@inkeep/agents-api 0.42.0 → 0.44.0

package/dist/domains/run/utils/stream-helpers.js

@@ -5,6 +5,7 @@ import { parsePartialJson } from "ai";
 var SSEStreamHelper = class {
 	isTextStreaming = false;
 	queuedEvents = [];
+	toolCallIndexById = /* @__PURE__ */ new Map();
 	constructor(stream, requestId, timestamp) {
 		this.stream = stream;
 		this.requestId = requestId;
@@ -40,6 +41,25 @@ var SSEStreamHelper = class {
 			}]
 		}) });
 	}
+	getToolIndex(toolCallId) {
+		const existing = this.toolCallIndexById.get(toolCallId);
+		if (existing !== void 0) return existing;
+		const next = this.toolCallIndexById.size;
+		this.toolCallIndexById.set(toolCallId, next);
+		return next;
+	}
+	async writeToolCallsDelta(toolCalls) {
+		await this.stream.writeSSE({ data: JSON.stringify({
+			id: this.requestId,
+			object: "chat.completion.chunk",
+			created: this.timestamp,
+			choices: [{
+				index: 0,
+				delta: { tool_calls: toolCalls },
+				finish_reason: null
+			}]
+		}) });
+	}
 	/**
 	* Stream text word by word with optional delay
 	*/
@@ -97,6 +117,65 @@ var SSEStreamHelper = class {
 			}]
 		}) });
 	}
+	async writeToolInputStart(params) {
+		const index = this.getToolIndex(params.toolCallId);
+		await this.writeToolCallsDelta([{
+			index,
+			id: params.toolCallId,
+			type: "function",
+			function: {
+				name: params.toolName,
+				arguments: ""
+			}
+		}]);
+	}
+	async writeToolInputDelta(params) {
+		const index = this.getToolIndex(params.toolCallId);
+		await this.writeToolCallsDelta([{
+			index,
+			id: null,
+			type: null,
+			function: {
+				name: null,
+				arguments: params.inputTextDelta
+			}
+		}]);
+	}
+	async writeToolInputAvailable(params) {
+		const fullArgs = JSON.stringify(params.input ?? {});
+		if (fullArgs) await this.writeToolInputDelta({
+			toolCallId: params.toolCallId,
+			inputTextDelta: fullArgs
+		});
+	}
+	async writeToolOutputAvailable(params) {
+		await this.writeContent(JSON.stringify({
+			type: "tool-output-available",
+			toolCallId: params.toolCallId,
+			output: params.output
+		}));
+	}
+	async writeToolOutputError(params) {
+		await this.writeContent(JSON.stringify({
+			type: "tool-output-error",
+			toolCallId: params.toolCallId,
+			errorText: params.errorText,
+			output: params.output ?? null
+		}));
+	}
+	async writeToolApprovalRequest(params) {
+		await this.writeContent(JSON.stringify({
+			type: "tool-approval-request",
+			approvalId: params.approvalId,
+			toolCallId: params.toolCallId
+		}));
+	}
+	async writeToolOutputDenied(params) {
+		await this.writeContent(JSON.stringify({
+			type: "tool-output-denied",
+			toolCallId: params.toolCallId
+		}));
+	}
 	async writeSummary(summary) {
 		if (this.isTextStreaming) {
 			this.queuedEvents.push({
@@ -166,6 +245,7 @@ var VercelDataStreamHelper = class VercelDataStreamHelper {
 			this.forceCleanup("Connection lifetime exceeded");
 		}, STREAM_MAX_LIFETIME_MS);
 	}
+	setSessionId(_sessionId) {}
 	async writeRole(_ = "assistant") {}
 	async writeContent(content) {
 		if (this.isCompleted) {
@@ -272,6 +352,64 @@ var VercelDataStreamHelper = class VercelDataStreamHelper {
 			type: "error"
 		});
 	}
+	async writeToolInputStart(params) {
+		if (this.isCompleted) return;
+		this.writer.write({
+			type: "tool-input-start",
+			toolCallId: params.toolCallId,
+			toolName: params.toolName
+		});
+	}
+	async writeToolInputDelta(params) {
+		if (this.isCompleted) return;
+		this.writer.write({
+			type: "tool-input-delta",
+			toolCallId: params.toolCallId,
+			inputTextDelta: params.inputTextDelta
+		});
+	}
+	async writeToolInputAvailable(params) {
+		if (this.isCompleted) return;
+		this.writer.write({
+			type: "tool-input-available",
+			toolCallId: params.toolCallId,
+			toolName: params.toolName,
+			input: params.input,
+			...params.providerMetadata ? { providerMetadata: params.providerMetadata } : {}
+		});
+	}
+	async writeToolOutputAvailable(params) {
+		if (this.isCompleted) return;
+		this.writer.write({
+			type: "tool-output-available",
+			toolCallId: params.toolCallId,
+			output: params.output
+		});
+	}
+	async writeToolOutputError(params) {
+		if (this.isCompleted) return;
+		this.writer.write({
+			type: "tool-output-error",
+			toolCallId: params.toolCallId,
+			errorText: params.errorText,
+			output: params.output ?? null
+		});
+	}
+	async writeToolApprovalRequest(params) {
+		if (this.isCompleted) return;
+		this.writer.write({
+			type: "tool-approval-request",
+			approvalId: params.approvalId,
+			toolCallId: params.toolCallId
+		});
+	}
+	async writeToolOutputDenied(params) {
+		if (this.isCompleted) return;
+		this.writer.write({
+			type: "tool-output-denied",
+			toolCallId: params.toolCallId
+		});
+	}
 	async streamData(data) {
 		await this.writeContent(JSON.stringify(data));
 	}
@@ -458,6 +596,7 @@ var BufferingStreamHelper = class {
 	capturedSummaries = [];
 	hasError = false;
 	errorMessage = "";
+	setSessionId(_sessionId) {}
 	async writeRole(_role) {}
 	async writeContent(content) {
 		this.capturedText += content;
@@ -487,6 +626,49 @@ var BufferingStreamHelper = class {
 		this.hasError = true;
 		this.errorMessage = typeof error === "string" ? error : error.message;
 	}
+	async writeToolInputStart(params) {
+		this.capturedData.push({
+			type: "tool-input-start",
+			...params
+		});
+	}
+	async writeToolInputDelta(params) {
+		this.capturedData.push({
+			type: "tool-input-delta",
+			...params
+		});
+	}
+	async writeToolInputAvailable(params) {
+		this.capturedData.push({
+			type: "tool-input-available",
+			...params
+		});
+	}
+	async writeToolOutputAvailable(params) {
+		this.capturedData.push({
+			type: "tool-output-available",
+			...params
+		});
+	}
+	async writeToolOutputError(params) {
+		this.capturedData.push({
+			type: "tool-output-error",
+			...params,
+			output: params.output ?? null
+		});
+	}
+	async writeToolApprovalRequest(params) {
+		this.capturedData.push({
+			type: "tool-approval-request",
+			...params
+		});
+	}
+	async writeToolOutputDenied(params) {
+		this.capturedData.push({
+			type: "tool-output-denied",
+			...params
+		});
+	}
 	async complete() {}
 	/**
 	* Get the captured response for non-streaming output

package/dist/domains/run/utils/token-estimator.d.ts

@@ -1,4 +1,4 @@
-import * as _inkeep_agents_core3 from "@inkeep/agents-core";
+import * as _inkeep_agents_core1 from "@inkeep/agents-core";
 import { BreakdownComponentDef, ContextBreakdown, calculateBreakdownTotal, createEmptyBreakdown } from "@inkeep/agents-core";
 
 //#region src/domains/run/utils/token-estimator.d.ts
@@ -17,7 +17,7 @@ interface AssembleResult {
   /** The assembled prompt string */
   prompt: string;
   /** Token breakdown for each component */
-  breakdown: _inkeep_agents_core3.ContextBreakdown;
+  breakdown: _inkeep_agents_core1.ContextBreakdown;
 }
 //#endregion
 export { AssembleResult, type BreakdownComponentDef, type ContextBreakdown, calculateBreakdownTotal, createEmptyBreakdown, estimateTokens };

package/dist/env.d.ts

@@ -37,7 +37,6 @@ declare const envSchema: z.ZodObject<{
   NANGO_SECRET_KEY: z.ZodOptional<z.ZodString>;
   OTEL_BSP_SCHEDULE_DELAY: z.ZodDefault<z.ZodOptional<z.ZodCoercedNumber<unknown>>>;
   OTEL_BSP_MAX_EXPORT_BATCH_SIZE: z.ZodDefault<z.ZodOptional<z.ZodCoercedNumber<unknown>>>;
-  DISABLE_AUTH: z.ZodPipe<z.ZodDefault<z.ZodOptional<z.ZodString>>, z.ZodTransform<boolean, string>>;
   TENANT_ID: z.ZodDefault<z.ZodOptional<z.ZodString>>;
   SIGNOZ_URL: z.ZodOptional<z.ZodString>;
   SIGNOZ_API_KEY: z.ZodOptional<z.ZodString>;
@@ -45,6 +44,12 @@ declare const envSchema: z.ZodObject<{
   ANTHROPIC_API_KEY: z.ZodString;
   OPENAI_API_KEY: z.ZodOptional<z.ZodString>;
   GOOGLE_GENERATIVE_AI_API_KEY: z.ZodOptional<z.ZodString>;
+  GITHUB_APP_ID: z.ZodOptional<z.ZodString>;
+  GITHUB_APP_PRIVATE_KEY: z.ZodOptional<z.ZodString>;
+  GITHUB_WEBHOOK_SECRET: z.ZodOptional<z.ZodString>;
+  GITHUB_STATE_SIGNING_SECRET: z.ZodOptional<z.ZodString>;
+  GITHUB_APP_NAME: z.ZodOptional<z.ZodString>;
+  GITHUB_MCP_API_KEY: z.ZodOptional<z.ZodString>;
   WORKFLOW_TARGET_WORLD: z.ZodOptional<z.ZodString>;
   WORKFLOW_POSTGRES_URL: z.ZodOptional<z.ZodString>;
   WORKFLOW_POSTGRES_JOB_PREFIX: z.ZodOptional<z.ZodString>;
@@ -60,7 +65,6 @@ declare const env: {
   NANGO_SERVER_URL: string;
   OTEL_BSP_SCHEDULE_DELAY: number;
   OTEL_BSP_MAX_EXPORT_BATCH_SIZE: number;
-  DISABLE_AUTH: boolean;
   TENANT_ID: string;
   ANTHROPIC_API_KEY: string;
   INKEEP_AGENTS_MANAGE_UI_URL?: string | undefined;
@@ -79,6 +83,12 @@ declare const env: {
   PUBLIC_SIGNOZ_URL?: string | undefined;
   OPENAI_API_KEY?: string | undefined;
   GOOGLE_GENERATIVE_AI_API_KEY?: string | undefined;
+  GITHUB_APP_ID?: string | undefined;
+  GITHUB_APP_PRIVATE_KEY?: string | undefined;
+  GITHUB_WEBHOOK_SECRET?: string | undefined;
+  GITHUB_STATE_SIGNING_SECRET?: string | undefined;
+  GITHUB_APP_NAME?: string | undefined;
+  GITHUB_MCP_API_KEY?: string | undefined;
   WORKFLOW_TARGET_WORLD?: string | undefined;
   WORKFLOW_POSTGRES_URL?: string | undefined;
   WORKFLOW_POSTGRES_JOB_PREFIX?: string | undefined;

package/dist/env.js

@@ -8,49 +8,54 @@ const envSchema = z.object({
 		"development",
 		"production",
 		"test"
-	]).default("development"),
+	]).default("development").describe("Node.js environment mode"),
 	ENVIRONMENT: z.enum([
 		"development",
 		"production",
 		"pentest",
 		"test"
-	]).default("development"),
+	]).default("development").describe("Application environment mode"),
 	LOG_LEVEL: z.enum([
 		"trace",
 		"debug",
 		"info",
 		"warn",
 		"error"
-	]).default("info"),
-	INKEEP_AGENTS_MANAGE_DATABASE_URL: z.string(),
-	INKEEP_AGENTS_RUN_DATABASE_URL: z.string(),
-	INKEEP_AGENTS_MANAGE_UI_URL: z.string().optional(),
-	INKEEP_AGENTS_API_URL: z.string().optional().default("http://localhost:3002"),
-	BETTER_AUTH_SECRET: z.string().optional(),
-	INKEEP_AGENTS_MANAGE_UI_USERNAME: z.string().optional().refine((val) => !val || /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(val), { message: "Invalid email address" }),
-	INKEEP_AGENTS_MANAGE_UI_PASSWORD: z.string().optional().refine((val) => !val || val.length >= 8, { message: "Password must be at least 8 characters" }),
-	INKEEP_AGENTS_API_BYPASS_SECRET: z.string().optional(),
-	INKEEP_AGENTS_MANAGE_API_BYPASS_SECRET: z.string().optional(),
-	INKEEP_AGENTS_RUN_API_BYPASS_SECRET: z.string().optional(),
-	INKEEP_AGENTS_EVAL_API_BYPASS_SECRET: z.string().optional(),
-	INKEEP_AGENTS_TEMP_JWT_PUBLIC_KEY: z.string().optional(),
-	INKEEP_AGENTS_TEMP_JWT_PRIVATE_KEY: z.string().optional(),
-	NANGO_SERVER_URL: z.string().optional().default("https://api.nango.dev"),
-	NANGO_SECRET_KEY: z.string().optional(),
-	OTEL_BSP_SCHEDULE_DELAY: z.coerce.number().optional().default(500),
-	OTEL_BSP_MAX_EXPORT_BATCH_SIZE: z.coerce.number().optional().default(64),
-	DISABLE_AUTH: z.string().optional().default("false").transform((val) => val === "true"),
-	TENANT_ID: z.string().optional().default("default"),
-	SIGNOZ_URL: z.string().optional(),
-	SIGNOZ_API_KEY: z.string().optional(),
-	PUBLIC_SIGNOZ_URL: z.string().optional(),
-	ANTHROPIC_API_KEY: z.string(),
-	OPENAI_API_KEY: z.string().optional(),
-	GOOGLE_GENERATIVE_AI_API_KEY: z.string().optional(),
-	WORKFLOW_TARGET_WORLD: z.string().optional(),
-	WORKFLOW_POSTGRES_URL: z.string().optional(),
-	WORKFLOW_POSTGRES_JOB_PREFIX: z.string().optional(),
-	WORKFLOW_POSTGRES_WORKER_CONCURRENCY: z.string().optional()
+	]).default("info").describe("Logging verbosity level"),
+	INKEEP_AGENTS_MANAGE_DATABASE_URL: z.string().describe("PostgreSQL connection URL for the management database (Doltgres with Git version control)"),
+	INKEEP_AGENTS_RUN_DATABASE_URL: z.string().describe("PostgreSQL connection URL for the runtime database (Doltgres with Git version control)"),
+	INKEEP_AGENTS_MANAGE_UI_URL: z.string().optional().describe("URL where the management UI is hosted"),
+	INKEEP_AGENTS_API_URL: z.string().optional().default("http://localhost:3002").describe("URL where the agents management API is running"),
+	BETTER_AUTH_SECRET: z.string().optional().describe("Secret key for Better Auth session encryption (change in production)"),
+	INKEEP_AGENTS_MANAGE_UI_USERNAME: z.string().optional().refine((val) => !val || /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(val), { message: "Invalid email address" }).describe("Admin email address for management UI login"),
+	INKEEP_AGENTS_MANAGE_UI_PASSWORD: z.string().optional().refine((val) => !val || val.length >= 8, { message: "Password must be at least 8 characters" }).describe("Admin password for management UI login (min 8 characters)"),
+	INKEEP_AGENTS_API_BYPASS_SECRET: z.string().optional().describe("API bypass secret for local development and testing (skips auth)"),
+	INKEEP_AGENTS_MANAGE_API_BYPASS_SECRET: z.string().optional().describe("Management API bypass secret for local development and testing (skips auth)"),
+	INKEEP_AGENTS_RUN_API_BYPASS_SECRET: z.string().optional().describe("Run API bypass secret for local development and testing (skips auth)"),
+	INKEEP_AGENTS_EVAL_API_BYPASS_SECRET: z.string().optional().describe("Eval API bypass secret for local development and testing (skips auth)"),
+	INKEEP_AGENTS_TEMP_JWT_PUBLIC_KEY: z.string().optional().describe("Temporary JWT public key for Playground (generate with scripts/generate-jwt-keys.sh)"),
+	INKEEP_AGENTS_TEMP_JWT_PRIVATE_KEY: z.string().optional().describe("Temporary JWT private key for Playground (generate with scripts/generate-jwt-keys.sh)"),
+	NANGO_SERVER_URL: z.string().optional().default("https://api.nango.dev").describe("Nango server URL for OAuth integrations"),
+	NANGO_SECRET_KEY: z.string().optional().describe("Nango secret key for OAuth integrations"),
+	OTEL_BSP_SCHEDULE_DELAY: z.coerce.number().optional().default(500).describe("OpenTelemetry batch span processor schedule delay in milliseconds"),
+	OTEL_BSP_MAX_EXPORT_BATCH_SIZE: z.coerce.number().optional().default(64).describe("OpenTelemetry batch span processor max export batch size"),
+	TENANT_ID: z.string().optional().default("default").describe("Default tenant ID for development"),
+	SIGNOZ_URL: z.string().optional().describe("SigNoz server URL for observability"),
+	SIGNOZ_API_KEY: z.string().optional().describe("SigNoz API key for authentication"),
+	PUBLIC_SIGNOZ_URL: z.string().optional().describe("Public SigNoz URL accessible from the browser"),
+	ANTHROPIC_API_KEY: z.string().describe("Anthropic API key for Claude models (required for agent execution). Get from https://console.anthropic.com/"),
+	OPENAI_API_KEY: z.string().optional().describe("OpenAI API key for GPT models. Get from https://platform.openai.com/"),
+	GOOGLE_GENERATIVE_AI_API_KEY: z.string().optional().describe("Google Generative AI API key for Gemini models"),
+	GITHUB_APP_ID: z.string().optional(),
+	GITHUB_APP_PRIVATE_KEY: z.string().optional(),
+	GITHUB_WEBHOOK_SECRET: z.string().optional(),
+	GITHUB_STATE_SIGNING_SECRET: z.string().min(32, "GITHUB_STATE_SIGNING_SECRET must be at least 32 characters").optional(),
+	GITHUB_APP_NAME: z.string().optional(),
+	GITHUB_MCP_API_KEY: z.string().optional().describe("API key for the GitHub MCP"),
+	WORKFLOW_TARGET_WORLD: z.string().optional().describe("Target world for workflow execution"),
+	WORKFLOW_POSTGRES_URL: z.string().optional().describe("PostgreSQL connection URL for workflow job queue"),
+	WORKFLOW_POSTGRES_JOB_PREFIX: z.string().optional().describe("Prefix for workflow job names in the queue"),
+	WORKFLOW_POSTGRES_WORKER_CONCURRENCY: z.string().optional().describe("Number of concurrent workflow workers")
 });
 const parseEnv = () => {
 	try {

package/dist/factory.d.ts

@@ -1,10 +1,9 @@
 import { SandboxConfig } from "./types/app.js";
 import "./types/index.js";
 import { createAgentsHono } from "./createApp.js";
-import { initializeDefaultUser } from "./initialization.js";
 import { createAuth0Provider, createOIDCProvider } from "./ssoHelpers.js";
-import * as hono0 from "hono";
 import { CredentialStore, ServerConfig } from "@inkeep/agents-core";
+import * as hono0 from "hono";
 import * as zod0 from "zod";
 import { SSOProviderConfig, UserAuthConfig } from "@inkeep/agents-core/auth";
 import * as hono_types1 from "hono/types";
@@ -122,11 +121,11 @@ declare function createAgentsAuth(userAuthConfig?: UserAuthConfig): better_auth0
     useSecureCookies?: boolean | undefined;
     disableCSRFCheck?: boolean | undefined;
     disableOriginCheck?: boolean | undefined;
-    crossSubDomainCookies: {
+    crossSubDomainCookies?: {
       enabled: boolean;
       additionalCookies?: string[];
       domain?: string;
-    };
+    } | undefined;
     cookies?: {
       [key: string]: {
         name?: string;
@@ -795,27 +794,28 @@ declare function createAgentsAuth(userAuthConfig?: UserAuthConfig): better_auth0
       ac: better_auth_plugins0.AccessControl;
       roles: {
         member: {
-          authorize<K_1 extends "organization" | "ac" | "member" | "project" | "team" | "invitation">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "ac" | "member" | "project" | "team" | "invitation", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"organization" | "ac" | "member" | "project" | "team" | "invitation", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"organization" | "ac" | "member" | "project" | "team" | "invitation", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
         };
         admin: {
-          authorize<K_1 extends "organization" | "ac" | "member" | "project" | "team" | "invitation">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "ac" | "member" | "project" | "team" | "invitation", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"organization" | "ac" | "member" | "project" | "team" | "invitation", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"organization" | "ac" | "member" | "project" | "team" | "invitation", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
         };
         owner: {
-          authorize<K_1 extends "organization" | "ac" | "member" | "project" | "team" | "invitation">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "ac" | "member" | "project" | "team" | "invitation", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"organization" | "ac" | "member" | "project" | "team" | "invitation", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"organization" | "ac" | "member" | "project" | "team" | "invitation", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
         };
       };
+      creatorRole: "admin";
       membershipLimit: number;
       invitationLimit: number;
       invitationExpiresIn: number;
@@ -840,13 +840,13 @@ declare function createAgentsAuth(userAuthConfig?: UserAuthConfig): better_auth0
           user: better_auth0.User & Record<string, any>;
           organization: better_auth_plugins0.Organization & Record<string, any>;
         }) => Promise<void>;
-        afterUpdateMemberRole: ({
+        beforeUpdateMemberRole: ({
           member,
           organization: org,
-          previousRole
+          newRole
         }: {
           member: better_auth_plugins0.Member & Record<string, any>;
-          previousRole: string;
+          newRole: string;
           user: better_auth0.User & Record<string, any>;
           organization: better_auth_plugins0.Organization & Record<string, any>;
         }) => Promise<void>;
@@ -1104,27 +1104,28 @@ declare function createAgentsAuth(userAuthConfig?: UserAuthConfig): better_auth0
       ac: better_auth_plugins0.AccessControl;
       roles: {
         member: {
-          authorize<K_1 extends "organization" | "ac" | "member" | "project" | "team" | "invitation">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "ac" | "member" | "project" | "team" | "invitation", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"organization" | "ac" | "member" | "project" | "team" | "invitation", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"organization" | "ac" | "member" | "project" | "team" | "invitation", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
         };
         admin: {
-          authorize<K_1 extends "organization" | "ac" | "member" | "project" | "team" | "invitation">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "ac" | "member" | "project" | "team" | "invitation", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"organization" | "ac" | "member" | "project" | "team" | "invitation", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"organization" | "ac" | "member" | "project" | "team" | "invitation", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
         };
         owner: {
-          authorize<K_1 extends "organization" | "ac" | "member" | "project" | "team" | "invitation">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "ac" | "member" | "project" | "team" | "invitation", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"organization" | "ac" | "member" | "project" | "team" | "invitation", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"organization" | "ac" | "member" | "project" | "team" | "invitation", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
         };
       };
+      creatorRole: "admin";
       membershipLimit: number;
       invitationLimit: number;
       invitationExpiresIn: number;
@@ -1149,13 +1150,13 @@ declare function createAgentsAuth(userAuthConfig?: UserAuthConfig): better_auth0
           user: better_auth0.User & Record<string, any>;
           organization: better_auth_plugins0.Organization & Record<string, any>;
         }) => Promise<void>;
-        afterUpdateMemberRole: ({
+        beforeUpdateMemberRole: ({
           member,
           organization: org,
-          previousRole
+          newRole
         }: {
           member: better_auth_plugins0.Member & Record<string, any>;
-          previousRole: string;
+          newRole: string;
           user: better_auth0.User & Record<string, any>;
           organization: better_auth_plugins0.Organization & Record<string, any>;
         }) => Promise<void>;
@@ -1529,13 +1530,12 @@ declare function createAgentsAuth(userAuthConfig?: UserAuthConfig): better_auth0
       verificationUri?: string | undefined;
     }>;
   }];
-}> | null;
+}>;
 declare function createAgentsApp(config?: {
   serverConfig?: ServerConfig;
   credentialStores?: CredentialStore[];
   auth?: UserAuthConfig;
   sandboxConfig?: SandboxConfig;
-  skipInitialization?: boolean;
 }): hono0.Hono<hono_types1.BlankEnv, hono_types1.BlankSchema, "/">;
 //#endregion
-export { type SSOProviderConfig, type UserAuthConfig, createAgentsApp, createAgentsAuth, createAgentsHono, createAuth0Provider, createOIDCProvider, initializeDefaultUser };
+export { type SSOProviderConfig, type UserAuthConfig, createAgentsApp, createAgentsAuth, createAgentsHono, createAuth0Provider, createOIDCProvider };

package/dist/factory.js

@@ -1,7 +1,6 @@
 import { env } from "./env.js";
 import runDbClient_default from "./data/db/runDbClient.js";
 import { createAgentsHono } from "./createApp.js";
-import { initializeDefaultUser } from "./initialization.js";
 import { createAuth0Provider, createOIDCProvider } from "./ssoHelpers.js";
 import { CredentialStoreRegistry, createDefaultCredentialStores } from "@inkeep/agents-core";
 import { createAuth } from "@inkeep/agents-core/auth";
@@ -16,7 +15,6 @@ const defaultConfig = {
 	}
 };
 function createAgentsAuth(userAuthConfig) {
-	if (env.DISABLE_AUTH) return null;
 	return createAuth({
 		baseURL: env.INKEEP_AGENTS_API_URL || `http://localhost:3002`,
 		secret: env.BETTER_AUTH_SECRET || "development-secret-change-in-production",
@@ -26,17 +24,13 @@ function createAgentsAuth(userAuthConfig) {
 	});
 }
 function createAgentsApp(config) {
-	const serverConfig = config?.serverConfig ?? defaultConfig;
-	const registry = new CredentialStoreRegistry(config?.credentialStores ?? createDefaultCredentialStores());
-	const auth$1 = createAgentsAuth(config?.auth);
-	if (!config?.skipInitialization && env.ENVIRONMENT !== "test") initializeDefaultUser(auth$1);
 	return createAgentsHono({
-		serverConfig,
-		credentialStores: registry,
-		auth: auth$1,
+		serverConfig: config?.serverConfig ?? defaultConfig,
+		credentialStores: new CredentialStoreRegistry(config?.credentialStores ?? createDefaultCredentialStores()),
+		auth: createAgentsAuth(config?.auth),
 		sandboxConfig: config?.sandboxConfig
 	});
 }
 
 //#endregion
-export { createAgentsApp, createAgentsAuth, createAgentsHono, createAuth0Provider, createOIDCProvider, initializeDefaultUser };
+export { createAgentsApp, createAgentsAuth, createAgentsHono, createAuth0Provider, createOIDCProvider };