@inkeep/agents-api 0.0.1 → 0.43.0

package/dist/domains/manage/routes/subAgentExternalAgentRelations.js

@@ -19,7 +19,7 @@ app.openapi(createRoute({
 	path: "/",
 	summary: "List Sub Agent External Agent Relations",
 	operationId: "list-sub-agent-external-agent-relations",
-	tags: ["Sub Agent External Agent Relations"],
+	tags: ["SubAgents", "External Agents"],
 	request: {
 		params: TenantProjectAgentSubAgentParamsSchema,
 		query: PaginationQueryParamsSchema
@@ -64,7 +64,7 @@ app.openapi(createRoute({
 	path: "/{id}",
 	summary: "Get Sub Agent External Agent Relation",
 	operationId: "get-sub-agent-external-agent-relation-by-id",
-	tags: ["Sub Agent External Agent Relations"],
+	tags: ["SubAgents", "External Agents"],
 	request: { params: TenantProjectAgentSubAgentIdParamsSchema },
 	responses: {
 		200: {
@@ -96,7 +96,7 @@ app.openapi(createRoute({
 	path: "/",
 	summary: "Create Sub Agent External Agent Relation",
 	operationId: "create-sub-agent-external-agent-relation",
-	tags: ["Sub Agent External Agent Relations"],
+	tags: ["SubAgents", "External Agents"],
 	request: {
 		params: TenantProjectAgentSubAgentParamsSchema,
 		body: { content: { "application/json": { schema: SubAgentExternalAgentRelationApiInsertSchema } } }
@@ -147,7 +147,7 @@ app.openapi(createRoute({
 	path: "/{id}",
 	summary: "Update Sub Agent External Agent Relation",
 	operationId: "update-sub-agent-external-agent-relation",
-	tags: ["Sub Agent External Agent Relations"],
+	tags: ["SubAgents", "External Agents"],
 	request: {
 		params: TenantProjectAgentSubAgentIdParamsSchema,
 		body: { content: { "application/json": { schema: SubAgentExternalAgentRelationApiUpdateSchema } } }
@@ -184,7 +184,7 @@ app.openapi(createRoute({
 	path: "/{id}",
 	summary: "Delete Sub Agent External Agent Relation",
 	operationId: "delete-sub-agent-external-agent-relation",
-	tags: ["Sub Agent External Agent Relations"],
+	tags: ["SubAgents", "External Agents"],
 	request: { params: TenantProjectAgentSubAgentIdParamsSchema },
 	responses: {
 		204: { description: "Sub Agent External Agent Relation deleted successfully" },

package/dist/domains/manage/routes/subAgentFunctionTools.js

@@ -17,7 +17,7 @@ app.openapi(createRoute({
 	path: "/sub-agent/{subAgentId}",
 	summary: "Get Function Tools for SubAgent",
 	operationId: "get-function-tools-for-sub-agent",
-	tags: ["SubAgent Function Tool Relations"],
+	tags: ["SubAgents", "Function Tools"],
 	request: { params: TenantProjectAgentSubAgentParamsSchema },
 	responses: {
 		200: {
@@ -44,7 +44,7 @@ app.openapi(createRoute({
 	path: "/function-tool/{functionToolId}/sub-agents",
 	summary: "Get SubAgents Using Function Tool",
 	operationId: "get-sub-agents-using-function-tool",
-	tags: ["SubAgent Function Tool Relations"],
+	tags: ["SubAgents", "Function Tools"],
 	request: { params: TenantProjectAgentParamsSchema.extend({ functionToolId: z.string() }) },
 	responses: {
 		200: {
@@ -71,7 +71,7 @@ app.openapi(createRoute({
 	path: "/",
 	summary: "Associate Function Tool with SubAgent",
 	operationId: "associate-function-tool-with-sub-agent",
-	tags: ["SubAgent Function Tool Relations"],
+	tags: ["SubAgents", "Function Tools"],
 	request: {
 		params: TenantProjectAgentParamsSchema,
 		body: { content: { "application/json": { schema: SubAgentFunctionToolRelationApiInsertSchema } } }
@@ -142,7 +142,7 @@ app.openapi(createRoute({
 	path: "/sub-agent/{subAgentId}/function-tool/{functionToolId}",
 	summary: "Remove Function Tool from SubAgent",
 	operationId: "remove-function-tool-from-sub-agent",
-	tags: ["SubAgent Function Tool Relations"],
+	tags: ["SubAgents", "Function Tools"],
 	request: { params: TenantProjectAgentSubAgentParamsSchema.extend({ functionToolId: z.string() }) },
 	responses: {
 		200: {
@@ -176,7 +176,7 @@ app.openapi(createRoute({
 	path: "/sub-agent/{subAgentId}/function-tool/{functionToolId}/exists",
 	summary: "Check if Function Tool is Associated with SubAgent",
 	operationId: "check-function-tool-sub-agent-association",
-	tags: ["SubAgent Function Tool Relations"],
+	tags: ["SubAgents", "Function Tools"],
 	request: { params: TenantProjectAgentSubAgentParamsSchema.extend({ functionToolId: z.string() }) },
 	responses: {
 		200: {

package/dist/domains/manage/routes/subAgentRelations.js

@@ -19,7 +19,7 @@ app.openapi(createRoute({
 	path: "/",
 	summary: "List Sub Agent Relations",
 	operationId: "list-sub-agent-relations",
-	tags: ["Sub Agent Relations"],
+	tags: ["SubAgents"],
 	request: {
 		params: TenantProjectAgentParamsSchema,
 		query: PaginationQueryParamsSchema.merge(SubAgentRelationQuerySchema)
@@ -92,7 +92,7 @@ app.openapi(createRoute({
 			};
 		}
 		return c.json(result);
-	} catch (_error) {
+	} catch {
 		throw createApiError({
 			code: "internal_server_error",
 			message: "Failed to retrieve sub agent relations"
@@ -104,7 +104,7 @@ app.openapi(createRoute({
 	path: "/{id}",
 	summary: "Get Sub Agent Relation",
 	operationId: "get-sub-agent-relation-by-id",
-	tags: ["Sub Agent Relations"],
+	tags: ["SubAgents"],
 	request: { params: TenantProjectAgentIdParamsSchema },
 	responses: {
 		200: {
@@ -135,7 +135,7 @@ app.openapi(createRoute({
 	path: "/",
 	summary: "Create Sub Agent Relation",
 	operationId: "create-sub-agent-relation",
-	tags: ["Sub Agent Relations"],
+	tags: ["SubAgents"],
 	request: {
 		params: TenantProjectAgentParamsSchema,
 		body: { content: { "application/json": { schema: SubAgentRelationApiInsertSchema } } }
@@ -196,7 +196,7 @@ app.openapi(createRoute({
 	path: "/{id}",
 	summary: "Update Sub Agent Relation",
 	operationId: "update-sub-agent-relation",
-	tags: ["Sub Agent Relations"],
+	tags: ["SubAgents"],
 	request: {
 		params: TenantProjectAgentIdParamsSchema,
 		body: { content: { "application/json": { schema: SubAgentRelationApiUpdateSchema } } }
@@ -232,7 +232,7 @@ app.openapi(createRoute({
 	path: "/{id}",
 	summary: "Delete Sub Agent Relation",
 	operationId: "delete-sub-agent-relation",
-	tags: ["Sub Agent Relations"],
+	tags: ["SubAgents"],
 	request: { params: TenantProjectAgentIdParamsSchema },
 	responses: {
 		204: { description: "Sub Agent Relation deleted successfully" },

package/dist/domains/manage/routes/subAgentTeamAgentRelations.js

@@ -19,7 +19,7 @@ app.openapi(createRoute({
 	path: "/",
 	summary: "List Sub Agent Team Agent Relations",
 	operationId: "list-sub-agent-team-agent-relations",
-	tags: ["Sub Agent Team Agent Relations"],
+	tags: ["SubAgents"],
 	request: {
 		params: TenantProjectAgentSubAgentParamsSchema,
 		query: PaginationQueryParamsSchema
@@ -52,7 +52,7 @@ app.openapi(createRoute({
 			}
 		});
 		return c.json(result);
-	} catch (_error) {
+	} catch {
 		throw createApiError({
 			code: "internal_server_error",
 			message: "Failed to retrieve sub agent team agent relations"
@@ -64,7 +64,7 @@ app.openapi(createRoute({
 	path: "/{id}",
 	summary: "Get Sub Agent Team Agent Relation",
 	operationId: "get-sub-agent-team-agent-relation-by-id",
-	tags: ["Sub Agent Team Agent Relations"],
+	tags: ["SubAgents"],
 	request: { params: TenantProjectAgentSubAgentIdParamsSchema },
 	responses: {
 		200: {
@@ -96,7 +96,7 @@ app.openapi(createRoute({
 	path: "/",
 	summary: "Create Sub Agent Team Agent Relation",
 	operationId: "create-sub-agent-team-agent-relation",
-	tags: ["Sub Agent Team Agent Relations"],
+	tags: ["SubAgents"],
 	request: {
 		params: TenantProjectAgentSubAgentParamsSchema,
 		body: { content: { "application/json": { schema: SubAgentTeamAgentRelationApiInsertSchema } } }
@@ -147,7 +147,7 @@ app.openapi(createRoute({
 	path: "/{id}",
 	summary: "Update Sub Agent Team Agent Relation",
 	operationId: "update-sub-agent-team-agent-relation",
-	tags: ["Sub Agent Team Agent Relations"],
+	tags: ["SubAgents"],
 	request: {
 		params: TenantProjectAgentSubAgentIdParamsSchema,
 		body: { content: { "application/json": { schema: SubAgentTeamAgentRelationApiUpdateSchema } } }
@@ -184,7 +184,7 @@ app.openapi(createRoute({
 	path: "/{id}",
 	summary: "Delete Sub Agent Team Agent Relation",
 	operationId: "delete-sub-agent-team-agent-relation",
-	tags: ["Sub Agent Team Agent Relations"],
+	tags: ["SubAgents"],
 	request: { params: TenantProjectAgentSubAgentIdParamsSchema },
 	responses: {
 		204: { description: "Sub Agent Team Agent Relation deleted successfully" },

package/dist/domains/manage/routes/subAgentToolRelations.js

@@ -19,7 +19,7 @@ app.openapi(createRoute({
 	path: "/",
 	summary: "List SubAgent Tool Relations",
 	operationId: "list-subagent-tool-relations",
-	tags: ["SubAgent Tool Relations"],
+	tags: ["SubAgents", "Tools"],
 	request: {
 		params: TenantProjectAgentParamsSchema,
 		query: PaginationQueryParamsSchema.extend({
@@ -98,7 +98,7 @@ app.openapi(createRoute({
 	path: "/{id}",
 	summary: "Get SubAgent Tool Relation",
 	operationId: "get-subagent-tool-relation",
-	tags: ["SubAgent Tool Relations"],
+	tags: ["SubAgents", "Tools"],
 	request: { params: TenantProjectAgentIdParamsSchema },
 	responses: {
 		200: {
@@ -130,7 +130,7 @@ app.openapi(createRoute({
 	path: "/tool/{toolId}/sub-agents",
 	summary: "Get SubAgents for Tool",
 	operationId: "get-subagents-for-tool",
-	tags: ["SubAgent Tool Relations"],
+	tags: ["SubAgents", "Tools"],
 	request: {
 		params: TenantProjectAgentParamsSchema.extend({ toolId: z.string() }),
 		query: PaginationQueryParamsSchema
@@ -165,7 +165,7 @@ app.openapi(createRoute({
 	path: "/",
 	summary: "Create SubAgent Tool Relation",
 	operationId: "create-subagent-tool-relation",
-	tags: ["SubAgent Tool Relations"],
+	tags: ["SubAgents", "Tools"],
 	request: {
 		params: TenantProjectAgentParamsSchema,
 		body: { content: { "application/json": { schema: SubAgentToolRelationApiInsertSchema } } }
@@ -218,7 +218,7 @@ app.openapi(createRoute({
 	path: "/{id}",
 	summary: "Update SubAgent Tool Relation",
 	operationId: "update-subagent-tool-relation",
-	tags: ["SubAgent Tool Relations"],
+	tags: ["SubAgents", "Tools"],
 	request: {
 		params: TenantProjectAgentIdParamsSchema,
 		body: { content: { "application/json": { schema: SubAgentToolRelationApiUpdateSchema } } }
@@ -258,7 +258,7 @@ app.openapi(createRoute({
 	path: "/{id}",
 	summary: "Delete SubAgent Tool Relation",
 	operationId: "delete-subagent-tool-relation",
-	tags: ["SubAgent Tool Relations"],
+	tags: ["SubAgents", "Tools"],
 	request: { params: TenantProjectAgentIdParamsSchema },
 	responses: {
 		204: { description: "SubAgent tool relation deleted successfully" },

package/dist/domains/manage/routes/subAgents.js

@@ -20,7 +20,7 @@ app.openapi(createRoute({
 	path: "/",
 	summary: "List SubAgents",
 	operationId: "list-subagents",
-	tags: ["SubAgent"],
+	tags: ["SubAgents"],
 	request: {
 		params: TenantProjectAgentParamsSchema,
 		query: PaginationQueryParamsSchema
@@ -62,7 +62,7 @@ app.openapi(createRoute({
 	path: "/{id}",
 	summary: "Get SubAgent",
 	operationId: "get-subagent-by-id",
-	tags: ["SubAgent"],
+	tags: ["SubAgents"],
 	request: { params: TenantProjectAgentIdParamsSchema },
 	responses: {
 		200: {
@@ -96,7 +96,7 @@ app.openapi(createRoute({
 	path: "/",
 	summary: "Create SubAgent",
 	operationId: "create-subagent",
-	tags: ["SubAgent"],
+	tags: ["SubAgents"],
 	request: {
 		params: TenantProjectAgentParamsSchema,
 		body: { content: { "application/json": { schema: SubAgentApiInsertSchema } } }
@@ -129,7 +129,7 @@ app.openapi(createRoute({
 	path: "/{id}",
 	summary: "Update SubAgent",
 	operationId: "update-subagent",
-	tags: ["SubAgent"],
+	tags: ["SubAgents"],
 	request: {
 		params: TenantProjectAgentIdParamsSchema,
 		body: { content: { "application/json": { schema: SubAgentApiUpdateSchema } } }
@@ -168,7 +168,7 @@ app.openapi(createRoute({
 	path: "/{id}",
 	summary: "Delete SubAgent",
 	operationId: "delete-subagent",
-	tags: ["SubAgent"],
+	tags: ["SubAgents"],
 	request: { params: TenantProjectAgentIdParamsSchema },
 	responses: {
 		204: { description: "SubAgent deleted successfully" },

package/dist/domains/manage/routes/tools.js

@@ -2,7 +2,8 @@ import { getLogger as getLogger$1 } from "../../../logger.js";
 import { requireProjectPermission } from "../../../middleware/projectAccess.js";
 import { speakeasyOffsetLimitPagination } from "../../../utils/speakeasy.js";
 import { OpenAPIHono, createRoute } from "@hono/zod-openapi";
-import { CredentialReferenceApiSelectSchema, CredentialReferenceResponse, McpToolListResponse, McpToolResponse, PaginationQueryParamsSchema, TenantProjectIdParamsSchema, TenantProjectParamsSchema, ToolApiInsertSchema, ToolApiUpdateSchema, ToolStatusSchema, commonGetErrorResponses, createApiError, createTool, dbResultToMcpTool, deleteTool, generateId, getToolById, getUserScopedCredentialReference, listTools, updateTool } from "@inkeep/agents-core";
+import { CredentialReferenceApiSelectSchema, CredentialReferenceResponse, McpToolListResponse, McpToolResponse, PaginationQueryParamsSchema, TenantProjectIdParamsSchema, TenantProjectParamsSchema, ToolApiInsertSchema, ToolApiUpdateSchema, ToolStatusSchema, commonGetErrorResponses, createApiError, createTool, dbResultToMcpTool, dbResultToMcpToolSkeleton, deleteTool, generateId, getToolById, getUserScopedCredentialReference, listTools, updateTool } from "@inkeep/agents-core";
+import { z as z$1 } from "zod";
 
 //#region src/domains/manage/routes/tools.ts
 const logger = getLogger$1("tools");
@@ -24,7 +25,10 @@ app.openapi(createRoute({
 	tags: ["Tools"],
 	request: {
 		params: TenantProjectParamsSchema,
-		query: PaginationQueryParamsSchema.extend({ status: ToolStatusSchema.optional() })
+		query: PaginationQueryParamsSchema.extend({
+			status: ToolStatusSchema.optional(),
+			skipDiscovery: z$1.enum(["true", "false"]).optional().transform((val) => val === "true").describe("Skip MCP server discovery for faster response. Status will be \"unknown\".")
+		})
 	},
 	responses: {
 		200: {
@@ -37,10 +41,27 @@ app.openapi(createRoute({
 }), async (c) => {
 	const db = c.get("db");
 	const { tenantId, projectId } = c.req.valid("param");
-	const { page, limit, status } = c.req.valid("query");
+	const { page, limit, status, skipDiscovery } = c.req.valid("query");
 	let result;
 	const credentialStores = c.get("credentialStores");
 	const userId = c.get("userId");
+	if (skipDiscovery) {
+		const dbResult = await listTools(db)({
+			scopes: {
+				tenantId,
+				projectId
+			},
+			pagination: {
+				page,
+				limit
+			}
+		});
+		result = {
+			data: dbResult.data.map((tool) => dbResultToMcpToolSkeleton(tool)),
+			pagination: dbResult.pagination
+		};
+		return c.json(result);
+	}
 	if (status) {
 		const dbResult = await listTools(db)({
 			scopes: {

package/dist/domains/manage/routes/triggers.js

@@ -4,21 +4,11 @@ import runDbClient_default from "../../../data/db/runDbClient.js";
 import { requireProjectPermission } from "../../../middleware/projectAccess.js";
 import { speakeasyOffsetLimitPagination } from "../../../utils/speakeasy.js";
 import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
-import { PaginationQueryParamsSchema, TenantProjectAgentIdParamsSchema, TenantProjectAgentParamsSchema, TriggerApiInsertSchema, TriggerApiSelectSchema, TriggerApiUpdateSchema, TriggerInvocationListResponse, TriggerInvocationResponse, TriggerInvocationStatusEnum, commonGetErrorResponses, createApiError, createTrigger, deleteTrigger, generateId, getTriggerById, getTriggerInvocationById, listTriggerInvocationsPaginated, listTriggersPaginated, updateTrigger } from "@inkeep/agents-core";
+import { PaginationQueryParamsSchema, TenantProjectAgentIdParamsSchema, TenantProjectAgentParamsSchema, TriggerApiInsertSchema, TriggerApiUpdateSchema, TriggerInvocationListResponse, TriggerInvocationResponse, TriggerInvocationStatusEnum, TriggerWithWebhookUrlListResponse, TriggerWithWebhookUrlResponse, commonGetErrorResponses, createApiError, createTrigger, deleteTrigger, generateId, getCredentialReference, getTriggerById, getTriggerInvocationById, hashAuthenticationHeaders, listTriggerInvocationsPaginated, listTriggersPaginated, updateTrigger } from "@inkeep/agents-core";
 
 //#region src/domains/manage/routes/triggers.ts
 const logger = getLogger$1("triggers");
 const app = new OpenAPIHono();
-const TriggerResponse = z.object({ data: TriggerApiSelectSchema.extend({ webhookUrl: z.string().describe("Fully qualified webhook URL for this trigger") }) });
-const TriggerListResponse = z.object({
-	data: z.array(TriggerApiSelectSchema.extend({ webhookUrl: z.string().describe("Fully qualified webhook URL for this trigger") })),
-	pagination: z.object({
-		page: z.number(),
-		limit: z.number(),
-		total: z.number(),
-		pages: z.number()
-	})
-});
 app.use("/", async (c, next) => {
 	if (c.req.method === "POST") return requireProjectPermission("edit")(c, next);
 	return next();
@@ -51,7 +41,7 @@ app.openapi(createRoute({
 	responses: {
 		200: {
 			description: "List of triggers retrieved successfully",
-			content: { "application/json": { schema: TriggerListResponse } }
+			content: { "application/json": { schema: TriggerWithWebhookUrlListResponse } }
 		},
 		...commonGetErrorResponses
 	},
@@ -103,7 +93,7 @@ app.openapi(createRoute({
 	responses: {
 		200: {
 			description: "Trigger found",
-			content: { "application/json": { schema: TriggerResponse } }
+			content: { "application/json": { schema: TriggerWithWebhookUrlResponse } }
 		},
 		...commonGetErrorResponses
 	}
@@ -151,7 +141,7 @@ app.openapi(createRoute({
 	responses: {
 		201: {
 			description: "Trigger created successfully",
-			content: { "application/json": { schema: TriggerResponse } }
+			content: { "application/json": { schema: TriggerWithWebhookUrlResponse } }
 		},
 		...commonGetErrorResponses
 	}
@@ -161,12 +151,32 @@ app.openapi(createRoute({
 	const body = c.req.valid("json");
 	const apiBaseUrl = env.INKEEP_AGENTS_API_URL;
 	const id = body.id || generateId();
-	logger.info({
+	logger.debug({
 		tenantId,
 		projectId,
 		agentId,
 		triggerId: id
 	}, "Creating trigger");
+	if (body.signingSecretCredentialReferenceId) {
+		const credentialRef = await getCredentialReference(db)({
+			scopes: {
+				tenantId,
+				projectId
+			},
+			id: body.signingSecretCredentialReferenceId
+		});
+		if (!credentialRef) throw createApiError({
+			code: "bad_request",
+			message: `Credential reference not found: ${body.signingSecretCredentialReferenceId}`
+		});
+		if (credentialRef.userId) throw createApiError({
+			code: "bad_request",
+			message: "Only project-scoped credentials can be attached to triggers. User-scoped credentials are not allowed."
+		});
+	}
+	let hashedAuthentication;
+	const authInput = body.authentication;
+	if (authInput?.headers && authInput.headers.length > 0) hashedAuthentication = { headers: await hashAuthenticationHeaders(authInput.headers) };
 	const trigger = await createTrigger(db)({
 		id,
 		tenantId,
@@ -178,8 +188,9 @@ app.openapi(createRoute({
 		inputSchema: body.inputSchema,
 		outputTransform: body.outputTransform,
 		messageTemplate: body.messageTemplate,
-		authentication: body.authentication,
-		signingSecret: body.signingSecret
+		authentication: hashedAuthentication,
+		signingSecretCredentialReferenceId: body.signingSecretCredentialReferenceId,
+		signatureVerification: body.signatureVerification
 	});
 	const { tenantId: _tid, projectId: _pid, agentId: _aid, ...triggerWithoutScopes } = trigger;
 	return c.json({ data: {
@@ -209,7 +220,7 @@ app.openapi(createRoute({
 	responses: {
 		200: {
 			description: "Trigger updated successfully",
-			content: { "application/json": { schema: TriggerResponse } }
+			content: { "application/json": { schema: TriggerWithWebhookUrlResponse } }
 		},
 		...commonGetErrorResponses
 	}
@@ -218,16 +229,61 @@ app.openapi(createRoute({
 	const { tenantId, projectId, agentId, id } = c.req.valid("param");
 	const body = c.req.valid("json");
 	const apiBaseUrl = env.INKEEP_AGENTS_API_URL;
-	if (!(body.name !== void 0 || body.description !== void 0 || body.enabled !== void 0 || body.inputSchema !== void 0 || body.outputTransform !== void 0 || body.messageTemplate !== void 0 || body.authentication !== void 0 || body.signingSecret !== void 0)) throw createApiError({
+	if (!(body.name !== void 0 || body.description !== void 0 || body.enabled !== void 0 || body.inputSchema !== void 0 || body.outputTransform !== void 0 || body.messageTemplate !== void 0 || body.authentication !== void 0 || body.signingSecretCredentialReferenceId !== void 0 || body.signatureVerification !== void 0)) throw createApiError({
 		code: "bad_request",
 		message: "No fields to update"
 	});
-	logger.info({
+	logger.debug({
 		tenantId,
 		projectId,
 		agentId,
 		triggerId: id
 	}, "Updating trigger");
+	if (body.signingSecretCredentialReferenceId) {
+		const credentialRef = await getCredentialReference(db)({
+			scopes: {
+				tenantId,
+				projectId
+			},
+			id: body.signingSecretCredentialReferenceId
+		});
+		if (!credentialRef) throw createApiError({
+			code: "bad_request",
+			message: `Credential reference not found: ${body.signingSecretCredentialReferenceId}`
+		});
+		if (credentialRef.userId) throw createApiError({
+			code: "bad_request",
+			message: "Only project-scoped credentials can be attached to triggers. User-scoped credentials are not allowed."
+		});
+	}
+	let hashedAuthentication;
+	const authInput = body.authentication;
+	if (authInput?.headers && authInput.headers.length > 0) {
+		const existingAuth = (await getTriggerById(db)({
+			scopes: {
+				tenantId,
+				projectId,
+				agentId
+			},
+			triggerId: id
+		}))?.authentication;
+		const hashedHeaders = [];
+		for (const header of authInput.headers) if (header.keepExisting) {
+			const existingHeader = existingAuth?.headers?.find((h) => h.name === header.name);
+			if (existingHeader) hashedHeaders.push({
+				name: header.name,
+				valueHash: existingHeader.valueHash,
+				valuePrefix: existingHeader.valuePrefix
+			});
+		} else if (header.value) {
+			const hashed = await hashAuthenticationHeaders([{
+				name: header.name,
+				value: header.value
+			}]);
+			hashedHeaders.push(hashed[0]);
+		}
+		hashedAuthentication = hashedHeaders.length > 0 ? { headers: hashedHeaders } : void 0;
+	} else if (body.authentication !== void 0) hashedAuthentication = body.authentication;
 	const updatedTrigger = await updateTrigger(db)({
 		scopes: {
 			tenantId,
@@ -242,8 +298,9 @@ app.openapi(createRoute({
 			inputSchema: body.inputSchema,
 			outputTransform: body.outputTransform,
 			messageTemplate: body.messageTemplate,
-			authentication: body.authentication,
-			signingSecret: body.signingSecret
+			authentication: hashedAuthentication,
+			signingSecretCredentialReferenceId: body.signingSecretCredentialReferenceId,
+			signatureVerification: body.signatureVerification
 		}
 	});
 	if (!updatedTrigger) throw createApiError({
@@ -279,7 +336,7 @@ app.openapi(createRoute({
 }), async (c) => {
 	const db = c.get("db");
 	const { tenantId, projectId, agentId, id } = c.req.valid("param");
-	logger.info({
+	logger.debug({
 		tenantId,
 		projectId,
 		agentId,
@@ -340,7 +397,7 @@ app.openapi(createRoute({
 }), async (c) => {
 	const { tenantId, projectId, agentId, id: triggerId } = c.req.valid("param");
 	const { page, limit, status, from, to } = c.req.valid("query");
-	logger.info({
+	logger.debug({
 		tenantId,
 		projectId,
 		agentId,
@@ -394,7 +451,7 @@ app.openapi(createRoute({
 	}
 }), async (c) => {
 	const { tenantId, projectId, agentId, id: triggerId, invocationId } = c.req.valid("param");
-	logger.info({
+	logger.debug({
 		tenantId,
 		projectId,
 		agentId,

package/dist/domains/manage/routes/userOrganizations.js

@@ -1,6 +1,6 @@
 import runDbClient_default from "../../../data/db/runDbClient.js";
 import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
-import { addUserToOrganization, getUserOrganizations } from "@inkeep/agents-core";
+import { addUserToOrganization, getUserOrganizationsFromDb } from "@inkeep/agents-core";
 import { AddUserToOrganizationRequestSchema, AddUserToOrganizationResponseSchema, UserOrganizationsResponseSchema } from "@inkeep/agents-core/auth/validation";
 
 //#region src/domains/manage/routes/userOrganizations.ts
@@ -8,7 +8,7 @@ const userOrganizationsRoutes = new OpenAPIHono();
 userOrganizationsRoutes.openapi(createRoute({
 	method: "get",
 	path: "/",
-	tags: ["user-organizations"],
+	tags: ["User Organizations"],
 	summary: "List user organizations",
 	description: "Get all organizations associated with a user",
 	request: { params: z.object({ userId: z.string().describe("User ID") }) },
@@ -18,7 +18,7 @@ userOrganizationsRoutes.openapi(createRoute({
 	} }
 }), async (c) => {
 	const { userId } = c.req.valid("param");
-	const userOrganizations = (await getUserOrganizations(runDbClient_default)(userId)).map((org) => ({
+	const userOrganizations = (await getUserOrganizationsFromDb(runDbClient_default)(userId)).map((org) => ({
 		...org,
 		createdAt: org.createdAt.toISOString()
 	}));
@@ -27,7 +27,7 @@ userOrganizationsRoutes.openapi(createRoute({
 userOrganizationsRoutes.openapi(createRoute({
 	method: "post",
 	path: "/",
-	tags: ["user-organizations"],
+	tags: ["User Organizations"],
 	summary: "Add user to organization",
 	description: "Associate a user with an organization",
 	request: {

package/dist/domains/manage/routes/{agentToolRelations.d.ts → userProjectMemberships.d.ts}

@@ -1,7 +1,7 @@
 import { ManageAppVariables } from "../../../types/app.js";
 import { OpenAPIHono } from "@hono/zod-openapi";
 
-//#region src/domains/manage/routes/agentToolRelations.d.ts
+//#region src/domains/manage/routes/userProjectMemberships.d.ts
 declare const app: OpenAPIHono<{
   Variables: ManageAppVariables;
 }, {}, "/">;

package/dist/domains/manage/routes/userProjectMemberships.js

@@ -0,0 +1,45 @@
+import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { ProjectRoles, commonGetErrorResponses, isAuthzEnabled, listUserProjectMembershipsInSpiceDb } from "@inkeep/agents-core";
+
+//#region src/domains/manage/routes/userProjectMemberships.ts
+const app = new OpenAPIHono();
+const projectRoleEnum = z.enum([
+	ProjectRoles.ADMIN,
+	ProjectRoles.MEMBER,
+	ProjectRoles.VIEWER
+]);
+const UserProjectMembershipParamsSchema = z.object({
+	tenantId: z.string(),
+	userId: z.string()
+});
+app.openapi(createRoute({
+	method: "get",
+	path: "/",
+	summary: "List User Project Memberships",
+	description: "List all projects a user has explicit access to and their role in each. Requires authz to be enabled.",
+	operationId: "list-user-project-memberships",
+	tags: ["User Project Memberships"],
+	request: { params: UserProjectMembershipParamsSchema },
+	responses: {
+		200: {
+			description: "List of project memberships for the user",
+			content: { "application/json": { schema: z.object({ data: z.array(z.object({
+				projectId: z.string(),
+				role: projectRoleEnum
+			})) }) } }
+		},
+		...commonGetErrorResponses
+	}
+}), async (c) => {
+	const { tenantId, userId } = c.req.valid("param");
+	if (!isAuthzEnabled()) return c.json({ data: [] });
+	const memberships = await listUserProjectMembershipsInSpiceDb({
+		tenantId,
+		userId
+	});
+	return c.json({ data: memberships });
+});
+var userProjectMemberships_default = app;
+
+//#endregion
+export { userProjectMemberships_default as default };

package/dist/domains/mcp/routes/mcp.d.ts

@@ -0,0 +1,7 @@
+import { Hono } from "hono";
+import * as hono_types11 from "hono/types";
+
+//#region src/domains/mcp/routes/mcp.d.ts
+declare const app: Hono<hono_types11.BlankEnv, hono_types11.BlankSchema, "/">;
+//#endregion
+export { app as default };