@inkeep/agents-core 0.0.0-dev-20260206223853 → 0.0.0-dev-20260207223415

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. package/dist/auth/auth-schema.d.ts +83 -83
  2. package/dist/auth/auth.d.ts +53 -53
  3. package/dist/auth/authz/config.d.ts +5 -1
  4. package/dist/auth/authz/config.js +8 -3
  5. package/dist/auth/init.js +11 -1
  6. package/dist/auth/permissions.d.ts +13 -13
  7. package/dist/auth/spicedb-schema.d.ts +9 -0
  8. package/dist/auth/spicedb-schema.js +24 -0
  9. package/dist/client-exports.d.ts +4 -192
  10. package/dist/client-exports.js +2 -97
  11. package/dist/data-access/manage/agents.d.ts +10 -10
  12. package/dist/data-access/manage/artifactComponents.d.ts +4 -4
  13. package/dist/data-access/manage/functionTools.d.ts +8 -8
  14. package/dist/data-access/manage/subAgentExternalAgentRelations.d.ts +12 -12
  15. package/dist/data-access/manage/subAgentRelations.d.ts +4 -4
  16. package/dist/data-access/manage/subAgentTeamAgentRelations.d.ts +6 -6
  17. package/dist/data-access/manage/subAgents.d.ts +6 -6
  18. package/dist/data-access/manage/tools.d.ts +15 -15
  19. package/dist/data-access/manage/tools.js +1 -1
  20. package/dist/data-access/manage/triggers.d.ts +2 -2
  21. package/dist/data-access/runtime/apiKeys.d.ts +4 -4
  22. package/dist/data-access/runtime/conversations.d.ts +11 -11
  23. package/dist/data-access/runtime/tasks.d.ts +2 -2
  24. package/dist/db/manage/manage-schema.d.ts +4 -4
  25. package/dist/db/runtime/runtime-schema.d.ts +6 -6
  26. package/dist/index.d.ts +2 -2
  27. package/dist/index.js +5 -5
  28. package/dist/types/index.js +1 -1
  29. package/dist/validation/dolt-schemas.d.ts +1 -1
  30. package/dist/validation/index.d.ts +2 -2
  31. package/dist/validation/index.js +2 -2
  32. package/dist/validation/schemas.d.ts +1400 -1399
  33. package/dist/validation/schemas.js +3 -2
  34. package/package.json +5 -2
package/dist/auth/auth.d.ts CHANGED
@@ -2,7 +2,7 @@ import { AgentsRunDatabaseClient } from "../db/runtime/runtime-client.js";
2
2
  import * as _better_auth_sso0 from "@better-auth/sso";
3
3
  import * as better_auth0 from "better-auth";
4
4
  import { BetterAuthAdvancedOptions } from "better-auth";
5
- import * as better_auth_plugins0 from "better-auth/plugins";
5
+ import * as better_auth_plugins20 from "better-auth/plugins";
6
6
  import * as zod0 from "zod";
7
7
  import { GoogleOptions } from "better-auth/social-providers";
8
8
 
@@ -247,7 +247,7 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
247
247
  handler: (inputContext: better_auth0.MiddlewareInputContext<better_auth0.MiddlewareOptions>) => Promise<void>;
248
248
  }[];
249
249
  };
250
- options: better_auth_plugins0.BearerOptions | undefined;
250
+ options: better_auth_plugins20.BearerOptions | undefined;
251
251
  }, {
252
252
  id: "sso";
253
253
  endpoints: {
@@ -875,30 +875,30 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
875
875
  };
876
876
  }, {
877
877
  id: "organization";
878
- endpoints: better_auth_plugins0.OrganizationEndpoints<{
878
+ endpoints: better_auth_plugins20.OrganizationEndpoints<{
879
879
  allowUserToCreateOrganization: true;
880
- ac: better_auth_plugins0.AccessControl;
880
+ ac: better_auth_plugins20.AccessControl;
881
881
  roles: {
882
882
  member: {
883
- authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
884
- actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
883
+ authorize<K_1 extends "project" | "organization" | "team" | "member" | "ac" | "invitation">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>[key] | {
884
+ actions: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>[key];
885
885
  connector: "OR" | "AND";
886
- } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
887
- statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
886
+ } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins20.AuthorizeResponse;
887
+ statements: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>;
888
888
  };
889
889
  admin: {
890
- authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
891
- actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
890
+ authorize<K_1 extends "project" | "organization" | "team" | "member" | "ac" | "invitation">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>[key] | {
891
+ actions: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>[key];
892
892
  connector: "OR" | "AND";
893
- } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
894
- statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
893
+ } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins20.AuthorizeResponse;
894
+ statements: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>;
895
895
  };
896
896
  owner: {
897
- authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
898
- actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
897
+ authorize<K_1 extends "project" | "organization" | "team" | "member" | "ac" | "invitation">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>[key] | {
898
+ actions: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>[key];
899
899
  connector: "OR" | "AND";
900
- } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
901
- statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
900
+ } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins20.AuthorizeResponse;
901
+ statements: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>;
902
902
  };
903
903
  };
904
904
  creatorRole: "admin";
@@ -909,9 +909,9 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
909
909
  id: string;
910
910
  role: string;
911
911
  email: string;
912
- organization: better_auth_plugins0.Organization;
913
- invitation: better_auth_plugins0.Invitation;
914
- inviter: better_auth_plugins0.Member & {
912
+ organization: better_auth_plugins20.Organization;
913
+ invitation: better_auth_plugins20.Invitation;
914
+ inviter: better_auth_plugins20.Member & {
915
915
  user: better_auth0.User;
916
916
  };
917
917
  }): Promise<void>;
@@ -932,28 +932,28 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
932
932
  user,
933
933
  organization: org
934
934
  }: {
935
- invitation: better_auth_plugins0.Invitation & Record<string, any>;
936
- member: better_auth_plugins0.Member & Record<string, any>;
935
+ invitation: better_auth_plugins20.Invitation & Record<string, any>;
936
+ member: better_auth_plugins20.Member & Record<string, any>;
937
937
  user: better_auth0.User & Record<string, any>;
938
- organization: better_auth_plugins0.Organization & Record<string, any>;
938
+ organization: better_auth_plugins20.Organization & Record<string, any>;
939
939
  }) => Promise<void>;
940
940
  beforeUpdateMemberRole: ({
941
941
  member,
942
942
  organization: org,
943
943
  newRole
944
944
  }: {
945
- member: better_auth_plugins0.Member & Record<string, any>;
945
+ member: better_auth_plugins20.Member & Record<string, any>;
946
946
  newRole: string;
947
947
  user: better_auth0.User & Record<string, any>;
948
- organization: better_auth_plugins0.Organization & Record<string, any>;
948
+ organization: better_auth_plugins20.Organization & Record<string, any>;
949
949
  }) => Promise<void>;
950
950
  afterRemoveMember: ({
951
951
  member,
952
952
  organization: org
953
953
  }: {
954
- member: better_auth_plugins0.Member & Record<string, any>;
954
+ member: better_auth_plugins20.Member & Record<string, any>;
955
955
  user: better_auth0.User & Record<string, any>;
956
- organization: better_auth_plugins0.Organization & Record<string, any>;
956
+ organization: better_auth_plugins20.Organization & Record<string, any>;
957
957
  }) => Promise<void>;
958
958
  };
959
959
  }>;
@@ -1085,7 +1085,7 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
1085
1085
  organizationId: string;
1086
1086
  email: string;
1087
1087
  role: "member" | "admin" | "owner";
1088
- status: better_auth_plugins0.InvitationStatus;
1088
+ status: better_auth_plugins20.InvitationStatus;
1089
1089
  inviterId: string;
1090
1090
  expiresAt: Date;
1091
1091
  createdAt: Date;
@@ -1125,7 +1125,7 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
1125
1125
  organizationId: string;
1126
1126
  email: string;
1127
1127
  role: "member" | "admin" | "owner";
1128
- status: better_auth_plugins0.InvitationStatus;
1128
+ status: better_auth_plugins20.InvitationStatus;
1129
1129
  inviterId: string;
1130
1130
  expiresAt: Date;
1131
1131
  createdAt: Date;
@@ -1200,28 +1200,28 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
1200
1200
  };
1201
1201
  options: NoInfer<{
1202
1202
  allowUserToCreateOrganization: true;
1203
- ac: better_auth_plugins0.AccessControl;
1203
+ ac: better_auth_plugins20.AccessControl;
1204
1204
  roles: {
1205
1205
  member: {
1206
- authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
1207
- actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
1206
+ authorize<K_1 extends "project" | "organization" | "team" | "member" | "ac" | "invitation">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>[key] | {
1207
+ actions: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>[key];
1208
1208
  connector: "OR" | "AND";
1209
- } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
1210
- statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
1209
+ } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins20.AuthorizeResponse;
1210
+ statements: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>;
1211
1211
  };
1212
1212
  admin: {
1213
- authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
1214
- actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
1213
+ authorize<K_1 extends "project" | "organization" | "team" | "member" | "ac" | "invitation">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>[key] | {
1214
+ actions: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>[key];
1215
1215
  connector: "OR" | "AND";
1216
- } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
1217
- statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
1216
+ } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins20.AuthorizeResponse;
1217
+ statements: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>;
1218
1218
  };
1219
1219
  owner: {
1220
- authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
1221
- actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
1220
+ authorize<K_1 extends "project" | "organization" | "team" | "member" | "ac" | "invitation">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>[key] | {
1221
+ actions: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>[key];
1222
1222
  connector: "OR" | "AND";
1223
- } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
1224
- statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
1223
+ } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins20.AuthorizeResponse;
1224
+ statements: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>;
1225
1225
  };
1226
1226
  };
1227
1227
  creatorRole: "admin";
@@ -1232,9 +1232,9 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
1232
1232
  id: string;
1233
1233
  role: string;
1234
1234
  email: string;
1235
- organization: better_auth_plugins0.Organization;
1236
- invitation: better_auth_plugins0.Invitation;
1237
- inviter: better_auth_plugins0.Member & {
1235
+ organization: better_auth_plugins20.Organization;
1236
+ invitation: better_auth_plugins20.Invitation;
1237
+ inviter: better_auth_plugins20.Member & {
1238
1238
  user: better_auth0.User;
1239
1239
  };
1240
1240
  }): Promise<void>;
@@ -1255,28 +1255,28 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
1255
1255
  user,
1256
1256
  organization: org
1257
1257
  }: {
1258
- invitation: better_auth_plugins0.Invitation & Record<string, any>;
1259
- member: better_auth_plugins0.Member & Record<string, any>;
1258
+ invitation: better_auth_plugins20.Invitation & Record<string, any>;
1259
+ member: better_auth_plugins20.Member & Record<string, any>;
1260
1260
  user: better_auth0.User & Record<string, any>;
1261
- organization: better_auth_plugins0.Organization & Record<string, any>;
1261
+ organization: better_auth_plugins20.Organization & Record<string, any>;
1262
1262
  }) => Promise<void>;
1263
1263
  beforeUpdateMemberRole: ({
1264
1264
  member,
1265
1265
  organization: org,
1266
1266
  newRole
1267
1267
  }: {
1268
- member: better_auth_plugins0.Member & Record<string, any>;
1268
+ member: better_auth_plugins20.Member & Record<string, any>;
1269
1269
  newRole: string;
1270
1270
  user: better_auth0.User & Record<string, any>;
1271
- organization: better_auth_plugins0.Organization & Record<string, any>;
1271
+ organization: better_auth_plugins20.Organization & Record<string, any>;
1272
1272
  }) => Promise<void>;
1273
1273
  afterRemoveMember: ({
1274
1274
  member,
1275
1275
  organization: org
1276
1276
  }: {
1277
- member: better_auth_plugins0.Member & Record<string, any>;
1277
+ member: better_auth_plugins20.Member & Record<string, any>;
1278
1278
  user: better_auth0.User & Record<string, any>;
1279
- organization: better_auth_plugins0.Organization & Record<string, any>;
1279
+ organization: better_auth_plugins20.Organization & Record<string, any>;
1280
1280
  }) => Promise<void>;
1281
1281
  };
1282
1282
  }>;
@@ -1613,8 +1613,8 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
1613
1613
  readonly AUTHENTICATION_REQUIRED: "Authentication required";
1614
1614
  };
1615
1615
  options: Partial<{
1616
- expiresIn: better_auth_plugins0.TimeString;
1617
- interval: better_auth_plugins0.TimeString;
1616
+ expiresIn: better_auth_plugins20.TimeString;
1617
+ interval: better_auth_plugins20.TimeString;
1618
1618
  deviceCodeLength: number;
1619
1619
  userCodeLength: number;
1620
1620
  schema: {
package/dist/auth/authz/config.d.ts CHANGED
@@ -1,4 +1,8 @@
1
1
  //#region src/auth/authz/config.d.ts
2
+ /**
3
+ * Check if a SpiceDB endpoint is localhost (used for TLS auto-detection).
4
+ */
5
+ declare function isLocalhostEndpoint(endpoint: string): boolean;
2
6
  /**
3
7
  * Get SpiceDB connection configuration from environment variables.
4
8
  * TLS is auto-detected: disabled for localhost, enabled for remote endpoints.
@@ -94,4 +98,4 @@ interface ProjectPermissions {
94
98
  canEdit: boolean;
95
99
  }
96
100
  //#endregion
97
- export { OrgRole, OrgRoles, ProjectPermissionLevel, ProjectPermissions, ProjectRole, ProjectRoles, SpiceDbOrgPermission, SpiceDbOrgPermissions, SpiceDbProjectPermission, SpiceDbProjectPermissions, SpiceDbRelations, SpiceDbResourceTypes, getSpiceDbConfig };
101
+ export { OrgRole, OrgRoles, ProjectPermissionLevel, ProjectPermissions, ProjectRole, ProjectRoles, SpiceDbOrgPermission, SpiceDbOrgPermissions, SpiceDbProjectPermission, SpiceDbProjectPermissions, SpiceDbRelations, SpiceDbResourceTypes, getSpiceDbConfig, isLocalhostEndpoint };
package/dist/auth/authz/config.js CHANGED
@@ -1,15 +1,20 @@
1
1
  //#region src/auth/authz/config.ts
2
2
  /**
3
+ * Check if a SpiceDB endpoint is localhost (used for TLS auto-detection).
4
+ */
5
+ function isLocalhostEndpoint(endpoint) {
6
+ return endpoint.startsWith("localhost") || endpoint.startsWith("127.0.0.1");
7
+ }
8
+ /**
3
9
  * Get SpiceDB connection configuration from environment variables.
4
10
  * TLS is auto-detected: disabled for localhost, enabled for remote endpoints.
5
11
  */
6
12
  function getSpiceDbConfig() {
7
13
  const endpoint = process.env.SPICEDB_ENDPOINT || "localhost:50051";
8
- const isLocalhost = endpoint.startsWith("localhost") || endpoint.startsWith("127.0.0.1");
9
14
  return {
10
15
  endpoint,
11
16
  token: process.env.SPICEDB_PRESHARED_KEY || "",
12
- tlsEnabled: !isLocalhost
17
+ tlsEnabled: !isLocalhostEndpoint(endpoint)
13
18
  };
14
19
  }
15
20
  /**
@@ -82,4 +87,4 @@ const ProjectRoles = {
82
87
  };
83
88
 
84
89
  //#endregion
85
- export { OrgRoles, ProjectRoles, SpiceDbOrgPermissions, SpiceDbProjectPermissions, SpiceDbRelations, SpiceDbResourceTypes, getSpiceDbConfig };
90
+ export { OrgRoles, ProjectRoles, SpiceDbOrgPermissions, SpiceDbProjectPermissions, SpiceDbRelations, SpiceDbResourceTypes, getSpiceDbConfig, isLocalhostEndpoint };
package/dist/auth/init.js CHANGED
@@ -6,6 +6,7 @@ import { createAgentsRunDatabaseClient } from "../db/runtime/runtime-client.js";
6
6
  import { addUserToOrganization, upsertOrganization } from "../data-access/runtime/organizations.js";
7
7
  import { getUserByEmail } from "../data-access/runtime/users.js";
8
8
  import { createAuth } from "./auth.js";
9
+ import { writeSpiceDbSchema } from "./spicedb-schema.js";
9
10
 
10
11
  //#region src/auth/init.ts
11
12
  /**
@@ -31,6 +32,15 @@ loadEnvironmentFiles();
31
32
  const TENANT_ID = process.env.TENANT_ID || "default";
32
33
  async function init() {
33
34
  console.log("🚀 Initializing database with default organization and user...\n");
35
+ console.log("📜 Writing SpiceDB schema...");
36
+ try {
37
+ await writeSpiceDbSchema();
38
+ console.log(" ✅ SpiceDB schema applied");
39
+ } catch (error) {
40
+ console.error(" ❌ Failed to write SpiceDB schema:", error);
41
+ console.error(" Make sure SpiceDB is running (docker-compose.dbs.yml)");
42
+ process.exit(1);
43
+ }
34
44
  const dbClient = createAgentsRunDatabaseClient();
35
45
  const username = process.env.INKEEP_AGENTS_MANAGE_UI_USERNAME;
36
46
  const password = process.env.INKEEP_AGENTS_MANAGE_UI_PASSWORD;
@@ -102,7 +112,7 @@ async function init() {
102
112
  console.log("✅ Initialization complete!");
103
113
  console.log("================================================");
104
114
  console.log(`\nOrganization: ${TENANT_ID}`);
105
- console.log(`Admin user: ${username} (owner)`);
115
+ console.log(`Admin user: ${username}`);
106
116
  console.log("\nYou can now log in with these credentials.\n");
107
117
  process.exit(0);
108
118
  }
package/dist/auth/permissions.d.ts CHANGED
@@ -1,29 +1,29 @@
1
- import * as better_auth_plugins69 from "better-auth/plugins";
1
+ import * as better_auth_plugins0 from "better-auth/plugins";
2
2
  import { AccessControl } from "better-auth/plugins/access";
3
3
  import { organizationClient } from "better-auth/client/plugins";
4
4
 
5
5
  //#region src/auth/permissions.d.ts
6
6
  declare const ac: AccessControl;
7
7
  declare const memberRole: {
8
- authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key] | {
9
- actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key];
8
+ authorize<K_1 extends "project" | "organization" | "team" | "member" | "ac" | "invitation">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins0.Statements>[key] | {
9
+ actions: better_auth_plugins0.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins0.Statements>[key];
10
10
  connector: "OR" | "AND";
11
- } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
12
- statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>;
11
+ } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
12
+ statements: better_auth_plugins0.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins0.Statements>;
13
13
  };
14
14
  declare const adminRole: {
15
- authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key] | {
16
- actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key];
15
+ authorize<K_1 extends "project" | "organization" | "team" | "member" | "ac" | "invitation">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins0.Statements>[key] | {
16
+ actions: better_auth_plugins0.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins0.Statements>[key];
17
17
  connector: "OR" | "AND";
18
- } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
19
- statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>;
18
+ } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
19
+ statements: better_auth_plugins0.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins0.Statements>;
20
20
  };
21
21
  declare const ownerRole: {
22
- authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key] | {
23
- actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key];
22
+ authorize<K_1 extends "project" | "organization" | "team" | "member" | "ac" | "invitation">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins0.Statements>[key] | {
23
+ actions: better_auth_plugins0.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins0.Statements>[key];
24
24
  connector: "OR" | "AND";
25
- } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
26
- statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>;
25
+ } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
26
+ statements: better_auth_plugins0.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins0.Statements>;
27
27
  };
28
28
  //#endregion
29
29
  export { ac, adminRole, memberRole, organizationClient, ownerRole };
package/dist/auth/spicedb-schema.d.ts ADDED
@@ -0,0 +1,9 @@
1
+ //#region src/auth/spicedb-schema.d.ts
2
+ declare function writeSpiceDbSchema(options?: {
3
+ endpoint?: string;
4
+ token?: string;
5
+ schemaPath?: string;
6
+ maxRetries?: number;
7
+ }): Promise<void>;
8
+ //#endregion
9
+ export { writeSpiceDbSchema };
package/dist/auth/spicedb-schema.js ADDED
@@ -0,0 +1,24 @@
1
+ import { getSpiceDbConfig, isLocalhostEndpoint } from "./authz/config.js";
2
+ import { readFileSync } from "node:fs";
3
+ import { resolve } from "node:path";
4
+ import { v1 } from "@authzed/authzed-node";
5
+
6
+ //#region src/auth/spicedb-schema.ts
7
+ async function writeSpiceDbSchema(options) {
8
+ const config = getSpiceDbConfig();
9
+ const { endpoint = config.endpoint, token = config.token, schemaPath = resolve(import.meta.dirname, "../../spicedb/schema.zed"), maxRetries = 30 } = options ?? {};
10
+ const schema = readFileSync(schemaPath, "utf-8");
11
+ const client = v1.NewClient(token, endpoint, isLocalhostEndpoint(endpoint) ? v1.ClientSecurity.INSECURE_LOCALHOST_ALLOWED : v1.ClientSecurity.SECURE);
12
+ let lastError;
13
+ for (let attempt = 1; attempt <= maxRetries; attempt++) try {
14
+ await client.promises.writeSchema(v1.WriteSchemaRequest.create({ schema }));
15
+ return;
16
+ } catch (error) {
17
+ lastError = error;
18
+ if (attempt < maxRetries) await new Promise((r) => setTimeout(r, 1e3));
19
+ }
20
+ throw new Error(`Failed to write SpiceDB schema after ${maxRetries} attempts: ${lastError?.message}`);
21
+ }
22
+
23
+ //#endregion
24
+ export { writeSpiceDbSchema };