@inkeep/agents-api 0.43.0 → 0.44.0

package/dist/domains/run/agents/Agent.js

@@ -1,4 +1,5 @@
 import { getLogger as getLogger$1 } from "../../../logger.js";
+import { env } from "../../../env.js";
 import manageDbPool_default from "../../../data/db/manageDbPool.js";
 import runDbClient_default from "../../../data/db/runDbClient.js";
 import { AGENT_EXECUTION_MAX_GENERATION_STEPS, FUNCTION_TOOL_EXECUTION_TIMEOUT_MS_DEFAULT, FUNCTION_TOOL_SANDBOX_VCPUS_DEFAULT, LLM_GENERATION_FIRST_CALL_TIMEOUT_MS_NON_STREAMING, LLM_GENERATION_FIRST_CALL_TIMEOUT_MS_STREAMING, LLM_GENERATION_MAX_ALLOWED_TIMEOUT_MS, LLM_GENERATION_SUBSEQUENT_CALL_TIMEOUT_MS } from "../constants/execution-limits/index.js";
@@ -26,7 +27,7 @@ import { SystemPromptBuilder } from "./SystemPromptBuilder.js";
 import { Phase1Config, V1_BREAKDOWN_SCHEMA } from "./versions/v1/Phase1Config.js";
 import { Phase2Config } from "./versions/v1/Phase2Config.js";
 import { z } from "@hono/zod-openapi";
-import { CredentialStuffer, JsonTransformer, MCPServerType, MCPTransportType, McpClient, ModelFactory, TemplateEngine, buildComposioMCPUrl, createMessage, generateId, getFunctionToolsForSubAgent, getLedgerArtifacts, listTaskIdsByContextId, parseEmbeddedJson, withRef } from "@inkeep/agents-core";
+import { CredentialStuffer, JsonTransformer, MCPServerType, MCPTransportType, McpClient, ModelFactory, TemplateEngine, buildComposioMCPUrl, createMessage, generateId, getFunctionToolsForSubAgent, getLedgerArtifacts, isGithubWorkAppTool, listTaskIdsByContextId, parseEmbeddedJson, withRef } from "@inkeep/agents-core";
 import { Output, generateText, streamText, tool } from "ai";
 import { SpanStatusCode, trace } from "@opentelemetry/api";
 
@@ -681,6 +682,11 @@ var Agent = class {
 				headers: agentToolRelationHeaders
 			};
 		}
+		if (isGithubWorkAppTool(tool$1)) serverConfig.headers = {
+			...serverConfig.headers,
+			"x-inkeep-tool-id": tool$1.id,
+			Authorization: `Bearer ${env.GITHUB_MCP_API_KEY}`
+		};
 		if (serverConfig.url) serverConfig.url = buildComposioMCPUrl(serverConfig.url.toString(), this.config.tenantId, this.config.projectId, isUserScoped ? "user" : "project", userId);
 		if (this.config.forwardedHeaders && Object.keys(this.config.forwardedHeaders).length > 0) serverConfig.headers = {
 			...serverConfig.headers,
@@ -1980,7 +1986,28 @@ ${typeof cleanResult === "string" ? cleanResult : JSON.stringify(cleanResult, nu
 				if (includeThinkingComplete && hasThinkingComplete && "toolResults" in currentStep && currentStep.toolResults) return true;
 			}
 		}
-		return steps.length >= this.getMaxGenerationSteps();
+		const maxSteps = this.getMaxGenerationSteps();
+		if (steps.length >= maxSteps) {
+			logger.warn({
+				subAgentId: this.config.id,
+				agentId: this.config.agentId,
+				stepsCompleted: steps.length,
+				maxSteps,
+				conversationId: this.conversationId
+			}, "Sub-agent reached maximum generation steps limit");
+			tracer.startActiveSpan("agent.max_steps_reached", { attributes: {
+				"agent.max_steps_reached": true,
+				"agent.steps_completed": steps.length,
+				"agent.max_steps": maxSteps,
+				"agent.id": this.config.agentId,
+				"subAgent.id": this.config.id
+			} }, (span) => {
+				span.addEvent("max_generation_steps_reached", { message: `Sub-agent "${this.config.id}" reached maximum generation steps (${steps.length}/${maxSteps})` });
+				span.end();
+			});
+			return true;
+		}
+		return false;
 	}
 	setupStreamParser(sessionId, contextId) {
 		const streamHelper = this.getStreamingHelper();

package/dist/domains/run/constants/execution-limits/defaults.d.ts

@@ -5,7 +5,7 @@
  */
 declare const executionLimitsDefaults: {
   readonly AGENT_EXECUTION_MAX_CONSECUTIVE_ERRORS: 3;
-  readonly AGENT_EXECUTION_MAX_GENERATION_STEPS: 5;
+  readonly AGENT_EXECUTION_MAX_GENERATION_STEPS: 50;
   readonly LLM_GENERATION_FIRST_CALL_TIMEOUT_MS_STREAMING: 270000;
   readonly LLM_GENERATION_FIRST_CALL_TIMEOUT_MS_NON_STREAMING: 90000;
   readonly LLM_GENERATION_SUBSEQUENT_CALL_TIMEOUT_MS: 90000;

package/dist/domains/run/constants/execution-limits/defaults.js

@@ -5,7 +5,7 @@
 */
 const executionLimitsDefaults = {
 	AGENT_EXECUTION_MAX_CONSECUTIVE_ERRORS: 3,
-	AGENT_EXECUTION_MAX_GENERATION_STEPS: 5,
+	AGENT_EXECUTION_MAX_GENERATION_STEPS: 50,
 	LLM_GENERATION_FIRST_CALL_TIMEOUT_MS_STREAMING: 27e4,
 	LLM_GENERATION_FIRST_CALL_TIMEOUT_MS_NON_STREAMING: 9e4,
 	LLM_GENERATION_SUBSEQUENT_CALL_TIMEOUT_MS: 9e4,

package/dist/domains/run/constants/execution-limits/index.d.ts

@@ -1,6 +1,6 @@
 import { executionLimitsDefaults } from "./defaults.js";
 
 //#region src/domains/run/constants/execution-limits/index.d.ts
-declare const AGENT_EXECUTION_MAX_CONSECUTIVE_ERRORS: 3, AGENT_EXECUTION_MAX_GENERATION_STEPS: 5, LLM_GENERATION_FIRST_CALL_TIMEOUT_MS_STREAMING: 270000, LLM_GENERATION_FIRST_CALL_TIMEOUT_MS_NON_STREAMING: 90000, LLM_GENERATION_SUBSEQUENT_CALL_TIMEOUT_MS: 90000, LLM_GENERATION_MAX_ALLOWED_TIMEOUT_MS: 600000, FUNCTION_TOOL_EXECUTION_TIMEOUT_MS_DEFAULT: 30000, FUNCTION_TOOL_SANDBOX_VCPUS_DEFAULT: 4, FUNCTION_TOOL_SANDBOX_POOL_TTL_MS: 300000, FUNCTION_TOOL_SANDBOX_MAX_USE_COUNT: 50, FUNCTION_TOOL_SANDBOX_MAX_OUTPUT_SIZE_BYTES: 1048576, FUNCTION_TOOL_SANDBOX_QUEUE_WAIT_TIMEOUT_MS: 30000, FUNCTION_TOOL_SANDBOX_CLEANUP_INTERVAL_MS: 60000, MCP_TOOL_REQUEST_TIMEOUT_MS_DEFAULT: 60000, DELEGATION_TOOL_BACKOFF_INITIAL_INTERVAL_MS: 100, DELEGATION_TOOL_BACKOFF_MAX_INTERVAL_MS: 10000, DELEGATION_TOOL_BACKOFF_EXPONENT: 2, DELEGATION_TOOL_BACKOFF_MAX_ELAPSED_TIME_MS: 20000, A2A_BACKOFF_INITIAL_INTERVAL_MS: 500, A2A_BACKOFF_MAX_INTERVAL_MS: 60000, A2A_BACKOFF_EXPONENT: 1.5, A2A_BACKOFF_MAX_ELAPSED_TIME_MS: 30000, ARTIFACT_GENERATION_MAX_RETRIES: 3, ARTIFACT_SESSION_MAX_PENDING: 100, ARTIFACT_SESSION_MAX_PREVIOUS_SUMMARIES: 3, ARTIFACT_GENERATION_BACKOFF_INITIAL_MS: 1000, ARTIFACT_GENERATION_BACKOFF_MAX_MS: 10000, SESSION_TOOL_RESULT_CACHE_TIMEOUT_MS: 300000, SESSION_CLEANUP_INTERVAL_MS: 60000, STATUS_UPDATE_DEFAULT_NUM_EVENTS: 1, STATUS_UPDATE_DEFAULT_INTERVAL_SECONDS: 2, STREAM_PARSER_MAX_SNAPSHOT_SIZE: 100, STREAM_PARSER_MAX_STREAMED_SIZE: 1000, STREAM_PARSER_MAX_COLLECTED_PARTS: 10000, STREAM_BUFFER_MAX_SIZE_BYTES: 5242880, STREAM_TEXT_GAP_THRESHOLD_MS: 2000, STREAM_MAX_LIFETIME_MS: 600000, CONVERSATION_HISTORY_DEFAULT_LIMIT: 50, CONVERSATION_ARTIFACTS_LIMIT: 12, COMPRESSION_HARD_LIMIT: 120000, COMPRESSION_SAFETY_BUFFER: 20000, COMPRESSION_ENABLED: true;
+declare const AGENT_EXECUTION_MAX_CONSECUTIVE_ERRORS: 3, AGENT_EXECUTION_MAX_GENERATION_STEPS: 50, LLM_GENERATION_FIRST_CALL_TIMEOUT_MS_STREAMING: 270000, LLM_GENERATION_FIRST_CALL_TIMEOUT_MS_NON_STREAMING: 90000, LLM_GENERATION_SUBSEQUENT_CALL_TIMEOUT_MS: 90000, LLM_GENERATION_MAX_ALLOWED_TIMEOUT_MS: 600000, FUNCTION_TOOL_EXECUTION_TIMEOUT_MS_DEFAULT: 30000, FUNCTION_TOOL_SANDBOX_VCPUS_DEFAULT: 4, FUNCTION_TOOL_SANDBOX_POOL_TTL_MS: 300000, FUNCTION_TOOL_SANDBOX_MAX_USE_COUNT: 50, FUNCTION_TOOL_SANDBOX_MAX_OUTPUT_SIZE_BYTES: 1048576, FUNCTION_TOOL_SANDBOX_QUEUE_WAIT_TIMEOUT_MS: 30000, FUNCTION_TOOL_SANDBOX_CLEANUP_INTERVAL_MS: 60000, MCP_TOOL_REQUEST_TIMEOUT_MS_DEFAULT: 60000, DELEGATION_TOOL_BACKOFF_INITIAL_INTERVAL_MS: 100, DELEGATION_TOOL_BACKOFF_MAX_INTERVAL_MS: 10000, DELEGATION_TOOL_BACKOFF_EXPONENT: 2, DELEGATION_TOOL_BACKOFF_MAX_ELAPSED_TIME_MS: 20000, A2A_BACKOFF_INITIAL_INTERVAL_MS: 500, A2A_BACKOFF_MAX_INTERVAL_MS: 60000, A2A_BACKOFF_EXPONENT: 1.5, A2A_BACKOFF_MAX_ELAPSED_TIME_MS: 30000, ARTIFACT_GENERATION_MAX_RETRIES: 3, ARTIFACT_SESSION_MAX_PENDING: 100, ARTIFACT_SESSION_MAX_PREVIOUS_SUMMARIES: 3, ARTIFACT_GENERATION_BACKOFF_INITIAL_MS: 1000, ARTIFACT_GENERATION_BACKOFF_MAX_MS: 10000, SESSION_TOOL_RESULT_CACHE_TIMEOUT_MS: 300000, SESSION_CLEANUP_INTERVAL_MS: 60000, STATUS_UPDATE_DEFAULT_NUM_EVENTS: 1, STATUS_UPDATE_DEFAULT_INTERVAL_SECONDS: 2, STREAM_PARSER_MAX_SNAPSHOT_SIZE: 100, STREAM_PARSER_MAX_STREAMED_SIZE: 1000, STREAM_PARSER_MAX_COLLECTED_PARTS: 10000, STREAM_BUFFER_MAX_SIZE_BYTES: 5242880, STREAM_TEXT_GAP_THRESHOLD_MS: 2000, STREAM_MAX_LIFETIME_MS: 600000, CONVERSATION_HISTORY_DEFAULT_LIMIT: 50, CONVERSATION_ARTIFACTS_LIMIT: 12, COMPRESSION_HARD_LIMIT: 120000, COMPRESSION_SAFETY_BUFFER: 20000, COMPRESSION_ENABLED: true;
 //#endregion
 export { A2A_BACKOFF_EXPONENT, A2A_BACKOFF_INITIAL_INTERVAL_MS, A2A_BACKOFF_MAX_ELAPSED_TIME_MS, A2A_BACKOFF_MAX_INTERVAL_MS, AGENT_EXECUTION_MAX_CONSECUTIVE_ERRORS, AGENT_EXECUTION_MAX_GENERATION_STEPS, ARTIFACT_GENERATION_BACKOFF_INITIAL_MS, ARTIFACT_GENERATION_BACKOFF_MAX_MS, ARTIFACT_GENERATION_MAX_RETRIES, ARTIFACT_SESSION_MAX_PENDING, ARTIFACT_SESSION_MAX_PREVIOUS_SUMMARIES, COMPRESSION_ENABLED, COMPRESSION_HARD_LIMIT, COMPRESSION_SAFETY_BUFFER, CONVERSATION_ARTIFACTS_LIMIT, CONVERSATION_HISTORY_DEFAULT_LIMIT, DELEGATION_TOOL_BACKOFF_EXPONENT, DELEGATION_TOOL_BACKOFF_INITIAL_INTERVAL_MS, DELEGATION_TOOL_BACKOFF_MAX_ELAPSED_TIME_MS, DELEGATION_TOOL_BACKOFF_MAX_INTERVAL_MS, FUNCTION_TOOL_EXECUTION_TIMEOUT_MS_DEFAULT, FUNCTION_TOOL_SANDBOX_CLEANUP_INTERVAL_MS, FUNCTION_TOOL_SANDBOX_MAX_OUTPUT_SIZE_BYTES, FUNCTION_TOOL_SANDBOX_MAX_USE_COUNT, FUNCTION_TOOL_SANDBOX_POOL_TTL_MS, FUNCTION_TOOL_SANDBOX_QUEUE_WAIT_TIMEOUT_MS, FUNCTION_TOOL_SANDBOX_VCPUS_DEFAULT, LLM_GENERATION_FIRST_CALL_TIMEOUT_MS_NON_STREAMING, LLM_GENERATION_FIRST_CALL_TIMEOUT_MS_STREAMING, LLM_GENERATION_MAX_ALLOWED_TIMEOUT_MS, LLM_GENERATION_SUBSEQUENT_CALL_TIMEOUT_MS, MCP_TOOL_REQUEST_TIMEOUT_MS_DEFAULT, SESSION_CLEANUP_INTERVAL_MS, SESSION_TOOL_RESULT_CACHE_TIMEOUT_MS, STATUS_UPDATE_DEFAULT_INTERVAL_SECONDS, STATUS_UPDATE_DEFAULT_NUM_EVENTS, STREAM_BUFFER_MAX_SIZE_BYTES, STREAM_MAX_LIFETIME_MS, STREAM_PARSER_MAX_COLLECTED_PARTS, STREAM_PARSER_MAX_SNAPSHOT_SIZE, STREAM_PARSER_MAX_STREAMED_SIZE, STREAM_TEXT_GAP_THRESHOLD_MS, executionLimitsDefaults };

package/dist/domains/run/context/ContextResolver.js

@@ -1,8 +1,8 @@
 import { ContextCache } from "./contextCache.js";
 import { ContextFetcher, MissingRequiredVariableError } from "./ContextFetcher.js";
 import { getLogger, getTracer, setSpanWithError } from "@inkeep/agents-core";
-import crypto from "node:crypto";
 import { SpanStatusCode } from "@opentelemetry/api";
+import crypto from "node:crypto";
 
 //#region src/domains/run/context/ContextResolver.ts
 const logger = getLogger("context-resolver");

package/dist/domains/run/context/validation.d.ts

@@ -1,5 +1,5 @@
-import { Context, Next } from "hono";
 import { CredentialStoreRegistry, FullExecutionContext } from "@inkeep/agents-core";
+import { Context, Next } from "hono";
 import { ValidateFunction } from "ajv";
 
 //#region src/domains/run/context/validation.d.ts

package/dist/domains/run/services/AgentSession.js

@@ -1129,7 +1129,11 @@ var AgentSessionManager = class {
 	recordEvent(sessionId, eventType, subAgentId, data) {
 		const session = this.sessions.get(sessionId);
 		if (!session) {
-			logger.warn({ sessionId }, "Attempted to record event in non-existent session");
+			logger.warn({
+				sessionId,
+				eventType,
+				subAgentId
+			}, "Attempted to record event in non-existent session (likely session already ended)");
 			return;
 		}
 		session.recordEvent(eventType, subAgentId, data);

package/dist/domains/run/services/BaseCompressor.js

@@ -5,8 +5,8 @@ import { getCompressionConfigForModel } from "../utils/model-context-utils.js";
 import { tracer } from "../utils/tracer.js";
 import { agentSessionManager } from "./AgentSession.js";
 import { getLedgerArtifacts } from "@inkeep/agents-core";
-import { randomUUID } from "node:crypto";
 import { SpanStatusCode } from "@opentelemetry/api";
+import { randomUUID } from "node:crypto";
 
 //#region src/domains/run/services/BaseCompressor.ts
 const logger = getLogger$1("BaseCompressor");

package/dist/domains/run/services/TriggerService.d.ts

@@ -1,5 +1,5 @@
-import { Context } from "hono";
 import { ResolvedRef } from "@inkeep/agents-core";
+import { Context } from "hono";
 
 //#region src/domains/run/services/TriggerService.d.ts
 

package/dist/domains/run/services/TriggerService.js

@@ -364,7 +364,19 @@ async function dispatchExecution(params) {
 */
 async function executeAgentAsync(params) {
 	const { tenantId, projectId, agentId, triggerId, invocationId, conversationId, userMessage, messageParts, resolvedRef } = params;
-	const baggage = propagation.createBaggage().setEntry("conversation.id", { value: conversationId }).setEntry("tenant.id", { value: tenantId }).setEntry("project.id", { value: projectId }).setEntry("agent.id", { value: agentId });
+	const project = await withRef(manageDbPool_default, resolvedRef, async (db) => {
+		return await getFullProjectWithRelationIds(db)({ scopes: {
+			tenantId,
+			projectId
+		} });
+	});
+	if (!project) throw new Error(`Project ${projectId} not found`);
+	const agent = project.agents?.[agentId];
+	if (!agent) throw new Error(`Agent ${agentId} not found in project`);
+	const defaultSubAgentId = agent.defaultSubAgentId;
+	if (!defaultSubAgentId) throw new Error(`Agent ${agentId} has no default sub-agent configured`);
+	const agentName = agent.name;
+	const baggage = propagation.createBaggage().setEntry("conversation.id", { value: conversationId }).setEntry("tenant.id", { value: tenantId }).setEntry("project.id", { value: projectId }).setEntry("agent.id", { value: agentId }).setEntry("agent.name", { value: agentName });
 	const ctxWithBaggage = propagation.setBaggage(context.active(), baggage);
 	return tracer.startActiveSpan("trigger.execute_async", {
 		root: true,
@@ -372,6 +384,7 @@ async function executeAgentAsync(params) {
 			"tenant.id": tenantId,
 			"project.id": projectId,
 			"agent.id": agentId,
+			"agent.name": agentName,
 			"trigger.id": triggerId,
 			"trigger.invocation.id": invocationId,
 			"conversation.id": conversationId,
@@ -382,6 +395,7 @@ async function executeAgentAsync(params) {
 			"tenant.id": tenantId,
 			"project.id": projectId,
 			"agent.id": agentId,
+			"agent.name": agentName,
 			"trigger.id": triggerId,
 			"trigger.invocation.id": invocationId,
 			"conversation.id": conversationId,
@@ -400,18 +414,6 @@ async function executeAgentAsync(params) {
 			conversationId
 		}, "Starting async trigger execution");
 		try {
-			const project = await withRef(manageDbPool_default, resolvedRef, async (db) => {
-				return await getFullProjectWithRelationIds(db)({ scopes: {
-					tenantId,
-					projectId
-				} });
-			});
-			if (!project) throw new Error(`Project ${projectId} not found`);
-			const agent = project.agents?.[agentId];
-			if (!agent) throw new Error(`Agent ${agentId} not found in project`);
-			const defaultSubAgentId = agent.defaultSubAgentId;
-			if (!defaultSubAgentId) throw new Error(`Agent ${agentId} has no default sub-agent configured`);
-			span.setAttribute("agent.name", agent.name || agentId);
 			await createOrGetConversation(runDbClient_default)({
 				id: conversationId,
 				tenantId,

package/dist/domains/run/tools/sandbox-utils.js

@@ -12,7 +12,7 @@ function createExecutionWrapper(executeCode, args) {
 const args = ${JSON.stringify(args, null, 2)};
 
 // User's function code
-const execute = ${executeCode}
+const execute = ${executeCode};
 
 // Execute the function and output the result
 (async () => {

package/dist/domains/run/types/executionContext.js

@@ -1,3 +1,5 @@
+import { env } from "../../../env.js";
+
 //#region src/domains/run/types/executionContext.ts
 /**
 * Extract userId from execution context metadata (when available)
@@ -16,7 +18,7 @@ function createBaseExecutionContext(params) {
 		tenantId: params.tenantId,
 		projectId: params.projectId,
 		agentId: params.agentId,
-		baseUrl: params.baseUrl || process.env.API_URL || "http://localhost:3003",
+		baseUrl: params.baseUrl || env.INKEEP_AGENTS_API_URL,
 		apiKeyId: params.apiKeyId,
 		subAgentId: params.subAgentId,
 		ref: params.ref,

package/dist/env.d.ts

@@ -37,7 +37,6 @@ declare const envSchema: z.ZodObject<{
   NANGO_SECRET_KEY: z.ZodOptional<z.ZodString>;
   OTEL_BSP_SCHEDULE_DELAY: z.ZodDefault<z.ZodOptional<z.ZodCoercedNumber<unknown>>>;
   OTEL_BSP_MAX_EXPORT_BATCH_SIZE: z.ZodDefault<z.ZodOptional<z.ZodCoercedNumber<unknown>>>;
-  DISABLE_AUTH: z.ZodPipe<z.ZodDefault<z.ZodOptional<z.ZodString>>, z.ZodTransform<boolean, string>>;
   TENANT_ID: z.ZodDefault<z.ZodOptional<z.ZodString>>;
   SIGNOZ_URL: z.ZodOptional<z.ZodString>;
   SIGNOZ_API_KEY: z.ZodOptional<z.ZodString>;
@@ -45,6 +44,12 @@ declare const envSchema: z.ZodObject<{
   ANTHROPIC_API_KEY: z.ZodString;
   OPENAI_API_KEY: z.ZodOptional<z.ZodString>;
   GOOGLE_GENERATIVE_AI_API_KEY: z.ZodOptional<z.ZodString>;
+  GITHUB_APP_ID: z.ZodOptional<z.ZodString>;
+  GITHUB_APP_PRIVATE_KEY: z.ZodOptional<z.ZodString>;
+  GITHUB_WEBHOOK_SECRET: z.ZodOptional<z.ZodString>;
+  GITHUB_STATE_SIGNING_SECRET: z.ZodOptional<z.ZodString>;
+  GITHUB_APP_NAME: z.ZodOptional<z.ZodString>;
+  GITHUB_MCP_API_KEY: z.ZodOptional<z.ZodString>;
   WORKFLOW_TARGET_WORLD: z.ZodOptional<z.ZodString>;
   WORKFLOW_POSTGRES_URL: z.ZodOptional<z.ZodString>;
   WORKFLOW_POSTGRES_JOB_PREFIX: z.ZodOptional<z.ZodString>;
@@ -60,7 +65,6 @@ declare const env: {
   NANGO_SERVER_URL: string;
   OTEL_BSP_SCHEDULE_DELAY: number;
   OTEL_BSP_MAX_EXPORT_BATCH_SIZE: number;
-  DISABLE_AUTH: boolean;
   TENANT_ID: string;
   ANTHROPIC_API_KEY: string;
   INKEEP_AGENTS_MANAGE_UI_URL?: string | undefined;
@@ -79,6 +83,12 @@ declare const env: {
   PUBLIC_SIGNOZ_URL?: string | undefined;
   OPENAI_API_KEY?: string | undefined;
   GOOGLE_GENERATIVE_AI_API_KEY?: string | undefined;
+  GITHUB_APP_ID?: string | undefined;
+  GITHUB_APP_PRIVATE_KEY?: string | undefined;
+  GITHUB_WEBHOOK_SECRET?: string | undefined;
+  GITHUB_STATE_SIGNING_SECRET?: string | undefined;
+  GITHUB_APP_NAME?: string | undefined;
+  GITHUB_MCP_API_KEY?: string | undefined;
   WORKFLOW_TARGET_WORLD?: string | undefined;
   WORKFLOW_POSTGRES_URL?: string | undefined;
   WORKFLOW_POSTGRES_JOB_PREFIX?: string | undefined;

package/dist/env.js

@@ -8,49 +8,54 @@ const envSchema = z.object({
 		"development",
 		"production",
 		"test"
-	]).default("development"),
+	]).default("development").describe("Node.js environment mode"),
 	ENVIRONMENT: z.enum([
 		"development",
 		"production",
 		"pentest",
 		"test"
-	]).default("development"),
+	]).default("development").describe("Application environment mode"),
 	LOG_LEVEL: z.enum([
 		"trace",
 		"debug",
 		"info",
 		"warn",
 		"error"
-	]).default("info"),
-	INKEEP_AGENTS_MANAGE_DATABASE_URL: z.string(),
-	INKEEP_AGENTS_RUN_DATABASE_URL: z.string(),
-	INKEEP_AGENTS_MANAGE_UI_URL: z.string().optional(),
-	INKEEP_AGENTS_API_URL: z.string().optional().default("http://localhost:3002"),
-	BETTER_AUTH_SECRET: z.string().optional(),
-	INKEEP_AGENTS_MANAGE_UI_USERNAME: z.string().optional().refine((val) => !val || /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(val), { message: "Invalid email address" }),
-	INKEEP_AGENTS_MANAGE_UI_PASSWORD: z.string().optional().refine((val) => !val || val.length >= 8, { message: "Password must be at least 8 characters" }),
-	INKEEP_AGENTS_API_BYPASS_SECRET: z.string().optional(),
-	INKEEP_AGENTS_MANAGE_API_BYPASS_SECRET: z.string().optional(),
-	INKEEP_AGENTS_RUN_API_BYPASS_SECRET: z.string().optional(),
-	INKEEP_AGENTS_EVAL_API_BYPASS_SECRET: z.string().optional(),
-	INKEEP_AGENTS_TEMP_JWT_PUBLIC_KEY: z.string().optional(),
-	INKEEP_AGENTS_TEMP_JWT_PRIVATE_KEY: z.string().optional(),
-	NANGO_SERVER_URL: z.string().optional().default("https://api.nango.dev"),
-	NANGO_SECRET_KEY: z.string().optional(),
-	OTEL_BSP_SCHEDULE_DELAY: z.coerce.number().optional().default(500),
-	OTEL_BSP_MAX_EXPORT_BATCH_SIZE: z.coerce.number().optional().default(64),
-	DISABLE_AUTH: z.string().optional().default("false").transform((val) => val === "true"),
-	TENANT_ID: z.string().optional().default("default"),
-	SIGNOZ_URL: z.string().optional(),
-	SIGNOZ_API_KEY: z.string().optional(),
-	PUBLIC_SIGNOZ_URL: z.string().optional(),
-	ANTHROPIC_API_KEY: z.string(),
-	OPENAI_API_KEY: z.string().optional(),
-	GOOGLE_GENERATIVE_AI_API_KEY: z.string().optional(),
-	WORKFLOW_TARGET_WORLD: z.string().optional(),
-	WORKFLOW_POSTGRES_URL: z.string().optional(),
-	WORKFLOW_POSTGRES_JOB_PREFIX: z.string().optional(),
-	WORKFLOW_POSTGRES_WORKER_CONCURRENCY: z.string().optional()
+	]).default("info").describe("Logging verbosity level"),
+	INKEEP_AGENTS_MANAGE_DATABASE_URL: z.string().describe("PostgreSQL connection URL for the management database (Doltgres with Git version control)"),
+	INKEEP_AGENTS_RUN_DATABASE_URL: z.string().describe("PostgreSQL connection URL for the runtime database (Doltgres with Git version control)"),
+	INKEEP_AGENTS_MANAGE_UI_URL: z.string().optional().describe("URL where the management UI is hosted"),
+	INKEEP_AGENTS_API_URL: z.string().optional().default("http://localhost:3002").describe("URL where the agents management API is running"),
+	BETTER_AUTH_SECRET: z.string().optional().describe("Secret key for Better Auth session encryption (change in production)"),
+	INKEEP_AGENTS_MANAGE_UI_USERNAME: z.string().optional().refine((val) => !val || /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(val), { message: "Invalid email address" }).describe("Admin email address for management UI login"),
+	INKEEP_AGENTS_MANAGE_UI_PASSWORD: z.string().optional().refine((val) => !val || val.length >= 8, { message: "Password must be at least 8 characters" }).describe("Admin password for management UI login (min 8 characters)"),
+	INKEEP_AGENTS_API_BYPASS_SECRET: z.string().optional().describe("API bypass secret for local development and testing (skips auth)"),
+	INKEEP_AGENTS_MANAGE_API_BYPASS_SECRET: z.string().optional().describe("Management API bypass secret for local development and testing (skips auth)"),
+	INKEEP_AGENTS_RUN_API_BYPASS_SECRET: z.string().optional().describe("Run API bypass secret for local development and testing (skips auth)"),
+	INKEEP_AGENTS_EVAL_API_BYPASS_SECRET: z.string().optional().describe("Eval API bypass secret for local development and testing (skips auth)"),
+	INKEEP_AGENTS_TEMP_JWT_PUBLIC_KEY: z.string().optional().describe("Temporary JWT public key for Playground (generate with scripts/generate-jwt-keys.sh)"),
+	INKEEP_AGENTS_TEMP_JWT_PRIVATE_KEY: z.string().optional().describe("Temporary JWT private key for Playground (generate with scripts/generate-jwt-keys.sh)"),
+	NANGO_SERVER_URL: z.string().optional().default("https://api.nango.dev").describe("Nango server URL for OAuth integrations"),
+	NANGO_SECRET_KEY: z.string().optional().describe("Nango secret key for OAuth integrations"),
+	OTEL_BSP_SCHEDULE_DELAY: z.coerce.number().optional().default(500).describe("OpenTelemetry batch span processor schedule delay in milliseconds"),
+	OTEL_BSP_MAX_EXPORT_BATCH_SIZE: z.coerce.number().optional().default(64).describe("OpenTelemetry batch span processor max export batch size"),
+	TENANT_ID: z.string().optional().default("default").describe("Default tenant ID for development"),
+	SIGNOZ_URL: z.string().optional().describe("SigNoz server URL for observability"),
+	SIGNOZ_API_KEY: z.string().optional().describe("SigNoz API key for authentication"),
+	PUBLIC_SIGNOZ_URL: z.string().optional().describe("Public SigNoz URL accessible from the browser"),
+	ANTHROPIC_API_KEY: z.string().describe("Anthropic API key for Claude models (required for agent execution). Get from https://console.anthropic.com/"),
+	OPENAI_API_KEY: z.string().optional().describe("OpenAI API key for GPT models. Get from https://platform.openai.com/"),
+	GOOGLE_GENERATIVE_AI_API_KEY: z.string().optional().describe("Google Generative AI API key for Gemini models"),
+	GITHUB_APP_ID: z.string().optional(),
+	GITHUB_APP_PRIVATE_KEY: z.string().optional(),
+	GITHUB_WEBHOOK_SECRET: z.string().optional(),
+	GITHUB_STATE_SIGNING_SECRET: z.string().min(32, "GITHUB_STATE_SIGNING_SECRET must be at least 32 characters").optional(),
+	GITHUB_APP_NAME: z.string().optional(),
+	GITHUB_MCP_API_KEY: z.string().optional().describe("API key for the GitHub MCP"),
+	WORKFLOW_TARGET_WORLD: z.string().optional().describe("Target world for workflow execution"),
+	WORKFLOW_POSTGRES_URL: z.string().optional().describe("PostgreSQL connection URL for workflow job queue"),
+	WORKFLOW_POSTGRES_JOB_PREFIX: z.string().optional().describe("Prefix for workflow job names in the queue"),
+	WORKFLOW_POSTGRES_WORKER_CONCURRENCY: z.string().optional().describe("Number of concurrent workflow workers")
 });
 const parseEnv = () => {
 	try {

package/dist/factory.d.ts

@@ -1,10 +1,9 @@
 import { SandboxConfig } from "./types/app.js";
 import "./types/index.js";
 import { createAgentsHono } from "./createApp.js";
-import { initializeDefaultUser } from "./initialization.js";
 import { createAuth0Provider, createOIDCProvider } from "./ssoHelpers.js";
-import * as hono0 from "hono";
 import { CredentialStore, ServerConfig } from "@inkeep/agents-core";
+import * as hono0 from "hono";
 import * as zod0 from "zod";
 import { SSOProviderConfig, UserAuthConfig } from "@inkeep/agents-core/auth";
 import * as hono_types1 from "hono/types";
@@ -122,11 +121,11 @@ declare function createAgentsAuth(userAuthConfig?: UserAuthConfig): better_auth0
     useSecureCookies?: boolean | undefined;
     disableCSRFCheck?: boolean | undefined;
     disableOriginCheck?: boolean | undefined;
-    crossSubDomainCookies: {
+    crossSubDomainCookies?: {
       enabled: boolean;
       additionalCookies?: string[];
       domain?: string;
-    };
+    } | undefined;
     cookies?: {
       [key: string]: {
         name?: string;
@@ -816,6 +815,7 @@ declare function createAgentsAuth(userAuthConfig?: UserAuthConfig): better_auth0
           statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
         };
       };
+      creatorRole: "admin";
       membershipLimit: number;
       invitationLimit: number;
       invitationExpiresIn: number;
@@ -1125,6 +1125,7 @@ declare function createAgentsAuth(userAuthConfig?: UserAuthConfig): better_auth0
           statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
         };
       };
+      creatorRole: "admin";
       membershipLimit: number;
       invitationLimit: number;
       invitationExpiresIn: number;
@@ -1529,13 +1530,12 @@ declare function createAgentsAuth(userAuthConfig?: UserAuthConfig): better_auth0
       verificationUri?: string | undefined;
     }>;
   }];
-}> | null;
+}>;
 declare function createAgentsApp(config?: {
   serverConfig?: ServerConfig;
   credentialStores?: CredentialStore[];
   auth?: UserAuthConfig;
   sandboxConfig?: SandboxConfig;
-  skipInitialization?: boolean;
 }): hono0.Hono<hono_types1.BlankEnv, hono_types1.BlankSchema, "/">;
 //#endregion
-export { type SSOProviderConfig, type UserAuthConfig, createAgentsApp, createAgentsAuth, createAgentsHono, createAuth0Provider, createOIDCProvider, initializeDefaultUser };
+export { type SSOProviderConfig, type UserAuthConfig, createAgentsApp, createAgentsAuth, createAgentsHono, createAuth0Provider, createOIDCProvider };

package/dist/factory.js

@@ -1,7 +1,6 @@
 import { env } from "./env.js";
 import runDbClient_default from "./data/db/runDbClient.js";
 import { createAgentsHono } from "./createApp.js";
-import { initializeDefaultUser } from "./initialization.js";
 import { createAuth0Provider, createOIDCProvider } from "./ssoHelpers.js";
 import { CredentialStoreRegistry, createDefaultCredentialStores } from "@inkeep/agents-core";
 import { createAuth } from "@inkeep/agents-core/auth";
@@ -16,7 +15,6 @@ const defaultConfig = {
 	}
 };
 function createAgentsAuth(userAuthConfig) {
-	if (env.DISABLE_AUTH) return null;
 	return createAuth({
 		baseURL: env.INKEEP_AGENTS_API_URL || `http://localhost:3002`,
 		secret: env.BETTER_AUTH_SECRET || "development-secret-change-in-production",
@@ -26,17 +24,13 @@ function createAgentsAuth(userAuthConfig) {
 	});
 }
 function createAgentsApp(config) {
-	const serverConfig = config?.serverConfig ?? defaultConfig;
-	const registry = new CredentialStoreRegistry(config?.credentialStores ?? createDefaultCredentialStores());
-	const auth$1 = createAgentsAuth(config?.auth);
-	if (!config?.skipInitialization && env.ENVIRONMENT !== "test") initializeDefaultUser(auth$1);
 	return createAgentsHono({
-		serverConfig,
-		credentialStores: registry,
-		auth: auth$1,
+		serverConfig: config?.serverConfig ?? defaultConfig,
+		credentialStores: new CredentialStoreRegistry(config?.credentialStores ?? createDefaultCredentialStores()),
+		auth: createAgentsAuth(config?.auth),
 		sandboxConfig: config?.sandboxConfig
 	});
 }
 
 //#endregion
-export { createAgentsApp, createAgentsAuth, createAgentsHono, createAuth0Provider, createOIDCProvider, initializeDefaultUser };
+export { createAgentsApp, createAgentsAuth, createAgentsHono, createAuth0Provider, createOIDCProvider };

package/dist/index.d.ts

@@ -3,7 +3,6 @@ import "./types/index.js";
 import { createAgentsHono } from "./createApp.js";
 import { NativeSandboxConfig, SandboxConfig, VercelSandboxConfig } from "./domains/run/types/executionContext.js";
 import "./env.js";
-import { initializeDefaultUser } from "./initialization.js";
 import { createAuth0Provider, createOIDCProvider } from "./ssoHelpers.js";
 import { SSOProviderConfig, UserAuthConfig, createAgentsApp } from "./factory.js";
 import { Hono } from "hono";
@@ -123,11 +122,11 @@ declare const auth: better_auth78.Auth<{
     useSecureCookies?: boolean | undefined;
     disableCSRFCheck?: boolean | undefined;
     disableOriginCheck?: boolean | undefined;
-    crossSubDomainCookies: {
+    crossSubDomainCookies?: {
       enabled: boolean;
       additionalCookies?: string[];
       domain?: string;
-    };
+    } | undefined;
     cookies?: {
       [key: string]: {
         name?: string;
@@ -817,6 +816,7 @@ declare const auth: better_auth78.Auth<{
           statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>;
         };
       };
+      creatorRole: "admin";
       membershipLimit: number;
       invitationLimit: number;
       invitationExpiresIn: number;
@@ -1126,6 +1126,7 @@ declare const auth: better_auth78.Auth<{
           statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>;
         };
       };
+      creatorRole: "admin";
       membershipLimit: number;
       invitationLimit: number;
       invitationExpiresIn: number;
@@ -1530,7 +1531,7 @@ declare const auth: better_auth78.Auth<{
       verificationUri?: string | undefined;
     }>;
   }];
-}> | null;
+}>;
 declare const app: Hono<hono_types3.BlankEnv, hono_types3.BlankSchema, "/">;
 //#endregion
-export { type AppConfig, type AppVariables, Hono, type NativeSandboxConfig, type SSOProviderConfig, type SandboxConfig, type UserAuthConfig, type VercelSandboxConfig, auth, createAgentsApp, createAgentsHono, createAuth0Provider, createOIDCProvider, app as default, initializeDefaultUser };
+export { type AppConfig, type AppVariables, Hono, type NativeSandboxConfig, type SSOProviderConfig, type SandboxConfig, type UserAuthConfig, type VercelSandboxConfig, auth, createAgentsApp, createAgentsHono, createAuth0Provider, createOIDCProvider, app as default };

package/dist/index.js

@@ -1,11 +1,10 @@
-import { env } from "./env.js";
+import "./env.js";
 import { defaultSDK } from "./instrumentation.js";
 import { createAgentsHono } from "./createApp.js";
-import { initializeDefaultUser } from "./initialization.js";
 import { createAuth0Provider, createOIDCProvider } from "./ssoHelpers.js";
 import { createAgentsApp, createAgentsAuth } from "./factory.js";
-import { Hono } from "hono";
 import { CredentialStoreRegistry, createDefaultCredentialStores } from "@inkeep/agents-core";
+import { Hono } from "hono";
 
 //#region src/index.ts
 defaultSDK.start();
@@ -52,8 +51,7 @@ const app = createAgentsHono({
 	auth,
 	sandboxConfig
 });
-if (env.ENVIRONMENT === "development") initializeDefaultUser(auth);
 var src_default = app;
 
 //#endregion
-export { Hono, auth, createAgentsApp, createAgentsHono, createAuth0Provider, createOIDCProvider, src_default as default, initializeDefaultUser };
+export { Hono, auth, createAgentsApp, createAgentsHono, createAuth0Provider, createOIDCProvider, src_default as default };

package/dist/middleware/branchScopedDb.d.ts

@@ -1,5 +1,5 @@
-import { Context, Next } from "hono";
 import { AgentsManageDatabaseClient } from "@inkeep/agents-core";
+import { Context, Next } from "hono";
 import { Pool } from "pg";
 
 //#region src/middleware/branchScopedDb.d.ts

package/dist/middleware/evalsAuth.d.ts

@@ -1,5 +1,5 @@
-import * as hono0 from "hono";
 import { BaseExecutionContext } from "@inkeep/agents-core";
+import * as hono2 from "hono";
 
 //#region src/middleware/evalsAuth.d.ts
 
@@ -7,7 +7,7 @@ import { BaseExecutionContext } from "@inkeep/agents-core";
  * Middleware to authenticate API requests using Bearer token authentication
  * First checks if token matches INKEEP_AGENTS_EVAL_API_BYPASS_SECRET,
  */
-declare const evalApiKeyAuth: () => hono0.MiddlewareHandler<{
+declare const evalApiKeyAuth: () => hono2.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };

package/dist/middleware/manageAuth.d.ts

@@ -1,5 +1,5 @@
-import * as hono4 from "hono";
 import { BaseExecutionContext } from "@inkeep/agents-core";
+import * as hono3 from "hono";
 import { createAuth } from "@inkeep/agents-core/auth";
 
 //#region src/middleware/manageAuth.d.ts
@@ -12,7 +12,7 @@ import { createAuth } from "@inkeep/agents-core/auth";
  * 3. Database API key
  * 4. Internal service token
  */
-declare const manageApiKeyAuth: () => hono4.MiddlewareHandler<{
+declare const manageApiKeyAuth: () => hono3.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
     userId?: string;

package/dist/middleware/projectAccess.d.ts

@@ -1,24 +1,15 @@
 import { ManageAppVariables } from "../types/app.js";
-import * as hono3 from "hono";
 import { ProjectPermissionLevel } from "@inkeep/agents-core";
+import * as hono4 from "hono";
 
 //#region src/middleware/projectAccess.d.ts
-
 /**
  * Middleware to check project-level access.
- *
- * When ENABLE_AUTHZ is false:
- * - 'view' permission: all org members can view
- * - 'edit': only org owner/admin
- *
- * When ENABLE_AUTHZ is true:
- * - Uses SpiceDB to check permissions
- * - Org owner/admin bypass (handled in canViewProject etc.)
  */
 declare const requireProjectPermission: <Env$1 extends {
   Variables: ManageAppVariables;
 } = {
   Variables: ManageAppVariables;
-}>(permission?: ProjectPermissionLevel) => hono3.MiddlewareHandler<Env$1, string, {}, Response>;
+}>(permission?: ProjectPermissionLevel) => hono4.MiddlewareHandler<Env$1, string, {}, Response>;
 //#endregion
 export { requireProjectPermission };