npm - @inkeep/agents-core - Versions diffs - 0.0.0-dev-20250930044500 → 0.0.0-dev-20250930181023 - Mend

@inkeep/agents-core 0.0.0-dev-20250930044500 → 0.0.0-dev-20250930181023

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.cjs CHANGED Viewed

@@ -10406,14 +10406,31 @@ var NangoCredentialStore = class {
     if (!isSupportedAuthMode(type)) {
       return null;
     }
+    const extractAccessTokenForBearerType = (tokenString) => {
+      if (tokenString && typeof tokenString === "string") {
+        try {
+          const parsedToken = JSON.parse(tokenString);
+          if (parsedToken.access_token && typeof parsedToken.access_token === "string") {
+            return parsedToken.access_token;
+          }
+        } catch {
+        }
+        return tokenString;
+      }
+      return void 0;
+    };
     switch (type) {
       case "API_KEY":
         return {
-          token: credentials.apiKey || credentials.api_key
+          token: extractAccessTokenForBearerType(
+            credentials.apiKey || credentials.api_key
+          )
         };
       case "APP":
         return {
-          token: credentials.accessToken || credentials.access_token
+          token: extractAccessTokenForBearerType(
+            credentials.accessToken || credentials.access_token
+          )
         };
       case "BASIC":
         return {
@@ -10424,7 +10441,7 @@ var NangoCredentialStore = class {
         return credentials.raw;
       case "JWT":
         return {
-          token: credentials.token
+          token: extractAccessTokenForBearerType(credentials.token)
         };
       case "OAUTH1":
         return {
@@ -10433,12 +10450,12 @@ var NangoCredentialStore = class {
         };
       case "OAUTH2":
         return {
-          token: credentials.access_token,
+          token: extractAccessTokenForBearerType(credentials.access_token),
           refresh_token: credentials.refresh_token
         };
       case "OAUTH2_CC":
         return {
-          token: credentials.token,
+          token: extractAccessTokenForBearerType(credentials.token),
           client_certificate: credentials.client_certificate,
           client_id: credentials.client_id,
           client_private_key: credentials.client_private_key,
@@ -10464,6 +10481,104 @@ var NangoCredentialStore = class {
     }
     return result;
   }
+  /**
+   * Fetch a specific Nango integration
+   */
+  async fetchNangoIntegration(uniqueKey) {
+    try {
+      const response = await this.nangoClient.getIntegration(
+        { uniqueKey },
+        { include: ["credentials"] }
+      );
+      const integration = response.data;
+      let areCredentialsSet = false;
+      if (integration.credentials?.type === "OAUTH2" || integration.credentials?.type === "OAUTH1" || integration.credentials?.type === "TBA") {
+        areCredentialsSet = !!(integration.credentials?.client_id && integration.credentials?.client_secret);
+      } else if (integration.credentials?.type === "APP") {
+        areCredentialsSet = !!(integration.credentials?.app_id && integration.credentials?.app_link);
+      } else {
+        areCredentialsSet = true;
+      }
+      const { credentials: _credentials, ...integrationWithoutCredentials } = integration;
+      return {
+        ...integrationWithoutCredentials,
+        areCredentialsSet
+      };
+    } catch (error) {
+      if (error && typeof error === "object" && "status" in error && error.status === 404) {
+        return null;
+      }
+      console.error(`Failed to fetch integration ${uniqueKey}:`, error);
+      return null;
+    }
+  }
+  /**
+   * Create an API key credential by setting up Nango integration and importing the connection
+   */
+  async createNangoApiKeyConnection({
+    name,
+    apiKeyToSet,
+    metadata
+  }) {
+    const provider = "private-api-bearer";
+    try {
+      let integration;
+      try {
+        const response2 = await this.nangoClient.createIntegration({
+          provider,
+          unique_key: name,
+          display_name: name
+        });
+        integration = response2.data;
+      } catch (error) {
+        const existingIntegration = await this.fetchNangoIntegration(name);
+        if (existingIntegration) {
+          integration = existingIntegration;
+        } else {
+          console.log(`Integration creation failed for unexpected reasons`, error);
+        }
+      }
+      if (!integration) {
+        throw new Error(`Integration '${name}' not found`);
+      }
+      const importConnectionUrl = `${process.env.NANGO_SERVER_URL || "https://api.nango.dev"}/connections`;
+      const credentials = {
+        type: "API_KEY",
+        apiKey: apiKeyToSet
+      };
+      const body = {
+        provider_config_key: integration.unique_key,
+        connection_id: name,
+        metadata,
+        credentials
+      };
+      const response = await fetch(importConnectionUrl, {
+        method: "POST",
+        headers: {
+          Authorization: `Bearer ${process.env.NANGO_SECRET_KEY}`,
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify(body)
+      });
+      if (!response.ok) {
+        throw new Error(
+          `Failed to import connection: HTTP ${response.status} - ${response.statusText}`
+        );
+      }
+    } catch (error) {
+      console.error("Unexpected error creating API key credential:", error);
+      logger11.error(
+        {
+          error: error instanceof Error ? error.message : "Unknown error",
+          name
+        },
+        `Unexpected error creating API key credential '${name}'`
+      );
+      throw new Error(
+        `Failed to create API key credential '${name}': ${error instanceof Error ? error.message : "Unknown error"}`
+      );
+    }
+  }
   /**
    * Fetch credentials from Nango API using connection information
    * @param connectionId - The connection ID for the Nango connection
@@ -10553,8 +10668,12 @@ var NangoCredentialStore = class {
   /**
    * Set credentials - not supported for Nango (OAuth flow handles this)
    */
-  async set(_key, _value) {
-    throw new Error("Setting credentials not supported for Nango store - use OAuth flow instead");
+  async set(key, value) {
+    await this.createNangoApiKeyConnection({
+      name: key,
+      apiKeyToSet: value,
+      metadata: {}
+    });
   }
   /**
    * Check if credentials exist by attempting to fetch them
@@ -10648,7 +10767,16 @@ function createDefaultCredentialStores() {
       })
     );
   }
-  stores.push(createKeyChainStore("keychain-default"));
+  if (process.env.ENABLE_KEYCHAIN_STORE === "true") {
+    try {
+      stores.push(createKeyChainStore("keychain-default"));
+    } catch (error) {
+      console.warn(
+        "Failed to create keychain store:",
+        error instanceof Error ? error.message : error
+      );
+    }
+  }
   return stores;
 }
 var loadEnvironmentFiles = () => {
@@ -10968,7 +11096,6 @@ exports.createExternalAgentRelation = createExternalAgentRelation;
 exports.createFullGraphServerSide = createFullGraphServerSide;
 exports.createFullProjectServerSide = createFullProjectServerSide;
 exports.createInMemoryDatabaseClient = createInMemoryDatabaseClient;
-exports.createKeyChainStore = createKeyChainStore;
 exports.createMessage = createMessage;
 exports.createNangoCredentialStore = createNangoCredentialStore;
 exports.createOrGetConversation = createOrGetConversation;

package/dist/index.d.cts CHANGED Viewed

@@ -452,35 +452,6 @@ declare class KeyChainStore implements CredentialStore {
      */
     clearAll(): Promise<number>;
 }
-/**
- * Factory function to create KeyChainStore
- * Provides consistent initialization and optional configuration
- *
- * ## Usage Recommendations for macOS Permission Handling
- *
- * 1. **First-time setup**: Inform users that they may see permission prompts
- * 2. **Error handling**: Check for `null` returns from `get()` operations
- * 3. **User guidance**: If credentials can't be retrieved, guide users to:
- *    - Check Keychain Access app for denied permissions
- *    - Re-run the application if they accidentally clicked "Deny"
- * 4. **Development**: Use a consistent `servicePrefix` to avoid permission prompt spam
- * 5. **Production**: Consider code-signing your distributed app for better permission prompts
- *
- * Example usage with permission handling:
- * ```typescript
- * const store = createKeyChainStore('my-app');
- *
- * // Always check for null when retrieving
- * const apiKey = await store.get('api-key');
- * if (!apiKey) {
- *   console.log('API key not found or access denied');
- *   // Guide user to check permissions or re-enter credentials
- * }
- * ```
- */
-declare function createKeyChainStore(id: string, options?: {
-    servicePrefix?: string;
-}): KeyChainStore;
 /**
  * In-memory credential store implementation
@@ -536,6 +507,14 @@ declare class NangoCredentialStore implements CredentialStore {
     constructor(id: string, config: NangoConfig);
     private getAccessToken;
     private sanitizeMetadata;
+    /**
+     * Fetch a specific Nango integration
+     */
+    private fetchNangoIntegration;
+    /**
+     * Create an API key credential by setting up Nango integration and importing the connection
+     */
+    private createNangoApiKeyConnection;
     /**
      * Fetch credentials from Nango API using connection information
      * @param connectionId - The connection ID for the Nango connection
@@ -551,7 +530,7 @@ declare class NangoCredentialStore implements CredentialStore {
     /**
      * Set credentials - not supported for Nango (OAuth flow handles this)
      */
-    set(_key: string, _value: string): Promise<void>;
+    set(key: string, value: string): Promise<void>;
     /**
      * Check if credentials exist by attempting to fetch them
      */
@@ -3906,4 +3885,4 @@ declare function setSpanWithError(span: Span, error: unknown, logger?: {
  */
 declare function getTracer(serviceName: string, serviceVersion?: string): Tracer;
-export { AgentGraphInsert, AgentGraphUpdate, AgentInsert, AgentRelationInsert, AgentRelationUpdate, AgentScopeConfig, AgentSelect, AgentToolRelationUpdate, AgentUpdate, ApiKeyCreateResult, type ApiKeyGenerationResult, ApiKeyInsert, ApiKeySelect, ApiKeyUpdate, Artifact, ArtifactComponentInsert, ArtifactComponentSelect, ArtifactComponentUpdate, type CommonCreateErrorResponses, type CommonDeleteErrorResponses, type CommonGetErrorResponses, type CommonUpdateErrorResponses, ContextCache, ContextCacheInsert, ContextCacheSelect, ContextConfigBuilder, type ContextConfigBuilderOptions, ContextConfigInsert, ContextConfigSelect, ContextConfigUpdate, ContextFetchDefinition, ContextFetcher, type ContextResolutionOptions, type ContextResolutionResult, ContextResolver, type ContextResolverInterface, type ContextValidationError, type ContextValidationResult, ConversationHistoryConfig, ConversationInsert, ConversationMetadata, ConversationSelect, ConversationUpdate, CreateApiKeyParams, type CredentialContext, type CredentialData, CredentialReferenceApiInsert, CredentialReferenceInsert, CredentialReferenceSelect, CredentialReferenceUpdate, type CredentialReferenceWithTools, type CredentialResolverInput, CredentialStore, type CredentialStoreReference, CredentialStoreRegistry, CredentialStoreType, CredentialStuffer, DataComponentInsert, DataComponentSelect, DataComponentUpdate, type DatabaseClient, type DatabaseConfig, type DotPaths, ERROR_DOCS_BASE_URL, ErrorCode, type ErrorCodes, type ErrorResponse, ExecutionContext, ExternalAgentInsert, ExternalAgentRelationInsert, ExternalAgentSelect, ExternalAgentUpdate, type FetchResult, FullGraphDefinition, FullProjectDefinition, type GraphLogger, GraphScopeConfig, HTTP_REQUEST_PARTS, type HttpRequestPart, InMemoryCredentialStore, KeyChainStore, LedgerArtifactSelect, type LoggerFactoryConfig, MCPToolConfig, MCPTransportType, McpClient, type McpClientOptions, type McpSSEConfig, type McpServerConfig, type McpStreamableHttpConfig, McpTool, MessageContent, MessageInsert, MessageMetadata, MessageUpdate, MessageVisibility, NangoCredentialStore, type OAuthConfig, PaginationConfig, PaginationResult, type ParsedHttpRequest, PinoLogger, type PinoLoggerConfig, type ProblemDetails, ProjectInfo, ProjectInsert, type ProjectLogger, ProjectResourceCounts, ProjectScopeConfig, ProjectSelect, ProjectUpdate, type ResolvedContext, TaskInsert, TaskMetadataConfig, TaskSelect, type TemplateContext, TemplateEngine, type TemplateRenderOptions, ToolInsert, ToolMcpConfig, ToolSelect, ToolServerCapabilities, ToolUpdate, addLedgerArtifacts, addToolToAgent, associateArtifactComponentWithAgent, associateDataComponentWithAgent, cleanupTenantCache, clearContextConfigCache, clearConversationCache, commonCreateErrorResponses, commonDeleteErrorResponses, commonGetErrorResponses, commonUpdateErrorResponses, contextConfig, contextValidationMiddleware, countApiKeys, countArtifactComponents, countArtifactComponentsForAgent, countContextConfigs, countCredentialReferences, countDataComponents, countExternalAgents, countLedgerArtifactsByTask, countMessagesByConversation, countProjects, createAgent, createAgentGraph, createAgentRelation, createAgentToolRelation, createApiError, createApiKey, createArtifactComponent, createContextConfig, createConversation, createCredentialReference, createDataComponent, createDatabaseClient, createDefaultCredentialStores, createExecutionContext, createExternalAgent, createExternalAgentRelation, createFullGraphServerSide, createFullProjectServerSide, createInMemoryDatabaseClient, createKeyChainStore, createMessage, createNangoCredentialStore, createOrGetConversation, createProject, createTask, createTool, createValidatedDataAccess, dbResultToMcpTool, deleteAgent, deleteAgentArtifactComponentRelationByAgent, deleteAgentDataComponentRelationByAgent, deleteAgentGraph, deleteAgentRelation, deleteAgentRelationsByGraph, deleteAgentToolRelation, deleteAgentToolRelationByAgent, deleteApiKey, deleteArtifactComponent, deleteContextConfig, deleteConversation, deleteCredentialReference, deleteDataComponent, deleteExternalAgent, deleteFullGraph, deleteFullProject, deleteLedgerArtifactsByContext, deleteLedgerArtifactsByTask, deleteMessage, deleteProject, deleteTool, detectAuthenticationRequired, determineContextTrigger, discoverOAuthEndpoints, errorResponseSchema, errorSchemaFactory, externalAgentExists, externalAgentUrlExists, extractPublicId, fetchComponentRelationships, fetchDefinition, generateAndCreateApiKey, generateApiKey, getActiveAgentForConversation, getAgentById, getAgentGraphById, getAgentGraphWithDefaultAgent, getAgentRelationById, getAgentRelationByParams, getAgentRelations, getAgentRelationsByGraph, getAgentRelationsBySource, getAgentRelationsByTarget, getAgentToolRelationByAgent, getAgentToolRelationById, getAgentToolRelationByTool, getAgentsByIds, getAgentsForTool, getAgentsUsingArtifactComponent, getAgentsUsingDataComponent, getApiKeyById, getApiKeyByPublicId, getArtifactComponentById, getArtifactComponentsForAgent, getCacheEntry, getCachedValidator, getContextConfigById, getContextConfigCacheEntries, getContextConfigsByName, getConversation, getConversationCacheEntries, getConversationHistory, getCredentialReference, getCredentialReferenceById, getCredentialReferenceWithTools, getCredentialStoreLookupKeyFromRetrievalParams, getDataComponent, getDataComponentsForAgent, getExternalAgent, getExternalAgentByUrl, getExternalAgentRelations, getFullGraph, getFullGraphDefinition, getFullProject, getGraphAgentInfos, getLedgerArtifacts, getLedgerArtifactsByContext, getLogger, getMessageById, getMessagesByConversation, getMessagesByTask, getProject, getProjectResourceCounts, getRelatedAgentsForGraph, getRequestExecutionContext, getTask, getToolById, getToolsForAgent, getTracer, getVisibleMessages, graphHasArtifactComponents, handleApiError, handleContextConfigChange, handleContextResolution, hasApiKey, hasContextConfig, hasCredentialReference, hashApiKey, invalidateInvocationDefinitionsCache, invalidateRequestContextCache, isApiKeyExpired, isArtifactComponentAssociatedWithAgent, isDataComponentAssociatedWithAgent, isValidHttpRequest, listAgentGraphs, listAgentGraphsPaginated, listAgentRelations, listAgentToolRelations, listAgents, listAgentsPaginated, listApiKeys, listApiKeysPaginated, listArtifactComponents, listArtifactComponentsPaginated, listContextConfigs, listContextConfigsPaginated, listConversations, listCredentialReferences, listCredentialReferencesPaginated, listDataComponents, listDataComponentsPaginated, listExternalAgents, listExternalAgentsPaginated, listMessages, listProjects, listProjectsPaginated, listTaskIdsByContextId, listTools, loadEnvironmentFiles, loggerFactory, maskApiKey, problemDetailsSchema, projectExists, projectExistsInTable, projectHasResources, removeArtifactComponentFromAgent, removeDataComponentFromAgent, removeToolFromAgent, requestContextSchema, setActiveAgentForConversation, setActiveAgentForThread, setCacheEntry, setSpanWithError, updateAgent, updateAgentGraph, updateAgentRelation, updateAgentToolRelation, updateApiKey, updateApiKeyLastUsed, updateArtifactComponent, updateContextConfig, updateConversation, updateConversationActiveAgent, updateCredentialReference, updateDataComponent, updateExternalAgent, updateFullGraphServerSide, updateFullProjectServerSide, updateMessage, updateProject, updateTask, updateTool, upsertAgent, upsertAgentArtifactComponentRelation, upsertAgentDataComponentRelation, upsertAgentGraph, upsertAgentRelation, upsertAgentToolRelation, upsertArtifactComponent, upsertContextConfig, upsertCredentialReference, upsertDataComponent, upsertExternalAgent, upsertLedgerArtifact, upsertTool, validateAgainstJsonSchema, validateAndGetApiKey, validateApiKey, validateExternalAgent, validateHttpRequestHeaders, validateInternalAgent, validateProjectExists, validateRequestContext, validationHelper, withProjectValidation };
+export { AgentGraphInsert, AgentGraphUpdate, AgentInsert, AgentRelationInsert, AgentRelationUpdate, AgentScopeConfig, AgentSelect, AgentToolRelationUpdate, AgentUpdate, ApiKeyCreateResult, type ApiKeyGenerationResult, ApiKeyInsert, ApiKeySelect, ApiKeyUpdate, Artifact, ArtifactComponentInsert, ArtifactComponentSelect, ArtifactComponentUpdate, type CommonCreateErrorResponses, type CommonDeleteErrorResponses, type CommonGetErrorResponses, type CommonUpdateErrorResponses, ContextCache, ContextCacheInsert, ContextCacheSelect, ContextConfigBuilder, type ContextConfigBuilderOptions, ContextConfigInsert, ContextConfigSelect, ContextConfigUpdate, ContextFetchDefinition, ContextFetcher, type ContextResolutionOptions, type ContextResolutionResult, ContextResolver, type ContextResolverInterface, type ContextValidationError, type ContextValidationResult, ConversationHistoryConfig, ConversationInsert, ConversationMetadata, ConversationSelect, ConversationUpdate, CreateApiKeyParams, type CredentialContext, type CredentialData, CredentialReferenceApiInsert, CredentialReferenceInsert, CredentialReferenceSelect, CredentialReferenceUpdate, type CredentialReferenceWithTools, type CredentialResolverInput, CredentialStore, type CredentialStoreReference, CredentialStoreRegistry, CredentialStoreType, CredentialStuffer, DataComponentInsert, DataComponentSelect, DataComponentUpdate, type DatabaseClient, type DatabaseConfig, type DotPaths, ERROR_DOCS_BASE_URL, ErrorCode, type ErrorCodes, type ErrorResponse, ExecutionContext, ExternalAgentInsert, ExternalAgentRelationInsert, ExternalAgentSelect, ExternalAgentUpdate, type FetchResult, FullGraphDefinition, FullProjectDefinition, type GraphLogger, GraphScopeConfig, HTTP_REQUEST_PARTS, type HttpRequestPart, InMemoryCredentialStore, KeyChainStore, LedgerArtifactSelect, type LoggerFactoryConfig, MCPToolConfig, MCPTransportType, McpClient, type McpClientOptions, type McpSSEConfig, type McpServerConfig, type McpStreamableHttpConfig, McpTool, MessageContent, MessageInsert, MessageMetadata, MessageUpdate, MessageVisibility, NangoCredentialStore, type OAuthConfig, PaginationConfig, PaginationResult, type ParsedHttpRequest, PinoLogger, type PinoLoggerConfig, type ProblemDetails, ProjectInfo, ProjectInsert, type ProjectLogger, ProjectResourceCounts, ProjectScopeConfig, ProjectSelect, ProjectUpdate, type ResolvedContext, TaskInsert, TaskMetadataConfig, TaskSelect, type TemplateContext, TemplateEngine, type TemplateRenderOptions, ToolInsert, ToolMcpConfig, ToolSelect, ToolServerCapabilities, ToolUpdate, addLedgerArtifacts, addToolToAgent, associateArtifactComponentWithAgent, associateDataComponentWithAgent, cleanupTenantCache, clearContextConfigCache, clearConversationCache, commonCreateErrorResponses, commonDeleteErrorResponses, commonGetErrorResponses, commonUpdateErrorResponses, contextConfig, contextValidationMiddleware, countApiKeys, countArtifactComponents, countArtifactComponentsForAgent, countContextConfigs, countCredentialReferences, countDataComponents, countExternalAgents, countLedgerArtifactsByTask, countMessagesByConversation, countProjects, createAgent, createAgentGraph, createAgentRelation, createAgentToolRelation, createApiError, createApiKey, createArtifactComponent, createContextConfig, createConversation, createCredentialReference, createDataComponent, createDatabaseClient, createDefaultCredentialStores, createExecutionContext, createExternalAgent, createExternalAgentRelation, createFullGraphServerSide, createFullProjectServerSide, createInMemoryDatabaseClient, createMessage, createNangoCredentialStore, createOrGetConversation, createProject, createTask, createTool, createValidatedDataAccess, dbResultToMcpTool, deleteAgent, deleteAgentArtifactComponentRelationByAgent, deleteAgentDataComponentRelationByAgent, deleteAgentGraph, deleteAgentRelation, deleteAgentRelationsByGraph, deleteAgentToolRelation, deleteAgentToolRelationByAgent, deleteApiKey, deleteArtifactComponent, deleteContextConfig, deleteConversation, deleteCredentialReference, deleteDataComponent, deleteExternalAgent, deleteFullGraph, deleteFullProject, deleteLedgerArtifactsByContext, deleteLedgerArtifactsByTask, deleteMessage, deleteProject, deleteTool, detectAuthenticationRequired, determineContextTrigger, discoverOAuthEndpoints, errorResponseSchema, errorSchemaFactory, externalAgentExists, externalAgentUrlExists, extractPublicId, fetchComponentRelationships, fetchDefinition, generateAndCreateApiKey, generateApiKey, getActiveAgentForConversation, getAgentById, getAgentGraphById, getAgentGraphWithDefaultAgent, getAgentRelationById, getAgentRelationByParams, getAgentRelations, getAgentRelationsByGraph, getAgentRelationsBySource, getAgentRelationsByTarget, getAgentToolRelationByAgent, getAgentToolRelationById, getAgentToolRelationByTool, getAgentsByIds, getAgentsForTool, getAgentsUsingArtifactComponent, getAgentsUsingDataComponent, getApiKeyById, getApiKeyByPublicId, getArtifactComponentById, getArtifactComponentsForAgent, getCacheEntry, getCachedValidator, getContextConfigById, getContextConfigCacheEntries, getContextConfigsByName, getConversation, getConversationCacheEntries, getConversationHistory, getCredentialReference, getCredentialReferenceById, getCredentialReferenceWithTools, getCredentialStoreLookupKeyFromRetrievalParams, getDataComponent, getDataComponentsForAgent, getExternalAgent, getExternalAgentByUrl, getExternalAgentRelations, getFullGraph, getFullGraphDefinition, getFullProject, getGraphAgentInfos, getLedgerArtifacts, getLedgerArtifactsByContext, getLogger, getMessageById, getMessagesByConversation, getMessagesByTask, getProject, getProjectResourceCounts, getRelatedAgentsForGraph, getRequestExecutionContext, getTask, getToolById, getToolsForAgent, getTracer, getVisibleMessages, graphHasArtifactComponents, handleApiError, handleContextConfigChange, handleContextResolution, hasApiKey, hasContextConfig, hasCredentialReference, hashApiKey, invalidateInvocationDefinitionsCache, invalidateRequestContextCache, isApiKeyExpired, isArtifactComponentAssociatedWithAgent, isDataComponentAssociatedWithAgent, isValidHttpRequest, listAgentGraphs, listAgentGraphsPaginated, listAgentRelations, listAgentToolRelations, listAgents, listAgentsPaginated, listApiKeys, listApiKeysPaginated, listArtifactComponents, listArtifactComponentsPaginated, listContextConfigs, listContextConfigsPaginated, listConversations, listCredentialReferences, listCredentialReferencesPaginated, listDataComponents, listDataComponentsPaginated, listExternalAgents, listExternalAgentsPaginated, listMessages, listProjects, listProjectsPaginated, listTaskIdsByContextId, listTools, loadEnvironmentFiles, loggerFactory, maskApiKey, problemDetailsSchema, projectExists, projectExistsInTable, projectHasResources, removeArtifactComponentFromAgent, removeDataComponentFromAgent, removeToolFromAgent, requestContextSchema, setActiveAgentForConversation, setActiveAgentForThread, setCacheEntry, setSpanWithError, updateAgent, updateAgentGraph, updateAgentRelation, updateAgentToolRelation, updateApiKey, updateApiKeyLastUsed, updateArtifactComponent, updateContextConfig, updateConversation, updateConversationActiveAgent, updateCredentialReference, updateDataComponent, updateExternalAgent, updateFullGraphServerSide, updateFullProjectServerSide, updateMessage, updateProject, updateTask, updateTool, upsertAgent, upsertAgentArtifactComponentRelation, upsertAgentDataComponentRelation, upsertAgentGraph, upsertAgentRelation, upsertAgentToolRelation, upsertArtifactComponent, upsertContextConfig, upsertCredentialReference, upsertDataComponent, upsertExternalAgent, upsertLedgerArtifact, upsertTool, validateAgainstJsonSchema, validateAndGetApiKey, validateApiKey, validateExternalAgent, validateHttpRequestHeaders, validateInternalAgent, validateProjectExists, validateRequestContext, validationHelper, withProjectValidation };

package/dist/index.d.ts CHANGED Viewed

@@ -452,35 +452,6 @@ declare class KeyChainStore implements CredentialStore {
      */
     clearAll(): Promise<number>;
 }
-/**
- * Factory function to create KeyChainStore
- * Provides consistent initialization and optional configuration
- *
- * ## Usage Recommendations for macOS Permission Handling
- *
- * 1. **First-time setup**: Inform users that they may see permission prompts
- * 2. **Error handling**: Check for `null` returns from `get()` operations
- * 3. **User guidance**: If credentials can't be retrieved, guide users to:
- *    - Check Keychain Access app for denied permissions
- *    - Re-run the application if they accidentally clicked "Deny"
- * 4. **Development**: Use a consistent `servicePrefix` to avoid permission prompt spam
- * 5. **Production**: Consider code-signing your distributed app for better permission prompts
- *
- * Example usage with permission handling:
- * ```typescript
- * const store = createKeyChainStore('my-app');
- *
- * // Always check for null when retrieving
- * const apiKey = await store.get('api-key');
- * if (!apiKey) {
- *   console.log('API key not found or access denied');
- *   // Guide user to check permissions or re-enter credentials
- * }
- * ```
- */
-declare function createKeyChainStore(id: string, options?: {
-    servicePrefix?: string;
-}): KeyChainStore;
 /**
  * In-memory credential store implementation
@@ -536,6 +507,14 @@ declare class NangoCredentialStore implements CredentialStore {
     constructor(id: string, config: NangoConfig);
     private getAccessToken;
     private sanitizeMetadata;
+    /**
+     * Fetch a specific Nango integration
+     */
+    private fetchNangoIntegration;
+    /**
+     * Create an API key credential by setting up Nango integration and importing the connection
+     */
+    private createNangoApiKeyConnection;
     /**
      * Fetch credentials from Nango API using connection information
      * @param connectionId - The connection ID for the Nango connection
@@ -551,7 +530,7 @@ declare class NangoCredentialStore implements CredentialStore {
     /**
      * Set credentials - not supported for Nango (OAuth flow handles this)
      */
-    set(_key: string, _value: string): Promise<void>;
+    set(key: string, value: string): Promise<void>;
     /**
      * Check if credentials exist by attempting to fetch them
      */
@@ -3906,4 +3885,4 @@ declare function setSpanWithError(span: Span, error: unknown, logger?: {
  */
 declare function getTracer(serviceName: string, serviceVersion?: string): Tracer;
-export { AgentGraphInsert, AgentGraphUpdate, AgentInsert, AgentRelationInsert, AgentRelationUpdate, AgentScopeConfig, AgentSelect, AgentToolRelationUpdate, AgentUpdate, ApiKeyCreateResult, type ApiKeyGenerationResult, ApiKeyInsert, ApiKeySelect, ApiKeyUpdate, Artifact, ArtifactComponentInsert, ArtifactComponentSelect, ArtifactComponentUpdate, type CommonCreateErrorResponses, type CommonDeleteErrorResponses, type CommonGetErrorResponses, type CommonUpdateErrorResponses, ContextCache, ContextCacheInsert, ContextCacheSelect, ContextConfigBuilder, type ContextConfigBuilderOptions, ContextConfigInsert, ContextConfigSelect, ContextConfigUpdate, ContextFetchDefinition, ContextFetcher, type ContextResolutionOptions, type ContextResolutionResult, ContextResolver, type ContextResolverInterface, type ContextValidationError, type ContextValidationResult, ConversationHistoryConfig, ConversationInsert, ConversationMetadata, ConversationSelect, ConversationUpdate, CreateApiKeyParams, type CredentialContext, type CredentialData, CredentialReferenceApiInsert, CredentialReferenceInsert, CredentialReferenceSelect, CredentialReferenceUpdate, type CredentialReferenceWithTools, type CredentialResolverInput, CredentialStore, type CredentialStoreReference, CredentialStoreRegistry, CredentialStoreType, CredentialStuffer, DataComponentInsert, DataComponentSelect, DataComponentUpdate, type DatabaseClient, type DatabaseConfig, type DotPaths, ERROR_DOCS_BASE_URL, ErrorCode, type ErrorCodes, type ErrorResponse, ExecutionContext, ExternalAgentInsert, ExternalAgentRelationInsert, ExternalAgentSelect, ExternalAgentUpdate, type FetchResult, FullGraphDefinition, FullProjectDefinition, type GraphLogger, GraphScopeConfig, HTTP_REQUEST_PARTS, type HttpRequestPart, InMemoryCredentialStore, KeyChainStore, LedgerArtifactSelect, type LoggerFactoryConfig, MCPToolConfig, MCPTransportType, McpClient, type McpClientOptions, type McpSSEConfig, type McpServerConfig, type McpStreamableHttpConfig, McpTool, MessageContent, MessageInsert, MessageMetadata, MessageUpdate, MessageVisibility, NangoCredentialStore, type OAuthConfig, PaginationConfig, PaginationResult, type ParsedHttpRequest, PinoLogger, type PinoLoggerConfig, type ProblemDetails, ProjectInfo, ProjectInsert, type ProjectLogger, ProjectResourceCounts, ProjectScopeConfig, ProjectSelect, ProjectUpdate, type ResolvedContext, TaskInsert, TaskMetadataConfig, TaskSelect, type TemplateContext, TemplateEngine, type TemplateRenderOptions, ToolInsert, ToolMcpConfig, ToolSelect, ToolServerCapabilities, ToolUpdate, addLedgerArtifacts, addToolToAgent, associateArtifactComponentWithAgent, associateDataComponentWithAgent, cleanupTenantCache, clearContextConfigCache, clearConversationCache, commonCreateErrorResponses, commonDeleteErrorResponses, commonGetErrorResponses, commonUpdateErrorResponses, contextConfig, contextValidationMiddleware, countApiKeys, countArtifactComponents, countArtifactComponentsForAgent, countContextConfigs, countCredentialReferences, countDataComponents, countExternalAgents, countLedgerArtifactsByTask, countMessagesByConversation, countProjects, createAgent, createAgentGraph, createAgentRelation, createAgentToolRelation, createApiError, createApiKey, createArtifactComponent, createContextConfig, createConversation, createCredentialReference, createDataComponent, createDatabaseClient, createDefaultCredentialStores, createExecutionContext, createExternalAgent, createExternalAgentRelation, createFullGraphServerSide, createFullProjectServerSide, createInMemoryDatabaseClient, createKeyChainStore, createMessage, createNangoCredentialStore, createOrGetConversation, createProject, createTask, createTool, createValidatedDataAccess, dbResultToMcpTool, deleteAgent, deleteAgentArtifactComponentRelationByAgent, deleteAgentDataComponentRelationByAgent, deleteAgentGraph, deleteAgentRelation, deleteAgentRelationsByGraph, deleteAgentToolRelation, deleteAgentToolRelationByAgent, deleteApiKey, deleteArtifactComponent, deleteContextConfig, deleteConversation, deleteCredentialReference, deleteDataComponent, deleteExternalAgent, deleteFullGraph, deleteFullProject, deleteLedgerArtifactsByContext, deleteLedgerArtifactsByTask, deleteMessage, deleteProject, deleteTool, detectAuthenticationRequired, determineContextTrigger, discoverOAuthEndpoints, errorResponseSchema, errorSchemaFactory, externalAgentExists, externalAgentUrlExists, extractPublicId, fetchComponentRelationships, fetchDefinition, generateAndCreateApiKey, generateApiKey, getActiveAgentForConversation, getAgentById, getAgentGraphById, getAgentGraphWithDefaultAgent, getAgentRelationById, getAgentRelationByParams, getAgentRelations, getAgentRelationsByGraph, getAgentRelationsBySource, getAgentRelationsByTarget, getAgentToolRelationByAgent, getAgentToolRelationById, getAgentToolRelationByTool, getAgentsByIds, getAgentsForTool, getAgentsUsingArtifactComponent, getAgentsUsingDataComponent, getApiKeyById, getApiKeyByPublicId, getArtifactComponentById, getArtifactComponentsForAgent, getCacheEntry, getCachedValidator, getContextConfigById, getContextConfigCacheEntries, getContextConfigsByName, getConversation, getConversationCacheEntries, getConversationHistory, getCredentialReference, getCredentialReferenceById, getCredentialReferenceWithTools, getCredentialStoreLookupKeyFromRetrievalParams, getDataComponent, getDataComponentsForAgent, getExternalAgent, getExternalAgentByUrl, getExternalAgentRelations, getFullGraph, getFullGraphDefinition, getFullProject, getGraphAgentInfos, getLedgerArtifacts, getLedgerArtifactsByContext, getLogger, getMessageById, getMessagesByConversation, getMessagesByTask, getProject, getProjectResourceCounts, getRelatedAgentsForGraph, getRequestExecutionContext, getTask, getToolById, getToolsForAgent, getTracer, getVisibleMessages, graphHasArtifactComponents, handleApiError, handleContextConfigChange, handleContextResolution, hasApiKey, hasContextConfig, hasCredentialReference, hashApiKey, invalidateInvocationDefinitionsCache, invalidateRequestContextCache, isApiKeyExpired, isArtifactComponentAssociatedWithAgent, isDataComponentAssociatedWithAgent, isValidHttpRequest, listAgentGraphs, listAgentGraphsPaginated, listAgentRelations, listAgentToolRelations, listAgents, listAgentsPaginated, listApiKeys, listApiKeysPaginated, listArtifactComponents, listArtifactComponentsPaginated, listContextConfigs, listContextConfigsPaginated, listConversations, listCredentialReferences, listCredentialReferencesPaginated, listDataComponents, listDataComponentsPaginated, listExternalAgents, listExternalAgentsPaginated, listMessages, listProjects, listProjectsPaginated, listTaskIdsByContextId, listTools, loadEnvironmentFiles, loggerFactory, maskApiKey, problemDetailsSchema, projectExists, projectExistsInTable, projectHasResources, removeArtifactComponentFromAgent, removeDataComponentFromAgent, removeToolFromAgent, requestContextSchema, setActiveAgentForConversation, setActiveAgentForThread, setCacheEntry, setSpanWithError, updateAgent, updateAgentGraph, updateAgentRelation, updateAgentToolRelation, updateApiKey, updateApiKeyLastUsed, updateArtifactComponent, updateContextConfig, updateConversation, updateConversationActiveAgent, updateCredentialReference, updateDataComponent, updateExternalAgent, updateFullGraphServerSide, updateFullProjectServerSide, updateMessage, updateProject, updateTask, updateTool, upsertAgent, upsertAgentArtifactComponentRelation, upsertAgentDataComponentRelation, upsertAgentGraph, upsertAgentRelation, upsertAgentToolRelation, upsertArtifactComponent, upsertContextConfig, upsertCredentialReference, upsertDataComponent, upsertExternalAgent, upsertLedgerArtifact, upsertTool, validateAgainstJsonSchema, validateAndGetApiKey, validateApiKey, validateExternalAgent, validateHttpRequestHeaders, validateInternalAgent, validateProjectExists, validateRequestContext, validationHelper, withProjectValidation };
+export { AgentGraphInsert, AgentGraphUpdate, AgentInsert, AgentRelationInsert, AgentRelationUpdate, AgentScopeConfig, AgentSelect, AgentToolRelationUpdate, AgentUpdate, ApiKeyCreateResult, type ApiKeyGenerationResult, ApiKeyInsert, ApiKeySelect, ApiKeyUpdate, Artifact, ArtifactComponentInsert, ArtifactComponentSelect, ArtifactComponentUpdate, type CommonCreateErrorResponses, type CommonDeleteErrorResponses, type CommonGetErrorResponses, type CommonUpdateErrorResponses, ContextCache, ContextCacheInsert, ContextCacheSelect, ContextConfigBuilder, type ContextConfigBuilderOptions, ContextConfigInsert, ContextConfigSelect, ContextConfigUpdate, ContextFetchDefinition, ContextFetcher, type ContextResolutionOptions, type ContextResolutionResult, ContextResolver, type ContextResolverInterface, type ContextValidationError, type ContextValidationResult, ConversationHistoryConfig, ConversationInsert, ConversationMetadata, ConversationSelect, ConversationUpdate, CreateApiKeyParams, type CredentialContext, type CredentialData, CredentialReferenceApiInsert, CredentialReferenceInsert, CredentialReferenceSelect, CredentialReferenceUpdate, type CredentialReferenceWithTools, type CredentialResolverInput, CredentialStore, type CredentialStoreReference, CredentialStoreRegistry, CredentialStoreType, CredentialStuffer, DataComponentInsert, DataComponentSelect, DataComponentUpdate, type DatabaseClient, type DatabaseConfig, type DotPaths, ERROR_DOCS_BASE_URL, ErrorCode, type ErrorCodes, type ErrorResponse, ExecutionContext, ExternalAgentInsert, ExternalAgentRelationInsert, ExternalAgentSelect, ExternalAgentUpdate, type FetchResult, FullGraphDefinition, FullProjectDefinition, type GraphLogger, GraphScopeConfig, HTTP_REQUEST_PARTS, type HttpRequestPart, InMemoryCredentialStore, KeyChainStore, LedgerArtifactSelect, type LoggerFactoryConfig, MCPToolConfig, MCPTransportType, McpClient, type McpClientOptions, type McpSSEConfig, type McpServerConfig, type McpStreamableHttpConfig, McpTool, MessageContent, MessageInsert, MessageMetadata, MessageUpdate, MessageVisibility, NangoCredentialStore, type OAuthConfig, PaginationConfig, PaginationResult, type ParsedHttpRequest, PinoLogger, type PinoLoggerConfig, type ProblemDetails, ProjectInfo, ProjectInsert, type ProjectLogger, ProjectResourceCounts, ProjectScopeConfig, ProjectSelect, ProjectUpdate, type ResolvedContext, TaskInsert, TaskMetadataConfig, TaskSelect, type TemplateContext, TemplateEngine, type TemplateRenderOptions, ToolInsert, ToolMcpConfig, ToolSelect, ToolServerCapabilities, ToolUpdate, addLedgerArtifacts, addToolToAgent, associateArtifactComponentWithAgent, associateDataComponentWithAgent, cleanupTenantCache, clearContextConfigCache, clearConversationCache, commonCreateErrorResponses, commonDeleteErrorResponses, commonGetErrorResponses, commonUpdateErrorResponses, contextConfig, contextValidationMiddleware, countApiKeys, countArtifactComponents, countArtifactComponentsForAgent, countContextConfigs, countCredentialReferences, countDataComponents, countExternalAgents, countLedgerArtifactsByTask, countMessagesByConversation, countProjects, createAgent, createAgentGraph, createAgentRelation, createAgentToolRelation, createApiError, createApiKey, createArtifactComponent, createContextConfig, createConversation, createCredentialReference, createDataComponent, createDatabaseClient, createDefaultCredentialStores, createExecutionContext, createExternalAgent, createExternalAgentRelation, createFullGraphServerSide, createFullProjectServerSide, createInMemoryDatabaseClient, createMessage, createNangoCredentialStore, createOrGetConversation, createProject, createTask, createTool, createValidatedDataAccess, dbResultToMcpTool, deleteAgent, deleteAgentArtifactComponentRelationByAgent, deleteAgentDataComponentRelationByAgent, deleteAgentGraph, deleteAgentRelation, deleteAgentRelationsByGraph, deleteAgentToolRelation, deleteAgentToolRelationByAgent, deleteApiKey, deleteArtifactComponent, deleteContextConfig, deleteConversation, deleteCredentialReference, deleteDataComponent, deleteExternalAgent, deleteFullGraph, deleteFullProject, deleteLedgerArtifactsByContext, deleteLedgerArtifactsByTask, deleteMessage, deleteProject, deleteTool, detectAuthenticationRequired, determineContextTrigger, discoverOAuthEndpoints, errorResponseSchema, errorSchemaFactory, externalAgentExists, externalAgentUrlExists, extractPublicId, fetchComponentRelationships, fetchDefinition, generateAndCreateApiKey, generateApiKey, getActiveAgentForConversation, getAgentById, getAgentGraphById, getAgentGraphWithDefaultAgent, getAgentRelationById, getAgentRelationByParams, getAgentRelations, getAgentRelationsByGraph, getAgentRelationsBySource, getAgentRelationsByTarget, getAgentToolRelationByAgent, getAgentToolRelationById, getAgentToolRelationByTool, getAgentsByIds, getAgentsForTool, getAgentsUsingArtifactComponent, getAgentsUsingDataComponent, getApiKeyById, getApiKeyByPublicId, getArtifactComponentById, getArtifactComponentsForAgent, getCacheEntry, getCachedValidator, getContextConfigById, getContextConfigCacheEntries, getContextConfigsByName, getConversation, getConversationCacheEntries, getConversationHistory, getCredentialReference, getCredentialReferenceById, getCredentialReferenceWithTools, getCredentialStoreLookupKeyFromRetrievalParams, getDataComponent, getDataComponentsForAgent, getExternalAgent, getExternalAgentByUrl, getExternalAgentRelations, getFullGraph, getFullGraphDefinition, getFullProject, getGraphAgentInfos, getLedgerArtifacts, getLedgerArtifactsByContext, getLogger, getMessageById, getMessagesByConversation, getMessagesByTask, getProject, getProjectResourceCounts, getRelatedAgentsForGraph, getRequestExecutionContext, getTask, getToolById, getToolsForAgent, getTracer, getVisibleMessages, graphHasArtifactComponents, handleApiError, handleContextConfigChange, handleContextResolution, hasApiKey, hasContextConfig, hasCredentialReference, hashApiKey, invalidateInvocationDefinitionsCache, invalidateRequestContextCache, isApiKeyExpired, isArtifactComponentAssociatedWithAgent, isDataComponentAssociatedWithAgent, isValidHttpRequest, listAgentGraphs, listAgentGraphsPaginated, listAgentRelations, listAgentToolRelations, listAgents, listAgentsPaginated, listApiKeys, listApiKeysPaginated, listArtifactComponents, listArtifactComponentsPaginated, listContextConfigs, listContextConfigsPaginated, listConversations, listCredentialReferences, listCredentialReferencesPaginated, listDataComponents, listDataComponentsPaginated, listExternalAgents, listExternalAgentsPaginated, listMessages, listProjects, listProjectsPaginated, listTaskIdsByContextId, listTools, loadEnvironmentFiles, loggerFactory, maskApiKey, problemDetailsSchema, projectExists, projectExistsInTable, projectHasResources, removeArtifactComponentFromAgent, removeDataComponentFromAgent, removeToolFromAgent, requestContextSchema, setActiveAgentForConversation, setActiveAgentForThread, setCacheEntry, setSpanWithError, updateAgent, updateAgentGraph, updateAgentRelation, updateAgentToolRelation, updateApiKey, updateApiKeyLastUsed, updateArtifactComponent, updateContextConfig, updateConversation, updateConversationActiveAgent, updateCredentialReference, updateDataComponent, updateExternalAgent, updateFullGraphServerSide, updateFullProjectServerSide, updateMessage, updateProject, updateTask, updateTool, upsertAgent, upsertAgentArtifactComponentRelation, upsertAgentDataComponentRelation, upsertAgentGraph, upsertAgentRelation, upsertAgentToolRelation, upsertArtifactComponent, upsertContextConfig, upsertCredentialReference, upsertDataComponent, upsertExternalAgent, upsertLedgerArtifact, upsertTool, validateAgainstJsonSchema, validateAndGetApiKey, validateApiKey, validateExternalAgent, validateHttpRequestHeaders, validateInternalAgent, validateProjectExists, validateRequestContext, validationHelper, withProjectValidation };

package/dist/index.js CHANGED Viewed

@@ -8667,14 +8667,31 @@ var NangoCredentialStore = class {
     if (!isSupportedAuthMode(type)) {
       return null;
     }
+    const extractAccessTokenForBearerType = (tokenString) => {
+      if (tokenString && typeof tokenString === "string") {
+        try {
+          const parsedToken = JSON.parse(tokenString);
+          if (parsedToken.access_token && typeof parsedToken.access_token === "string") {
+            return parsedToken.access_token;
+          }
+        } catch {
+        }
+        return tokenString;
+      }
+      return void 0;
+    };
     switch (type) {
       case "API_KEY":
         return {
-          token: credentials.apiKey || credentials.api_key
+          token: extractAccessTokenForBearerType(
+            credentials.apiKey || credentials.api_key
+          )
         };
       case "APP":
         return {
-          token: credentials.accessToken || credentials.access_token
+          token: extractAccessTokenForBearerType(
+            credentials.accessToken || credentials.access_token
+          )
         };
       case "BASIC":
         return {
@@ -8685,7 +8702,7 @@ var NangoCredentialStore = class {
         return credentials.raw;
       case "JWT":
         return {
-          token: credentials.token
+          token: extractAccessTokenForBearerType(credentials.token)
         };
       case "OAUTH1":
         return {
@@ -8694,12 +8711,12 @@ var NangoCredentialStore = class {
         };
       case "OAUTH2":
         return {
-          token: credentials.access_token,
+          token: extractAccessTokenForBearerType(credentials.access_token),
           refresh_token: credentials.refresh_token
         };
       case "OAUTH2_CC":
         return {
-          token: credentials.token,
+          token: extractAccessTokenForBearerType(credentials.token),
           client_certificate: credentials.client_certificate,
           client_id: credentials.client_id,
           client_private_key: credentials.client_private_key,
@@ -8725,6 +8742,104 @@ var NangoCredentialStore = class {
     }
     return result;
   }
+  /**
+   * Fetch a specific Nango integration
+   */
+  async fetchNangoIntegration(uniqueKey) {
+    try {
+      const response = await this.nangoClient.getIntegration(
+        { uniqueKey },
+        { include: ["credentials"] }
+      );
+      const integration = response.data;
+      let areCredentialsSet = false;
+      if (integration.credentials?.type === "OAUTH2" || integration.credentials?.type === "OAUTH1" || integration.credentials?.type === "TBA") {
+        areCredentialsSet = !!(integration.credentials?.client_id && integration.credentials?.client_secret);
+      } else if (integration.credentials?.type === "APP") {
+        areCredentialsSet = !!(integration.credentials?.app_id && integration.credentials?.app_link);
+      } else {
+        areCredentialsSet = true;
+      }
+      const { credentials: _credentials, ...integrationWithoutCredentials } = integration;
+      return {
+        ...integrationWithoutCredentials,
+        areCredentialsSet
+      };
+    } catch (error) {
+      if (error && typeof error === "object" && "status" in error && error.status === 404) {
+        return null;
+      }
+      console.error(`Failed to fetch integration ${uniqueKey}:`, error);
+      return null;
+    }
+  }
+  /**
+   * Create an API key credential by setting up Nango integration and importing the connection
+   */
+  async createNangoApiKeyConnection({
+    name,
+    apiKeyToSet,
+    metadata
+  }) {
+    const provider = "private-api-bearer";
+    try {
+      let integration;
+      try {
+        const response2 = await this.nangoClient.createIntegration({
+          provider,
+          unique_key: name,
+          display_name: name
+        });
+        integration = response2.data;
+      } catch (error) {
+        const existingIntegration = await this.fetchNangoIntegration(name);
+        if (existingIntegration) {
+          integration = existingIntegration;
+        } else {
+          console.log(`Integration creation failed for unexpected reasons`, error);
+        }
+      }
+      if (!integration) {
+        throw new Error(`Integration '${name}' not found`);
+      }
+      const importConnectionUrl = `${process.env.NANGO_SERVER_URL || "https://api.nango.dev"}/connections`;
+      const credentials = {
+        type: "API_KEY",
+        apiKey: apiKeyToSet
+      };
+      const body = {
+        provider_config_key: integration.unique_key,
+        connection_id: name,
+        metadata,
+        credentials
+      };
+      const response = await fetch(importConnectionUrl, {
+        method: "POST",
+        headers: {
+          Authorization: `Bearer ${process.env.NANGO_SECRET_KEY}`,
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify(body)
+      });
+      if (!response.ok) {
+        throw new Error(
+          `Failed to import connection: HTTP ${response.status} - ${response.statusText}`
+        );
+      }
+    } catch (error) {
+      console.error("Unexpected error creating API key credential:", error);
+      logger11.error(
+        {
+          error: error instanceof Error ? error.message : "Unknown error",
+          name
+        },
+        `Unexpected error creating API key credential '${name}'`
+      );
+      throw new Error(
+        `Failed to create API key credential '${name}': ${error instanceof Error ? error.message : "Unknown error"}`
+      );
+    }
+  }
   /**
    * Fetch credentials from Nango API using connection information
    * @param connectionId - The connection ID for the Nango connection
@@ -8814,8 +8929,12 @@ var NangoCredentialStore = class {
   /**
    * Set credentials - not supported for Nango (OAuth flow handles this)
    */
-  async set(_key, _value) {
-    throw new Error("Setting credentials not supported for Nango store - use OAuth flow instead");
+  async set(key, value) {
+    await this.createNangoApiKeyConnection({
+      name: key,
+      apiKeyToSet: value,
+      metadata: {}
+    });
   }
   /**
    * Check if credentials exist by attempting to fetch them
@@ -8909,7 +9028,16 @@ function createDefaultCredentialStores() {
       })
     );
   }
-  stores.push(createKeyChainStore("keychain-default"));
+  if (process.env.ENABLE_KEYCHAIN_STORE === "true") {
+    try {
+      stores.push(createKeyChainStore("keychain-default"));
+    } catch (error) {
+      console.warn(
+        "Failed to create keychain store:",
+        error instanceof Error ? error.message : error
+      );
+    }
+  }
   return stores;
 }
 var loadEnvironmentFiles = () => {
@@ -8962,4 +9090,4 @@ ${error.message}`
 };
 parseEnv();
-export { ContextCache, ContextConfigBuilder, ContextFetcher, ContextResolver, CredentialStoreRegistry, CredentialStuffer, ERROR_DOCS_BASE_URL, ErrorCode, HTTP_REQUEST_PARTS, InMemoryCredentialStore, KeyChainStore, McpClient, NangoCredentialStore, PinoLogger, TemplateEngine, addLedgerArtifacts, addToolToAgent, associateArtifactComponentWithAgent, associateDataComponentWithAgent, cleanupTenantCache, clearContextConfigCache, clearConversationCache, commonCreateErrorResponses, commonDeleteErrorResponses, commonGetErrorResponses, commonUpdateErrorResponses, contextConfig, contextValidationMiddleware, countApiKeys, countArtifactComponents, countArtifactComponentsForAgent, countContextConfigs, countCredentialReferences, countDataComponents, countExternalAgents, countLedgerArtifactsByTask, countMessagesByConversation, countProjects, createAgent, createAgentGraph, createAgentRelation, createAgentToolRelation, createApiError, createApiKey, createArtifactComponent, createContextConfig, createConversation, createCredentialReference, createDataComponent, createDatabaseClient, createDefaultCredentialStores, createExecutionContext, createExternalAgent, createExternalAgentRelation, createFullGraphServerSide, createFullProjectServerSide, createInMemoryDatabaseClient, createKeyChainStore, createMessage, createNangoCredentialStore, createOrGetConversation, createProject, createTask, createTool, createValidatedDataAccess, dbResultToMcpTool, deleteAgent, deleteAgentArtifactComponentRelationByAgent, deleteAgentDataComponentRelationByAgent, deleteAgentGraph, deleteAgentRelation, deleteAgentRelationsByGraph, deleteAgentToolRelation, deleteAgentToolRelationByAgent, deleteApiKey, deleteArtifactComponent, deleteContextConfig, deleteConversation, deleteCredentialReference, deleteDataComponent, deleteExternalAgent, deleteFullGraph, deleteFullProject, deleteLedgerArtifactsByContext, deleteLedgerArtifactsByTask, deleteMessage, deleteProject, deleteTool, detectAuthenticationRequired, determineContextTrigger, discoverOAuthEndpoints, errorResponseSchema, errorSchemaFactory, externalAgentExists, externalAgentUrlExists, extractPublicId, fetchComponentRelationships, fetchDefinition, generateAndCreateApiKey, generateApiKey, getActiveAgentForConversation, getAgentById, getAgentGraphById, getAgentGraphWithDefaultAgent, getAgentRelationById, getAgentRelationByParams, getAgentRelations, getAgentRelationsByGraph, getAgentRelationsBySource, getAgentRelationsByTarget, getAgentToolRelationByAgent, getAgentToolRelationById, getAgentToolRelationByTool, getAgentsByIds, getAgentsForTool, getAgentsUsingArtifactComponent, getAgentsUsingDataComponent, getApiKeyById, getApiKeyByPublicId, getArtifactComponentById, getArtifactComponentsForAgent, getCacheEntry, getCachedValidator, getContextConfigById, getContextConfigCacheEntries, getContextConfigsByName, getConversation, getConversationCacheEntries, getConversationHistory, getCredentialReference, getCredentialReferenceById, getCredentialReferenceWithTools, getCredentialStoreLookupKeyFromRetrievalParams, getDataComponent, getDataComponentsForAgent, getExternalAgent, getExternalAgentByUrl, getExternalAgentRelations, getFullGraph, getFullGraphDefinition, getFullProject, getGraphAgentInfos, getLedgerArtifacts, getLedgerArtifactsByContext, getLogger, getMessageById, getMessagesByConversation, getMessagesByTask, getProject, getProjectResourceCounts, getRelatedAgentsForGraph, getRequestExecutionContext, getTask, getToolById, getToolsForAgent, getTracer, getVisibleMessages, graphHasArtifactComponents, handleApiError, handleContextConfigChange, handleContextResolution, hasApiKey, hasContextConfig, hasCredentialReference, hashApiKey, invalidateInvocationDefinitionsCache, invalidateRequestContextCache, isApiKeyExpired, isArtifactComponentAssociatedWithAgent, isDataComponentAssociatedWithAgent, isValidHttpRequest, listAgentGraphs, listAgentGraphsPaginated, listAgentRelations, listAgentToolRelations, listAgents, listAgentsPaginated, listApiKeys, listApiKeysPaginated, listArtifactComponents, listArtifactComponentsPaginated, listContextConfigs, listContextConfigsPaginated, listConversations, listCredentialReferences, listCredentialReferencesPaginated, listDataComponents, listDataComponentsPaginated, listExternalAgents, listExternalAgentsPaginated, listMessages, listProjects, listProjectsPaginated, listTaskIdsByContextId, listTools, loadEnvironmentFiles, loggerFactory, maskApiKey, problemDetailsSchema, projectExists, projectExistsInTable, projectHasResources, removeArtifactComponentFromAgent, removeDataComponentFromAgent, removeToolFromAgent, requestContextSchema, setActiveAgentForConversation, setActiveAgentForThread, setCacheEntry, setSpanWithError, updateAgent, updateAgentGraph, updateAgentRelation, updateAgentToolRelation, updateApiKey, updateApiKeyLastUsed, updateArtifactComponent, updateContextConfig, updateConversation, updateConversationActiveAgent, updateCredentialReference, updateDataComponent, updateExternalAgent, updateFullGraphServerSide, updateFullProjectServerSide, updateMessage, updateProject, updateTask, updateTool, upsertAgent, upsertAgentArtifactComponentRelation, upsertAgentDataComponentRelation, upsertAgentGraph, upsertAgentRelation, upsertAgentToolRelation, upsertArtifactComponent, upsertContextConfig, upsertCredentialReference, upsertDataComponent, upsertExternalAgent, upsertLedgerArtifact, upsertTool, validateAgainstJsonSchema, validateAndGetApiKey, validateApiKey, validateExternalAgent, validateHttpRequestHeaders, validateInternalAgent, validateProjectExists, validateRequestContext, validationHelper, withProjectValidation };
+export { ContextCache, ContextConfigBuilder, ContextFetcher, ContextResolver, CredentialStoreRegistry, CredentialStuffer, ERROR_DOCS_BASE_URL, ErrorCode, HTTP_REQUEST_PARTS, InMemoryCredentialStore, KeyChainStore, McpClient, NangoCredentialStore, PinoLogger, TemplateEngine, addLedgerArtifacts, addToolToAgent, associateArtifactComponentWithAgent, associateDataComponentWithAgent, cleanupTenantCache, clearContextConfigCache, clearConversationCache, commonCreateErrorResponses, commonDeleteErrorResponses, commonGetErrorResponses, commonUpdateErrorResponses, contextConfig, contextValidationMiddleware, countApiKeys, countArtifactComponents, countArtifactComponentsForAgent, countContextConfigs, countCredentialReferences, countDataComponents, countExternalAgents, countLedgerArtifactsByTask, countMessagesByConversation, countProjects, createAgent, createAgentGraph, createAgentRelation, createAgentToolRelation, createApiError, createApiKey, createArtifactComponent, createContextConfig, createConversation, createCredentialReference, createDataComponent, createDatabaseClient, createDefaultCredentialStores, createExecutionContext, createExternalAgent, createExternalAgentRelation, createFullGraphServerSide, createFullProjectServerSide, createInMemoryDatabaseClient, createMessage, createNangoCredentialStore, createOrGetConversation, createProject, createTask, createTool, createValidatedDataAccess, dbResultToMcpTool, deleteAgent, deleteAgentArtifactComponentRelationByAgent, deleteAgentDataComponentRelationByAgent, deleteAgentGraph, deleteAgentRelation, deleteAgentRelationsByGraph, deleteAgentToolRelation, deleteAgentToolRelationByAgent, deleteApiKey, deleteArtifactComponent, deleteContextConfig, deleteConversation, deleteCredentialReference, deleteDataComponent, deleteExternalAgent, deleteFullGraph, deleteFullProject, deleteLedgerArtifactsByContext, deleteLedgerArtifactsByTask, deleteMessage, deleteProject, deleteTool, detectAuthenticationRequired, determineContextTrigger, discoverOAuthEndpoints, errorResponseSchema, errorSchemaFactory, externalAgentExists, externalAgentUrlExists, extractPublicId, fetchComponentRelationships, fetchDefinition, generateAndCreateApiKey, generateApiKey, getActiveAgentForConversation, getAgentById, getAgentGraphById, getAgentGraphWithDefaultAgent, getAgentRelationById, getAgentRelationByParams, getAgentRelations, getAgentRelationsByGraph, getAgentRelationsBySource, getAgentRelationsByTarget, getAgentToolRelationByAgent, getAgentToolRelationById, getAgentToolRelationByTool, getAgentsByIds, getAgentsForTool, getAgentsUsingArtifactComponent, getAgentsUsingDataComponent, getApiKeyById, getApiKeyByPublicId, getArtifactComponentById, getArtifactComponentsForAgent, getCacheEntry, getCachedValidator, getContextConfigById, getContextConfigCacheEntries, getContextConfigsByName, getConversation, getConversationCacheEntries, getConversationHistory, getCredentialReference, getCredentialReferenceById, getCredentialReferenceWithTools, getCredentialStoreLookupKeyFromRetrievalParams, getDataComponent, getDataComponentsForAgent, getExternalAgent, getExternalAgentByUrl, getExternalAgentRelations, getFullGraph, getFullGraphDefinition, getFullProject, getGraphAgentInfos, getLedgerArtifacts, getLedgerArtifactsByContext, getLogger, getMessageById, getMessagesByConversation, getMessagesByTask, getProject, getProjectResourceCounts, getRelatedAgentsForGraph, getRequestExecutionContext, getTask, getToolById, getToolsForAgent, getTracer, getVisibleMessages, graphHasArtifactComponents, handleApiError, handleContextConfigChange, handleContextResolution, hasApiKey, hasContextConfig, hasCredentialReference, hashApiKey, invalidateInvocationDefinitionsCache, invalidateRequestContextCache, isApiKeyExpired, isArtifactComponentAssociatedWithAgent, isDataComponentAssociatedWithAgent, isValidHttpRequest, listAgentGraphs, listAgentGraphsPaginated, listAgentRelations, listAgentToolRelations, listAgents, listAgentsPaginated, listApiKeys, listApiKeysPaginated, listArtifactComponents, listArtifactComponentsPaginated, listContextConfigs, listContextConfigsPaginated, listConversations, listCredentialReferences, listCredentialReferencesPaginated, listDataComponents, listDataComponentsPaginated, listExternalAgents, listExternalAgentsPaginated, listMessages, listProjects, listProjectsPaginated, listTaskIdsByContextId, listTools, loadEnvironmentFiles, loggerFactory, maskApiKey, problemDetailsSchema, projectExists, projectExistsInTable, projectHasResources, removeArtifactComponentFromAgent, removeDataComponentFromAgent, removeToolFromAgent, requestContextSchema, setActiveAgentForConversation, setActiveAgentForThread, setCacheEntry, setSpanWithError, updateAgent, updateAgentGraph, updateAgentRelation, updateAgentToolRelation, updateApiKey, updateApiKeyLastUsed, updateArtifactComponent, updateContextConfig, updateConversation, updateConversationActiveAgent, updateCredentialReference, updateDataComponent, updateExternalAgent, updateFullGraphServerSide, updateFullProjectServerSide, updateMessage, updateProject, updateTask, updateTool, upsertAgent, upsertAgentArtifactComponentRelation, upsertAgentDataComponentRelation, upsertAgentGraph, upsertAgentRelation, upsertAgentToolRelation, upsertArtifactComponent, upsertContextConfig, upsertCredentialReference, upsertDataComponent, upsertExternalAgent, upsertLedgerArtifact, upsertTool, validateAgainstJsonSchema, validateAndGetApiKey, validateApiKey, validateExternalAgent, validateHttpRequestHeaders, validateInternalAgent, validateProjectExists, validateRequestContext, validationHelper, withProjectValidation };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@inkeep/agents-core",
-  "version": "0.0.0-dev-20250930044500",
+  "version": "0.0.0-dev-20250930181023",
   "description": "Agents Core contains the database schema, types, and validation schemas for Inkeep Agent Framework, along with core components.",
   "type": "module",
   "license": "SEE LICENSE IN LICENSE.md",
@@ -57,13 +57,15 @@
     "find-up": "^7.0.0",
     "hono": "^4.9.7",
     "jmespath": "^0.16.0",
-    "keytar": "^7.9.0",
     "nanoid": "^5.0.9",
     "pino": "^9.11.0",
     "pino-pretty": "^13.1.1",
     "ts-pattern": "^5.7.1",
     "zod": "^4.1.5"
   },
+  "optionalDependencies": {
+    "keytar": "^7.9.0"
+  },
   "devDependencies": {
     "@types/jmespath": "^0.15.2",
     "@types/node": "^20.11.24",