@inkeep/agents-core 0.0.0-dev-20260118170655 → 0.0.0-dev-20260119163620

package/dist/auth/authz/sync.js

@@ -0,0 +1,237 @@
+import { SpiceDbRelations, SpiceDbResourceTypes, isAuthzEnabled } from "./config.js";
+import { deleteRelationship, getSpiceClient, readRelationships, writeRelationship } from "./client.js";
+
+//#region src/auth/authz/sync.ts
+/**
+* SpiceDB Sync Utilities
+*
+* Functions for syncing data between better-auth and SpiceDB.
+*/
+const RELATIONSHIP_OPERATION_CREATE = 1;
+const RELATIONSHIP_OPERATION_TOUCH = 2;
+const RELATIONSHIP_OPERATION_DELETE = 3;
+/**
+* Sync a user's org membership to SpiceDB.
+* Call when: user joins org, role changes, user leaves org.
+*/
+async function syncOrgMemberToSpiceDb(params) {
+	if (!isAuthzEnabled(params.tenantId)) return;
+	if (params.action === "add") await writeRelationship({
+		resourceType: SpiceDbResourceTypes.ORGANIZATION,
+		resourceId: params.tenantId,
+		relation: params.role,
+		subjectType: SpiceDbResourceTypes.USER,
+		subjectId: params.userId
+	});
+	else await deleteRelationship({
+		resourceType: SpiceDbResourceTypes.ORGANIZATION,
+		resourceId: params.tenantId,
+		relation: params.role,
+		subjectType: SpiceDbResourceTypes.USER,
+		subjectId: params.userId
+	});
+}
+/**
+* Change a user's organization role.
+* Removes the old role and adds the new one atomically in a single transaction.
+* Call when: user's org role is updated (e.g., member -> admin).
+*/
+async function changeOrgRole(params) {
+	if (!isAuthzEnabled(params.tenantId)) return;
+	if (params.oldRole === params.newRole) return;
+	await getSpiceClient().promises.writeRelationships({
+		updates: [{
+			operation: RELATIONSHIP_OPERATION_DELETE,
+			relationship: {
+				resource: {
+					objectType: SpiceDbResourceTypes.ORGANIZATION,
+					objectId: params.tenantId
+				},
+				relation: params.oldRole,
+				subject: {
+					object: {
+						objectType: SpiceDbResourceTypes.USER,
+						objectId: params.userId
+					},
+					optionalRelation: ""
+				},
+				optionalCaveat: void 0
+			}
+		}, {
+			operation: RELATIONSHIP_OPERATION_TOUCH,
+			relationship: {
+				resource: {
+					objectType: SpiceDbResourceTypes.ORGANIZATION,
+					objectId: params.tenantId
+				},
+				relation: params.newRole,
+				subject: {
+					object: {
+						objectType: SpiceDbResourceTypes.USER,
+						objectId: params.userId
+					},
+					optionalRelation: ""
+				},
+				optionalCaveat: void 0
+			}
+		}],
+		optionalPreconditions: [],
+		optionalTransactionMetadata: void 0
+	});
+}
+/**
+* Sync a new project to SpiceDB.
+* Links project to org and grants creator project_admin role.
+* Call when: project is created.
+*/
+async function syncProjectToSpiceDb(params) {
+	if (!isAuthzEnabled(params.tenantId)) return;
+	await getSpiceClient().promises.writeRelationships({
+		updates: [{
+			operation: RELATIONSHIP_OPERATION_CREATE,
+			relationship: {
+				resource: {
+					objectType: SpiceDbResourceTypes.PROJECT,
+					objectId: params.projectId
+				},
+				relation: SpiceDbRelations.ORGANIZATION,
+				subject: {
+					object: {
+						objectType: SpiceDbResourceTypes.ORGANIZATION,
+						objectId: params.tenantId
+					},
+					optionalRelation: ""
+				},
+				optionalCaveat: void 0
+			}
+		}, {
+			operation: RELATIONSHIP_OPERATION_CREATE,
+			relationship: {
+				resource: {
+					objectType: SpiceDbResourceTypes.PROJECT,
+					objectId: params.projectId
+				},
+				relation: SpiceDbRelations.PROJECT_ADMIN,
+				subject: {
+					object: {
+						objectType: SpiceDbResourceTypes.USER,
+						objectId: params.creatorUserId
+					},
+					optionalRelation: ""
+				},
+				optionalCaveat: void 0
+			}
+		}],
+		optionalPreconditions: [],
+		optionalTransactionMetadata: void 0
+	});
+}
+/**
+* Grant project access to a user.
+*/
+async function grantProjectAccess(params) {
+	if (!isAuthzEnabled(params.tenantId)) throw new Error("Authorization is not enabled");
+	await writeRelationship({
+		resourceType: SpiceDbResourceTypes.PROJECT,
+		resourceId: params.projectId,
+		relation: params.role,
+		subjectType: SpiceDbResourceTypes.USER,
+		subjectId: params.userId
+	});
+}
+/**
+* Revoke project access from a user.
+*/
+async function revokeProjectAccess(params) {
+	if (!isAuthzEnabled(params.tenantId)) throw new Error("Authorization is not enabled");
+	await deleteRelationship({
+		resourceType: SpiceDbResourceTypes.PROJECT,
+		resourceId: params.projectId,
+		relation: params.role,
+		subjectType: SpiceDbResourceTypes.USER,
+		subjectId: params.userId
+	});
+}
+/**
+* Change a user's project role.
+* Removes the old role and adds the new one atomically in a single transaction.
+*/
+async function changeProjectRole(params) {
+	if (!isAuthzEnabled(params.tenantId)) throw new Error("Authorization is not enabled");
+	if (params.oldRole === params.newRole) return;
+	await getSpiceClient().promises.writeRelationships({
+		updates: [{
+			operation: RELATIONSHIP_OPERATION_DELETE,
+			relationship: {
+				resource: {
+					objectType: SpiceDbResourceTypes.PROJECT,
+					objectId: params.projectId
+				},
+				relation: params.oldRole,
+				subject: {
+					object: {
+						objectType: SpiceDbResourceTypes.USER,
+						objectId: params.userId
+					},
+					optionalRelation: ""
+				},
+				optionalCaveat: void 0
+			}
+		}, {
+			operation: RELATIONSHIP_OPERATION_TOUCH,
+			relationship: {
+				resource: {
+					objectType: SpiceDbResourceTypes.PROJECT,
+					objectId: params.projectId
+				},
+				relation: params.newRole,
+				subject: {
+					object: {
+						objectType: SpiceDbResourceTypes.USER,
+						objectId: params.userId
+					},
+					optionalRelation: ""
+				},
+				optionalCaveat: void 0
+			}
+		}],
+		optionalPreconditions: [],
+		optionalTransactionMetadata: void 0
+	});
+}
+/**
+* Remove a project from SpiceDB.
+* Call when: project is deleted.
+*/
+async function removeProjectFromSpiceDb(params) {
+	if (!isAuthzEnabled(params.tenantId)) return;
+	await getSpiceClient().promises.deleteRelationships({
+		relationshipFilter: {
+			resourceType: SpiceDbResourceTypes.PROJECT,
+			optionalResourceId: params.projectId,
+			optionalResourceIdPrefix: "",
+			optionalRelation: ""
+		},
+		optionalPreconditions: [],
+		optionalLimit: 0,
+		optionalAllowPartialDeletions: false,
+		optionalTransactionMetadata: void 0
+	});
+}
+/**
+* List all explicit project members from SpiceDB.
+* Returns users with project_admin, project_member, or project_viewer roles.
+*/
+async function listProjectMembers(params) {
+	if (!isAuthzEnabled(params.tenantId)) return [];
+	return (await readRelationships({
+		resourceType: SpiceDbResourceTypes.PROJECT,
+		resourceId: params.projectId
+	})).filter((rel) => rel.subjectType === SpiceDbResourceTypes.USER && (rel.relation === SpiceDbRelations.PROJECT_ADMIN || rel.relation === SpiceDbRelations.PROJECT_MEMBER || rel.relation === SpiceDbRelations.PROJECT_VIEWER)).map((rel) => ({
+		userId: rel.subjectId,
+		role: rel.relation
+	}));
+}
+
+//#endregion
+export { changeOrgRole, changeProjectRole, grantProjectAccess, listProjectMembers, removeProjectFromSpiceDb, revokeProjectAccess, syncOrgMemberToSpiceDb, syncProjectToSpiceDb };

package/dist/auth/permissions.d.ts

@@ -1,29 +1,29 @@
-import * as better_auth_plugins55 from "better-auth/plugins";
+import * as better_auth_plugins0 from "better-auth/plugins";
 import { AccessControl } from "better-auth/plugins/access";
 import { organizationClient } from "better-auth/client/plugins";
 
 //#region src/auth/permissions.d.ts
 declare const ac: AccessControl;
 declare const memberRole: {
-  authorize<K_1 extends "function" | "agent" | "project" | "organization" | "credential" | "tool" | "member" | "invitation" | "ac" | "sub_agent" | "api_key" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins55.Subset<"function" | "agent" | "project" | "organization" | "credential" | "tool" | "member" | "invitation" | "ac" | "sub_agent" | "api_key" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "team", better_auth_plugins55.Statements>[key] | {
-    actions: better_auth_plugins55.Subset<"function" | "agent" | "project" | "organization" | "credential" | "tool" | "member" | "invitation" | "ac" | "sub_agent" | "api_key" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "team", better_auth_plugins55.Statements>[key];
+  authorize<K_1 extends "project" | "organization" | "team" | "member" | "ac" | "invitation">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins0.Statements>[key] | {
+    actions: better_auth_plugins0.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins0.Statements>[key];
     connector: "OR" | "AND";
-  } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins55.AuthorizeResponse;
-  statements: better_auth_plugins55.Subset<"function" | "agent" | "project" | "organization" | "credential" | "tool" | "member" | "invitation" | "ac" | "sub_agent" | "api_key" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "team", better_auth_plugins55.Statements>;
+  } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
+  statements: better_auth_plugins0.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins0.Statements>;
 };
 declare const adminRole: {
-  authorize<K_1 extends "function" | "agent" | "project" | "organization" | "credential" | "tool" | "member" | "invitation" | "ac" | "sub_agent" | "api_key" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins55.Subset<"function" | "agent" | "project" | "organization" | "credential" | "tool" | "member" | "invitation" | "ac" | "sub_agent" | "api_key" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "team", better_auth_plugins55.Statements>[key] | {
-    actions: better_auth_plugins55.Subset<"function" | "agent" | "project" | "organization" | "credential" | "tool" | "member" | "invitation" | "ac" | "sub_agent" | "api_key" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "team", better_auth_plugins55.Statements>[key];
+  authorize<K_1 extends "project" | "organization" | "team" | "member" | "ac" | "invitation">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins0.Statements>[key] | {
+    actions: better_auth_plugins0.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins0.Statements>[key];
     connector: "OR" | "AND";
-  } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins55.AuthorizeResponse;
-  statements: better_auth_plugins55.Subset<"function" | "agent" | "project" | "organization" | "credential" | "tool" | "member" | "invitation" | "ac" | "sub_agent" | "api_key" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "team", better_auth_plugins55.Statements>;
+  } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
+  statements: better_auth_plugins0.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins0.Statements>;
 };
 declare const ownerRole: {
-  authorize<K_1 extends "function" | "agent" | "project" | "organization" | "credential" | "tool" | "member" | "invitation" | "ac" | "sub_agent" | "api_key" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins55.Subset<"function" | "agent" | "project" | "organization" | "credential" | "tool" | "member" | "invitation" | "ac" | "sub_agent" | "api_key" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "team", better_auth_plugins55.Statements>[key] | {
-    actions: better_auth_plugins55.Subset<"function" | "agent" | "project" | "organization" | "credential" | "tool" | "member" | "invitation" | "ac" | "sub_agent" | "api_key" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "team", better_auth_plugins55.Statements>[key];
+  authorize<K_1 extends "project" | "organization" | "team" | "member" | "ac" | "invitation">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins0.Statements>[key] | {
+    actions: better_auth_plugins0.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins0.Statements>[key];
     connector: "OR" | "AND";
-  } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins55.AuthorizeResponse;
-  statements: better_auth_plugins55.Subset<"function" | "agent" | "project" | "organization" | "credential" | "tool" | "member" | "invitation" | "ac" | "sub_agent" | "api_key" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "team", better_auth_plugins55.Statements>;
+  } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
+  statements: better_auth_plugins0.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins0.Statements>;
 };
 //#endregion
 export { ac, adminRole, memberRole, organizationClient, ownerRole };

package/dist/auth/permissions.js

@@ -10,138 +10,19 @@ const statement = {
 		"read",
 		"update",
 		"delete"
-	],
-	agent: [
-		"create",
-		"read",
-		"update",
-		"delete"
-	],
-	sub_agent: [
-		"create",
-		"read",
-		"update",
-		"delete"
-	],
-	tool: [
-		"create",
-		"read",
-		"update",
-		"delete"
-	],
-	api_key: [
-		"create",
-		"read",
-		"update",
-		"delete"
-	],
-	credential: [
-		"create",
-		"read",
-		"update",
-		"delete"
-	],
-	data_component: [
-		"create",
-		"read",
-		"update",
-		"delete"
-	],
-	artifact_component: [
-		"create",
-		"read",
-		"update",
-		"delete"
-	],
-	external_agent: [
-		"create",
-		"read",
-		"update",
-		"delete"
-	],
-	function: [
-		"create",
-		"read",
-		"update",
-		"delete"
-	],
-	context_config: [
-		"create",
-		"read",
-		"update",
-		"delete"
 	]
 };
 const ac = createAccessControl(statement);
 const memberRole = ac.newRole({
 	project: ["read"],
-	agent: ["read"],
-	sub_agent: ["read"],
-	tool: ["read"],
-	api_key: ["read"],
-	credential: ["read"],
-	data_component: ["read"],
-	artifact_component: ["read"],
-	external_agent: ["read"],
-	function: ["read"],
-	context_config: ["read"],
 	...memberAc.statements
 });
 const adminRole = ac.newRole({
 	project: [
 		"create",
 		"read",
-		"update"
-	],
-	agent: [
-		"create",
-		"read",
-		"update"
-	],
-	sub_agent: [
-		"create",
-		"read",
-		"update"
-	],
-	tool: [
-		"create",
-		"read",
-		"update"
-	],
-	api_key: [
-		"create",
-		"read",
-		"update"
-	],
-	credential: [
-		"create",
-		"read",
-		"update"
-	],
-	data_component: [
-		"create",
-		"read",
-		"update"
-	],
-	artifact_component: [
-		"create",
-		"read",
-		"update"
-	],
-	external_agent: [
-		"create",
-		"read",
-		"update"
-	],
-	function: [
-		"create",
-		"read",
-		"update"
-	],
-	context_config: [
-		"create",
-		"read",
-		"update"
+		"update",
+		"delete"
 	],
 	...adminAc.statements
 });
@@ -152,66 +33,6 @@ const ownerRole = ac.newRole({
 		"update",
 		"delete"
 	],
-	agent: [
-		"create",
-		"read",
-		"update",
-		"delete"
-	],
-	sub_agent: [
-		"create",
-		"read",
-		"update",
-		"delete"
-	],
-	tool: [
-		"create",
-		"read",
-		"update",
-		"delete"
-	],
-	api_key: [
-		"create",
-		"read",
-		"update",
-		"delete"
-	],
-	credential: [
-		"create",
-		"read",
-		"update",
-		"delete"
-	],
-	data_component: [
-		"create",
-		"read",
-		"update",
-		"delete"
-	],
-	artifact_component: [
-		"create",
-		"read",
-		"update",
-		"delete"
-	],
-	external_agent: [
-		"create",
-		"read",
-		"update",
-		"delete"
-	],
-	function: [
-		"create",
-		"read",
-		"update",
-		"delete"
-	],
-	context_config: [
-		"create",
-		"read",
-		"update",
-		"delete"
-	],
 	...ownerAc.statements
 });
 

package/dist/data-access/manage/projectLifecycle.d.ts

@@ -103,6 +103,7 @@ interface ListProjectsWithMetadataResult {
 declare const listProjectsWithMetadataPaginated: (runDb: AgentsRunDatabaseClient, configDb: AgentsManageDatabaseClient) => (params: {
   tenantId: string;
   pagination?: PaginationConfig;
+  projectIds?: string[];
 }) => Promise<ListProjectsWithMetadataResult>;
 /**
  * Get a single project with metadata from both runtime and config DBs

package/dist/data-access/manage/projectLifecycle.js

@@ -177,10 +177,11 @@ async function getProjectMetadataFromBranch(configDb, branchName, tenantId, proj
 * @param configDb - Config database client (Doltgres)
 */
 const listProjectsWithMetadataPaginated = (runDb, configDb) => async (params) => {
-	const { tenantId, pagination } = params;
+	const { tenantId, pagination, projectIds } = params;
 	const projectMetadataResult = await listProjectsMetadataPaginated(runDb)({
 		tenantId,
-		pagination
+		pagination,
+		projectIds
 	});
 	return {
 		data: await Promise.all(projectMetadataResult.data.map(async (projectMetadata) => {

package/dist/data-access/manage/projects.d.ts

@@ -6,16 +6,20 @@ import { ProjectInsert, ProjectSelect, ProjectUpdate } from "../../types/entitie
 
 /**
  * List all unique project IDs within a tenant by scanning all resource tables
+ * @param projectIds - Optional array of project IDs to filter by. If undefined, returns all projects.
  */
 declare const listProjects: (db: AgentsManageDatabaseClient) => (params: {
   tenantId: string;
+  projectIds?: string[];
 }) => Promise<ProjectInfo[]>;
 /**
  * List all unique project IDs within a tenant with pagination
+ * Optionally filter by a list of project IDs (for access control)
  */
 declare const listProjectsPaginated: (db: AgentsManageDatabaseClient) => (params: {
   tenantId: string;
   pagination?: PaginationConfig;
+  projectIds?: string[];
 }) => Promise<{
   data: ProjectSelect[];
   pagination: PaginationResult;

package/dist/data-access/manage/projects.js

@@ -1,12 +1,15 @@
 import { agents, artifactComponents, contextConfigs, credentialReferences, dataComponents, externalAgents, projects, subAgentArtifactComponents, subAgentDataComponents, subAgentRelations, subAgentToolRelations, subAgents, tools } from "../../db/manage/manage-schema.js";
-import { and, count, desc, eq } from "drizzle-orm";
+import { and, count, desc, eq, inArray } from "drizzle-orm";
 
 //#region src/data-access/manage/projects.ts
 /**
 * List all unique project IDs within a tenant by scanning all resource tables
+* @param projectIds - Optional array of project IDs to filter by. If undefined, returns all projects.
 */
 const listProjects = (db) => async (params) => {
-	const projectsFromTable = await db.select({ projectId: projects.id }).from(projects).where(eq(projects.tenantId, params.tenantId));
+	if (params.projectIds !== void 0 && params.projectIds.length === 0) return [];
+	const whereClause = params.projectIds ? and(eq(projects.tenantId, params.tenantId), inArray(projects.id, params.projectIds)) : eq(projects.tenantId, params.tenantId);
+	const projectsFromTable = await db.select({ projectId: projects.id }).from(projects).where(whereClause);
 	if (projectsFromTable.length > 0) return projectsFromTable.map((p) => ({ projectId: p.projectId }));
 	const projectIdSets = await Promise.all([
 		db.selectDistinct({ projectId: subAgents.projectId }).from(subAgents).where(eq(subAgents.tenantId, params.tenantId)),
@@ -25,19 +28,23 @@ const listProjects = (db) => async (params) => {
 	const allProjectIds = /* @__PURE__ */ new Set();
 	projectIdSets.forEach((results) => {
 		results.forEach((row) => {
-			if (row.projectId) allProjectIds.add(row.projectId);
+			if (row.projectId) {
+				if (!params.projectIds || params.projectIds.includes(row.projectId)) allProjectIds.add(row.projectId);
+			}
 		});
 	});
 	return Array.from(allProjectIds).sort().map((projectId) => ({ projectId }));
 };
 /**
 * List all unique project IDs within a tenant with pagination
+* Optionally filter by a list of project IDs (for access control)
 */
 const listProjectsPaginated = (db) => async (params) => {
 	const page = params.pagination?.page || 1;
 	const limit = params.pagination?.limit || 10;
 	const offset = (page - 1) * limit;
-	const [data, totalResult] = await Promise.all([db.select().from(projects).where(eq(projects.tenantId, params.tenantId)).limit(limit).offset(offset).orderBy(desc(projects.createdAt)), db.select({ count: count() }).from(projects).where(eq(projects.tenantId, params.tenantId))]);
+	const whereClause = params.projectIds ? and(eq(projects.tenantId, params.tenantId), inArray(projects.id, params.projectIds)) : eq(projects.tenantId, params.tenantId);
+	const [data, totalResult] = await Promise.all([db.select().from(projects).where(whereClause).limit(limit).offset(offset).orderBy(desc(projects.createdAt)), db.select({ count: count() }).from(projects).where(whereClause)]);
 	const total = totalResult[0]?.count || 0;
 	return {
 		data,

package/dist/data-access/runtime/messages.d.ts

@@ -16,19 +16,19 @@ declare const getMessageById: (db: AgentsRunDatabaseClient) => (params: {
   updatedAt: string;
   metadata: MessageMetadata | null;
   content: MessageContent;
-  conversationId: string;
-  role: string;
   fromSubAgentId: string | null;
   toSubAgentId: string | null;
   fromExternalAgentId: string | null;
   toExternalAgentId: string | null;
+  taskId: string | null;
+  a2aTaskId: string | null;
+  conversationId: string;
+  role: string;
   fromTeamAgentId: string | null;
   toTeamAgentId: string | null;
   visibility: string;
   messageType: string;
-  taskId: string | null;
   parentMessageId: string | null;
-  a2aTaskId: string | null;
   a2aSessionId: string | null;
 } | undefined>;
 declare const listMessages: (db: AgentsRunDatabaseClient) => (params: {
@@ -147,19 +147,19 @@ declare const createMessage: (db: AgentsRunDatabaseClient) => (params: MessageIn
   updatedAt: string;
   metadata: MessageMetadata | null;
   content: MessageContent;
-  conversationId: string;
-  role: string;
   fromSubAgentId: string | null;
   toSubAgentId: string | null;
   fromExternalAgentId: string | null;
   toExternalAgentId: string | null;
+  taskId: string | null;
+  a2aTaskId: string | null;
+  conversationId: string;
+  role: string;
   fromTeamAgentId: string | null;
   toTeamAgentId: string | null;
   visibility: string;
   messageType: string;
-  taskId: string | null;
   parentMessageId: string | null;
-  a2aTaskId: string | null;
   a2aSessionId: string | null;
 }>;
 declare const updateMessage: (db: AgentsRunDatabaseClient) => (params: {
@@ -200,19 +200,19 @@ declare const deleteMessage: (db: AgentsRunDatabaseClient) => (params: {
   updatedAt: string;
   metadata: MessageMetadata | null;
   content: MessageContent;
-  conversationId: string;
-  role: string;
   fromSubAgentId: string | null;
   toSubAgentId: string | null;
   fromExternalAgentId: string | null;
   toExternalAgentId: string | null;
+  taskId: string | null;
+  a2aTaskId: string | null;
+  conversationId: string;
+  role: string;
   fromTeamAgentId: string | null;
   toTeamAgentId: string | null;
   visibility: string;
   messageType: string;
-  taskId: string | null;
   parentMessageId: string | null;
-  a2aTaskId: string | null;
   a2aSessionId: string | null;
 }>;
 declare const countMessagesByConversation: (db: AgentsRunDatabaseClient) => (params: {

package/dist/data-access/runtime/projects.d.ts

@@ -27,10 +27,12 @@ declare const listProjectsMetadata: (db: AgentsRunDatabaseClient) => (params: {
 }) => Promise<ProjectMetadataSelect[]>;
 /**
  * List runtimeProjects with pagination from the runtime DB
+ * @param projectIds - Optional array of project IDs to filter by. If undefined, returns all projects.
  */
 declare const listProjectsMetadataPaginated: (db: AgentsRunDatabaseClient) => (params: {
   tenantId: string;
   pagination?: PaginationConfig;
+  projectIds?: string[];
 }) => Promise<ProjectMetadataPaginatedResult>;
 /**
  * Create a project in the runtime DB