@inkeep/agents-api 0.42.0 → 0.43.0

package/dist/middleware/runAuth.d.ts

@@ -1,8 +1,8 @@
-import * as hono6 from "hono";
+import * as hono5 from "hono";
 import { BaseExecutionContext } from "@inkeep/agents-core";
 
 //#region src/middleware/runAuth.d.ts
-declare const runApiKeyAuth: () => hono6.MiddlewareHandler<{
+declare const runApiKeyAuth: () => hono5.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };
@@ -11,7 +11,7 @@ declare const runApiKeyAuth: () => hono6.MiddlewareHandler<{
  * Creates a middleware that applies API key authentication except for specified route patterns
  * @param skipRouteCheck - Function that returns true if the route should skip authentication
  */
-declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) => hono6.MiddlewareHandler<{
+declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) => hono5.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };
@@ -20,7 +20,7 @@ declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) =
  * Helper middleware for endpoints that optionally support API key authentication
  * If no auth header is present, it continues without setting the executionContext
  */
-declare const runOptionalAuth: () => hono6.MiddlewareHandler<{
+declare const runOptionalAuth: () => hono5.MiddlewareHandler<{
   Variables: {
     executionContext?: BaseExecutionContext;
   };

package/dist/middleware/sessionAuth.d.ts

@@ -1,4 +1,4 @@
-import * as hono9 from "hono";
+import * as hono8 from "hono";
 
 //#region src/middleware/sessionAuth.d.ts
 
@@ -7,11 +7,11 @@ import * as hono9 from "hono";
  * Requires that a user has already been authenticated via Better Auth session.
  * Used primarily for manage routes that require an active user session.
  */
-declare const sessionAuth: () => hono9.MiddlewareHandler<any, string, {}, Response>;
+declare const sessionAuth: () => hono8.MiddlewareHandler<any, string, {}, Response>;
 /**
  * Global session middleware - sets user and session in context for all routes
  * Used for all routes that require an active user session.
  */
-declare const sessionContext: () => hono9.MiddlewareHandler<any, string, {}, Response>;
+declare const sessionContext: () => hono8.MiddlewareHandler<any, string, {}, Response>;
 //#endregion
 export { sessionAuth, sessionContext };

package/dist/middleware/tenantAccess.d.ts

@@ -1,4 +1,4 @@
-import * as hono11 from "hono";
+import * as hono15 from "hono";
 
 //#region src/middleware/tenantAccess.d.ts
 
@@ -11,7 +11,7 @@ import * as hono11 from "hono";
  * - API key user: Access only to the tenant associated with the API key
  * - Session user: Access based on organization membership
  */
-declare const requireTenantAccess: () => hono11.MiddlewareHandler<{
+declare const requireTenantAccess: () => hono15.MiddlewareHandler<{
   Variables: {
     userId: string;
     tenantId: string;

package/dist/middleware/tenantAccess.js

@@ -1,5 +1,5 @@
 import runDbClient_default from "../data/db/runDbClient.js";
-import { createApiError, getUserOrganizations } from "@inkeep/agents-core";
+import { OrgRoles, createApiError, getUserOrganizationsFromDb } from "@inkeep/agents-core";
 import { createMiddleware } from "hono/factory";
 import { HTTPException } from "hono/http-exception";
 
@@ -26,7 +26,7 @@ const requireTenantAccess = () => createMiddleware(async (c, next) => {
 	});
 	if (userId === "system") {
 		c.set("tenantId", tenantId);
-		c.set("tenantRole", "owner");
+		c.set("tenantRole", OrgRoles.OWNER);
 		await next();
 		return;
 	}
@@ -37,12 +37,12 @@ const requireTenantAccess = () => createMiddleware(async (c, next) => {
 			message: "API key does not have access to this organization"
 		});
 		c.set("tenantId", tenantId);
-		c.set("tenantRole", "owner");
+		c.set("tenantRole", OrgRoles.OWNER);
 		await next();
 		return;
 	}
 	try {
-		const organizationAccess = (await getUserOrganizations(runDbClient_default)(userId)).find((org) => org.organizationId === tenantId);
+		const organizationAccess = (await getUserOrganizationsFromDb(runDbClient_default)(userId)).find((org) => org.organizationId === tenantId);
 		if (!organizationAccess) throw createApiError({
 			code: "forbidden",
 			message: "Access denied to this organization"

package/dist/middleware/tracing.d.ts

@@ -1,7 +1,7 @@
-import * as hono12 from "hono";
+import * as hono10 from "hono";
 
 //#region src/middleware/tracing.d.ts
-declare const otelBaggageMiddleware: () => hono12.MiddlewareHandler<any, string, {}, Response>;
-declare const executionBaggageMiddleware: () => hono12.MiddlewareHandler<any, string, {}, Response>;
+declare const otelBaggageMiddleware: () => hono10.MiddlewareHandler<any, string, {}, Response>;
+declare const executionBaggageMiddleware: () => hono10.MiddlewareHandler<any, string, {}, Response>;
 //#endregion
 export { executionBaggageMiddleware, otelBaggageMiddleware };

package/dist/openapi.d.ts

@@ -2,6 +2,40 @@ import { OpenAPIHono } from "@hono/zod-openapi";
 import { Env } from "hono";
 
 //#region src/openapi.d.ts
+declare const TagToDescription: {
+  A2A: string;
+  'API Keys': string;
+  Agents: string;
+  'Artifact Components': string;
+  Branches: string;
+  CLI: string;
+  Chat: string;
+  'Context Configs': string;
+  Conversations: string;
+  Credentials: string;
+  'Credential Stores': string;
+  'Data Components': string;
+  Evaluations: string;
+  'External Agents': string;
+  'Function Tools': string;
+  Functions: string;
+  Invitations: string;
+  MCP: string;
+  'MCP Catalog': string;
+  OAuth: string;
+  'Project Members': string;
+  'Project Permissions': string;
+  Projects: string;
+  Refs: string;
+  SubAgents: string;
+  'Third-Party MCP Servers': string;
+  Tools: string;
+  Triggers: string;
+  'User Organizations': string;
+  'User Project Memberships': string;
+  Webhooks: string;
+  Workflows: string;
+};
 declare function setupOpenAPIRoutes<E extends Env = Env>(app: OpenAPIHono<E>): void;
 //#endregion
-export { setupOpenAPIRoutes };
+export { TagToDescription, setupOpenAPIRoutes };

package/dist/openapi.js

@@ -1,6 +1,40 @@
 import { swaggerUI } from "@hono/swagger-ui";
 
 //#region src/openapi.ts
+const TagToDescription = {
+	A2A: "Agent-to-Agent communication endpoints",
+	"API Keys": "Operations for managing API keys",
+	Agents: "Operations for managing agents",
+	"Artifact Components": "Operations for managing artifact components",
+	Branches: "Operations for managing branches",
+	CLI: "CLI authentication endpoints",
+	Chat: "Chat completions endpoints",
+	"Context Configs": "Operations for managing context configurations",
+	Conversations: "Operations for managing conversations",
+	Credentials: "Operations for managing credentials",
+	"Credential Stores": "Operations for managing credential stores",
+	"Data Components": "Operations for managing data components",
+	Evaluations: "Operations for managing evaluations",
+	"External Agents": "Operations for managing external agents",
+	"Function Tools": "Operations for managing function tools",
+	Functions: "Operations for managing functions",
+	Invitations: "Operations for managing invitations",
+	MCP: "MCP (Model Context Protocol) endpoints",
+	"MCP Catalog": "Operations for MCP catalog",
+	OAuth: "OAuth authentication endpoints",
+	"Project Members": "Operations for managing project members",
+	"Project Permissions": "Operations for managing project permissions",
+	Projects: "Operations for managing projects",
+	Refs: "Operations for the resolved ref (branch name, tag name, or commit hash)",
+	SubAgents: "Operations for managing sub agents",
+	"Third-Party MCP Servers": "Operations for managing third-party MCP servers",
+	Tools: "Operations for managing MCP tools",
+	Triggers: "Operations for managing triggers",
+	"User Organizations": "Operations for managing user organizations",
+	"User Project Memberships": "Operations for managing user project memberships",
+	Webhooks: "Webhook endpoints",
+	Workflows: "Workflow trigger endpoints"
+};
 function setupOpenAPIRoutes(app) {
 	app.get("/openapi.json", (c) => {
 		try {
@@ -16,100 +50,10 @@ function setupOpenAPIRoutes(app) {
 					url: serverUrl,
 					description: "API Server"
 				}],
-				tags: [
-					{
-						name: "Agent",
-						description: "Operations for managing individual agents"
-					},
-					{
-						name: "Agent Artifact Component Relations",
-						description: "Operations for managing agent artifact component relationships"
-					},
-					{
-						name: "Agent Data Component Relations",
-						description: "Operations for managing agent data component relationships"
-					},
-					{
-						name: "Agents",
-						description: "Operations for managing agents"
-					},
-					{
-						name: "API Keys",
-						description: "Operations for managing API keys"
-					},
-					{
-						name: "Artifact Component",
-						description: "Operations for managing artifact components"
-					},
-					{
-						name: "Context Config",
-						description: "Operations for managing context configurations"
-					},
-					{
-						name: "Credential",
-						description: "Operations for managing credentials"
-					},
-					{
-						name: "Credential Store",
-						description: "Operations for managing credential stores"
-					},
-					{
-						name: "Data Component",
-						description: "Operations for managing data components"
-					},
-					{
-						name: "External Agents",
-						description: "Operations for managing external agents"
-					},
-					{
-						name: "Full Agent",
-						description: "Operations for managing complete agent definitions"
-					},
-					{
-						name: "Full Project",
-						description: "Operations for managing complete project definitions"
-					},
-					{
-						name: "Function Tools",
-						description: "Operations for managing function tools"
-					},
-					{
-						name: "Functions",
-						description: "Operations for managing functions"
-					},
-					{
-						name: "OAuth",
-						description: "OAuth authentication endpoints for MCP tools"
-					},
-					{
-						name: "Projects",
-						description: "Operations for managing projects"
-					},
-					{
-						name: "Sub Agent External Agent Relations",
-						description: "Operations for managing sub agent external agent relationships"
-					},
-					{
-						name: "Sub Agent Relations",
-						description: "Operations for managing sub agent relationships"
-					},
-					{
-						name: "Sub Agent Team Agent Relations",
-						description: "Operations for managing sub agent team agent relationships"
-					},
-					{
-						name: "SubAgent",
-						description: "Operations for managing sub agents"
-					},
-					{
-						name: "SubAgent Tool Relations",
-						description: "Operations for managing sub agent tool relationships"
-					},
-					{
-						name: "Tools",
-						description: "Operations for managing MCP tools"
-					}
-				]
+				tags: Object.entries(TagToDescription).map(([key, value]) => ({
+					name: key,
+					description: value
+				}))
 			});
 			document.components = {
 				...document.components,
@@ -153,4 +97,4 @@ function setupOpenAPIRoutes(app) {
 }
 
 //#endregion
-export { setupOpenAPIRoutes };
+export { TagToDescription, setupOpenAPIRoutes };

package/dist/routes/healthChecks.d.ts

@@ -0,0 +1,10 @@
+import { AppVariables } from "../types/app.js";
+import "../types/index.js";
+import { OpenAPIHono } from "@hono/zod-openapi";
+
+//#region src/routes/healthChecks.d.ts
+declare const healthChecksHandler: OpenAPIHono<{
+  Variables: AppVariables;
+}, {}, "/">;
+//#endregion
+export { healthChecksHandler };

package/dist/routes/healthChecks.js

@@ -0,0 +1,75 @@
+import manageDbPool_default from "../data/db/manageDbPool.js";
+import runDbClient_default from "../data/db/runDbClient.js";
+import { checkManageDb, checkRunDb } from "../utils/healthChecks.js";
+import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+
+//#region src/routes/healthChecks.ts
+const healthChecksHandler = new OpenAPIHono();
+healthChecksHandler.openapi(createRoute({
+	method: "get",
+	path: "/health",
+	operationId: "health",
+	tags: ["Health"],
+	summary: "Health check",
+	description: "Check if the management service is healthy",
+	responses: { 204: { description: "Service is healthy" } }
+}), (c) => {
+	return c.body(null, 204);
+});
+const ReadyResponseSchema = z.object({
+	status: z.literal("ok"),
+	manageDb: z.boolean().describe("Whether the manage database is reachable"),
+	runDb: z.boolean().describe("Whether the run database is reachable")
+}).openapi("ReadyResponse");
+const ReadyErrorChecksSchema = z.object({
+	manageDb: z.boolean().describe("Whether the manage database check passed"),
+	runDb: z.boolean().describe("Whether the run database check passed")
+}).openapi("ReadyErrorChecks");
+const ReadyErrorResponseSchema = z.object({
+	type: z.string().describe("A URI reference that identifies the problem type"),
+	title: z.string().describe("A short, human-readable summary of the problem type"),
+	status: z.number().describe("The HTTP status code"),
+	detail: z.string().describe("A human-readable explanation specific to this occurrence"),
+	checks: ReadyErrorChecksSchema
+}).openapi("ReadyErrorResponse");
+healthChecksHandler.openapi(createRoute({
+	method: "get",
+	path: "/ready",
+	operationId: "ready",
+	tags: ["Health"],
+	summary: "Readiness check",
+	description: "Check if the service is ready to serve traffic by verifying database connectivity",
+	responses: {
+		200: {
+			description: "Service is ready - all health checks passed",
+			content: { "application/json": { schema: ReadyResponseSchema } }
+		},
+		503: {
+			description: "Service is not ready - one or more health checks failed",
+			content: { "application/problem+json": { schema: ReadyErrorResponseSchema } }
+		}
+	}
+}), async (c) => {
+	const [manageDbHealthy, runDbHealthy] = await Promise.all([checkManageDb(manageDbPool_default), checkRunDb(runDbClient_default)]);
+	if (manageDbHealthy && runDbHealthy) return c.json({
+		status: "ok",
+		manageDb: true,
+		runDb: true
+	});
+	const failedChecks = [];
+	if (!manageDbHealthy) failedChecks.push("manage database");
+	if (!runDbHealthy) failedChecks.push("run database");
+	return c.json({
+		type: "https://httpstatuses.com/503",
+		title: "Service Unavailable",
+		status: 503,
+		detail: `Health checks failed: ${failedChecks.join(", ")}`,
+		checks: {
+			manageDb: manageDbHealthy,
+			runDb: runDbHealthy
+		}
+	}, 503, { "Content-Type": "application/problem+json" });
+});
+
+//#endregion
+export { healthChecksHandler };

package/dist/types/app.d.ts

@@ -38,6 +38,8 @@ type ManageAppVariables = AppVariables & {
   db: AgentsManageDatabaseClient;
   auth: ReturnType<typeof createAuth> | null;
   resolvedRef: ResolvedRef;
+  /** Cached by projectFull middleware to avoid duplicate DB lookup for PUT upsert */
+  isProjectCreate?: boolean;
 };
 type AppConfig = {
   serverConfig: ServerConfig;

package/dist/utils/healthChecks.d.ts

@@ -0,0 +1,8 @@
+import { AgentsRunDatabaseClient } from "@inkeep/agents-core";
+import { Pool } from "pg";
+
+//#region src/utils/healthChecks.d.ts
+declare function checkManageDb(pool: Pool): Promise<boolean>;
+declare function checkRunDb(client: AgentsRunDatabaseClient): Promise<boolean>;
+//#endregion
+export { checkManageDb, checkRunDb };

package/dist/utils/healthChecks.js

@@ -0,0 +1,38 @@
+//#region src/utils/healthChecks.ts
+const HEALTH_CHECK_TIMEOUT_MS = 5e3;
+async function withTimeout(promise, timeoutMs) {
+	let timeoutId;
+	const timeoutPromise = new Promise((_, reject) => {
+		timeoutId = setTimeout(() => {
+			reject(/* @__PURE__ */ new Error(`Health check timed out after ${timeoutMs}ms`));
+		}, timeoutMs);
+	});
+	try {
+		return await Promise.race([promise, timeoutPromise]);
+	} finally {
+		if (timeoutId !== void 0) clearTimeout(timeoutId);
+	}
+}
+async function checkManageDb(pool) {
+	try {
+		await withTimeout(pool.query("SELECT 1"), HEALTH_CHECK_TIMEOUT_MS);
+		return true;
+	} catch {
+		return false;
+	}
+}
+async function checkRunDb(client) {
+	try {
+		if ("$client" in client && client.$client) {
+			const pool = client.$client;
+			await withTimeout(pool.query("SELECT 1"), HEALTH_CHECK_TIMEOUT_MS);
+			return true;
+		}
+		return false;
+	} catch {
+		return false;
+	}
+}
+
+//#endregion
+export { checkManageDb, checkRunDb };

package/dist/utils/signozHelpers.d.ts

@@ -4,6 +4,6 @@
  * This modifies the query payload to ensure all builder queries include
  * a server-side project.id filter, preventing client-side filter bypass.
  */
-declare function enforceProjectFilter(payload: any, projectId: string): any;
+declare function enforceSecurityFilters(payload: any, tenantId: string, projectId?: string): any;
 //#endregion
-export { enforceProjectFilter };
+export { enforceSecurityFilters };

package/dist/utils/signozHelpers.js

@@ -4,7 +4,7 @@
 * This modifies the query payload to ensure all builder queries include
 * a server-side project.id filter, preventing client-side filter bypass.
 */
-function enforceProjectFilter(payload, projectId) {
+function enforceSecurityFilters(payload, tenantId, projectId) {
 	const modifiedPayload = JSON.parse(JSON.stringify(payload));
 	if (modifiedPayload.compositeQuery?.builderQueries) for (const queryKey in modifiedPayload.compositeQuery.builderQueries) {
 		const query = modifiedPayload.compositeQuery.builderQueries[queryKey];
@@ -12,8 +12,20 @@ function enforceProjectFilter(payload, projectId) {
 			op: "AND",
 			items: []
 		};
-		query.filters.items = query.filters.items.filter((item) => item.key?.key !== "project.id");
+		query.filters.items = query.filters.items.filter((item) => item.key?.key !== "tenant.id" && item.key?.key !== "project.id");
 		query.filters.items.push({
+			key: {
+				key: "tenant.id",
+				dataType: "string",
+				type: "tag",
+				isColumn: false,
+				isJSON: false,
+				id: "false"
+			},
+			op: "=",
+			value: tenantId
+		});
+		if (projectId) query.filters.items.push({
 			key: {
 				key: "project.id",
 				dataType: "string",
@@ -30,4 +42,4 @@ function enforceProjectFilter(payload, projectId) {
 }
 
 //#endregion
-export { enforceProjectFilter };
+export { enforceSecurityFilters };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inkeep/agents-api",
-  "version": "0.42.0",
+  "version": "0.43.0",
   "description": "Unified Inkeep Agents API - combines management, runtime, and evaluation capabilities",
   "types": "dist/index.d.ts",
   "exports": {
@@ -32,17 +32,11 @@
   "type": "module",
   "license": "SEE LICENSE IN LICENSE.md",
   "dependencies": {
-    "@ai-sdk/anthropic": "3.0.7",
-    "@ai-sdk/gateway": "3.0.9",
     "@ai-sdk/google": "3.0.4",
-    "@ai-sdk/openai": "3.0.7",
-    "@ai-sdk/openai-compatible": "2.0.4",
     "@hono/mcp": "^0.1.5",
-    "@hono/otel": "^0.4.0",
     "@hono/swagger-ui": "^0.5.1",
     "@hono/zod-openapi": "^1.1.5",
     "@modelcontextprotocol/sdk": "^1.25.2",
-    "@openrouter/ai-sdk-provider": "^1.2.0",
     "@opentelemetry/api": "^1.9.0",
     "@opentelemetry/auto-instrumentations-node": "^0.64.1",
     "@opentelemetry/baggage-span-processor": "^0.4.0",
@@ -53,6 +47,7 @@
     "@opentelemetry/sdk-node": "^0.205.0",
     "@opentelemetry/sdk-trace-base": "^2.1.0",
     "@opentelemetry/semantic-conventions": "^1.37.0",
+    "@vercel/functions": "^1.4.0",
     "@vercel/sandbox": "^0.0.24",
     "@workflow/builders": "4.0.1-beta.27",
     "@workflow/world-local": "4.0.1-beta.19",
@@ -66,12 +61,14 @@
     "hono": "^4.10.4",
     "hono-pino": "^0.10.1",
     "jmespath": "^0.16.0",
+    "jose": "^6.1.0",
     "llm-info": "^1.0.69",
     "openid-client": "^6.8.1",
     "pg": "^8.16.3",
     "workflow": "4.0.1-beta.33",
-    "@inkeep/agents-core": "^0.42.0",
-    "@inkeep/agents-manage-mcp": "^0.42.0"
+    "@inkeep/agents-core": "^0.43.0",
+    "@inkeep/agents-mcp": "^0.43.0",
+    "@inkeep/agents-manage-mcp": "^0.43.0"
   },
   "peerDependencies": {
     "@hono/zod-openapi": "^1.1.5",
@@ -107,6 +104,7 @@
     "directory": "agents-api"
   },
   "scripts": {
+    "knip": "knip --directory .. --workspace agents-api --config agents-api/knip.config.ts --dependencies --files",
     "workflow:build": "tsx src/domains/evals/scripts/build-workflow.ts",
     "well-known:copy": "tsx scripts/copy-well-known.ts",
     "dev": "pnpm workflow:build && vite",

package/dist/domains/evals/services/startEvaluation.d.ts

@@ -1,19 +0,0 @@
-//#region src/domains/evals/services/startEvaluation.d.ts
-/**
- * Service to start evaluation workflows.
- * This encapsulates the workflow logic so consumers don't need to import workflow packages.
- */
-interface StartEvaluationParams {
-  tenantId: string;
-  projectId: string;
-  conversationId: string;
-  evaluatorIds: string[];
-  evaluationRunId: string;
-}
-/**
- * Start an evaluation workflow for a conversation.
- * This is a convenience wrapper that handles workflow initialization internally.
- */
-declare function startConversationEvaluation(params: StartEvaluationParams): Promise<void>;
-//#endregion
-export { StartEvaluationParams, startConversationEvaluation };

package/dist/domains/evals/services/startEvaluation.js

@@ -1,18 +0,0 @@
-import { evaluateConversationWorkflow } from "../workflow/functions/evaluateConversation.js";
-import { start } from "workflow/api";
-
-//#region src/domains/evals/services/startEvaluation.ts
-/**
-* Service to start evaluation workflows.
-* This encapsulates the workflow logic so consumers don't need to import workflow packages.
-*/
-/**
-* Start an evaluation workflow for a conversation.
-* This is a convenience wrapper that handles workflow initialization internally.
-*/
-async function startConversationEvaluation(params) {
-	await start(evaluateConversationWorkflow, [params]);
-}
-
-//#endregion
-export { startConversationEvaluation };

package/dist/domains/index.d.ts

@@ -1,4 +0,0 @@
-import { createEvalRoutes, evalRoutes } from "./evals/index.js";
-import { createManageRoutes, manageRoutes } from "./manage/index.js";
-import { createRunRoutes, runRoutes } from "./run/index.js";
-export { createEvalRoutes, createManageRoutes, createRunRoutes, evalRoutes, manageRoutes, runRoutes };

package/dist/domains/index.js

@@ -1,5 +0,0 @@
-import { createEvalRoutes, evalRoutes } from "./evals/index.js";
-import { createManageRoutes, manageRoutes } from "./manage/index.js";
-import { createRunRoutes, runRoutes } from "./run/index.js";
-
-export { createEvalRoutes, createManageRoutes, createRunRoutes, evalRoutes, manageRoutes, runRoutes };