@inkeep/agents-core 0.35.0 → 0.35.2

package/dist/auth/auth-validation-schemas.js

@@ -0,0 +1,39 @@
+import { user, session, account, organization, member, invitation, verification } from '../chunk-NOPEANIU.js';
+import { createSelectSchema, createInsertSchema } from 'drizzle-zod';
+import { z } from 'zod';
+
+var UserSelectSchema = createSelectSchema(user);
+var UserInsertSchema = createInsertSchema(user);
+var SessionSelectSchema = createSelectSchema(session);
+var SessionInsertSchema = createInsertSchema(session);
+var AccountSelectSchema = createSelectSchema(account);
+var AccountInsertSchema = createInsertSchema(account);
+var OrganizationSelectSchema = createSelectSchema(organization);
+var OrganizationInsertSchema = createInsertSchema(organization);
+var MemberSelectSchema = createSelectSchema(member);
+var MemberInsertSchema = createInsertSchema(member);
+var InvitationSelectSchema = createSelectSchema(invitation);
+var InvitationInsertSchema = createInsertSchema(invitation);
+var VerificationSelectSchema = createSelectSchema(verification);
+var VerificationInsertSchema = createInsertSchema(verification);
+var UserOrganizationSchema = z.object({
+  id: z.string(),
+  userId: z.string(),
+  organizationId: z.string(),
+  role: z.string(),
+  createdAt: z.union([z.string(), z.date()]).transform((val) => val instanceof Date ? val.toISOString() : val),
+  organizationName: z.string().nullable(),
+  organizationSlug: z.string().nullable()
+});
+var UserOrganizationsResponseSchema = z.array(UserOrganizationSchema);
+var AddUserToOrganizationRequestSchema = z.object({
+  organizationId: z.string(),
+  role: z.string().default("member")
+});
+var AddUserToOrganizationResponseSchema = z.object({
+  organizationId: z.string(),
+  role: z.string(),
+  createdAt: z.string()
+});
+
+export { AccountInsertSchema, AccountSelectSchema, AddUserToOrganizationRequestSchema, AddUserToOrganizationResponseSchema, InvitationInsertSchema, InvitationSelectSchema, MemberInsertSchema, MemberSelectSchema, OrganizationInsertSchema, OrganizationSelectSchema, SessionInsertSchema, SessionSelectSchema, UserInsertSchema, UserOrganizationSchema, UserOrganizationsResponseSchema, UserSelectSchema, VerificationInsertSchema, VerificationSelectSchema };

package/dist/auth/auth.d.ts

@@ -0,0 +1,118 @@
+import * as better_auth_adapters from 'better-auth/adapters';
+import * as better_auth from 'better-auth';
+import { BetterAuthPlugin } from 'better-auth';
+import { D as DatabaseClient } from '../client-CPYOMZF2.js';
+import 'drizzle-orm/node-postgres';
+import 'drizzle-orm/pglite';
+import '../schema-5N2lPWNV.js';
+import 'drizzle-orm';
+import 'drizzle-orm/pg-core';
+import '../utility-DbltUp2Q.js';
+import 'zod';
+import 'drizzle-zod';
+import '@hono/zod-openapi';
+import './auth-schema.js';
+
+interface OIDCProviderConfig {
+    clientId: string;
+    clientSecret: string;
+    authorizationEndpoint?: string;
+    tokenEndpoint?: string;
+    userinfoEndpoint?: string;
+    jwksEndpoint?: string;
+    discoveryEndpoint?: string;
+    scopes?: string[];
+    pkce?: boolean;
+    mapping?: {
+        id?: string;
+        email?: string;
+        emailVerified?: string;
+        name?: string;
+        image?: string;
+        extraFields?: Record<string, string>;
+    };
+}
+interface SAMLProviderConfig {
+    entryPoint: string;
+    cert: string;
+    callbackUrl: string;
+    audience?: string;
+    wantAssertionsSigned?: boolean;
+    signatureAlgorithm?: string;
+    digestAlgorithm?: string;
+    identifierFormat?: string;
+    mapping?: {
+        id?: string;
+        email?: string;
+        name?: string;
+        firstName?: string;
+        lastName?: string;
+        emailVerified?: string;
+        extraFields?: Record<string, string>;
+    };
+}
+interface SSOProviderConfig {
+    providerId: string;
+    issuer: string;
+    domain: string;
+    organizationId?: string;
+    oidcConfig?: OIDCProviderConfig;
+    samlConfig?: SAMLProviderConfig;
+}
+interface BetterAuthConfig {
+    baseURL: string;
+    secret: string;
+    dbClient: DatabaseClient;
+    ssoProviders?: SSOProviderConfig[];
+}
+interface UserAuthConfig {
+    ssoProviders?: SSOProviderConfig[];
+}
+declare function createAuth(config: BetterAuthConfig): better_auth.Auth<{
+    baseURL: string;
+    secret: string;
+    database: (options: better_auth.BetterAuthOptions) => better_auth_adapters.DBAdapter<better_auth.BetterAuthOptions>;
+    emailAndPassword: {
+        enabled: true;
+        minPasswordLength: number;
+        maxPasswordLength: number;
+        requireEmailVerification: false;
+        autoSignIn: true;
+    };
+    session: {
+        expiresIn: number;
+        updateAge: number;
+    };
+    advanced: {
+        crossSubDomainCookies: {
+            enabled: true;
+        };
+    };
+    trustedOrigins: string[];
+    plugins: BetterAuthPlugin[];
+}>;
+declare const auth: better_auth.Auth<{
+    baseURL: string;
+    secret: string;
+    database: (options: better_auth.BetterAuthOptions) => better_auth_adapters.DBAdapter<better_auth.BetterAuthOptions>;
+    emailAndPassword: {
+        enabled: true;
+        minPasswordLength: number;
+        maxPasswordLength: number;
+        requireEmailVerification: false;
+        autoSignIn: true;
+    };
+    session: {
+        expiresIn: number;
+        updateAge: number;
+    };
+    advanced: {
+        crossSubDomainCookies: {
+            enabled: true;
+        };
+    };
+    trustedOrigins: string[];
+    plugins: BetterAuthPlugin[];
+}>;
+
+export { type BetterAuthConfig, type OIDCProviderConfig, type SAMLProviderConfig, type SSOProviderConfig, type UserAuthConfig, auth, createAuth };

package/dist/auth/auth.js

@@ -0,0 +1,95 @@
+import { createTestDatabaseClient, generateId } from '../chunk-ZYSTJ4XY.js';
+import { ownerRole, adminRole, memberRole, ac } from '../chunk-F5WWOOIX.js';
+import { ssoProvider } from '../chunk-NOPEANIU.js';
+import { sso } from '@better-auth/sso';
+import { betterAuth } from 'better-auth';
+import { drizzleAdapter } from 'better-auth/adapters/drizzle';
+import { organization } from 'better-auth/plugins';
+import { eq } from 'drizzle-orm';
+
+async function registerSSOProvider(dbClient, provider) {
+  try {
+    const existing = await dbClient.select().from(ssoProvider).where(eq(ssoProvider.providerId, provider.providerId)).limit(1);
+    if (existing.length > 0) {
+      return;
+    }
+    if (!provider.domain) {
+      throw new Error(`SSO provider '${provider.providerId}' must have a domain`);
+    }
+    await dbClient.insert(ssoProvider).values({
+      id: generateId(),
+      providerId: provider.providerId,
+      issuer: provider.issuer,
+      domain: provider.domain,
+      oidcConfig: provider.oidcConfig ? JSON.stringify(provider.oidcConfig) : null,
+      samlConfig: provider.samlConfig ? JSON.stringify(provider.samlConfig) : null,
+      userId: null,
+      organizationId: provider.organizationId || null
+    });
+  } catch (error) {
+    console.error(`\u274C Failed to register SSO provider '${provider.providerId}':`, error);
+  }
+}
+function createAuth(config) {
+  const plugins = [
+    sso(),
+    organization({
+      allowUserToCreateOrganization: true,
+      ac,
+      roles: {
+        member: memberRole,
+        admin: adminRole,
+        owner: ownerRole
+      },
+      async sendInvitationEmail(data) {
+        console.log("\u{1F4E7} Invitation created:", {
+          email: data.email,
+          invitedBy: data.inviter.user.name || data.inviter.user.email,
+          organization: data.organization.name,
+          invitationId: data.id
+        });
+      }
+    })
+  ];
+  const auth2 = betterAuth({
+    baseURL: config.baseURL,
+    secret: config.secret,
+    database: drizzleAdapter(config.dbClient, {
+      provider: "pg"
+    }),
+    emailAndPassword: {
+      enabled: true,
+      minPasswordLength: 8,
+      maxPasswordLength: 128,
+      requireEmailVerification: false,
+      autoSignIn: true
+    },
+    session: {
+      expiresIn: 60 * 60 * 24 * 7,
+      updateAge: 60 * 60 * 24
+    },
+    advanced: {
+      crossSubDomainCookies: {
+        enabled: true
+      }
+    },
+    trustedOrigins: ["http://localhost:3000", "http://localhost:3002", config.baseURL],
+    plugins
+  });
+  if (config.ssoProviders?.length) {
+    const providers = config.ssoProviders;
+    setTimeout(async () => {
+      for (const provider of providers) {
+        await registerSSOProvider(config.dbClient, provider);
+      }
+    }, 1e3);
+  }
+  return auth2;
+}
+var auth = createAuth({
+  baseURL: process.env.INKEEP_AGENTS_MANAGE_API_URL || "http://localhost:3002",
+  secret: process.env.BETTER_AUTH_SECRET || "development-secret-change-in-production",
+  dbClient: await createTestDatabaseClient()
+});
+
+export { auth, createAuth };

package/dist/auth/permissions.d.ts

@@ -0,0 +1,273 @@
+import * as better_auth_plugins_access from 'better-auth/plugins/access';
+
+declare const ac: {
+    newRole<K extends "function" | "organization" | "ac" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "member" | "invitation" | "team">(statements: better_auth_plugins_access.Subset<K, {
+        readonly project: readonly ["create", "read", "update", "delete"];
+        readonly agent: readonly ["create", "read", "update", "delete"];
+        readonly sub_agent: readonly ["create", "read", "update", "delete"];
+        readonly tool: readonly ["create", "read", "update", "delete"];
+        readonly api_key: readonly ["create", "read", "update", "delete"];
+        readonly credential: readonly ["create", "read", "update", "delete"];
+        readonly data_component: readonly ["create", "read", "update", "delete"];
+        readonly artifact_component: readonly ["create", "read", "update", "delete"];
+        readonly external_agent: readonly ["create", "read", "update", "delete"];
+        readonly function: readonly ["create", "read", "update", "delete"];
+        readonly context_config: readonly ["create", "read", "update", "delete"];
+        readonly organization: readonly ["update", "delete"];
+        readonly member: readonly ["create", "update", "delete"];
+        readonly invitation: readonly ["create", "cancel"];
+        readonly team: readonly ["create", "update", "delete"];
+        readonly ac: readonly ["create", "read", "update", "delete"];
+    }>): {
+        authorize<K_1 extends K>(request: K_1 extends infer T extends K_2 ? { [key in T]?: better_auth_plugins_access.Subset<K, {
+            readonly project: readonly ["create", "read", "update", "delete"];
+            readonly agent: readonly ["create", "read", "update", "delete"];
+            readonly sub_agent: readonly ["create", "read", "update", "delete"];
+            readonly tool: readonly ["create", "read", "update", "delete"];
+            readonly api_key: readonly ["create", "read", "update", "delete"];
+            readonly credential: readonly ["create", "read", "update", "delete"];
+            readonly data_component: readonly ["create", "read", "update", "delete"];
+            readonly artifact_component: readonly ["create", "read", "update", "delete"];
+            readonly external_agent: readonly ["create", "read", "update", "delete"];
+            readonly function: readonly ["create", "read", "update", "delete"];
+            readonly context_config: readonly ["create", "read", "update", "delete"];
+            readonly organization: readonly ["update", "delete"];
+            readonly member: readonly ["create", "update", "delete"];
+            readonly invitation: readonly ["create", "cancel"];
+            readonly team: readonly ["create", "update", "delete"];
+            readonly ac: readonly ["create", "read", "update", "delete"];
+        }>[key] | {
+            actions: better_auth_plugins_access.Subset<K, {
+                readonly project: readonly ["create", "read", "update", "delete"];
+                readonly agent: readonly ["create", "read", "update", "delete"];
+                readonly sub_agent: readonly ["create", "read", "update", "delete"];
+                readonly tool: readonly ["create", "read", "update", "delete"];
+                readonly api_key: readonly ["create", "read", "update", "delete"];
+                readonly credential: readonly ["create", "read", "update", "delete"];
+                readonly data_component: readonly ["create", "read", "update", "delete"];
+                readonly artifact_component: readonly ["create", "read", "update", "delete"];
+                readonly external_agent: readonly ["create", "read", "update", "delete"];
+                readonly function: readonly ["create", "read", "update", "delete"];
+                readonly context_config: readonly ["create", "read", "update", "delete"];
+                readonly organization: readonly ["update", "delete"];
+                readonly member: readonly ["create", "update", "delete"];
+                readonly invitation: readonly ["create", "cancel"];
+                readonly team: readonly ["create", "update", "delete"];
+                readonly ac: readonly ["create", "read", "update", "delete"];
+            }>[key];
+            connector: "OR" | "AND";
+        } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins_access.AuthorizeResponse;
+        statements: better_auth_plugins_access.Subset<K, {
+            readonly project: readonly ["create", "read", "update", "delete"];
+            readonly agent: readonly ["create", "read", "update", "delete"];
+            readonly sub_agent: readonly ["create", "read", "update", "delete"];
+            readonly tool: readonly ["create", "read", "update", "delete"];
+            readonly api_key: readonly ["create", "read", "update", "delete"];
+            readonly credential: readonly ["create", "read", "update", "delete"];
+            readonly data_component: readonly ["create", "read", "update", "delete"];
+            readonly artifact_component: readonly ["create", "read", "update", "delete"];
+            readonly external_agent: readonly ["create", "read", "update", "delete"];
+            readonly function: readonly ["create", "read", "update", "delete"];
+            readonly context_config: readonly ["create", "read", "update", "delete"];
+            readonly organization: readonly ["update", "delete"];
+            readonly member: readonly ["create", "update", "delete"];
+            readonly invitation: readonly ["create", "cancel"];
+            readonly team: readonly ["create", "update", "delete"];
+            readonly ac: readonly ["create", "read", "update", "delete"];
+        }>;
+    };
+    statements: {
+        readonly project: readonly ["create", "read", "update", "delete"];
+        readonly agent: readonly ["create", "read", "update", "delete"];
+        readonly sub_agent: readonly ["create", "read", "update", "delete"];
+        readonly tool: readonly ["create", "read", "update", "delete"];
+        readonly api_key: readonly ["create", "read", "update", "delete"];
+        readonly credential: readonly ["create", "read", "update", "delete"];
+        readonly data_component: readonly ["create", "read", "update", "delete"];
+        readonly artifact_component: readonly ["create", "read", "update", "delete"];
+        readonly external_agent: readonly ["create", "read", "update", "delete"];
+        readonly function: readonly ["create", "read", "update", "delete"];
+        readonly context_config: readonly ["create", "read", "update", "delete"];
+        readonly organization: readonly ["update", "delete"];
+        readonly member: readonly ["create", "update", "delete"];
+        readonly invitation: readonly ["create", "cancel"];
+        readonly team: readonly ["create", "update", "delete"];
+        readonly ac: readonly ["create", "read", "update", "delete"];
+    };
+};
+declare const memberRole: {
+    authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins_access.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", {
+        readonly project: readonly ["create", "read", "update", "delete"];
+        readonly agent: readonly ["create", "read", "update", "delete"];
+        readonly sub_agent: readonly ["create", "read", "update", "delete"];
+        readonly tool: readonly ["create", "read", "update", "delete"];
+        readonly api_key: readonly ["create", "read", "update", "delete"];
+        readonly credential: readonly ["create", "read", "update", "delete"];
+        readonly data_component: readonly ["create", "read", "update", "delete"];
+        readonly artifact_component: readonly ["create", "read", "update", "delete"];
+        readonly external_agent: readonly ["create", "read", "update", "delete"];
+        readonly function: readonly ["create", "read", "update", "delete"];
+        readonly context_config: readonly ["create", "read", "update", "delete"];
+        readonly organization: readonly ["update", "delete"];
+        readonly member: readonly ["create", "update", "delete"];
+        readonly invitation: readonly ["create", "cancel"];
+        readonly team: readonly ["create", "update", "delete"];
+        readonly ac: readonly ["create", "read", "update", "delete"];
+    }>[key] | {
+        actions: better_auth_plugins_access.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", {
+            readonly project: readonly ["create", "read", "update", "delete"];
+            readonly agent: readonly ["create", "read", "update", "delete"];
+            readonly sub_agent: readonly ["create", "read", "update", "delete"];
+            readonly tool: readonly ["create", "read", "update", "delete"];
+            readonly api_key: readonly ["create", "read", "update", "delete"];
+            readonly credential: readonly ["create", "read", "update", "delete"];
+            readonly data_component: readonly ["create", "read", "update", "delete"];
+            readonly artifact_component: readonly ["create", "read", "update", "delete"];
+            readonly external_agent: readonly ["create", "read", "update", "delete"];
+            readonly function: readonly ["create", "read", "update", "delete"];
+            readonly context_config: readonly ["create", "read", "update", "delete"];
+            readonly organization: readonly ["update", "delete"];
+            readonly member: readonly ["create", "update", "delete"];
+            readonly invitation: readonly ["create", "cancel"];
+            readonly team: readonly ["create", "update", "delete"];
+            readonly ac: readonly ["create", "read", "update", "delete"];
+        }>[key];
+        connector: "OR" | "AND";
+    } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins_access.AuthorizeResponse;
+    statements: better_auth_plugins_access.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", {
+        readonly project: readonly ["create", "read", "update", "delete"];
+        readonly agent: readonly ["create", "read", "update", "delete"];
+        readonly sub_agent: readonly ["create", "read", "update", "delete"];
+        readonly tool: readonly ["create", "read", "update", "delete"];
+        readonly api_key: readonly ["create", "read", "update", "delete"];
+        readonly credential: readonly ["create", "read", "update", "delete"];
+        readonly data_component: readonly ["create", "read", "update", "delete"];
+        readonly artifact_component: readonly ["create", "read", "update", "delete"];
+        readonly external_agent: readonly ["create", "read", "update", "delete"];
+        readonly function: readonly ["create", "read", "update", "delete"];
+        readonly context_config: readonly ["create", "read", "update", "delete"];
+        readonly organization: readonly ["update", "delete"];
+        readonly member: readonly ["create", "update", "delete"];
+        readonly invitation: readonly ["create", "cancel"];
+        readonly team: readonly ["create", "update", "delete"];
+        readonly ac: readonly ["create", "read", "update", "delete"];
+    }>;
+};
+declare const adminRole: {
+    authorize<K_1 extends "function" | "organization" | "ac" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "member" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins_access.Subset<"function" | "organization" | "ac" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "member" | "invitation" | "team", {
+        readonly project: readonly ["create", "read", "update", "delete"];
+        readonly agent: readonly ["create", "read", "update", "delete"];
+        readonly sub_agent: readonly ["create", "read", "update", "delete"];
+        readonly tool: readonly ["create", "read", "update", "delete"];
+        readonly api_key: readonly ["create", "read", "update", "delete"];
+        readonly credential: readonly ["create", "read", "update", "delete"];
+        readonly data_component: readonly ["create", "read", "update", "delete"];
+        readonly artifact_component: readonly ["create", "read", "update", "delete"];
+        readonly external_agent: readonly ["create", "read", "update", "delete"];
+        readonly function: readonly ["create", "read", "update", "delete"];
+        readonly context_config: readonly ["create", "read", "update", "delete"];
+        readonly organization: readonly ["update", "delete"];
+        readonly member: readonly ["create", "update", "delete"];
+        readonly invitation: readonly ["create", "cancel"];
+        readonly team: readonly ["create", "update", "delete"];
+        readonly ac: readonly ["create", "read", "update", "delete"];
+    }>[key] | {
+        actions: better_auth_plugins_access.Subset<"function" | "organization" | "ac" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "member" | "invitation" | "team", {
+            readonly project: readonly ["create", "read", "update", "delete"];
+            readonly agent: readonly ["create", "read", "update", "delete"];
+            readonly sub_agent: readonly ["create", "read", "update", "delete"];
+            readonly tool: readonly ["create", "read", "update", "delete"];
+            readonly api_key: readonly ["create", "read", "update", "delete"];
+            readonly credential: readonly ["create", "read", "update", "delete"];
+            readonly data_component: readonly ["create", "read", "update", "delete"];
+            readonly artifact_component: readonly ["create", "read", "update", "delete"];
+            readonly external_agent: readonly ["create", "read", "update", "delete"];
+            readonly function: readonly ["create", "read", "update", "delete"];
+            readonly context_config: readonly ["create", "read", "update", "delete"];
+            readonly organization: readonly ["update", "delete"];
+            readonly member: readonly ["create", "update", "delete"];
+            readonly invitation: readonly ["create", "cancel"];
+            readonly team: readonly ["create", "update", "delete"];
+            readonly ac: readonly ["create", "read", "update", "delete"];
+        }>[key];
+        connector: "OR" | "AND";
+    } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins_access.AuthorizeResponse;
+    statements: better_auth_plugins_access.Subset<"function" | "organization" | "ac" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "member" | "invitation" | "team", {
+        readonly project: readonly ["create", "read", "update", "delete"];
+        readonly agent: readonly ["create", "read", "update", "delete"];
+        readonly sub_agent: readonly ["create", "read", "update", "delete"];
+        readonly tool: readonly ["create", "read", "update", "delete"];
+        readonly api_key: readonly ["create", "read", "update", "delete"];
+        readonly credential: readonly ["create", "read", "update", "delete"];
+        readonly data_component: readonly ["create", "read", "update", "delete"];
+        readonly artifact_component: readonly ["create", "read", "update", "delete"];
+        readonly external_agent: readonly ["create", "read", "update", "delete"];
+        readonly function: readonly ["create", "read", "update", "delete"];
+        readonly context_config: readonly ["create", "read", "update", "delete"];
+        readonly organization: readonly ["update", "delete"];
+        readonly member: readonly ["create", "update", "delete"];
+        readonly invitation: readonly ["create", "cancel"];
+        readonly team: readonly ["create", "update", "delete"];
+        readonly ac: readonly ["create", "read", "update", "delete"];
+    }>;
+};
+declare const ownerRole: {
+    authorize<K_1 extends "function" | "organization" | "ac" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "member" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins_access.Subset<"function" | "organization" | "ac" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "member" | "invitation" | "team", {
+        readonly project: readonly ["create", "read", "update", "delete"];
+        readonly agent: readonly ["create", "read", "update", "delete"];
+        readonly sub_agent: readonly ["create", "read", "update", "delete"];
+        readonly tool: readonly ["create", "read", "update", "delete"];
+        readonly api_key: readonly ["create", "read", "update", "delete"];
+        readonly credential: readonly ["create", "read", "update", "delete"];
+        readonly data_component: readonly ["create", "read", "update", "delete"];
+        readonly artifact_component: readonly ["create", "read", "update", "delete"];
+        readonly external_agent: readonly ["create", "read", "update", "delete"];
+        readonly function: readonly ["create", "read", "update", "delete"];
+        readonly context_config: readonly ["create", "read", "update", "delete"];
+        readonly organization: readonly ["update", "delete"];
+        readonly member: readonly ["create", "update", "delete"];
+        readonly invitation: readonly ["create", "cancel"];
+        readonly team: readonly ["create", "update", "delete"];
+        readonly ac: readonly ["create", "read", "update", "delete"];
+    }>[key] | {
+        actions: better_auth_plugins_access.Subset<"function" | "organization" | "ac" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "member" | "invitation" | "team", {
+            readonly project: readonly ["create", "read", "update", "delete"];
+            readonly agent: readonly ["create", "read", "update", "delete"];
+            readonly sub_agent: readonly ["create", "read", "update", "delete"];
+            readonly tool: readonly ["create", "read", "update", "delete"];
+            readonly api_key: readonly ["create", "read", "update", "delete"];
+            readonly credential: readonly ["create", "read", "update", "delete"];
+            readonly data_component: readonly ["create", "read", "update", "delete"];
+            readonly artifact_component: readonly ["create", "read", "update", "delete"];
+            readonly external_agent: readonly ["create", "read", "update", "delete"];
+            readonly function: readonly ["create", "read", "update", "delete"];
+            readonly context_config: readonly ["create", "read", "update", "delete"];
+            readonly organization: readonly ["update", "delete"];
+            readonly member: readonly ["create", "update", "delete"];
+            readonly invitation: readonly ["create", "cancel"];
+            readonly team: readonly ["create", "update", "delete"];
+            readonly ac: readonly ["create", "read", "update", "delete"];
+        }>[key];
+        connector: "OR" | "AND";
+    } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins_access.AuthorizeResponse;
+    statements: better_auth_plugins_access.Subset<"function" | "organization" | "ac" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "member" | "invitation" | "team", {
+        readonly project: readonly ["create", "read", "update", "delete"];
+        readonly agent: readonly ["create", "read", "update", "delete"];
+        readonly sub_agent: readonly ["create", "read", "update", "delete"];
+        readonly tool: readonly ["create", "read", "update", "delete"];
+        readonly api_key: readonly ["create", "read", "update", "delete"];
+        readonly credential: readonly ["create", "read", "update", "delete"];
+        readonly data_component: readonly ["create", "read", "update", "delete"];
+        readonly artifact_component: readonly ["create", "read", "update", "delete"];
+        readonly external_agent: readonly ["create", "read", "update", "delete"];
+        readonly function: readonly ["create", "read", "update", "delete"];
+        readonly context_config: readonly ["create", "read", "update", "delete"];
+        readonly organization: readonly ["update", "delete"];
+        readonly member: readonly ["create", "update", "delete"];
+        readonly invitation: readonly ["create", "cancel"];
+        readonly team: readonly ["create", "update", "delete"];
+        readonly ac: readonly ["create", "read", "update", "delete"];
+    }>;
+};
+
+export { ac, adminRole, memberRole, ownerRole };

package/dist/auth/permissions.js

@@ -0,0 +1 @@
+export { ac, adminRole, memberRole, ownerRole } from '../chunk-F5WWOOIX.js';