@inkeep/agents-api 0.0.0-dev-20260219033751 → 0.0.0-dev-20260219045007

package/dist/domains/manage/routes/tools.js

@@ -1,28 +1,22 @@
 import { getLogger as getLogger$1 } from "../../../logger.js";
 import { requireProjectPermission } from "../../../middleware/projectAccess.js";
 import { speakeasyOffsetLimitPagination } from "../../../utils/speakeasy.js";
-import { OpenAPIHono, createRoute } from "@hono/zod-openapi";
+import { oauthService } from "../../../utils/oauthService.js";
+import { OpenAPIHono } from "@hono/zod-openapi";
 import { CredentialReferenceApiSelectSchema, CredentialReferenceResponse, McpToolListResponse, McpToolResponse, PaginationQueryParamsSchema, TenantProjectIdParamsSchema, TenantProjectParamsSchema, ToolApiInsertSchema, ToolApiUpdateSchema, ToolStatusSchema, commonGetErrorResponses, createApiError, createTool, dbResultToMcpTool, dbResultToMcpToolSkeleton, deleteTool, generateId, getToolById, getUserScopedCredentialReference, listTools, updateTool } from "@inkeep/agents-core";
+import { createProtectedRoute } from "@inkeep/agents-core/middleware";
 import { z as z$1 } from "zod";
 
 //#region src/domains/manage/routes/tools.ts
 const logger = getLogger$1("tools");
 const app = new OpenAPIHono();
-app.use("/", async (c, next) => {
-	if (c.req.method === "POST") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.use("/:id", async (c, next) => {
-	if (c.req.method === "PUT") return requireProjectPermission("edit")(c, next);
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/",
 	summary: "List Tools",
 	operationId: "list-tools",
 	tags: ["Tools"],
+	permission: requireProjectPermission("view"),
 	request: {
 		params: TenantProjectParamsSchema,
 		query: PaginationQueryParamsSchema.extend({
@@ -95,12 +89,13 @@ app.openapi(createRoute({
 	}
 	return c.json(result);
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/{id}",
 	summary: "Get Tool",
 	operationId: "get-tool",
 	tags: ["Tools"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectIdParamsSchema },
 	responses: {
 		200: {
@@ -127,12 +122,13 @@ app.openapi(createRoute({
 	const userId = c.get("userId");
 	return c.json({ data: await dbResultToMcpTool(tool, db, credentialStores, void 0, userId) });
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/",
 	summary: "Create Tool",
 	operationId: "create-tool",
 	tags: ["Tools"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectParamsSchema,
 		body: { content: { "application/json": { schema: ToolApiInsertSchema } } }
@@ -166,12 +162,13 @@ app.openapi(createRoute({
 	});
 	return c.json({ data: await dbResultToMcpTool(tool, db, credentialStores, void 0, userId) }, 201);
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "put",
 	path: "/{id}",
 	summary: "Update Tool",
 	operationId: "update-tool",
 	tags: ["Tools"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectIdParamsSchema,
 		body: { content: { "application/json": { schema: ToolApiUpdateSchema } } }
@@ -215,12 +212,13 @@ app.openapi(createRoute({
 	});
 	return c.json({ data: await dbResultToMcpTool(updatedTool, db, credentialStores, void 0, userId) });
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/{id}/user-credential",
 	summary: "Get User Credential for Tool",
 	operationId: "get-user-credential-for-tool",
 	tags: ["Tools"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectIdParamsSchema },
 	responses: {
 		200: {
@@ -252,12 +250,13 @@ app.openapi(createRoute({
 	const validatedCredential = CredentialReferenceApiSelectSchema.parse(credential);
 	return c.json({ data: validatedCredential });
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "delete",
 	path: "/{id}",
 	summary: "Delete Tool",
 	operationId: "delete-tool",
 	tags: ["Tools"],
+	permission: requireProjectPermission("edit"),
 	request: { params: TenantProjectIdParamsSchema },
 	responses: {
 		204: { description: "Tool deleted successfully" },
@@ -278,6 +277,70 @@ app.openapi(createRoute({
 	});
 	return c.body(null, 204);
 });
+app.openapi(createProtectedRoute({
+	method: "get",
+	path: "/{id}/oauth/login",
+	summary: "Initiate OAuth login for MCP tool",
+	description: "Detects OAuth requirements and redirects to the authorization server for the specified tool",
+	operationId: "initiate-tool-oauth-login",
+	tags: ["Tools"],
+	permission: requireProjectPermission("view"),
+	request: { params: TenantProjectIdParamsSchema },
+	responses: {
+		302: { description: "Redirect to OAuth authorization server" },
+		400: {
+			description: "OAuth not supported or configuration error",
+			content: { "text/html": { schema: z$1.string() } }
+		},
+		404: {
+			description: "Tool not found",
+			content: { "text/html": { schema: z$1.string() } }
+		},
+		500: {
+			description: "Internal server error",
+			content: { "text/html": { schema: z$1.string() } }
+		}
+	}
+}), async (c) => {
+	const { tenantId, projectId, id: toolId } = c.req.valid("param");
+	const db = c.get("db");
+	try {
+		const tool = await getToolById(db)({
+			scopes: {
+				tenantId,
+				projectId
+			},
+			toolId
+		});
+		if (!tool) {
+			logger.error({
+				toolId,
+				tenantId,
+				projectId
+			}, "Tool not found for OAuth login");
+			return c.text("Tool not found", 404);
+		}
+		const url = new URL(c.req.url);
+		const baseUrl = `${url.protocol}//${url.host}`;
+		const { redirectUrl } = await oauthService.initiateOAuthFlow({
+			tenantId,
+			projectId,
+			toolId,
+			mcpServerUrl: tool.config.mcp.server.url,
+			baseUrl
+		});
+		return c.redirect(redirectUrl, 302);
+	} catch (error) {
+		logger.error({
+			toolId,
+			tenantId,
+			projectId,
+			error
+		}, "OAuth login failed");
+		const errorMessage = error instanceof Error ? error.message : "Failed to initiate OAuth login";
+		return c.text(`OAuth Error: ${errorMessage}`, 500);
+	}
+});
 var tools_default = app;
 
 //#endregion

package/dist/domains/manage/routes/triggers.js

@@ -4,21 +4,13 @@ import runDbClient_default from "../../../data/db/runDbClient.js";
 import { requireProjectPermission } from "../../../middleware/projectAccess.js";
 import { speakeasyOffsetLimitPagination } from "../../../utils/speakeasy.js";
 import { dispatchExecution } from "../../run/services/TriggerService.js";
-import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { OpenAPIHono, z } from "@hono/zod-openapi";
 import { DateTimeFilterQueryParamsSchema, PaginationQueryParamsSchema, PartSchema, TenantProjectAgentIdParamsSchema, TenantProjectAgentParamsSchema, TriggerApiInsertSchema, TriggerApiUpdateSchema, TriggerInvocationListResponse, TriggerInvocationResponse, TriggerInvocationStatusEnum, TriggerWithWebhookUrlListResponse, TriggerWithWebhookUrlResponse, commonGetErrorResponses, createApiError, createTrigger, deleteTrigger, errorSchemaFactory, generateId, getCredentialReference, getTriggerById, getTriggerInvocationById, hashAuthenticationHeaders, listTriggerInvocationsPaginated, listTriggersPaginated, updateTrigger } from "@inkeep/agents-core";
+import { createProtectedRoute } from "@inkeep/agents-core/middleware";
 
 //#region src/domains/manage/routes/triggers.ts
 const logger = getLogger$1("triggers");
 const app = new OpenAPIHono();
-app.use("/", async (c, next) => {
-	if (c.req.method === "POST") return requireProjectPermission("edit")(c, next);
-	return next();
-});
-app.use("/:id", async (c, next) => {
-	if (c.req.method === "PATCH") return requireProjectPermission("edit")(c, next);
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
-	return next();
-});
 /**
 * Generate webhook URL for a trigger
 */
@@ -29,12 +21,13 @@ function generateWebhookUrl(params) {
 /**
 * List Triggers for an Agent
 */
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/",
 	summary: "List Triggers",
 	operationId: "list-triggers",
 	tags: ["Triggers"],
+	permission: requireProjectPermission("view"),
 	request: {
 		params: TenantProjectAgentParamsSchema,
 		query: PaginationQueryParamsSchema
@@ -84,12 +77,13 @@ app.openapi(createRoute({
 /**
 * Get Trigger by ID
 */
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/{id}",
 	summary: "Get Trigger",
 	operationId: "get-trigger-by-id",
 	tags: ["Triggers"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectAgentIdParamsSchema },
 	responses: {
 		200: {
@@ -129,12 +123,13 @@ app.openapi(createRoute({
 /**
 * Create Trigger
 */
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/",
 	summary: "Create Trigger",
 	operationId: "create-trigger",
 	tags: ["Triggers"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectAgentParamsSchema,
 		body: { content: { "application/json": { schema: TriggerApiInsertSchema } } }
@@ -208,12 +203,13 @@ app.openapi(createRoute({
 /**
 * Update Trigger
 */
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "patch",
 	path: "/{id}",
 	summary: "Update Trigger",
 	operationId: "update-trigger",
 	tags: ["Triggers"],
+	permission: requireProjectPermission("edit"),
 	request: {
 		params: TenantProjectAgentIdParamsSchema,
 		body: { content: { "application/json": { schema: TriggerApiUpdateSchema } } }
@@ -323,12 +319,13 @@ app.openapi(createRoute({
 /**
 * Delete Trigger
 */
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "delete",
 	path: "/{id}",
 	summary: "Delete Trigger",
 	operationId: "delete-trigger",
 	tags: ["Triggers"],
+	permission: requireProjectPermission("edit"),
 	request: { params: TenantProjectAgentIdParamsSchema },
 	responses: {
 		204: { description: "Trigger deleted successfully" },
@@ -373,12 +370,13 @@ const TriggerInvocationQueryParamsSchema = PaginationQueryParamsSchema.merge(Dat
 /**
 * List Trigger Invocations
 */
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/{id}/invocations",
 	summary: "List Trigger Invocations",
 	operationId: "list-trigger-invocations",
 	tags: ["Triggers"],
+	permission: requireProjectPermission("view"),
 	request: {
 		params: TenantProjectAgentIdParamsSchema,
 		query: TriggerInvocationQueryParamsSchema
@@ -432,12 +430,13 @@ app.openapi(createRoute({
 /**
 * Get Trigger Invocation by ID
 */
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/{id}/invocations/{invocationId}",
 	summary: "Get Trigger Invocation",
 	operationId: "get-trigger-invocation-by-id",
 	tags: ["Triggers"],
+	permission: requireProjectPermission("view"),
 	request: { params: TenantProjectAgentIdParamsSchema.extend({ invocationId: z.string().describe("Trigger Invocation ID") }) },
 	responses: {
 		200: {
@@ -475,16 +474,13 @@ app.openapi(createRoute({
 * Rerun Trigger
 * Re-executes a trigger with the provided user message (from a previous trace).
 */
-app.use("/:id/rerun", async (c, next) => {
-	if (c.req.method === "POST") return requireProjectPermission("use")(c, next);
-	return next();
-});
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/{id}/rerun",
 	summary: "Rerun Trigger",
 	operationId: "rerun-trigger",
 	tags: ["Triggers"],
+	permission: requireProjectPermission("use"),
 	request: {
 		params: TenantProjectAgentIdParamsSchema,
 		body: { content: { "application/json": { schema: z.object({

package/dist/domains/manage/routes/userProjectMemberships.js

@@ -1,5 +1,6 @@
-import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { OpenAPIHono, z } from "@hono/zod-openapi";
 import { ProjectRoles, commonGetErrorResponses, listUserProjectMembershipsInSpiceDb } from "@inkeep/agents-core";
+import { createProtectedRoute, inheritedManageTenantAuth } from "@inkeep/agents-core/middleware";
 
 //#region src/domains/manage/routes/userProjectMemberships.ts
 const app = new OpenAPIHono();
@@ -12,13 +13,14 @@ const UserProjectMembershipParamsSchema = z.object({
 	tenantId: z.string(),
 	userId: z.string()
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/",
 	summary: "List User Project Memberships",
-	description: "List all projects a user has explicit access to and their role in each. Requires authz to be enabled.",
+	description: "List all projects a user has explicit access to and their role in each.",
 	operationId: "list-user-project-memberships",
 	tags: ["User Project Memberships"],
+	permission: inheritedManageTenantAuth(),
 	request: { params: UserProjectMembershipParamsSchema },
 	responses: {
 		200: {

package/dist/domains/manage/routes/users.d.ts

@@ -1,10 +1,10 @@
 import { ManageAppVariables } from "../../../types/app.js";
 import { Hono } from "hono";
-import * as hono_types7 from "hono/types";
+import * as hono_types10 from "hono/types";
 
 //#region src/domains/manage/routes/users.d.ts
 declare const usersRoutes: Hono<{
   Variables: ManageAppVariables;
-}, hono_types7.BlankSchema, "/">;
+}, hono_types10.BlankSchema, "/">;
 //#endregion
 export { usersRoutes as default };

package/dist/domains/mcp/routes/mcp.d.ts

@@ -1,7 +1,7 @@
 import { Hono } from "hono";
-import * as hono_types4 from "hono/types";
+import * as hono_types11 from "hono/types";
 
 //#region src/domains/mcp/routes/mcp.d.ts
-declare const app: Hono<hono_types4.BlankEnv, hono_types4.BlankSchema, "/">;
+declare const app: Hono<hono_types11.BlankEnv, hono_types11.BlankSchema, "/">;
 //#endregion
 export { app as default };

package/dist/domains/run/agents/relationTools.d.ts

@@ -1,6 +1,6 @@
 import { AgentConfig, DelegateRelation } from "./Agent.js";
 import { InternalRelation } from "../utils/project.js";
-import * as _inkeep_agents_core1 from "@inkeep/agents-core";
+import * as _inkeep_agents_core0 from "@inkeep/agents-core";
 import { CredentialStoreRegistry, FullExecutionContext } from "@inkeep/agents-core";
 import * as ai0 from "ai";
 
@@ -44,7 +44,7 @@ declare function createDelegateToAgentTool({
   message: string;
 }, {
   toolCallId: any;
-  result: _inkeep_agents_core1.Message | _inkeep_agents_core1.Task;
+  result: _inkeep_agents_core0.Message | _inkeep_agents_core0.Task;
 }>;
 /**
  * Parameters for building a transfer relation config

package/dist/domains/run/routes/agents.js

@@ -1,18 +1,20 @@
 import { getLogger as getLogger$1 } from "../../../logger.js";
 import { a2aHandler } from "../a2a/handlers.js";
 import { getRegisteredAgent } from "../data/agents.js";
-import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { OpenAPIHono, z } from "@hono/zod-openapi";
 import { HeadersScopeSchema, createApiError } from "@inkeep/agents-core";
+import { createProtectedRoute, inheritedRunApiKeyAuth } from "@inkeep/agents-core/middleware";
 
 //#region src/domains/run/routes/agents.ts
 const app = new OpenAPIHono();
 const logger = getLogger$1("agents");
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/.well-known/agent.json",
 	request: { headers: HeadersScopeSchema },
 	tags: ["A2A"],
 	security: [{ bearerAuth: [] }],
+	permission: inheritedRunApiKeyAuth(),
 	responses: {
 		200: {
 			description: "Agent Card for A2A discovery",

package/dist/domains/run/routes/chat.js

@@ -10,21 +10,23 @@ import "../context/index.js";
 import { toolApprovalUiBus } from "../services/ToolApprovalUiBus.js";
 import { ImageContentItemSchema } from "../types/chat.js";
 import { extractTextFromParts, getMessagePartsFromOpenAIContent } from "../utils/message-parts.js";
-import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { OpenAPIHono, z } from "@hono/zod-openapi";
 import { PartSchema, createApiError, createMessage, createOrGetConversation, generateId, getActiveAgentForConversation, getConversationId, setActiveAgentForConversation } from "@inkeep/agents-core";
+import { createProtectedRoute, inheritedRunApiKeyAuth } from "@inkeep/agents-core/middleware";
 import { context, propagation, trace } from "@opentelemetry/api";
 import { streamSSE } from "hono/streaming";
 
 //#region src/domains/run/routes/chat.ts
 const app = new OpenAPIHono();
 const logger = getLogger$1("completionsHandler");
-const chatCompletionsRoute = createRoute({
+const chatCompletionsRoute = createProtectedRoute({
 	method: "post",
 	path: "/completions",
 	tags: ["Chat"],
 	summary: "Create chat completion",
 	description: "Creates a new chat completion with streaming SSE response using the configured agent",
 	security: [{ bearerAuth: [] }],
+	permission: inheritedRunApiKeyAuth(),
 	request: { body: { content: { "application/json": { schema: z.object({
 		model: z.string().describe("The model to use for the completion"),
 		messages: z.array(z.object({

package/dist/domains/run/routes/chatDataStream.js

@@ -11,8 +11,9 @@ import { pendingToolApprovalManager } from "../services/PendingToolApprovalManag
 import { toolApprovalUiBus } from "../services/ToolApprovalUiBus.js";
 import { ImageUrlSchema } from "../types/chat.js";
 import { extractTextFromParts, getMessagePartsFromVercelContent } from "../utils/message-parts.js";
-import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { OpenAPIHono, z } from "@hono/zod-openapi";
 import { PartSchema, commonGetErrorResponses, createApiError, createMessage, generateId, getActiveAgentForConversation, getConversation, getConversationId, loggerFactory, setActiveAgentForConversation } from "@inkeep/agents-core";
+import { createProtectedRoute, inheritedRunApiKeyAuth } from "@inkeep/agents-core/middleware";
 import { JsonToSseTransformStream, createUIMessageStream } from "ai";
 import { context, propagation, trace } from "@opentelemetry/api";
 import { stream } from "hono/streaming";
@@ -20,13 +21,14 @@ import { stream } from "hono/streaming";
 //#region src/domains/run/routes/chatDataStream.ts
 const app = new OpenAPIHono();
 const logger = getLogger$1("chatDataStream");
-const chatDataStreamRoute = createRoute({
+const chatDataStreamRoute = createProtectedRoute({
 	method: "post",
 	path: "/chat",
 	tags: ["Chat"],
 	summary: "Chat (Vercel Streaming Protocol)",
 	description: "Chat completion endpoint streaming with Vercel data stream protocol.",
 	security: [{ bearerAuth: [] }],
+	permission: inheritedRunApiKeyAuth(),
 	request: { body: { content: { "application/json": { schema: z.object({
 		model: z.string().optional(),
 		messages: z.array(z.object({
@@ -375,13 +377,14 @@ app.openapi(chatDataStreamRoute, async (c) => {
 		});
 	}
 });
-const toolApprovalRoute = createRoute({
+const toolApprovalRoute = createProtectedRoute({
 	method: "post",
 	path: "/tool-approvals",
 	tags: ["Chat"],
 	summary: "Approve or deny tool execution",
 	description: "Handle user approval/denial of tool execution requests during conversations",
 	security: [{ bearerAuth: [] }],
+	permission: inheritedRunApiKeyAuth(),
 	request: { body: { content: { "application/json": { schema: z.object({
 		conversationId: z.string().describe("The conversation ID"),
 		toolCallId: z.string().describe("The tool call ID to respond to"),

package/dist/domains/run/routes/mcp.js

@@ -5,8 +5,9 @@ import { ExecutionHandler } from "../handlers/executionHandler.js";
 import { contextValidationMiddleware } from "../context/validation.js";
 import { handleContextResolution } from "../context/context.js";
 import "../context/index.js";
-import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { OpenAPIHono, z } from "@hono/zod-openapi";
 import { HeadersScopeSchema, createMessage, createOrGetConversation, generateId, getConversation, getConversationId, updateConversation } from "@inkeep/agents-core";
+import { createProtectedRoute, inheritedRunApiKeyAuth } from "@inkeep/agents-core/middleware";
 import { context, propagation, trace } from "@opentelemetry/api";
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
@@ -415,13 +416,14 @@ const createErrorResponse = (code, message, id = null) => ({
 	},
 	id
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "post",
 	path: "/",
 	tags: ["MCP"],
 	summary: "MCP Protocol",
 	description: "Handles Model Context Protocol (MCP) JSON-RPC requests",
 	security: [{ bearerAuth: [] }],
+	permission: inheritedRunApiKeyAuth(),
 	request: { headers: HeadersScopeSchema },
 	responses: {
 		200: { description: "MCP response" },

package/dist/domains/run/routes/webhooks.js

@@ -1,6 +1,7 @@
 import { getLogger } from "../../../logger.js";
 import { processWebhook } from "../services/TriggerService.js";
-import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { OpenAPIHono, z } from "@hono/zod-openapi";
+import { createProtectedRoute, noAuth } from "@inkeep/agents-core/middleware";
 
 //#region src/domains/run/routes/webhooks.ts
 const app = new OpenAPIHono();
@@ -9,12 +10,13 @@ const logger = getLogger("webhooks");
 * Webhook endpoint for trigger invocation
 * POST /tenants/{tenantId}/projects/{projectId}/agents/{agentId}/triggers/{triggerId}
 */
-const triggerWebhookRoute = createRoute({
+const triggerWebhookRoute = createProtectedRoute({
 	method: "post",
 	path: "/tenants/{tenantId}/projects/{projectId}/agents/{agentId}/triggers/{triggerId}",
 	tags: ["Webhooks"],
 	summary: "Invoke agent via trigger webhook",
 	description: "Webhook endpoint for third-party services to invoke an agent via a configured trigger",
+	permission: noAuth(),
 	request: {
 		params: z.object({
 			tenantId: z.string().describe("Tenant ID"),
@@ -63,7 +65,7 @@ const triggerWebhookRoute = createRoute({
 	}
 });
 app.openapi(triggerWebhookRoute, async (c) => {
-	const { tenantId, projectId, agentId, triggerId } = c.req.param();
+	const { tenantId, projectId, agentId, triggerId } = c.req.valid("param");
 	const resolvedRef = c.get("resolvedRef");
 	logger.info({
 		tenantId,

package/dist/domains/run/tools/distill-conversation-history-tool.d.ts

@@ -32,9 +32,9 @@ declare const ConversationHistorySummarySchema: z.ZodObject<{
     tool_call_id: z.ZodString;
     content_summary: z.ZodString;
     relevance: z.ZodEnum<{
-      low: "low";
       high: "high";
       medium: "medium";
+      low: "low";
     }>;
   }, z.core.$strip>>>;
   conversation_flow: z.ZodObject<{

package/dist/domains/run/types/chat.d.ts

@@ -9,9 +9,9 @@ declare const ImageUrlSchema: z.ZodUnion<readonly [z.ZodURL, z.ZodString]>;
 /** OpenAI-specific image detail level. Has no effect on other providers. */
 declare const ImageDetailEnum: readonly ["auto", "low", "high"];
 declare const ImageDetailSchema: z.ZodEnum<{
-  auto: "auto";
-  low: "low";
   high: "high";
+  low: "low";
+  auto: "auto";
 }>;
 type ImageDetail = z.infer<typeof ImageDetailSchema>;
 declare const ImageContentItemSchema: z.ZodObject<{
@@ -19,9 +19,9 @@ declare const ImageContentItemSchema: z.ZodObject<{
   image_url: z.ZodObject<{
     url: z.ZodUnion<readonly [z.ZodURL, z.ZodString]>;
     detail: z.ZodOptional<z.ZodEnum<{
-      auto: "auto";
-      low: "low";
       high: "high";
+      low: "low";
+      auto: "auto";
     }>>;
   }, z.core.$strip>;
 }, z.core.$strip>;

package/dist/domains/run/utils/token-estimator.d.ts

@@ -1,4 +1,4 @@
-import * as _inkeep_agents_core3 from "@inkeep/agents-core";
+import * as _inkeep_agents_core2 from "@inkeep/agents-core";
 import { BreakdownComponentDef, ContextBreakdown, calculateBreakdownTotal, createEmptyBreakdown } from "@inkeep/agents-core";
 
 //#region src/domains/run/utils/token-estimator.d.ts
@@ -17,7 +17,7 @@ interface AssembleResult {
   /** The assembled prompt string */
   prompt: string;
   /** Token breakdown for each component */
-  breakdown: _inkeep_agents_core3.ContextBreakdown;
+  breakdown: _inkeep_agents_core2.ContextBreakdown;
 }
 //#endregion
 export { AssembleResult, type BreakdownComponentDef, type ContextBreakdown, calculateBreakdownTotal, createEmptyBreakdown, estimateTokens };

package/dist/domains/run/workflow/steps/scheduledTriggerSteps.d.ts

@@ -105,7 +105,7 @@ declare function createInvocationIdempotentStep(params: {
     projectId: string;
     tenantId: string;
     id: string;
-    status: "pending" | "completed" | "running" | "failed" | "cancelled";
+    status: "pending" | "completed" | "failed" | "running" | "cancelled";
     resolvedPayload?: Record<string, unknown> | null | undefined;
   };
   alreadyExists: boolean;
@@ -145,7 +145,7 @@ declare function markRunningStep(params: {
   projectId: string;
   tenantId: string;
   id: string;
-  status: "pending" | "completed" | "running" | "failed" | "cancelled";
+  status: "pending" | "completed" | "failed" | "running" | "cancelled";
   resolvedPayload?: Record<string, unknown> | null | undefined;
 }>;
 /**
@@ -172,7 +172,7 @@ declare function addConversationIdStep(params: {
   projectId: string;
   tenantId: string;
   id: string;
-  status: "pending" | "completed" | "running" | "failed" | "cancelled";
+  status: "pending" | "completed" | "failed" | "running" | "cancelled";
   resolvedPayload?: Record<string, unknown> | null | undefined;
 } | undefined>;
 /**
@@ -197,7 +197,7 @@ declare function markCompletedStep(params: {
   projectId: string;
   tenantId: string;
   id: string;
-  status: "pending" | "completed" | "running" | "failed" | "cancelled";
+  status: "pending" | "completed" | "failed" | "running" | "cancelled";
   resolvedPayload?: Record<string, unknown> | null | undefined;
 } | undefined>;
 /**
@@ -222,7 +222,7 @@ declare function markFailedStep(params: {
   projectId: string;
   tenantId: string;
   id: string;
-  status: "pending" | "completed" | "running" | "failed" | "cancelled";
+  status: "pending" | "completed" | "failed" | "running" | "cancelled";
   resolvedPayload?: Record<string, unknown> | null | undefined;
 } | undefined>;
 /**