@inkeep/agents-api 0.46.0 → 0.47.0

package/dist/.well-known/workflow/v1/manifest.debug.json

@@ -41,15 +41,15 @@
     }
   },
   "workflows": {
-    "src/domains/evals/workflow/functions/evaluateConversation.ts": {
-      "_evaluateConversationWorkflow": {
-        "workflowId": "workflow//src/domains/evals/workflow/functions/evaluateConversation.ts//_evaluateConversationWorkflow"
-      }
-    },
     "src/domains/evals/workflow/functions/runDatasetItem.ts": {
       "_runDatasetItemWorkflow": {
         "workflowId": "workflow//src/domains/evals/workflow/functions/runDatasetItem.ts//_runDatasetItemWorkflow"
       }
+    },
+    "src/domains/evals/workflow/functions/evaluateConversation.ts": {
+      "_evaluateConversationWorkflow": {
+        "workflowId": "workflow//src/domains/evals/workflow/functions/evaluateConversation.ts//_evaluateConversationWorkflow"
+      }
     }
   }
 }

package/dist/.well-known/workflow/v1/step.cjs

@@ -117228,32 +117228,6 @@ var schemaValidationDefaults = {
   CONTEXT_FETCHER_HTTP_TIMEOUT_MS_DEFAULT: 1e4
 };
 
-// ../packages/agents-core/dist/types/utility.js
-var TOOL_STATUS_VALUES = [
-  "healthy",
-  "unhealthy",
-  "unknown",
-  "needs_auth",
-  "unavailable"
-];
-var VALID_RELATION_TYPES = [
-  "transfer",
-  "delegate"
-];
-var MCPTransportType = {
-  streamableHttp: "streamable_http",
-  sse: "sse"
-};
-var MCPServerType = {
-  nango: "nango",
-  generic: "generic"
-};
-var CredentialStoreType = {
-  memory: "memory",
-  keychain: "keychain",
-  nango: "nango"
-};
-
 // ../packages/agents-core/dist/_virtual/rolldown_runtime.js
 var __defProp2 = Object.defineProperty;
 var __exportAll = /* @__PURE__ */ __name((all3, symbols) => {
@@ -121233,6 +121207,10 @@ function index(name18) {
   return new IndexBuilderOn(false, name18);
 }
 __name(index, "index");
+function uniqueIndex(name18) {
+  return new IndexBuilderOn(true, name18);
+}
+__name(uniqueIndex, "uniqueIndex");
 
 // ../node_modules/.pnpm/drizzle-orm@0.44.7_@electric-sql+pglite@0.3.14_@opentelemetry+api@1.9.0_@types+pg@8.16._05619ac069f36c30135eeb6e4342bbf4/node_modules/drizzle-orm/casing.js
 function toSnakeCase(input) {
@@ -126222,7 +126200,9 @@ var organization = pgTable("organization", {
   logo: text("logo"),
   createdAt: timestamp("created_at").notNull(),
   metadata: text("metadata")
-});
+}, (table) => [
+  uniqueIndex("organization_slug_uidx").on(table.slug)
+]);
 var member = pgTable("member", {
   id: text("id").primaryKey(),
   organizationId: text("organization_id").notNull().references(() => organization.id, {
@@ -126249,7 +126229,8 @@ var invitation = pgTable("invitation", {
   createdAt: timestamp("created_at").defaultNow().notNull(),
   inviterId: text("inviter_id").notNull().references(() => user.id, {
     onDelete: "cascade"
-  })
+  }),
+  authMethod: text("auth_method")
 }, (table) => [
   index("invitation_organizationId_idx").on(table.organizationId),
   index("invitation_email_idx").on(table.email)
@@ -127187,6 +127168,32 @@ var workAppGitHubMcpToolRepositoryAccessRelations = relations(workAppGitHubMcpTo
   })
 }));
 
+// ../packages/agents-core/dist/types/utility.js
+var TOOL_STATUS_VALUES = [
+  "healthy",
+  "unhealthy",
+  "unknown",
+  "needs_auth",
+  "unavailable"
+];
+var VALID_RELATION_TYPES = [
+  "transfer",
+  "delegate"
+];
+var MCPTransportType = {
+  streamableHttp: "streamable_http",
+  sse: "sse"
+};
+var MCPServerType = {
+  nango: "nango",
+  generic: "generic"
+};
+var CredentialStoreType = {
+  memory: "memory",
+  keychain: "keychain",
+  nango: "nango"
+};
+
 // ../node_modules/.pnpm/@hono+zod-openapi@1.2.0_hono@4.11.7_zod@4.3.6/node_modules/@hono/zod-openapi/dist/index.js
 var import_zod_to_openapi = __toESM(require_dist(), 1);
 
@@ -144316,6 +144323,7 @@ var FetchDefinitionSchema = external_exports.object({
   }),
   credential: CredentialReferenceApiInsertSchema.optional()
 }).openapi("FetchDefinition");
+var HeadersSchema = external_exports.record(external_exports.string(), external_exports.string("All header values must be strings"), "Must be valid JSON object");
 var ContextConfigSelectSchema = createSelectSchema2(contextConfigs).extend({
   headersSchema: external_exports.any().optional().openapi({
     type: "object",
@@ -147102,7 +147110,10 @@ var envSchema = external_exports.object({
   INKEEP_AGENTS_MANAGE_UI_URL: external_exports.string().optional().describe("URL where the management UI is hosted"),
   INKEEP_AGENTS_API_URL: external_exports.string().optional().describe("URL where the agents management API is running"),
   AUTH_COOKIE_DOMAIN: external_exports.string().optional().describe("Explicit cookie domain for cross-subdomain auth (e.g., .inkeep.com). Required when the API and UI do not share a common 3-part parent domain."),
-  GITHUB_MCP_API_KEY: external_exports.string().optional().describe("API key for the GitHub MCP")
+  GITHUB_MCP_API_KEY: external_exports.string().optional().describe("API key for the GitHub MCP"),
+  SPICEDB_ENDPOINT: external_exports.string().optional().describe("SpiceDB endpoint"),
+  SPICEDB_PRESHARED_KEY: external_exports.string().optional().describe("SpiceDB pre-shared key"),
+  SPICEDB_TLS_ENABLED: external_exports.coerce.boolean().optional().describe("SpiceDB TLS enabled")
 });
 var parseEnv = /* @__PURE__ */ __name(() => {
   try {
@@ -228857,19 +228868,6 @@ var runDbClient = createAgentsRunDatabaseClient({
 });
 var runDbClient_default = runDbClient;
 
-// src/utils/in-process-fetch.ts
-var _appFetch;
-function getInProcessFetch() {
-  if (!_appFetch) {
-    if (process.env.ENVIRONMENT === "test") {
-      return fetch;
-    }
-    throw new Error("[in-process-fetch] App fetch not registered. Call registerAppFetch() during app initialization before handling requests.");
-  }
-  return _appFetch;
-}
-__name(getInProcessFetch, "getInProcessFetch");
-
 // src/domains/evals/services/EvaluationService.ts
 var logger21 = getLogger("EvaluationService");
 var EvaluationService = class {
@@ -228964,7 +228962,7 @@ var EvaluationService = class {
       datasetRunId,
       conversationId
     }, "Running dataset item through chat API");
-    const response = await getInProcessFetch()(chatUrl, {
+    const response = await fetch(chatUrl, {
       method: "POST",
       headers: headers2,
       body: JSON.stringify(chatPayload)

package/dist/createApp.d.ts

@@ -1,10 +1,10 @@
 import { AppConfig } from "./types/app.js";
 import "./types/index.js";
 import { Hono } from "hono";
-import * as hono_types9 from "hono/types";
+import * as hono_types0 from "hono/types";
 
 //#region src/createApp.d.ts
 declare const isWebhookRoute: (path: string) => boolean;
-declare function createAgentsHono(config: AppConfig): Hono<hono_types9.BlankEnv, hono_types9.BlankSchema, "/">;
+declare function createAgentsHono(config: AppConfig): Hono<hono_types0.BlankEnv, hono_types0.BlankSchema, "/">;
 //#endregion
 export { createAgentsHono, isWebhookRoute };

package/dist/createApp.js

@@ -1,6 +1,5 @@
 import { getLogger as getLogger$1 } from "./logger.js";
 import { env } from "./env.js";
-import { getInProcessFetch, registerAppFetch } from "./utils/in-process-fetch.js";
 import { evalRoutes } from "./domains/evals/index.js";
 import { workflowRoutes } from "./domains/evals/workflow/routes.js";
 import { sessionAuth, sessionContext } from "./middleware/sessionAuth.js";
@@ -182,7 +181,7 @@ function createAgentsHono(config) {
 			headers: new Headers(c.req.raw.headers),
 			body: bodyBuffer
 		});
-		return getInProcessFetch()(forwardedRequest);
+		return fetch(forwardedRequest);
 	});
 	app.route("/evals", evalRoutes);
 	app.route("/work-apps/github", githubRoutes);
@@ -194,7 +193,6 @@ function createAgentsHono(config) {
 	});
 	const base = new Hono();
 	base.route("/", app);
-	registerAppFetch(base.request.bind(base));
 	return base;
 }
 

package/dist/domains/evals/routes/datasetTriggers.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono3 from "hono";
+import * as hono14 from "hono";
 
 //#region src/domains/evals/routes/datasetTriggers.d.ts
-declare const app: OpenAPIHono<hono3.Env, {}, "/">;
+declare const app: OpenAPIHono<hono14.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/evals/routes/index.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono5 from "hono";
+import * as hono15 from "hono";
 
 //#region src/domains/evals/routes/index.d.ts
-declare const app: OpenAPIHono<hono5.Env, {}, "/">;
+declare const app: OpenAPIHono<hono15.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/evals/services/EvaluationService.js

@@ -3,7 +3,6 @@ import { env } from "../../../env.js";
 import manageDbClient_default from "../../../data/db/manageDbClient.js";
 import manageDbPool_default from "../../../data/db/manageDbPool.js";
 import runDbClient_default from "../../../data/db/runDbClient.js";
-import { getInProcessFetch } from "../../../utils/in-process-fetch.js";
 import { ModelFactory, createEvaluationResult, createEvaluationRun, filterConversationsForJob, generateId, getConversationHistory, getEvaluationJobConfigById, getEvaluationJobConfigEvaluatorRelations, getEvaluatorById, getFullAgent, getProjectScopedRef, resolveRef, updateEvaluationResult, withRef } from "@inkeep/agents-core";
 import { generateObject, generateText } from "ai";
 import { z } from "zod";
@@ -87,7 +86,7 @@ var EvaluationService = class {
 			datasetRunId,
 			conversationId
 		}, "Running dataset item through chat API");
-		const response = await getInProcessFetch()(chatUrl, {
+		const response = await fetch(chatUrl, {
 			method: "POST",
 			headers: headers$1,
 			body: JSON.stringify(chatPayload)

package/dist/domains/evals/workflow/routes.d.ts

@@ -1,7 +1,7 @@
 import { Hono } from "hono";
-import * as hono_types7 from "hono/types";
+import * as hono_types5 from "hono/types";
 
 //#region src/domains/evals/workflow/routes.d.ts
-declare const workflowRoutes: Hono<hono_types7.BlankEnv, hono_types7.BlankSchema, "/">;
+declare const workflowRoutes: Hono<hono_types5.BlankEnv, hono_types5.BlankSchema, "/">;
 //#endregion
 export { workflowRoutes };

package/dist/domains/manage/index.js

@@ -6,20 +6,22 @@ import invitations_default from "./routes/invitations.js";
 import mcp_default from "./routes/mcp.js";
 import mcpToolGithubAccess_default from "./routes/mcpToolGithubAccess.js";
 import oauth_default from "./routes/oauth.js";
+import passwordResetLinks_default from "./routes/passwordResetLinks.js";
 import playgroundToken_default from "./routes/playgroundToken.js";
 import projectFull_default from "./routes/projectFull.js";
 import projectGithubAccess_default from "./routes/projectGithubAccess.js";
 import signoz_default from "./routes/signoz.js";
-import userOrganizations_default from "./routes/userOrganizations.js";
+import users_default from "./routes/users.js";
 import { OpenAPIHono } from "@hono/zod-openapi";
 
 //#region src/domains/manage/index.ts
 function createManageRoutes() {
 	const app = new OpenAPIHono();
-	app.route("/api/users/:userId/organizations", userOrganizations_default);
+	app.route("/api/users", users_default);
 	app.route("/api/cli", cliAuth_default);
 	app.route("/api/invitations", invitations_default);
 	app.route("/tenants/:tenantId", routes_default);
+	app.route("/tenants/:tenantId/password-reset-links", passwordResetLinks_default);
 	app.route("/tenants/:tenantId/playground/token", playgroundToken_default);
 	app.route("/tenants/:tenantId/signoz", signoz_default);
 	app.route("/tenants/:tenantId/github", github_default);

package/dist/domains/manage/routes/availableAgents.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono8 from "hono";
+import * as hono17 from "hono";
 
 //#region src/domains/manage/routes/availableAgents.d.ts
-declare const app: OpenAPIHono<hono8.Env, {}, "/">;
+declare const app: OpenAPIHono<hono17.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/availableAgents.js

@@ -2,7 +2,7 @@ import { getLogger as getLogger$1 } from "../../../logger.js";
 import { env } from "../../../env.js";
 import manageDbClient_default from "../../../data/db/manageDbClient.js";
 import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
-import { createApiError, listAgentsAcrossProjectBranches, listUsableProjectIds, verifyTempToken } from "@inkeep/agents-core";
+import { createApiError, listAgentsAcrossProjectMainBranches, listUsableProjectIds, verifyTempToken } from "@inkeep/agents-core";
 
 //#region src/domains/manage/routes/availableAgents.ts
 const logger = getLogger$1("availableAgents");
@@ -77,7 +77,7 @@ app.openapi(createRoute({
 	const { userId, tenantId } = user;
 	const projectIds = await listUsableProjectIds({ userId });
 	if (projectIds.length === 0) return c.json({ data: [] });
-	const agents = await listAgentsAcrossProjectBranches(manageDbClient_default, {
+	const agents = await listAgentsAcrossProjectMainBranches(manageDbClient_default, {
 		tenantId,
 		projectIds
 	});

package/dist/domains/manage/routes/conversations.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono16 from "hono";
+import * as hono18 from "hono";
 
 //#region src/domains/manage/routes/conversations.d.ts
-declare const app: OpenAPIHono<hono16.Env, {}, "/">;
+declare const app: OpenAPIHono<hono18.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/index.d.ts

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import * as hono2 from "hono";
+import * as hono16 from "hono";
 
 //#region src/domains/manage/routes/index.d.ts
-declare const app: OpenAPIHono<hono2.Env, {}, "/">;
+declare const app: OpenAPIHono<hono16.Env, {}, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/invitations.d.ts

@@ -1,10 +1,10 @@
 import { ManageAppVariables } from "../../../types/app.js";
 import { Hono } from "hono";
-import * as hono_types0 from "hono/types";
+import * as hono_types8 from "hono/types";
 
 //#region src/domains/manage/routes/invitations.d.ts
 declare const invitationsRoutes: Hono<{
   Variables: ManageAppVariables;
-}, hono_types0.BlankSchema, "/">;
+}, hono_types8.BlankSchema, "/">;
 //#endregion
 export { invitationsRoutes as default };

package/dist/domains/manage/routes/invitations.js

@@ -2,9 +2,68 @@ import runDbClient_default from "../../../data/db/runDbClient.js";
 import { sessionAuth } from "../../../middleware/sessionAuth.js";
 import { createApiError, getPendingInvitationsByEmail } from "@inkeep/agents-core";
 import { Hono } from "hono";
+import { HTTPException } from "hono/http-exception";
 
 //#region src/domains/manage/routes/invitations.ts
 const invitationsRoutes = new Hono();
+/**
+* GET /api/invitations/verify?email=user@example.com&id=xxx
+*
+* Unauthenticated endpoint to validate an invitation exists and get preview info.
+* Used by the accept-invitation page to pre-populate signup forms.
+*
+* Returns limited info: email, organizationName, organizationId, role, expiresAt
+*/
+invitationsRoutes.get("/verify", async (c) => {
+	const email = c.req.query("email");
+	const invitationId = c.req.query("id");
+	if (!email) throw createApiError({
+		code: "bad_request",
+		message: "Email parameter is required"
+	});
+	if (!invitationId) throw createApiError({
+		code: "bad_request",
+		message: "Invitation ID parameter is required"
+	});
+	const auth = c.get("auth");
+	if (!auth) throw createApiError({
+		code: "internal_server_error",
+		message: "Auth not configured"
+	});
+	try {
+		const invitations = await auth.api.listUserInvitations({ query: { email } });
+		const invitation = Array.isArray(invitations) ? invitations.find((inv) => inv.id === invitationId) : null;
+		if (!invitation) throw createApiError({
+			code: "not_found",
+			message: "Invitation not found"
+		});
+		const expiresAt = invitation.expiresAt ? new Date(invitation.expiresAt) : null;
+		const isExpired = expiresAt && expiresAt < /* @__PURE__ */ new Date();
+		if (!(invitation.status === "pending")) throw createApiError({
+			code: "not_found",
+			message: "Invitation is no longer valid"
+		});
+		if (isExpired) throw createApiError({
+			code: "not_found",
+			message: "Invitation has expired"
+		});
+		return c.json({
+			valid: true,
+			email: invitation.email,
+			organizationName: invitation.organizationName || null,
+			organizationId: invitation.organizationId,
+			role: invitation.role,
+			expiresAt: invitation.expiresAt
+		});
+	} catch (error) {
+		if (error instanceof HTTPException) throw error;
+		console.error("[invitations/verify] Error fetching invitation:", error);
+		throw createApiError({
+			code: "internal_server_error",
+			message: "Failed to validate invitation"
+		});
+	}
+});
 invitationsRoutes.use("*", sessionAuth());
 invitationsRoutes.get("/pending", async (c) => {
 	const email = c.req.query("email");

package/dist/domains/manage/routes/mcp.d.ts

@@ -1,7 +1,7 @@
 import { Hono } from "hono";
-import * as hono_types0 from "hono/types";
+import * as hono_types9 from "hono/types";
 
 //#region src/domains/manage/routes/mcp.d.ts
-declare const app: Hono<hono_types0.BlankEnv, hono_types0.BlankSchema, "/">;
+declare const app: Hono<hono_types9.BlankEnv, hono_types9.BlankSchema, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/{userOrganizations.d.ts → passwordResetLinks.d.ts}

@@ -2,9 +2,9 @@ import { ManageAppVariables } from "../../../types/app.js";
 import { Hono } from "hono";
 import * as hono_types11 from "hono/types";
 
-//#region src/domains/manage/routes/userOrganizations.d.ts
-declare const userOrganizationsRoutes: Hono<{
+//#region src/domains/manage/routes/passwordResetLinks.d.ts
+declare const passwordResetLinksRoutes: Hono<{
   Variables: ManageAppVariables;
 }, hono_types11.BlankSchema, "/">;
 //#endregion
-export { userOrganizationsRoutes as default };
+export { passwordResetLinksRoutes as default };

package/dist/domains/manage/routes/passwordResetLinks.js

@@ -0,0 +1,61 @@
+import { env } from "../../../env.js";
+import { sessionAuth } from "../../../middleware/sessionAuth.js";
+import { OrgRoles, createApiError, waitForPasswordResetLink } from "@inkeep/agents-core";
+import { Hono } from "hono";
+
+//#region src/domains/manage/routes/passwordResetLinks.ts
+const passwordResetLinksRoutes = new Hono();
+passwordResetLinksRoutes.use("*", sessionAuth());
+passwordResetLinksRoutes.post("/", async (c) => {
+	const tenantId = c.req.param("tenantId");
+	const { email } = await c.req.json().catch(() => ({}));
+	const userId = c.get("userId");
+	if (!tenantId) throw createApiError({
+		code: "bad_request",
+		message: "Tenant ID is required"
+	});
+	if (!userId) throw createApiError({
+		code: "unauthorized",
+		message: "Authentication required"
+	});
+	if (!email) throw createApiError({
+		code: "bad_request",
+		message: "Email is required"
+	});
+	const tenantRole = c.get("tenantRole");
+	if (!tenantRole || tenantRole !== OrgRoles.ADMIN && tenantRole !== OrgRoles.OWNER) throw createApiError({
+		code: "forbidden",
+		message: "Admin access required"
+	});
+	const auth = c.get("auth");
+	if (!auth) throw createApiError({
+		code: "internal_server_error",
+		message: "Auth not configured"
+	});
+	if (!(await auth.api.listMembers({
+		query: { organizationId: tenantId },
+		headers: c.req.raw.headers
+	})).members.some((m) => m.user.email === email)) throw createApiError({
+		code: "forbidden",
+		message: "User is not a member of this organization"
+	});
+	const redirectTo = `${env.INKEEP_AGENTS_MANAGE_UI_URL || "http://localhost:3000"}/reset-password`;
+	const linkPromise = waitForPasswordResetLink(email);
+	await auth.api.requestPasswordReset({ body: {
+		email,
+		redirectTo
+	} });
+	try {
+		const link = await linkPromise;
+		return c.json({ url: link.url });
+	} catch {
+		throw createApiError({
+			code: "internal_server_error",
+			message: "Reset link not available"
+		});
+	}
+});
+var passwordResetLinks_default = passwordResetLinksRoutes;
+
+//#endregion
+export { passwordResetLinks_default as default };

package/dist/domains/manage/routes/signoz.d.ts

@@ -1,10 +1,10 @@
 import { ManageAppVariables } from "../../../types/app.js";
 import { Hono } from "hono";
-import * as hono_types2 from "hono/types";
+import * as hono_types7 from "hono/types";
 
 //#region src/domains/manage/routes/signoz.d.ts
 declare const app: Hono<{
   Variables: ManageAppVariables;
-}, hono_types2.BlankSchema, "/">;
+}, hono_types7.BlankSchema, "/">;
 //#endregion
 export { app as default };

package/dist/domains/manage/routes/users.d.ts

@@ -0,0 +1,10 @@
+import { ManageAppVariables } from "../../../types/app.js";
+import { Hono } from "hono";
+import * as hono_types12 from "hono/types";
+
+//#region src/domains/manage/routes/users.d.ts
+declare const usersRoutes: Hono<{
+  Variables: ManageAppVariables;
+}, hono_types12.BlankSchema, "/">;
+//#endregion
+export { usersRoutes as default };

package/dist/domains/manage/routes/users.js

@@ -0,0 +1,78 @@
+import runDbClient_default from "../../../data/db/runDbClient.js";
+import { sessionAuth } from "../../../middleware/sessionAuth.js";
+import { OrgRoles, createApiError, getUserOrganizationsFromDb, getUserProvidersFromDb } from "@inkeep/agents-core";
+import { Hono } from "hono";
+
+//#region src/domains/manage/routes/users.ts
+const usersRoutes = new Hono();
+usersRoutes.use("*", sessionAuth());
+/**
+* GET /api/users/:userId/organizations
+*
+* List all organizations for a user.
+* Only allows querying own organizations.
+*/
+usersRoutes.get("/:userId/organizations", async (c) => {
+	const userId = c.req.param("userId");
+	const authenticatedUserId = c.get("userId");
+	if (!userId) throw createApiError({
+		code: "bad_request",
+		message: "User ID is required"
+	});
+	if (userId !== authenticatedUserId) throw createApiError({
+		code: "forbidden",
+		message: "Cannot access another user's organizations"
+	});
+	const userOrganizations = (await getUserOrganizationsFromDb(runDbClient_default)(userId)).map((org) => ({
+		...org,
+		createdAt: org.createdAt.toISOString()
+	}));
+	return c.json(userOrganizations);
+});
+/**
+* POST /api/users/providers
+*
+* Get authentication providers for a list of users.
+* Returns which providers each user has (e.g., 'credential', 'google', 'auth0').
+* Restricted to org admins/owners querying members of their organization.
+*
+* Body: { userIds: string[], organizationId: string }
+* Response: UserProviderInfo[]
+*/
+usersRoutes.post("/providers", async (c) => {
+	const { userIds, organizationId } = await c.req.json();
+	const authenticatedUserId = c.get("userId");
+	if (!organizationId) throw createApiError({
+		code: "bad_request",
+		message: "organizationId is required"
+	});
+	if (!userIds || !Array.isArray(userIds)) throw createApiError({
+		code: "bad_request",
+		message: "userIds array is required"
+	});
+	if (userIds.length === 0) return c.json([]);
+	const orgAccess = (await getUserOrganizationsFromDb(runDbClient_default)(authenticatedUserId)).find((org) => org.organizationId === organizationId);
+	if (!orgAccess) throw createApiError({
+		code: "forbidden",
+		message: "Access denied to this organization"
+	});
+	const role = orgAccess.role;
+	if (role !== OrgRoles.ADMIN && role !== OrgRoles.OWNER) throw createApiError({
+		code: "forbidden",
+		message: "Admin access required"
+	});
+	try {
+		const providers = await getUserProvidersFromDb(runDbClient_default)(userIds);
+		return c.json(providers);
+	} catch (error) {
+		console.error("[users/providers] Error fetching providers:", error);
+		throw createApiError({
+			code: "internal_server_error",
+			message: "Failed to fetch user providers"
+		});
+	}
+});
+var users_default = usersRoutes;
+
+//#endregion
+export { users_default as default };

package/dist/domains/mcp/routes/mcp.d.ts

@@ -1,7 +1,7 @@
 import { Hono } from "hono";
-import * as hono_types12 from "hono/types";
+import * as hono_types13 from "hono/types";
 
 //#region src/domains/mcp/routes/mcp.d.ts
-declare const app: Hono<hono_types12.BlankEnv, hono_types12.BlankSchema, "/">;
+declare const app: Hono<hono_types13.BlankEnv, hono_types13.BlankSchema, "/">;
 //#endregion
 export { app as default };

package/dist/domains/run/a2a/client.d.ts

@@ -20,7 +20,6 @@ interface A2AClientOptions {
   retryConfig?: RetryConfig;
   ref?: ResolvedRef;
   headers?: Record<string, string>;
-  fetchFn?: typeof fetch;
 }
 /**
  * A2AClient is a TypeScript HTTP client for interacting with A2A-compliant agents.
@@ -65,7 +64,6 @@ declare class A2AClient {
   private requestIdCounter;
   private serviceEndpointUrl?;
   private options;
-  private fetchFn;
   /**
    * Constructs an A2AClient instance.
    * It initiates fetching the agent card from the provided agent baseUrl.