@inkeep/agents-core 0.35.0 → 0.35.2

package/dist/chunk-ZYSTJ4XY.js

@@ -0,0 +1,948 @@
+import { getLogger } from './chunk-W3L4M7FO.js';
+import { CredentialStoreType, MCPTransportType } from './chunk-YFHT5M2R.js';
+import { schema_exports, projects } from './chunk-NFYCSHD3.js';
+import { organization } from './chunk-NOPEANIU.js';
+import fs from 'fs';
+import os from 'os';
+import path, { dirname, join } from 'path';
+import dotenv from 'dotenv';
+import { expand } from 'dotenv-expand';
+import { findUpSync } from 'find-up';
+import { z } from 'zod';
+import { customAlphabet } from 'nanoid';
+import { scrypt, randomBytes, timingSafeEqual } from 'crypto';
+import { promisify } from 'util';
+import { z as z$1 } from '@hono/zod-openapi';
+import { HTTPException } from 'hono/http-exception';
+import { Client } from '@modelcontextprotocol/sdk/client/index.js';
+import { SSEClientTransport } from '@modelcontextprotocol/sdk/client/sse.js';
+import { StreamableHTTPClientTransport } from '@modelcontextprotocol/sdk/client/streamableHttp.js';
+import { DEFAULT_REQUEST_TIMEOUT_MSEC } from '@modelcontextprotocol/sdk/shared/protocol.js';
+import { CallToolResultSchema } from '@modelcontextprotocol/sdk/types.js';
+import { tool } from 'ai';
+import { asyncExitHook, gracefulExit } from 'exit-hook';
+import { match } from 'ts-pattern';
+import { SignJWT, jwtVerify } from 'jose';
+import { SpanStatusCode, trace } from '@opentelemetry/api';
+import { fileURLToPath } from 'url';
+import { PGlite } from '@electric-sql/pglite';
+import { sql } from 'drizzle-orm';
+import { drizzle } from 'drizzle-orm/pglite';
+import { migrate } from 'drizzle-orm/pglite/migrator';
+
+var loadEnvironmentFiles = () => {
+  const environmentFiles = [];
+  const currentEnv = path.resolve(process.cwd(), ".env");
+  if (fs.existsSync(currentEnv)) {
+    environmentFiles.push(currentEnv);
+  }
+  const rootEnv = findUpSync(".env", { cwd: path.dirname(process.cwd()) });
+  if (rootEnv) {
+    if (rootEnv !== currentEnv) {
+      environmentFiles.push(rootEnv);
+    }
+  }
+  const userConfigPath = path.join(os.homedir(), ".inkeep", "config");
+  if (fs.existsSync(userConfigPath)) {
+    dotenv.config({ path: userConfigPath, override: true, quiet: true });
+  }
+  if (environmentFiles.length > 0) {
+    dotenv.config({
+      path: environmentFiles,
+      override: false,
+      quiet: true
+    });
+    expand({ processEnv: process.env });
+  }
+};
+loadEnvironmentFiles();
+var envSchema = z.object({
+  ENVIRONMENT: z.enum(["development", "production", "pentest", "test"]).optional(),
+  DATABASE_URL: z.string().optional(),
+  POSTGRES_POOL_SIZE: z.string().optional(),
+  INKEEP_AGENTS_JWT_SIGNING_SECRET: z.string().min(32, "INKEEP_AGENTS_JWT_SIGNING_SECRET must be at least 32 characters").optional()
+});
+var parseEnv = () => {
+  try {
+    const parsedEnv = envSchema.parse(process.env);
+    return parsedEnv;
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      const missingVars = error.issues.map((issue) => issue.path.join("."));
+      throw new Error(
+        `\u274C Invalid environment variables: ${missingVars.join(", ")}
+${error.message}`
+      );
+    }
+    throw error;
+  }
+};
+var env = parseEnv();
+
+// src/constants/execution-limits-shared/defaults.ts
+var executionLimitsSharedDefaults = {
+  // MCP Tool Connection and Retry Behavior
+  // Model Context Protocol (MCP) enables agents to connect to external tools and services.
+  // These constants control connection timeouts and retry strategy with exponential backoff.
+  // CONNECTION_TIMEOUT_MS: Maximum wait time for initial MCP server connection
+  // MAX_RETRIES: Maximum number of connection retry attempts before failing
+  // INITIAL_RECONNECTION_DELAY_MS: Starting delay between retry attempts
+  // MAX_RECONNECTION_DELAY_MS: Maximum delay between retry attempts (after exponential growth)
+  // RECONNECTION_DELAY_GROWTH_FACTOR: Multiplier applied to delay after each failed retry (exponential backoff)
+  MCP_TOOL_CONNECTION_TIMEOUT_MS: 3e3,
+  // 3 seconds
+  MCP_TOOL_MAX_RETRIES: 3,
+  MCP_TOOL_MAX_RECONNECTION_DELAY_MS: 3e4,
+  // 30 seconds
+  MCP_TOOL_INITIAL_RECONNECTION_DELAY_MS: 1e3,
+  // 1 second
+  MCP_TOOL_RECONNECTION_DELAY_GROWTH_FACTOR: 1.5,
+  // Conversation History Context Window
+  // CONVERSATION_HISTORY_DEFAULT_LIMIT: Default number of recent messages to retrieve from conversation history.
+  // Used when fetching conversation context for status updates and other operations.
+  CONVERSATION_HISTORY_DEFAULT_LIMIT: 50,
+  // CONVERSATION_HISTORY_MAX_OUTPUT_TOKENS_DEFAULT: Maximum number of tokens from previous conversation messages
+  // to include in the LLM prompt. Prevents excessive token usage while maintaining relevant conversation context.
+  // Messages exceeding this limit are truncated from the beginning of the conversation.
+  // Increased from 4,000 to 8,000 to accommodate tool results in conversation history.
+  CONVERSATION_HISTORY_MAX_OUTPUT_TOKENS_DEFAULT: 8e3
+};
+loadEnvironmentFiles();
+var constantsSchema = z.object(
+  Object.fromEntries(
+    Object.keys(executionLimitsSharedDefaults).map((key) => [
+      `AGENTS_${key}`,
+      z.coerce.number().optional()
+    ])
+  )
+);
+var parseConstants = () => {
+  const envOverrides = constantsSchema.parse(process.env);
+  return Object.fromEntries(
+    Object.entries(executionLimitsSharedDefaults).map(([key, defaultValue]) => [
+      key,
+      envOverrides[`AGENTS_${key}`] ?? defaultValue
+    ])
+  );
+};
+var constants = parseConstants();
+var {
+  MCP_TOOL_CONNECTION_TIMEOUT_MS,
+  MCP_TOOL_MAX_RETRIES,
+  MCP_TOOL_MAX_RECONNECTION_DELAY_MS,
+  MCP_TOOL_INITIAL_RECONNECTION_DELAY_MS,
+  MCP_TOOL_RECONNECTION_DELAY_GROWTH_FACTOR,
+  CONVERSATION_HISTORY_DEFAULT_LIMIT,
+  CONVERSATION_HISTORY_MAX_OUTPUT_TOKENS_DEFAULT
+} = constants;
+
+// src/utils/credential-store-utils.ts
+function getCredentialStoreLookupKeyFromRetrievalParams({
+  retrievalParams,
+  credentialStoreType
+}) {
+  if (retrievalParams.key) {
+    return retrievalParams.key;
+  }
+  if (credentialStoreType === CredentialStoreType.nango) {
+    return JSON.stringify({
+      connectionId: retrievalParams.connectionId,
+      providerConfigKey: retrievalParams.providerConfigKey
+    });
+  }
+  return null;
+}
+var generateId = customAlphabet("abcdefghijklmnopqrstuvwxyz0123456789", 21);
+function getConversationId() {
+  return generateId();
+}
+var scryptAsync = promisify(scrypt);
+var logger = getLogger("api-key");
+var API_KEY_LENGTH = 32;
+var SALT_LENGTH = 32;
+var KEY_LENGTH = 64;
+var PUBLIC_ID_LENGTH = 12;
+var PUBLIC_ID_ALPHABET = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-";
+var generatePublicId = customAlphabet(PUBLIC_ID_ALPHABET, PUBLIC_ID_LENGTH);
+async function generateApiKey() {
+  const publicId = generatePublicId();
+  const secretBytes = randomBytes(API_KEY_LENGTH);
+  const secret = secretBytes.toString("base64url");
+  const key = `sk_${publicId}.${secret}`;
+  const keyPrefix = key.substring(0, 12);
+  const keyHash = await hashApiKey(key);
+  const id = generateId();
+  return {
+    id,
+    publicId,
+    key,
+    keyHash,
+    keyPrefix
+  };
+}
+async function hashApiKey(key) {
+  const salt = randomBytes(SALT_LENGTH);
+  const hashedBuffer = await scryptAsync(key, salt, KEY_LENGTH);
+  const combined = Buffer.concat([salt, hashedBuffer]);
+  return combined.toString("base64");
+}
+async function validateApiKey(key, storedHash) {
+  try {
+    const combined = Buffer.from(storedHash, "base64");
+    const salt = combined.subarray(0, SALT_LENGTH);
+    const storedHashBuffer = combined.subarray(SALT_LENGTH);
+    const hashedBuffer = await scryptAsync(key, salt, KEY_LENGTH);
+    return timingSafeEqual(storedHashBuffer, hashedBuffer);
+  } catch (error) {
+    logger.error({ error }, "Error validating API key");
+    return false;
+  }
+}
+function isApiKeyExpired(expiresAt) {
+  if (!expiresAt) {
+    return false;
+  }
+  const expirationDate = new Date(expiresAt);
+  const now = /* @__PURE__ */ new Date();
+  return now > expirationDate;
+}
+function extractPublicId(key) {
+  try {
+    const parts = key.split(".");
+    if (parts.length !== 2) {
+      return null;
+    }
+    const prefixPart = parts[0];
+    const segments = prefixPart.split("_");
+    if (segments.length < 2) {
+      return null;
+    }
+    const publicId = segments[segments.length - 1];
+    if (publicId.length !== 12) {
+      return null;
+    }
+    return publicId;
+  } catch {
+    return null;
+  }
+}
+function maskApiKey(keyPrefix) {
+  return `${keyPrefix}...`;
+}
+
+// src/utils/date.ts
+function normalizeDateString(dateString) {
+  if (typeof dateString !== "string") {
+    return dateString;
+  }
+  const pgTimestampPattern = /^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}(\.\d{1,3})?$/;
+  if (pgTimestampPattern.test(dateString)) {
+    return dateString.replace(" ", "T") + "Z";
+  }
+  return dateString;
+}
+var ErrorCode = z$1.enum([
+  "bad_request",
+  "unauthorized",
+  "forbidden",
+  "not_found",
+  "conflict",
+  "internal_server_error",
+  "unprocessable_entity"
+]);
+var errorCodeToHttpStatus = {
+  bad_request: 400,
+  unauthorized: 401,
+  forbidden: 403,
+  not_found: 404,
+  conflict: 409,
+  unprocessable_entity: 422,
+  internal_server_error: 500
+};
+var ERROR_DOCS_BASE_URL = "https://docs.inkeep.com/agents-api/errors";
+var problemDetailsSchema = z$1.object({
+  // type: z.string().url().openapi({
+  //   description: "A URI reference that identifies the problem type.",
+  //   example: `${ERROR_DOCS_BASE_URL}#not-found`,
+  // }),
+  title: z$1.string().openapi({
+    description: "A short, human-readable summary of the problem type.",
+    example: "Resource Not Found"
+  }),
+  status: z$1.number().int().openapi({
+    description: "The HTTP status code.",
+    example: 404
+  }),
+  detail: z$1.string().openapi({
+    description: "A human-readable explanation specific to this occurrence of the problem.",
+    example: "The requested resource was not found."
+  }),
+  instance: z$1.string().optional().openapi({
+    description: "A URI reference that identifies the specific occurrence of the problem.",
+    example: "/conversations/123"
+  }),
+  requestId: z$1.string().optional().openapi({
+    description: "A unique identifier for the request, useful for troubleshooting.",
+    example: "req_1234567890"
+  }),
+  code: ErrorCode.openapi({
+    description: "A short code indicating the error code returned.",
+    example: "not_found"
+  })
+}).openapi("ProblemDetails");
+var errorResponseSchema = z$1.object({
+  error: z$1.object({
+    code: ErrorCode.openapi({
+      description: "A short code indicating the error code returned.",
+      example: "not_found"
+    }),
+    message: z$1.string().openapi({
+      description: "A human readable error message.",
+      example: "The requested resource was not found."
+    })
+  })
+}).openapi("ErrorResponse");
+function createApiError({
+  code,
+  message,
+  instance,
+  requestId
+}) {
+  const status = errorCodeToHttpStatus[code];
+  const title = getTitleFromCode(code);
+  const problemDetails = {
+    title,
+    status,
+    detail: message,
+    code,
+    ...instance && { instance },
+    ...requestId && { requestId }
+  };
+  const errorMessage = message.length > 100 ? `${message.substring(0, 97)}...` : message;
+  const responseBody = {
+    ...problemDetails,
+    error: { code, message: errorMessage }
+  };
+  const res = new Response(JSON.stringify(responseBody), {
+    status,
+    headers: {
+      "Content-Type": "application/problem+json",
+      "X-Content-Type-Options": "nosniff",
+      ...requestId && { "X-Request-ID": requestId }
+    }
+  });
+  return new HTTPException(status, { message, res });
+}
+async function handleApiError(error, requestId) {
+  if (error instanceof HTTPException) {
+    const errorData = error.getResponse();
+    const responseText = await errorData.text();
+    let responseJson;
+    try {
+      responseJson = JSON.parse(responseText);
+      if (requestId && !responseJson.requestId) {
+        responseJson.requestId = requestId;
+      }
+    } catch (_e) {
+      responseJson = {
+        // type: `${ERROR_DOCS_BASE_URL}#internal_server_error`,
+        title: "Internal Server Error",
+        status: error.status,
+        detail: `Error processing request: ${responseText || "Unknown error"}`,
+        code: "internal_server_error",
+        ...requestId && { requestId },
+        error: {
+          code: "internal_server_error",
+          message: "An internal server error occurred"
+        }
+      };
+    }
+    if (error.status >= 500) {
+      getLogger("core").error(
+        {
+          error,
+          status: error.status,
+          message: responseJson.detail || responseJson.error.message,
+          requestId: responseJson.requestId || requestId || "unknown"
+        },
+        "API server error occurred"
+      );
+    } else {
+      getLogger("core").info(
+        {
+          error,
+          status: error.status,
+          code: responseJson.code,
+          message: responseJson.detail || responseJson.error.message,
+          requestId: responseJson.requestId || requestId || "unknown"
+        },
+        "API client error occurred"
+      );
+    }
+    return responseJson;
+  }
+  const errorMessage = error instanceof Error ? error.message : String(error);
+  const errorStack = error instanceof Error ? error.stack : void 0;
+  getLogger("core").error(
+    {
+      error,
+      message: errorMessage,
+      stack: errorStack,
+      status: 500,
+      requestId: requestId || "unknown"
+    },
+    "Unhandled API error occurred"
+  );
+  const sanitizedErrorMessage = error instanceof Error ? error.message.replace(/\b(password|token|key|secret|auth)\b/gi, "[REDACTED]") : "Unknown error";
+  const problemDetails = {
+    // type: `${ERROR_DOCS_BASE_URL}#internal_server_error`,
+    title: "Internal Server Error",
+    status: 500,
+    detail: `Server error occurred: ${sanitizedErrorMessage}`,
+    code: "internal_server_error",
+    ...requestId && { requestId },
+    error: {
+      code: "internal_server_error",
+      message: "An internal server error occurred. Please try again later."
+    }
+  };
+  return problemDetails;
+}
+function getTitleFromCode(code) {
+  switch (code) {
+    case "bad_request":
+      return "Bad Request";
+    case "unauthorized":
+      return "Unauthorized";
+    case "forbidden":
+      return "Forbidden";
+    case "not_found":
+      return "Not Found";
+    case "conflict":
+      return "Conflict";
+    case "unprocessable_entity":
+      return "Unprocessable Entity";
+    case "internal_server_error":
+      return "Internal Server Error";
+    default:
+      return "Error";
+  }
+}
+var toTitleCase = (str) => str?.replace(/\w+/g, (word) => word.charAt(0).toUpperCase() + word.slice(1).toLowerCase()).replace(/\s+/g, "") ?? "";
+var errorSchemaFactory = (code, description) => ({
+  description,
+  content: {
+    "application/problem+json": {
+      schema: problemDetailsSchema.extend({
+        code: z$1.literal(code).openapi({
+          description: "A short code indicating the error code returned.",
+          example: code
+        }),
+        detail: z$1.string().openapi({
+          description: "A detailed explanation specific to this occurrence of the problem, providing context and specifics about what went wrong.",
+          example: description
+        }),
+        title: z$1.string().openapi({
+          description: "A short, human-readable summary of the problem type.",
+          example: getTitleFromCode(code)
+        }),
+        // type: z.string().url().openapi({
+        //   description: "A URI reference that identifies the problem type.",
+        //   example: `${ERROR_DOCS_BASE_URL}#${code}`,
+        // }),
+        status: z$1.number().int().openapi({
+          description: "The HTTP status code.",
+          example: errorCodeToHttpStatus[code]
+        }),
+        error: z$1.object({
+          code: z$1.literal(code).openapi({
+            description: "A short code indicating the error code returned.",
+            example: code
+          }),
+          message: z$1.string().openapi({
+            description: "A concise error message suitable for display to end users. May be truncated if the full detail is long.",
+            example: description.length > 100 ? `${description.substring(0, 97)}...` : description
+          })
+        }).openapi({
+          description: "Legacy error format for backward compatibility."
+        })
+      }).openapi(toTitleCase(description))
+    }
+  }
+});
+var commonCreateErrorResponses = {
+  400: errorSchemaFactory("bad_request", "Bad Request"),
+  401: errorSchemaFactory("unauthorized", "Unauthorized"),
+  403: errorSchemaFactory("forbidden", "Forbidden"),
+  422: errorSchemaFactory("unprocessable_entity", "Unprocessable Entity"),
+  500: errorSchemaFactory("internal_server_error", "Internal Server Error")
+};
+var commonUpdateErrorResponses = {
+  400: errorSchemaFactory("bad_request", "Bad Request"),
+  401: errorSchemaFactory("unauthorized", "Unauthorized"),
+  403: errorSchemaFactory("forbidden", "Forbidden"),
+  404: errorSchemaFactory("not_found", "Not Found"),
+  422: errorSchemaFactory("unprocessable_entity", "Unprocessable Entity"),
+  500: errorSchemaFactory("internal_server_error", "Internal Server Error")
+};
+var commonGetErrorResponses = {
+  400: errorSchemaFactory("bad_request", "Bad Request"),
+  401: errorSchemaFactory("unauthorized", "Unauthorized"),
+  403: errorSchemaFactory("forbidden", "Forbidden"),
+  404: errorSchemaFactory("not_found", "Not Found"),
+  422: errorSchemaFactory("unprocessable_entity", "Unprocessable Entity"),
+  500: errorSchemaFactory("internal_server_error", "Internal Server Error")
+};
+var commonDeleteErrorResponses = {
+  400: errorSchemaFactory("bad_request", "Bad Request"),
+  401: errorSchemaFactory("unauthorized", "Unauthorized"),
+  403: errorSchemaFactory("forbidden", "Forbidden"),
+  404: errorSchemaFactory("not_found", "Not Found"),
+  422: errorSchemaFactory("unprocessable_entity", "Unprocessable Entity"),
+  500: errorSchemaFactory("internal_server_error", "Internal Server Error")
+};
+
+// src/utils/execution.ts
+function createExecutionContext(params) {
+  return {
+    apiKey: params.apiKey,
+    tenantId: params.tenantId,
+    projectId: params.projectId,
+    agentId: params.agentId,
+    baseUrl: params.baseUrl || process.env.API_URL || "http://localhost:3003",
+    apiKeyId: params.apiKeyId
+  };
+}
+function getRequestExecutionContext(c) {
+  const executionContext = c.get("executionContext");
+  if (!executionContext) {
+    throw new Error("No execution context available. API key authentication is required.");
+  }
+  return executionContext;
+}
+var McpClient = class {
+  name;
+  client;
+  timeout;
+  transport;
+  serverConfig;
+  connected = false;
+  constructor(opts) {
+    this.name = opts.name;
+    this.timeout = opts.timeout || DEFAULT_REQUEST_TIMEOUT_MSEC;
+    this.serverConfig = opts.server;
+    this.client = new Client(
+      { name: opts.name, version: opts.version || "1.0.0" },
+      { capabilities: opts.capabilities || {} }
+    );
+  }
+  isConnected() {
+    return this.connected;
+  }
+  async connect() {
+    if (this.connected) return;
+    await match(this.serverConfig).with({ type: MCPTransportType.streamableHttp }, (config) => this.connectHttp(config)).with({ type: MCPTransportType.sse }, (config) => this.connectSSE(config)).exhaustive();
+    this.connected = true;
+    const close = this.client.onclose;
+    this.client.onclose = () => {
+      this.connected = false;
+      if (typeof close === "function") {
+        close();
+      }
+    };
+    asyncExitHook(() => this.disconnect(), { wait: 5e3 });
+    process.on("SIGTERM", () => gracefulExit());
+  }
+  async connectSSE(config) {
+    const url = typeof config.url === "string" ? config.url : config.url.toString();
+    this.transport = new SSEClientTransport(new URL(url), {
+      eventSourceInit: config.eventSourceInit,
+      requestInit: {
+        headers: config.headers || {}
+      }
+    });
+    await this.client.connect(this.transport, {
+      timeout: config.timeout ?? this.timeout
+    });
+  }
+  async connectHttp(config) {
+    const { url, requestInit } = config;
+    const mergedRequestInit = {
+      ...requestInit,
+      headers: {
+        ...requestInit?.headers || {},
+        ...config.headers || {}
+      }
+    };
+    const urlString = typeof url === "string" ? url : url.toString();
+    this.transport = new StreamableHTTPClientTransport(new URL(urlString), {
+      requestInit: mergedRequestInit,
+      reconnectionOptions: {
+        maxRetries: MCP_TOOL_MAX_RETRIES,
+        maxReconnectionDelay: MCP_TOOL_MAX_RECONNECTION_DELAY_MS,
+        initialReconnectionDelay: MCP_TOOL_INITIAL_RECONNECTION_DELAY_MS,
+        reconnectionDelayGrowFactor: MCP_TOOL_RECONNECTION_DELAY_GROWTH_FACTOR,
+        ...config.reconnectionOptions
+      },
+      sessionId: config.sessionId
+    });
+    await this.client.connect(this.transport, { timeout: MCP_TOOL_CONNECTION_TIMEOUT_MS });
+  }
+  async disconnect() {
+    if (!this.transport) {
+      return;
+    }
+    try {
+      await this.transport.close();
+    } catch (e) {
+      console.error(e);
+      throw e;
+    } finally {
+      this.transport = void 0;
+      this.connected = false;
+    }
+  }
+  validateSelectedTools(tools, activeTools) {
+    if (!activeTools) return;
+    for (const item of activeTools) {
+      if (tools.includes(item)) continue;
+      console.warn(`[Tools] Tool ${item} not found in tools`);
+    }
+  }
+  async selectTools() {
+    const { tools } = await this.client.listTools({ timeout: this.timeout });
+    const { selectedTools, activeTools } = this.serverConfig;
+    let availableTools;
+    if (activeTools === void 0) {
+      availableTools = tools;
+    } else if (activeTools.length === 0) {
+      return [];
+    } else {
+      availableTools = tools.filter((tool2) => activeTools.includes(tool2.name));
+    }
+    if (selectedTools === void 0) {
+      return availableTools;
+    }
+    if (selectedTools.length === 0) {
+      return [];
+    }
+    const toolNames = availableTools.map((tool2) => tool2.name);
+    this.validateSelectedTools(toolNames, selectedTools);
+    return availableTools.filter((tool2) => selectedTools.includes(tool2.name));
+  }
+  async tools() {
+    const tools = await this.selectTools();
+    const results = {};
+    for (const def of tools) {
+      try {
+        const createZodSchema = (inputSchema) => {
+          if (!inputSchema || !inputSchema.properties) {
+            return z.object({});
+          }
+          const zodProperties = {};
+          for (const [key, prop] of Object.entries(inputSchema.properties)) {
+            const propDef = prop;
+            let zodType;
+            switch (propDef.type) {
+              case "string":
+                zodType = z.string();
+                break;
+              case "number":
+                zodType = z.number();
+                break;
+              case "boolean":
+                zodType = z.boolean();
+                break;
+              case "array":
+                zodType = z.array(z.any());
+                break;
+              default:
+                zodType = z.any();
+            }
+            if (propDef.description) {
+              zodType = zodType.describe(propDef.description);
+            }
+            const isRequired = inputSchema.required?.includes(key);
+            if (!isRequired) {
+              zodType = zodType.optional();
+            }
+            zodProperties[key] = zodType;
+          }
+          return z.object(zodProperties);
+        };
+        const schema = createZodSchema(def.inputSchema);
+        const createdTool = tool({
+          id: `${this.name}.${def.name}`,
+          description: def.description || "",
+          inputSchema: schema,
+          execute: async (context) => {
+            const result = await this.client.callTool(
+              { name: def.name, arguments: context },
+              CallToolResultSchema,
+              { timeout: this.timeout }
+            );
+            return result;
+          }
+        });
+        if (def.name) {
+          results[def.name] = createdTool;
+        }
+      } catch (e) {
+        console.error(`Error creating tool ${def.name}:`, e);
+      }
+    }
+    return results;
+  }
+};
+var logger2 = getLogger("service-token-auth");
+function getJwtSecret() {
+  const secret = env.INKEEP_AGENTS_JWT_SIGNING_SECRET;
+  const dev_secret = "insecure-dev-secret-change-in-production-min-32-chars";
+  if (!secret) {
+    if (env.ENVIRONMENT === "production") {
+      throw new Error(
+        "INKEEP_AGENTS_JWT_SIGNING_SECRET environment variable is required in production"
+      );
+    }
+    logger2.warn(
+      {},
+      "INKEEP_AGENTS_JWT_SIGNING_SECRET not set, using insecure default. DO NOT USE IN PRODUCTION!"
+    );
+    return new TextEncoder().encode(dev_secret);
+  }
+  return new TextEncoder().encode(secret);
+}
+async function generateServiceToken(params) {
+  const secret = getJwtSecret();
+  try {
+    const token = await new SignJWT({
+      tenantId: params.tenantId,
+      projectId: params.projectId
+    }).setProtectedHeader({ alg: "HS256", typ: "JWT" }).setIssuer("inkeep-agents").setSubject(params.originAgentId).setAudience(params.targetAgentId).setIssuedAt().setExpirationTime("5m").sign(secret);
+    logger2.debug(
+      {
+        originAgentId: params.originAgentId,
+        targetAgentId: params.targetAgentId,
+        tenantId: params.tenantId
+      },
+      "Generated team agent token"
+    );
+    return token;
+  } catch (error) {
+    logger2.error({ error }, "Failed to generate service token");
+    throw new Error("Failed to generate service token");
+  }
+}
+async function verifyServiceToken(token) {
+  const secret = getJwtSecret();
+  try {
+    const { payload } = await jwtVerify(token, secret, {
+      issuer: "inkeep-agents",
+      algorithms: ["HS256"]
+    });
+    if (typeof payload.sub !== "string" || typeof payload.aud !== "string" || typeof payload.tenantId !== "string" || typeof payload.projectId !== "string") {
+      logger2.warn({ payload }, "Invalid service token: missing required claims");
+      return {
+        valid: false,
+        error: "Invalid token: missing required claims"
+      };
+    }
+    const validPayload = {
+      iss: payload.iss,
+      aud: payload.aud,
+      sub: payload.sub,
+      tenantId: payload.tenantId,
+      projectId: payload.projectId,
+      iat: payload.iat,
+      exp: payload.exp
+    };
+    logger2.debug(
+      {
+        originAgentId: validPayload.sub,
+        targetAgentId: validPayload.aud,
+        tenantId: validPayload.tenantId
+      },
+      "Successfully verified team agent token"
+    );
+    return {
+      valid: true,
+      payload: validPayload
+    };
+  } catch (error) {
+    if (error instanceof Error) {
+      logger2.warn({ error: error.message }, "Team agent token verification failed");
+      return {
+        valid: false,
+        error: error.message
+      };
+    }
+    logger2.warn({ error }, "Team agent token verification failed with unknown error");
+    return {
+      valid: false,
+      error: "Token verification failed"
+    };
+  }
+}
+function validateTenantId(payload, expectedTenantId) {
+  if (payload.tenantId !== expectedTenantId) {
+    logger2.warn(
+      {
+        tokenTenantId: payload.tenantId,
+        expectedTenantId,
+        originAgentId: payload.sub,
+        targetAgentId: payload.aud
+      },
+      "Cross-tenant delegation attempt detected"
+    );
+    return false;
+  }
+  return true;
+}
+function validateTargetAgent(payload, expectedTargetAgentId) {
+  if (payload.aud !== expectedTargetAgentId) {
+    logger2.warn(
+      {
+        tokenTargetAgentId: payload.aud,
+        expectedTargetAgentId,
+        originAgentId: payload.sub
+      },
+      "Token target agent mismatch"
+    );
+    return false;
+  }
+  return true;
+}
+async function verifyAuthorizationHeader(authHeader) {
+  if (!authHeader) {
+    return {
+      valid: false,
+      error: "Missing Authorization header"
+    };
+  }
+  if (!authHeader.startsWith("Bearer ")) {
+    return {
+      valid: false,
+      error: "Invalid Authorization header format. Expected: Bearer <token>"
+    };
+  }
+  const token = authHeader.substring(7);
+  if (!token) {
+    return {
+      valid: false,
+      error: "Empty token in Authorization header"
+    };
+  }
+  return verifyServiceToken(token);
+}
+var logger3 = getLogger("tracer");
+var createNoOpSpan = () => ({
+  setAttributes: () => ({}),
+  recordException: () => ({}),
+  setStatus: () => ({}),
+  addEvent: () => ({}),
+  end: () => {
+  },
+  isRecording: () => false,
+  setAttribute: () => ({}),
+  updateName: () => ({}),
+  spanContext: () => ({
+    traceId: "00000000000000000000000000000000",
+    spanId: "0000000000000000",
+    traceFlags: 0
+  }),
+  addLink: () => ({}),
+  addLinks: () => ({})
+});
+var noopTracer = {
+  startActiveSpan(_name, arg1, arg2, arg3) {
+    const fn = typeof arg1 === "function" ? arg1 : typeof arg2 === "function" ? arg2 : arg3;
+    if (!fn) throw new Error("No callback function provided");
+    return fn(createNoOpSpan());
+  },
+  startSpan(_name, _options) {
+    return createNoOpSpan();
+  }
+};
+function setSpanWithError(span, error, logger4, logMessage) {
+  span.recordException(error);
+  span.setStatus({
+    code: SpanStatusCode.ERROR,
+    message: error.message
+  });
+  if (logger4 && logMessage) {
+    logger4.error({ error: error.message }, logMessage);
+  }
+}
+function getTracer(serviceName, serviceVersion) {
+  try {
+    return trace.getTracer(serviceName, serviceVersion);
+  } catch (_error) {
+    logger3.debug({}, "OpenTelemetry tracer not available, using no-op tracer");
+    return noopTracer;
+  }
+}
+var FILENAME = fileURLToPath(import.meta.url);
+var DIRNAME = dirname(FILENAME);
+async function createTestDatabaseClient(drizzleDir) {
+  const client = new PGlite();
+  const db = drizzle(client, { schema: schema_exports });
+  try {
+    if (!drizzleDir) {
+      drizzleDir = join(DIRNAME, "../../drizzle");
+    }
+    await migrate(db, { migrationsFolder: drizzleDir });
+  } catch (error) {
+    console.error("Failed to initialize test database schema:", error);
+    throw error;
+  }
+  return db;
+}
+async function cleanupTestDatabase(db) {
+  try {
+    const result = await db.execute(
+      sql.raw(`
+      SELECT tablename 
+      FROM pg_tables 
+      WHERE schemaname = 'public'
+    `)
+    );
+    const tables = result.rows.map((row) => row.tablename);
+    if (tables.length === 0) {
+      return;
+    }
+    const tableList = tables.map((t) => `"${t}"`).join(", ");
+    await db.execute(sql.raw(`TRUNCATE TABLE ${tableList} RESTART IDENTITY CASCADE`));
+  } catch (error) {
+    console.debug("Could not clean test database:", error);
+  }
+}
+async function closeTestDatabase(db) {
+  try {
+    if ("close" in db && typeof db.close === "function") {
+      db.close();
+    }
+  } catch (error) {
+    console.debug("Error closing database:", error);
+  }
+}
+async function createTestOrganization(db, tenantId) {
+  const slug = tenantId.replace(/^test-tenant-/, "").substring(0, 50);
+  await db.insert(organization).values({
+    id: tenantId,
+    name: `Test Organization ${tenantId}`,
+    slug,
+    createdAt: /* @__PURE__ */ new Date(),
+    metadata: null
+  }).onConflictDoNothing();
+}
+async function createTestProject(db, tenantId, projectId = "default") {
+  await createTestOrganization(db, tenantId);
+  await db.insert(projects).values({
+    tenantId,
+    id: projectId,
+    name: `Test Project ${projectId}`,
+    description: `Test project for ${projectId}`
+  }).onConflictDoNothing();
+}
+
+export { CONVERSATION_HISTORY_DEFAULT_LIMIT, CONVERSATION_HISTORY_MAX_OUTPUT_TOKENS_DEFAULT, ERROR_DOCS_BASE_URL, ErrorCode, MCP_TOOL_CONNECTION_TIMEOUT_MS, MCP_TOOL_INITIAL_RECONNECTION_DELAY_MS, MCP_TOOL_MAX_RECONNECTION_DELAY_MS, MCP_TOOL_MAX_RETRIES, MCP_TOOL_RECONNECTION_DELAY_GROWTH_FACTOR, McpClient, cleanupTestDatabase, closeTestDatabase, commonCreateErrorResponses, commonDeleteErrorResponses, commonGetErrorResponses, commonUpdateErrorResponses, createApiError, createExecutionContext, createTestDatabaseClient, createTestOrganization, createTestProject, env, errorResponseSchema, errorSchemaFactory, executionLimitsSharedDefaults, extractPublicId, generateApiKey, generateId, generateServiceToken, getConversationId, getCredentialStoreLookupKeyFromRetrievalParams, getRequestExecutionContext, getTracer, handleApiError, hashApiKey, isApiKeyExpired, loadEnvironmentFiles, maskApiKey, normalizeDateString, problemDetailsSchema, setSpanWithError, validateApiKey, validateTargetAgent, validateTenantId, verifyAuthorizationHeader, verifyServiceToken };