@inkeep/agents-core 0.38.3 → 0.39.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (32) hide show
  1. package/dist/auth/auth-schema.d.ts +178 -1
  2. package/dist/auth/auth-schema.js +1 -1
  3. package/dist/auth/auth-validation-schemas.d.ts +347 -1
  4. package/dist/auth/auth-validation-schemas.js +4 -2
  5. package/dist/auth/auth.d.ts +378 -20
  6. package/dist/auth/auth.js +12 -2
  7. package/dist/auth/permissions.d.ts +9 -9
  8. package/dist/chunk-4VNS5WPM.js +37 -0
  9. package/dist/{chunk-DW4DNYUS.js → chunk-BZOLMLKX.js} +2 -2
  10. package/dist/{chunk-CWAFZVRI.js → chunk-FGS57CQI.js} +1 -1
  11. package/dist/{chunk-LH6OJIIM.js → chunk-LI7GCYW2.js} +3 -2
  12. package/dist/{chunk-S4XQEAAF.js → chunk-PKGWDXDS.js} +65 -21
  13. package/dist/{chunk-UK63CULA.js → chunk-RZN5SMF6.js} +1 -1
  14. package/dist/{chunk-GENLXHZ4.js → chunk-XL55SHQM.js} +14 -2
  15. package/dist/{client-DG_xZdlN.d.ts → client-DmOy13ep.d.ts} +1 -1
  16. package/dist/client-exports.js +3 -3
  17. package/dist/credential-stores/index.d.ts +15 -1
  18. package/dist/credential-stores/index.js +1 -1
  19. package/dist/db/schema.d.ts +2 -2
  20. package/dist/db/schema.js +2 -2
  21. package/dist/db/test-client.d.ts +2 -2
  22. package/dist/db/test-client.js +1 -1
  23. package/dist/dist-TUQUTLPM.js +15929 -0
  24. package/dist/index.d.ts +5 -5
  25. package/dist/index.js +16 -16
  26. package/dist/{schema-DA6PfmoP.d.ts → schema-Bq_OERAy.d.ts} +3 -2
  27. package/dist/validation/index.js +2 -2
  28. package/drizzle/0006_stale_thaddeus_ross.sql +12 -0
  29. package/drizzle/meta/0006_snapshot.json +3766 -0
  30. package/drizzle/meta/_journal.json +7 -0
  31. package/package.json +11 -11
  32. package/dist/chunk-SIAA4J6H.js +0 -17
package/dist/auth/auth.d.ts CHANGED
@@ -4,10 +4,10 @@ import * as zod from 'zod';
4
4
  import * as better_auth from 'better-auth';
5
5
  import { BetterAuthAdvancedOptions } from 'better-auth';
6
6
  import { GoogleOptions } from 'better-auth/social-providers';
7
- import { D as DatabaseClient } from '../client-DG_xZdlN.js';
7
+ import { D as DatabaseClient } from '../client-DmOy13ep.js';
8
8
  import 'drizzle-orm/node-postgres';
9
9
  import 'drizzle-orm/pglite';
10
- import '../schema-DA6PfmoP.js';
10
+ import '../schema-Bq_OERAy.js';
11
11
  import 'drizzle-orm';
12
12
  import 'drizzle-orm/pg-core';
13
13
  import '../utility-dsfXkYTu.js';
@@ -126,6 +126,22 @@ declare function createAuth(config: BetterAuthConfig): better_auth.Auth<{
126
126
  };
127
127
  trustedOrigins: string[];
128
128
  plugins: [{
129
+ id: "bearer";
130
+ hooks: {
131
+ before: {
132
+ matcher(context: better_auth.HookEndpointContext): boolean;
133
+ handler: (inputContext: better_auth.MiddlewareInputContext<better_auth.MiddlewareOptions>) => Promise<{
134
+ context: {
135
+ headers: Headers;
136
+ };
137
+ } | undefined>;
138
+ }[];
139
+ after: {
140
+ matcher(context: better_auth.HookEndpointContext): true;
141
+ handler: (inputContext: better_auth.MiddlewareInputContext<better_auth.MiddlewareOptions>) => Promise<void>;
142
+ }[];
143
+ };
144
+ }, {
129
145
  id: "sso";
130
146
  endpoints: {
131
147
  spMetadata: ReturnType<() => better_auth.StrictEndpoint<"/sso/saml2/sp/metadata", {
@@ -717,25 +733,25 @@ declare function createAuth(config: BetterAuthConfig): better_auth.Auth<{
717
733
  ac: better_auth_plugins.AccessControl;
718
734
  roles: {
719
735
  member: {
720
- authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key] | {
721
- actions: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key];
736
+ authorize<K_1 extends "function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key] | {
737
+ actions: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key];
722
738
  connector: "OR" | "AND";
723
739
  } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
724
- statements: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>;
740
+ statements: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>;
725
741
  };
726
742
  admin: {
727
- authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key] | {
728
- actions: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key];
743
+ authorize<K_1 extends "function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key] | {
744
+ actions: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key];
729
745
  connector: "OR" | "AND";
730
746
  } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
731
- statements: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>;
747
+ statements: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>;
732
748
  };
733
749
  owner: {
734
- authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key] | {
735
- actions: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key];
750
+ authorize<K_1 extends "function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key] | {
751
+ actions: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key];
736
752
  connector: "OR" | "AND";
737
753
  } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
738
- statements: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>;
754
+ statements: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>;
739
755
  };
740
756
  };
741
757
  sendInvitationEmail(data: {
@@ -993,25 +1009,25 @@ declare function createAuth(config: BetterAuthConfig): better_auth.Auth<{
993
1009
  ac: better_auth_plugins.AccessControl;
994
1010
  roles: {
995
1011
  member: {
996
- authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key] | {
997
- actions: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key];
1012
+ authorize<K_1 extends "function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key] | {
1013
+ actions: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key];
998
1014
  connector: "OR" | "AND";
999
1015
  } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
1000
- statements: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>;
1016
+ statements: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>;
1001
1017
  };
1002
1018
  admin: {
1003
- authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key] | {
1004
- actions: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key];
1019
+ authorize<K_1 extends "function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key] | {
1020
+ actions: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key];
1005
1021
  connector: "OR" | "AND";
1006
1022
  } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
1007
- statements: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>;
1023
+ statements: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>;
1008
1024
  };
1009
1025
  owner: {
1010
- authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key] | {
1011
- actions: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key];
1026
+ authorize<K_1 extends "function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key] | {
1027
+ actions: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key];
1012
1028
  connector: "OR" | "AND";
1013
1029
  } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
1014
- statements: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>;
1030
+ statements: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>;
1015
1031
  };
1016
1032
  };
1017
1033
  sendInvitationEmail(data: {
@@ -1025,6 +1041,348 @@ declare function createAuth(config: BetterAuthConfig): better_auth.Auth<{
1025
1041
  };
1026
1042
  }): Promise<void>;
1027
1043
  };
1044
+ }, {
1045
+ id: "device-authorization";
1046
+ schema: {
1047
+ deviceCode: {
1048
+ fields: {
1049
+ deviceCode: {
1050
+ type: "string";
1051
+ required: true;
1052
+ };
1053
+ userCode: {
1054
+ type: "string";
1055
+ required: true;
1056
+ };
1057
+ userId: {
1058
+ type: "string";
1059
+ required: false;
1060
+ };
1061
+ expiresAt: {
1062
+ type: "date";
1063
+ required: true;
1064
+ };
1065
+ status: {
1066
+ type: "string";
1067
+ required: true;
1068
+ };
1069
+ lastPolledAt: {
1070
+ type: "date";
1071
+ required: false;
1072
+ };
1073
+ pollingInterval: {
1074
+ type: "number";
1075
+ required: false;
1076
+ };
1077
+ clientId: {
1078
+ type: "string";
1079
+ required: false;
1080
+ };
1081
+ scope: {
1082
+ type: "string";
1083
+ required: false;
1084
+ };
1085
+ };
1086
+ };
1087
+ };
1088
+ endpoints: {
1089
+ deviceCode: better_auth.StrictEndpoint<"/device/code", {
1090
+ method: "POST";
1091
+ body: zod.ZodObject<{
1092
+ client_id: zod.ZodString;
1093
+ scope: zod.ZodOptional<zod.ZodString>;
1094
+ }, better_auth.$strip>;
1095
+ error: zod.ZodObject<{
1096
+ error: zod.ZodEnum<{
1097
+ invalid_request: "invalid_request";
1098
+ invalid_client: "invalid_client";
1099
+ }>;
1100
+ error_description: zod.ZodString;
1101
+ }, better_auth.$strip>;
1102
+ metadata: {
1103
+ openapi: {
1104
+ description: string;
1105
+ responses: {
1106
+ 200: {
1107
+ description: string;
1108
+ content: {
1109
+ "application/json": {
1110
+ schema: {
1111
+ type: "object";
1112
+ properties: {
1113
+ device_code: {
1114
+ type: string;
1115
+ description: string;
1116
+ };
1117
+ user_code: {
1118
+ type: string;
1119
+ description: string;
1120
+ };
1121
+ verification_uri: {
1122
+ type: string;
1123
+ format: string;
1124
+ description: string;
1125
+ };
1126
+ verification_uri_complete: {
1127
+ type: string;
1128
+ format: string;
1129
+ description: string;
1130
+ };
1131
+ expires_in: {
1132
+ type: string;
1133
+ description: string;
1134
+ };
1135
+ interval: {
1136
+ type: string;
1137
+ description: string;
1138
+ };
1139
+ };
1140
+ };
1141
+ };
1142
+ };
1143
+ };
1144
+ 400: {
1145
+ description: string;
1146
+ content: {
1147
+ "application/json": {
1148
+ schema: {
1149
+ type: "object";
1150
+ properties: {
1151
+ error: {
1152
+ type: string;
1153
+ enum: string[];
1154
+ };
1155
+ error_description: {
1156
+ type: string;
1157
+ };
1158
+ };
1159
+ };
1160
+ };
1161
+ };
1162
+ };
1163
+ };
1164
+ };
1165
+ };
1166
+ } & {
1167
+ use: any[];
1168
+ }, {
1169
+ device_code: string;
1170
+ user_code: string;
1171
+ verification_uri: string;
1172
+ verification_uri_complete: string;
1173
+ expires_in: number;
1174
+ interval: number;
1175
+ }>;
1176
+ deviceToken: better_auth.StrictEndpoint<"/device/token", {
1177
+ method: "POST";
1178
+ body: zod.ZodObject<{
1179
+ grant_type: zod.ZodLiteral<"urn:ietf:params:oauth:grant-type:device_code">;
1180
+ device_code: zod.ZodString;
1181
+ client_id: zod.ZodString;
1182
+ }, better_auth.$strip>;
1183
+ error: zod.ZodObject<{
1184
+ error: zod.ZodEnum<{
1185
+ invalid_request: "invalid_request";
1186
+ authorization_pending: "authorization_pending";
1187
+ slow_down: "slow_down";
1188
+ expired_token: "expired_token";
1189
+ access_denied: "access_denied";
1190
+ invalid_grant: "invalid_grant";
1191
+ }>;
1192
+ error_description: zod.ZodString;
1193
+ }, better_auth.$strip>;
1194
+ metadata: {
1195
+ openapi: {
1196
+ description: string;
1197
+ responses: {
1198
+ 200: {
1199
+ description: string;
1200
+ content: {
1201
+ "application/json": {
1202
+ schema: {
1203
+ type: "object";
1204
+ properties: {
1205
+ session: {
1206
+ $ref: string;
1207
+ };
1208
+ user: {
1209
+ $ref: string;
1210
+ };
1211
+ };
1212
+ };
1213
+ };
1214
+ };
1215
+ };
1216
+ 400: {
1217
+ description: string;
1218
+ content: {
1219
+ "application/json": {
1220
+ schema: {
1221
+ type: "object";
1222
+ properties: {
1223
+ error: {
1224
+ type: string;
1225
+ enum: string[];
1226
+ };
1227
+ error_description: {
1228
+ type: string;
1229
+ };
1230
+ };
1231
+ };
1232
+ };
1233
+ };
1234
+ };
1235
+ };
1236
+ };
1237
+ };
1238
+ } & {
1239
+ use: any[];
1240
+ }, {
1241
+ access_token: string;
1242
+ token_type: string;
1243
+ expires_in: number;
1244
+ scope: string;
1245
+ }>;
1246
+ deviceVerify: better_auth.StrictEndpoint<"/device", {
1247
+ method: "GET";
1248
+ query: zod.ZodObject<{
1249
+ user_code: zod.ZodString;
1250
+ }, better_auth.$strip>;
1251
+ error: zod.ZodObject<{
1252
+ error: zod.ZodEnum<{
1253
+ invalid_request: "invalid_request";
1254
+ }>;
1255
+ error_description: zod.ZodString;
1256
+ }, better_auth.$strip>;
1257
+ metadata: {
1258
+ openapi: {
1259
+ description: string;
1260
+ responses: {
1261
+ 200: {
1262
+ description: string;
1263
+ content: {
1264
+ "application/json": {
1265
+ schema: {
1266
+ type: "object";
1267
+ properties: {
1268
+ user_code: {
1269
+ type: string;
1270
+ description: string;
1271
+ };
1272
+ status: {
1273
+ type: string;
1274
+ enum: string[];
1275
+ description: string;
1276
+ };
1277
+ };
1278
+ };
1279
+ };
1280
+ };
1281
+ };
1282
+ };
1283
+ };
1284
+ };
1285
+ } & {
1286
+ use: any[];
1287
+ }, {
1288
+ user_code: string;
1289
+ status: string;
1290
+ }>;
1291
+ deviceApprove: better_auth.StrictEndpoint<"/device/approve", {
1292
+ method: "POST";
1293
+ body: zod.ZodObject<{
1294
+ userCode: zod.ZodString;
1295
+ }, better_auth.$strip>;
1296
+ error: zod.ZodObject<{
1297
+ error: zod.ZodEnum<{
1298
+ invalid_request: "invalid_request";
1299
+ expired_token: "expired_token";
1300
+ device_code_already_processed: "device_code_already_processed";
1301
+ }>;
1302
+ error_description: zod.ZodString;
1303
+ }, better_auth.$strip>;
1304
+ requireHeaders: true;
1305
+ metadata: {
1306
+ openapi: {
1307
+ description: string;
1308
+ responses: {
1309
+ 200: {
1310
+ description: string;
1311
+ content: {
1312
+ "application/json": {
1313
+ schema: {
1314
+ type: "object";
1315
+ properties: {
1316
+ success: {
1317
+ type: string;
1318
+ };
1319
+ };
1320
+ };
1321
+ };
1322
+ };
1323
+ };
1324
+ };
1325
+ };
1326
+ };
1327
+ } & {
1328
+ use: any[];
1329
+ }, {
1330
+ success: boolean;
1331
+ }>;
1332
+ deviceDeny: better_auth.StrictEndpoint<"/device/deny", {
1333
+ method: "POST";
1334
+ body: zod.ZodObject<{
1335
+ userCode: zod.ZodString;
1336
+ }, better_auth.$strip>;
1337
+ error: zod.ZodObject<{
1338
+ error: zod.ZodEnum<{
1339
+ invalid_request: "invalid_request";
1340
+ expired_token: "expired_token";
1341
+ }>;
1342
+ error_description: zod.ZodString;
1343
+ }, better_auth.$strip>;
1344
+ metadata: {
1345
+ openapi: {
1346
+ description: string;
1347
+ responses: {
1348
+ 200: {
1349
+ description: string;
1350
+ content: {
1351
+ "application/json": {
1352
+ schema: {
1353
+ type: "object";
1354
+ properties: {
1355
+ success: {
1356
+ type: string;
1357
+ };
1358
+ };
1359
+ };
1360
+ };
1361
+ };
1362
+ };
1363
+ };
1364
+ };
1365
+ };
1366
+ } & {
1367
+ use: any[];
1368
+ }, {
1369
+ success: boolean;
1370
+ }>;
1371
+ };
1372
+ $ERROR_CODES: {
1373
+ readonly INVALID_DEVICE_CODE: "Invalid device code";
1374
+ readonly EXPIRED_DEVICE_CODE: "Device code has expired";
1375
+ readonly EXPIRED_USER_CODE: "User code has expired";
1376
+ readonly AUTHORIZATION_PENDING: "Authorization pending";
1377
+ readonly ACCESS_DENIED: "Access denied";
1378
+ readonly INVALID_USER_CODE: "Invalid user code";
1379
+ readonly DEVICE_CODE_ALREADY_PROCESSED: "Device code already processed";
1380
+ readonly POLLING_TOO_FREQUENTLY: "Polling too frequently";
1381
+ readonly USER_NOT_FOUND: "User not found";
1382
+ readonly FAILED_TO_CREATE_SESSION: "Failed to create session";
1383
+ readonly INVALID_DEVICE_CODE_STATUS: "Invalid device code status";
1384
+ readonly AUTHENTICATION_REQUIRED: "Authentication required";
1385
+ };
1028
1386
  }];
1029
1387
  }>;
1030
1388
  declare const auth: ReturnType<typeof createAuth>;
package/dist/auth/auth.js CHANGED
@@ -1,11 +1,11 @@
1
1
  import { generateId } from '../chunk-VXHL7CJY.js';
2
2
  import { env } from '../chunk-ZIXAWYZI.js';
3
- import { ssoProvider } from '../chunk-GENLXHZ4.js';
3
+ import { ssoProvider } from '../chunk-XL55SHQM.js';
4
4
  import { ownerRole, adminRole, memberRole, ac } from '../chunk-JNBVHWXX.js';
5
5
  import { sso } from '@better-auth/sso';
6
6
  import { betterAuth } from 'better-auth';
7
7
  import { drizzleAdapter } from 'better-auth/adapters/drizzle';
8
- import { organization } from 'better-auth/plugins';
8
+ import { bearer, organization, deviceAuthorization } from 'better-auth/plugins';
9
9
  import { eq } from 'drizzle-orm';
10
10
 
11
11
  function extractCookieDomain(baseURL) {
@@ -98,6 +98,7 @@ function createAuth(config) {
98
98
  env.INKEEP_AGENTS_MANAGE_API_URL
99
99
  ].filter((origin) => typeof origin === "string" && origin.length > 0),
100
100
  plugins: [
101
+ bearer(),
101
102
  sso(),
102
103
  organization({
103
104
  allowUserToCreateOrganization: true,
@@ -115,6 +116,15 @@ function createAuth(config) {
115
116
  invitationId: data.id
116
117
  });
117
118
  }
119
+ }),
120
+ deviceAuthorization({
121
+ verificationUri: "/device",
122
+ expiresIn: "60m",
123
+ // 30 minutes
124
+ interval: "5s",
125
+ // 5 second polling interval
126
+ userCodeLength: 8
127
+ // e.g., "ABCD-EFGH"
118
128
  })
119
129
  ]
120
130
  });
package/dist/auth/permissions.d.ts CHANGED
@@ -3,25 +3,25 @@ import { AccessControl } from 'better-auth/plugins/access';
3
3
 
4
4
  declare const ac: AccessControl;
5
5
  declare const memberRole: {
6
- authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key] | {
7
- actions: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key];
6
+ authorize<K_1 extends "function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key] | {
7
+ actions: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key];
8
8
  connector: "OR" | "AND";
9
9
  } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
10
- statements: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>;
10
+ statements: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>;
11
11
  };
12
12
  declare const adminRole: {
13
- authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key] | {
14
- actions: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key];
13
+ authorize<K_1 extends "function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key] | {
14
+ actions: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key];
15
15
  connector: "OR" | "AND";
16
16
  } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
17
- statements: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>;
17
+ statements: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>;
18
18
  };
19
19
  declare const ownerRole: {
20
- authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key] | {
21
- actions: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key];
20
+ authorize<K_1 extends "function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key] | {
21
+ actions: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key];
22
22
  connector: "OR" | "AND";
23
23
  } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
24
- statements: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>;
24
+ statements: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>;
25
25
  };
26
26
 
27
27
  export { ac, adminRole, memberRole, ownerRole };
package/dist/chunk-4VNS5WPM.js ADDED
@@ -0,0 +1,37 @@
1
+ var __create = Object.create;
2
+ var __defProp = Object.defineProperty;
3
+ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
4
+ var __getOwnPropNames = Object.getOwnPropertyNames;
5
+ var __getProtoOf = Object.getPrototypeOf;
6
+ var __hasOwnProp = Object.prototype.hasOwnProperty;
7
+ var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
8
+ get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
9
+ }) : x)(function(x) {
10
+ if (typeof require !== "undefined") return require.apply(this, arguments);
11
+ throw Error('Dynamic require of "' + x + '" is not supported');
12
+ });
13
+ var __commonJS = (cb, mod) => function __require2() {
14
+ return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
15
+ };
16
+ var __export = (target, all) => {
17
+ for (var name in all)
18
+ __defProp(target, name, { get: all[name], enumerable: true });
19
+ };
20
+ var __copyProps = (to, from, except, desc) => {
21
+ if (from && typeof from === "object" || typeof from === "function") {
22
+ for (let key of __getOwnPropNames(from))
23
+ if (!__hasOwnProp.call(to, key) && key !== except)
24
+ __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
25
+ }
26
+ return to;
27
+ };
28
+ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
29
+ // If the importer is in node compatibility mode or this is not an ESM
30
+ // file that has been converted to a CommonJS file using a Babel-
31
+ // compatible transform (i.e. "__esModule" has not been set), then set
32
+ // "default" to the CommonJS "module.exports" for node compatibility.
33
+ isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
34
+ mod
35
+ ));
36
+
37
+ export { __commonJS, __export, __require, __toESM };