@inkeep/agents-api 0.42.0 → 0.43.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/.well-known/workflow/v1/manifest.debug.json +15 -15
- package/dist/.well-known/workflow/v1/step.cjs +45672 -44470
- package/dist/_virtual/rolldown_runtime.js +7 -0
- package/dist/createApp.js +40 -12
- package/dist/domains/evals/api/.well-known/workflow/v1/flow.d.ts +4 -0
- package/dist/domains/evals/api/.well-known/workflow/v1/flow.js +12 -0
- package/dist/domains/evals/api/.well-known/workflow/v1/step.d.ts +4 -0
- package/dist/domains/evals/api/.well-known/workflow/v1/step.js +12 -0
- package/dist/domains/evals/routes/datasetTriggers.d.ts +2 -2
- package/dist/domains/evals/routes/index.d.ts +2 -2
- package/dist/domains/evals/scripts/build-workflow.js +2 -2
- package/dist/domains/evals/workflow/routes.d.ts +2 -2
- package/dist/domains/evals/workflow/world.js +3 -2
- package/dist/domains/github/config.d.ts +14 -0
- package/dist/domains/github/config.js +47 -0
- package/dist/domains/github/index.d.ts +12 -0
- package/dist/domains/github/index.js +18 -0
- package/dist/domains/github/installation.d.ts +34 -0
- package/dist/domains/github/installation.js +172 -0
- package/dist/domains/github/jwks.d.ts +20 -0
- package/dist/domains/github/jwks.js +85 -0
- package/dist/domains/github/oidcToken.d.ts +22 -0
- package/dist/domains/github/oidcToken.js +140 -0
- package/dist/domains/github/routes/tokenExchange.d.ts +7 -0
- package/dist/domains/github/routes/tokenExchange.js +130 -0
- package/dist/domains/manage/index.js +0 -2
- package/dist/domains/manage/routes/agent.js +7 -4
- package/dist/domains/manage/routes/agentFull.js +9 -6
- package/dist/domains/manage/routes/apiKeys.js +1 -2
- package/dist/domains/manage/routes/artifactComponents.js +5 -5
- package/dist/domains/manage/routes/cliAuth.js +3 -3
- package/dist/domains/manage/routes/contextConfigs.js +5 -5
- package/dist/domains/manage/routes/conversations.d.ts +2 -2
- package/dist/domains/manage/routes/credentialStores.js +2 -2
- package/dist/domains/manage/routes/credentials.js +6 -7
- package/dist/domains/manage/routes/dataComponents.js +6 -7
- package/dist/domains/manage/routes/externalAgents.js +1 -2
- package/dist/domains/manage/routes/index.d.ts +2 -2
- package/dist/domains/manage/routes/index.js +4 -0
- package/dist/domains/manage/routes/invitations.js +1 -1
- package/dist/domains/manage/routes/mcp.d.ts +2 -2
- package/dist/domains/manage/routes/playgroundToken.js +1 -2
- package/dist/domains/manage/routes/projectFull.js +33 -11
- package/dist/domains/manage/routes/projectMembers.js +16 -35
- package/dist/domains/manage/routes/projectPermissions.js +17 -10
- package/dist/domains/manage/routes/projects.js +4 -5
- package/dist/domains/manage/routes/signoz.d.ts +2 -2
- package/dist/domains/manage/routes/signoz.js +6 -3
- package/dist/domains/manage/routes/subAgentArtifactComponents.js +5 -5
- package/dist/domains/manage/routes/subAgentDataComponents.js +5 -5
- package/dist/domains/manage/routes/subAgentExternalAgentRelations.js +5 -5
- package/dist/domains/manage/routes/subAgentFunctionTools.js +5 -5
- package/dist/domains/manage/routes/subAgentRelations.js +6 -6
- package/dist/domains/manage/routes/subAgentTeamAgentRelations.js +6 -6
- package/dist/domains/manage/routes/subAgentToolRelations.js +6 -6
- package/dist/domains/manage/routes/subAgents.js +5 -5
- package/dist/domains/manage/routes/tools.js +24 -3
- package/dist/domains/manage/routes/triggers.js +49 -24
- package/dist/domains/manage/routes/userOrganizations.js +4 -4
- package/dist/domains/manage/routes/{agentToolRelations.d.ts → userProjectMemberships.d.ts} +1 -1
- package/dist/domains/manage/routes/userProjectMemberships.js +45 -0
- package/dist/domains/mcp/routes/mcp.d.ts +7 -0
- package/dist/domains/mcp/routes/mcp.js +45 -0
- package/dist/domains/run/agents/Agent.d.ts +1 -0
- package/dist/domains/run/agents/Agent.js +207 -44
- package/dist/domains/run/agents/relationTools.d.ts +2 -2
- package/dist/domains/run/context/ContextFetcher.js +8 -7
- package/dist/domains/run/context/ContextResolver.js +1 -1
- package/dist/domains/run/handlers/executionHandler.js +143 -79
- package/dist/domains/run/routes/agents.js +1 -1
- package/dist/domains/run/routes/chat.js +47 -1
- package/dist/domains/run/routes/chatDataStream.js +107 -14
- package/dist/domains/run/routes/webhooks.js +40 -348
- package/dist/domains/run/services/AgentSession.d.ts +3 -0
- package/dist/domains/run/services/AgentSession.js +9 -0
- package/dist/domains/run/services/BaseCompressor.js +1 -1
- package/dist/domains/run/services/ToolApprovalUiBus.d.ts +28 -0
- package/dist/domains/run/services/ToolApprovalUiBus.js +44 -0
- package/dist/domains/run/services/TriggerService.d.ts +31 -0
- package/dist/domains/run/services/TriggerService.js +543 -0
- package/dist/domains/run/tools/NativeSandboxExecutor.d.ts +3 -2
- package/dist/domains/run/tools/NativeSandboxExecutor.js +76 -48
- package/dist/domains/run/tools/SandboxExecutorFactory.d.ts +11 -1
- package/dist/domains/run/tools/SandboxExecutorFactory.js +27 -3
- package/dist/domains/run/tools/VercelSandboxExecutor.d.ts +3 -11
- package/dist/domains/run/tools/VercelSandboxExecutor.js +137 -127
- package/dist/domains/run/utils/stream-helpers.d.ts +134 -0
- package/dist/domains/run/utils/stream-helpers.js +182 -0
- package/dist/domains/run/utils/token-estimator.d.ts +2 -2
- package/dist/factory.d.ts +24 -24
- package/dist/index.d.ts +24 -24
- package/dist/initialization.js +9 -2
- package/dist/middleware/cors.js +1 -1
- package/dist/middleware/manageAuth.d.ts +2 -2
- package/dist/middleware/projectAccess.d.ts +4 -11
- package/dist/middleware/projectAccess.js +1 -17
- package/dist/middleware/projectConfig.d.ts +3 -3
- package/dist/middleware/requirePermission.d.ts +2 -2
- package/dist/middleware/runAuth.d.ts +4 -4
- package/dist/middleware/sessionAuth.d.ts +3 -3
- package/dist/middleware/tenantAccess.d.ts +2 -2
- package/dist/middleware/tenantAccess.js +4 -4
- package/dist/middleware/tracing.d.ts +3 -3
- package/dist/openapi.d.ts +35 -1
- package/dist/openapi.js +39 -95
- package/dist/routes/healthChecks.d.ts +10 -0
- package/dist/routes/healthChecks.js +75 -0
- package/dist/types/app.d.ts +2 -0
- package/dist/utils/healthChecks.d.ts +8 -0
- package/dist/utils/healthChecks.js +38 -0
- package/dist/utils/signozHelpers.d.ts +2 -2
- package/dist/utils/signozHelpers.js +15 -3
- package/package.json +7 -9
- package/dist/domains/evals/services/startEvaluation.d.ts +0 -19
- package/dist/domains/evals/services/startEvaluation.js +0 -18
- package/dist/domains/index.d.ts +0 -4
- package/dist/domains/index.js +0 -5
- package/dist/domains/manage/routes/agentToolRelations.js +0 -289
- package/dist/domains/run/agents/ModelFactory.d.ts +0 -63
- package/dist/domains/run/agents/ModelFactory.js +0 -194
- package/dist/domains/run/data/agent.d.ts +0 -7
- package/dist/domains/run/data/agent.js +0 -67
- package/dist/domains/run/services/evaluationRunConfigMatcher.d.ts +0 -4
- package/dist/domains/run/services/evaluationRunConfigMatcher.js +0 -7
- package/dist/domains/run/utils/cleanup.d.ts +0 -21
- package/dist/domains/run/utils/cleanup.js +0 -59
- package/dist/utils/tempApiKeys.d.ts +0 -17
- package/dist/utils/tempApiKeys.js +0 -26
- package/dist/utils/workflowApiHelpers.d.ts +0 -1
- package/dist/utils/workflowApiHelpers.js +0 -1
|
@@ -9,6 +9,7 @@ import conversations_default from "./conversations.js";
|
|
|
9
9
|
import credentialStores_default from "./credentialStores.js";
|
|
10
10
|
import credentials_default from "./credentials.js";
|
|
11
11
|
import dataComponents_default from "./dataComponents.js";
|
|
12
|
+
import evals_default from "./evals/index.js";
|
|
12
13
|
import externalAgents_default from "./externalAgents.js";
|
|
13
14
|
import functions_default from "./functions.js";
|
|
14
15
|
import functionTools_default from "./functionTools.js";
|
|
@@ -28,6 +29,7 @@ import subAgentToolRelations_default from "./subAgentToolRelations.js";
|
|
|
28
29
|
import thirdPartyMCPServers_default from "./thirdPartyMCPServers.js";
|
|
29
30
|
import tools_default from "./tools.js";
|
|
30
31
|
import triggers_default from "./triggers.js";
|
|
32
|
+
import userProjectMemberships_default from "./userProjectMemberships.js";
|
|
31
33
|
import { OpenAPIHono } from "@hono/zod-openapi";
|
|
32
34
|
|
|
33
35
|
//#region src/domains/manage/routes/index.ts
|
|
@@ -62,6 +64,8 @@ app.route("/projects/:projectId/agent", agentFull_default);
|
|
|
62
64
|
app.route("/projects/:projectId/mcp-catalog", mcpCatalog_default);
|
|
63
65
|
app.route("/projects/:projectId/third-party-mcp-servers", thirdPartyMCPServers_default);
|
|
64
66
|
app.route("/projects/:projectId/agents/:agentId/triggers", triggers_default);
|
|
67
|
+
app.route("/projects/:projectId/evals", evals_default);
|
|
68
|
+
app.route("/users/:userId/project-memberships", userProjectMemberships_default);
|
|
65
69
|
var routes_default = app;
|
|
66
70
|
|
|
67
71
|
//#endregion
|
|
@@ -19,7 +19,7 @@ const PendingInvitationsResponseSchema = z.array(PendingInvitationSchema);
|
|
|
19
19
|
invitationsRoutes.openapi(createRoute({
|
|
20
20
|
method: "get",
|
|
21
21
|
path: "/pending",
|
|
22
|
-
tags: ["
|
|
22
|
+
tags: ["Invitations"],
|
|
23
23
|
summary: "Get pending invitations",
|
|
24
24
|
description: "Get all pending (non-expired) invitations for a given email address",
|
|
25
25
|
request: { query: z.object({ email: z.email().describe("Email address to check for invitations") }) },
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { Hono } from "hono";
|
|
2
|
-
import * as
|
|
2
|
+
import * as hono_types15 from "hono/types";
|
|
3
3
|
|
|
4
4
|
//#region src/domains/manage/routes/mcp.d.ts
|
|
5
|
-
declare const app: Hono<
|
|
5
|
+
declare const app: Hono<hono_types15.BlankEnv, hono_types15.BlankSchema, "/">;
|
|
6
6
|
//#endregion
|
|
7
7
|
export { app as default };
|
|
@@ -19,7 +19,7 @@ app.openapi(createRoute({
|
|
|
19
19
|
path: "/",
|
|
20
20
|
summary: "Generate temporary API key for playground",
|
|
21
21
|
operationId: "create-playground-token",
|
|
22
|
-
tags: ["
|
|
22
|
+
tags: ["API Keys"],
|
|
23
23
|
description: "Generates a short-lived API key (1 hour expiry) for authenticated users to access the run-api from the playground",
|
|
24
24
|
security: [{ cookieAuth: [] }],
|
|
25
25
|
request: {
|
|
@@ -53,7 +53,6 @@ app.openapi(createRoute({
|
|
|
53
53
|
agentId
|
|
54
54
|
}, "Generating temporary JWT token for playground");
|
|
55
55
|
if (!await canUseProject({
|
|
56
|
-
tenantId,
|
|
57
56
|
userId,
|
|
58
57
|
projectId,
|
|
59
58
|
orgRole: tenantRole
|
|
@@ -14,16 +14,33 @@ app.use("/project-full", async (c, next) => {
|
|
|
14
14
|
return next();
|
|
15
15
|
});
|
|
16
16
|
app.use("/project-full/:projectId", async (c, next) => {
|
|
17
|
-
if (c.req.method === "
|
|
18
|
-
if (c.req.method === "DELETE") return requireProjectPermission("edit")(c, next);
|
|
17
|
+
if (c.req.method === "GET") return requireProjectPermission("view")(c, next);
|
|
19
18
|
return next();
|
|
20
19
|
});
|
|
20
|
+
app.use("/project-full/:projectId/with-relation-ids", async (c, next) => {
|
|
21
|
+
if (c.req.method === "GET") return requireProjectPermission("view")(c, next);
|
|
22
|
+
return next();
|
|
23
|
+
});
|
|
24
|
+
const requireProjectUpsertPermission = async (c, next) => {
|
|
25
|
+
const tenantId = c.get("tenantId");
|
|
26
|
+
const projectId = c.req.param("projectId");
|
|
27
|
+
if (!tenantId || !projectId) throw createApiError({
|
|
28
|
+
code: "bad_request",
|
|
29
|
+
message: "Missing tenantId or projectId"
|
|
30
|
+
});
|
|
31
|
+
const exists = await getProjectMetadata(runDbClient_default)({
|
|
32
|
+
tenantId,
|
|
33
|
+
projectId
|
|
34
|
+
});
|
|
35
|
+
c.set("isProjectCreate", !exists);
|
|
36
|
+
return exists ? requireProjectPermission("edit")(c, next) : requirePermission({ project: ["create"] })(c, next);
|
|
37
|
+
};
|
|
21
38
|
app.openapi(createRoute({
|
|
22
39
|
method: "post",
|
|
23
40
|
path: "/project-full",
|
|
24
41
|
summary: "Create Full Project",
|
|
25
42
|
operationId: "create-full-project",
|
|
26
|
-
tags: ["
|
|
43
|
+
tags: ["Projects"],
|
|
27
44
|
description: "Create a complete project with all Agents, Sub Agents, tools, and relationships from JSON definition",
|
|
28
45
|
request: {
|
|
29
46
|
params: TenantParamsSchema,
|
|
@@ -90,7 +107,7 @@ app.openapi(createRoute({
|
|
|
90
107
|
path: "/project-full/{projectId}",
|
|
91
108
|
summary: "Get Full Project",
|
|
92
109
|
operationId: "get-full-project",
|
|
93
|
-
tags: ["
|
|
110
|
+
tags: ["Projects"],
|
|
94
111
|
description: "Retrieve a complete project definition with all Agents, Sub Agents, tools, and relationships",
|
|
95
112
|
request: { params: TenantProjectParamsSchema },
|
|
96
113
|
responses: {
|
|
@@ -129,7 +146,7 @@ app.openapi(createRoute({
|
|
|
129
146
|
path: "/project-full/{projectId}/with-relation-ids",
|
|
130
147
|
summary: "Get Full Project with Relation IDs",
|
|
131
148
|
operationId: "get-full-project-with-relation-ids",
|
|
132
|
-
tags: ["
|
|
149
|
+
tags: ["Projects"],
|
|
133
150
|
description: "Retrieve a complete project definition with all Agents, Sub Agents, tools, and relationships",
|
|
134
151
|
request: { params: TenantProjectParamsSchema },
|
|
135
152
|
responses: {
|
|
@@ -163,12 +180,16 @@ app.openapi(createRoute({
|
|
|
163
180
|
});
|
|
164
181
|
}
|
|
165
182
|
});
|
|
183
|
+
app.use("/project-full/:projectId", async (c, next) => {
|
|
184
|
+
if (c.req.method === "PUT") return requireProjectUpsertPermission(c, next);
|
|
185
|
+
return next();
|
|
186
|
+
});
|
|
166
187
|
app.openapi(createRoute({
|
|
167
188
|
method: "put",
|
|
168
189
|
path: "/project-full/{projectId}",
|
|
169
190
|
summary: "Update Full Project",
|
|
170
191
|
operationId: "update-full-project",
|
|
171
|
-
tags: ["
|
|
192
|
+
tags: ["Projects"],
|
|
172
193
|
description: "Update or create a complete project with all Agents, Sub Agents, tools, and relationships from JSON definition",
|
|
173
194
|
request: {
|
|
174
195
|
params: TenantProjectParamsSchema,
|
|
@@ -196,10 +217,7 @@ app.openapi(createRoute({
|
|
|
196
217
|
code: "bad_request",
|
|
197
218
|
message: `Project ID mismatch: expected ${projectId}, got ${validatedProjectData.id}`
|
|
198
219
|
});
|
|
199
|
-
const isCreate =
|
|
200
|
-
tenantId,
|
|
201
|
-
projectId
|
|
202
|
-
});
|
|
220
|
+
const isCreate = c.get("isProjectCreate") ?? false;
|
|
203
221
|
if (isCreate) {
|
|
204
222
|
await createProjectMetadataAndBranch(runDbClient_default, configDb)({
|
|
205
223
|
tenantId,
|
|
@@ -245,12 +263,16 @@ app.openapi(createRoute({
|
|
|
245
263
|
});
|
|
246
264
|
}
|
|
247
265
|
});
|
|
266
|
+
app.use("/project-full/:projectId", async (c, next) => {
|
|
267
|
+
if (c.req.method === "DELETE") return requirePermission({ project: ["delete"] })(c, next);
|
|
268
|
+
return next();
|
|
269
|
+
});
|
|
248
270
|
app.openapi(createRoute({
|
|
249
271
|
method: "delete",
|
|
250
272
|
path: "/project-full/{projectId}",
|
|
251
273
|
summary: "Delete Full Project",
|
|
252
274
|
operationId: "delete-full-project",
|
|
253
|
-
tags: ["
|
|
275
|
+
tags: ["Projects"],
|
|
254
276
|
description: "Delete a complete project and cascade to all related entities (Agents, Sub Agents, tools, relationships)",
|
|
255
277
|
request: { params: TenantProjectParamsSchema },
|
|
256
278
|
responses: {
|
|
@@ -1,24 +1,21 @@
|
|
|
1
1
|
import { requireProjectPermission } from "../../../middleware/projectAccess.js";
|
|
2
2
|
import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
|
|
3
|
-
import { changeProjectRole, commonGetErrorResponses, createApiError, grantProjectAccess, isAuthzEnabled, listProjectMembers, revokeProjectAccess } from "@inkeep/agents-core";
|
|
3
|
+
import { ProjectRoles, changeProjectRole, commonGetErrorResponses, createApiError, grantProjectAccess, isAuthzEnabled, listProjectMembers, revokeProjectAccess } from "@inkeep/agents-core";
|
|
4
4
|
|
|
5
5
|
//#region src/domains/manage/routes/projectMembers.ts
|
|
6
6
|
const app = new OpenAPIHono();
|
|
7
|
+
const projectRoleEnum = z.enum([
|
|
8
|
+
ProjectRoles.ADMIN,
|
|
9
|
+
ProjectRoles.MEMBER,
|
|
10
|
+
ProjectRoles.VIEWER
|
|
11
|
+
]);
|
|
7
12
|
const ProjectMemberSchema = z.object({
|
|
8
13
|
userId: z.string().min(1),
|
|
9
|
-
role:
|
|
10
|
-
"project_admin",
|
|
11
|
-
"project_member",
|
|
12
|
-
"project_viewer"
|
|
13
|
-
])
|
|
14
|
+
role: projectRoleEnum
|
|
14
15
|
});
|
|
15
16
|
const ProjectMemberResponseSchema = z.object({ data: z.object({
|
|
16
17
|
userId: z.string(),
|
|
17
|
-
role:
|
|
18
|
-
"project_admin",
|
|
19
|
-
"project_member",
|
|
20
|
-
"project_viewer"
|
|
21
|
-
]),
|
|
18
|
+
role: projectRoleEnum,
|
|
22
19
|
projectId: z.string()
|
|
23
20
|
}) });
|
|
24
21
|
const ProjectMemberParamsSchema = z.object({
|
|
@@ -31,16 +28,8 @@ const ProjectMemberUserParamsSchema = z.object({
|
|
|
31
28
|
userId: z.string()
|
|
32
29
|
});
|
|
33
30
|
const UpdateRoleSchema = z.object({
|
|
34
|
-
role:
|
|
35
|
-
|
|
36
|
-
"project_member",
|
|
37
|
-
"project_viewer"
|
|
38
|
-
]),
|
|
39
|
-
previousRole: z.enum([
|
|
40
|
-
"project_admin",
|
|
41
|
-
"project_member",
|
|
42
|
-
"project_viewer"
|
|
43
|
-
]).optional()
|
|
31
|
+
role: projectRoleEnum,
|
|
32
|
+
previousRole: projectRoleEnum.optional()
|
|
44
33
|
});
|
|
45
34
|
app.openapi(createRoute({
|
|
46
35
|
method: "get",
|
|
@@ -55,18 +44,14 @@ app.openapi(createRoute({
|
|
|
55
44
|
description: "List of project members",
|
|
56
45
|
content: { "application/json": { schema: z.object({ data: z.array(z.object({
|
|
57
46
|
userId: z.string(),
|
|
58
|
-
role:
|
|
59
|
-
"project_admin",
|
|
60
|
-
"project_member",
|
|
61
|
-
"project_viewer"
|
|
62
|
-
])
|
|
47
|
+
role: projectRoleEnum
|
|
63
48
|
})) }) } }
|
|
64
49
|
},
|
|
65
50
|
...commonGetErrorResponses
|
|
66
51
|
}
|
|
67
52
|
}), async (c) => {
|
|
68
53
|
const { projectId, tenantId } = c.req.valid("param");
|
|
69
|
-
if (!isAuthzEnabled(
|
|
54
|
+
if (!isAuthzEnabled()) return c.json({ data: [] });
|
|
70
55
|
const members = await listProjectMembers({
|
|
71
56
|
tenantId,
|
|
72
57
|
projectId
|
|
@@ -98,7 +83,7 @@ app.openapi(createRoute({
|
|
|
98
83
|
}), async (c) => {
|
|
99
84
|
const { projectId, tenantId } = c.req.valid("param");
|
|
100
85
|
const { userId, role } = c.req.valid("json");
|
|
101
|
-
if (!isAuthzEnabled(
|
|
86
|
+
if (!isAuthzEnabled()) throw createApiError({
|
|
102
87
|
code: "bad_request",
|
|
103
88
|
message: "Project member management requires authorization to be enabled (ENABLE_AUTHZ=true)"
|
|
104
89
|
});
|
|
@@ -135,7 +120,7 @@ app.openapi(createRoute({
|
|
|
135
120
|
}), async (c) => {
|
|
136
121
|
const { projectId, userId, tenantId } = c.req.valid("param");
|
|
137
122
|
const { role: newRole, previousRole } = c.req.valid("json");
|
|
138
|
-
if (!isAuthzEnabled(
|
|
123
|
+
if (!isAuthzEnabled()) throw createApiError({
|
|
139
124
|
code: "bad_request",
|
|
140
125
|
message: "Project member management requires authorization to be enabled (ENABLE_AUTHZ=true)"
|
|
141
126
|
});
|
|
@@ -170,11 +155,7 @@ app.openapi(createRoute({
|
|
|
170
155
|
tags: ["Project Members"],
|
|
171
156
|
request: {
|
|
172
157
|
params: ProjectMemberUserParamsSchema,
|
|
173
|
-
query: z.object({ role:
|
|
174
|
-
"project_admin",
|
|
175
|
-
"project_member",
|
|
176
|
-
"project_viewer"
|
|
177
|
-
]) })
|
|
158
|
+
query: z.object({ role: projectRoleEnum })
|
|
178
159
|
},
|
|
179
160
|
responses: {
|
|
180
161
|
204: { description: "Member removed successfully" },
|
|
@@ -183,7 +164,7 @@ app.openapi(createRoute({
|
|
|
183
164
|
}), async (c) => {
|
|
184
165
|
const { projectId, userId, tenantId } = c.req.valid("param");
|
|
185
166
|
const { role } = c.req.valid("query");
|
|
186
|
-
if (!isAuthzEnabled(
|
|
167
|
+
if (!isAuthzEnabled()) throw createApiError({
|
|
187
168
|
code: "bad_request",
|
|
188
169
|
message: "Project member management requires authorization to be enabled (ENABLE_AUTHZ=true)"
|
|
189
170
|
});
|
|
@@ -1,5 +1,6 @@
|
|
|
1
|
+
import { env } from "../../../env.js";
|
|
1
2
|
import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
|
|
2
|
-
import {
|
|
3
|
+
import { OrgRoles, SpiceDbProjectPermissions, SpiceDbResourceTypes, checkBulkPermissions, commonGetErrorResponses, createApiError, isAuthzEnabled } from "@inkeep/agents-core";
|
|
3
4
|
|
|
4
5
|
//#region src/domains/manage/routes/projectPermissions.ts
|
|
5
6
|
const app = new OpenAPIHono();
|
|
@@ -28,15 +29,21 @@ app.openapi(createRoute({
|
|
|
28
29
|
...commonGetErrorResponses
|
|
29
30
|
}
|
|
30
31
|
}), async (c) => {
|
|
31
|
-
const { projectId
|
|
32
|
+
const { projectId } = c.req.valid("param");
|
|
32
33
|
const userId = c.get("userId");
|
|
33
34
|
const tenantRole = c.get("tenantRole");
|
|
34
|
-
|
|
35
|
+
const isTestEnvironment = process.env.ENVIRONMENT === "test";
|
|
36
|
+
if (env.DISABLE_AUTH || isTestEnvironment) return c.json({ data: {
|
|
35
37
|
canView: true,
|
|
36
38
|
canUse: true,
|
|
37
39
|
canEdit: true
|
|
38
40
|
} });
|
|
39
|
-
if (
|
|
41
|
+
if (tenantRole === OrgRoles.OWNER || tenantRole === OrgRoles.ADMIN) return c.json({ data: {
|
|
42
|
+
canView: true,
|
|
43
|
+
canUse: true,
|
|
44
|
+
canEdit: true
|
|
45
|
+
} });
|
|
46
|
+
if (!isAuthzEnabled()) return c.json({ data: {
|
|
40
47
|
canView: true,
|
|
41
48
|
canUse: true,
|
|
42
49
|
canEdit: false
|
|
@@ -49,17 +56,17 @@ app.openapi(createRoute({
|
|
|
49
56
|
resourceType: SpiceDbResourceTypes.PROJECT,
|
|
50
57
|
resourceId: projectId,
|
|
51
58
|
permissions: [
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
59
|
+
SpiceDbProjectPermissions.VIEW,
|
|
60
|
+
SpiceDbProjectPermissions.USE,
|
|
61
|
+
SpiceDbProjectPermissions.EDIT
|
|
55
62
|
],
|
|
56
63
|
subjectType: SpiceDbResourceTypes.USER,
|
|
57
64
|
subjectId: userId
|
|
58
65
|
});
|
|
59
66
|
return c.json({ data: {
|
|
60
|
-
canView: permissions[
|
|
61
|
-
canUse: permissions[
|
|
62
|
-
canEdit: permissions[
|
|
67
|
+
canView: permissions[SpiceDbProjectPermissions.VIEW] ?? false,
|
|
68
|
+
canUse: permissions[SpiceDbProjectPermissions.USE] ?? false,
|
|
69
|
+
canEdit: permissions[SpiceDbProjectPermissions.EDIT] ?? false
|
|
63
70
|
} });
|
|
64
71
|
});
|
|
65
72
|
var projectPermissions_default = app;
|
|
@@ -15,7 +15,7 @@ app.use("/", async (c, next) => {
|
|
|
15
15
|
app.use("/:id", async (c, next) => {
|
|
16
16
|
if (c.req.method === "GET") return requireProjectPermission("view")(c, next);
|
|
17
17
|
if (c.req.method === "PATCH") return requireProjectPermission("edit")(c, next);
|
|
18
|
-
if (c.req.method === "DELETE") return
|
|
18
|
+
if (c.req.method === "DELETE") return requirePermission({ project: ["delete"] })(c, next);
|
|
19
19
|
return next();
|
|
20
20
|
});
|
|
21
21
|
app.openapi(createRoute({
|
|
@@ -45,9 +45,8 @@ app.openapi(createRoute({
|
|
|
45
45
|
const page = Number(c.req.query("page")) || 1;
|
|
46
46
|
const limit = Math.min(Number(c.req.query("limit")) || 10, 100);
|
|
47
47
|
let accessibleIds;
|
|
48
|
-
if (isAuthzEnabled(
|
|
48
|
+
if (isAuthzEnabled() && userId) {
|
|
49
49
|
const result$1 = await listAccessibleProjectIds({
|
|
50
|
-
tenantId,
|
|
51
50
|
userId,
|
|
52
51
|
orgRole: tenantRole
|
|
53
52
|
});
|
|
@@ -149,7 +148,7 @@ app.openapi(createRoute({
|
|
|
149
148
|
tenantId,
|
|
150
149
|
...body
|
|
151
150
|
});
|
|
152
|
-
if (isAuthzEnabled(
|
|
151
|
+
if (isAuthzEnabled()) {
|
|
153
152
|
if (!userId) throw createApiError({
|
|
154
153
|
code: "unauthorized",
|
|
155
154
|
message: "User not found"
|
|
@@ -256,7 +255,7 @@ app.openapi(createRoute({
|
|
|
256
255
|
code: "not_found",
|
|
257
256
|
message: "Project not found"
|
|
258
257
|
});
|
|
259
|
-
if (isAuthzEnabled(
|
|
258
|
+
if (isAuthzEnabled()) try {
|
|
260
259
|
await removeProjectFromSpiceDb({
|
|
261
260
|
tenantId,
|
|
262
261
|
projectId: id
|
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
import { ManageAppVariables } from "../../../types/app.js";
|
|
2
2
|
import { Hono } from "hono";
|
|
3
|
-
import * as
|
|
3
|
+
import * as hono_types17 from "hono/types";
|
|
4
4
|
|
|
5
5
|
//#region src/domains/manage/routes/signoz.d.ts
|
|
6
6
|
declare const app: Hono<{
|
|
7
7
|
Variables: ManageAppVariables;
|
|
8
|
-
},
|
|
8
|
+
}, hono_types17.BlankSchema, "/">;
|
|
9
9
|
//#endregion
|
|
10
10
|
export { app as default };
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { getLogger as getLogger$1 } from "../../../logger.js";
|
|
2
2
|
import { env } from "../../../env.js";
|
|
3
|
-
import {
|
|
3
|
+
import { enforceSecurityFilters } from "../../../utils/signozHelpers.js";
|
|
4
4
|
import { Hono } from "hono";
|
|
5
5
|
import { createApiError, projectExists } from "@inkeep/agents-core";
|
|
6
6
|
import axios from "axios";
|
|
@@ -36,9 +36,12 @@ app.post("/query", async (c) => {
|
|
|
36
36
|
message: "You do not have access to this project"
|
|
37
37
|
}, 403);
|
|
38
38
|
}
|
|
39
|
-
payload = enforceProjectFilter(payload, requestedProjectId);
|
|
40
|
-
logger.debug({ projectId: requestedProjectId }, "Project filter enforced");
|
|
41
39
|
}
|
|
40
|
+
payload = enforceSecurityFilters(payload, tenantId, requestedProjectId);
|
|
41
|
+
logger.debug({
|
|
42
|
+
tenantId,
|
|
43
|
+
projectId: requestedProjectId
|
|
44
|
+
}, "Security filters enforced");
|
|
42
45
|
const signozUrl = env.SIGNOZ_URL || env.PUBLIC_SIGNOZ_URL;
|
|
43
46
|
const signozApiKey = env.SIGNOZ_API_KEY;
|
|
44
47
|
if (!signozUrl || !signozApiKey) {
|
|
@@ -17,7 +17,7 @@ app.openapi(createRoute({
|
|
|
17
17
|
path: "/agent/{subAgentId}",
|
|
18
18
|
summary: "Get Artifact Components for Agent",
|
|
19
19
|
operationId: "get-artifact-components-for-agent",
|
|
20
|
-
tags: ["
|
|
20
|
+
tags: ["Agents", "Artifact Components"],
|
|
21
21
|
request: { params: TenantProjectAgentSubAgentParamsSchema },
|
|
22
22
|
responses: {
|
|
23
23
|
200: {
|
|
@@ -42,7 +42,7 @@ app.openapi(createRoute({
|
|
|
42
42
|
path: "/component/{artifactComponentId}/agents",
|
|
43
43
|
summary: "Get Agents Using Artifact Component",
|
|
44
44
|
operationId: "get-agents-using-artifact-component",
|
|
45
|
-
tags: ["
|
|
45
|
+
tags: ["Agents", "Artifact Components"],
|
|
46
46
|
request: { params: TenantProjectAgentParamsSchema.extend({ artifactComponentId: z.string() }) },
|
|
47
47
|
responses: {
|
|
48
48
|
200: {
|
|
@@ -68,7 +68,7 @@ app.openapi(createRoute({
|
|
|
68
68
|
path: "/",
|
|
69
69
|
summary: "Associate Artifact Component with Agent",
|
|
70
70
|
operationId: "associate-artifact-component-with-agent",
|
|
71
|
-
tags: ["
|
|
71
|
+
tags: ["Agents", "Artifact Components"],
|
|
72
72
|
request: {
|
|
73
73
|
params: TenantProjectAgentParamsSchema,
|
|
74
74
|
body: { content: { "application/json": { schema: SubAgentArtifactComponentApiInsertSchema } } }
|
|
@@ -139,7 +139,7 @@ app.openapi(createRoute({
|
|
|
139
139
|
path: "/agent/{subAgentId}/component/{artifactComponentId}",
|
|
140
140
|
summary: "Remove Artifact Component from Agent",
|
|
141
141
|
operationId: "remove-artifact-component-from-agent",
|
|
142
|
-
tags: ["
|
|
142
|
+
tags: ["Agents", "Artifact Components"],
|
|
143
143
|
request: { params: TenantProjectAgentSubAgentParamsSchema.extend({ artifactComponentId: z.string() }) },
|
|
144
144
|
responses: {
|
|
145
145
|
200: {
|
|
@@ -173,7 +173,7 @@ app.openapi(createRoute({
|
|
|
173
173
|
path: "/agent/{subAgentId}/component/{artifactComponentId}/exists",
|
|
174
174
|
summary: "Check if Artifact Component is Associated with Agent",
|
|
175
175
|
operationId: "check-artifact-component-agent-association",
|
|
176
|
-
tags: ["
|
|
176
|
+
tags: ["Agents", "Artifact Components"],
|
|
177
177
|
request: { params: TenantProjectAgentSubAgentParamsSchema.extend({ artifactComponentId: z.string() }) },
|
|
178
178
|
responses: {
|
|
179
179
|
200: {
|
|
@@ -17,7 +17,7 @@ app.openapi(createRoute({
|
|
|
17
17
|
path: "/agent/{subAgentId}",
|
|
18
18
|
summary: "Get Data Components for Agent",
|
|
19
19
|
operationId: "get-data-components-for-agent",
|
|
20
|
-
tags: ["
|
|
20
|
+
tags: ["Agents", "Data Components"],
|
|
21
21
|
request: { params: TenantProjectAgentSubAgentParamsSchema },
|
|
22
22
|
responses: {
|
|
23
23
|
200: {
|
|
@@ -42,7 +42,7 @@ app.openapi(createRoute({
|
|
|
42
42
|
path: "/component/{dataComponentId}/agents",
|
|
43
43
|
summary: "Get Agents Using Data Component",
|
|
44
44
|
operationId: "get-agents-using-data-component",
|
|
45
|
-
tags: ["
|
|
45
|
+
tags: ["Agents", "Data Components"],
|
|
46
46
|
request: { params: TenantProjectAgentParamsSchema.extend({ dataComponentId: z.string() }) },
|
|
47
47
|
responses: {
|
|
48
48
|
200: {
|
|
@@ -68,7 +68,7 @@ app.openapi(createRoute({
|
|
|
68
68
|
path: "/",
|
|
69
69
|
summary: "Associate Data Component with Agent",
|
|
70
70
|
operationId: "associate-data-component-with-agent",
|
|
71
|
-
tags: ["
|
|
71
|
+
tags: ["Agents", "Data Components"],
|
|
72
72
|
request: {
|
|
73
73
|
params: TenantProjectAgentParamsSchema,
|
|
74
74
|
body: { content: { "application/json": { schema: SubAgentDataComponentApiInsertSchema } } }
|
|
@@ -138,7 +138,7 @@ app.openapi(createRoute({
|
|
|
138
138
|
path: "/agent/{subAgentId}/component/{dataComponentId}",
|
|
139
139
|
summary: "Remove Data Component from Agent",
|
|
140
140
|
operationId: "remove-data-component-from-agent",
|
|
141
|
-
tags: ["
|
|
141
|
+
tags: ["Agents", "Data Components"],
|
|
142
142
|
request: { params: TenantProjectAgentSubAgentParamsSchema.extend({ dataComponentId: z.string() }) },
|
|
143
143
|
responses: {
|
|
144
144
|
200: {
|
|
@@ -172,7 +172,7 @@ app.openapi(createRoute({
|
|
|
172
172
|
path: "/agent/{subAgentId}/component/{dataComponentId}/exists",
|
|
173
173
|
summary: "Check if Data Component is Associated with Agent",
|
|
174
174
|
operationId: "check-data-component-agent-association",
|
|
175
|
-
tags: ["
|
|
175
|
+
tags: ["Agents", "Data Components"],
|
|
176
176
|
request: { params: TenantProjectAgentSubAgentParamsSchema.extend({ dataComponentId: z.string() }) },
|
|
177
177
|
responses: {
|
|
178
178
|
200: {
|
|
@@ -19,7 +19,7 @@ app.openapi(createRoute({
|
|
|
19
19
|
path: "/",
|
|
20
20
|
summary: "List Sub Agent External Agent Relations",
|
|
21
21
|
operationId: "list-sub-agent-external-agent-relations",
|
|
22
|
-
tags: ["
|
|
22
|
+
tags: ["SubAgents", "External Agents"],
|
|
23
23
|
request: {
|
|
24
24
|
params: TenantProjectAgentSubAgentParamsSchema,
|
|
25
25
|
query: PaginationQueryParamsSchema
|
|
@@ -64,7 +64,7 @@ app.openapi(createRoute({
|
|
|
64
64
|
path: "/{id}",
|
|
65
65
|
summary: "Get Sub Agent External Agent Relation",
|
|
66
66
|
operationId: "get-sub-agent-external-agent-relation-by-id",
|
|
67
|
-
tags: ["
|
|
67
|
+
tags: ["SubAgents", "External Agents"],
|
|
68
68
|
request: { params: TenantProjectAgentSubAgentIdParamsSchema },
|
|
69
69
|
responses: {
|
|
70
70
|
200: {
|
|
@@ -96,7 +96,7 @@ app.openapi(createRoute({
|
|
|
96
96
|
path: "/",
|
|
97
97
|
summary: "Create Sub Agent External Agent Relation",
|
|
98
98
|
operationId: "create-sub-agent-external-agent-relation",
|
|
99
|
-
tags: ["
|
|
99
|
+
tags: ["SubAgents", "External Agents"],
|
|
100
100
|
request: {
|
|
101
101
|
params: TenantProjectAgentSubAgentParamsSchema,
|
|
102
102
|
body: { content: { "application/json": { schema: SubAgentExternalAgentRelationApiInsertSchema } } }
|
|
@@ -147,7 +147,7 @@ app.openapi(createRoute({
|
|
|
147
147
|
path: "/{id}",
|
|
148
148
|
summary: "Update Sub Agent External Agent Relation",
|
|
149
149
|
operationId: "update-sub-agent-external-agent-relation",
|
|
150
|
-
tags: ["
|
|
150
|
+
tags: ["SubAgents", "External Agents"],
|
|
151
151
|
request: {
|
|
152
152
|
params: TenantProjectAgentSubAgentIdParamsSchema,
|
|
153
153
|
body: { content: { "application/json": { schema: SubAgentExternalAgentRelationApiUpdateSchema } } }
|
|
@@ -184,7 +184,7 @@ app.openapi(createRoute({
|
|
|
184
184
|
path: "/{id}",
|
|
185
185
|
summary: "Delete Sub Agent External Agent Relation",
|
|
186
186
|
operationId: "delete-sub-agent-external-agent-relation",
|
|
187
|
-
tags: ["
|
|
187
|
+
tags: ["SubAgents", "External Agents"],
|
|
188
188
|
request: { params: TenantProjectAgentSubAgentIdParamsSchema },
|
|
189
189
|
responses: {
|
|
190
190
|
204: { description: "Sub Agent External Agent Relation deleted successfully" },
|
|
@@ -17,7 +17,7 @@ app.openapi(createRoute({
|
|
|
17
17
|
path: "/sub-agent/{subAgentId}",
|
|
18
18
|
summary: "Get Function Tools for SubAgent",
|
|
19
19
|
operationId: "get-function-tools-for-sub-agent",
|
|
20
|
-
tags: ["
|
|
20
|
+
tags: ["SubAgents", "Function Tools"],
|
|
21
21
|
request: { params: TenantProjectAgentSubAgentParamsSchema },
|
|
22
22
|
responses: {
|
|
23
23
|
200: {
|
|
@@ -44,7 +44,7 @@ app.openapi(createRoute({
|
|
|
44
44
|
path: "/function-tool/{functionToolId}/sub-agents",
|
|
45
45
|
summary: "Get SubAgents Using Function Tool",
|
|
46
46
|
operationId: "get-sub-agents-using-function-tool",
|
|
47
|
-
tags: ["
|
|
47
|
+
tags: ["SubAgents", "Function Tools"],
|
|
48
48
|
request: { params: TenantProjectAgentParamsSchema.extend({ functionToolId: z.string() }) },
|
|
49
49
|
responses: {
|
|
50
50
|
200: {
|
|
@@ -71,7 +71,7 @@ app.openapi(createRoute({
|
|
|
71
71
|
path: "/",
|
|
72
72
|
summary: "Associate Function Tool with SubAgent",
|
|
73
73
|
operationId: "associate-function-tool-with-sub-agent",
|
|
74
|
-
tags: ["
|
|
74
|
+
tags: ["SubAgents", "Function Tools"],
|
|
75
75
|
request: {
|
|
76
76
|
params: TenantProjectAgentParamsSchema,
|
|
77
77
|
body: { content: { "application/json": { schema: SubAgentFunctionToolRelationApiInsertSchema } } }
|
|
@@ -142,7 +142,7 @@ app.openapi(createRoute({
|
|
|
142
142
|
path: "/sub-agent/{subAgentId}/function-tool/{functionToolId}",
|
|
143
143
|
summary: "Remove Function Tool from SubAgent",
|
|
144
144
|
operationId: "remove-function-tool-from-sub-agent",
|
|
145
|
-
tags: ["
|
|
145
|
+
tags: ["SubAgents", "Function Tools"],
|
|
146
146
|
request: { params: TenantProjectAgentSubAgentParamsSchema.extend({ functionToolId: z.string() }) },
|
|
147
147
|
responses: {
|
|
148
148
|
200: {
|
|
@@ -176,7 +176,7 @@ app.openapi(createRoute({
|
|
|
176
176
|
path: "/sub-agent/{subAgentId}/function-tool/{functionToolId}/exists",
|
|
177
177
|
summary: "Check if Function Tool is Associated with SubAgent",
|
|
178
178
|
operationId: "check-function-tool-sub-agent-association",
|
|
179
|
-
tags: ["
|
|
179
|
+
tags: ["SubAgents", "Function Tools"],
|
|
180
180
|
request: { params: TenantProjectAgentSubAgentParamsSchema.extend({ functionToolId: z.string() }) },
|
|
181
181
|
responses: {
|
|
182
182
|
200: {
|
|
@@ -19,7 +19,7 @@ app.openapi(createRoute({
|
|
|
19
19
|
path: "/",
|
|
20
20
|
summary: "List Sub Agent Relations",
|
|
21
21
|
operationId: "list-sub-agent-relations",
|
|
22
|
-
tags: ["
|
|
22
|
+
tags: ["SubAgents"],
|
|
23
23
|
request: {
|
|
24
24
|
params: TenantProjectAgentParamsSchema,
|
|
25
25
|
query: PaginationQueryParamsSchema.merge(SubAgentRelationQuerySchema)
|
|
@@ -92,7 +92,7 @@ app.openapi(createRoute({
|
|
|
92
92
|
};
|
|
93
93
|
}
|
|
94
94
|
return c.json(result);
|
|
95
|
-
} catch
|
|
95
|
+
} catch {
|
|
96
96
|
throw createApiError({
|
|
97
97
|
code: "internal_server_error",
|
|
98
98
|
message: "Failed to retrieve sub agent relations"
|
|
@@ -104,7 +104,7 @@ app.openapi(createRoute({
|
|
|
104
104
|
path: "/{id}",
|
|
105
105
|
summary: "Get Sub Agent Relation",
|
|
106
106
|
operationId: "get-sub-agent-relation-by-id",
|
|
107
|
-
tags: ["
|
|
107
|
+
tags: ["SubAgents"],
|
|
108
108
|
request: { params: TenantProjectAgentIdParamsSchema },
|
|
109
109
|
responses: {
|
|
110
110
|
200: {
|
|
@@ -135,7 +135,7 @@ app.openapi(createRoute({
|
|
|
135
135
|
path: "/",
|
|
136
136
|
summary: "Create Sub Agent Relation",
|
|
137
137
|
operationId: "create-sub-agent-relation",
|
|
138
|
-
tags: ["
|
|
138
|
+
tags: ["SubAgents"],
|
|
139
139
|
request: {
|
|
140
140
|
params: TenantProjectAgentParamsSchema,
|
|
141
141
|
body: { content: { "application/json": { schema: SubAgentRelationApiInsertSchema } } }
|
|
@@ -196,7 +196,7 @@ app.openapi(createRoute({
|
|
|
196
196
|
path: "/{id}",
|
|
197
197
|
summary: "Update Sub Agent Relation",
|
|
198
198
|
operationId: "update-sub-agent-relation",
|
|
199
|
-
tags: ["
|
|
199
|
+
tags: ["SubAgents"],
|
|
200
200
|
request: {
|
|
201
201
|
params: TenantProjectAgentIdParamsSchema,
|
|
202
202
|
body: { content: { "application/json": { schema: SubAgentRelationApiUpdateSchema } } }
|
|
@@ -232,7 +232,7 @@ app.openapi(createRoute({
|
|
|
232
232
|
path: "/{id}",
|
|
233
233
|
summary: "Delete Sub Agent Relation",
|
|
234
234
|
operationId: "delete-sub-agent-relation",
|
|
235
|
-
tags: ["
|
|
235
|
+
tags: ["SubAgents"],
|
|
236
236
|
request: { params: TenantProjectAgentIdParamsSchema },
|
|
237
237
|
responses: {
|
|
238
238
|
204: { description: "Sub Agent Relation deleted successfully" },
|