@inkeep/agents-api 0.45.1 → 0.45.3

package/dist/.well-known/workflow/v1/manifest.debug.json

@@ -1,5 +1,16 @@
 {
   "steps": {
+    "node_modules/.pnpm/workflow@4.0.1-beta.33_@aws-sdk+client-sts@3.970.0_@opentelemetry+api@1.9.0_@types+reac_162752afbc89dc886082698201e5b45d/node_modules/workflow/dist/internal/builtins.js": {
+      "__builtin_response_array_buffer": {
+        "stepId": "__builtin_response_array_buffer"
+      },
+      "__builtin_response_json": {
+        "stepId": "__builtin_response_json"
+      },
+      "__builtin_response_text": {
+        "stepId": "__builtin_response_text"
+      }
+    },
     "src/domains/evals/workflow/functions/runDatasetItem.ts": {
       "callChatApiStep": {
         "stepId": "step//src/domains/evals/workflow/functions/runDatasetItem.ts//callChatApiStep"
@@ -14,17 +25,6 @@
         "stepId": "step//src/domains/evals/workflow/functions/runDatasetItem.ts//logStep"
       }
     },
-    "node_modules/.pnpm/workflow@4.0.1-beta.33_@aws-sdk+client-sts@3.970.0_@opentelemetry+api@1.9.0_@types+reac_576b463f7ac3bd55d5340a4cbc23a887/node_modules/workflow/dist/internal/builtins.js": {
-      "__builtin_response_array_buffer": {
-        "stepId": "__builtin_response_array_buffer"
-      },
-      "__builtin_response_json": {
-        "stepId": "__builtin_response_json"
-      },
-      "__builtin_response_text": {
-        "stepId": "__builtin_response_text"
-      }
-    },
     "src/domains/evals/workflow/functions/evaluateConversation.ts": {
       "executeEvaluatorStep": {
         "stepId": "step//src/domains/evals/workflow/functions/evaluateConversation.ts//executeEvaluatorStep"
@@ -41,15 +41,15 @@
     }
   },
   "workflows": {
-    "src/domains/evals/workflow/functions/runDatasetItem.ts": {
-      "_runDatasetItemWorkflow": {
-        "workflowId": "workflow//src/domains/evals/workflow/functions/runDatasetItem.ts//_runDatasetItemWorkflow"
-      }
-    },
     "src/domains/evals/workflow/functions/evaluateConversation.ts": {
       "_evaluateConversationWorkflow": {
         "workflowId": "workflow//src/domains/evals/workflow/functions/evaluateConversation.ts//_evaluateConversationWorkflow"
       }
+    },
+    "src/domains/evals/workflow/functions/runDatasetItem.ts": {
+      "_runDatasetItemWorkflow": {
+        "workflowId": "workflow//src/domains/evals/workflow/functions/runDatasetItem.ts//_runDatasetItemWorkflow"
+      }
     }
   }
 }

package/dist/.well-known/workflow/v1/step.cjs

@@ -117196,7 +117196,7 @@ function getStepFunction(stepId) {
 }
 __name(getStepFunction, "getStepFunction");
 
-// ../node_modules/.pnpm/workflow@4.0.1-beta.33_@aws-sdk+client-sts@3.970.0_@opentelemetry+api@1.9.0_@types+reac_576b463f7ac3bd55d5340a4cbc23a887/node_modules/workflow/dist/internal/builtins.js
+// ../node_modules/.pnpm/workflow@4.0.1-beta.33_@aws-sdk+client-sts@3.970.0_@opentelemetry+api@1.9.0_@types+reac_162752afbc89dc886082698201e5b45d/node_modules/workflow/dist/internal/builtins.js
 async function __builtin_response_array_buffer(res) {
   return res.arrayBuffer();
 }
@@ -127187,10 +127187,10 @@ var workAppGitHubMcpToolRepositoryAccessRelations = relations(workAppGitHubMcpTo
   })
 }));
 
-// ../node_modules/.pnpm/@hono+zod-openapi@1.2.0_hono@4.11.1_zod@4.3.6/node_modules/@hono/zod-openapi/dist/index.js
+// ../node_modules/.pnpm/@hono+zod-openapi@1.2.0_hono@4.11.7_zod@4.3.6/node_modules/@hono/zod-openapi/dist/index.js
 var import_zod_to_openapi = __toESM(require_dist(), 1);
 
-// ../node_modules/.pnpm/hono@4.11.1/node_modules/hono/dist/utils/url.js
+// ../node_modules/.pnpm/hono@4.11.7/node_modules/hono/dist/utils/url.js
 var tryDecode = /* @__PURE__ */ __name((str2, decoder) => {
   try {
     return decoder(str2);
@@ -127283,10 +127283,10 @@ var getQueryParams = /* @__PURE__ */ __name((url4, key) => {
 }, "getQueryParams");
 var decodeURIComponent_ = decodeURIComponent;
 
-// ../node_modules/.pnpm/hono@4.11.1/node_modules/hono/dist/request/constants.js
+// ../node_modules/.pnpm/hono@4.11.7/node_modules/hono/dist/request/constants.js
 var GET_MATCH_RESULT = /* @__PURE__ */ Symbol();
 
-// ../node_modules/.pnpm/hono@4.11.1/node_modules/hono/dist/utils/body.js
+// ../node_modules/.pnpm/hono@4.11.7/node_modules/hono/dist/utils/body.js
 var parseBody = /* @__PURE__ */ __name(async (request, options = /* @__PURE__ */ Object.create(null)) => {
   const { all: all3 = false, dot = false } = options;
   const headers2 = request instanceof HonoRequest ? request.raw.headers : request.headers;
@@ -127365,7 +127365,7 @@ var handleParsingNestedValues = /* @__PURE__ */ __name((form, key, value) => {
   });
 }, "handleParsingNestedValues");
 
-// ../node_modules/.pnpm/hono@4.11.1/node_modules/hono/dist/request.js
+// ../node_modules/.pnpm/hono@4.11.7/node_modules/hono/dist/request.js
 var tryDecodeURIComponent = /* @__PURE__ */ __name((str2) => tryDecode(str2, decodeURIComponent_), "tryDecodeURIComponent");
 var HonoRequest = class {
   static {
@@ -127638,7 +127638,7 @@ var HonoRequest = class {
   }
 };
 
-// ../node_modules/.pnpm/hono@4.11.1/node_modules/hono/dist/router/reg-exp-router/node.js
+// ../node_modules/.pnpm/hono@4.11.7/node_modules/hono/dist/router/reg-exp-router/node.js
 var regExpMetaChars = new Set(".\\+*[^]$()");
 
 // ../node_modules/.pnpm/zod@4.3.6/node_modules/zod/v4/classic/external.js
@@ -142640,7 +142640,7 @@ __name(date5, "date");
 // ../node_modules/.pnpm/zod@4.3.6/node_modules/zod/v4/classic/external.js
 config(en_default());
 
-// ../node_modules/.pnpm/@hono+zod-openapi@1.2.0_hono@4.11.1_zod@4.3.6/node_modules/@hono/zod-openapi/dist/index.js
+// ../node_modules/.pnpm/@hono+zod-openapi@1.2.0_hono@4.11.7_zod@4.3.6/node_modules/@hono/zod-openapi/dist/index.js
 (0, import_zod_to_openapi.extendZodWithOpenApi)(external_exports);
 
 // ../packages/agents-core/dist/validation/dolt-schemas.js
@@ -145069,7 +145069,7 @@ crypto2 = globalThis.crypto?.webcrypto ?? // Node.js [18-16] REPL
 globalThis.crypto ?? // Node.js >18
 import("node:crypto").then((m4) => m4.webcrypto);
 
-// ../node_modules/.pnpm/@modelcontextprotocol+sdk@1.25.3_hono@4.11.1_zod@4.3.6/node_modules/@modelcontextprotocol/sdk/dist/esm/types.js
+// ../node_modules/.pnpm/@modelcontextprotocol+sdk@1.25.3_hono@4.11.7_zod@4.3.6/node_modules/@modelcontextprotocol/sdk/dist/esm/types.js
 var RELATED_TASK_META_KEY = "io.modelcontextprotocol/related-task";
 var JSONRPC_VERSION = "2.0";
 var AssertObjectSchema = custom((v3) => v3 !== null && (typeof v3 === "object" || typeof v3 === "function"));
@@ -146655,7 +146655,7 @@ var ServerResultSchema = union2([
   CreateTaskResultSchema
 ]);
 
-// ../node_modules/.pnpm/@modelcontextprotocol+sdk@1.25.3_hono@4.11.1_zod@4.3.6/node_modules/@modelcontextprotocol/sdk/dist/esm/shared/auth.js
+// ../node_modules/.pnpm/@modelcontextprotocol+sdk@1.25.3_hono@4.11.7_zod@4.3.6/node_modules/@modelcontextprotocol/sdk/dist/esm/shared/auth.js
 var SafeUrlSchema = url().superRefine((val, ctx) => {
   if (!URL.canParse(val)) {
     ctx.addIssue({
@@ -146800,7 +146800,7 @@ var OAuthTokenRevocationRequestSchema = object({
   token_type_hint: string2().optional()
 }).strip();
 
-// ../node_modules/.pnpm/@modelcontextprotocol+sdk@1.25.3_hono@4.11.1_zod@4.3.6/node_modules/@modelcontextprotocol/sdk/dist/esm/server/auth/errors.js
+// ../node_modules/.pnpm/@modelcontextprotocol+sdk@1.25.3_hono@4.11.7_zod@4.3.6/node_modules/@modelcontextprotocol/sdk/dist/esm/server/auth/errors.js
 var OAuthError = class extends Error {
   static {
     __name(this, "OAuthError");
@@ -147101,6 +147101,7 @@ var envSchema = external_exports.object({
   OAUTH_PROXY_PRODUCTION_URL: external_exports.string().optional().describe("OAuth proxy URL for production environment (used in local/preview environments)"),
   INKEEP_AGENTS_MANAGE_UI_URL: external_exports.string().optional().describe("URL where the management UI is hosted"),
   INKEEP_AGENTS_API_URL: external_exports.string().optional().describe("URL where the agents management API is running"),
+  AUTH_COOKIE_DOMAIN: external_exports.string().optional().describe("Explicit cookie domain for cross-subdomain auth (e.g., .inkeep.com). Required when the API and UI do not share a common 3-part parent domain."),
   GITHUB_MCP_API_KEY: external_exports.string().optional().describe("API key for the GitHub MCP")
 });
 var parseEnv = /* @__PURE__ */ __name(() => {
@@ -197260,7 +197261,7 @@ var logger13 = getLogger("JsonTransformer");
 // ../packages/agents-core/dist/utils/json-parser.js
 var import_traverse = __toESM(require_traverse(), 1);
 
-// ../node_modules/.pnpm/@modelcontextprotocol+sdk@1.25.3_hono@4.11.1_zod@4.3.6/node_modules/@modelcontextprotocol/sdk/dist/esm/validation/ajv-provider.js
+// ../node_modules/.pnpm/@modelcontextprotocol+sdk@1.25.3_hono@4.11.7_zod@4.3.6/node_modules/@modelcontextprotocol/sdk/dist/esm/validation/ajv-provider.js
 var import_ajv2 = __toESM(require_ajv(), 1);
 var import_ajv_formats = __toESM(require_dist3(), 1);
 
@@ -228778,6 +228779,7 @@ var envSchema2 = external_exports.object({
   INKEEP_AGENTS_RUN_DATABASE_URL: external_exports.string().describe("PostgreSQL connection URL for the runtime database (Doltgres with Git version control)"),
   INKEEP_AGENTS_MANAGE_UI_URL: external_exports.string().optional().describe("URL where the management UI is hosted"),
   INKEEP_AGENTS_API_URL: external_exports.string().optional().default("http://localhost:3002").describe("URL where the agents management API is running"),
+  AUTH_COOKIE_DOMAIN: external_exports.string().optional().describe("Explicit cookie domain for cross-subdomain auth (e.g., .inkeep.com). Required when the API and UI do not share a common 3-part parent domain."),
   // Authentication
   BETTER_AUTH_SECRET: external_exports.string().optional().describe("Secret key for Better Auth session encryption (change in production)"),
   INKEEP_AGENTS_MANAGE_UI_USERNAME: external_exports.string().optional().refine((val) => !val || /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(val), {
@@ -228857,55 +228859,6 @@ var runDbClient_default = runDbClient;
 
 // src/domains/evals/services/EvaluationService.ts
 var logger21 = getLogger("EvaluationService");
-function jsonSchemaToZod3(jsonSchema3) {
-  if (!jsonSchema3 || typeof jsonSchema3 !== "object") {
-    logger21.warn({
-      jsonSchema: jsonSchema3
-    }, "Invalid JSON schema provided, using string fallback");
-    return external_exports.string();
-  }
-  switch (jsonSchema3.type) {
-    case "object":
-      if (jsonSchema3.properties) {
-        const shape = {};
-        const required3 = jsonSchema3.required || [];
-        for (const [key, prop] of Object.entries(jsonSchema3.properties)) {
-          const propSchema = prop;
-          let zodType = jsonSchemaToZod3(propSchema);
-          if (propSchema.description) {
-            zodType = zodType.describe(String(propSchema.description));
-          }
-          if (!required3.includes(key)) {
-            zodType = zodType.optional();
-          }
-          shape[key] = zodType;
-        }
-        return external_exports.object(shape);
-      }
-      return external_exports.record(external_exports.string(), external_exports.unknown());
-    case "array": {
-      const itemSchema = jsonSchema3.items ? jsonSchemaToZod3(jsonSchema3.items) : external_exports.unknown();
-      return external_exports.array(itemSchema);
-    }
-    case "string":
-      return external_exports.string();
-    case "number":
-      return external_exports.number();
-    case "integer":
-      return external_exports.number().int();
-    case "boolean":
-      return external_exports.boolean();
-    case "null":
-      return external_exports.null();
-    default:
-      logger21.warn({
-        unsupportedType: jsonSchema3.type,
-        schema: jsonSchema3
-      }, "Unsupported JSON schema type, using unknown validation");
-      return external_exports.unknown();
-  }
-}
-__name(jsonSchemaToZod3, "jsonSchemaToZod");
 var EvaluationService = class {
   static {
     __name(this, "EvaluationService");
@@ -229652,7 +229605,7 @@ Return your evaluation as a JSON object matching the schema above.`;
     const providerOptions = modelConfig?.providerOptions || {};
     let resultSchema;
     try {
-      resultSchema = jsonSchemaToZod3(schema);
+      resultSchema = external_exports.fromJSONSchema(schema);
       logger21.info({
         schemaType: typeof schema,
         schemaKeys: schema && typeof schema === "object" ? Object.keys(schema) : [],

package/dist/createApp.d.ts

@@ -1,10 +1,10 @@
 import { AppConfig } from "./types/app.js";
 import "./types/index.js";
 import { Hono } from "hono";
-import * as hono_types12 from "hono/types";
+import * as hono_types3 from "hono/types";
 
 //#region src/createApp.d.ts
 declare const isWebhookRoute: (path: string) => boolean;
-declare function createAgentsHono(config: AppConfig): Hono<hono_types12.BlankEnv, hono_types12.BlankSchema, "/">;
+declare function createAgentsHono(config: AppConfig): Hono<hono_types3.BlankEnv, hono_types3.BlankSchema, "/">;
 //#endregion
 export { createAgentsHono, isWebhookRoute };

package/dist/domains/evals/routes/datasetTriggers.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono17 from "hono";
+import * as hono16 from "hono";
 
 //#region src/domains/evals/routes/datasetTriggers.d.ts
-declare const app: OpenAPIHono<hono17.Env, {}, "/">;
+declare const app: OpenAPIHono<hono16.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/evals/services/EvaluationService.js

@@ -10,46 +10,6 @@ import { z } from "zod";
 //#region src/domains/evals/services/EvaluationService.ts
 const logger = getLogger$1("EvaluationService");
 /**
-* Converts JSON Schema objects to Zod schema types
-*/
-function jsonSchemaToZod(jsonSchema) {
-	if (!jsonSchema || typeof jsonSchema !== "object") {
-		logger.warn({ jsonSchema }, "Invalid JSON schema provided, using string fallback");
-		return z.string();
-	}
-	switch (jsonSchema.type) {
-		case "object":
-			if (jsonSchema.properties) {
-				const shape = {};
-				const required = jsonSchema.required || [];
-				for (const [key, prop] of Object.entries(jsonSchema.properties)) {
-					const propSchema = prop;
-					let zodType = jsonSchemaToZod(propSchema);
-					if (propSchema.description) zodType = zodType.describe(String(propSchema.description));
-					if (!required.includes(key)) zodType = zodType.optional();
-					shape[key] = zodType;
-				}
-				return z.object(shape);
-			}
-			return z.record(z.string(), z.unknown());
-		case "array": {
-			const itemSchema = jsonSchema.items ? jsonSchemaToZod(jsonSchema.items) : z.unknown();
-			return z.array(itemSchema);
-		}
-		case "string": return z.string();
-		case "number": return z.number();
-		case "integer": return z.number().int();
-		case "boolean": return z.boolean();
-		case "null": return z.null();
-		default:
-			logger.warn({
-				unsupportedType: jsonSchema.type,
-				schema: jsonSchema
-			}, "Unsupported JSON schema type, using unknown validation");
-			return z.unknown();
-	}
-}
-/**
 * Service for running dataset items through the chat API endpoint
 */
 var EvaluationService = class {
@@ -698,7 +658,7 @@ Return your evaluation as a JSON object matching the schema above.`;
 		const providerOptions = modelConfig?.providerOptions || {};
 		let resultSchema;
 		try {
-			resultSchema = jsonSchemaToZod(schema);
+			resultSchema = z.fromJSONSchema(schema);
 			logger.info({
 				schemaType: typeof schema,
 				schemaKeys: schema && typeof schema === "object" ? Object.keys(schema) : [],

package/dist/domains/evals/workflow/routes.d.ts

@@ -1,7 +1,7 @@
 import { Hono } from "hono";
-import * as hono_types7 from "hono/types";
+import * as hono_types12 from "hono/types";
 
 //#region src/domains/evals/workflow/routes.d.ts
-declare const workflowRoutes: Hono<hono_types7.BlankEnv, hono_types7.BlankSchema, "/">;
+declare const workflowRoutes: Hono<hono_types12.BlankEnv, hono_types12.BlankSchema, "/">;
 //#endregion
 export { workflowRoutes };

package/dist/domains/manage/routes/availableAgents.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono0 from "hono";
+import * as hono17 from "hono";
 
 //#region src/domains/manage/routes/availableAgents.d.ts
-declare const app: OpenAPIHono<hono0.Env, {}, "/">;
+declare const app: OpenAPIHono<hono17.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/conversations.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono3 from "hono";
+import * as hono8 from "hono";
 
 //#region src/domains/manage/routes/conversations.d.ts
-declare const app: OpenAPIHono<hono3.Env, {}, "/">;
+declare const app: OpenAPIHono<hono8.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/index.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono13 from "hono";
+import * as hono15 from "hono";
 
 //#region src/domains/manage/routes/index.d.ts
-declare const app: OpenAPIHono<hono13.Env, {}, "/">;
+declare const app: OpenAPIHono<hono15.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/mcp.d.ts

@@ -1,7 +1,7 @@
 import { Hono } from "hono";
-import * as hono_types3 from "hono/types";
+import * as hono_types6 from "hono/types";
 
 //#region src/domains/manage/routes/mcp.d.ts
-declare const app: Hono<hono_types3.BlankEnv, hono_types3.BlankSchema, "/">;
+declare const app: Hono<hono_types6.BlankEnv, hono_types6.BlankSchema, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/signoz.d.ts

@@ -1,10 +1,10 @@
 import { ManageAppVariables } from "../../../types/app.js";
 import { Hono } from "hono";
-import * as hono_types6 from "hono/types";
+import * as hono_types11 from "hono/types";
 
 //#region src/domains/manage/routes/signoz.d.ts
 declare const app: Hono<{
   Variables: ManageAppVariables;
-}, hono_types6.BlankSchema, "/">;
+}, hono_types11.BlankSchema, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/userOrganizations.d.ts

@@ -1,10 +1,10 @@
 import { ManageAppVariables } from "../../../types/app.js";
 import { Hono } from "hono";
-import * as hono_types9 from "hono/types";
+import * as hono_types8 from "hono/types";
 
 //#region src/domains/manage/routes/userOrganizations.d.ts
 declare const userOrganizationsRoutes: Hono<{
   Variables: ManageAppVariables;
-}, hono_types9.BlankSchema, "/">;
+}, hono_types8.BlankSchema, "/">;
 //#endregion
 export { userOrganizationsRoutes as default };

package/dist/domains/mcp/routes/mcp.d.ts

@@ -1,7 +1,7 @@
 import { Hono } from "hono";
-import * as hono_types10 from "hono/types";
+import * as hono_types9 from "hono/types";
 
 //#region src/domains/mcp/routes/mcp.d.ts
-declare const app: Hono<hono_types10.BlankEnv, hono_types10.BlankSchema, "/">;
+declare const app: Hono<hono_types9.BlankEnv, hono_types9.BlankSchema, "/">;
 //#endregion
 export { app as default };

package/dist/domains/run/agents/Agent.js

@@ -18,7 +18,6 @@ import { pendingToolApprovalManager } from "../services/PendingToolApprovalManag
 import { ResponseFormatter } from "../services/ResponseFormatter.js";
 import { toolApprovalUiBus } from "../services/ToolApprovalUiBus.js";
 import { generateToolId } from "../utils/agent-operations.js";
-import { jsonSchemaToZod } from "../utils/data-component-schema.js";
 import { ArtifactCreateSchema, ArtifactReferenceSchema } from "../utils/artifact-component-schema.js";
 import { withJsonPostProcessing } from "../utils/json-postprocessor.js";
 import { calculateBreakdownTotal, estimateTokens } from "../utils/token-estimator.js";
@@ -824,7 +823,7 @@ var Agent = class {
 					}, "Function not found in functions table");
 					continue;
 				}
-				const zodSchema = jsonSchemaToZod(functionData.inputSchema);
+				const zodSchema = functionData.inputSchema ? z.fromJSONSchema(functionData.inputSchema) : z.string();
 				const toolPolicies = functionToolDef.toolPolicies;
 				const needsApproval = !!toolPolicies?.["*"]?.needsApproval || !!toolPolicies?.[functionToolDef.name]?.needsApproval;
 				const aiTool = tool({
@@ -1351,7 +1350,7 @@ var Agent = class {
 				}, "Processing tool override");
 				let inputSchema;
 				try {
-					inputSchema = override.schema ? jsonSchemaToZod(override.schema) : toolDef.inputSchema;
+					inputSchema = override.schema ? z.fromJSONSchema(override.schema) : toolDef.inputSchema;
 				} catch (schemaError) {
 					logger.error({
 						mcpToolName: mcpTool.name,
@@ -2120,8 +2119,8 @@ ${output}${structureHintsFormatted}`;
 	}
 	buildDataComponentsSchema() {
 		const componentSchemas = [];
-		if (this.config.dataComponents && this.config.dataComponents.length > 0) this.config.dataComponents.forEach((dc) => {
-			const propsSchema = jsonSchemaToZod(dc.props);
+		this.config.dataComponents?.forEach((dc) => {
+			const propsSchema = dc.props ? z.fromJSONSchema(dc.props) : z.string();
 			componentSchemas.push(z.object({
 				id: z.string(),
 				name: z.literal(dc.name),

package/dist/domains/run/agents/versions/v1/Phase1Config.js

@@ -4,8 +4,7 @@ import thinking_preparation_default from "../../../../../templates/v1/phase1/thi
 import tool_default from "../../../../../templates/v1/phase1/tool.js";
 import artifact_default from "../../../../../templates/v1/shared/artifact.js";
 import artifact_retrieval_guidance_default from "../../../../../templates/v1/shared/artifact-retrieval-guidance.js";
-import { V1_BREAKDOWN_SCHEMA } from "@inkeep/agents-core";
-import { convertZodToJsonSchema, isZodSchema } from "@inkeep/agents-core/utils/schema-conversion";
+import { V1_BREAKDOWN_SCHEMA, convertZodToJsonSchema, isZodSchema } from "@inkeep/agents-core";
 
 //#region src/domains/run/agents/versions/v1/Phase1Config.ts
 var Phase1Config = class Phase1Config {

package/dist/domains/run/services/AgentSession.js

@@ -526,7 +526,7 @@ var AgentSession = class {
 				const previousSummaryContext = previousSummaries.length > 0 ? `\nPrevious updates sent to user:\n${previousSummaries.map((s, i) => `${i + 1}. ${s}`).join("\n")}\n` : "";
 				const selectionSchema = z.object({ updates: z.array(z.union([z.object({
 					type: z.literal("no_relevant_updates"),
-					data: z.object({ no_updates: z.boolean().default(true) }).describe("Use when nothing substantially new to report. Should only use on its own.")
+					data: z.object({ no_updates: z.boolean() }).describe("Use when nothing substantially new to report. Should only use on its own.")
 				}), ...statusComponents.map((component) => z.object({
 					type: z.literal(component.type),
 					data: this.getComponentSchema(component).describe(component.description || component.type)

package/dist/domains/run/utils/artifact-component-schema.d.ts

@@ -3,10 +3,6 @@ import { ArtifactComponentApiInsert, ArtifactComponentApiSelect, DataComponentIn
 
 //#region src/domains/run/utils/artifact-component-schema.d.ts
 
-/**
- * Converts artifact component configurations to Zod schema for structured generation
- */
-declare function createArtifactComponentsSchema(artifactComponents?: ArtifactComponentApiSelect[]): z.ZodObject<{}, z.core.$strip> | z.ZodUnion<any>;
 /**
  * Standard artifact reference component schema for tool responses
  */
@@ -39,4 +35,4 @@ declare class ArtifactCreateSchema {
   static getDataComponents(tenantId: string, projectId: string | undefined, artifactComponents: Array<ArtifactComponentApiInsert | ArtifactComponentApiSelect>): DataComponentInsert[];
 }
 //#endregion
-export { ArtifactCreateSchema, ArtifactReferenceSchema, createArtifactComponentsSchema };
+export { ArtifactCreateSchema, ArtifactReferenceSchema };

package/dist/domains/run/utils/artifact-component-schema.js

@@ -1,42 +1,7 @@
-import { getLogger } from "../../../logger.js";
-import { jsonSchemaToZod } from "./data-component-schema.js";
 import { SchemaProcessor } from "./SchemaProcessor.js";
 import { z } from "@hono/zod-openapi";
 
 //#region src/domains/run/utils/artifact-component-schema.ts
-getLogger("ArtifactComponentSchema");
-/**
-* Converts artifact component configurations to Zod schema for structured generation
-*/
-function createArtifactComponentsSchema(artifactComponents) {
-	const componentSchemas = artifactComponents?.map((component) => {
-		const propsSchema = jsonSchemaToZod(component.props ? removePreviewFlags(component.props) : {});
-		return z.object({
-			id: z.string().describe(component.id),
-			name: z.literal(component.name).describe(component.name),
-			props: propsSchema
-		}).describe(`${component.name}: ${component.description}`);
-	}) || [];
-	if (componentSchemas.length === 0) return z.object({});
-	if (componentSchemas.length === 1) return componentSchemas[0];
-	return z.union(componentSchemas);
-}
-/**
-* Remove inPreview flags from schema properties (for LLM consumption)
-*/
-function removePreviewFlags(schema) {
-	const cleanSchema = { ...schema };
-	if (cleanSchema.properties) {
-		const cleanProperties = {};
-		for (const [key, prop] of Object.entries(cleanSchema.properties)) {
-			const cleanProp = { ...prop };
-			delete cleanProp.inPreview;
-			cleanProperties[key] = cleanProp;
-		}
-		cleanSchema.properties = cleanProperties;
-	}
-	return cleanSchema;
-}
 /**
 * Standard artifact reference component schema for tool responses
 */
@@ -62,7 +27,7 @@ var ArtifactReferenceSchema = class ArtifactReferenceSchema {
 		return z.object({
 			id: z.string(),
 			name: z.literal("Artifact"),
-			props: jsonSchemaToZod(ArtifactReferenceSchema.ARTIFACT_PROPS_SCHEMA)
+			props: z.fromJSONSchema(ArtifactReferenceSchema.ARTIFACT_PROPS_SCHEMA)
 		});
 	}
 	/**
@@ -126,7 +91,7 @@ var ArtifactCreateSchema = class {
 			return z.object({
 				id: z.string(),
 				name: z.literal(`ArtifactCreate_${component.name}`),
-				props: jsonSchemaToZod(propsSchema)
+				props: z.fromJSONSchema(propsSchema)
 			});
 		});
 	}
@@ -183,4 +148,4 @@ var ArtifactCreateSchema = class {
 };
 
 //#endregion
-export { ArtifactCreateSchema, ArtifactReferenceSchema, createArtifactComponentsSchema };
+export { ArtifactCreateSchema, ArtifactReferenceSchema };

package/dist/domains/run/utils/schema-validation.d.ts

@@ -1,13 +1,4 @@
 //#region src/domains/run/utils/schema-validation.d.ts
-/**
- * Clear the validator cache to free memory
- * Useful for testing or when memory usage becomes a concern
- */
-declare function clearValidatorCache(): void;
-/**
- * Get the current cache size for monitoring
- */
-declare function getValidatorCacheSize(): number;
 /**
  * Extended JSON Schema that includes preview field indicators
  */
@@ -23,15 +14,6 @@ interface ExtendedJsonSchemaProperty {
   inPreview?: boolean;
   [key: string]: any;
 }
-/**
- * Validate that a schema is valid (either JSON Schema or Zod)
- * Following the same pattern as context validation
- */
-declare function validateComponentSchema(schema: any, componentName: string): {
-  isValid: boolean;
-  error?: string;
-  validatedSchema?: ExtendedJsonSchema;
-};
 /**
  * Extract preview fields from a schema (fields marked with inPreview: true)
  */
@@ -41,4 +23,4 @@ declare function extractPreviewFields(schema: ExtendedJsonSchema): Record<string
  */
 declare function extractFullFields(schema: ExtendedJsonSchema): Record<string, any>;
 //#endregion
-export { ExtendedJsonSchema, ExtendedJsonSchemaProperty, clearValidatorCache, extractFullFields, extractPreviewFields, getValidatorCacheSize, validateComponentSchema };
+export { ExtendedJsonSchema, ExtendedJsonSchemaProperty, extractFullFields, extractPreviewFields };

package/dist/domains/run/utils/schema-validation.js

@@ -1,63 +1,4 @@
-import { getLogger } from "../../../logger.js";
-import { z } from "@hono/zod-openapi";
-import { convertZodToJsonSchemaWithPreview } from "@inkeep/agents-core/utils/schema-conversion";
-import Ajv from "ajv";
-
 //#region src/domains/run/utils/schema-validation.ts
-const logger = getLogger("SchemaValidation");
-const ajv = new Ajv({
-	allErrors: true,
-	strict: false
-});
-const validatorCache = /* @__PURE__ */ new Map();
-/**
-* Clear the validator cache to free memory
-* Useful for testing or when memory usage becomes a concern
-*/
-function clearValidatorCache() {
-	validatorCache.clear();
-}
-/**
-* Get the current cache size for monitoring
-*/
-function getValidatorCacheSize() {
-	return validatorCache.size;
-}
-/**
-* Validate that a schema is valid (either JSON Schema or Zod)
-* Following the same pattern as context validation
-*/
-function validateComponentSchema(schema, componentName) {
-	try {
-		if (schema instanceof z.ZodType) return {
-			isValid: true,
-			validatedSchema: convertZodToJsonSchemaWithPreview(schema)
-		};
-		if (!schema || typeof schema !== "object" || Array.isArray(schema)) return {
-			isValid: false,
-			error: "Schema must be a valid JSON Schema object or Zod schema"
-		};
-		const schemaKey = JSON.stringify(schema);
-		let validator = validatorCache.get(schemaKey);
-		if (!validator) {
-			validator = ajv.compile(schema);
-			validatorCache.set(schemaKey, validator);
-		}
-		return {
-			isValid: true,
-			validatedSchema: schema
-		};
-	} catch (error) {
-		logger.error({
-			componentName,
-			error: error instanceof Error ? error.message : "Unknown error"
-		}, "Invalid component schema");
-		return {
-			isValid: false,
-			error: error instanceof Error ? error.message : "Invalid JSON Schema"
-		};
-	}
-}
 /**
 * Extract preview fields from a schema (fields marked with inPreview: true)
 */
@@ -94,4 +35,4 @@ function extractFullFields(schema) {
 }
 
 //#endregion
-export { clearValidatorCache, extractFullFields, extractPreviewFields, getValidatorCacheSize, validateComponentSchema };
+export { extractFullFields, extractPreviewFields };

package/dist/env.d.ts

@@ -24,6 +24,7 @@ declare const envSchema: z.ZodObject<{
   INKEEP_AGENTS_RUN_DATABASE_URL: z.ZodString;
   INKEEP_AGENTS_MANAGE_UI_URL: z.ZodOptional<z.ZodString>;
   INKEEP_AGENTS_API_URL: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+  AUTH_COOKIE_DOMAIN: z.ZodOptional<z.ZodString>;
   BETTER_AUTH_SECRET: z.ZodOptional<z.ZodString>;
   INKEEP_AGENTS_MANAGE_UI_USERNAME: z.ZodOptional<z.ZodString>;
   INKEEP_AGENTS_MANAGE_UI_PASSWORD: z.ZodOptional<z.ZodString>;
@@ -68,6 +69,7 @@ declare const env: {
   TENANT_ID: string;
   ANTHROPIC_API_KEY: string;
   INKEEP_AGENTS_MANAGE_UI_URL?: string | undefined;
+  AUTH_COOKIE_DOMAIN?: string | undefined;
   BETTER_AUTH_SECRET?: string | undefined;
   INKEEP_AGENTS_MANAGE_UI_USERNAME?: string | undefined;
   INKEEP_AGENTS_MANAGE_UI_PASSWORD?: string | undefined;

package/dist/env.js

@@ -26,6 +26,7 @@ const envSchema = z.object({
 	INKEEP_AGENTS_RUN_DATABASE_URL: z.string().describe("PostgreSQL connection URL for the runtime database (Doltgres with Git version control)"),
 	INKEEP_AGENTS_MANAGE_UI_URL: z.string().optional().describe("URL where the management UI is hosted"),
 	INKEEP_AGENTS_API_URL: z.string().optional().default("http://localhost:3002").describe("URL where the agents management API is running"),
+	AUTH_COOKIE_DOMAIN: z.string().optional().describe("Explicit cookie domain for cross-subdomain auth (e.g., .inkeep.com). Required when the API and UI do not share a common 3-part parent domain."),
 	BETTER_AUTH_SECRET: z.string().optional().describe("Secret key for Better Auth session encryption (change in production)"),
 	INKEEP_AGENTS_MANAGE_UI_USERNAME: z.string().optional().refine((val) => !val || /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(val), { message: "Invalid email address" }).describe("Admin email address for management UI login"),
 	INKEEP_AGENTS_MANAGE_UI_PASSWORD: z.string().optional().refine((val) => !val || val.length >= 8, { message: "Password must be at least 8 characters" }).describe("Admin password for management UI login (min 8 characters)"),

package/dist/factory.d.ts

@@ -794,25 +794,25 @@ declare function createAgentsAuth(userAuthConfig?: UserAuthConfig): better_auth0
       ac: better_auth_plugins0.AccessControl;
       roles: {
         member: {
-          authorize<K_1 extends "invitation" | "member" | "organization" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>;
         };
         admin: {
-          authorize<K_1 extends "invitation" | "member" | "organization" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>;
         };
         owner: {
-          authorize<K_1 extends "invitation" | "member" | "organization" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>;
         };
       };
       creatorRole: "admin";
@@ -1104,25 +1104,25 @@ declare function createAgentsAuth(userAuthConfig?: UserAuthConfig): better_auth0
       ac: better_auth_plugins0.AccessControl;
       roles: {
         member: {
-          authorize<K_1 extends "invitation" | "member" | "organization" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>;
         };
         admin: {
-          authorize<K_1 extends "invitation" | "member" | "organization" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>;
         };
         owner: {
-          authorize<K_1 extends "invitation" | "member" | "organization" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins0.Statements>;
         };
       };
       creatorRole: "admin";

package/dist/factory.js

@@ -19,6 +19,7 @@ function createAgentsAuth(userAuthConfig) {
 		baseURL: env.INKEEP_AGENTS_API_URL || `http://localhost:3002`,
 		secret: env.BETTER_AUTH_SECRET || "development-secret-change-in-production",
 		dbClient: runDbClient_default,
+		...env.AUTH_COOKIE_DOMAIN && { cookieDomain: env.AUTH_COOKIE_DOMAIN },
 		...userAuthConfig?.ssoProviders && { ssoProviders: userAuthConfig.ssoProviders },
 		...userAuthConfig?.socialProviders && { socialProviders: userAuthConfig.socialProviders }
 	});

package/dist/index.d.ts

@@ -795,25 +795,25 @@ declare const auth: better_auth78.Auth<{
       ac: better_auth_plugins69.AccessControl;
       roles: {
         member: {
-          authorize<K_1 extends "invitation" | "member" | "organization" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key] | {
-            actions: better_auth_plugins69.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>[key] | {
+            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
-          statements: better_auth_plugins69.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins69.Statements>;
+          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>;
         };
         admin: {
-          authorize<K_1 extends "invitation" | "member" | "organization" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key] | {
-            actions: better_auth_plugins69.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>[key] | {
+            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
-          statements: better_auth_plugins69.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins69.Statements>;
+          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>;
         };
         owner: {
-          authorize<K_1 extends "invitation" | "member" | "organization" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key] | {
-            actions: better_auth_plugins69.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>[key] | {
+            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
-          statements: better_auth_plugins69.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins69.Statements>;
+          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>;
         };
       };
       creatorRole: "admin";
@@ -1105,25 +1105,25 @@ declare const auth: better_auth78.Auth<{
       ac: better_auth_plugins69.AccessControl;
       roles: {
         member: {
-          authorize<K_1 extends "invitation" | "member" | "organization" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key] | {
-            actions: better_auth_plugins69.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>[key] | {
+            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
-          statements: better_auth_plugins69.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins69.Statements>;
+          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>;
         };
         admin: {
-          authorize<K_1 extends "invitation" | "member" | "organization" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key] | {
-            actions: better_auth_plugins69.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>[key] | {
+            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
-          statements: better_auth_plugins69.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins69.Statements>;
+          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>;
         };
         owner: {
-          authorize<K_1 extends "invitation" | "member" | "organization" | "project" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key] | {
-            actions: better_auth_plugins69.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins69.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "project" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>[key] | {
+            actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
-          statements: better_auth_plugins69.Subset<"invitation" | "member" | "organization" | "project" | "team" | "ac", better_auth_plugins69.Statements>;
+          statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "project" | "ac" | "team", better_auth_plugins69.Statements>;
         };
       };
       creatorRole: "admin";

package/dist/middleware/cors.d.ts

@@ -6,10 +6,15 @@ type CorsOptions = Parameters<typeof cors>[0];
  * Extract the base domain from a hostname (e.g., 'app.preview.inkeep.com' -> 'preview.inkeep.com')
  */
 declare function getBaseDomain(hostname: string): string;
+/**
+ * Extract the registrable domain (eTLD+1) from a hostname.
+ * e.g., 'api.agents.inkeep.com' -> 'inkeep.com', 'app.inkeep.com' -> 'inkeep.com'
+ */
+declare function getRootDomain(hostname: string): string;
 /**
  * Check if a request origin is allowed for CORS
  * Development: Allow any localhost origin
- * Production: Allow same base domain or configured UI URL
+ * Production: Allow same base domain, same root domain (when UI URL is configured), or configured UI URL
  */
 declare function isOriginAllowed(origin: string | undefined): origin is string;
 /**
@@ -33,4 +38,4 @@ declare const runCorsConfig: CorsOptions;
  */
 declare const signozCorsConfig: CorsOptions;
 //#endregion
-export { authCorsConfig, defaultCorsConfig, getBaseDomain, isOriginAllowed, playgroundCorsConfig, runCorsConfig, signozCorsConfig };
+export { authCorsConfig, defaultCorsConfig, getBaseDomain, getRootDomain, isOriginAllowed, playgroundCorsConfig, runCorsConfig, signozCorsConfig };

package/dist/middleware/cors.js

@@ -10,9 +10,18 @@ function getBaseDomain(hostname) {
 	return hostname;
 }
 /**
+* Extract the registrable domain (eTLD+1) from a hostname.
+* e.g., 'api.agents.inkeep.com' -> 'inkeep.com', 'app.inkeep.com' -> 'inkeep.com'
+*/
+function getRootDomain(hostname) {
+	const parts = hostname.split(".");
+	if (parts.length >= 2) return parts.slice(-2).join(".");
+	return hostname;
+}
+/**
 * Check if a request origin is allowed for CORS
 * Development: Allow any localhost origin
-* Production: Allow same base domain or configured UI URL
+* Production: Allow same base domain, same root domain (when UI URL is configured), or configured UI URL
 */
 function isOriginAllowed(origin) {
 	if (!origin) return false;
@@ -23,6 +32,12 @@ function isOriginAllowed(origin) {
 		if (requestUrl.hostname === "localhost" || requestUrl.hostname === "127.0.0.1") return true;
 		if (uiUrl && requestUrl.hostname === uiUrl.hostname) return true;
 		if (getBaseDomain(requestUrl.hostname) === getBaseDomain(apiUrl.hostname)) return true;
+		if (uiUrl) {
+			const requestRootDomain = getRootDomain(requestUrl.hostname);
+			const apiRootDomain = getRootDomain(apiUrl.hostname);
+			const uiRootDomain = getRootDomain(uiUrl.hostname);
+			if (requestRootDomain === apiRootDomain && apiRootDomain === uiRootDomain && requestRootDomain === uiRootDomain) return true;
+		}
 		return false;
 	} catch {
 		return false;
@@ -128,4 +143,4 @@ const signozCorsConfig = {
 };
 
 //#endregion
-export { authCorsConfig, defaultCorsConfig, getBaseDomain, isOriginAllowed, playgroundCorsConfig, runCorsConfig, signozCorsConfig };
+export { authCorsConfig, defaultCorsConfig, getBaseDomain, getRootDomain, isOriginAllowed, playgroundCorsConfig, runCorsConfig, signozCorsConfig };

package/dist/middleware/evalsAuth.d.ts

@@ -1,5 +1,5 @@
 import { BaseExecutionContext } from "@inkeep/agents-core";
-import * as hono1 from "hono";
+import * as hono4 from "hono";
 
 //#region src/middleware/evalsAuth.d.ts
 
@@ -7,7 +7,7 @@ import * as hono1 from "hono";
  * Middleware to authenticate API requests using Bearer token authentication
  * First checks if token matches INKEEP_AGENTS_EVAL_API_BYPASS_SECRET,
  */
-declare const evalApiKeyAuth: () => hono1.MiddlewareHandler<{
+declare const evalApiKeyAuth: () => hono4.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };

package/dist/middleware/manageAuth.d.ts

@@ -1,5 +1,5 @@
 import { BaseExecutionContext } from "@inkeep/agents-core";
-import * as hono2 from "hono";
+import * as hono11 from "hono";
 import { createAuth } from "@inkeep/agents-core/auth";
 
 //#region src/middleware/manageAuth.d.ts
@@ -12,7 +12,7 @@ import { createAuth } from "@inkeep/agents-core/auth";
  * 3. Database API key
  * 4. Internal service token
  */
-declare const manageApiKeyAuth: () => hono2.MiddlewareHandler<{
+declare const manageApiKeyAuth: () => hono11.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
     userId?: string;

package/dist/middleware/projectAccess.d.ts

@@ -1,6 +1,6 @@
 import { ManageAppVariables } from "../types/app.js";
 import { ProjectPermissionLevel } from "@inkeep/agents-core";
-import * as hono4 from "hono";
+import * as hono12 from "hono";
 
 //#region src/middleware/projectAccess.d.ts
 /**
@@ -10,6 +10,6 @@ declare const requireProjectPermission: <Env$1 extends {
   Variables: ManageAppVariables;
 } = {
   Variables: ManageAppVariables;
-}>(permission?: ProjectPermissionLevel) => hono4.MiddlewareHandler<Env$1, string, {}, Response>;
+}>(permission?: ProjectPermissionLevel) => hono12.MiddlewareHandler<Env$1, string, {}, Response>;
 //#endregion
 export { requireProjectPermission };

package/dist/middleware/projectConfig.d.ts

@@ -1,11 +1,11 @@
 import { BaseExecutionContext, ResolvedRef } from "@inkeep/agents-core";
-import * as hono5 from "hono";
+import * as hono13 from "hono";
 
 //#region src/middleware/projectConfig.d.ts
 /**
  * Middleware that fetches the full project definition from the Management API
  */
-declare const projectConfigMiddleware: hono5.MiddlewareHandler<{
+declare const projectConfigMiddleware: hono13.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
     resolvedRef: ResolvedRef;
@@ -15,7 +15,7 @@ declare const projectConfigMiddleware: hono5.MiddlewareHandler<{
  * Creates a middleware that applies project config fetching except for specified route patterns
  * @param skipRouteCheck - Function that returns true if the route should skip the middleware
  */
-declare const projectConfigMiddlewareExcept: (skipRouteCheck: (path: string) => boolean) => hono5.MiddlewareHandler<{
+declare const projectConfigMiddlewareExcept: (skipRouteCheck: (path: string) => boolean) => hono13.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
     resolvedRef: ResolvedRef;

package/dist/middleware/requirePermission.d.ts

@@ -1,5 +1,5 @@
 import { ManageAppVariables } from "../types/app.js";
-import * as hono7 from "hono";
+import * as hono0 from "hono";
 
 //#region src/middleware/requirePermission.d.ts
 type Permission = {
@@ -9,6 +9,6 @@ declare const requirePermission: <Env$1 extends {
   Variables: ManageAppVariables;
 } = {
   Variables: ManageAppVariables;
-}>(permissions: Permission) => hono7.MiddlewareHandler<Env$1, string, {}, Response>;
+}>(permissions: Permission) => hono0.MiddlewareHandler<Env$1, string, {}, Response>;
 //#endregion
 export { requirePermission };

package/dist/middleware/runAuth.d.ts

@@ -1,8 +1,8 @@
 import { BaseExecutionContext } from "@inkeep/agents-core";
-import * as hono8 from "hono";
+import * as hono1 from "hono";
 
 //#region src/middleware/runAuth.d.ts
-declare const runApiKeyAuth: () => hono8.MiddlewareHandler<{
+declare const runApiKeyAuth: () => hono1.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };
@@ -11,7 +11,7 @@ declare const runApiKeyAuth: () => hono8.MiddlewareHandler<{
  * Creates a middleware that applies API key authentication except for specified route patterns
  * @param skipRouteCheck - Function that returns true if the route should skip authentication
  */
-declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) => hono8.MiddlewareHandler<{
+declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) => hono1.MiddlewareHandler<{
   Variables: {
     executionContext: BaseExecutionContext;
   };
@@ -20,7 +20,7 @@ declare const runApiKeyAuthExcept: (skipRouteCheck: (path: string) => boolean) =
  * Helper middleware for endpoints that optionally support API key authentication
  * If no auth header is present, it continues without setting the executionContext
  */
-declare const runOptionalAuth: () => hono8.MiddlewareHandler<{
+declare const runOptionalAuth: () => hono1.MiddlewareHandler<{
   Variables: {
     executionContext?: BaseExecutionContext;
   };

package/dist/middleware/sessionAuth.d.ts

@@ -1,4 +1,4 @@
-import * as hono11 from "hono";
+import * as hono5 from "hono";
 
 //#region src/middleware/sessionAuth.d.ts
 
@@ -7,11 +7,11 @@ import * as hono11 from "hono";
  * Requires that a user has already been authenticated via Better Auth session.
  * Used primarily for manage routes that require an active user session.
  */
-declare const sessionAuth: () => hono11.MiddlewareHandler<any, string, {}, Response>;
+declare const sessionAuth: () => hono5.MiddlewareHandler<any, string, {}, Response>;
 /**
  * Global session middleware - sets user and session in context for all routes
  * Used for all routes that require an active user session.
  */
-declare const sessionContext: () => hono11.MiddlewareHandler<any, string, {}, Response>;
+declare const sessionContext: () => hono5.MiddlewareHandler<any, string, {}, Response>;
 //#endregion
 export { sessionAuth, sessionContext };

package/dist/middleware/tenantAccess.d.ts

@@ -1,4 +1,4 @@
-import * as hono14 from "hono";
+import * as hono7 from "hono";
 
 //#region src/middleware/tenantAccess.d.ts
 
@@ -11,7 +11,7 @@ import * as hono14 from "hono";
  * - API key user: Access only to the tenant associated with the API key
  * - Session user: Access based on organization membership
  */
-declare const requireTenantAccess: () => hono14.MiddlewareHandler<{
+declare const requireTenantAccess: () => hono7.MiddlewareHandler<{
   Variables: {
     userId: string;
     tenantId: string;

package/dist/middleware/tracing.d.ts

@@ -1,7 +1,7 @@
-import * as hono15 from "hono";
+import * as hono9 from "hono";
 
 //#region src/middleware/tracing.d.ts
-declare const otelBaggageMiddleware: () => hono15.MiddlewareHandler<any, string, {}, Response>;
-declare const executionBaggageMiddleware: () => hono15.MiddlewareHandler<any, string, {}, Response>;
+declare const otelBaggageMiddleware: () => hono9.MiddlewareHandler<any, string, {}, Response>;
+declare const executionBaggageMiddleware: () => hono9.MiddlewareHandler<any, string, {}, Response>;
 //#endregion
 export { executionBaggageMiddleware, otelBaggageMiddleware };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inkeep/agents-api",
-  "version": "0.45.1",
+  "version": "0.45.3",
   "description": "Unified Inkeep Agents API - combines management, runtime, and evaluation capabilities",
   "types": "dist/index.d.ts",
   "exports": {
@@ -58,7 +58,7 @@
     "axios": "^1.13.2",
     "drizzle-orm": "^0.44.4",
     "fetch-to-node": "^2.1.0",
-    "hono": "^4.10.4",
+    "hono": "^4.11.7",
     "hono-pino": "^0.10.1",
     "jmespath": "^0.16.0",
     "jose": "^6.1.0",
@@ -66,10 +66,10 @@
     "openid-client": "^6.8.1",
     "pg": "^8.16.3",
     "workflow": "4.0.1-beta.33",
-    "@inkeep/agents-core": "^0.45.1",
-    "@inkeep/agents-manage-mcp": "^0.45.1",
-    "@inkeep/agents-mcp": "^0.45.1",
-    "@inkeep/agents-work-apps": "^0.45.1"
+    "@inkeep/agents-core": "^0.45.3",
+    "@inkeep/agents-manage-mcp": "^0.45.3",
+    "@inkeep/agents-mcp": "^0.45.3",
+    "@inkeep/agents-work-apps": "^0.45.3"
   },
   "peerDependencies": {
     "@hono/zod-openapi": "^1.1.5",

package/dist/domains/run/utils/data-component-schema.d.ts

@@ -1,2 +0,0 @@
-import { jsonSchemaToZod } from "@inkeep/agents-core";
-export { jsonSchemaToZod };

package/dist/domains/run/utils/data-component-schema.js

@@ -1,3 +0,0 @@
-import { jsonSchemaToZod } from "@inkeep/agents-core";
-
-export { jsonSchemaToZod };