@inkeep/agents-core 0.35.1 → 0.35.3

package/dist/chunk-4JZT4QEE.js

@@ -0,0 +1,162 @@
+import { registerClient, startAuthorization, exchangeAuthorization, discoverOAuthProtectedResourceMetadata, discoverAuthorizationServerMetadata } from '@modelcontextprotocol/sdk/client/auth.js';
+
+// src/utils/auth-detection.ts
+function discoverScopes(resourceMetadata, metadata) {
+  const resourceScopes = resourceMetadata?.scopes_supported;
+  const oauthScopes = metadata?.scopes_supported;
+  const scopes = (resourceScopes?.length ? resourceScopes : oauthScopes) || [];
+  return scopes.length > 0 ? scopes.join(" ") : void 0;
+}
+async function discoverMcpMetadata(mcpServerUrl, logger) {
+  try {
+    let resourceMetadata = null;
+    let authServerUrl = new URL(mcpServerUrl);
+    try {
+      resourceMetadata = await discoverOAuthProtectedResourceMetadata(mcpServerUrl);
+      if (resourceMetadata?.authorization_servers?.length && resourceMetadata.authorization_servers[0]) {
+        authServerUrl = new URL(resourceMetadata.authorization_servers[0]);
+      }
+    } catch {
+    }
+    const metadata = await discoverAuthorizationServerMetadata(authServerUrl.href);
+    if (!metadata) {
+      throw new Error("Failed to discover OAuth authorization server metadata");
+    }
+    logger?.debug(
+      {
+        tokenEndpoint: metadata.token_endpoint,
+        authEndpoint: metadata.authorization_endpoint
+      },
+      "MCP metadata discovery successful"
+    );
+    const discoveredScopes = discoverScopes(resourceMetadata ?? void 0, metadata);
+    return {
+      success: true,
+      metadata,
+      ...resourceMetadata && { resourceMetadata },
+      ...discoveredScopes && { scopes: discoveredScopes }
+    };
+  } catch (err) {
+    const errorMessage = err instanceof Error ? err.message : String(err);
+    logger?.debug({ error: errorMessage }, "MCP metadata discovery failed");
+    return { success: false, error: errorMessage };
+  }
+}
+async function initiateMcpOAuthFlow({
+  mcpServerUrl,
+  redirectUri,
+  state,
+  clientName = "Inkeep Agent Framework",
+  clientUri = "https://inkeep.com",
+  logoUri,
+  defaultClientId = "mcp-client",
+  logger
+}) {
+  const discoveryResult = await discoverMcpMetadata(mcpServerUrl, logger);
+  if (!discoveryResult.success || !discoveryResult.metadata) {
+    throw new Error(`OAuth not supported by this server: ${discoveryResult.error}`);
+  }
+  const { metadata, resourceMetadata, scopes: discoveredScopes } = discoveryResult;
+  const clientMetadata = {
+    redirect_uris: [redirectUri],
+    token_endpoint_auth_method: "none",
+    // PKCE - no client secret
+    grant_types: ["authorization_code", "refresh_token"],
+    response_types: ["code"],
+    client_name: clientName,
+    client_uri: clientUri,
+    ...logoUri && { logo_uri: logoUri }
+  };
+  let clientInformation;
+  if (metadata.registration_endpoint) {
+    clientInformation = await registerClient(mcpServerUrl, {
+      metadata,
+      clientMetadata
+    });
+  } else {
+    clientInformation = {
+      client_id: defaultClientId,
+      ...clientMetadata
+    };
+  }
+  const resource = resourceMetadata?.resource ? new globalThis.URL(resourceMetadata.resource) : void 0;
+  const authResult = await startAuthorization(mcpServerUrl, {
+    metadata,
+    clientInformation,
+    redirectUrl: redirectUri,
+    state,
+    scope: discoveredScopes || "",
+    ...resource && { resource }
+  });
+  logger?.debug(
+    {
+      authorizationUrl: authResult.authorizationUrl.href,
+      scopes: discoveredScopes,
+      clientId: clientInformation.client_id
+    },
+    "MCP OAuth flow initiated successfully"
+  );
+  return {
+    authorizationUrl: authResult.authorizationUrl.href,
+    codeVerifier: authResult.codeVerifier,
+    state,
+    clientInformation,
+    metadata,
+    resourceUrl: resource?.href || void 0,
+    ...discoveredScopes && { scopes: discoveredScopes }
+  };
+}
+async function exchangeMcpAuthorizationCode({
+  mcpServerUrl,
+  metadata,
+  clientInformation,
+  authorizationCode,
+  codeVerifier,
+  redirectUri,
+  resourceUrl,
+  logger
+}) {
+  const resource = resourceUrl ? new globalThis.URL(resourceUrl) : void 0;
+  const tokens = await exchangeAuthorization(mcpServerUrl, {
+    metadata,
+    clientInformation,
+    authorizationCode,
+    codeVerifier,
+    redirectUri,
+    ...resource && { resource }
+  });
+  logger?.debug(
+    {
+      tokenType: tokens.token_type,
+      hasRefreshToken: !!tokens.refresh_token,
+      expiresIn: tokens.expires_in
+    },
+    "MCP token exchange successful"
+  );
+  return {
+    access_token: tokens.access_token,
+    refresh_token: tokens.refresh_token,
+    expires_at: tokens.expires_in ? new Date(Date.now() + tokens.expires_in * 1e3) : void 0,
+    token_type: tokens.token_type || "Bearer",
+    scope: tokens.scope
+  };
+}
+var detectAuthenticationRequired = async ({
+  serverUrl,
+  error,
+  logger
+}) => {
+  try {
+    const discoveryResult = await discoverMcpMetadata(serverUrl, logger);
+    if (discoveryResult.success && discoveryResult.metadata) {
+      logger?.info({ serverUrl }, "MCP OAuth support confirmed via metadata discovery");
+      return true;
+    }
+  } catch (discoveryError) {
+    logger?.debug({ discoveryError }, "MCP OAuth metadata discovery failed");
+  }
+  logger?.debug({ error: error?.message }, "No MCP OAuth authentication requirement detected");
+  return false;
+};
+
+export { detectAuthenticationRequired, exchangeMcpAuthorizationCode, initiateMcpOAuthFlow };

package/dist/chunk-F5WWOOIX.js

@@ -0,0 +1,62 @@
+import { createAccessControl } from 'better-auth/plugins/access';
+import { defaultStatements, adminAc } from 'better-auth/plugins/organization/access';
+
+// src/auth/permissions.ts
+var statement = {
+  ...defaultStatements,
+  project: ["create", "read", "update", "delete"],
+  agent: ["create", "read", "update", "delete"],
+  sub_agent: ["create", "read", "update", "delete"],
+  tool: ["create", "read", "update", "delete"],
+  api_key: ["create", "read", "update", "delete"],
+  credential: ["create", "read", "update", "delete"],
+  data_component: ["create", "read", "update", "delete"],
+  artifact_component: ["create", "read", "update", "delete"],
+  external_agent: ["create", "read", "update", "delete"],
+  function: ["create", "read", "update", "delete"],
+  context_config: ["create", "read", "update", "delete"]
+};
+var ac = createAccessControl(statement);
+var memberRole = ac.newRole({
+  project: ["read"],
+  agent: ["read"],
+  sub_agent: ["read"],
+  tool: ["read"],
+  api_key: ["read"],
+  credential: ["read"],
+  data_component: ["read"],
+  artifact_component: ["read"],
+  external_agent: ["read"],
+  function: ["read"],
+  context_config: ["read"]
+});
+var adminRole = ac.newRole({
+  project: ["create", "read", "update"],
+  agent: ["create", "read", "update"],
+  sub_agent: ["create", "read", "update"],
+  tool: ["create", "read", "update"],
+  api_key: ["create", "read", "update"],
+  credential: ["create", "read", "update"],
+  data_component: ["create", "read", "update"],
+  artifact_component: ["create", "read", "update"],
+  external_agent: ["create", "read", "update"],
+  function: ["create", "read", "update"],
+  context_config: ["create", "read", "update"],
+  ...adminAc.statements
+});
+var ownerRole = ac.newRole({
+  project: ["create", "read", "update", "delete"],
+  agent: ["create", "read", "update", "delete"],
+  sub_agent: ["create", "read", "update", "delete"],
+  tool: ["create", "read", "update", "delete"],
+  api_key: ["create", "read", "update", "delete"],
+  credential: ["create", "read", "update", "delete"],
+  data_component: ["create", "read", "update", "delete"],
+  artifact_component: ["create", "read", "update", "delete"],
+  external_agent: ["create", "read", "update", "delete"],
+  function: ["create", "read", "update", "delete"],
+  context_config: ["create", "read", "update", "delete"],
+  ...adminAc.statements
+});
+
+export { ac, adminRole, memberRole, ownerRole };

package/dist/{chunk-YZ5ZBVHJ.js → chunk-NFYCSHD3.js}

@@ -1,6 +1,7 @@
+import { verification, user, ssoProvider, session, organization, member, invitation, account } from './chunk-NOPEANIU.js';
 import { __export } from './chunk-SIAA4J6H.js';
 import { relations } from 'drizzle-orm';
-import { pgTable, timestamp, text, boolean, varchar, jsonb, primaryKey, foreignKey, integer, index, unique } from 'drizzle-orm/pg-core';
+import { pgTable, varchar, text, timestamp, jsonb, primaryKey, foreignKey, integer, index, unique } from 'drizzle-orm/pg-core';
 
 // src/db/schema.ts
 var schema_exports = {};
@@ -64,85 +65,6 @@ __export(schema_exports, {
   user: () => user,
   verification: () => verification
 });
-var user = pgTable("user", {
-  id: text("id").primaryKey(),
-  name: text("name").notNull(),
-  email: text("email").notNull().unique(),
-  emailVerified: boolean("email_verified").default(false).notNull(),
-  image: text("image"),
-  createdAt: timestamp("created_at").defaultNow().notNull(),
-  updatedAt: timestamp("updated_at").defaultNow().$onUpdate(() => /* @__PURE__ */ new Date()).notNull()
-});
-var session = pgTable("session", {
-  id: text("id").primaryKey(),
-  expiresAt: timestamp("expires_at").notNull(),
-  token: text("token").notNull().unique(),
-  createdAt: timestamp("created_at").defaultNow().notNull(),
-  updatedAt: timestamp("updated_at").$onUpdate(() => /* @__PURE__ */ new Date()).notNull(),
-  ipAddress: text("ip_address"),
-  userAgent: text("user_agent"),
-  userId: text("user_id").notNull().references(() => user.id, { onDelete: "cascade" }),
-  activeOrganizationId: text("active_organization_id")
-});
-var account = pgTable("account", {
-  id: text("id").primaryKey(),
-  accountId: text("account_id").notNull(),
-  providerId: text("provider_id").notNull(),
-  userId: text("user_id").notNull().references(() => user.id, { onDelete: "cascade" }),
-  accessToken: text("access_token"),
-  refreshToken: text("refresh_token"),
-  idToken: text("id_token"),
-  accessTokenExpiresAt: timestamp("access_token_expires_at"),
-  refreshTokenExpiresAt: timestamp("refresh_token_expires_at"),
-  scope: text("scope"),
-  password: text("password"),
-  createdAt: timestamp("created_at").defaultNow().notNull(),
-  updatedAt: timestamp("updated_at").$onUpdate(() => /* @__PURE__ */ new Date()).notNull()
-});
-var verification = pgTable("verification", {
-  id: text("id").primaryKey(),
-  identifier: text("identifier").notNull(),
-  value: text("value").notNull(),
-  expiresAt: timestamp("expires_at").notNull(),
-  createdAt: timestamp("created_at").defaultNow().notNull(),
-  updatedAt: timestamp("updated_at").defaultNow().$onUpdate(() => /* @__PURE__ */ new Date()).notNull()
-});
-var ssoProvider = pgTable("sso_provider", {
-  id: text("id").primaryKey(),
-  issuer: text("issuer").notNull(),
-  oidcConfig: text("oidc_config"),
-  samlConfig: text("saml_config"),
-  userId: text("user_id").references(() => user.id, { onDelete: "cascade" }),
-  providerId: text("provider_id").notNull().unique(),
-  organizationId: text("organization_id"),
-  domain: text("domain").notNull()
-});
-var organization = pgTable("organization", {
-  id: text("id").primaryKey(),
-  name: text("name").notNull(),
-  slug: text("slug").notNull().unique(),
-  logo: text("logo"),
-  createdAt: timestamp("created_at").notNull(),
-  metadata: text("metadata")
-});
-var member = pgTable("member", {
-  id: text("id").primaryKey(),
-  organizationId: text("organization_id").notNull().references(() => organization.id, { onDelete: "cascade" }),
-  userId: text("user_id").notNull().references(() => user.id, { onDelete: "cascade" }),
-  role: text("role").default("member").notNull(),
-  createdAt: timestamp("created_at").notNull()
-});
-var invitation = pgTable("invitation", {
-  id: text("id").primaryKey(),
-  organizationId: text("organization_id").notNull().references(() => organization.id, { onDelete: "cascade" }),
-  email: text("email").notNull(),
-  role: text("role"),
-  status: text("status").default("pending").notNull(),
-  expiresAt: timestamp("expires_at").notNull(),
-  inviterId: text("inviter_id").notNull().references(() => user.id, { onDelete: "cascade" })
-});
-
-// src/db/schema.ts
 var tenantScoped = {
   tenantId: varchar("tenant_id", { length: 256 }).notNull(),
   id: varchar("id", { length: 256 }).notNull()
@@ -1090,4 +1012,4 @@ var subAgentTeamAgentRelationsRelations = relations(
   })
 );
 
-export { account, agentRelations, agentToolRelationsRelations, agents, apiKeys, apiKeysRelations, artifactComponents, artifactComponentsRelations, contextCache, contextCacheRelations, contextConfigs, contextConfigsRelations, conversations, conversationsRelations, credentialReferences, credentialReferencesRelations, dataComponents, dataComponentsRelations, externalAgents, externalAgentsRelations, functionTools, functionToolsRelations, functions, functionsRelations, invitation, ledgerArtifacts, ledgerArtifactsRelations, member, messages, messagesRelations, organization, projects, projectsRelations, schema_exports, session, ssoProvider, subAgentArtifactComponents, subAgentArtifactComponentsRelations, subAgentDataComponents, subAgentDataComponentsRelations, subAgentExternalAgentRelations, subAgentExternalAgentRelationsRelations, subAgentFunctionToolRelations, subAgentFunctionToolRelationsRelations, subAgentRelations, subAgentRelationsRelations, subAgentTeamAgentRelations, subAgentTeamAgentRelationsRelations, subAgentToolRelations, subAgents, subAgentsRelations, taskRelations, taskRelationsRelations, tasks, tasksRelations, tools, toolsRelations, user, verification };
+export { agentRelations, agentToolRelationsRelations, agents, apiKeys, apiKeysRelations, artifactComponents, artifactComponentsRelations, contextCache, contextCacheRelations, contextConfigs, contextConfigsRelations, conversations, conversationsRelations, credentialReferences, credentialReferencesRelations, dataComponents, dataComponentsRelations, externalAgents, externalAgentsRelations, functionTools, functionToolsRelations, functions, functionsRelations, ledgerArtifacts, ledgerArtifactsRelations, messages, messagesRelations, projects, projectsRelations, schema_exports, subAgentArtifactComponents, subAgentArtifactComponentsRelations, subAgentDataComponents, subAgentDataComponentsRelations, subAgentExternalAgentRelations, subAgentExternalAgentRelationsRelations, subAgentFunctionToolRelations, subAgentFunctionToolRelationsRelations, subAgentRelations, subAgentRelationsRelations, subAgentTeamAgentRelations, subAgentTeamAgentRelationsRelations, subAgentToolRelations, subAgents, subAgentsRelations, taskRelations, taskRelationsRelations, tasks, tasksRelations, tools, toolsRelations };

package/dist/chunk-NOPEANIU.js

@@ -0,0 +1,82 @@
+import { pgTable, timestamp, text, boolean } from 'drizzle-orm/pg-core';
+
+// src/auth/auth-schema.ts
+var user = pgTable("user", {
+  id: text("id").primaryKey(),
+  name: text("name").notNull(),
+  email: text("email").notNull().unique(),
+  emailVerified: boolean("email_verified").default(false).notNull(),
+  image: text("image"),
+  createdAt: timestamp("created_at").defaultNow().notNull(),
+  updatedAt: timestamp("updated_at").defaultNow().$onUpdate(() => /* @__PURE__ */ new Date()).notNull()
+});
+var session = pgTable("session", {
+  id: text("id").primaryKey(),
+  expiresAt: timestamp("expires_at").notNull(),
+  token: text("token").notNull().unique(),
+  createdAt: timestamp("created_at").defaultNow().notNull(),
+  updatedAt: timestamp("updated_at").$onUpdate(() => /* @__PURE__ */ new Date()).notNull(),
+  ipAddress: text("ip_address"),
+  userAgent: text("user_agent"),
+  userId: text("user_id").notNull().references(() => user.id, { onDelete: "cascade" }),
+  activeOrganizationId: text("active_organization_id")
+});
+var account = pgTable("account", {
+  id: text("id").primaryKey(),
+  accountId: text("account_id").notNull(),
+  providerId: text("provider_id").notNull(),
+  userId: text("user_id").notNull().references(() => user.id, { onDelete: "cascade" }),
+  accessToken: text("access_token"),
+  refreshToken: text("refresh_token"),
+  idToken: text("id_token"),
+  accessTokenExpiresAt: timestamp("access_token_expires_at"),
+  refreshTokenExpiresAt: timestamp("refresh_token_expires_at"),
+  scope: text("scope"),
+  password: text("password"),
+  createdAt: timestamp("created_at").defaultNow().notNull(),
+  updatedAt: timestamp("updated_at").$onUpdate(() => /* @__PURE__ */ new Date()).notNull()
+});
+var verification = pgTable("verification", {
+  id: text("id").primaryKey(),
+  identifier: text("identifier").notNull(),
+  value: text("value").notNull(),
+  expiresAt: timestamp("expires_at").notNull(),
+  createdAt: timestamp("created_at").defaultNow().notNull(),
+  updatedAt: timestamp("updated_at").defaultNow().$onUpdate(() => /* @__PURE__ */ new Date()).notNull()
+});
+var ssoProvider = pgTable("sso_provider", {
+  id: text("id").primaryKey(),
+  issuer: text("issuer").notNull(),
+  oidcConfig: text("oidc_config"),
+  samlConfig: text("saml_config"),
+  userId: text("user_id").references(() => user.id, { onDelete: "cascade" }),
+  providerId: text("provider_id").notNull().unique(),
+  organizationId: text("organization_id"),
+  domain: text("domain").notNull()
+});
+var organization = pgTable("organization", {
+  id: text("id").primaryKey(),
+  name: text("name").notNull(),
+  slug: text("slug").notNull().unique(),
+  logo: text("logo"),
+  createdAt: timestamp("created_at").notNull(),
+  metadata: text("metadata")
+});
+var member = pgTable("member", {
+  id: text("id").primaryKey(),
+  organizationId: text("organization_id").notNull().references(() => organization.id, { onDelete: "cascade" }),
+  userId: text("user_id").notNull().references(() => user.id, { onDelete: "cascade" }),
+  role: text("role").default("member").notNull(),
+  createdAt: timestamp("created_at").notNull()
+});
+var invitation = pgTable("invitation", {
+  id: text("id").primaryKey(),
+  organizationId: text("organization_id").notNull().references(() => organization.id, { onDelete: "cascade" }),
+  email: text("email").notNull(),
+  role: text("role"),
+  status: text("status").default("pending").notNull(),
+  expiresAt: timestamp("expires_at").notNull(),
+  inviterId: text("inviter_id").notNull().references(() => user.id, { onDelete: "cascade" })
+});
+
+export { account, invitation, member, organization, session, ssoProvider, user, verification };

package/dist/{chunk-J5AHY6M2.js → chunk-SPRTYWRV.js}

@@ -1,4 +1,4 @@
-import { AgentWithinContextOfProjectSchema, resourceIdSchema, MAX_ID_LENGTH } from './chunk-DYGTCLJO.js';
+import { AgentWithinContextOfProjectSchema, resourceIdSchema, MAX_ID_LENGTH } from './chunk-VBCCPAZK.js';
 import { z } from 'zod';
 
 // src/validation/cycleDetection.ts

package/dist/{chunk-OP3KPT4T.js → chunk-TGESM3JG.js}

@@ -1,5 +1,3 @@
-import { registerClient, startAuthorization, exchangeAuthorization, discoverOAuthProtectedResourceMetadata, discoverAuthorizationServerMetadata } from '@modelcontextprotocol/sdk/client/auth.js';
-
 // src/constants/otel-attributes.ts
 var DELEGATION_FROM_SUB_AGENT_ID = "delegation.from_sub_agent_id";
 var DELEGATION_TO_SUB_AGENT_ID = "delegation.to_sub_agent_id";
@@ -281,162 +279,5 @@ var QUERY_DEFAULTS = {
   LIMIT_UNLIMITED: 1e4,
   EMPTY_GROUP_BY: []
 };
-function discoverScopes(resourceMetadata, metadata) {
-  const resourceScopes = resourceMetadata?.scopes_supported;
-  const oauthScopes = metadata?.scopes_supported;
-  const scopes = (resourceScopes?.length ? resourceScopes : oauthScopes) || [];
-  return scopes.length > 0 ? scopes.join(" ") : void 0;
-}
-async function discoverMcpMetadata(mcpServerUrl, logger) {
-  try {
-    let resourceMetadata = null;
-    let authServerUrl = new URL(mcpServerUrl);
-    try {
-      resourceMetadata = await discoverOAuthProtectedResourceMetadata(mcpServerUrl);
-      if (resourceMetadata?.authorization_servers?.length && resourceMetadata.authorization_servers[0]) {
-        authServerUrl = new URL(resourceMetadata.authorization_servers[0]);
-      }
-    } catch {
-    }
-    const metadata = await discoverAuthorizationServerMetadata(authServerUrl.href);
-    if (!metadata) {
-      throw new Error("Failed to discover OAuth authorization server metadata");
-    }
-    logger?.debug(
-      {
-        tokenEndpoint: metadata.token_endpoint,
-        authEndpoint: metadata.authorization_endpoint
-      },
-      "MCP metadata discovery successful"
-    );
-    const discoveredScopes = discoverScopes(resourceMetadata ?? void 0, metadata);
-    return {
-      success: true,
-      metadata,
-      ...resourceMetadata && { resourceMetadata },
-      ...discoveredScopes && { scopes: discoveredScopes }
-    };
-  } catch (err) {
-    const errorMessage = err instanceof Error ? err.message : String(err);
-    logger?.debug({ error: errorMessage }, "MCP metadata discovery failed");
-    return { success: false, error: errorMessage };
-  }
-}
-async function initiateMcpOAuthFlow({
-  mcpServerUrl,
-  redirectUri,
-  state,
-  clientName = "Inkeep Agent Framework",
-  clientUri = "https://inkeep.com",
-  logoUri,
-  defaultClientId = "mcp-client",
-  logger
-}) {
-  const discoveryResult = await discoverMcpMetadata(mcpServerUrl, logger);
-  if (!discoveryResult.success || !discoveryResult.metadata) {
-    throw new Error(`OAuth not supported by this server: ${discoveryResult.error}`);
-  }
-  const { metadata, resourceMetadata, scopes: discoveredScopes } = discoveryResult;
-  const clientMetadata = {
-    redirect_uris: [redirectUri],
-    token_endpoint_auth_method: "none",
-    // PKCE - no client secret
-    grant_types: ["authorization_code", "refresh_token"],
-    response_types: ["code"],
-    client_name: clientName,
-    client_uri: clientUri,
-    ...logoUri && { logo_uri: logoUri }
-  };
-  let clientInformation;
-  if (metadata.registration_endpoint) {
-    clientInformation = await registerClient(mcpServerUrl, {
-      metadata,
-      clientMetadata
-    });
-  } else {
-    clientInformation = {
-      client_id: defaultClientId,
-      ...clientMetadata
-    };
-  }
-  const resource = resourceMetadata?.resource ? new globalThis.URL(resourceMetadata.resource) : void 0;
-  const authResult = await startAuthorization(mcpServerUrl, {
-    metadata,
-    clientInformation,
-    redirectUrl: redirectUri,
-    state,
-    scope: discoveredScopes || "",
-    ...resource && { resource }
-  });
-  logger?.debug(
-    {
-      authorizationUrl: authResult.authorizationUrl.href,
-      scopes: discoveredScopes,
-      clientId: clientInformation.client_id
-    },
-    "MCP OAuth flow initiated successfully"
-  );
-  return {
-    authorizationUrl: authResult.authorizationUrl.href,
-    codeVerifier: authResult.codeVerifier,
-    state,
-    clientInformation,
-    metadata,
-    resourceUrl: resource?.href || void 0,
-    ...discoveredScopes && { scopes: discoveredScopes }
-  };
-}
-async function exchangeMcpAuthorizationCode({
-  mcpServerUrl,
-  metadata,
-  clientInformation,
-  authorizationCode,
-  codeVerifier,
-  redirectUri,
-  resourceUrl,
-  logger
-}) {
-  const resource = resourceUrl ? new globalThis.URL(resourceUrl) : void 0;
-  const tokens = await exchangeAuthorization(mcpServerUrl, {
-    metadata,
-    clientInformation,
-    authorizationCode,
-    codeVerifier,
-    redirectUri,
-    ...resource && { resource }
-  });
-  logger?.debug(
-    {
-      tokenType: tokens.token_type,
-      hasRefreshToken: !!tokens.refresh_token,
-      expiresIn: tokens.expires_in
-    },
-    "MCP token exchange successful"
-  );
-  return {
-    access_token: tokens.access_token,
-    refresh_token: tokens.refresh_token,
-    expires_at: tokens.expires_in ? new Date(Date.now() + tokens.expires_in * 1e3) : void 0,
-    token_type: tokens.token_type || "Bearer",
-    scope: tokens.scope
-  };
-}
-var detectAuthenticationRequired = async ({
-  serverUrl,
-  error,
-  logger
-}) => {
-  try {
-    const discoveryResult = await discoverMcpMetadata(serverUrl, logger);
-    if (discoveryResult.success && discoveryResult.metadata) {
-      logger?.info({ serverUrl }, "MCP OAuth support confirmed via metadata discovery");
-      return true;
-    }
-  } catch (discoveryError) {
-    logger?.debug({ discoveryError }, "MCP OAuth metadata discovery failed");
-  }
-  logger?.debug({ error: error?.message }, "No MCP OAuth authentication requirement detected");
-  return false;
-};
 
-export { ACTIVITY_NAMES, ACTIVITY_STATUS, ACTIVITY_TYPES, AGENT_IDS, AGGREGATE_OPERATORS, AI_OPERATIONS, AI_TOOL_TYPES, DATA_SOURCES, DATA_TYPES, DELEGATION_FROM_SUB_AGENT_ID, DELEGATION_ID, DELEGATION_TO_SUB_AGENT_ID, FIELD_TYPES, OPERATORS, ORDER_DIRECTIONS, PANEL_TYPES, QUERY_DEFAULTS, QUERY_EXPRESSIONS, QUERY_FIELD_CONFIGS, QUERY_TYPES, REDUCE_OPERATIONS, SPAN_KEYS, SPAN_NAMES, TRANSFER_FROM_SUB_AGENT_ID, TRANSFER_TO_SUB_AGENT_ID, UNKNOWN_VALUE, detectAuthenticationRequired, exchangeMcpAuthorizationCode, initiateMcpOAuthFlow };
+export { ACTIVITY_NAMES, ACTIVITY_STATUS, ACTIVITY_TYPES, AGENT_IDS, AGGREGATE_OPERATORS, AI_OPERATIONS, AI_TOOL_TYPES, DATA_SOURCES, DATA_TYPES, DELEGATION_FROM_SUB_AGENT_ID, DELEGATION_ID, DELEGATION_TO_SUB_AGENT_ID, FIELD_TYPES, OPERATORS, ORDER_DIRECTIONS, PANEL_TYPES, QUERY_DEFAULTS, QUERY_EXPRESSIONS, QUERY_FIELD_CONFIGS, QUERY_TYPES, REDUCE_OPERATIONS, SPAN_KEYS, SPAN_NAMES, TRANSFER_FROM_SUB_AGENT_ID, TRANSFER_TO_SUB_AGENT_ID, UNKNOWN_VALUE };

package/dist/{chunk-DYGTCLJO.js → chunk-VBCCPAZK.js}

@@ -1,5 +1,5 @@
-import { subAgents, subAgentRelations, agents, tasks, taskRelations, conversations, messages, contextCache, dataComponents, subAgentDataComponents, artifactComponents, subAgentArtifactComponents, externalAgents, apiKeys, credentialReferences, tools, functionTools, functions, contextConfigs, subAgentToolRelations, subAgentExternalAgentRelations, subAgentTeamAgentRelations, ledgerArtifacts, projects } from './chunk-YZ5ZBVHJ.js';
 import { VALID_RELATION_TYPES, MCPTransportType, TOOL_STATUS_VALUES, CredentialStoreType, MCPServerType } from './chunk-YFHT5M2R.js';
+import { subAgents, subAgentRelations, agents, tasks, taskRelations, conversations, messages, contextCache, dataComponents, subAgentDataComponents, artifactComponents, subAgentArtifactComponents, externalAgents, apiKeys, credentialReferences, tools, functionTools, functions, contextConfigs, subAgentToolRelations, subAgentExternalAgentRelations, subAgentTeamAgentRelations, ledgerArtifacts, projects } from './chunk-NFYCSHD3.js';
 import { z } from '@hono/zod-openapi';
 import { createSelectSchema as createSelectSchema$1, createInsertSchema as createInsertSchema$1 } from 'drizzle-zod';
 import Ajv from 'ajv';