@inkeep/agents-api 0.0.0-dev-20260219033751 → 0.0.0-dev-20260219045007

package/dist/domains/manage/routes/subAgentFunctionTools.js

@@ -1,23 +1,17 @@
 import { requireProjectPermission } from "../../../middleware/projectAccess.js";
-import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { OpenAPIHono, z } from "@hono/zod-openapi";
 import { ComponentAssociationListResponse, ErrorResponseSchema, ExistsResponseSchema, FunctionToolListResponse, RemovedResponseSchema, SubAgentFunctionToolRelationApiInsertSchema, SubAgentFunctionToolRelationResponse, TenantProjectAgentParamsSchema, TenantProjectAgentSubAgentParamsSchema, addFunctionToolToSubAgent, commonGetErrorResponses, createApiError, getFunctionToolById, getFunctionToolsForSubAgent, getSubAgentById, getSubAgentsUsingFunctionTool, isFunctionToolAssociatedWithSubAgent, removeFunctionToolFromSubAgent } from "@inkeep/agents-core";
+import { createProtectedRoute } from "@inkeep/agents-core/middleware";
 
 //#region src/domains/manage/routes/subAgentFunctionTools.ts
 const app = new OpenAPIHono();
-app.use("/", async (c, next) => {
-	if (c.req.method === "POST") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.use("/sub-agent/:subAgentId/function-tool/:functionToolId", async (c, next) => {
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/sub-agent/{subAgentId}",
 	summary: "Get Function Tools for SubAgent",
 	operationId: "get-function-tools-for-sub-agent",
 	tags: ["SubAgents", "Function Tools"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectAgentSubAgentParamsSchema },
 	responses: {
 		200: {
@@ -39,12 +33,13 @@ app.openapi(createRoute({
 	});
 	return c.json(result);
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/function-tool/{functionToolId}/sub-agents",
 	summary: "Get SubAgents Using Function Tool",
 	operationId: "get-sub-agents-using-function-tool",
 	tags: ["SubAgents", "Function Tools"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectAgentParamsSchema.extend({ functionToolId: z.string() }) },
 	responses: {
 		200: {
@@ -66,12 +61,13 @@ app.openapi(createRoute({
 	});
 	return c.json({ data: agents });
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/",
 	summary: "Associate Function Tool with SubAgent",
 	operationId: "associate-function-tool-with-sub-agent",
 	tags: ["SubAgents", "Function Tools"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectAgentParamsSchema,
 		body: { content: { "application/json": { schema: SubAgentFunctionToolRelationApiInsertSchema } } }
@@ -137,12 +133,13 @@ app.openapi(createRoute({
 	});
 	return c.json({ data: association }, 201);
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "delete",
 	path: "/sub-agent/{subAgentId}/function-tool/{functionToolId}",
 	summary: "Remove Function Tool from SubAgent",
 	operationId: "remove-function-tool-from-sub-agent",
 	tags: ["SubAgents", "Function Tools"],
+	permission: requireProjectPermission("edit"),
 	request: { params: TenantProjectAgentSubAgentParamsSchema.extend({ functionToolId: z.string() }) },
 	responses: {
 		200: {
@@ -171,12 +168,13 @@ app.openapi(createRoute({
 		removed: true
 	});
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/sub-agent/{subAgentId}/function-tool/{functionToolId}/exists",
 	summary: "Check if Function Tool is Associated with SubAgent",
 	operationId: "check-function-tool-sub-agent-association",
 	tags: ["SubAgents", "Function Tools"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectAgentSubAgentParamsSchema.extend({ functionToolId: z.string() }) },
 	responses: {
 		200: {

package/dist/domains/manage/routes/subAgentRelations.js

@@ -1,25 +1,18 @@
 import { requireProjectPermission } from "../../../middleware/projectAccess.js";
 import { speakeasyOffsetLimitPagination } from "../../../utils/speakeasy.js";
-import { OpenAPIHono, createRoute } from "@hono/zod-openapi";
+import { OpenAPIHono } from "@hono/zod-openapi";
 import { ErrorResponseSchema, PaginationQueryParamsSchema, SubAgentRelationApiInsertSchema, SubAgentRelationApiUpdateSchema, SubAgentRelationListResponse, SubAgentRelationQuerySchema, SubAgentRelationResponse, TenantProjectAgentIdParamsSchema, TenantProjectAgentParamsSchema, commonGetErrorResponses, createApiError, createSubAgentRelation, deleteSubAgentRelation, generateId, getAgentRelationById, getAgentRelationsBySource, getSubAgentRelationsByTarget, listAgentRelations, updateAgentRelation, validateSubAgent } from "@inkeep/agents-core";
+import { createProtectedRoute } from "@inkeep/agents-core/middleware";
 
 //#region src/domains/manage/routes/subAgentRelations.ts
 const app = new OpenAPIHono();
-app.use("/", async (c, next) => {
-	if (c.req.method === "POST") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.use("/:id", async (c, next) => {
-	if (c.req.method === "PUT") return requireProjectPermission("edit")(c, next);
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/",
 	summary: "List Sub Agent Relations",
 	operationId: "list-sub-agent-relations",
 	tags: ["SubAgents"],
+	permission: requireProjectPermission("view"),
 	request: {
 		params: TenantProjectAgentParamsSchema,
 		query: PaginationQueryParamsSchema.merge(SubAgentRelationQuerySchema)
@@ -99,12 +92,13 @@ app.openapi(createRoute({
 		});
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/{id}",
 	summary: "Get Sub Agent Relation",
 	operationId: "get-sub-agent-relation-by-id",
 	tags: ["SubAgents"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectAgentIdParamsSchema },
 	responses: {
 		200: {
@@ -130,12 +124,13 @@ app.openapi(createRoute({
 	});
 	return c.json({ data: agentRelation });
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/",
 	summary: "Create Sub Agent Relation",
 	operationId: "create-sub-agent-relation",
 	tags: ["SubAgents"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectAgentParamsSchema,
 		body: { content: { "application/json": { schema: SubAgentRelationApiInsertSchema } } }
@@ -191,12 +186,13 @@ app.openapi(createRoute({
 	const agentRelation = await createSubAgentRelation(db)({ ...relationData });
 	return c.json({ data: agentRelation }, 201);
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "put",
 	path: "/{id}",
 	summary: "Update Sub Agent Relation",
 	operationId: "update-sub-agent-relation",
 	tags: ["SubAgents"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectAgentIdParamsSchema,
 		body: { content: { "application/json": { schema: SubAgentRelationApiUpdateSchema } } }
@@ -227,12 +223,13 @@ app.openapi(createRoute({
 	});
 	return c.json({ data: updatedAgentRelation });
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "delete",
 	path: "/{id}",
 	summary: "Delete Sub Agent Relation",
 	operationId: "delete-sub-agent-relation",
 	tags: ["SubAgents"],
+	permission: requireProjectPermission("edit"),
 	request: { params: TenantProjectAgentIdParamsSchema },
 	responses: {
 		204: { description: "Sub Agent Relation deleted successfully" },

package/dist/domains/manage/routes/subAgentSkills.js

@@ -1,23 +1,17 @@
 import { requireProjectPermission } from "../../../middleware/projectAccess.js";
-import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { OpenAPIHono, z } from "@hono/zod-openapi";
 import { SubAgentSkillApiInsertSchema, SubAgentSkillResponse, SubAgentSkillWithIndexArrayResponse, TenantProjectAgentParamsSchema, TenantProjectAgentSubAgentParamsSchema, commonGetErrorResponses, createApiError, deleteSubAgentSkill, getSkillById, getSkillsForSubAgents, getSubAgentById, upsertSubAgentSkill } from "@inkeep/agents-core";
+import { createProtectedRoute } from "@inkeep/agents-core/middleware";
 
 //#region src/domains/manage/routes/subAgentSkills.ts
 const app = new OpenAPIHono();
-app.use("/", async (c, next) => {
-	if (c.req.method === "POST") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.use("/agent/:subAgentId/skill/:skillId", async (c, next) => {
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/agent/{subAgentId}",
 	summary: "List Skills for Sub-Agent",
 	operationId: "get-skills-for-subagent",
 	tags: ["Skills"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectAgentSubAgentParamsSchema },
 	responses: {
 		200: {
@@ -38,12 +32,13 @@ app.openapi(createRoute({
 	});
 	return c.json({ data: skills });
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/",
 	summary: "Attach Skill to Sub-Agent",
 	operationId: "create-subagent-skill",
 	tags: ["Skills"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectAgentParamsSchema,
 		body: { content: { "application/json": { schema: SubAgentSkillApiInsertSchema } } }
@@ -94,12 +89,13 @@ app.openapi(createRoute({
 	});
 	return c.json({ data: relation }, 201);
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "delete",
 	path: "/agent/{subAgentId}/skill/{skillId}",
 	summary: "Detach Skill from Sub-Agent",
 	operationId: "delete-subagent-skill",
 	tags: ["Skills"],
+	permission: requireProjectPermission("edit"),
 	request: { params: TenantProjectAgentParamsSchema.extend({
 		subAgentId: z.string(),
 		skillId: z.string()

package/dist/domains/manage/routes/subAgentTeamAgentRelations.js

@@ -1,25 +1,18 @@
 import { requireProjectPermission } from "../../../middleware/projectAccess.js";
 import { speakeasyOffsetLimitPagination } from "../../../utils/speakeasy.js";
-import { OpenAPIHono, createRoute } from "@hono/zod-openapi";
+import { OpenAPIHono } from "@hono/zod-openapi";
 import { ErrorResponseSchema, PaginationQueryParamsSchema, SubAgentTeamAgentRelationApiInsertSchema, SubAgentTeamAgentRelationApiUpdateSchema, SubAgentTeamAgentRelationListResponse, SubAgentTeamAgentRelationResponse, TenantProjectAgentSubAgentIdParamsSchema, TenantProjectAgentSubAgentParamsSchema, commonGetErrorResponses, createApiError, createSubAgentTeamAgentRelation, deleteSubAgentTeamAgentRelation, generateId, getSubAgentTeamAgentRelationById, listSubAgentTeamAgentRelations, updateSubAgentTeamAgentRelation } from "@inkeep/agents-core";
+import { createProtectedRoute } from "@inkeep/agents-core/middleware";
 
 //#region src/domains/manage/routes/subAgentTeamAgentRelations.ts
 const app = new OpenAPIHono();
-app.use("/", async (c, next) => {
-	if (c.req.method === "POST") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.use("/:id", async (c, next) => {
-	if (c.req.method === "PUT") return requireProjectPermission("edit")(c, next);
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/",
 	summary: "List Sub Agent Team Agent Relations",
 	operationId: "list-sub-agent-team-agent-relations",
 	tags: ["SubAgents"],
+	permission: requireProjectPermission("view"),
 	request: {
 		params: TenantProjectAgentSubAgentParamsSchema,
 		query: PaginationQueryParamsSchema
@@ -59,12 +52,13 @@ app.openapi(createRoute({
 		});
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/{id}",
 	summary: "Get Sub Agent Team Agent Relation",
 	operationId: "get-sub-agent-team-agent-relation-by-id",
 	tags: ["SubAgents"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectAgentSubAgentIdParamsSchema },
 	responses: {
 		200: {
@@ -91,12 +85,13 @@ app.openapi(createRoute({
 	});
 	return c.json({ data: relation });
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/",
 	summary: "Create Sub Agent Team Agent Relation",
 	operationId: "create-sub-agent-team-agent-relation",
 	tags: ["SubAgents"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectAgentSubAgentParamsSchema,
 		body: { content: { "application/json": { schema: SubAgentTeamAgentRelationApiInsertSchema } } }
@@ -142,12 +137,13 @@ app.openapi(createRoute({
 	});
 	return c.json({ data: relation }, 201);
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "put",
 	path: "/{id}",
 	summary: "Update Sub Agent Team Agent Relation",
 	operationId: "update-sub-agent-team-agent-relation",
 	tags: ["SubAgents"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectAgentSubAgentIdParamsSchema,
 		body: { content: { "application/json": { schema: SubAgentTeamAgentRelationApiUpdateSchema } } }
@@ -179,12 +175,13 @@ app.openapi(createRoute({
 	});
 	return c.json({ data: updatedRelation });
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "delete",
 	path: "/{id}",
 	summary: "Delete Sub Agent Team Agent Relation",
 	operationId: "delete-sub-agent-team-agent-relation",
 	tags: ["SubAgents"],
+	permission: requireProjectPermission("edit"),
 	request: { params: TenantProjectAgentSubAgentIdParamsSchema },
 	responses: {
 		204: { description: "Sub Agent Team Agent Relation deleted successfully" },

package/dist/domains/manage/routes/subAgentToolRelations.js

@@ -1,25 +1,18 @@
 import { requireProjectPermission } from "../../../middleware/projectAccess.js";
 import { speakeasyOffsetLimitPagination } from "../../../utils/speakeasy.js";
-import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { OpenAPIHono, z } from "@hono/zod-openapi";
 import { ErrorResponseSchema, PaginationQueryParamsSchema, SubAgentToolRelationApiInsertSchema, SubAgentToolRelationApiUpdateSchema, SubAgentToolRelationListResponse, SubAgentToolRelationResponse, TenantProjectAgentIdParamsSchema, TenantProjectAgentParamsSchema, commonGetErrorResponses, createAgentToolRelation, createApiError, deleteAgentToolRelation, getAgentToolRelationByAgent, getAgentToolRelationById, getAgentToolRelationByTool, getAgentsForTool, listAgentToolRelations, updateAgentToolRelation } from "@inkeep/agents-core";
+import { createProtectedRoute } from "@inkeep/agents-core/middleware";
 
 //#region src/domains/manage/routes/subAgentToolRelations.ts
 const app = new OpenAPIHono();
-app.use("/", async (c, next) => {
-	if (c.req.method === "POST") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.use("/:id", async (c, next) => {
-	if (c.req.method === "PUT") return requireProjectPermission("edit")(c, next);
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/",
 	summary: "List SubAgent Tool Relations",
 	operationId: "list-subagent-tool-relations",
 	tags: ["SubAgents", "Tools"],
+	permission: requireProjectPermission("view"),
 	request: {
 		params: TenantProjectAgentParamsSchema,
 		query: PaginationQueryParamsSchema.extend({
@@ -93,12 +86,13 @@ app.openapi(createRoute({
 	}
 	return c.json(result);
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/{id}",
 	summary: "Get SubAgent Tool Relation",
 	operationId: "get-subagent-tool-relation",
 	tags: ["SubAgents", "Tools"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectAgentIdParamsSchema },
 	responses: {
 		200: {
@@ -125,12 +119,13 @@ app.openapi(createRoute({
 	});
 	return c.json({ data: agentToolRelation });
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/tool/{toolId}/sub-agents",
 	summary: "Get SubAgents for Tool",
 	operationId: "get-subagents-for-tool",
 	tags: ["SubAgents", "Tools"],
+	permission: requireProjectPermission("view"),
 	request: {
 		params: TenantProjectAgentParamsSchema.extend({ toolId: z.string() }),
 		query: PaginationQueryParamsSchema
@@ -160,12 +155,13 @@ app.openapi(createRoute({
 	});
 	return c.json(dbResult);
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/",
 	summary: "Create SubAgent Tool Relation",
 	operationId: "create-subagent-tool-relation",
 	tags: ["SubAgents", "Tools"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectAgentParamsSchema,
 		body: { content: { "application/json": { schema: SubAgentToolRelationApiInsertSchema } } }
@@ -213,12 +209,13 @@ app.openapi(createRoute({
 		throw error;
 	}
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "put",
 	path: "/{id}",
 	summary: "Update SubAgent Tool Relation",
 	operationId: "update-subagent-tool-relation",
 	tags: ["SubAgents", "Tools"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectAgentIdParamsSchema,
 		body: { content: { "application/json": { schema: SubAgentToolRelationApiUpdateSchema } } }
@@ -253,12 +250,13 @@ app.openapi(createRoute({
 	});
 	return c.json({ data: updatedAgentToolRelation });
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "delete",
 	path: "/{id}",
 	summary: "Delete SubAgent Tool Relation",
 	operationId: "delete-subagent-tool-relation",
 	tags: ["SubAgents", "Tools"],
+	permission: requireProjectPermission("edit"),
 	request: { params: TenantProjectAgentIdParamsSchema },
 	responses: {
 		204: { description: "SubAgent tool relation deleted successfully" },

package/dist/domains/manage/routes/subAgents.js

@@ -1,26 +1,19 @@
 import runDbClient_default from "../../../data/db/runDbClient.js";
 import { requireProjectPermission } from "../../../middleware/projectAccess.js";
 import { speakeasyOffsetLimitPagination } from "../../../utils/speakeasy.js";
-import { OpenAPIHono, createRoute } from "@hono/zod-openapi";
+import { OpenAPIHono } from "@hono/zod-openapi";
 import { ErrorResponseSchema, PaginationQueryParamsSchema, SubAgentApiInsertSchema, SubAgentApiUpdateSchema, SubAgentIsDefaultError, SubAgentListResponse, SubAgentResponse, TenantProjectAgentIdParamsSchema, TenantProjectAgentParamsSchema, cascadeDeleteBySubAgent, commonGetErrorResponses, createApiError, createSubAgent, deleteSubAgent, generateId, getSubAgentById, listSubAgentsPaginated, updateSubAgent } from "@inkeep/agents-core";
+import { createProtectedRoute } from "@inkeep/agents-core/middleware";
 
 //#region src/domains/manage/routes/subAgents.ts
 const app = new OpenAPIHono();
-app.use("/", async (c, next) => {
-	if (c.req.method === "POST") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.use("/:id", async (c, next) => {
-	if (c.req.method === "PUT") return requireProjectPermission("edit")(c, next);
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/",
 	summary: "List SubAgents",
 	operationId: "list-subagents",
 	tags: ["SubAgents"],
+	permission: requireProjectPermission("view"),
 	request: {
 		params: TenantProjectAgentParamsSchema,
 		query: PaginationQueryParamsSchema
@@ -57,12 +50,13 @@ app.openapi(createRoute({
 	};
 	return c.json(dataWithType);
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/{id}",
 	summary: "Get SubAgent",
 	operationId: "get-subagent-by-id",
 	tags: ["SubAgents"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectAgentIdParamsSchema },
 	responses: {
 		200: {
@@ -91,12 +85,13 @@ app.openapi(createRoute({
 	};
 	return c.json({ data: subAgentWithType });
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/",
 	summary: "Create SubAgent",
 	operationId: "create-subagent",
 	tags: ["SubAgents"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectAgentParamsSchema,
 		body: { content: { "application/json": { schema: SubAgentApiInsertSchema } } }
@@ -124,12 +119,13 @@ app.openapi(createRoute({
 	};
 	return c.json({ data: subAgentWithType }, 201);
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "put",
 	path: "/{id}",
 	summary: "Update SubAgent",
 	operationId: "update-subagent",
 	tags: ["SubAgents"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectAgentIdParamsSchema,
 		body: { content: { "application/json": { schema: SubAgentApiUpdateSchema } } }
@@ -163,12 +159,13 @@ app.openapi(createRoute({
 	};
 	return c.json({ data: subAgentWithType });
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "delete",
 	path: "/{id}",
 	summary: "Delete SubAgent",
 	operationId: "delete-subagent",
 	tags: ["SubAgents"],
+	permission: requireProjectPermission("edit"),
 	request: { params: TenantProjectAgentIdParamsSchema },
 	responses: {
 		204: { description: "SubAgent deleted successfully" },

package/dist/domains/manage/routes/thirdPartyMCPServers.js

@@ -1,5 +1,7 @@
-import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { requireProjectPermission } from "../../../middleware/projectAccess.js";
+import { OpenAPIHono, z } from "@hono/zod-openapi";
 import { TenantProjectParamsSchema, ThirdPartyMCPServerResponse, commonGetErrorResponses, createApiError, fetchSingleComposioServer, getComposioOAuthRedirectUrl } from "@inkeep/agents-core";
+import { createProtectedRoute } from "@inkeep/agents-core/middleware";
 
 //#region src/domains/manage/routes/thirdPartyMCPServers.ts
 const app = new OpenAPIHono();
@@ -12,13 +14,14 @@ const GetOAuthRedirectBodySchema = z.object({
 	credentialScope: z.enum(["project", "user"]).describe("The credential scope")
 });
 const OAuthRedirectResponse = z.object({ data: z.object({ redirectUrl: z.string().nullable() }) });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/",
 	summary: "Get Third-Party MCP Server Details",
 	operationId: "get-third-party-mcp-server",
 	tags: ["Third-Party MCP Servers"],
 	description: "Fetch details for a specific third-party MCP server (e.g., Composio) including authentication status and connect URL",
+	permission: requireProjectPermission("view"),
 	request: {
 		params: TenantProjectParamsSchema,
 		body: { content: { "application/json": { schema: ThirdPartyMCPServerBodySchema } } }
@@ -37,13 +40,14 @@ app.openapi(createRoute({
 	const server = await fetchSingleComposioServer(tenantId, projectId, url, credentialScope ?? "project", userId);
 	return c.json({ data: server });
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/oauth-redirect",
 	summary: "Get OAuth Redirect URL",
 	operationId: "get-oauth-redirect-url",
 	tags: ["Third-Party MCP Servers"],
 	description: "Get the OAuth redirect URL for a third-party MCP server. Call this after scope selection to get the correct URL for the selected scope.",
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectParamsSchema,
 		body: { content: { "application/json": { schema: GetOAuthRedirectBodySchema } } }