npm - @inkeep/agents-api - Versions diffs - 0.0.1 → 0.43.0 - Mend

@inkeep/agents-api 0.0.1 → 0.43.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (150) hide show

package/dist/.well-known/workflow/v1/flow.cjs +43 -106
package/dist/.well-known/workflow/v1/flow.cjs.debug.json +2 -4
package/dist/.well-known/workflow/v1/manifest.debug.json +17 -55
package/dist/.well-known/workflow/v1/step.cjs +45938 -45976
package/dist/.well-known/workflow/v1/step.cjs.debug.json +2 -4
package/dist/_virtual/rolldown_runtime.js +7 -0
package/dist/createApp.js +40 -12
package/dist/domains/evals/api/.well-known/workflow/v1/flow.d.ts +4 -0
package/dist/domains/evals/api/.well-known/workflow/v1/flow.js +12 -0
package/dist/domains/evals/api/.well-known/workflow/v1/step.d.ts +4 -0
package/dist/domains/evals/api/.well-known/workflow/v1/step.js +12 -0
package/dist/domains/evals/routes/datasetTriggers.d.ts +2 -2
package/dist/domains/evals/routes/index.d.ts +2 -2
package/dist/domains/evals/scripts/build-workflow.js +2 -2
package/dist/domains/evals/workflow/functions/evaluateConversation.d.ts +4 -1
package/dist/domains/evals/workflow/functions/evaluateConversation.js +2 -1
package/dist/domains/evals/workflow/functions/runDatasetItem.d.ts +4 -1
package/dist/domains/evals/workflow/functions/runDatasetItem.js +2 -1
package/dist/domains/evals/workflow/routes.d.ts +2 -2
package/dist/domains/evals/workflow/world.js +3 -2
package/dist/domains/github/config.d.ts +14 -0
package/dist/domains/github/config.js +47 -0
package/dist/domains/github/index.d.ts +12 -0
package/dist/domains/github/index.js +18 -0
package/dist/domains/github/installation.d.ts +34 -0
package/dist/domains/github/installation.js +172 -0
package/dist/domains/github/jwks.d.ts +20 -0
package/dist/domains/github/jwks.js +85 -0
package/dist/domains/github/oidcToken.d.ts +22 -0
package/dist/domains/github/oidcToken.js +140 -0
package/dist/domains/github/routes/tokenExchange.d.ts +7 -0
package/dist/domains/github/routes/tokenExchange.js +130 -0
package/dist/domains/manage/index.js +0 -2
package/dist/domains/manage/routes/agent.js +9 -4
package/dist/domains/manage/routes/agentFull.js +9 -6
package/dist/domains/manage/routes/apiKeys.js +1 -2
package/dist/domains/manage/routes/artifactComponents.js +5 -5
package/dist/domains/manage/routes/cliAuth.js +3 -3
package/dist/domains/manage/routes/contextConfigs.js +5 -5
package/dist/domains/manage/routes/conversations.d.ts +2 -2
package/dist/domains/manage/routes/credentialStores.js +2 -2
package/dist/domains/manage/routes/credentials.js +6 -7
package/dist/domains/manage/routes/dataComponents.js +6 -7
package/dist/domains/manage/routes/externalAgents.js +1 -2
package/dist/domains/manage/routes/index.d.ts +2 -2
package/dist/domains/manage/routes/index.js +4 -0
package/dist/domains/manage/routes/invitations.js +1 -1
package/dist/domains/manage/routes/mcp.d.ts +2 -2
package/dist/domains/manage/routes/playgroundToken.js +1 -2
package/dist/domains/manage/routes/projectFull.js +33 -11
package/dist/domains/manage/routes/projectMembers.js +16 -35
package/dist/domains/manage/routes/projectPermissions.js +17 -10
package/dist/domains/manage/routes/projects.js +4 -5
package/dist/domains/manage/routes/signoz.d.ts +2 -2
package/dist/domains/manage/routes/signoz.js +6 -3
package/dist/domains/manage/routes/subAgentArtifactComponents.js +5 -5
package/dist/domains/manage/routes/subAgentDataComponents.js +5 -5
package/dist/domains/manage/routes/subAgentExternalAgentRelations.js +5 -5
package/dist/domains/manage/routes/subAgentFunctionTools.js +5 -5
package/dist/domains/manage/routes/subAgentRelations.js +6 -6
package/dist/domains/manage/routes/subAgentTeamAgentRelations.js +6 -6
package/dist/domains/manage/routes/subAgentToolRelations.js +6 -6
package/dist/domains/manage/routes/subAgents.js +5 -5
package/dist/domains/manage/routes/tools.js +24 -3
package/dist/domains/manage/routes/triggers.js +82 -25
package/dist/domains/manage/routes/userOrganizations.js +4 -4
package/dist/domains/manage/routes/{agentToolRelations.d.ts → userProjectMemberships.d.ts} +1 -1
package/dist/domains/manage/routes/userProjectMemberships.js +45 -0
package/dist/domains/mcp/routes/mcp.d.ts +7 -0
package/dist/domains/mcp/routes/mcp.js +45 -0
package/dist/domains/run/a2a/handlers.js +2 -10
package/dist/domains/run/a2a/types.d.ts +2 -6
package/dist/domains/run/agents/Agent.d.ts +1 -0
package/dist/domains/run/agents/Agent.js +207 -44
package/dist/domains/run/agents/generateTaskHandler.js +14 -2
package/dist/domains/run/context/ContextFetcher.js +8 -7
package/dist/domains/run/context/ContextResolver.js +1 -1
package/dist/domains/run/handlers/executionHandler.d.ts +3 -1
package/dist/domains/run/handlers/executionHandler.js +149 -84
package/dist/domains/run/routes/agents.js +1 -1
package/dist/domains/run/routes/chat.js +47 -1
package/dist/domains/run/routes/chatDataStream.js +107 -14
package/dist/domains/run/routes/webhooks.js +40 -329
package/dist/domains/run/services/AgentSession.d.ts +3 -0
package/dist/domains/run/services/AgentSession.js +9 -0
package/dist/domains/run/services/BaseCompressor.js +1 -1
package/dist/domains/run/services/ToolApprovalUiBus.d.ts +28 -0
package/dist/domains/run/services/ToolApprovalUiBus.js +44 -0
package/dist/domains/run/services/TriggerService.d.ts +31 -0
package/dist/domains/run/services/TriggerService.js +543 -0
package/dist/domains/run/tools/NativeSandboxExecutor.d.ts +3 -2
package/dist/domains/run/tools/NativeSandboxExecutor.js +76 -48
package/dist/domains/run/tools/SandboxExecutorFactory.d.ts +11 -1
package/dist/domains/run/tools/SandboxExecutorFactory.js +27 -3
package/dist/domains/run/tools/VercelSandboxExecutor.d.ts +3 -11
package/dist/domains/run/tools/VercelSandboxExecutor.js +137 -127
package/dist/domains/run/types/xml.d.ts +1 -5
package/dist/domains/run/utils/stream-helpers.d.ts +134 -0
package/dist/domains/run/utils/stream-helpers.js +182 -0
package/dist/factory.d.ts +278 -272
package/dist/index.d.ts +275 -269
package/dist/index.js +16 -1
package/dist/initialization.js +9 -2
package/dist/middleware/cors.js +1 -1
package/dist/middleware/evalsAuth.d.ts +2 -2
package/dist/middleware/manageAuth.d.ts +2 -2
package/dist/middleware/projectAccess.d.ts +4 -11
package/dist/middleware/projectAccess.js +1 -17
package/dist/middleware/projectConfig.d.ts +3 -3
package/dist/middleware/requirePermission.d.ts +2 -2
package/dist/middleware/runAuth.d.ts +4 -4
package/dist/middleware/sessionAuth.d.ts +3 -3
package/dist/middleware/tenantAccess.d.ts +2 -2
package/dist/middleware/tenantAccess.js +4 -4
package/dist/middleware/tracing.d.ts +3 -3
package/dist/openapi.d.ts +35 -1
package/dist/openapi.js +39 -95
package/dist/routes/healthChecks.d.ts +10 -0
package/dist/routes/healthChecks.js +75 -0
package/dist/templates/v1/phase1/system-prompt.js +1 -1
package/dist/templates/v1/phase1/thinking-preparation.js +1 -1
package/dist/templates/v1/phase1/tool.js +1 -1
package/dist/templates/v1/phase2/data-component.js +1 -1
package/dist/templates/v1/phase2/data-components.js +1 -1
package/dist/templates/v1/phase2/system-prompt.js +1 -1
package/dist/templates/v1/shared/artifact-retrieval-guidance.js +1 -1
package/dist/templates/v1/shared/artifact.js +1 -1
package/dist/types/app.d.ts +2 -0
package/dist/utils/healthChecks.d.ts +8 -0
package/dist/utils/healthChecks.js +38 -0
package/dist/utils/signozHelpers.d.ts +2 -2
package/dist/utils/signozHelpers.js +15 -3
package/package.json +25 -28
package/dist/domains/evals/services/startEvaluation.d.ts +0 -19
package/dist/domains/evals/services/startEvaluation.js +0 -18
package/dist/domains/index.d.ts +0 -4
package/dist/domains/index.js +0 -5
package/dist/domains/manage/routes/agentToolRelations.js +0 -289
package/dist/domains/run/agents/ModelFactory.d.ts +0 -63
package/dist/domains/run/agents/ModelFactory.js +0 -194
package/dist/domains/run/data/agent.d.ts +0 -7
package/dist/domains/run/data/agent.js +0 -67
package/dist/domains/run/services/evaluationRunConfigMatcher.d.ts +0 -4
package/dist/domains/run/services/evaluationRunConfigMatcher.js +0 -7
package/dist/domains/run/utils/cleanup.d.ts +0 -21
package/dist/domains/run/utils/cleanup.js +0 -59
package/dist/utils/tempApiKeys.d.ts +0 -17
package/dist/utils/tempApiKeys.js +0 -26
package/dist/utils/workflowApiHelpers.d.ts +0 -1
package/dist/utils/workflowApiHelpers.js +0 -1

package/dist/domains/manage/routes/credentials.js CHANGED Viewed

@@ -10,8 +10,7 @@ app.use("/", async (c, next) => {
 	return next();
 });
 app.use("/:id", async (c, next) => {
-	if (c.req.method === "PATCH") return requireProjectPermission("edit")(c, next);
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
+	if (c.req.method === "PATCH" || c.req.method === "DELETE" || c.req.method === "PUT") return requireProjectPermission("edit")(c, next);
 	return next();
 });
 app.openapi(createRoute({
@@ -19,7 +18,7 @@ app.openapi(createRoute({
 	path: "/",
 	summary: "List Credentials",
 	operationId: "list-credentials",
-	tags: ["Credential"],
+	tags: ["Credentials"],
 	request: {
 		params: TenantProjectParamsSchema,
 		query: PaginationQueryParamsSchema
@@ -55,7 +54,7 @@ app.openapi(createRoute({
 	path: "/{id}",
 	summary: "Get Credential",
 	operationId: "get-credential-by-id",
-	tags: ["Credential"],
+	tags: ["Credentials"],
 	request: { params: TenantProjectIdParamsSchema },
 	responses: {
 		200: {
@@ -85,7 +84,7 @@ app.openapi(createRoute({
 	path: "/",
 	summary: "Create Credential",
 	operationId: "create-credential",
-	tags: ["Credential"],
+	tags: ["Credentials"],
 	request: {
 		params: TenantProjectParamsSchema,
 		body: { content: { "application/json": { schema: CredentialReferenceApiInsertSchema } } }
@@ -114,7 +113,7 @@ app.openapi(createRoute({
 	path: "/{id}",
 	summary: "Update Credential",
 	operationId: "update-credential",
-	tags: ["Credential"],
+	tags: ["Credentials"],
 	request: {
 		params: TenantProjectIdParamsSchema,
 		body: { content: { "application/json": { schema: CredentialReferenceApiUpdateSchema } } }
@@ -150,7 +149,7 @@ app.openapi(createRoute({
 	path: "/{id}",
 	summary: "Delete Credential",
 	operationId: "delete-credential",
-	tags: ["Credential"],
+	tags: ["Credentials"],
 	request: { params: TenantProjectIdParamsSchema },
 	responses: {
 		204: { description: "Credential deleted successfully" },

package/dist/domains/manage/routes/dataComponents.js CHANGED Viewed

@@ -10,8 +10,7 @@ app.use("/", async (c, next) => {
 	return next();
 });
 app.use("/:id", async (c, next) => {
-	if (c.req.method === "PATCH") return requireProjectPermission("edit")(c, next);
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
+	if (c.req.method === "PUT" || c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
 	return next();
 });
 app.openapi(createRoute({
@@ -19,7 +18,7 @@ app.openapi(createRoute({
 	path: "/",
 	summary: "List Data Components",
 	operationId: "list-data-components",
-	tags: ["Data Component"],
+	tags: ["Data Components"],
 	request: {
 		params: TenantProjectParamsSchema,
 		query: PaginationQueryParamsSchema
@@ -54,7 +53,7 @@ app.openapi(createRoute({
 	path: "/{id}",
 	summary: "Get Data Component",
 	operationId: "get-data-component-by-id",
-	tags: ["Data Component"],
+	tags: ["Data Components"],
 	request: { params: TenantProjectIdParamsSchema },
 	responses: {
 		200: {
@@ -84,7 +83,7 @@ app.openapi(createRoute({
 	path: "/",
 	summary: "Create Data Component",
 	operationId: "create-data-component",
-	tags: ["Data Component"],
+	tags: ["Data Components"],
 	request: {
 		params: TenantProjectParamsSchema,
 		body: { content: { "application/json": { schema: DataComponentApiInsertSchema } } }
@@ -120,7 +119,7 @@ app.openapi(createRoute({
 	path: "/{id}",
 	summary: "Update Data Component",
 	operationId: "update-data-component",
-	tags: ["Data Component"],
+	tags: ["Data Components"],
 	request: {
 		params: TenantProjectIdParamsSchema,
 		body: { content: { "application/json": { schema: DataComponentApiUpdateSchema } } }
@@ -162,7 +161,7 @@ app.openapi(createRoute({
 	path: "/{id}",
 	summary: "Delete Data Component",
 	operationId: "delete-data-component",
-	tags: ["Data Component"],
+	tags: ["Data Components"],
 	request: { params: TenantProjectIdParamsSchema },
 	responses: {
 		204: { description: "Data component deleted successfully" },

package/dist/domains/manage/routes/externalAgents.js CHANGED Viewed

@@ -10,8 +10,7 @@ app.use("/", async (c, next) => {
 	return next();
 });
 app.use("/:id", async (c, next) => {
-	if (c.req.method === "PATCH") return requireProjectPermission("edit")(c, next);
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
+	if (c.req.method === "PUT" || c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
 	return next();
 });
 app.openapi(createRoute({

package/dist/domains/manage/routes/index.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono9 from "hono";
+import * as hono17 from "hono";
 //#region src/domains/manage/routes/index.d.ts
-declare const app: OpenAPIHono<hono9.Env, {}, "/">;
+declare const app: OpenAPIHono<hono17.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/index.js CHANGED Viewed

@@ -9,6 +9,7 @@ import conversations_default from "./conversations.js";
 import credentialStores_default from "./credentialStores.js";
 import credentials_default from "./credentials.js";
 import dataComponents_default from "./dataComponents.js";
+import evals_default from "./evals/index.js";
 import externalAgents_default from "./externalAgents.js";
 import functions_default from "./functions.js";
 import functionTools_default from "./functionTools.js";
@@ -28,6 +29,7 @@ import subAgentToolRelations_default from "./subAgentToolRelations.js";
 import thirdPartyMCPServers_default from "./thirdPartyMCPServers.js";
 import tools_default from "./tools.js";
 import triggers_default from "./triggers.js";
+import userProjectMemberships_default from "./userProjectMemberships.js";
 import { OpenAPIHono } from "@hono/zod-openapi";
 //#region src/domains/manage/routes/index.ts
@@ -62,6 +64,8 @@ app.route("/projects/:projectId/agent", agentFull_default);
 app.route("/projects/:projectId/mcp-catalog", mcpCatalog_default);
 app.route("/projects/:projectId/third-party-mcp-servers", thirdPartyMCPServers_default);
 app.route("/projects/:projectId/agents/:agentId/triggers", triggers_default);
+app.route("/projects/:projectId/evals", evals_default);
+app.route("/users/:userId/project-memberships", userProjectMemberships_default);
 var routes_default = app;
 //#endregion

package/dist/domains/manage/routes/invitations.js CHANGED Viewed

@@ -19,7 +19,7 @@ const PendingInvitationsResponseSchema = z.array(PendingInvitationSchema);
 invitationsRoutes.openapi(createRoute({
 	method: "get",
 	path: "/pending",
-	tags: ["invitations"],
+	tags: ["Invitations"],
 	summary: "Get pending invitations",
 	description: "Get all pending (non-expired) invitations for a given email address",
 	request: { query: z.object({ email: z.email().describe("Email address to check for invitations") }) },

package/dist/domains/manage/routes/mcp.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { Hono } from "hono";
-import * as hono_types7 from "hono/types";
+import * as hono_types15 from "hono/types";
 //#region src/domains/manage/routes/mcp.d.ts
-declare const app: Hono<hono_types7.BlankEnv, hono_types7.BlankSchema, "/">;
+declare const app: Hono<hono_types15.BlankEnv, hono_types15.BlankSchema, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/playgroundToken.js CHANGED Viewed

@@ -19,7 +19,7 @@ app.openapi(createRoute({
 	path: "/",
 	summary: "Generate temporary API key for playground",
 	operationId: "create-playground-token",
-	tags: ["Playground"],
+	tags: ["API Keys"],
 	description: "Generates a short-lived API key (1 hour expiry) for authenticated users to access the run-api from the playground",
 	security: [{ cookieAuth: [] }],
 	request: {
@@ -53,7 +53,6 @@ app.openapi(createRoute({
 		agentId
 	}, "Generating temporary JWT token for playground");
 	if (!await canUseProject({
-		tenantId,
 		userId,
 		projectId,
 		orgRole: tenantRole

package/dist/domains/manage/routes/projectFull.js CHANGED Viewed

@@ -14,16 +14,33 @@ app.use("/project-full", async (c, next) => {
 	return next();
 });
 app.use("/project-full/:projectId", async (c, next) => {
-	if (c.req.method === "PUT") return requireProjectPermission("edit")(c, next);
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
+	if (c.req.method === "GET") return requireProjectPermission("view")(c, next);
 	return next();
 });
+app.use("/project-full/:projectId/with-relation-ids", async (c, next) => {
+	if (c.req.method === "GET") return requireProjectPermission("view")(c, next);
+	return next();
+});
+const requireProjectUpsertPermission = async (c, next) => {
+	const tenantId = c.get("tenantId");
+	const projectId = c.req.param("projectId");
+	if (!tenantId || !projectId) throw createApiError({
+		code: "bad_request",
+		message: "Missing tenantId or projectId"
+	});
+	const exists = await getProjectMetadata(runDbClient_default)({
+		tenantId,
+		projectId
+	});
+	c.set("isProjectCreate", !exists);
+	return exists ? requireProjectPermission("edit")(c, next) : requirePermission({ project: ["create"] })(c, next);
+};
 app.openapi(createRoute({
 	method: "post",
 	path: "/project-full",
 	summary: "Create Full Project",
 	operationId: "create-full-project",
-	tags: ["Full Project"],
+	tags: ["Projects"],
 	description: "Create a complete project with all Agents, Sub Agents, tools, and relationships from JSON definition",
 	request: {
 		params: TenantParamsSchema,
@@ -90,7 +107,7 @@ app.openapi(createRoute({
 	path: "/project-full/{projectId}",
 	summary: "Get Full Project",
 	operationId: "get-full-project",
-	tags: ["Full Project"],
+	tags: ["Projects"],
 	description: "Retrieve a complete project definition with all Agents, Sub Agents, tools, and relationships",
 	request: { params: TenantProjectParamsSchema },
 	responses: {
@@ -129,7 +146,7 @@ app.openapi(createRoute({
 	path: "/project-full/{projectId}/with-relation-ids",
 	summary: "Get Full Project with Relation IDs",
 	operationId: "get-full-project-with-relation-ids",
-	tags: ["Full Project"],
+	tags: ["Projects"],
 	description: "Retrieve a complete project definition with all Agents, Sub Agents, tools, and relationships",
 	request: { params: TenantProjectParamsSchema },
 	responses: {
@@ -163,12 +180,16 @@ app.openapi(createRoute({
 		});
 	}
 });
+app.use("/project-full/:projectId", async (c, next) => {
+	if (c.req.method === "PUT") return requireProjectUpsertPermission(c, next);
+	return next();
+});
 app.openapi(createRoute({
 	method: "put",
 	path: "/project-full/{projectId}",
 	summary: "Update Full Project",
 	operationId: "update-full-project",
-	tags: ["Full Project"],
+	tags: ["Projects"],
 	description: "Update or create a complete project with all Agents, Sub Agents, tools, and relationships from JSON definition",
 	request: {
 		params: TenantProjectParamsSchema,
@@ -196,10 +217,7 @@ app.openapi(createRoute({
 			code: "bad_request",
 			message: `Project ID mismatch: expected ${projectId}, got ${validatedProjectData.id}`
 		});
-		const isCreate = !await getProjectMetadata(runDbClient_default)({
-			tenantId,
-			projectId
-		});
+		const isCreate = c.get("isProjectCreate") ?? false;
 		if (isCreate) {
 			await createProjectMetadataAndBranch(runDbClient_default, configDb)({
 				tenantId,
@@ -245,12 +263,16 @@ app.openapi(createRoute({
 		});
 	}
 });
+app.use("/project-full/:projectId", async (c, next) => {
+	if (c.req.method === "DELETE") return requirePermission({ project: ["delete"] })(c, next);
+	return next();
+});
 app.openapi(createRoute({
 	method: "delete",
 	path: "/project-full/{projectId}",
 	summary: "Delete Full Project",
 	operationId: "delete-full-project",
-	tags: ["Full Project"],
+	tags: ["Projects"],
 	description: "Delete a complete project and cascade to all related entities (Agents, Sub Agents, tools, relationships)",
 	request: { params: TenantProjectParamsSchema },
 	responses: {

package/dist/domains/manage/routes/projectMembers.js CHANGED Viewed

@@ -1,24 +1,21 @@
 import { requireProjectPermission } from "../../../middleware/projectAccess.js";
 import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
-import { changeProjectRole, commonGetErrorResponses, createApiError, grantProjectAccess, isAuthzEnabled, listProjectMembers, revokeProjectAccess } from "@inkeep/agents-core";
+import { ProjectRoles, changeProjectRole, commonGetErrorResponses, createApiError, grantProjectAccess, isAuthzEnabled, listProjectMembers, revokeProjectAccess } from "@inkeep/agents-core";
 //#region src/domains/manage/routes/projectMembers.ts
 const app = new OpenAPIHono();
+const projectRoleEnum = z.enum([
+	ProjectRoles.ADMIN,
+	ProjectRoles.MEMBER,
+	ProjectRoles.VIEWER
+]);
 const ProjectMemberSchema = z.object({
 	userId: z.string().min(1),
-	role: z.enum([
-		"project_admin",
-		"project_member",
-		"project_viewer"
-	])
+	role: projectRoleEnum
 });
 const ProjectMemberResponseSchema = z.object({ data: z.object({
 	userId: z.string(),
-	role: z.enum([
-		"project_admin",
-		"project_member",
-		"project_viewer"
-	]),
+	role: projectRoleEnum,
 	projectId: z.string()
 }) });
 const ProjectMemberParamsSchema = z.object({
@@ -31,16 +28,8 @@ const ProjectMemberUserParamsSchema = z.object({
 	userId: z.string()
 });
 const UpdateRoleSchema = z.object({
-	role: z.enum([
-		"project_admin",
-		"project_member",
-		"project_viewer"
-	]),
-	previousRole: z.enum([
-		"project_admin",
-		"project_member",
-		"project_viewer"
-	]).optional()
+	role: projectRoleEnum,
+	previousRole: projectRoleEnum.optional()
 });
 app.openapi(createRoute({
 	method: "get",
@@ -55,18 +44,14 @@ app.openapi(createRoute({
 			description: "List of project members",
 			content: { "application/json": { schema: z.object({ data: z.array(z.object({
 				userId: z.string(),
-				role: z.enum([
-					"project_admin",
-					"project_member",
-					"project_viewer"
-				])
+				role: projectRoleEnum
 			})) }) } }
 		},
 		...commonGetErrorResponses
 	}
 }), async (c) => {
 	const { projectId, tenantId } = c.req.valid("param");
-	if (!isAuthzEnabled(tenantId)) return c.json({ data: [] });
+	if (!isAuthzEnabled()) return c.json({ data: [] });
 	const members = await listProjectMembers({
 		tenantId,
 		projectId
@@ -98,7 +83,7 @@ app.openapi(createRoute({
 }), async (c) => {
 	const { projectId, tenantId } = c.req.valid("param");
 	const { userId, role } = c.req.valid("json");
-	if (!isAuthzEnabled(tenantId)) throw createApiError({
+	if (!isAuthzEnabled()) throw createApiError({
 		code: "bad_request",
 		message: "Project member management requires authorization to be enabled (ENABLE_AUTHZ=true)"
 	});
@@ -135,7 +120,7 @@ app.openapi(createRoute({
 }), async (c) => {
 	const { projectId, userId, tenantId } = c.req.valid("param");
 	const { role: newRole, previousRole } = c.req.valid("json");
-	if (!isAuthzEnabled(tenantId)) throw createApiError({
+	if (!isAuthzEnabled()) throw createApiError({
 		code: "bad_request",
 		message: "Project member management requires authorization to be enabled (ENABLE_AUTHZ=true)"
 	});
@@ -170,11 +155,7 @@ app.openapi(createRoute({
 	tags: ["Project Members"],
 	request: {
 		params: ProjectMemberUserParamsSchema,
-		query: z.object({ role: z.enum([
-			"project_admin",
-			"project_member",
-			"project_viewer"
-		]) })
+		query: z.object({ role: projectRoleEnum })
 	},
 	responses: {
 		204: { description: "Member removed successfully" },
@@ -183,7 +164,7 @@ app.openapi(createRoute({
 }), async (c) => {
 	const { projectId, userId, tenantId } = c.req.valid("param");
 	const { role } = c.req.valid("query");
-	if (!isAuthzEnabled(tenantId)) throw createApiError({
+	if (!isAuthzEnabled()) throw createApiError({
 		code: "bad_request",
 		message: "Project member management requires authorization to be enabled (ENABLE_AUTHZ=true)"
 	});

package/dist/domains/manage/routes/projectPermissions.js CHANGED Viewed

@@ -1,5 +1,6 @@
+import { env } from "../../../env.js";
 import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
-import { SpiceDbPermissions, SpiceDbResourceTypes, checkBulkPermissions, commonGetErrorResponses, createApiError, isAuthzEnabled } from "@inkeep/agents-core";
+import { OrgRoles, SpiceDbProjectPermissions, SpiceDbResourceTypes, checkBulkPermissions, commonGetErrorResponses, createApiError, isAuthzEnabled } from "@inkeep/agents-core";
 //#region src/domains/manage/routes/projectPermissions.ts
 const app = new OpenAPIHono();
@@ -28,15 +29,21 @@ app.openapi(createRoute({
 		...commonGetErrorResponses
 	}
 }), async (c) => {
-	const { projectId, tenantId } = c.req.valid("param");
+	const { projectId } = c.req.valid("param");
 	const userId = c.get("userId");
 	const tenantRole = c.get("tenantRole");
-	if (tenantRole === "owner" || tenantRole === "admin") return c.json({ data: {
+	const isTestEnvironment = process.env.ENVIRONMENT === "test";
+	if (env.DISABLE_AUTH || isTestEnvironment) return c.json({ data: {
 		canView: true,
 		canUse: true,
 		canEdit: true
 	} });
-	if (!isAuthzEnabled(tenantId)) return c.json({ data: {
+	if (tenantRole === OrgRoles.OWNER || tenantRole === OrgRoles.ADMIN) return c.json({ data: {
+		canView: true,
+		canUse: true,
+		canEdit: true
+	} });
+	if (!isAuthzEnabled()) return c.json({ data: {
 		canView: true,
 		canUse: true,
 		canEdit: false
@@ -49,17 +56,17 @@ app.openapi(createRoute({
 		resourceType: SpiceDbResourceTypes.PROJECT,
 		resourceId: projectId,
 		permissions: [
-			SpiceDbPermissions.VIEW,
-			SpiceDbPermissions.USE,
-			SpiceDbPermissions.EDIT
+			SpiceDbProjectPermissions.VIEW,
+			SpiceDbProjectPermissions.USE,
+			SpiceDbProjectPermissions.EDIT
 		],
 		subjectType: SpiceDbResourceTypes.USER,
 		subjectId: userId
 	});
 	return c.json({ data: {
-		canView: permissions[SpiceDbPermissions.VIEW] ?? false,
-		canUse: permissions[SpiceDbPermissions.USE] ?? false,
-		canEdit: permissions[SpiceDbPermissions.EDIT] ?? false
+		canView: permissions[SpiceDbProjectPermissions.VIEW] ?? false,
+		canUse: permissions[SpiceDbProjectPermissions.USE] ?? false,
+		canEdit: permissions[SpiceDbProjectPermissions.EDIT] ?? false
 	} });
 });
 var projectPermissions_default = app;

package/dist/domains/manage/routes/projects.js CHANGED Viewed

@@ -15,7 +15,7 @@ app.use("/", async (c, next) => {
 app.use("/:id", async (c, next) => {
 	if (c.req.method === "GET") return requireProjectPermission("view")(c, next);
 	if (c.req.method === "PATCH") return requireProjectPermission("edit")(c, next);
-	if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
+	if (c.req.method === "DELETE") return requirePermission({ project: ["delete"] })(c, next);
 	return next();
 });
 app.openapi(createRoute({
@@ -45,9 +45,8 @@ app.openapi(createRoute({
 	const page = Number(c.req.query("page")) || 1;
 	const limit = Math.min(Number(c.req.query("limit")) || 10, 100);
 	let accessibleIds;
-	if (isAuthzEnabled(tenantId) && userId) {
+	if (isAuthzEnabled() && userId) {
 		const result$1 = await listAccessibleProjectIds({
-			tenantId,
 			userId,
 			orgRole: tenantRole
 		});
@@ -149,7 +148,7 @@ app.openapi(createRoute({
 			tenantId,
 			...body
 		});
-		if (isAuthzEnabled(tenantId)) {
+		if (isAuthzEnabled()) {
 			if (!userId) throw createApiError({
 				code: "unauthorized",
 				message: "User not found"
@@ -256,7 +255,7 @@ app.openapi(createRoute({
 			code: "not_found",
 			message: "Project not found"
 		});
-		if (isAuthzEnabled(tenantId)) try {
+		if (isAuthzEnabled()) try {
 			await removeProjectFromSpiceDb({
 				tenantId,
 				projectId: id

package/dist/domains/manage/routes/signoz.d.ts CHANGED Viewed

@@ -1,10 +1,10 @@
 import { ManageAppVariables } from "../../../types/app.js";
 import { Hono } from "hono";
-import * as hono_types9 from "hono/types";
+import * as hono_types17 from "hono/types";
 //#region src/domains/manage/routes/signoz.d.ts
 declare const app: Hono<{
   Variables: ManageAppVariables;
-}, hono_types9.BlankSchema, "/">;
+}, hono_types17.BlankSchema, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/signoz.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { getLogger as getLogger$1 } from "../../../logger.js";
 import { env } from "../../../env.js";
-import { enforceProjectFilter } from "../../../utils/signozHelpers.js";
+import { enforceSecurityFilters } from "../../../utils/signozHelpers.js";
 import { Hono } from "hono";
 import { createApiError, projectExists } from "@inkeep/agents-core";
 import axios from "axios";
@@ -36,9 +36,12 @@ app.post("/query", async (c) => {
 				message: "You do not have access to this project"
 			}, 403);
 		}
-		payload = enforceProjectFilter(payload, requestedProjectId);
-		logger.debug({ projectId: requestedProjectId }, "Project filter enforced");
 	}
+	payload = enforceSecurityFilters(payload, tenantId, requestedProjectId);
+	logger.debug({
+		tenantId,
+		projectId: requestedProjectId
+	}, "Security filters enforced");
 	const signozUrl = env.SIGNOZ_URL || env.PUBLIC_SIGNOZ_URL;
 	const signozApiKey = env.SIGNOZ_API_KEY;
 	if (!signozUrl || !signozApiKey) {

package/dist/domains/manage/routes/subAgentArtifactComponents.js CHANGED Viewed

@@ -17,7 +17,7 @@ app.openapi(createRoute({
 	path: "/agent/{subAgentId}",
 	summary: "Get Artifact Components for Agent",
 	operationId: "get-artifact-components-for-agent",
-	tags: ["Agent Artifact Component Relations"],
+	tags: ["Agents", "Artifact Components"],
 	request: { params: TenantProjectAgentSubAgentParamsSchema },
 	responses: {
 		200: {
@@ -42,7 +42,7 @@ app.openapi(createRoute({
 	path: "/component/{artifactComponentId}/agents",
 	summary: "Get Agents Using Artifact Component",
 	operationId: "get-agents-using-artifact-component",
-	tags: ["Agent Artifact Component Relations"],
+	tags: ["Agents", "Artifact Components"],
 	request: { params: TenantProjectAgentParamsSchema.extend({ artifactComponentId: z.string() }) },
 	responses: {
 		200: {
@@ -68,7 +68,7 @@ app.openapi(createRoute({
 	path: "/",
 	summary: "Associate Artifact Component with Agent",
 	operationId: "associate-artifact-component-with-agent",
-	tags: ["Agent Artifact Component Relations"],
+	tags: ["Agents", "Artifact Components"],
 	request: {
 		params: TenantProjectAgentParamsSchema,
 		body: { content: { "application/json": { schema: SubAgentArtifactComponentApiInsertSchema } } }
@@ -139,7 +139,7 @@ app.openapi(createRoute({
 	path: "/agent/{subAgentId}/component/{artifactComponentId}",
 	summary: "Remove Artifact Component from Agent",
 	operationId: "remove-artifact-component-from-agent",
-	tags: ["Agent Artifact Component Relations"],
+	tags: ["Agents", "Artifact Components"],
 	request: { params: TenantProjectAgentSubAgentParamsSchema.extend({ artifactComponentId: z.string() }) },
 	responses: {
 		200: {
@@ -173,7 +173,7 @@ app.openapi(createRoute({
 	path: "/agent/{subAgentId}/component/{artifactComponentId}/exists",
 	summary: "Check if Artifact Component is Associated with Agent",
 	operationId: "check-artifact-component-agent-association",
-	tags: ["Agent Artifact Component Relations"],
+	tags: ["Agents", "Artifact Components"],
 	request: { params: TenantProjectAgentSubAgentParamsSchema.extend({ artifactComponentId: z.string() }) },
 	responses: {
 		200: {

package/dist/domains/manage/routes/subAgentDataComponents.js CHANGED Viewed

@@ -17,7 +17,7 @@ app.openapi(createRoute({
 	path: "/agent/{subAgentId}",
 	summary: "Get Data Components for Agent",
 	operationId: "get-data-components-for-agent",
-	tags: ["Agent Data Component Relations"],
+	tags: ["Agents", "Data Components"],
 	request: { params: TenantProjectAgentSubAgentParamsSchema },
 	responses: {
 		200: {
@@ -42,7 +42,7 @@ app.openapi(createRoute({
 	path: "/component/{dataComponentId}/agents",
 	summary: "Get Agents Using Data Component",
 	operationId: "get-agents-using-data-component",
-	tags: ["Agent Data Component Relations"],
+	tags: ["Agents", "Data Components"],
 	request: { params: TenantProjectAgentParamsSchema.extend({ dataComponentId: z.string() }) },
 	responses: {
 		200: {
@@ -68,7 +68,7 @@ app.openapi(createRoute({
 	path: "/",
 	summary: "Associate Data Component with Agent",
 	operationId: "associate-data-component-with-agent",
-	tags: ["Agent Data Component Relations"],
+	tags: ["Agents", "Data Components"],
 	request: {
 		params: TenantProjectAgentParamsSchema,
 		body: { content: { "application/json": { schema: SubAgentDataComponentApiInsertSchema } } }
@@ -138,7 +138,7 @@ app.openapi(createRoute({
 	path: "/agent/{subAgentId}/component/{dataComponentId}",
 	summary: "Remove Data Component from Agent",
 	operationId: "remove-data-component-from-agent",
-	tags: ["Agent Data Component Relations"],
+	tags: ["Agents", "Data Components"],
 	request: { params: TenantProjectAgentSubAgentParamsSchema.extend({ dataComponentId: z.string() }) },
 	responses: {
 		200: {
@@ -172,7 +172,7 @@ app.openapi(createRoute({
 	path: "/agent/{subAgentId}/component/{dataComponentId}/exists",
 	summary: "Check if Data Component is Associated with Agent",
 	operationId: "check-data-component-agent-association",
-	tags: ["Agent Data Component Relations"],
+	tags: ["Agents", "Data Components"],
 	request: { params: TenantProjectAgentSubAgentParamsSchema.extend({ dataComponentId: z.string() }) },
 	responses: {
 		200: {