSchema, commonGetErrorResponses, createApiError, createSubAgentExternalAgentRelation, deleteSubAgentExternalAgentRelation, generateId, getSubAgentExternalAgentRelationById, listSubAgentExternalAgentRelations, updateSubAgentExternalAgentRelation } from "@inkeep/agents-core";
+import { createProtectedRoute } from "@inkeep/agents-core/middleware";
 
 //#region src/domains/manage/routes/subAgentExternalAgentRelations.ts
 const app = new OpenAPIHono();
-app.use("/", async (c, next) => {
-	if (c.req.method === "POST") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.use("/:id", async (c, next) => {
-	if (c.req.method === "PUT") return requireProjectPermission("edit")(c, next);
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/",
 	summary: "List Sub Agent External Agent Relations",
 	operationId: "list-sub-agent-external-agent-relations",
 	tags: ["SubAgents", "External Agents"],
+	permission: requireProjectPermission("view"),
 	request: {
 		params: TenantProjectAgentSubAgentParamsSchema,
 		query: PaginationQueryParamsSchema
@@ -59,12 +52,13 @@ app.openapi(createRoute({
 		});
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/{id}",
 	summary: "Get Sub Agent External Agent Relation",
 	operationId: "get-sub-agent-external-agent-relation-by-id",
 	tags: ["SubAgents", "External Agents"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectAgentSubAgentIdParamsSchema },
 	responses: {
 		200: {
@@ -91,12 +85,13 @@ app.openapi(createRoute({
 	});
 	return c.json({ data: relation });
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/",
 	summary: "Create Sub Agent External Agent Relation",
 	operationId: "create-sub-agent-external-agent-relation",
 	tags: ["SubAgents", "External Agents"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectAgentSubAgentParamsSchema,
 		body: { content: { "application/json": { schema: SubAgentExternalAgentRelationApiInsertSchema } } }
@@ -142,12 +137,13 @@ app.openapi(createRoute({
 	});
 	return c.json({ data: relation }, 201);
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "put",
 	path: "/{id}",
 	summary: "Update Sub Agent External Agent Relation",
 	operationId: "update-sub-agent-external-agent-relation",
 	tags: ["SubAgents", "External Agents"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectAgentSubAgentIdParamsSchema,
 		body: { content: { "application/json": { schema: SubAgentExternalAgentRelationApiUpdateSchema } } }
@@ -179,12 +175,13 @@ app.openapi(createRoute({
 	});
 	return c.json({ data: updatedRelation });
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "delete",
 	path: "/{id}",
 	summary: "Delete Sub Agent External Agent Relation",
 	operationId: "delete-sub-agent-external-agent-relation",
 	tags: ["SubAgents", "External Agents"],
+	permission: requireProjectPermission("edit"),
 	request: { params: TenantProjectAgentSubAgentIdParamsSchema },
 	responses: {
 		204: { description: "Sub Agent External Agent Relation deleted successfully" },