@inkeep/agents-api 0.0.0-dev-20260318225235 → 0.0.0-dev-20260318232505

package/dist/.well-known/workflow/v1/manifest.json

@@ -1,11 +1,6 @@
 {
   "version": "1.0.0",
   "steps": {
-    "node_modules/.pnpm/workflow@4.2.0-beta.68_@nestjs+common@11.1.13_reflect-metadata@0.2.2_rxjs@7.8.2__@nestj_9ec7abb8bcd1459c2bab463fccef5dfb/node_modules/workflow/dist/stdlib.js": {
-      "fetch": {
-        "stepId": "step//workflow@4.2.0-beta.68//fetch"
-      }
-    },
     "node_modules/.pnpm/workflow@4.2.0-beta.68_@nestjs+common@11.1.13_reflect-metadata@0.2.2_rxjs@7.8.2__@nestj_9ec7abb8bcd1459c2bab463fccef5dfb/node_modules/workflow/dist/internal/builtins.js": {
       "__builtin_response_array_buffer": {
         "stepId": "__builtin_response_array_buffer"
@@ -17,9 +12,9 @@
         "stepId": "__builtin_response_text"
       }
     },
-    "src/domains/run/workflow/functions/scheduledTriggerRunner.ts": {
-      "startNextIterationStep": {
-        "stepId": "step//./src/domains/run/workflow/functions/scheduledTriggerRunner//startNextIterationStep"
+    "node_modules/.pnpm/workflow@4.2.0-beta.68_@nestjs+common@11.1.13_reflect-metadata@0.2.2_rxjs@7.8.2__@nestj_9ec7abb8bcd1459c2bab463fccef5dfb/node_modules/workflow/dist/stdlib.js": {
+      "fetch": {
+        "stepId": "step//workflow@4.2.0-beta.68//fetch"
       }
     },
     "src/domains/evals/workflow/functions/evaluateConversation.ts": {
@@ -93,18 +88,14 @@
       "markRunningStep": {
         "stepId": "step//./src/domains/run/workflow/steps/scheduledTriggerSteps//markRunningStep"
       }
+    },
+    "src/domains/run/workflow/functions/scheduledTriggerRunner.ts": {
+      "startNextIterationStep": {
+        "stepId": "step//./src/domains/run/workflow/functions/scheduledTriggerRunner//startNextIterationStep"
+      }
     }
   },
   "workflows": {
-    "src/domains/run/workflow/functions/scheduledTriggerRunner.ts": {
-      "_scheduledTriggerRunnerWorkflow": {
-        "workflowId": "workflow//./src/domains/run/workflow/functions/scheduledTriggerRunner//_scheduledTriggerRunnerWorkflow",
-        "graph": {
-          "nodes": [],
-          "edges": []
-        }
-      }
-    },
     "src/domains/evals/workflow/functions/evaluateConversation.ts": {
       "_evaluateConversationWorkflow": {
         "workflowId": "workflow//./src/domains/evals/workflow/functions/evaluateConversation//_evaluateConversationWorkflow",
@@ -122,6 +113,15 @@
           "edges": []
         }
       }
+    },
+    "src/domains/run/workflow/functions/scheduledTriggerRunner.ts": {
+      "_scheduledTriggerRunnerWorkflow": {
+        "workflowId": "workflow//./src/domains/run/workflow/functions/scheduledTriggerRunner//_scheduledTriggerRunnerWorkflow",
+        "graph": {
+          "nodes": [],
+          "edges": []
+        }
+      }
     }
   },
   "classes": {}

package/dist/createApp.d.ts

@@ -1,10 +1,10 @@
 import { AppConfig } from "./types/app.js";
 import "./types/index.js";
 import { Hono } from "hono";
-import * as hono_types1 from "hono/types";
+import * as hono_types11 from "hono/types";
 
 //#region src/createApp.d.ts
 declare const isWebhookRoute: (path: string) => boolean;
-declare function createAgentsHono(config: AppConfig): Hono<hono_types1.BlankEnv, hono_types1.BlankSchema, "/">;
+declare function createAgentsHono(config: AppConfig): Hono<hono_types11.BlankEnv, hono_types11.BlankSchema, "/">;
 //#endregion
 export { createAgentsHono, isWebhookRoute };

package/dist/data/db/manageDbClient.d.ts

@@ -1,6 +1,6 @@
-import * as _inkeep_agents_core2 from "@inkeep/agents-core";
+import * as _inkeep_agents_core0 from "@inkeep/agents-core";
 
 //#region src/data/db/manageDbClient.d.ts
-declare const manageDbClient: _inkeep_agents_core2.AgentsManageDatabaseClient;
+declare const manageDbClient: _inkeep_agents_core0.AgentsManageDatabaseClient;
 //#endregion
 export { manageDbClient as default };

package/dist/data/db/runDbClient.d.ts

@@ -1,6 +1,6 @@
-import * as _inkeep_agents_core3 from "@inkeep/agents-core";
+import * as _inkeep_agents_core0 from "@inkeep/agents-core";
 
 //#region src/data/db/runDbClient.d.ts
-declare const runDbClient: _inkeep_agents_core3.AgentsRunDatabaseClient;
+declare const runDbClient: _inkeep_agents_core0.AgentsRunDatabaseClient;
 //#endregion
 export { runDbClient as default };

package/dist/data-reconciliation/handlers/agent.d.ts

@@ -1,6 +1,6 @@
-import * as _inkeep_agents_core5 from "@inkeep/agents-core";
+import * as _inkeep_agents_core1 from "@inkeep/agents-core";
 
 //#region src/data-reconciliation/handlers/agent.d.ts
-declare const agentHandlers: _inkeep_agents_core5.EntityEffectHandlers<"agent">;
+declare const agentHandlers: _inkeep_agents_core1.EntityEffectHandlers<"agent">;
 //#endregion
 export { agentHandlers };

package/dist/data-reconciliation/handlers/context-configs.d.ts

@@ -1,6 +1,6 @@
-import * as _inkeep_agents_core4 from "@inkeep/agents-core";
+import * as _inkeep_agents_core2 from "@inkeep/agents-core";
 
 //#region src/data-reconciliation/handlers/context-configs.d.ts
-declare const contextConfigsHandlers: _inkeep_agents_core4.EntityEffectHandlers<"context_configs">;
+declare const contextConfigsHandlers: _inkeep_agents_core2.EntityEffectHandlers<"context_configs">;
 //#endregion
 export { contextConfigsHandlers };

package/dist/data-reconciliation/handlers/scheduled-triggers.d.ts

@@ -1,6 +1,6 @@
-import * as _inkeep_agents_core6 from "@inkeep/agents-core";
+import * as _inkeep_agents_core3 from "@inkeep/agents-core";
 
 //#region src/data-reconciliation/handlers/scheduled-triggers.d.ts
-declare const scheduledTriggersHandlers: _inkeep_agents_core6.EntityEffectHandlers<"scheduled_triggers">;
+declare const scheduledTriggersHandlers: _inkeep_agents_core3.EntityEffectHandlers<"scheduled_triggers">;
 //#endregion
 export { scheduledTriggersHandlers };

package/dist/data-reconciliation/handlers/sub-agents.d.ts

@@ -1,6 +1,6 @@
-import * as _inkeep_agents_core7 from "@inkeep/agents-core";
+import * as _inkeep_agents_core4 from "@inkeep/agents-core";
 
 //#region src/data-reconciliation/handlers/sub-agents.d.ts
-declare const subAgentsHandlers: _inkeep_agents_core7.EntityEffectHandlers<"sub_agents">;
+declare const subAgentsHandlers: _inkeep_agents_core4.EntityEffectHandlers<"sub_agents">;
 //#endregion
 export { subAgentsHandlers };

package/dist/data-reconciliation/handlers/tools.d.ts

@@ -1,6 +1,6 @@
-import * as _inkeep_agents_core8 from "@inkeep/agents-core";
+import * as _inkeep_agents_core5 from "@inkeep/agents-core";
 
 //#region src/data-reconciliation/handlers/tools.d.ts
-declare const toolsHandlers: _inkeep_agents_core8.EntityEffectHandlers<"tools">;
+declare const toolsHandlers: _inkeep_agents_core5.EntityEffectHandlers<"tools">;
 //#endregion
 export { toolsHandlers };

package/dist/domains/evals/routes/datasetTriggers.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono1 from "hono";
+import * as hono10 from "hono";
 
 //#region src/domains/evals/routes/datasetTriggers.d.ts
-declare const app: OpenAPIHono<hono1.Env, {}, "/">;
+declare const app: OpenAPIHono<hono10.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/evals/routes/index.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono2 from "hono";
+import * as hono11 from "hono";
 
 //#region src/domains/evals/routes/index.d.ts
-declare const app: OpenAPIHono<hono2.Env, {}, "/">;
+declare const app: OpenAPIHono<hono11.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/availableAgents.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono14 from "hono";
+import * as hono13 from "hono";
 
 //#region src/domains/manage/routes/availableAgents.d.ts
-declare const app: OpenAPIHono<hono14.Env, {}, "/">;
+declare const app: OpenAPIHono<hono13.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/conversations.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono13 from "hono";
+import * as hono14 from "hono";
 
 //#region src/domains/manage/routes/conversations.d.ts
-declare const app: OpenAPIHono<hono13.Env, {}, "/">;
+declare const app: OpenAPIHono<hono14.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/index.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono15 from "hono";
+import * as hono12 from "hono";
 
 //#region src/domains/manage/routes/index.d.ts
-declare const app: OpenAPIHono<hono15.Env, {}, "/">;
+declare const app: OpenAPIHono<hono12.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/invitations.d.ts

@@ -1,10 +1,10 @@
 import { ManageAppVariables } from "../../../types/app.js";
 import { Hono } from "hono";
-import * as hono_types7 from "hono/types";
+import * as hono_types8 from "hono/types";
 
 //#region src/domains/manage/routes/invitations.d.ts
 declare const invitationsRoutes: Hono<{
   Variables: ManageAppVariables;
-}, hono_types7.BlankSchema, "/">;
+}, hono_types8.BlankSchema, "/">;
 //#endregion
 export { invitationsRoutes as default };

package/dist/domains/manage/routes/passwordResetLinks.d.ts

@@ -1,10 +1,10 @@
 import { ManageAppVariables } from "../../../types/app.js";
 import { Hono } from "hono";
-import * as hono_types8 from "hono/types";
+import * as hono_types9 from "hono/types";
 
 //#region src/domains/manage/routes/passwordResetLinks.d.ts
 declare const passwordResetLinksRoutes: Hono<{
   Variables: ManageAppVariables;
-}, hono_types8.BlankSchema, "/">;
+}, hono_types9.BlankSchema, "/">;
 //#endregion
 export { passwordResetLinksRoutes as default };

package/dist/domains/manage/routes/signoz.d.ts

@@ -1,10 +1,10 @@
 import { ManageAppVariables } from "../../../types/app.js";
 import { Hono } from "hono";
-import * as hono_types10 from "hono/types";
+import * as hono_types7 from "hono/types";
 
 //#region src/domains/manage/routes/signoz.d.ts
 declare const app: Hono<{
   Variables: ManageAppVariables;
-}, hono_types10.BlankSchema, "/">;
+}, hono_types7.BlankSchema, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/users.d.ts

@@ -1,10 +1,10 @@
 import { ManageAppVariables } from "../../../types/app.js";
 import { Hono } from "hono";
-import * as hono_types9 from "hono/types";
+import * as hono_types10 from "hono/types";
 
 //#region src/domains/manage/routes/users.d.ts
 declare const usersRoutes: Hono<{
   Variables: ManageAppVariables;
-}, hono_types9.BlankSchema, "/">;
+}, hono_types10.BlankSchema, "/">;
 //#endregion
 export { usersRoutes as default };

package/dist/domains/run/agents/relationTools.d.ts

@@ -1,7 +1,7 @@
 import { AgentConfig, DelegateRelation } from "./agent-types.js";
 import "./Agent.js";
 import { InternalRelation } from "../utils/project.js";
-import * as _inkeep_agents_core0 from "@inkeep/agents-core";
+import * as _inkeep_agents_core6 from "@inkeep/agents-core";
 import { CredentialStoreRegistry, FullExecutionContext } from "@inkeep/agents-core";
 import * as ai0 from "ai";
 
@@ -45,7 +45,7 @@ declare function createDelegateToAgentTool({
   message: string;
 }, {
   toolCallId: any;
-  result: _inkeep_agents_core0.Message | _inkeep_agents_core0.Task;
+  result: _inkeep_agents_core6.Message | _inkeep_agents_core6.Task;
 }>;
 /**
  * Parameters for building a transfer relation config

package/dist/domains/run/routes/auth.d.ts

@@ -1,8 +1,8 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono16 from "hono";
+import * as hono15 from "hono";
 
 //#region src/domains/run/routes/auth.d.ts
 declare function getAnonJwtSecret(): Uint8Array;
-declare const app: OpenAPIHono<hono16.Env, {}, "/">;
+declare const app: OpenAPIHono<hono15.Env, {}, "/">;
 //#endregion
 export { app as default, getAnonJwtSecret };

package/dist/domains/run/tools/distill-conversation-history-tool.d.ts

@@ -29,9 +29,9 @@ declare const ConversationHistorySummarySchema: z.ZodObject<{
     tool_call_id: z.ZodString;
     content_summary: z.ZodString;
     relevance: z.ZodEnum<{
-      low: "low";
       high: "high";
       medium: "medium";
+      low: "low";
     }>;
   }, z.core.$strip>>>;
   conversation_flow: z.ZodObject<{

package/dist/domains/run/types/chat.d.ts

@@ -9,9 +9,9 @@ declare const ImageUrlSchema: z.ZodUnion<readonly [z.ZodURL, z.ZodString]>;
 /** OpenAI-specific image detail level. Has no effect on other providers. */
 declare const ImageDetailEnum: readonly ["auto", "low", "high"];
 declare const ImageDetailSchema: z.ZodEnum<{
-  auto: "auto";
-  low: "low";
   high: "high";
+  low: "low";
+  auto: "auto";
 }>;
 type ImageDetail = z.infer<typeof ImageDetailSchema>;
 declare const ImageContentItemSchema: z.ZodObject<{
@@ -19,9 +19,9 @@ declare const ImageContentItemSchema: z.ZodObject<{
   image_url: z.ZodObject<{
     url: z.ZodUnion<readonly [z.ZodURL, z.ZodString]>;
     detail: z.ZodOptional<z.ZodEnum<{
-      auto: "auto";
-      low: "low";
       high: "high";
+      low: "low";
+      auto: "auto";
     }>>;
   }, z.core.$strip>;
 }, z.core.$strip>;

package/dist/domains/run/utils/token-estimator.d.ts

@@ -1,4 +1,4 @@
-import * as _inkeep_agents_core1 from "@inkeep/agents-core";
+import * as _inkeep_agents_core8 from "@inkeep/agents-core";
 import { BreakdownComponentDef, ContextBreakdown, calculateBreakdownTotal, createEmptyBreakdown } from "@inkeep/agents-core";
 
 //#region src/domains/run/utils/token-estimator.d.ts
@@ -17,7 +17,7 @@ interface AssembleResult {
   /** The assembled prompt string */
   prompt: string;
   /** Token breakdown for each component */
-  breakdown: _inkeep_agents_core1.ContextBreakdown;
+  breakdown: _inkeep_agents_core8.ContextBreakdown;
 }
 //#endregion
 export { AssembleResult, type BreakdownComponentDef, type ContextBreakdown, calculateBreakdownTotal, createEmptyBreakdown, estimateTokens };

package/dist/domains/run/workflow/steps/scheduledTriggerSteps.d.ts

@@ -108,7 +108,7 @@ declare function createInvocationIdempotentStep(params: {
     projectId: string;
     tenantId: string;
     id: string;
-    status: "completed" | "pending" | "running" | "failed" | "cancelled";
+    status: "pending" | "completed" | "running" | "failed" | "cancelled";
     ref?: {
       type: "commit" | "tag" | "branch";
       name: string;
@@ -153,7 +153,7 @@ declare function markRunningStep(params: {
   projectId: string;
   tenantId: string;
   id: string;
-  status: "completed" | "pending" | "running" | "failed" | "cancelled";
+  status: "pending" | "completed" | "running" | "failed" | "cancelled";
   ref?: {
     type: "commit" | "tag" | "branch";
     name: string;
@@ -185,7 +185,7 @@ declare function addConversationIdStep(params: {
   projectId: string;
   tenantId: string;
   id: string;
-  status: "completed" | "pending" | "running" | "failed" | "cancelled";
+  status: "pending" | "completed" | "running" | "failed" | "cancelled";
   ref?: {
     type: "commit" | "tag" | "branch";
     name: string;
@@ -215,7 +215,7 @@ declare function markCompletedStep(params: {
   projectId: string;
   tenantId: string;
   id: string;
-  status: "completed" | "pending" | "running" | "failed" | "cancelled";
+  status: "pending" | "completed" | "running" | "failed" | "cancelled";
   ref?: {
     type: "commit" | "tag" | "branch";
     name: string;
@@ -245,7 +245,7 @@ declare function markFailedStep(params: {
   projectId: string;
   tenantId: string;
   id: string;
-  status: "completed" | "pending" | "running" | "failed" | "cancelled";
+  status: "pending" | "completed" | "running" | "failed" | "cancelled";
   ref?: {
     type: "commit" | "tag" | "branch";
     name: string;

package/dist/index.d.ts

@@ -7,7 +7,7 @@ import { SSOProviderConfig, UserAuthConfig, createAgentsApp } from "./factory.js
 import "./sentry.js";
 import { Hono } from "hono";
 import * as zod344 from "zod";
-import * as hono_types11 from "hono/types";
+import * as hono_types1 from "hono/types";
 import * as better_auth99 from "better-auth";
 import * as better_auth_plugins35 from "better-auth/plugins";
 import * as _better_auth_sso11 from "@better-auth/sso";
@@ -1627,6 +1627,6 @@ declare const auth: better_auth99.Auth<{
     }>;
   }];
 }>;
-declare const app: Hono<hono_types11.BlankEnv, hono_types11.BlankSchema, "/">;
+declare const app: Hono<hono_types1.BlankEnv, hono_types1.BlankSchema, "/">;
 //#endregion
 export { type AppConfig, type AppVariables, Hono, type NativeSandboxConfig, type SSOProviderConfig, type SandboxConfig, type UserAuthConfig, type VercelSandboxConfig, auth, createAgentsApp, createAgentsHono, createAuth0Provider, createOIDCProvider, app as default };

package/dist/middleware/evalsAuth.d.ts

@@ -1,5 +1,5 @@
 import { BaseExecutionContext } from "@inkeep/agents-core";
-import * as hono19 from "hono";
+import * as hono18 from "hono";
 
 //#region src/middleware/evalsAuth.d.ts
 
@@ -7,7 +7,7 @@ import * as hono19 from "hono";
  * Middleware to authenticate API requests using Bearer token authentication
  * First checks if token matches INKEEP_AGENTS_EVAL_API_BYPASS_SECRET,
  */
-declare const evalApiKeyAuth: () => hono19.MiddlewareHandler<{
+declare const evalApiKeyAuth: () => hono18.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };

package/dist/middleware/manageAuth.d.ts

@@ -1,5 +1,5 @@
 import { BaseExecutionContext } from "@inkeep/agents-core";
-import * as hono8 from "hono";
+import * as hono16 from "hono";
 import { createAuth } from "@inkeep/agents-core/auth";
 
 //#region src/middleware/manageAuth.d.ts
@@ -12,10 +12,11 @@ import { createAuth } from "@inkeep/agents-core/auth";
  * 3. Slack user JWT token (for Slack work app delegation)
  * 4. Internal service token
  *
- * NOTE: Database API keys are intentionally NOT accepted on manage endpoints.
- * API keys are restricted to the run domain only (chat, agent execution).
+ * NOTE: Database API keys are intentionally NOT accepted on manage endpoints,
+ * EXCEPT for the legacy exception on GET /manage/tenants/:t/projects/:p/conversations/:id
+ * (see isLegacyApiKeyAllowedRoute). API keys are otherwise restricted to the run domain only.
  */
-declare const manageBearerAuth: () => hono8.MiddlewareHandler<{
+declare const manageBearerAuth: () => hono16.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
     userId?: string;
@@ -29,6 +30,6 @@ declare const manageBearerAuth: () => hono8.MiddlewareHandler<{
  * Uses Bearer token → manage bearer auth (bypass secret, session, Slack JWT, internal service),
  * otherwise falls back to session auth.
  */
-declare const manageBearerOrSessionAuth: () => hono8.MiddlewareHandler<any, string, {}, Response>;
+declare const manageBearerOrSessionAuth: () => hono16.MiddlewareHandler<any, string, {}, Response>;
 //#endregion
 export { manageBearerAuth, manageBearerOrSessionAuth };

package/dist/middleware/manageAuth.js

@@ -1,11 +1,25 @@
 import { env } from "../env.js";
+import runDbClient_default from "../data/db/runDbClient.js";
 import { sessionAuth } from "./sessionAuth.js";
-import { getLogger, isInternalServiceToken, isSlackUserToken, verifyInternalServiceAuthHeader, verifySlackUserToken } from "@inkeep/agents-core";
+import { getLogger, isInternalServiceToken, isSlackUserToken, validateAndGetApiKey, verifyInternalServiceAuthHeader, verifySlackUserToken } from "@inkeep/agents-core";
 import { registerAuthzMeta } from "@inkeep/agents-core/middleware";
 import { createMiddleware } from "hono/factory";
 import { HTTPException } from "hono/http-exception";
 
 //#region src/middleware/manageAuth.ts
+/**
+* Legacy exception: allow database API keys on GET /manage/tenants/:t/projects/:p/conversations/:id
+* A customer uses the deprecated API key and needs read access to this single endpoint.
+* The caller must already know the conversationId. Only GET with a specific conversation ID is allowed —
+* list, bounds, media, and all other manage endpoints remain session-only.
+*/
+const LEGACY_API_KEY_CONVERSATION_ROUTE = /^\/manage\/tenants\/[^/]+\/projects\/[^/]+\/conversations\/[^/]+\/?$/;
+function isLegacyApiKeyAllowedRoute(method, path) {
+	return method === "GET" && LEGACY_API_KEY_CONVERSATION_ROUTE.test(path);
+}
+function extractProjectIdFromPath(path) {
+	return path.match(/\/projects\/([^/]+)\//)?.[1];
+}
 const logger = getLogger("env-key-auth");
 /**
 * Middleware to authenticate API requests using Bearer token authentication
@@ -15,8 +29,9 @@ const logger = getLogger("env-key-auth");
 * 3. Slack user JWT token (for Slack work app delegation)
 * 4. Internal service token
 *
-* NOTE: Database API keys are intentionally NOT accepted on manage endpoints.
-* API keys are restricted to the run domain only (chat, agent execution).
+* NOTE: Database API keys are intentionally NOT accepted on manage endpoints,
+* EXCEPT for the legacy exception on GET /manage/tenants/:t/projects/:p/conversations/:id
+* (see isLegacyApiKeyAllowedRoute). API keys are otherwise restricted to the run domain only.
 */
 const manageBearerAuth = () => createMiddleware(async (c, next) => {
 	const authHeader = c.req.header("Authorization");
@@ -83,6 +98,31 @@ const manageBearerAuth = () => createMiddleware(async (c, next) => {
 		await next();
 		return;
 	}
+	if (isLegacyApiKeyAllowedRoute(c.req.method, c.req.path)) try {
+		const apiKeyRecord = await validateAndGetApiKey(token, runDbClient_default);
+		if (apiKeyRecord) {
+			const routeProjectId = extractProjectIdFromPath(c.req.path);
+			if (routeProjectId && apiKeyRecord.projectId !== routeProjectId) {
+				logger.warn({
+					apiKeyId: apiKeyRecord.id,
+					apiKeyProjectId: apiKeyRecord.projectId,
+					routeProjectId
+				}, "Legacy API key project mismatch");
+				throw new HTTPException(403, { message: "API key does not have access to this project" });
+			}
+			logger.info({
+				apiKeyId: apiKeyRecord.id,
+				tenantId: apiKeyRecord.tenantId
+			}, "Legacy API key authenticated for manage conversation endpoint");
+			c.set("userId", `apikey:${apiKeyRecord.id}`);
+			c.set("tenantId", apiKeyRecord.tenantId);
+			await next();
+			return;
+		}
+	} catch (error) {
+		if (error instanceof HTTPException) throw error;
+		logger.error({ error }, "Legacy API key validation failed");
+	}
 	throw new HTTPException(401, { message: "Invalid Token" });
 });
 /**

package/dist/middleware/projectConfig.d.ts

@@ -1,11 +1,11 @@
 import { BaseExecutionContext, ResolvedRef } from "@inkeep/agents-core";
-import * as hono17 from "hono";
+import * as hono1 from "hono";
 
 //#region src/middleware/projectConfig.d.ts
 /**
  * Middleware that fetches the full project definition from the Management API
  */
-declare const projectConfigMiddleware: hono17.MiddlewareHandler<{
+declare const projectConfigMiddleware: hono1.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
     resolvedRef: ResolvedRef;
@@ -15,7 +15,7 @@ declare const projectConfigMiddleware: hono17.MiddlewareHandler<{
  * Creates a middleware that applies project config fetching except for specified route patterns
  * @param skipRouteCheck - Function that returns true if the route should skip the middleware
  */
-declare const projectConfigMiddlewareExcept: (skipRouteCheck: (path: string) => boolean) => hono17.MiddlewareHandler<{
+declare const projectConfigMiddlewareExcept: (skipRouteCheck: (path: string) => boolean) => hono1.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
     resolvedRef: ResolvedRef;

package/dist/middleware/requirePermission.d.ts

@@ -1,5 +1,5 @@
 import { ManageAppVariables } from "../types/app.js";
-import * as hono0 from "hono";
+import * as hono19 from "hono";
 
 //#region src/middleware/requirePermission.d.ts
 type Permission = {
@@ -9,6 +9,6 @@ declare const requirePermission: <Env$1 extends {
   Variables: ManageAppVariables;
 } = {
   Variables: ManageAppVariables;
-}>(permissions: Permission) => hono0.MiddlewareHandler<Env$1, string, {}, Response>;
+}>(permissions: Permission) => hono19.MiddlewareHandler<Env$1, string, {}, Response>;
 //#endregion
 export { requirePermission };

package/dist/middleware/runAuth.d.ts

@@ -1,8 +1,8 @@
 import { BaseExecutionContext } from "@inkeep/agents-core";
-import * as hono10 from "hono";
+import * as hono5 from "hono";
 
 //#region src/middleware/runAuth.d.ts
-declare const runApiKeyAuth: () => hono10.MiddlewareHandler<{
+declare const runApiKeyAuth: () => hono5.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };
@@ -11,7 +11,7 @@ declare const runApiKeyAuth: () => hono10.MiddlewareHandler<{
  * Creates a middleware that applies API key authentication except for specified route patterns
  * @param skipRouteCheck - Function that returns true if the route should skip authentication
  */
-declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) => hono10.MiddlewareHandler<{
+declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) => hono5.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };
@@ -20,7 +20,7 @@ declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) =
  * Helper middleware for endpoints that optionally support API key authentication
  * If no auth header is present, it continues without setting the executionContext
  */
-declare const runOptionalAuth: () => hono10.MiddlewareHandler<{
+declare const runOptionalAuth: () => hono5.MiddlewareHandler<{
   Variables: {
     executionContext?: BaseExecutionContext;
   };

package/dist/middleware/tenantAccess.d.ts

@@ -1,4 +1,4 @@
-import * as hono7 from "hono";
+import * as hono0 from "hono";
 
 //#region src/middleware/tenantAccess.d.ts
 
@@ -12,7 +12,7 @@ import * as hono7 from "hono";
  * - API key user: Access only to the tenant associated with the API key
  * - Session user: Access based on organization membership
  */
-declare const requireTenantAccess: () => hono7.MiddlewareHandler<{
+declare const requireTenantAccess: () => hono0.MiddlewareHandler<{
   Variables: {
     userId: string;
     tenantId: string;

package/dist/middleware/tracing.d.ts

@@ -1,7 +1,7 @@
-import * as hono5 from "hono";
+import * as hono8 from "hono";
 
 //#region src/middleware/tracing.d.ts
-declare const otelBaggageMiddleware: () => hono5.MiddlewareHandler<any, string, {}, Response>;
-declare const executionBaggageMiddleware: () => hono5.MiddlewareHandler<any, string, {}, Response>;
+declare const otelBaggageMiddleware: () => hono8.MiddlewareHandler<any, string, {}, Response>;
+declare const executionBaggageMiddleware: () => hono8.MiddlewareHandler<any, string, {}, Response>;
 //#endregion
 export { executionBaggageMiddleware, otelBaggageMiddleware };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inkeep/agents-api",
-  "version": "0.0.0-dev-20260318225235",
+  "version": "0.0.0-dev-20260318232505",
   "description": "Unified Inkeep Agents API - combines management, runtime, and evaluation capabilities",
   "types": "dist/index.d.ts",
   "exports": {
@@ -74,10 +74,10 @@
     "pg": "^8.16.3",
     "undici": "^7.22.0",
     "workflow": "^4.2.0-beta.64",
-    "@inkeep/agents-core": "^0.0.0-dev-20260318225235",
-    "@inkeep/agents-email": "^0.0.0-dev-20260318225235",
-    "@inkeep/agents-mcp": "^0.0.0-dev-20260318225235",
-    "@inkeep/agents-work-apps": "^0.0.0-dev-20260318225235"
+    "@inkeep/agents-core": "^0.0.0-dev-20260318232505",
+    "@inkeep/agents-email": "^0.0.0-dev-20260318232505",
+    "@inkeep/agents-mcp": "^0.0.0-dev-20260318232505",
+    "@inkeep/agents-work-apps": "^0.0.0-dev-20260318232505"
   },
   "peerDependencies": {
     "@hono/zod-openapi": "^1.1.5",