@inkeep/agents-core 0.35.3 → 0.35.4

package/dist/chunk-KMLLKRUY.js

@@ -0,0 +1,38 @@
+import { schemaValidationDefaults } from './chunk-Z64UK4CA.js';
+import { loadEnvironmentFiles } from './chunk-4RVJB4KV.js';
+import { z } from 'zod';
+
+loadEnvironmentFiles();
+var constantsSchema = z.object(
+  Object.fromEntries(
+    Object.keys(schemaValidationDefaults).map((key) => [
+      `AGENTS_${key}`,
+      z.coerce.number().optional()
+    ])
+  )
+);
+var parseConstants = () => {
+  const envOverrides = constantsSchema.parse(process.env);
+  return Object.fromEntries(
+    Object.entries(schemaValidationDefaults).map(([key, defaultValue]) => [
+      key,
+      envOverrides[`AGENTS_${key}`] ?? defaultValue
+    ])
+  );
+};
+var constants = parseConstants();
+var {
+  AGENT_EXECUTION_TRANSFER_COUNT_MIN,
+  AGENT_EXECUTION_TRANSFER_COUNT_MAX,
+  AGENT_EXECUTION_TRANSFER_COUNT_DEFAULT,
+  SUB_AGENT_TURN_GENERATION_STEPS_MIN,
+  SUB_AGENT_TURN_GENERATION_STEPS_MAX,
+  SUB_AGENT_TURN_GENERATION_STEPS_DEFAULT,
+  STATUS_UPDATE_MAX_NUM_EVENTS,
+  STATUS_UPDATE_MAX_INTERVAL_SECONDS,
+  VALIDATION_SUB_AGENT_PROMPT_MAX_CHARS,
+  VALIDATION_AGENT_PROMPT_MAX_CHARS,
+  CONTEXT_FETCHER_HTTP_TIMEOUT_MS_DEFAULT
+} = constants;
+
+export { AGENT_EXECUTION_TRANSFER_COUNT_DEFAULT, AGENT_EXECUTION_TRANSFER_COUNT_MAX, AGENT_EXECUTION_TRANSFER_COUNT_MIN, CONTEXT_FETCHER_HTTP_TIMEOUT_MS_DEFAULT, STATUS_UPDATE_MAX_INTERVAL_SECONDS, STATUS_UPDATE_MAX_NUM_EVENTS, SUB_AGENT_TURN_GENERATION_STEPS_DEFAULT, SUB_AGENT_TURN_GENERATION_STEPS_MAX, SUB_AGENT_TURN_GENERATION_STEPS_MIN, VALIDATION_AGENT_PROMPT_MAX_CHARS, VALIDATION_SUB_AGENT_PROMPT_MAX_CHARS };

package/dist/chunk-SG75RA63.js

@@ -0,0 +1,74 @@
+import { schema_exports, projects } from './chunk-NFYCSHD3.js';
+import { organization } from './chunk-NOPEANIU.js';
+import { dirname, join } from 'path';
+import { fileURLToPath } from 'url';
+import { PGlite } from '@electric-sql/pglite';
+import { sql } from 'drizzle-orm';
+import { drizzle } from 'drizzle-orm/pglite';
+import { migrate } from 'drizzle-orm/pglite/migrator';
+
+var FILENAME = fileURLToPath(import.meta.url);
+var DIRNAME = dirname(FILENAME);
+async function createTestDatabaseClient(drizzleDir) {
+  const client = new PGlite();
+  const db = drizzle(client, { schema: schema_exports });
+  try {
+    if (!drizzleDir) {
+      drizzleDir = join(DIRNAME, "../../drizzle");
+    }
+    await migrate(db, { migrationsFolder: drizzleDir });
+  } catch (error) {
+    console.error("Failed to initialize test database schema:", error);
+    throw error;
+  }
+  return db;
+}
+async function cleanupTestDatabase(db) {
+  try {
+    const result = await db.execute(
+      sql.raw(`
+      SELECT tablename 
+      FROM pg_tables 
+      WHERE schemaname = 'public'
+    `)
+    );
+    const tables = result.rows.map((row) => row.tablename);
+    if (tables.length === 0) {
+      return;
+    }
+    const tableList = tables.map((t) => `"${t}"`).join(", ");
+    await db.execute(sql.raw(`TRUNCATE TABLE ${tableList} RESTART IDENTITY CASCADE`));
+  } catch (error) {
+    console.debug("Could not clean test database:", error);
+  }
+}
+async function closeTestDatabase(db) {
+  try {
+    if ("close" in db && typeof db.close === "function") {
+      db.close();
+    }
+  } catch (error) {
+    console.debug("Error closing database:", error);
+  }
+}
+async function createTestOrganization(db, tenantId) {
+  const slug = tenantId.replace(/^test-tenant-/, "").substring(0, 50);
+  await db.insert(organization).values({
+    id: tenantId,
+    name: `Test Organization ${tenantId}`,
+    slug,
+    createdAt: /* @__PURE__ */ new Date(),
+    metadata: null
+  }).onConflictDoNothing();
+}
+async function createTestProject(db, tenantId, projectId = "default") {
+  await createTestOrganization(db, tenantId);
+  await db.insert(projects).values({
+    tenantId,
+    id: projectId,
+    name: `Test Project ${projectId}`,
+    description: `Test project for ${projectId}`
+  }).onConflictDoNothing();
+}
+
+export { cleanupTestDatabase, closeTestDatabase, createTestDatabaseClient, createTestOrganization, createTestProject };

package/dist/{chunk-SPRTYWRV.js → chunk-SH5TYTTP.js}

@@ -1,4 +1,4 @@
-import { AgentWithinContextOfProjectSchema, resourceIdSchema, MAX_ID_LENGTH } from './chunk-VBCCPAZK.js';
+import { AgentWithinContextOfProjectSchema, resourceIdSchema, MAX_ID_LENGTH } from './chunk-3AK7OSAT.js';
 import { z } from 'zod';
 
 // src/validation/cycleDetection.ts

package/dist/chunk-Z64UK4CA.js

@@ -0,0 +1,35 @@
+// src/constants/schema-validation/defaults.ts
+var schemaValidationDefaults = {
+  // Agent Execution Transfer Count
+  // Controls how many times an agent can transfer control to sub-agents in a single conversation turn.
+  // This prevents infinite transfer loops while allowing multi-agent collaboration workflows.
+  AGENT_EXECUTION_TRANSFER_COUNT_MIN: 1,
+  AGENT_EXECUTION_TRANSFER_COUNT_MAX: 1e3,
+  AGENT_EXECUTION_TRANSFER_COUNT_DEFAULT: 10,
+  // Sub-Agent Turn Generation Steps
+  // Limits how many AI generation steps a sub-agent can perform within a single turn.
+  // Each generation step typically involves sending a prompt to the LLM and processing its response.
+  // This prevents runaway token usage while allowing complex multi-step reasoning.
+  SUB_AGENT_TURN_GENERATION_STEPS_MIN: 1,
+  SUB_AGENT_TURN_GENERATION_STEPS_MAX: 1e3,
+  SUB_AGENT_TURN_GENERATION_STEPS_DEFAULT: 12,
+  // Status Update Thresholds
+  // Real-time status updates are triggered when either threshold is exceeded during longer operations.
+  // MAX_NUM_EVENTS: Maximum number of internal events before forcing a status update to the client.
+  // MAX_INTERVAL_SECONDS: Maximum time between status updates regardless of event count.
+  STATUS_UPDATE_MAX_NUM_EVENTS: 100,
+  STATUS_UPDATE_MAX_INTERVAL_SECONDS: 600,
+  // 10 minutes
+  // Prompt Text Length Validation
+  // Maximum character limits for agent and sub-agent system prompts to prevent excessive token usage.
+  // Enforced during agent configuration to ensure prompts remain focused and manageable.
+  VALIDATION_SUB_AGENT_PROMPT_MAX_CHARS: 2e3,
+  VALIDATION_AGENT_PROMPT_MAX_CHARS: 5e3,
+  // Context Fetcher HTTP Timeout
+  // Maximum time allowed for HTTP requests made by Context Fetchers (e.g., CRM lookups, external API calls).
+  // Context Fetchers automatically retrieve external data at the start of a conversation to enrich agent context.
+  CONTEXT_FETCHER_HTTP_TIMEOUT_MS_DEFAULT: 1e4
+  // 10 seconds
+};
+
+export { schemaValidationDefaults };

package/dist/{client-CPYOMZF2.d.ts → client-HrEgt7wv.d.ts}

@@ -1,6 +1,6 @@
 import { NodePgDatabase } from 'drizzle-orm/node-postgres';
 import { PgliteDatabase } from 'drizzle-orm/pglite';
-import { s as schema } from './schema-5N2lPWNV.js';
+import { s as schema } from './schema-CoC3tYFX.js';
 
 type DatabaseClient = NodePgDatabase<typeof schema> | PgliteDatabase<typeof schema>;
 interface DatabaseConfig {

package/dist/client-exports.d.ts

@@ -1,7 +1,7 @@
 export { i as ACTIVITY_NAMES, g as ACTIVITY_STATUS, f as ACTIVITY_TYPES, h as AGENT_IDS, p as AGGREGATE_OPERATORS, A as AI_OPERATIONS, j as AI_TOOL_TYPES, o as DATA_SOURCES, k as DATA_TYPES, D as DELEGATION_FROM_SUB_AGENT_ID, b as DELEGATION_ID, a as DELEGATION_TO_SUB_AGENT_ID, F as FIELD_TYPES, O as OPERATORS, m as ORDER_DIRECTIONS, P as PANEL_TYPES, q as QUERY_DEFAULTS, l as QUERY_EXPRESSIONS, Q as QUERY_FIELD_CONFIGS, n as QUERY_TYPES, R as REDUCE_OPERATIONS, e as SPAN_KEYS, S as SPAN_NAMES, T as TRANSFER_FROM_SUB_AGENT_ID, c as TRANSFER_TO_SUB_AGENT_ID, U as UNKNOWN_VALUE, d as detectAuthenticationRequired } from './auth-detection-CGqhPDnj.js';
 import { z } from 'zod';
-import { C as ConversationHistoryConfig, F as FunctionApiInsertSchema, A as ApiKeyApiUpdateSchema, a as FullAgentAgentInsertSchema } from './utility-DbltUp2Q.js';
-export { e as AgentStopWhen, b as AgentStopWhenSchema, h as CredentialStoreType, j as FunctionApiSelectSchema, k as FunctionApiUpdateSchema, i as MCPTransportType, g as ModelSettings, M as ModelSettingsSchema, d as StopWhen, S as StopWhenSchema, f as SubAgentStopWhen, c as SubAgentStopWhenSchema } from './utility-DbltUp2Q.js';
+import { C as ConversationHistoryConfig, F as FunctionApiInsertSchema, A as ApiKeyApiUpdateSchema, a as FullAgentAgentInsertSchema } from './utility-C4QAannk.js';
+export { e as AgentStopWhen, b as AgentStopWhenSchema, h as CredentialStoreType, j as FunctionApiSelectSchema, k as FunctionApiUpdateSchema, i as MCPTransportType, g as ModelSettings, M as ModelSettingsSchema, d as StopWhen, S as StopWhenSchema, f as SubAgentStopWhen, c as SubAgentStopWhenSchema } from './utility-C4QAannk.js';
 export { v as validatePropsAsJsonSchema } from './props-validation-BMR1qNiy.js';
 import 'pino';
 import 'drizzle-zod';

package/dist/client-exports.js

@@ -1,6 +1,7 @@
 export { ACTIVITY_NAMES, ACTIVITY_STATUS, ACTIVITY_TYPES, AGENT_IDS, AGGREGATE_OPERATORS, AI_OPERATIONS, AI_TOOL_TYPES, DATA_SOURCES, DATA_TYPES, DELEGATION_FROM_SUB_AGENT_ID, DELEGATION_ID, DELEGATION_TO_SUB_AGENT_ID, FIELD_TYPES, OPERATORS, ORDER_DIRECTIONS, PANEL_TYPES, QUERY_DEFAULTS, QUERY_EXPRESSIONS, QUERY_FIELD_CONFIGS, QUERY_TYPES, REDUCE_OPERATIONS, SPAN_KEYS, SPAN_NAMES, TRANSFER_FROM_SUB_AGENT_ID, TRANSFER_TO_SUB_AGENT_ID, UNKNOWN_VALUE } from './chunk-TGESM3JG.js';
-import { ModelSettingsSchema, schemaValidationDefaults, FullAgentAgentInsertSchema, ArtifactComponentApiInsertSchema } from './chunk-VBCCPAZK.js';
-export { AgentStopWhenSchema, FunctionApiInsertSchema, FunctionApiSelectSchema, FunctionApiUpdateSchema, ModelSettingsSchema, StopWhenSchema, SubAgentStopWhenSchema, validatePropsAsJsonSchema } from './chunk-VBCCPAZK.js';
+import { ModelSettingsSchema, FullAgentAgentInsertSchema, ArtifactComponentApiInsertSchema } from './chunk-3AK7OSAT.js';
+export { AgentStopWhenSchema, FunctionApiInsertSchema, FunctionApiSelectSchema, FunctionApiUpdateSchema, ModelSettingsSchema, StopWhenSchema, SubAgentStopWhenSchema, validatePropsAsJsonSchema } from './chunk-3AK7OSAT.js';
+import { schemaValidationDefaults } from './chunk-Z64UK4CA.js';
 export { detectAuthenticationRequired } from './chunk-4JZT4QEE.js';
 import { CredentialStoreType } from './chunk-YFHT5M2R.js';
 export { CredentialStoreType, MCPTransportType } from './chunk-YFHT5M2R.js';

package/dist/constants/schema-validation/index.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Schema validation default constants used in Zod schemas.
+ * These define limits and defaults for user-configurable values.
+ */
+declare const schemaValidationDefaults: {
+    readonly AGENT_EXECUTION_TRANSFER_COUNT_MIN: 1;
+    readonly AGENT_EXECUTION_TRANSFER_COUNT_MAX: 1000;
+    readonly AGENT_EXECUTION_TRANSFER_COUNT_DEFAULT: 10;
+    readonly SUB_AGENT_TURN_GENERATION_STEPS_MIN: 1;
+    readonly SUB_AGENT_TURN_GENERATION_STEPS_MAX: 1000;
+    readonly SUB_AGENT_TURN_GENERATION_STEPS_DEFAULT: 12;
+    readonly STATUS_UPDATE_MAX_NUM_EVENTS: 100;
+    readonly STATUS_UPDATE_MAX_INTERVAL_SECONDS: 600;
+    readonly VALIDATION_SUB_AGENT_PROMPT_MAX_CHARS: 2000;
+    readonly VALIDATION_AGENT_PROMPT_MAX_CHARS: 5000;
+    readonly CONTEXT_FETCHER_HTTP_TIMEOUT_MS_DEFAULT: 10000;
+};
+
+declare const AGENT_EXECUTION_TRANSFER_COUNT_MIN: 1;
+declare const AGENT_EXECUTION_TRANSFER_COUNT_MAX: 1000;
+declare const AGENT_EXECUTION_TRANSFER_COUNT_DEFAULT: 10;
+declare const SUB_AGENT_TURN_GENERATION_STEPS_MIN: 1;
+declare const SUB_AGENT_TURN_GENERATION_STEPS_MAX: 1000;
+declare const SUB_AGENT_TURN_GENERATION_STEPS_DEFAULT: 12;
+declare const STATUS_UPDATE_MAX_NUM_EVENTS: 100;
+declare const STATUS_UPDATE_MAX_INTERVAL_SECONDS: 600;
+declare const VALIDATION_SUB_AGENT_PROMPT_MAX_CHARS: 2000;
+declare const VALIDATION_AGENT_PROMPT_MAX_CHARS: 5000;
+declare const CONTEXT_FETCHER_HTTP_TIMEOUT_MS_DEFAULT: 10000;
+
+export { AGENT_EXECUTION_TRANSFER_COUNT_DEFAULT, AGENT_EXECUTION_TRANSFER_COUNT_MAX, AGENT_EXECUTION_TRANSFER_COUNT_MIN, CONTEXT_FETCHER_HTTP_TIMEOUT_MS_DEFAULT, STATUS_UPDATE_MAX_INTERVAL_SECONDS, STATUS_UPDATE_MAX_NUM_EVENTS, SUB_AGENT_TURN_GENERATION_STEPS_DEFAULT, SUB_AGENT_TURN_GENERATION_STEPS_MAX, SUB_AGENT_TURN_GENERATION_STEPS_MIN, VALIDATION_AGENT_PROMPT_MAX_CHARS, VALIDATION_SUB_AGENT_PROMPT_MAX_CHARS, schemaValidationDefaults };

package/dist/constants/schema-validation/index.js

@@ -0,0 +1,2 @@
+export { AGENT_EXECUTION_TRANSFER_COUNT_DEFAULT, AGENT_EXECUTION_TRANSFER_COUNT_MAX, AGENT_EXECUTION_TRANSFER_COUNT_MIN, CONTEXT_FETCHER_HTTP_TIMEOUT_MS_DEFAULT, STATUS_UPDATE_MAX_INTERVAL_SECONDS, STATUS_UPDATE_MAX_NUM_EVENTS, SUB_AGENT_TURN_GENERATION_STEPS_DEFAULT, SUB_AGENT_TURN_GENERATION_STEPS_MAX, SUB_AGENT_TURN_GENERATION_STEPS_MIN, VALIDATION_AGENT_PROMPT_MAX_CHARS, VALIDATION_SUB_AGENT_PROMPT_MAX_CHARS } from '../../chunk-KMLLKRUY.js';
+export { schemaValidationDefaults } from '../../chunk-Z64UK4CA.js';

package/dist/credential-stores/index.d.ts

@@ -0,0 +1,268 @@
+import { CredentialStore } from '../types/index.js';
+import '../utility-C4QAannk.js';
+import 'zod';
+import 'drizzle-zod';
+import 'drizzle-orm/pg-core';
+import '@hono/zod-openapi';
+import 'hono';
+
+/**
+ * Registry for managing credential stores in the application context
+ * Provides methods to register, retrieve, and manage credential stores
+ */
+declare class CredentialStoreRegistry {
+    private stores;
+    private logger;
+    constructor(initialStores?: CredentialStore[]);
+    /**
+     * Add a credential store to the registry
+     */
+    add(store: CredentialStore): void;
+    /**
+     * Get a credential store by ID
+     */
+    get(id: string): CredentialStore | undefined;
+    /**
+     * Get all registered credential stores
+     */
+    getAll(): CredentialStore[];
+    /**
+     * Get all credential store IDs
+     */
+    getIds(): string[];
+    /**
+     * Check if a credential store is registered
+     */
+    has(id: string): boolean;
+    /**
+     * Remove a credential store
+     */
+    remove(id: string): boolean;
+    /**
+     * Get the number of registered stores
+     */
+    size(): number;
+}
+
+/**
+ * Create default credential stores based on environment variables
+ */
+declare function createDefaultCredentialStores(): CredentialStore[];
+
+/**
+ * KeyChainStore - Cross-platform system keychain credential storage
+ *
+ * Uses the native OS credential storage:
+ * - macOS: Keychain
+ * - Windows: Credential Vault
+ * - Linux: Secret Service API/libsecret
+ *
+ * Requires the 'keytar' npm package to be installed.
+ * Falls back gracefully if keytar is not available.
+ *
+ * ## macOS Permission Handling
+ *
+ * On macOS, when your Node.js app first calls keytar operations:
+ * - `setPassword()` creates a new Keychain item (no prompt required)
+ * - `getPassword()` may prompt the user for permission on first access
+ * - Users can click "Allow", "Always Allow", or "Deny"
+ * - If denied, keytar returns `null` which this implementation handles gracefully
+ * - The calling binary (usually `node`) will be shown in the permission prompt
+ * - For better UX in packaged apps, consider code signing and app bundling
+ *
+ * This implementation handles all permission scenarios gracefully:
+ * - Returns `null` when access is denied or credentials don't exist
+ * - Logs errors for debugging permission issues
+ * - Never throws on permission denial, only on system-level errors
+ */
+declare class KeyChainStore implements CredentialStore {
+    readonly id: string;
+    readonly type: "keychain";
+    private readonly service;
+    private readonly logger;
+    private keytarAvailable;
+    private keytar;
+    private initializationPromise;
+    constructor(id: string, servicePrefix?: string);
+    /**
+     * Initialize keytar dynamically to handle optional availability
+     */
+    private initializeKeytar;
+    /**
+     * Get a credential from the keychain
+     */
+    get(key: string): Promise<string | null>;
+    /**
+     * Set a credential in the keychain
+     * @param metadata - Optional metadata (ignored by keychain store)
+     */
+    set(key: string, value: string, _metadata?: Record<string, string>): Promise<void>;
+    /**
+     * Check if a credential exists in the keychain
+     */
+    has(key: string): Promise<boolean>;
+    /**
+     * Check if the credential store is available and functional
+     */
+    checkAvailability(): Promise<{
+        available: boolean;
+        reason?: string;
+    }>;
+    /**
+     * Delete a credential from the keychain
+     */
+    delete(key: string): Promise<boolean>;
+    /**
+     * Find all credentials for this service
+     * Useful for debugging and listing stored credentials
+     */
+    findAllCredentials(): Promise<Array<{
+        account: string;
+        password: string;
+    }>>;
+    /**
+     * Clear all credentials for this service
+     * WARNING: This will delete all credentials stored under this service
+     */
+    clearAll(): Promise<number>;
+}
+/**
+ * Factory function to create KeyChainStore
+ * Provides consistent initialization and optional configuration
+ *
+ * ## Usage Recommendations for macOS Permission Handling
+ *
+ * 1. **First-time setup**: Inform users that they may see permission prompts
+ * 2. **Error handling**: Check for `null` returns from `get()` operations
+ * 3. **User guidance**: If credentials can't be retrieved, guide users to:
+ *    - Check Keychain Access app for denied permissions
+ *    - Re-run the application if they accidentally clicked "Deny"
+ * 4. **Development**: Use a consistent `servicePrefix` to avoid permission prompt spam
+ * 5. **Production**: Consider code-signing your distributed app for better permission prompts
+ *
+ * Example usage with permission handling:
+ * ```typescript
+ * const store = createKeyChainStore('my-app');
+ *
+ * // Always check for null when retrieving
+ * const apiKey = await store.get('api-key');
+ * if (!apiKey) {
+ *   console.log('API key not found or access denied');
+ *   // Guide user to check permissions or re-enter credentials
+ * }
+ * ```
+ */
+declare function createKeyChainStore(id: string, options?: {
+    servicePrefix?: string;
+}): KeyChainStore;
+
+/**
+ * In-memory credential store implementation
+ * Automatically loads environment variables prefixed with CREDENTIAL_STORE_ on initialization
+ * Note: Runtime credentials are lost when the server restarts, but env vars are reloaded
+ */
+declare class InMemoryCredentialStore implements CredentialStore {
+    readonly id: string;
+    readonly type: "memory";
+    private credentials;
+    constructor(id?: string);
+    /**
+     * Get a credential from the in memory store.
+     * If the key is not found in the in memory store then it is loaded from environment variables.
+     * If the key is not found in the environment variables or in the in memory store then returns null.
+     * @param key - The key of the credential to get
+     * @returns The credential value or null if not found
+     */
+    get(key: string): Promise<string | null>;
+    /**
+     * Set a credential in the in memory store.
+     * @param key - The key of the credential to set
+     * @param value - The value of the credential to set
+     * @param metadata - Optional metadata (ignored by memory store)
+     */
+    set(key: string, value: string, _metadata?: Record<string, string>): Promise<void>;
+    /**
+     * Check if a credential exists in the in memory store.
+     * @param key - The key of the credential to check
+     * @returns True if the credential exists, false otherwise
+     */
+    has(key: string): Promise<boolean>;
+    /**
+     * Delete a credential from the in memory store.
+     * @param key - The key of the credential to delete
+     * @returns True if the credential was deleted, false otherwise
+     */
+    delete(key: string): Promise<boolean>;
+    /**
+     * Check if the credential store is available and functional
+     */
+    checkAvailability(): Promise<{
+        available: boolean;
+        reason?: string;
+    }>;
+}
+
+interface NangoConfig {
+    secretKey: string;
+    apiUrl?: string;
+}
+/**
+ * Nango-based CredentialStore that fetches OAuth credentials from Nango API
+ * Uses connectionId and providerConfigKey from metadata to fetch live credentials
+ */
+declare class NangoCredentialStore implements CredentialStore {
+    readonly id: string;
+    readonly type: "nango";
+    private nangoConfig;
+    private nangoClient;
+    constructor(id: string, config: NangoConfig);
+    private getAccessToken;
+    private sanitizeMetadata;
+    /**
+     * Fetch a specific Nango integration
+     */
+    private fetchNangoIntegration;
+    /**
+     * Create an API key credential by setting up Nango integration and importing the connection
+     */
+    private createNangoApiKeyConnection;
+    /**
+     * Fetch credentials from Nango API using connection information
+     * @param connectionId - The connection ID for the Nango connection
+     * @param providerConfigKey - The provider config key for the Nango connection
+     * @returns The credential data or null if the credentials are not found
+     */
+    private fetchCredentialsFromNango;
+    /**
+     * Get credentials by key - implements CredentialStore interface
+     * Key format: JSON string with connectionId and providerConfigKey
+     */
+    get(key: string): Promise<string | null>;
+    /**
+     * Set credentials - this is used to save bearer auth
+     * Key format: JSON string with connectionId and providerConfigKey
+     */
+    set(key: string, value: string, metadata?: Record<string, string>): Promise<void>;
+    /**
+     * Check if credentials exist by attempting to fetch them
+     */
+    has(key: string): Promise<boolean>;
+    /**
+     * Delete credentials - not supported for Nango (revoke through Nango dashboard)
+     */
+    delete(key: string): Promise<boolean>;
+    /**
+     * Check if the credential store is available and functional
+     */
+    checkAvailability(): Promise<{
+        available: boolean;
+        reason?: string;
+    }>;
+}
+/**
+ * Factory function to create NangoCredentialStore
+ * Automatically reads NANGO_SECRET_KEY from environment and validates it
+ */
+declare function createNangoCredentialStore(id: string, config?: Partial<NangoConfig>): NangoCredentialStore;
+
+export { CredentialStoreRegistry, InMemoryCredentialStore, KeyChainStore, NangoCredentialStore, createDefaultCredentialStores, createKeyChainStore, createNangoCredentialStore };

package/dist/credential-stores/index.js

@@ -0,0 +1 @@
+export { CredentialStoreRegistry, InMemoryCredentialStore, KeyChainStore, NangoCredentialStore, createDefaultCredentialStores, createKeyChainStore, createNangoCredentialStore } from '../chunk-FOK3JSQN.js';

package/dist/db/schema.d.ts

@@ -1,8 +1,8 @@
 import 'drizzle-orm';
 import 'drizzle-orm/pg-core';
-import '../utility-DbltUp2Q.js';
+import '../utility-C4QAannk.js';
 export { account, invitation, member, organization, session, ssoProvider, user, verification } from '../auth/auth-schema.js';
-export { G as agentRelations, J as agentToolRelationsRelations, a as agents, y as apiKeys, I as apiKeysRelations, j as artifactComponents, O as artifactComponentsRelations, b as contextCache, E as contextCacheRelations, c as contextConfigs, D as contextConfigsRelations, v as conversations, M as conversationsRelations, z as credentialReferences, K as credentialReferencesRelations, h as dataComponents, Q as dataComponentsRelations, f as externalAgents, H as externalAgentsRelations, m as functionTools, V as functionToolsRelations, n as functions, T as functionsRelations, x as ledgerArtifacts, S as ledgerArtifactsRelations, w as messages, N as messagesRelations, p as projects, B as projectsRelations, k as subAgentArtifactComponents, P as subAgentArtifactComponentsRelations, i as subAgentDataComponents, R as subAgentDataComponentsRelations, q as subAgentExternalAgentRelations, X as subAgentExternalAgentRelationsRelations, u as subAgentFunctionToolRelations, W as subAgentFunctionToolRelationsRelations, e as subAgentRelations, U as subAgentRelationsRelations, r as subAgentTeamAgentRelations, Y as subAgentTeamAgentRelationsRelations, o as subAgentToolRelations, d as subAgents, F as subAgentsRelations, g as taskRelations, C as taskRelationsRelations, t as tasks, A as tasksRelations, l as tools, L as toolsRelations } from '../schema-5N2lPWNV.js';
+export { G as agentRelations, J as agentToolRelationsRelations, a as agents, y as apiKeys, I as apiKeysRelations, j as artifactComponents, O as artifactComponentsRelations, b as contextCache, E as contextCacheRelations, c as contextConfigs, D as contextConfigsRelations, v as conversations, M as conversationsRelations, z as credentialReferences, K as credentialReferencesRelations, h as dataComponents, Q as dataComponentsRelations, f as externalAgents, H as externalAgentsRelations, m as functionTools, V as functionToolsRelations, n as functions, T as functionsRelations, x as ledgerArtifacts, S as ledgerArtifactsRelations, w as messages, N as messagesRelations, p as projects, B as projectsRelations, k as subAgentArtifactComponents, P as subAgentArtifactComponentsRelations, i as subAgentDataComponents, R as subAgentDataComponentsRelations, q as subAgentExternalAgentRelations, X as subAgentExternalAgentRelationsRelations, u as subAgentFunctionToolRelations, W as subAgentFunctionToolRelationsRelations, e as subAgentRelations, U as subAgentRelationsRelations, r as subAgentTeamAgentRelations, Y as subAgentTeamAgentRelationsRelations, o as subAgentToolRelations, d as subAgents, F as subAgentsRelations, g as taskRelations, C as taskRelationsRelations, t as tasks, A as tasksRelations, l as tools, L as toolsRelations } from '../schema-CoC3tYFX.js';
 import 'zod';
 import 'drizzle-zod';
 import '@hono/zod-openapi';

package/dist/db/test-client.d.ts

@@ -0,0 +1,39 @@
+import { D as DatabaseClient } from '../client-HrEgt7wv.js';
+import 'drizzle-orm/node-postgres';
+import 'drizzle-orm/pglite';
+import '../schema-CoC3tYFX.js';
+import 'drizzle-orm';
+import 'drizzle-orm/pg-core';
+import '../utility-C4QAannk.js';
+import 'zod';
+import 'drizzle-zod';
+import '@hono/zod-openapi';
+import '../auth/auth-schema.js';
+
+/**
+ * Creates a test database client using an in-memory PostgreSQL database (PGlite)
+ * This provides real database operations for integration testing with perfect isolation
+ * Each call creates a fresh database with all migrations applied
+ */
+declare function createTestDatabaseClient(drizzleDir?: string): Promise<DatabaseClient>;
+/**
+ * Cleans up test database by removing all data but keeping schema
+ * Dynamically gets all tables from the public schema and truncates them
+ */
+declare function cleanupTestDatabase(db: DatabaseClient): Promise<void>;
+/**
+ * Closes the test database and removes the file
+ */
+declare function closeTestDatabase(db: DatabaseClient): Promise<void>;
+/**
+ * Creates a test organization in the database
+ * This is a helper for tests that need organization records before creating projects/agents
+ */
+declare function createTestOrganization(db: DatabaseClient, tenantId: string): Promise<void>;
+/**
+ * Creates a test project in the database
+ * Ensures the organization exists first
+ */
+declare function createTestProject(db: DatabaseClient, tenantId: string, projectId?: string): Promise<void>;
+
+export { cleanupTestDatabase, closeTestDatabase, createTestDatabaseClient, createTestOrganization, createTestProject };

package/dist/db/test-client.js

@@ -0,0 +1 @@
+export { cleanupTestDatabase, closeTestDatabase, createTestDatabaseClient, createTestOrganization, createTestProject } from '../chunk-SG75RA63.js';