@inkeep/agents-api 0.0.0-dev-20260325103346 → 0.0.0-dev-20260325193448

package/dist/domains/run/services/blob-storage/file-security-errors.d.ts

@@ -59,11 +59,12 @@ declare class BlockedInlineUnsupportedFileBytesError extends FileSecurityError {
 declare class BlockedExternalUnsupportedBytesError extends FileSecurityError {
   constructor(contentType: string);
 }
-declare class BlockedExternalPdfUrlNotSupportedError extends FileSecurityError {
-  constructor();
-}
 declare class InvalidInlineFileMalformedBase64Error extends FileSecurityError {
   constructor();
 }
+declare class PdfUrlIngestionError extends FileSecurityError {
+  readonly sourceUrl: string;
+  constructor(sourceUrl: string, options?: ErrorOptions);
+}
 //#endregion
-export { BlockedConnectionToPrivateIpError, BlockedDisallowedPortError, BlockedEmbeddedCredentialsError, BlockedExternalFileExceedingError, BlockedExternalFileLargerThanError, BlockedExternalPdfUrlNotSupportedError, BlockedExternalUnsupportedBytesError, BlockedInlineFileExceedingError, BlockedInlineUnsupportedFileBytesError, BlockedUnsupportedSchemeError, BlockedUrlResolvingToPrivateIpError, ExternalFileResponseBodyEmptyError, FailedToDownloadError, FileSecurityError, InvalidExternalFileUrlError, InvalidInlineFileMalformedBase64Error, NoIpResolvedError, RedirectMissingLocationError, TimedOutDownloadingError, TooManyRedirectsError, UnableToResolveHostError, UnexpectedRedirectStateError };
+export { BlockedConnectionToPrivateIpError, BlockedDisallowedPortError, BlockedEmbeddedCredentialsError, BlockedExternalFileExceedingError, BlockedExternalFileLargerThanError, BlockedExternalUnsupportedBytesError, BlockedInlineFileExceedingError, BlockedInlineUnsupportedFileBytesError, BlockedUnsupportedSchemeError, BlockedUrlResolvingToPrivateIpError, ExternalFileResponseBodyEmptyError, FailedToDownloadError, FileSecurityError, InvalidExternalFileUrlError, InvalidInlineFileMalformedBase64Error, NoIpResolvedError, PdfUrlIngestionError, RedirectMissingLocationError, TimedOutDownloadingError, TooManyRedirectsError, UnableToResolveHostError, UnexpectedRedirectStateError };

package/dist/domains/run/services/blob-storage/file-security-errors.js

@@ -100,16 +100,18 @@ var BlockedExternalUnsupportedBytesError = class extends FileSecurityError {
 		super(`Blocked external file with unsupported bytes signature (content-type: ${contentType})`);
 	}
 };
-var BlockedExternalPdfUrlNotSupportedError = class extends FileSecurityError {
-	constructor() {
-		super("External PDF URLs are not supported; provide PDFs as data URIs");
-	}
-};
 var InvalidInlineFileMalformedBase64Error = class extends FileSecurityError {
 	constructor() {
 		super("Invalid inline file: malformed base64 payload");
 	}
 };
+var PdfUrlIngestionError = class extends FileSecurityError {
+	sourceUrl;
+	constructor(sourceUrl, options) {
+		super(`Failed to ingest PDF URL: ${sourceUrl}`, options);
+		this.sourceUrl = sourceUrl;
+	}
+};
 
 //#endregion
-export { BlockedConnectionToPrivateIpError, BlockedDisallowedPortError, BlockedEmbeddedCredentialsError, BlockedExternalFileExceedingError, BlockedExternalFileLargerThanError, BlockedExternalPdfUrlNotSupportedError, BlockedExternalUnsupportedBytesError, BlockedInlineFileExceedingError, BlockedInlineUnsupportedFileBytesError, BlockedUnsupportedSchemeError, BlockedUrlResolvingToPrivateIpError, ExternalFileResponseBodyEmptyError, FailedToDownloadError, FileSecurityError, InvalidExternalFileUrlError, InvalidInlineFileMalformedBase64Error, NoIpResolvedError, RedirectMissingLocationError, TimedOutDownloadingError, TooManyRedirectsError, UnableToResolveHostError, UnexpectedRedirectStateError };
+export { BlockedConnectionToPrivateIpError, BlockedDisallowedPortError, BlockedEmbeddedCredentialsError, BlockedExternalFileExceedingError, BlockedExternalFileLargerThanError, BlockedExternalUnsupportedBytesError, BlockedInlineFileExceedingError, BlockedInlineUnsupportedFileBytesError, BlockedUnsupportedSchemeError, BlockedUrlResolvingToPrivateIpError, ExternalFileResponseBodyEmptyError, FailedToDownloadError, FileSecurityError, InvalidExternalFileUrlError, InvalidInlineFileMalformedBase64Error, NoIpResolvedError, PdfUrlIngestionError, RedirectMissingLocationError, TimedOutDownloadingError, TooManyRedirectsError, UnableToResolveHostError, UnexpectedRedirectStateError };

package/dist/domains/run/services/blob-storage/file-upload-helpers.d.ts

@@ -2,6 +2,13 @@ import { UploadContext } from "./file-upload.js";
 import { MessageContent, Part } from "@inkeep/agents-core";
 
 //#region src/domains/run/services/blob-storage/file-upload-helpers.d.ts
+
+/**
+ * Fetches each remote `application/pdf` file part (http(s) `uri`), replaces it with an inline
+ * base64 `bytes` part. Full response bodies are buffered in memory up to the same limit as
+ * `downloadExternalFile` (see `MAX_FILE_BYTES`); streaming ingestion is not supported yet.
+ */
+declare function inlineExternalPdfUrlParts(parts: Part[]): Promise<Part[]>;
 declare function buildPersistedMessageContent(text: string, parts: Part[], ctx: UploadContext): Promise<MessageContent>;
 //#endregion
-export { buildPersistedMessageContent };
+export { buildPersistedMessageContent, inlineExternalPdfUrlParts };

package/dist/domains/run/services/blob-storage/file-upload-helpers.js

@@ -1,8 +1,51 @@
 import { getLogger } from "../../../../logger.js";
+import { PdfUrlIngestionError } from "./file-security-errors.js";
+import { makeSanitizedSourceUrl } from "./file-url-security.js";
+import { downloadExternalFile } from "./external-file-downloader.js";
 import { hasFileParts, makeMessageContentParts, uploadPartsFiles } from "./file-upload.js";
 
 //#region src/domains/run/services/blob-storage/file-upload-helpers.ts
 const logger = getLogger("file-upload-helpers");
+function isRemoteHttpOrHttpsUrl(uri) {
+	const lower = uri.toLowerCase();
+	return lower.startsWith("https://") || lower.startsWith("http://");
+}
+/**
+* Fetches each remote `application/pdf` file part (http(s) `uri`), replaces it with an inline
+* base64 `bytes` part. Full response bodies are buffered in memory up to the same limit as
+* `downloadExternalFile` (see `MAX_FILE_BYTES`); streaming ingestion is not supported yet.
+*/
+async function inlineExternalPdfUrlParts(parts) {
+	const result = [];
+	for (const part of parts) {
+		if (part.kind !== "file") {
+			result.push(part);
+			continue;
+		}
+		const file = part.file;
+		if (!("uri" in file) || !file.uri || file.mimeType?.toLowerCase() !== "application/pdf" || !isRemoteHttpOrHttpsUrl(file.uri)) {
+			result.push(part);
+			continue;
+		}
+		try {
+			const downloaded = await downloadExternalFile(file.uri, { expectedMimeType: "application/pdf" });
+			result.push({
+				kind: "file",
+				file: {
+					bytes: Buffer.from(downloaded.data).toString("base64"),
+					mimeType: downloaded.mimeType
+				},
+				metadata: {
+					...part.metadata || {},
+					sourceUrl: makeSanitizedSourceUrl(file.uri)
+				}
+			});
+		} catch (error) {
+			throw new PdfUrlIngestionError(makeSanitizedSourceUrl(file.uri), { cause: error instanceof Error ? error : new Error(String(error)) });
+		}
+	}
+	return result;
+}
 async function buildPersistedMessageContent(text, parts, ctx) {
 	if (!hasFileParts(parts)) return { text };
 	try {
@@ -27,4 +70,4 @@ async function buildPersistedMessageContent(text, parts, ctx) {
 }
 
 //#endregion
-export { buildPersistedMessageContent };
+export { buildPersistedMessageContent, inlineExternalPdfUrlParts };

package/dist/domains/run/services/blob-storage/file-upload.js

@@ -1,8 +1,8 @@
 import { getLogger } from "../../../../logger.js";
 import { getBlobStorageProvider, toBlobUri } from "./index.js";
 import { buildStorageKey } from "./storage-keys.js";
-import { BlockedExternalPdfUrlNotSupportedError } from "./file-security-errors.js";
 import { normalizeInlineFileBytes } from "./file-content-security.js";
+import { makeSanitizedSourceUrl } from "./file-url-security.js";
 import { downloadExternalFile } from "./external-file-downloader.js";
 import { createHash } from "node:crypto";
 import { getExtensionFromMimeType } from "@inkeep/agents-core/constants/allowed-file-formats";
@@ -10,6 +10,14 @@ import { getExtensionFromMimeType } from "@inkeep/agents-core/constants/allowed-
 //#region src/domains/run/services/blob-storage/file-upload.ts
 const logger = getLogger("file-upload");
 const FILE_UPLOAD_CONCURRENCY = 3;
+const isRemoteHttpAttachmentUrl = (rawUrl) => {
+	try {
+		const { protocol } = new URL(rawUrl);
+		return protocol === "http:" || protocol === "https:";
+	} catch {
+		return false;
+	}
+};
 async function uploadFilePart(part, ctx, index) {
 	const storage = getBlobStorageProvider();
 	const file = part.file;
@@ -20,8 +28,7 @@ async function uploadFilePart(part, ctx, index) {
 		data = normalized.data;
 		mimeType = normalized.mimeType;
 	} else if ("uri" in file && file.uri) {
-		if (file.mimeType?.toLowerCase().startsWith("application/pdf")) throw new BlockedExternalPdfUrlNotSupportedError();
-		const downloaded = await downloadExternalFile(file.uri);
+		const downloaded = await downloadExternalFile(file.uri, { expectedMimeType: file.mimeType });
 		data = downloaded.data;
 		mimeType = downloaded.mimeType;
 	} else {
@@ -49,13 +56,17 @@ async function uploadFilePart(part, ctx, index) {
 		mimeType,
 		size: data.length
 	}, "Uploaded file to blob storage");
+	const remoteAttachmentSourceUrl = "uri" in file && file.uri && isRemoteHttpAttachmentUrl(file.uri) ? file.uri : void 0;
 	return {
 		kind: "file",
 		file: {
 			uri: toBlobUri(key),
 			mimeType
 		},
-		...part.metadata && { metadata: part.metadata }
+		...part.metadata || remoteAttachmentSourceUrl ? { metadata: {
+			...part.metadata || {},
+			...remoteAttachmentSourceUrl ? { sourceUrl: makeSanitizedSourceUrl(remoteAttachmentSourceUrl) } : {}
+		} } : {}
 	};
 }
 async function uploadPartsFiles(parts, ctx) {

package/dist/domains/run/services/blob-storage/file-url-security.d.ts

@@ -1,6 +1,7 @@
 //#region src/domains/run/services/blob-storage/file-url-security.d.ts
+declare function makeSanitizedSourceUrl(rawUrl: string): string;
 declare function validateExternalFileUrl(rawUrl: string): URL;
 declare function validateUrlResolvesToPublicIp(url: URL): Promise<void>;
 declare function isBlockedIpAddress(ipAddress: string): boolean;
 //#endregion
-export { isBlockedIpAddress, validateExternalFileUrl, validateUrlResolvesToPublicIp };
+export { isBlockedIpAddress, makeSanitizedSourceUrl, validateExternalFileUrl, validateUrlResolvesToPublicIp };

package/dist/domains/run/services/blob-storage/file-url-security.js

@@ -3,10 +3,16 @@ import { ALLOWED_HTTP_PORTS } from "./file-security-constants.js";
 import { BlockedDisallowedPortError, BlockedEmbeddedCredentialsError, BlockedUnsupportedSchemeError, BlockedUrlResolvingToPrivateIpError, FileSecurityError, InvalidExternalFileUrlError, NoIpResolvedError, UnableToResolveHostError } from "./file-security-errors.js";
 import { lookup } from "node:dns/promises";
 import { isIP } from "node:net";
-import * as ipaddr from "ipaddr.js";
+import ipaddr from "ipaddr.js";
 
 //#region src/domains/run/services/blob-storage/file-url-security.ts
 const logger = getLogger("file-security");
+function makeSanitizedSourceUrl(rawUrl) {
+	const parsed = new URL(rawUrl);
+	parsed.search = "";
+	parsed.hash = "";
+	return parsed.toString();
+}
 function validateExternalFileUrl(rawUrl) {
 	let parsed;
 	try {
@@ -66,4 +72,4 @@ function isBlockedIpAddress(ipAddress) {
 }
 
 //#endregion
-export { isBlockedIpAddress, validateExternalFileUrl, validateUrlResolvesToPublicIp };
+export { isBlockedIpAddress, makeSanitizedSourceUrl, validateExternalFileUrl, validateUrlResolvesToPublicIp };

package/dist/domains/run/tools/distill-conversation-history-tool.d.ts

@@ -29,9 +29,9 @@ declare const ConversationHistorySummarySchema: z.ZodObject<{
     tool_call_id: z.ZodString;
     content_summary: z.ZodString;
     relevance: z.ZodEnum<{
-      low: "low";
       high: "high";
       medium: "medium";
+      low: "low";
     }>;
   }, z.core.$strip>>>;
   conversation_flow: z.ZodObject<{

package/dist/domains/run/types/chat.d.ts

@@ -6,12 +6,13 @@ type TextContentItem = {
   text: string;
 };
 declare const ImageUrlSchema: z.ZodUnion<readonly [z.ZodURL, z.ZodString]>;
+declare const PdfDataOrUrlSchema: z.ZodUnion<readonly [z.ZodString, z.ZodURL]>;
 /** OpenAI-specific image detail level. Has no effect on other providers. */
 declare const ImageDetailEnum: readonly ["auto", "low", "high"];
 declare const ImageDetailSchema: z.ZodEnum<{
-  auto: "auto";
-  low: "low";
   high: "high";
+  low: "low";
+  auto: "auto";
 }>;
 type ImageDetail = z.infer<typeof ImageDetailSchema>;
 declare const ImageContentItemSchema: z.ZodObject<{
@@ -19,9 +20,9 @@ declare const ImageContentItemSchema: z.ZodObject<{
   image_url: z.ZodObject<{
     url: z.ZodUnion<readonly [z.ZodURL, z.ZodString]>;
     detail: z.ZodOptional<z.ZodEnum<{
-      auto: "auto";
-      low: "low";
       high: "high";
+      low: "low";
+      auto: "auto";
     }>>;
   }, z.core.$strip>;
 }, z.core.$strip>;
@@ -29,7 +30,7 @@ type ImageContentItem = z.infer<typeof ImageContentItemSchema>;
 declare const FileContentItemSchema: z.ZodObject<{
   type: z.ZodLiteral<"file">;
   file: z.ZodObject<{
-    file_data: z.ZodString;
+    file_data: z.ZodUnion<readonly [z.ZodString, z.ZodURL]>;
     filename: z.ZodOptional<z.ZodString>;
   }, z.core.$strip>;
 }, z.core.$strip>;
@@ -50,9 +51,8 @@ declare const VercelImagePartSchema: z.ZodObject<{
 }, z.core.$strip>;
 declare const VercelFilePartSchema: z.ZodObject<{
   type: z.ZodLiteral<"file">;
-  text: z.ZodString;
-  mediaType: z.ZodOptional<z.ZodString>;
-  mimeType: z.ZodOptional<z.ZodString>;
+  url: z.ZodString;
+  mediaType: z.ZodString;
   filename: z.ZodOptional<z.ZodString>;
 }, z.core.$strip>;
 declare const VercelAudioVideoPartSchema: z.ZodObject<{
@@ -85,9 +85,8 @@ declare const VercelMessagePartSchema: z.ZodUnion<readonly [z.ZodObject<{
   text: z.ZodUnion<readonly [z.ZodURL, z.ZodString]>;
 }, z.core.$strip>, z.ZodObject<{
   type: z.ZodLiteral<"file">;
-  text: z.ZodString;
-  mediaType: z.ZodOptional<z.ZodString>;
-  mimeType: z.ZodOptional<z.ZodString>;
+  url: z.ZodString;
+  mediaType: z.ZodString;
   filename: z.ZodOptional<z.ZodString>;
 }, z.core.$strip>, z.ZodObject<{
   type: z.ZodUnion<readonly [z.ZodEnum<{
@@ -112,8 +111,8 @@ declare const VercelMessagePartSchema: z.ZodUnion<readonly [z.ZodObject<{
 declare const VercelMessageSchema: z.ZodObject<{
   role: z.ZodEnum<{
     function: "function";
-    user: "user";
     system: "system";
+    user: "user";
     assistant: "assistant";
     tool: "tool";
   }>;
@@ -126,9 +125,8 @@ declare const VercelMessageSchema: z.ZodObject<{
     text: z.ZodUnion<readonly [z.ZodURL, z.ZodString]>;
   }, z.core.$strip>, z.ZodObject<{
     type: z.ZodLiteral<"file">;
-    text: z.ZodString;
-    mediaType: z.ZodOptional<z.ZodString>;
-    mimeType: z.ZodOptional<z.ZodString>;
+    url: z.ZodString;
+    mediaType: z.ZodString;
     filename: z.ZodOptional<z.ZodString>;
   }, z.core.$strip>, z.ZodObject<{
     type: z.ZodUnion<readonly [z.ZodEnum<{
@@ -159,9 +157,8 @@ declare const VercelContentPartSchema: z.ZodUnion<readonly [z.ZodObject<{
   text: z.ZodUnion<readonly [z.ZodURL, z.ZodString]>;
 }, z.core.$strip>, z.ZodObject<{
   type: z.ZodLiteral<"file">;
-  text: z.ZodString;
-  mediaType: z.ZodOptional<z.ZodString>;
-  mimeType: z.ZodOptional<z.ZodString>;
+  url: z.ZodString;
+  mediaType: z.ZodString;
   filename: z.ZodOptional<z.ZodString>;
 }, z.core.$strip>]>;
 type ChatCompletionRequest = {
@@ -180,4 +177,4 @@ type ChatCompletionRequest = {
   runConfig?: Record<string, unknown>;
 };
 //#endregion
-export { ChatCompletionRequest, ContentItem, FileContentItem, FileContentItemSchema, ImageContentItem, ImageContentItemSchema, ImageDetail, ImageDetailEnum, ImageDetailSchema, ImageUrlSchema, Message, TextContentItem, VercelAudioVideoPartSchema, VercelContentPartSchema, VercelFilePartSchema, VercelImagePartSchema, VercelMessagePartSchema, VercelMessageSchema, VercelStepStartPartSchema, VercelTextPartSchema, VercelToolApprovalPartSchema };
+export { ChatCompletionRequest, ContentItem, FileContentItem, FileContentItemSchema, ImageContentItem, ImageContentItemSchema, ImageDetail, ImageDetailEnum, ImageDetailSchema, ImageUrlSchema, Message, PdfDataOrUrlSchema, TextContentItem, VercelAudioVideoPartSchema, VercelContentPartSchema, VercelFilePartSchema, VercelImagePartSchema, VercelMessagePartSchema, VercelMessageSchema, VercelStepStartPartSchema, VercelTextPartSchema, VercelToolApprovalPartSchema };

package/dist/domains/run/types/chat.js

@@ -9,6 +9,7 @@ const hasValidBase64Payload = (val) => {
 const ImageDataUriSchema = z.string().regex(DATA_URI_IMAGE_BASE64_REGEX, "Image must be PNG, JPEG, or WebP format (GIF not supported by all providers)").refine(hasValidBase64Payload, "Invalid base64 data in image data URI");
 const PdfDataUriSchema = z.string().regex(DATA_URI_PDF_BASE64_REGEX, "File must be a PDF data URI").refine(hasValidBase64Payload, "Invalid base64 data in PDF data URI");
 const ImageUrlSchema = z.union([z.httpUrl(), ImageDataUriSchema]);
+const PdfDataOrUrlSchema = z.union([PdfDataUriSchema, z.httpUrl()]);
 /** OpenAI-specific image detail level. Has no effect on other providers. */
 const ImageDetailEnum = [
 	"auto",
@@ -26,7 +27,7 @@ const ImageContentItemSchema = z.object({
 const FileContentItemSchema = z.object({
 	type: z.literal("file"),
 	file: z.object({
-		file_data: PdfDataUriSchema,
+		file_data: PdfDataOrUrlSchema,
 		filename: z.string().optional()
 	})
 });
@@ -38,14 +39,12 @@ const VercelImagePartSchema = z.object({
 	type: z.literal("image"),
 	text: ImageUrlSchema
 });
-const VercelFilePartBaseSchema = z.object({
+const VercelFilePartSchema = z.object({
 	type: z.literal("file"),
-	text: z.string(),
-	mediaType: z.string().optional(),
-	mimeType: z.string().optional(),
+	url: z.string(),
+	mediaType: z.string(),
 	filename: z.string().optional()
 });
-const VercelFilePartSchema = VercelFilePartBaseSchema.refine((value) => Boolean(value.mediaType || value.mimeType), { message: "Either mediaType or mimeType is required for file parts" });
 const VercelAudioVideoPartSchema = z.object({
 	type: z.union([z.enum(["audio", "video"]), z.string().regex(/^data-/, "Type must start with \"data-\"")]),
 	text: z.string().optional()
@@ -85,8 +84,8 @@ const VercelMessageSchema = z.object({
 const VercelContentPartSchema = z.union([
 	VercelTextPartSchema,
 	VercelImagePartSchema,
-	VercelFilePartBaseSchema
+	VercelFilePartSchema
 ]);
 
 //#endregion
-export { FileContentItemSchema, ImageContentItemSchema, ImageDetailEnum, ImageDetailSchema, ImageUrlSchema, VercelAudioVideoPartSchema, VercelContentPartSchema, VercelFilePartSchema, VercelImagePartSchema, VercelMessagePartSchema, VercelMessageSchema, VercelStepStartPartSchema, VercelTextPartSchema, VercelToolApprovalPartSchema };
+export { FileContentItemSchema, ImageContentItemSchema, ImageDetailEnum, ImageDetailSchema, ImageUrlSchema, PdfDataOrUrlSchema, VercelAudioVideoPartSchema, VercelContentPartSchema, VercelFilePartSchema, VercelImagePartSchema, VercelMessagePartSchema, VercelMessageSchema, VercelStepStartPartSchema, VercelTextPartSchema, VercelToolApprovalPartSchema };

package/dist/domains/run/utils/message-parts.js

@@ -45,7 +45,7 @@ const buildFilePart = (uri, options) => {
 	try {
 		new URL(uri);
 	} catch {
-		throw new Error(`Invalid image URI: expected valid data URI or HTTP URL`);
+		throw new Error(`Invalid file URI: expected valid data URI or HTTP URL`);
 	}
 	const metadata = {};
 	if (options?.detail) metadata.detail = options.detail;
@@ -69,7 +69,10 @@ const getMessagePartsFromOpenAIContent = (content) => {
 	let skipped = 0;
 	for (const item of content) if (isTextContentItem(item)) textChunks.push(item.text);
 	else if (isImageContentItem(item)) fileParts.push(buildFilePart(item.image_url.url, { detail: item.image_url.detail }));
-	else if (isFileContentItem(item)) fileParts.push(buildFilePart(item.file.file_data, { filename: item.file.filename }));
+	else if (isFileContentItem(item)) fileParts.push(buildFilePart(item.file.file_data, {
+		filename: item.file.filename,
+		mimeType: "application/pdf"
+	}));
 	else skipped += 1;
 	if (skipped > 0) logger.warn({
 		total: content.length,
@@ -91,8 +94,8 @@ const getMessagePartsFromVercelContent = (content, parts) => {
 	const partsFromPayload = parsedParts.map((part) => {
 		if (part.type === "text") return buildTextPart(part.text);
 		if (part.type === "image") return buildFilePart(part.text);
-		if (part.type === "file") return buildFilePart(part.text, {
-			mimeType: part.mediaType ?? part.mimeType,
+		if (part.type === "file") return buildFilePart(part.url, {
+			mimeType: part.mediaType,
 			filename: part.filename
 		});
 		return assertNever(part);

package/dist/domains/run/utils/token-estimator.d.ts

@@ -1,4 +1,4 @@
-import * as _inkeep_agents_core6 from "@inkeep/agents-core";
+import * as _inkeep_agents_core8 from "@inkeep/agents-core";
 import { BreakdownComponentDef, ContextBreakdown, calculateBreakdownTotal, createEmptyBreakdown } from "@inkeep/agents-core";
 
 //#region src/domains/run/utils/token-estimator.d.ts
@@ -17,7 +17,7 @@ interface AssembleResult {
   /** The assembled prompt string */
   prompt: string;
   /** Token breakdown for each component */
-  breakdown: _inkeep_agents_core6.ContextBreakdown;
+  breakdown: _inkeep_agents_core8.ContextBreakdown;
 }
 //#endregion
 export { AssembleResult, type BreakdownComponentDef, type ContextBreakdown, calculateBreakdownTotal, createEmptyBreakdown, estimateTokens };

package/dist/factory.d.ts

@@ -2,10 +2,10 @@ import { SandboxConfig } from "./types/app.js";
 import "./types/index.js";
 import { createAgentsHono } from "./createApp.js";
 import { CredentialStore, ServerConfig } from "@inkeep/agents-core";
-import * as hono0 from "hono";
+import * as hono10 from "hono";
 import * as zod0 from "zod";
 import { EmailServiceConfig, SSOProviderConfig, UserAuthConfig } from "@inkeep/agents-core/auth";
-import * as hono_types1 from "hono/types";
+import * as hono_types0 from "hono/types";
 import * as better_auth0 from "better-auth";
 import * as better_auth_plugins0 from "better-auth/plugins";
 
@@ -479,6 +479,6 @@ declare function createAgentsApp(config?: {
   auth?: UserAuthConfig;
   sandboxConfig?: SandboxConfig;
   emailService?: EmailServiceConfig;
-}): hono0.Hono<hono_types1.BlankEnv, hono_types1.BlankSchema, "/">;
+}): hono10.Hono<hono_types0.BlankEnv, hono_types0.BlankSchema, "/">;
 //#endregion
 export { type SSOProviderConfig, type UserAuthConfig, createAgentsApp, createAgentsAuth, createAgentsHono };

package/dist/index.d.ts

@@ -6,7 +6,7 @@ import { SSOProviderConfig, UserAuthConfig, createAgentsApp } from "./factory.js
 import "./sentry.js";
 import { Hono } from "hono";
 import * as zod32 from "zod";
-import * as hono_types3 from "hono/types";
+import * as hono_types2 from "hono/types";
 import * as better_auth43 from "better-auth";
 import * as better_auth_plugins4 from "better-auth/plugins";
 
@@ -474,6 +474,6 @@ declare const auth: better_auth43.Auth<{
     }>;
   }];
 }>;
-declare const app: Hono<hono_types3.BlankEnv, hono_types3.BlankSchema, "/">;
+declare const app: Hono<hono_types2.BlankEnv, hono_types2.BlankSchema, "/">;
 //#endregion
 export { type AppConfig, type AppVariables, Hono, type NativeSandboxConfig, type SSOProviderConfig, type SandboxConfig, type UserAuthConfig, type VercelSandboxConfig, auth, createAgentsApp, createAgentsHono, app as default };

package/dist/middleware/evalsAuth.d.ts

@@ -1,5 +1,5 @@
 import { BaseExecutionContext } from "@inkeep/agents-core";
-import * as hono0 from "hono";
+import * as hono19 from "hono";
 
 //#region src/middleware/evalsAuth.d.ts
 
@@ -7,7 +7,7 @@ import * as hono0 from "hono";
  * Middleware to authenticate API requests using Bearer token authentication
  * First checks if token matches INKEEP_AGENTS_EVAL_API_BYPASS_SECRET,
  */
-declare const evalApiKeyAuth: () => hono0.MiddlewareHandler<{
+declare const evalApiKeyAuth: () => hono19.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };

package/dist/middleware/manageAuth.d.ts

@@ -1,5 +1,5 @@
 import { BaseExecutionContext } from "@inkeep/agents-core";
-import * as hono1 from "hono";
+import * as hono0 from "hono";
 import { createAuth } from "@inkeep/agents-core/auth";
 
 //#region src/middleware/manageAuth.d.ts
@@ -16,7 +16,7 @@ import { createAuth } from "@inkeep/agents-core/auth";
  * EXCEPT for the legacy exception on GET /manage/tenants/:t/projects/:p/conversations/:id
  * (see isLegacyApiKeyAllowedRoute). API keys are otherwise restricted to the run domain only.
  */
-declare const manageBearerAuth: () => hono1.MiddlewareHandler<{
+declare const manageBearerAuth: () => hono0.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
     userId?: string;
@@ -30,6 +30,6 @@ declare const manageBearerAuth: () => hono1.MiddlewareHandler<{
  * Uses Bearer token → manage bearer auth (bypass secret, session, Slack JWT, internal service),
  * otherwise falls back to session auth.
  */
-declare const manageBearerOrSessionAuth: () => hono1.MiddlewareHandler<any, string, {}, Response>;
+declare const manageBearerOrSessionAuth: () => hono0.MiddlewareHandler<any, string, {}, Response>;
 //#endregion
 export { manageBearerAuth, manageBearerOrSessionAuth };

package/dist/middleware/projectConfig.d.ts

@@ -1,11 +1,11 @@
 import { BaseExecutionContext, ResolvedRef } from "@inkeep/agents-core";
-import * as hono3 from "hono";
+import * as hono1 from "hono";
 
 //#region src/middleware/projectConfig.d.ts
 /**
  * Middleware that fetches the full project definition from the Management API
  */
-declare const projectConfigMiddleware: hono3.MiddlewareHandler<{
+declare const projectConfigMiddleware: hono1.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
     resolvedRef: ResolvedRef;
@@ -15,7 +15,7 @@ declare const projectConfigMiddleware: hono3.MiddlewareHandler<{
  * Creates a middleware that applies project config fetching except for specified route patterns
  * @param skipRouteCheck - Function that returns true if the route should skip the middleware
  */
-declare const projectConfigMiddlewareExcept: (skipRouteCheck: (path: string) => boolean) => hono3.MiddlewareHandler<{
+declare const projectConfigMiddlewareExcept: (skipRouteCheck: (path: string) => boolean) => hono1.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
     resolvedRef: ResolvedRef;

package/dist/middleware/requirePermission.d.ts

@@ -1,5 +1,5 @@
 import { ManageAppVariables } from "../types/app.js";
-import * as hono5 from "hono";
+import * as hono3 from "hono";
 
 //#region src/middleware/requirePermission.d.ts
 type Permission = {
@@ -9,6 +9,6 @@ declare const requirePermission: <Env$1 extends {
   Variables: ManageAppVariables;
 } = {
   Variables: ManageAppVariables;
-}>(permissions: Permission) => hono5.MiddlewareHandler<Env$1, string, {}, Response>;
+}>(permissions: Permission) => hono3.MiddlewareHandler<Env$1, string, {}, Response>;
 //#endregion
 export { requirePermission };

package/dist/middleware/runAuth.d.ts

@@ -1,8 +1,8 @@
 import { BaseExecutionContext } from "@inkeep/agents-core";
-import * as hono6 from "hono";
+import * as hono4 from "hono";
 
 //#region src/middleware/runAuth.d.ts
-declare const runApiKeyAuth: () => hono6.MiddlewareHandler<{
+declare const runApiKeyAuth: () => hono4.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };
@@ -11,7 +11,7 @@ declare const runApiKeyAuth: () => hono6.MiddlewareHandler<{
  * Creates a middleware that applies API key authentication except for specified route patterns
  * @param skipRouteCheck - Function that returns true if the route should skip authentication
  */
-declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) => hono6.MiddlewareHandler<{
+declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) => hono4.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };
@@ -20,7 +20,7 @@ declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) =
  * Helper middleware for endpoints that optionally support API key authentication
  * If no auth header is present, it continues without setting the executionContext
  */
-declare const runOptionalAuth: () => hono6.MiddlewareHandler<{
+declare const runOptionalAuth: () => hono4.MiddlewareHandler<{
   Variables: {
     executionContext?: BaseExecutionContext;
   };

package/dist/middleware/sessionAuth.d.ts

@@ -1,5 +1,5 @@
 import { AppVariables } from "../types/app.js";
-import * as hono9 from "hono";
+import * as hono17 from "hono";
 
 //#region src/middleware/sessionAuth.d.ts
 
@@ -8,12 +8,12 @@ import * as hono9 from "hono";
  * Requires that a user has already been authenticated via Better Auth session.
  * Used primarily for manage routes that require an active user session.
  */
-declare const sessionAuth: () => hono9.MiddlewareHandler<any, string, {}, Response>;
+declare const sessionAuth: () => hono17.MiddlewareHandler<any, string, {}, Response>;
 /**
  * Global session middleware - sets user and session in context for all routes
  * Used for all routes that require an active user session.
  */
-declare const sessionContext: () => hono9.MiddlewareHandler<{
+declare const sessionContext: () => hono17.MiddlewareHandler<{
   Variables: AppVariables;
 }, string, {}, Response>;
 //#endregion

package/dist/middleware/tenantAccess.d.ts

@@ -1,4 +1,4 @@
-import * as hono11 from "hono";
+import * as hono7 from "hono";
 
 //#region src/middleware/tenantAccess.d.ts
 
@@ -12,7 +12,7 @@ import * as hono11 from "hono";
  * - API key user: Access only to the tenant associated with the API key
  * - Session user: Access based on organization membership
  */
-declare const requireTenantAccess: () => hono11.MiddlewareHandler<{
+declare const requireTenantAccess: () => hono7.MiddlewareHandler<{
   Variables: {
     userId: string;
     tenantId: string;

package/dist/middleware/tracing.d.ts

@@ -1,7 +1,7 @@
-import * as hono12 from "hono";
+import * as hono8 from "hono";
 
 //#region src/middleware/tracing.d.ts
-declare const otelBaggageMiddleware: () => hono12.MiddlewareHandler<any, string, {}, Response>;
-declare const executionBaggageMiddleware: () => hono12.MiddlewareHandler<any, string, {}, Response>;
+declare const otelBaggageMiddleware: () => hono8.MiddlewareHandler<any, string, {}, Response>;
+declare const executionBaggageMiddleware: () => hono8.MiddlewareHandler<any, string, {}, Response>;
 //#endregion
 export { executionBaggageMiddleware, otelBaggageMiddleware };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inkeep/agents-api",
-  "version": "0.0.0-dev-20260325103346",
+  "version": "0.0.0-dev-20260325193448",
   "description": "Unified Inkeep Agents API - combines management, runtime, and evaluation capabilities",
   "types": "dist/index.d.ts",
   "exports": {
@@ -73,10 +73,10 @@
     "pg": "^8.16.3",
     "undici": "^7.22.0",
     "workflow": "^4.2.0-beta.64",
-    "@inkeep/agents-core": "^0.0.0-dev-20260325103346",
-    "@inkeep/agents-email": "^0.0.0-dev-20260325103346",
-    "@inkeep/agents-mcp": "^0.0.0-dev-20260325103346",
-    "@inkeep/agents-work-apps": "^0.0.0-dev-20260325103346"
+    "@inkeep/agents-core": "^0.0.0-dev-20260325193448",
+    "@inkeep/agents-mcp": "^0.0.0-dev-20260325193448",
+    "@inkeep/agents-work-apps": "^0.0.0-dev-20260325193448",
+    "@inkeep/agents-email": "^0.0.0-dev-20260325193448"
   },
   "peerDependencies": {
     "@hono/zod-openapi": "^1.1.5",