@inkeep/agents-core 0.36.1 → 0.37.1

package/dist/auth/auth-schema.js

@@ -1 +1 @@
-export { account, invitation, member, organization, session, ssoProvider, user, verification } from '../chunk-NOPEANIU.js';
+export { account, invitation, member, organization, session, ssoProvider, user, verification } from '../chunk-NFTJ5JBY.js';

package/dist/auth/auth-validation-schemas.js

@@ -1,4 +1,4 @@
-import { user, session, account, organization, member, invitation, verification } from '../chunk-NOPEANIU.js';
+import { user, session, account, organization, member, invitation, verification } from '../chunk-NFTJ5JBY.js';
 import { createSelectSchema, createInsertSchema } from 'drizzle-zod';
 import { z } from 'zod';
 

package/dist/auth/auth.d.ts

@@ -4,13 +4,13 @@ import * as zod from 'zod';
 import * as better_auth from 'better-auth';
 import { BetterAuthAdvancedOptions } from 'better-auth';
 import { GoogleOptions } from 'better-auth/social-providers';
-import { D as DatabaseClient } from '../client-HrEgt7wv.js';
+import { D as DatabaseClient } from '../client-B_3j-V4-.js';
 import 'drizzle-orm/node-postgres';
 import 'drizzle-orm/pglite';
-import '../schema-CoC3tYFX.js';
+import '../schema-DKbG39on.js';
 import 'drizzle-orm';
 import 'drizzle-orm/pg-core';
-import '../utility-C4QAannk.js';
+import '../utility-Lo5NoRHK.js';
 import 'drizzle-zod';
 import '@hono/zod-openapi';
 import './auth-schema.js';

package/dist/auth/auth.js

@@ -1,12 +1,37 @@
-import { generateId } from '../chunk-4OISWRFK.js';
-import { ssoProvider } from '../chunk-NOPEANIU.js';
+import { generateId } from '../chunk-ROXPFQAM.js';
+import { env } from '../chunk-LL6F3EAR.js';
+import { ssoProvider } from '../chunk-NFTJ5JBY.js';
 import { ownerRole, adminRole, memberRole, ac } from '../chunk-VMSYBWFH.js';
 import { sso } from '@better-auth/sso';
-import { betterAuth, env } from 'better-auth';
+import { betterAuth } from 'better-auth';
 import { drizzleAdapter } from 'better-auth/adapters/drizzle';
 import { organization } from 'better-auth/plugins';
 import { eq } from 'drizzle-orm';
 
+function extractCookieDomain(baseURL) {
+  try {
+    const url = new URL(baseURL);
+    const hostname = url.hostname;
+    if (hostname === "localhost" || hostname.match(/^\d+\.\d+\.\d+\.\d+$/)) {
+      return void 0;
+    }
+    const parts = hostname.split(".");
+    if (parts.length < 2) {
+      return void 0;
+    }
+    let domainParts;
+    if (parts.length === 3) {
+      domainParts = parts;
+    } else if (parts.length > 3) {
+      domainParts = parts.slice(1);
+    } else {
+      domainParts = parts;
+    }
+    return `.${domainParts.join(".")}`;
+  } catch {
+    return void 0;
+  }
+}
 async function registerSSOProvider(dbClient, provider) {
   try {
     const existing = await dbClient.select().from(ssoProvider).where(eq(ssoProvider.providerId, provider.providerId)).limit(1);
@@ -31,6 +56,7 @@ async function registerSSOProvider(dbClient, provider) {
   }
 }
 function createAuth(config) {
+  const cookieDomain = extractCookieDomain(config.baseURL);
   const auth2 = betterAuth({
     baseURL: config.baseURL,
     secret: config.secret,
@@ -53,7 +79,8 @@ function createAuth(config) {
     },
     advanced: {
       crossSubDomainCookies: {
-        enabled: true
+        enabled: true,
+        ...cookieDomain && { domain: cookieDomain }
       },
       ...config.advanced
     },
@@ -62,7 +89,7 @@ function createAuth(config) {
       "http://localhost:3002",
       env.INKEEP_AGENTS_MANAGE_UI_URL,
       env.INKEEP_AGENTS_MANAGE_API_URL
-    ],
+    ].filter((origin) => typeof origin === "string" && origin.length > 0),
     plugins: [
       sso(),
       organization({

package/dist/{auth-detection-CGqhPDnj.d.ts → auth-detection-7G0Dxt55.d.ts}

@@ -12,6 +12,9 @@ declare const SPAN_NAMES: {
     readonly AGENT_GENERATION: "agent.generate";
     readonly CONTEXT_FETCHER: "context-fetcher.http-request";
     readonly ARTIFACT_PROCESSING: "agent_session.process_artifact";
+    readonly TOOL_APPROVAL_REQUESTED: "tool.approval_requested";
+    readonly TOOL_APPROVAL_APPROVED: "tool.approval_approved";
+    readonly TOOL_APPROVAL_DENIED: "tool.approval_denied";
 };
 declare const AI_OPERATIONS: {
     readonly GENERATE_TEXT: "ai.generateText.doGenerate";
@@ -53,6 +56,8 @@ declare const SPAN_KEYS: {
     readonly AI_TOOL_CALL_ID: "ai.toolCall.id";
     readonly AI_TOOL_TYPE: "ai.toolType";
     readonly TOOL_PURPOSE: "tool.purpose";
+    readonly TOOL_NAME: "tool.name";
+    readonly TOOL_CALL_ID: "tool.callId";
     readonly GEN_AI_USAGE_INPUT_TOKENS: "gen_ai.usage.input_tokens";
     readonly GEN_AI_USAGE_OUTPUT_TOKENS: "gen_ai.usage.output_tokens";
     readonly CONTEXT_URL: "context.url";
@@ -92,6 +97,9 @@ declare const ACTIVITY_TYPES: {
     readonly AI_ASSISTANT_MESSAGE: "ai_assistant_message";
     readonly AI_MODEL_STREAMED_TEXT: "ai_model_streamed_text";
     readonly AI_MODEL_STREAMED_OBJECT: "ai_model_streamed_object";
+    readonly TOOL_APPROVAL_REQUESTED: "tool_approval_requested";
+    readonly TOOL_APPROVAL_APPROVED: "tool_approval_approved";
+    readonly TOOL_APPROVAL_DENIED: "tool_approval_denied";
 };
 /** Activity Status Values */
 declare const ACTIVITY_STATUS: {
@@ -223,6 +231,9 @@ declare const QUERY_EXPRESSIONS: {
     readonly AGENT_GENERATIONS: "agentGenerations";
     readonly SPANS_WITH_ERRORS: "spansWithErrors";
     readonly ARTIFACT_PROCESSING: "artifactProcessing";
+    readonly TOOL_APPROVAL_REQUESTED: "toolApprovalRequested";
+    readonly TOOL_APPROVAL_APPROVED: "toolApprovalApproved";
+    readonly TOOL_APPROVAL_DENIED: "toolApprovalDenied";
 };
 /** Query Reduce Operations */
 declare const REDUCE_OPERATIONS: {

package/dist/chunk-CMNLBV2A.js

@@ -0,0 +1,39 @@
+// src/types/a2a.ts
+var TaskState = /* @__PURE__ */ ((TaskState2) => {
+  TaskState2["Submitted"] = "submitted";
+  TaskState2["Working"] = "working";
+  TaskState2["InputRequired"] = "input-required";
+  TaskState2["Completed"] = "completed";
+  TaskState2["Canceled"] = "canceled";
+  TaskState2["Failed"] = "failed";
+  TaskState2["Rejected"] = "rejected";
+  TaskState2["AuthRequired"] = "auth-required";
+  TaskState2["Unknown"] = "unknown";
+  return TaskState2;
+})(TaskState || {});
+
+// src/types/tool-policies.ts
+function normalizeToolSelections(selections) {
+  if (!selections || selections.length === 0) {
+    return { selectedTools: [], toolPolicies: {} };
+  }
+  const selectedTools = [];
+  const toolPolicies = {};
+  for (const selection of selections) {
+    if (typeof selection === "string") {
+      selectedTools.push(selection);
+    } else {
+      selectedTools.push(selection.name);
+      const policy = {};
+      if (selection.needsApproval !== void 0) {
+        policy.needsApproval = selection.needsApproval;
+      }
+      if (Object.keys(policy).length > 0) {
+        toolPolicies[selection.name] = policy;
+      }
+    }
+  }
+  return { selectedTools, toolPolicies };
+}
+
+export { TaskState, normalizeToolSelections };

package/dist/{chunk-SG75RA63.js → chunk-I6IF7ZTL.js}

@@ -1,5 +1,5 @@
-import { schema_exports, projects } from './chunk-NFYCSHD3.js';
-import { organization } from './chunk-NOPEANIU.js';
+import { schema_exports, projects } from './chunk-PVRIMF6N.js';
+import { organization } from './chunk-NFTJ5JBY.js';
 import { dirname, join } from 'path';
 import { fileURLToPath } from 'url';
 import { PGlite } from '@electric-sql/pglite';

package/dist/{chunk-ZCEKN54E.js → chunk-K6GMXJPW.js}

@@ -1,4 +1,4 @@
-import { subAgents, subAgentRelations, agents, tasks, taskRelations, conversations, messages, contextCache, dataComponents, subAgentDataComponents, artifactComponents, subAgentArtifactComponents, externalAgents, apiKeys, credentialReferences, tools, functionTools, functions, contextConfigs, subAgentToolRelations, subAgentExternalAgentRelations, subAgentTeamAgentRelations, ledgerArtifacts, projects } from './chunk-NFYCSHD3.js';
+import { subAgents, subAgentRelations, agents, tasks, taskRelations, conversations, messages, contextCache, dataComponents, subAgentDataComponents, artifactComponents, subAgentArtifactComponents, externalAgents, apiKeys, credentialReferences, tools, functionTools, functions, contextConfigs, subAgentToolRelations, subAgentExternalAgentRelations, subAgentTeamAgentRelations, ledgerArtifacts, projects } from './chunk-PVRIMF6N.js';
 import { schemaValidationDefaults } from './chunk-Z64UK4CA.js';
 import { VALID_RELATION_TYPES, MCPTransportType, TOOL_STATUS_VALUES, CredentialStoreType, MCPServerType } from './chunk-YFHT5M2R.js';
 import { z } from '@hono/zod-openapi';
@@ -587,9 +587,7 @@ var McpToolSchema = ToolInsertSchema.extend({
   availableTools: z.array(McpToolDefinitionSchema).optional(),
   status: ToolStatusSchema.default("unknown"),
   version: z.string().optional(),
-  createdAt: z.date(),
-  updatedAt: z.date(),
-  expiresAt: z.date().optional(),
+  expiresAt: z.string().optional(),
   relationshipId: z.string().optional()
 }).openapi("McpTool");
 var MCPToolConfigSchema = McpToolSchema.omit({
@@ -688,7 +686,8 @@ var SubAgentToolRelationInsertSchema = createInsertSchema(subAgentToolRelations)
   subAgentId: resourceIdSchema,
   toolId: resourceIdSchema,
   selectedTools: z.array(z.string()).nullish(),
-  headers: z.record(z.string(), z.string()).nullish()
+  headers: z.record(z.string(), z.string()).nullish(),
+  toolPolicies: z.record(z.string(), z.object({ needsApproval: z.boolean().optional() })).nullish()
 });
 var SubAgentToolRelationUpdateSchema = SubAgentToolRelationInsertSchema.partial();
 var SubAgentToolRelationApiSelectSchema = createAgentScopedApiSchema(
@@ -769,7 +768,8 @@ var CanUseItemSchema = z.object({
   agentToolRelationId: z.string().optional(),
   toolId: z.string(),
   toolSelection: z.array(z.string()).nullish(),
-  headers: z.record(z.string(), z.string()).nullish()
+  headers: z.record(z.string(), z.string()).nullish(),
+  toolPolicies: z.record(z.string(), z.object({ needsApproval: z.boolean().optional() })).nullish()
 }).openapi("CanUseItem");
 var canDelegateToExternalAgentSchema = z.object({
   externalAgentId: z.string(),

package/dist/{chunk-4RVJB4KV.js → chunk-LL6F3EAR.js}

@@ -37,7 +37,10 @@ var envSchema = z.object({
   ENVIRONMENT: z.enum(["development", "production", "pentest", "test"]).optional(),
   DATABASE_URL: z.string().optional(),
   POSTGRES_POOL_SIZE: z.string().optional(),
-  INKEEP_AGENTS_JWT_SIGNING_SECRET: z.string().min(32, "INKEEP_AGENTS_JWT_SIGNING_SECRET must be at least 32 characters").optional()
+  INKEEP_AGENTS_JWT_SIGNING_SECRET: z.string().min(32, "INKEEP_AGENTS_JWT_SIGNING_SECRET must be at least 32 characters").optional(),
+  INKEEP_AGENTS_MANAGE_UI_URL: z.string().optional(),
+  INKEEP_AGENTS_MANAGE_API_URL: z.string().optional(),
+  BETTER_AUTH_SECRET: z.string().optional()
 });
 var parseEnv = () => {
   try {

package/dist/{chunk-TGESM3JG.js → chunk-MQMMFK2K.js}

@@ -10,7 +10,10 @@ var SPAN_NAMES = {
   CONTEXT_HANDLE: "context.handle_context_resolution",
   AGENT_GENERATION: "agent.generate",
   CONTEXT_FETCHER: "context-fetcher.http-request",
-  ARTIFACT_PROCESSING: "agent_session.process_artifact"
+  ARTIFACT_PROCESSING: "agent_session.process_artifact",
+  TOOL_APPROVAL_REQUESTED: "tool.approval_requested",
+  TOOL_APPROVAL_APPROVED: "tool.approval_approved",
+  TOOL_APPROVAL_DENIED: "tool.approval_denied"
 };
 var AI_OPERATIONS = {
   GENERATE_TEXT: "ai.generateText.doGenerate",
@@ -55,6 +58,8 @@ var SPAN_KEYS = {
   AI_TOOL_CALL_ID: "ai.toolCall.id",
   AI_TOOL_TYPE: "ai.toolType",
   TOOL_PURPOSE: "tool.purpose",
+  TOOL_NAME: "tool.name",
+  TOOL_CALL_ID: "tool.callId",
   // Token usage
   GEN_AI_USAGE_INPUT_TOKENS: "gen_ai.usage.input_tokens",
   GEN_AI_USAGE_OUTPUT_TOKENS: "gen_ai.usage.output_tokens",
@@ -99,7 +104,10 @@ var ACTIVITY_TYPES = {
   USER_MESSAGE: "user_message",
   AI_ASSISTANT_MESSAGE: "ai_assistant_message",
   AI_MODEL_STREAMED_TEXT: "ai_model_streamed_text",
-  AI_MODEL_STREAMED_OBJECT: "ai_model_streamed_object"
+  AI_MODEL_STREAMED_OBJECT: "ai_model_streamed_object",
+  TOOL_APPROVAL_REQUESTED: "tool_approval_requested",
+  TOOL_APPROVAL_APPROVED: "tool_approval_approved",
+  TOOL_APPROVAL_DENIED: "tool_approval_denied"
 };
 var ACTIVITY_STATUS = {
   SUCCESS: "success",
@@ -231,7 +239,10 @@ var QUERY_EXPRESSIONS = {
   DURATION_SPANS: "durationSpans",
   AGENT_GENERATIONS: "agentGenerations",
   SPANS_WITH_ERRORS: "spansWithErrors",
-  ARTIFACT_PROCESSING: "artifactProcessing"
+  ARTIFACT_PROCESSING: "artifactProcessing",
+  TOOL_APPROVAL_REQUESTED: "toolApprovalRequested",
+  TOOL_APPROVAL_APPROVED: "toolApprovalApproved",
+  TOOL_APPROVAL_DENIED: "toolApprovalDenied"
 };
 var REDUCE_OPERATIONS = {
   SUM: "sum",

package/dist/{chunk-NFYCSHD3.js → chunk-PVRIMF6N.js}

@@ -1,4 +1,4 @@
-import { verification, user, ssoProvider, session, organization, member, invitation, account } from './chunk-NOPEANIU.js';
+import { verification, user, ssoProvider, session, organization, member, invitation, account } from './chunk-NFTJ5JBY.js';
 import { __export } from './chunk-SIAA4J6H.js';
 import { relations } from 'drizzle-orm';
 import { pgTable, varchar, text, timestamp, jsonb, primaryKey, foreignKey, integer, index, unique } from 'drizzle-orm/pg-core';
@@ -436,6 +436,7 @@ var subAgentToolRelations = pgTable(
     toolId: varchar("tool_id", { length: 256 }).notNull(),
     selectedTools: jsonb("selected_tools").$type(),
     headers: jsonb("headers").$type(),
+    toolPolicies: jsonb("tool_policies").$type(),
     ...timestamps
   },
   (table) => [