@inkeep/agents-core 0.37.0 → 0.37.2

package/dist/auth/auth-schema.d.ts

@@ -1,3 +1,4 @@
+import * as drizzle_orm from 'drizzle-orm';
 import * as drizzle_orm_pg_core from 'drizzle-orm/pg-core';
 
 declare const user: drizzle_orm_pg_core.PgTableWithColumns<{
@@ -1073,6 +1074,23 @@ declare const invitation: drizzle_orm_pg_core.PgTableWithColumns<{
             identity: undefined;
             generated: undefined;
         }, {}, {}>;
+        createdAt: drizzle_orm_pg_core.PgColumn<{
+            name: "created_at";
+            tableName: "invitation";
+            dataType: "date";
+            columnType: "PgTimestamp";
+            data: Date;
+            driverParam: string;
+            notNull: true;
+            hasDefault: true;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
         inviterId: drizzle_orm_pg_core.PgColumn<{
             name: "inviter_id";
             tableName: "invitation";
@@ -1093,5 +1111,33 @@ declare const invitation: drizzle_orm_pg_core.PgTableWithColumns<{
     };
     dialect: "pg";
 }>;
+declare const userRelations: drizzle_orm.Relations<"user", {
+    sessions: drizzle_orm.Many<"session">;
+    accounts: drizzle_orm.Many<"account">;
+    ssoProviders: drizzle_orm.Many<"sso_provider">;
+    members: drizzle_orm.Many<"member">;
+    invitations: drizzle_orm.Many<"invitation">;
+}>;
+declare const sessionRelations: drizzle_orm.Relations<"session", {
+    user: drizzle_orm.One<"user", true>;
+}>;
+declare const accountRelations: drizzle_orm.Relations<"account", {
+    user: drizzle_orm.One<"user", true>;
+}>;
+declare const ssoProviderRelations: drizzle_orm.Relations<"sso_provider", {
+    user: drizzle_orm.One<"user", false>;
+}>;
+declare const organizationRelations: drizzle_orm.Relations<"organization", {
+    members: drizzle_orm.Many<"member">;
+    invitations: drizzle_orm.Many<"invitation">;
+}>;
+declare const memberRelations: drizzle_orm.Relations<"member", {
+    organization: drizzle_orm.One<"organization", true>;
+    user: drizzle_orm.One<"user", true>;
+}>;
+declare const invitationRelations: drizzle_orm.Relations<"invitation", {
+    organization: drizzle_orm.One<"organization", true>;
+    user: drizzle_orm.One<"user", true>;
+}>;
 
-export { account, invitation, member, organization, session, ssoProvider, user, verification };
+export { account, accountRelations, invitation, invitationRelations, member, memberRelations, organization, organizationRelations, session, sessionRelations, ssoProvider, ssoProviderRelations, user, userRelations, verification };

package/dist/auth/auth-schema.js

@@ -1 +1 @@
-export { account, invitation, member, organization, session, ssoProvider, user, verification } from '../chunk-NOPEANIU.js';
+export { account, accountRelations, invitation, invitationRelations, member, memberRelations, organization, organizationRelations, session, sessionRelations, ssoProvider, ssoProviderRelations, user, userRelations, verification } from '../chunk-GENLXHZ4.js';

package/dist/auth/auth-validation-schemas.d.ts

@@ -1,6 +1,6 @@
 import * as drizzle_zod from 'drizzle-zod';
 import * as drizzle_orm_pg_core from 'drizzle-orm/pg-core';
-import { z } from 'zod';
+import { z } from '@hono/zod-openapi';
 
 declare const UserSelectSchema: drizzle_zod.BuildSchema<"select", {
     id: drizzle_orm_pg_core.PgColumn<{
@@ -1485,6 +1485,23 @@ declare const InvitationSelectSchema: drizzle_zod.BuildSchema<"select", {
         identity: undefined;
         generated: undefined;
     }, {}, {}>;
+    createdAt: drizzle_orm_pg_core.PgColumn<{
+        name: "created_at";
+        tableName: "invitation";
+        dataType: "date";
+        columnType: "PgTimestamp";
+        data: Date;
+        driverParam: string;
+        notNull: true;
+        hasDefault: true;
+        isPrimaryKey: false;
+        isAutoincrement: false;
+        hasRuntimeDefault: false;
+        enumValues: undefined;
+        baseColumn: never;
+        identity: undefined;
+        generated: undefined;
+    }, {}, {}>;
     inviterId: drizzle_orm_pg_core.PgColumn<{
         name: "inviter_id";
         tableName: "invitation";
@@ -1606,6 +1623,23 @@ declare const InvitationInsertSchema: drizzle_zod.BuildSchema<"insert", {
         identity: undefined;
         generated: undefined;
     }, {}, {}>;
+    createdAt: drizzle_orm_pg_core.PgColumn<{
+        name: "created_at";
+        tableName: "invitation";
+        dataType: "date";
+        columnType: "PgTimestamp";
+        data: Date;
+        driverParam: string;
+        notNull: true;
+        hasDefault: true;
+        isPrimaryKey: false;
+        isAutoincrement: false;
+        hasRuntimeDefault: false;
+        enumValues: undefined;
+        baseColumn: never;
+        identity: undefined;
+        generated: undefined;
+    }, {}, {}>;
     inviterId: drizzle_orm_pg_core.PgColumn<{
         name: "inviter_id";
         tableName: "invitation";

package/dist/auth/auth-validation-schemas.js

@@ -1,6 +1,6 @@
-import { user, session, account, organization, member, invitation, verification } from '../chunk-NOPEANIU.js';
-import { external_exports } from '../chunk-OUXC23J7.js';
+import { user, session, account, organization, member, invitation, verification } from '../chunk-GENLXHZ4.js';
 import { createSelectSchema, createInsertSchema } from 'drizzle-zod';
+import { z } from '@hono/zod-openapi';
 
 var UserSelectSchema = createSelectSchema(user);
 var UserInsertSchema = createInsertSchema(user);
@@ -16,24 +16,24 @@ var InvitationSelectSchema = createSelectSchema(invitation);
 var InvitationInsertSchema = createInsertSchema(invitation);
 var VerificationSelectSchema = createSelectSchema(verification);
 var VerificationInsertSchema = createInsertSchema(verification);
-var UserOrganizationSchema = external_exports.object({
-  id: external_exports.string(),
-  userId: external_exports.string(),
-  organizationId: external_exports.string(),
-  role: external_exports.string(),
-  createdAt: external_exports.union([external_exports.string(), external_exports.date()]).transform((val) => val instanceof Date ? val.toISOString() : val),
-  organizationName: external_exports.string().nullable(),
-  organizationSlug: external_exports.string().nullable()
+var UserOrganizationSchema = z.object({
+  id: z.string(),
+  userId: z.string(),
+  organizationId: z.string(),
+  role: z.string(),
+  createdAt: z.union([z.string(), z.date()]).transform((val) => val instanceof Date ? val.toISOString() : val),
+  organizationName: z.string().nullable(),
+  organizationSlug: z.string().nullable()
 });
-var UserOrganizationsResponseSchema = external_exports.array(UserOrganizationSchema);
-var AddUserToOrganizationRequestSchema = external_exports.object({
-  organizationId: external_exports.string(),
-  role: external_exports.string().default("member")
+var UserOrganizationsResponseSchema = z.array(UserOrganizationSchema);
+var AddUserToOrganizationRequestSchema = z.object({
+  organizationId: z.string(),
+  role: z.string().default("member")
 });
-var AddUserToOrganizationResponseSchema = external_exports.object({
-  organizationId: external_exports.string(),
-  role: external_exports.string(),
-  createdAt: external_exports.string()
+var AddUserToOrganizationResponseSchema = z.object({
+  organizationId: z.string(),
+  role: z.string(),
+  createdAt: z.string()
 });
 
 export { AccountInsertSchema, AccountSelectSchema, AddUserToOrganizationRequestSchema, AddUserToOrganizationResponseSchema, InvitationInsertSchema, InvitationSelectSchema, MemberInsertSchema, MemberSelectSchema, OrganizationInsertSchema, OrganizationSelectSchema, SessionInsertSchema, SessionSelectSchema, UserInsertSchema, UserOrganizationSchema, UserOrganizationsResponseSchema, UserSelectSchema, VerificationInsertSchema, VerificationSelectSchema };

package/dist/auth/auth.d.ts

@@ -4,15 +4,15 @@ import * as zod from 'zod';
 import * as better_auth from 'better-auth';
 import { BetterAuthAdvancedOptions } from 'better-auth';
 import { GoogleOptions } from 'better-auth/social-providers';
-import { D as DatabaseClient } from '../client-CnpNkGsH.js';
+import { D as DatabaseClient } from '../client-B3nwdklT.js';
 import 'drizzle-orm/node-postgres';
 import 'drizzle-orm/pglite';
-import '../schema-Cgkp_geg.js';
+import '../schema-BhYTubhP.js';
 import 'drizzle-orm';
 import 'drizzle-orm/pg-core';
-import '../utility-C_tTZ7-k.js';
-import 'drizzle-zod';
+import '../utility-5USfJ5Xd.js';
 import '@hono/zod-openapi';
+import 'drizzle-zod';
 import './auth-schema.js';
 
 interface OIDCProviderConfig {
@@ -115,7 +115,7 @@ declare function createAuth(config: BetterAuthConfig): better_auth.Auth<{
                 attributes?: better_auth.CookieOptions;
             };
         } | undefined;
-        defaultCookieAttributes?: better_auth.CookieOptions | undefined;
+        defaultCookieAttributes: better_auth.CookieOptions;
         cookiePrefix?: string | undefined;
         database?: {
             defaultFindManyLimit?: number;
@@ -716,25 +716,25 @@ declare function createAuth(config: BetterAuthConfig): better_auth.Auth<{
             ac: better_auth_plugins.AccessControl;
             roles: {
                 member: {
-                    authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", better_auth_plugins.Statements>[key] | {
-                        actions: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", better_auth_plugins.Statements>[key];
+                    authorize<K_1 extends "function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key] | {
+                        actions: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key];
                         connector: "OR" | "AND";
                     } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
-                    statements: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", better_auth_plugins.Statements>;
+                    statements: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>;
                 };
                 admin: {
-                    authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", better_auth_plugins.Statements>[key] | {
-                        actions: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", better_auth_plugins.Statements>[key];
+                    authorize<K_1 extends "function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key] | {
+                        actions: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key];
                         connector: "OR" | "AND";
                     } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
-                    statements: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", better_auth_plugins.Statements>;
+                    statements: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>;
                 };
                 owner: {
-                    authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", better_auth_plugins.Statements>[key] | {
-                        actions: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", better_auth_plugins.Statements>[key];
+                    authorize<K_1 extends "function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key] | {
+                        actions: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key];
                         connector: "OR" | "AND";
                     } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
-                    statements: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", better_auth_plugins.Statements>;
+                    statements: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>;
                 };
             };
             sendInvitationEmail(data: {
@@ -992,25 +992,25 @@ declare function createAuth(config: BetterAuthConfig): better_auth.Auth<{
             ac: better_auth_plugins.AccessControl;
             roles: {
                 member: {
-                    authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", better_auth_plugins.Statements>[key] | {
-                        actions: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", better_auth_plugins.Statements>[key];
+                    authorize<K_1 extends "function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key] | {
+                        actions: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key];
                         connector: "OR" | "AND";
                     } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
-                    statements: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", better_auth_plugins.Statements>;
+                    statements: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>;
                 };
                 admin: {
-                    authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", better_auth_plugins.Statements>[key] | {
-                        actions: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", better_auth_plugins.Statements>[key];
+                    authorize<K_1 extends "function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key] | {
+                        actions: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key];
                         connector: "OR" | "AND";
                     } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
-                    statements: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", better_auth_plugins.Statements>;
+                    statements: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>;
                 };
                 owner: {
-                    authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", better_auth_plugins.Statements>[key] | {
-                        actions: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", better_auth_plugins.Statements>[key];
+                    authorize<K_1 extends "function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key] | {
+                        actions: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key];
                         connector: "OR" | "AND";
                     } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
-                    statements: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", better_auth_plugins.Statements>;
+                    statements: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>;
                 };
             };
             sendInvitationEmail(data: {

package/dist/auth/auth.js

@@ -1,8 +1,9 @@
-import { generateId } from '../chunk-ICZLNCX7.js';
-import { ssoProvider } from '../chunk-NOPEANIU.js';
-import { ownerRole, adminRole, memberRole, ac } from '../chunk-VMSYBWFH.js';
+import { generateId } from '../chunk-3HACEHXF.js';
+import { env } from '../chunk-RUTYLJB7.js';
+import { ssoProvider } from '../chunk-GENLXHZ4.js';
+import { ownerRole, adminRole, memberRole, ac } from '../chunk-JNBVHWXX.js';
 import { sso } from '@better-auth/sso';
-import { betterAuth, env } from 'better-auth';
+import { betterAuth } from 'better-auth';
 import { drizzleAdapter } from 'better-auth/adapters/drizzle';
 import { organization } from 'better-auth/plugins';
 import { eq } from 'drizzle-orm';
@@ -81,6 +82,13 @@ function createAuth(config) {
         enabled: true,
         ...cookieDomain && { domain: cookieDomain }
       },
+      defaultCookieAttributes: {
+        sameSite: "none",
+        secure: true,
+        httpOnly: true,
+        partitioned: true,
+        ...cookieDomain && { domain: cookieDomain }
+      },
       ...config.advanced
     },
     trustedOrigins: [
@@ -88,7 +96,7 @@ function createAuth(config) {
       "http://localhost:3002",
       env.INKEEP_AGENTS_MANAGE_UI_URL,
       env.INKEEP_AGENTS_MANAGE_API_URL
-    ],
+    ].filter((origin) => typeof origin === "string" && origin.length > 0),
     plugins: [
       sso(),
       organization({

package/dist/auth/permissions.d.ts

@@ -3,25 +3,25 @@ import { AccessControl } from 'better-auth/plugins/access';
 
 declare const ac: AccessControl;
 declare const memberRole: {
-    authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", better_auth_plugins.Statements>[key] | {
-        actions: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", better_auth_plugins.Statements>[key];
+    authorize<K_1 extends "function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key] | {
+        actions: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key];
         connector: "OR" | "AND";
     } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
-    statements: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", better_auth_plugins.Statements>;
+    statements: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>;
 };
 declare const adminRole: {
-    authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", better_auth_plugins.Statements>[key] | {
-        actions: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", better_auth_plugins.Statements>[key];
+    authorize<K_1 extends "function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key] | {
+        actions: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key];
         connector: "OR" | "AND";
     } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
-    statements: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", better_auth_plugins.Statements>;
+    statements: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>;
 };
 declare const ownerRole: {
-    authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", better_auth_plugins.Statements>[key] | {
-        actions: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", better_auth_plugins.Statements>[key];
+    authorize<K_1 extends "function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key] | {
+        actions: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key];
         connector: "OR" | "AND";
     } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
-    statements: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config", better_auth_plugins.Statements>;
+    statements: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>;
 };
 
 export { ac, adminRole, memberRole, ownerRole };

package/dist/auth/permissions.js

@@ -1 +1 @@
-export { ac, adminRole, memberRole, ownerRole } from '../chunk-VMSYBWFH.js';
+export { ac, adminRole, memberRole, ownerRole } from '../chunk-JNBVHWXX.js';

package/dist/{auth-detection-CGqhPDnj.d.ts → auth-detection-7G0Dxt55.d.ts}

@@ -12,6 +12,9 @@ declare const SPAN_NAMES: {
     readonly AGENT_GENERATION: "agent.generate";
     readonly CONTEXT_FETCHER: "context-fetcher.http-request";
     readonly ARTIFACT_PROCESSING: "agent_session.process_artifact";
+    readonly TOOL_APPROVAL_REQUESTED: "tool.approval_requested";
+    readonly TOOL_APPROVAL_APPROVED: "tool.approval_approved";
+    readonly TOOL_APPROVAL_DENIED: "tool.approval_denied";
 };
 declare const AI_OPERATIONS: {
     readonly GENERATE_TEXT: "ai.generateText.doGenerate";
@@ -53,6 +56,8 @@ declare const SPAN_KEYS: {
     readonly AI_TOOL_CALL_ID: "ai.toolCall.id";
     readonly AI_TOOL_TYPE: "ai.toolType";
     readonly TOOL_PURPOSE: "tool.purpose";
+    readonly TOOL_NAME: "tool.name";
+    readonly TOOL_CALL_ID: "tool.callId";
     readonly GEN_AI_USAGE_INPUT_TOKENS: "gen_ai.usage.input_tokens";
     readonly GEN_AI_USAGE_OUTPUT_TOKENS: "gen_ai.usage.output_tokens";
     readonly CONTEXT_URL: "context.url";
@@ -92,6 +97,9 @@ declare const ACTIVITY_TYPES: {
     readonly AI_ASSISTANT_MESSAGE: "ai_assistant_message";
     readonly AI_MODEL_STREAMED_TEXT: "ai_model_streamed_text";
     readonly AI_MODEL_STREAMED_OBJECT: "ai_model_streamed_object";
+    readonly TOOL_APPROVAL_REQUESTED: "tool_approval_requested";
+    readonly TOOL_APPROVAL_APPROVED: "tool_approval_approved";
+    readonly TOOL_APPROVAL_DENIED: "tool_approval_denied";
 };
 /** Activity Status Values */
 declare const ACTIVITY_STATUS: {
@@ -223,6 +231,9 @@ declare const QUERY_EXPRESSIONS: {
     readonly AGENT_GENERATIONS: "agentGenerations";
     readonly SPANS_WITH_ERRORS: "spansWithErrors";
     readonly ARTIFACT_PROCESSING: "artifactProcessing";
+    readonly TOOL_APPROVAL_REQUESTED: "toolApprovalRequested";
+    readonly TOOL_APPROVAL_APPROVED: "toolApprovalApproved";
+    readonly TOOL_APPROVAL_DENIED: "toolApprovalDenied";
 };
 /** Query Reduce Operations */
 declare const REDUCE_OPERATIONS: {