@inkeep/agents-core 0.38.3 → 0.39.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (32) hide show
  1. package/dist/auth/auth-schema.d.ts +178 -1
  2. package/dist/auth/auth-schema.js +1 -1
  3. package/dist/auth/auth-validation-schemas.d.ts +347 -1
  4. package/dist/auth/auth-validation-schemas.js +4 -2
  5. package/dist/auth/auth.d.ts +383 -20
  6. package/dist/auth/auth.js +18 -3
  7. package/dist/auth/permissions.d.ts +9 -9
  8. package/dist/chunk-4VNS5WPM.js +37 -0
  9. package/dist/{chunk-DW4DNYUS.js → chunk-BZOLMLKX.js} +2 -2
  10. package/dist/{chunk-CWAFZVRI.js → chunk-FGS57CQI.js} +1 -1
  11. package/dist/{chunk-LH6OJIIM.js → chunk-LI7GCYW2.js} +3 -2
  12. package/dist/{chunk-S4XQEAAF.js → chunk-PKGWDXDS.js} +65 -21
  13. package/dist/{chunk-UK63CULA.js → chunk-RZN5SMF6.js} +1 -1
  14. package/dist/{chunk-GENLXHZ4.js → chunk-XL55SHQM.js} +14 -2
  15. package/dist/{client-DG_xZdlN.d.ts → client-DmOy13ep.d.ts} +1 -1
  16. package/dist/client-exports.js +2 -2
  17. package/dist/credential-stores/index.d.ts +15 -1
  18. package/dist/credential-stores/index.js +1 -1
  19. package/dist/db/schema.d.ts +2 -2
  20. package/dist/db/schema.js +2 -2
  21. package/dist/db/test-client.d.ts +2 -2
  22. package/dist/db/test-client.js +1 -1
  23. package/dist/dist-TUQUTLPM.js +15929 -0
  24. package/dist/index.d.ts +5 -5
  25. package/dist/index.js +15 -15
  26. package/dist/{schema-DA6PfmoP.d.ts → schema-Bq_OERAy.d.ts} +3 -2
  27. package/dist/validation/index.js +2 -2
  28. package/drizzle/0006_stale_thaddeus_ross.sql +12 -0
  29. package/drizzle/meta/0006_snapshot.json +3766 -0
  30. package/drizzle/meta/_journal.json +7 -0
  31. package/package.json +11 -11
  32. package/dist/chunk-SIAA4J6H.js +0 -17
package/dist/auth/auth.d.ts CHANGED
@@ -4,10 +4,10 @@ import * as zod from 'zod';
4
4
  import * as better_auth from 'better-auth';
5
5
  import { BetterAuthAdvancedOptions } from 'better-auth';
6
6
  import { GoogleOptions } from 'better-auth/social-providers';
7
- import { D as DatabaseClient } from '../client-DG_xZdlN.js';
7
+ import { D as DatabaseClient } from '../client-DmOy13ep.js';
8
8
  import 'drizzle-orm/node-postgres';
9
9
  import 'drizzle-orm/pglite';
10
- import '../schema-DA6PfmoP.js';
10
+ import '../schema-Bq_OERAy.js';
11
11
  import 'drizzle-orm';
12
12
  import 'drizzle-orm/pg-core';
13
13
  import '../utility-dsfXkYTu.js';
@@ -95,6 +95,11 @@ declare function createAuth(config: BetterAuthConfig): better_auth.Auth<{
95
95
  session: {
96
96
  expiresIn: number;
97
97
  updateAge: number;
98
+ cookieCache: {
99
+ enabled: true;
100
+ maxAge: number;
101
+ strategy: "compact";
102
+ };
98
103
  };
99
104
  advanced: {
100
105
  ipAddress?: {
@@ -126,6 +131,22 @@ declare function createAuth(config: BetterAuthConfig): better_auth.Auth<{
126
131
  };
127
132
  trustedOrigins: string[];
128
133
  plugins: [{
134
+ id: "bearer";
135
+ hooks: {
136
+ before: {
137
+ matcher(context: better_auth.HookEndpointContext): boolean;
138
+ handler: (inputContext: better_auth.MiddlewareInputContext<better_auth.MiddlewareOptions>) => Promise<{
139
+ context: {
140
+ headers: Headers;
141
+ };
142
+ } | undefined>;
143
+ }[];
144
+ after: {
145
+ matcher(context: better_auth.HookEndpointContext): true;
146
+ handler: (inputContext: better_auth.MiddlewareInputContext<better_auth.MiddlewareOptions>) => Promise<void>;
147
+ }[];
148
+ };
149
+ }, {
129
150
  id: "sso";
130
151
  endpoints: {
131
152
  spMetadata: ReturnType<() => better_auth.StrictEndpoint<"/sso/saml2/sp/metadata", {
@@ -717,25 +738,25 @@ declare function createAuth(config: BetterAuthConfig): better_auth.Auth<{
717
738
  ac: better_auth_plugins.AccessControl;
718
739
  roles: {
719
740
  member: {
720
- authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key] | {
721
- actions: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key];
741
+ authorize<K_1 extends "function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key] | {
742
+ actions: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key];
722
743
  connector: "OR" | "AND";
723
744
  } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
724
- statements: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>;
745
+ statements: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>;
725
746
  };
726
747
  admin: {
727
- authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key] | {
728
- actions: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key];
748
+ authorize<K_1 extends "function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key] | {
749
+ actions: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key];
729
750
  connector: "OR" | "AND";
730
751
  } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
731
- statements: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>;
752
+ statements: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>;
732
753
  };
733
754
  owner: {
734
- authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key] | {
735
- actions: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key];
755
+ authorize<K_1 extends "function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key] | {
756
+ actions: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key];
736
757
  connector: "OR" | "AND";
737
758
  } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
738
- statements: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>;
759
+ statements: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>;
739
760
  };
740
761
  };
741
762
  sendInvitationEmail(data: {
@@ -993,25 +1014,25 @@ declare function createAuth(config: BetterAuthConfig): better_auth.Auth<{
993
1014
  ac: better_auth_plugins.AccessControl;
994
1015
  roles: {
995
1016
  member: {
996
- authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key] | {
997
- actions: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key];
1017
+ authorize<K_1 extends "function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key] | {
1018
+ actions: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key];
998
1019
  connector: "OR" | "AND";
999
1020
  } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
1000
- statements: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>;
1021
+ statements: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>;
1001
1022
  };
1002
1023
  admin: {
1003
- authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key] | {
1004
- actions: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key];
1024
+ authorize<K_1 extends "function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key] | {
1025
+ actions: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key];
1005
1026
  connector: "OR" | "AND";
1006
1027
  } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
1007
- statements: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>;
1028
+ statements: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>;
1008
1029
  };
1009
1030
  owner: {
1010
- authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key] | {
1011
- actions: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key];
1031
+ authorize<K_1 extends "function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key] | {
1032
+ actions: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key];
1012
1033
  connector: "OR" | "AND";
1013
1034
  } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
1014
- statements: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>;
1035
+ statements: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>;
1015
1036
  };
1016
1037
  };
1017
1038
  sendInvitationEmail(data: {
@@ -1025,6 +1046,348 @@ declare function createAuth(config: BetterAuthConfig): better_auth.Auth<{
1025
1046
  };
1026
1047
  }): Promise<void>;
1027
1048
  };
1049
+ }, {
1050
+ id: "device-authorization";
1051
+ schema: {
1052
+ deviceCode: {
1053
+ fields: {
1054
+ deviceCode: {
1055
+ type: "string";
1056
+ required: true;
1057
+ };
1058
+ userCode: {
1059
+ type: "string";
1060
+ required: true;
1061
+ };
1062
+ userId: {
1063
+ type: "string";
1064
+ required: false;
1065
+ };
1066
+ expiresAt: {
1067
+ type: "date";
1068
+ required: true;
1069
+ };
1070
+ status: {
1071
+ type: "string";
1072
+ required: true;
1073
+ };
1074
+ lastPolledAt: {
1075
+ type: "date";
1076
+ required: false;
1077
+ };
1078
+ pollingInterval: {
1079
+ type: "number";
1080
+ required: false;
1081
+ };
1082
+ clientId: {
1083
+ type: "string";
1084
+ required: false;
1085
+ };
1086
+ scope: {
1087
+ type: "string";
1088
+ required: false;
1089
+ };
1090
+ };
1091
+ };
1092
+ };
1093
+ endpoints: {
1094
+ deviceCode: better_auth.StrictEndpoint<"/device/code", {
1095
+ method: "POST";
1096
+ body: zod.ZodObject<{
1097
+ client_id: zod.ZodString;
1098
+ scope: zod.ZodOptional<zod.ZodString>;
1099
+ }, better_auth.$strip>;
1100
+ error: zod.ZodObject<{
1101
+ error: zod.ZodEnum<{
1102
+ invalid_request: "invalid_request";
1103
+ invalid_client: "invalid_client";
1104
+ }>;
1105
+ error_description: zod.ZodString;
1106
+ }, better_auth.$strip>;
1107
+ metadata: {
1108
+ openapi: {
1109
+ description: string;
1110
+ responses: {
1111
+ 200: {
1112
+ description: string;
1113
+ content: {
1114
+ "application/json": {
1115
+ schema: {
1116
+ type: "object";
1117
+ properties: {
1118
+ device_code: {
1119
+ type: string;
1120
+ description: string;
1121
+ };
1122
+ user_code: {
1123
+ type: string;
1124
+ description: string;
1125
+ };
1126
+ verification_uri: {
1127
+ type: string;
1128
+ format: string;
1129
+ description: string;
1130
+ };
1131
+ verification_uri_complete: {
1132
+ type: string;
1133
+ format: string;
1134
+ description: string;
1135
+ };
1136
+ expires_in: {
1137
+ type: string;
1138
+ description: string;
1139
+ };
1140
+ interval: {
1141
+ type: string;
1142
+ description: string;
1143
+ };
1144
+ };
1145
+ };
1146
+ };
1147
+ };
1148
+ };
1149
+ 400: {
1150
+ description: string;
1151
+ content: {
1152
+ "application/json": {
1153
+ schema: {
1154
+ type: "object";
1155
+ properties: {
1156
+ error: {
1157
+ type: string;
1158
+ enum: string[];
1159
+ };
1160
+ error_description: {
1161
+ type: string;
1162
+ };
1163
+ };
1164
+ };
1165
+ };
1166
+ };
1167
+ };
1168
+ };
1169
+ };
1170
+ };
1171
+ } & {
1172
+ use: any[];
1173
+ }, {
1174
+ device_code: string;
1175
+ user_code: string;
1176
+ verification_uri: string;
1177
+ verification_uri_complete: string;
1178
+ expires_in: number;
1179
+ interval: number;
1180
+ }>;
1181
+ deviceToken: better_auth.StrictEndpoint<"/device/token", {
1182
+ method: "POST";
1183
+ body: zod.ZodObject<{
1184
+ grant_type: zod.ZodLiteral<"urn:ietf:params:oauth:grant-type:device_code">;
1185
+ device_code: zod.ZodString;
1186
+ client_id: zod.ZodString;
1187
+ }, better_auth.$strip>;
1188
+ error: zod.ZodObject<{
1189
+ error: zod.ZodEnum<{
1190
+ invalid_request: "invalid_request";
1191
+ authorization_pending: "authorization_pending";
1192
+ slow_down: "slow_down";
1193
+ expired_token: "expired_token";
1194
+ access_denied: "access_denied";
1195
+ invalid_grant: "invalid_grant";
1196
+ }>;
1197
+ error_description: zod.ZodString;
1198
+ }, better_auth.$strip>;
1199
+ metadata: {
1200
+ openapi: {
1201
+ description: string;
1202
+ responses: {
1203
+ 200: {
1204
+ description: string;
1205
+ content: {
1206
+ "application/json": {
1207
+ schema: {
1208
+ type: "object";
1209
+ properties: {
1210
+ session: {
1211
+ $ref: string;
1212
+ };
1213
+ user: {
1214
+ $ref: string;
1215
+ };
1216
+ };
1217
+ };
1218
+ };
1219
+ };
1220
+ };
1221
+ 400: {
1222
+ description: string;
1223
+ content: {
1224
+ "application/json": {
1225
+ schema: {
1226
+ type: "object";
1227
+ properties: {
1228
+ error: {
1229
+ type: string;
1230
+ enum: string[];
1231
+ };
1232
+ error_description: {
1233
+ type: string;
1234
+ };
1235
+ };
1236
+ };
1237
+ };
1238
+ };
1239
+ };
1240
+ };
1241
+ };
1242
+ };
1243
+ } & {
1244
+ use: any[];
1245
+ }, {
1246
+ access_token: string;
1247
+ token_type: string;
1248
+ expires_in: number;
1249
+ scope: string;
1250
+ }>;
1251
+ deviceVerify: better_auth.StrictEndpoint<"/device", {
1252
+ method: "GET";
1253
+ query: zod.ZodObject<{
1254
+ user_code: zod.ZodString;
1255
+ }, better_auth.$strip>;
1256
+ error: zod.ZodObject<{
1257
+ error: zod.ZodEnum<{
1258
+ invalid_request: "invalid_request";
1259
+ }>;
1260
+ error_description: zod.ZodString;
1261
+ }, better_auth.$strip>;
1262
+ metadata: {
1263
+ openapi: {
1264
+ description: string;
1265
+ responses: {
1266
+ 200: {
1267
+ description: string;
1268
+ content: {
1269
+ "application/json": {
1270
+ schema: {
1271
+ type: "object";
1272
+ properties: {
1273
+ user_code: {
1274
+ type: string;
1275
+ description: string;
1276
+ };
1277
+ status: {
1278
+ type: string;
1279
+ enum: string[];
1280
+ description: string;
1281
+ };
1282
+ };
1283
+ };
1284
+ };
1285
+ };
1286
+ };
1287
+ };
1288
+ };
1289
+ };
1290
+ } & {
1291
+ use: any[];
1292
+ }, {
1293
+ user_code: string;
1294
+ status: string;
1295
+ }>;
1296
+ deviceApprove: better_auth.StrictEndpoint<"/device/approve", {
1297
+ method: "POST";
1298
+ body: zod.ZodObject<{
1299
+ userCode: zod.ZodString;
1300
+ }, better_auth.$strip>;
1301
+ error: zod.ZodObject<{
1302
+ error: zod.ZodEnum<{
1303
+ invalid_request: "invalid_request";
1304
+ expired_token: "expired_token";
1305
+ device_code_already_processed: "device_code_already_processed";
1306
+ }>;
1307
+ error_description: zod.ZodString;
1308
+ }, better_auth.$strip>;
1309
+ requireHeaders: true;
1310
+ metadata: {
1311
+ openapi: {
1312
+ description: string;
1313
+ responses: {
1314
+ 200: {
1315
+ description: string;
1316
+ content: {
1317
+ "application/json": {
1318
+ schema: {
1319
+ type: "object";
1320
+ properties: {
1321
+ success: {
1322
+ type: string;
1323
+ };
1324
+ };
1325
+ };
1326
+ };
1327
+ };
1328
+ };
1329
+ };
1330
+ };
1331
+ };
1332
+ } & {
1333
+ use: any[];
1334
+ }, {
1335
+ success: boolean;
1336
+ }>;
1337
+ deviceDeny: better_auth.StrictEndpoint<"/device/deny", {
1338
+ method: "POST";
1339
+ body: zod.ZodObject<{
1340
+ userCode: zod.ZodString;
1341
+ }, better_auth.$strip>;
1342
+ error: zod.ZodObject<{
1343
+ error: zod.ZodEnum<{
1344
+ invalid_request: "invalid_request";
1345
+ expired_token: "expired_token";
1346
+ }>;
1347
+ error_description: zod.ZodString;
1348
+ }, better_auth.$strip>;
1349
+ metadata: {
1350
+ openapi: {
1351
+ description: string;
1352
+ responses: {
1353
+ 200: {
1354
+ description: string;
1355
+ content: {
1356
+ "application/json": {
1357
+ schema: {
1358
+ type: "object";
1359
+ properties: {
1360
+ success: {
1361
+ type: string;
1362
+ };
1363
+ };
1364
+ };
1365
+ };
1366
+ };
1367
+ };
1368
+ };
1369
+ };
1370
+ };
1371
+ } & {
1372
+ use: any[];
1373
+ }, {
1374
+ success: boolean;
1375
+ }>;
1376
+ };
1377
+ $ERROR_CODES: {
1378
+ readonly INVALID_DEVICE_CODE: "Invalid device code";
1379
+ readonly EXPIRED_DEVICE_CODE: "Device code has expired";
1380
+ readonly EXPIRED_USER_CODE: "User code has expired";
1381
+ readonly AUTHORIZATION_PENDING: "Authorization pending";
1382
+ readonly ACCESS_DENIED: "Access denied";
1383
+ readonly INVALID_USER_CODE: "Invalid user code";
1384
+ readonly DEVICE_CODE_ALREADY_PROCESSED: "Device code already processed";
1385
+ readonly POLLING_TOO_FREQUENTLY: "Polling too frequently";
1386
+ readonly USER_NOT_FOUND: "User not found";
1387
+ readonly FAILED_TO_CREATE_SESSION: "Failed to create session";
1388
+ readonly INVALID_DEVICE_CODE_STATUS: "Invalid device code status";
1389
+ readonly AUTHENTICATION_REQUIRED: "Authentication required";
1390
+ };
1028
1391
  }];
1029
1392
  }>;
1030
1393
  declare const auth: ReturnType<typeof createAuth>;
package/dist/auth/auth.js CHANGED
@@ -1,11 +1,11 @@
1
1
  import { generateId } from '../chunk-VXHL7CJY.js';
2
2
  import { env } from '../chunk-ZIXAWYZI.js';
3
- import { ssoProvider } from '../chunk-GENLXHZ4.js';
3
+ import { ssoProvider } from '../chunk-XL55SHQM.js';
4
4
  import { ownerRole, adminRole, memberRole, ac } from '../chunk-JNBVHWXX.js';
5
5
  import { sso } from '@better-auth/sso';
6
6
  import { betterAuth } from 'better-auth';
7
7
  import { drizzleAdapter } from 'better-auth/adapters/drizzle';
8
- import { organization } from 'better-auth/plugins';
8
+ import { bearer, organization, deviceAuthorization } from 'better-auth/plugins';
9
9
  import { eq } from 'drizzle-orm';
10
10
 
11
11
  function extractCookieDomain(baseURL) {
@@ -75,7 +75,12 @@ function createAuth(config) {
75
75
  },
76
76
  session: {
77
77
  expiresIn: 60 * 60 * 24 * 7,
78
- updateAge: 60 * 60 * 24
78
+ updateAge: 60 * 60 * 24,
79
+ cookieCache: {
80
+ enabled: true,
81
+ maxAge: 5 * 60,
82
+ strategy: "compact"
83
+ }
79
84
  },
80
85
  advanced: {
81
86
  crossSubDomainCookies: {
@@ -98,6 +103,7 @@ function createAuth(config) {
98
103
  env.INKEEP_AGENTS_MANAGE_API_URL
99
104
  ].filter((origin) => typeof origin === "string" && origin.length > 0),
100
105
  plugins: [
106
+ bearer(),
101
107
  sso(),
102
108
  organization({
103
109
  allowUserToCreateOrganization: true,
@@ -115,6 +121,15 @@ function createAuth(config) {
115
121
  invitationId: data.id
116
122
  });
117
123
  }
124
+ }),
125
+ deviceAuthorization({
126
+ verificationUri: "/device",
127
+ expiresIn: "60m",
128
+ // 30 minutes
129
+ interval: "5s",
130
+ // 5 second polling interval
131
+ userCodeLength: 8
132
+ // e.g., "ABCD-EFGH"
118
133
  })
119
134
  ]
120
135
  });
package/dist/auth/permissions.d.ts CHANGED
@@ -3,25 +3,25 @@ import { AccessControl } from 'better-auth/plugins/access';
3
3
 
4
4
  declare const ac: AccessControl;
5
5
  declare const memberRole: {
6
- authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key] | {
7
- actions: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key];
6
+ authorize<K_1 extends "function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key] | {
7
+ actions: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key];
8
8
  connector: "OR" | "AND";
9
9
  } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
10
- statements: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>;
10
+ statements: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>;
11
11
  };
12
12
  declare const adminRole: {
13
- authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key] | {
14
- actions: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key];
13
+ authorize<K_1 extends "function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key] | {
14
+ actions: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key];
15
15
  connector: "OR" | "AND";
16
16
  } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
17
- statements: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>;
17
+ statements: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>;
18
18
  };
19
19
  declare const ownerRole: {
20
- authorize<K_1 extends "function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key] | {
21
- actions: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>[key];
20
+ authorize<K_1 extends "function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key] | {
21
+ actions: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>[key];
22
22
  connector: "OR" | "AND";
23
23
  } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
24
- statements: better_auth_plugins.Subset<"function" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "organization" | "member" | "invitation" | "team" | "ac", better_auth_plugins.Statements>;
24
+ statements: better_auth_plugins.Subset<"function" | "organization" | "ac" | "member" | "project" | "agent" | "sub_agent" | "tool" | "api_key" | "credential" | "data_component" | "artifact_component" | "external_agent" | "context_config" | "invitation" | "team", better_auth_plugins.Statements>;
25
25
  };
26
26
 
27
27
  export { ac, adminRole, memberRole, ownerRole };