npm - @inkeep/agents-core - Versions diffs - 0.41.2 → 0.42.0 - Mend

@inkeep/agents-core 0.41.2 → 0.42.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (228) hide show

package/dist/api-client/base-client.d.ts +87 -8
package/dist/api-client/base-client.js +174 -1
package/dist/api-client/eval-api-client.d.ts +47 -0
package/dist/api-client/eval-api-client.js +65 -0
package/dist/api-client/index.d.ts +4 -0
package/dist/api-client/index.js +5 -0
package/dist/api-client/manage-api-client.d.ts +34 -0
package/dist/api-client/manage-api-client.js +104 -0
package/dist/auth/auth.d.ts +86 -20
package/dist/auth/auth.js +55 -1
package/dist/auth/authz/client.d.ts +81 -0
package/dist/auth/authz/client.js +189 -0
package/dist/auth/authz/config.d.ts +76 -0
package/dist/auth/authz/config.js +76 -0
package/dist/auth/authz/index.d.ts +5 -0
package/dist/auth/authz/index.js +6 -0
package/dist/auth/authz/permissions.d.ts +57 -0
package/dist/auth/authz/permissions.js +83 -0
package/dist/auth/authz/sync.d.ts +85 -0
package/dist/auth/authz/sync.js +237 -0
package/dist/auth/permissions.d.ts +13 -13
package/dist/auth/permissions.js +2 -181
package/dist/client-exports.d.ts +8 -3
package/dist/client-exports.js +3 -2
package/dist/constants/context-breakdown.d.ts +61 -0
package/dist/constants/context-breakdown.js +124 -0
package/dist/constants/otel-attributes.d.ts +4 -0
package/dist/constants/otel-attributes.js +4 -0
package/dist/context/ContextConfig.d.ts +2 -2
package/dist/context/ContextConfig.js +3 -3
package/dist/context/TemplateEngine.js +0 -1
package/dist/context/index.d.ts +1 -5
package/dist/context/index.js +1 -5
package/dist/credential-stuffer/CredentialStuffer.d.ts +1 -1
package/dist/data-access/index.d.ts +34 -26
package/dist/data-access/index.js +34 -26
package/dist/data-access/manage/agentFull.d.ts +36 -0
package/dist/data-access/{agentFull.js → manage/agentFull.js} +205 -7
package/dist/data-access/{agents.d.ts → manage/agents.d.ts} +23 -22
package/dist/data-access/{agents.js → manage/agents.js} +52 -7
package/dist/data-access/{artifactComponents.d.ts → manage/artifactComponents.d.ts} +21 -21
package/dist/data-access/{artifactComponents.js → manage/artifactComponents.js} +5 -5
package/dist/data-access/{contextConfigs.d.ts → manage/contextConfigs.d.ts} +14 -14
package/dist/data-access/{contextConfigs.js → manage/contextConfigs.js} +3 -3
package/dist/data-access/{credentialReferences.d.ts → manage/credentialReferences.d.ts} +17 -17
package/dist/data-access/{credentialReferences.js → manage/credentialReferences.js} +2 -2
package/dist/data-access/{dataComponents.d.ts → manage/dataComponents.d.ts} +20 -20
package/dist/data-access/{dataComponents.js → manage/dataComponents.js} +7 -7
package/dist/data-access/manage/evalConfig.d.ts +221 -0
package/dist/data-access/manage/evalConfig.js +275 -0
package/dist/data-access/{externalAgents.d.ts → manage/externalAgents.d.ts} +16 -16
package/dist/data-access/{externalAgents.js → manage/externalAgents.js} +2 -2
package/dist/data-access/{functionTools.d.ts → manage/functionTools.d.ts} +65 -15
package/dist/data-access/{functionTools.js → manage/functionTools.js} +90 -8
package/dist/data-access/{functions.d.ts → manage/functions.d.ts} +9 -9
package/dist/data-access/{functions.js → manage/functions.js} +3 -3
package/dist/data-access/manage/projectFull.d.ts +38 -0
package/dist/data-access/{projectFull.js → manage/projectFull.js} +64 -65
package/dist/data-access/manage/projectLifecycle.d.ts +119 -0
package/dist/data-access/manage/projectLifecycle.js +234 -0
package/dist/data-access/manage/projects.d.ts +75 -0
package/dist/data-access/{projects.js → manage/projects.js} +15 -16
package/dist/data-access/{subAgentExternalAgentRelations.d.ts → manage/subAgentExternalAgentRelations.d.ts} +19 -19
package/dist/data-access/{subAgentExternalAgentRelations.js → manage/subAgentExternalAgentRelations.js} +2 -2
package/dist/data-access/{subAgentRelations.d.ts → manage/subAgentRelations.d.ts} +29 -29
package/dist/data-access/{subAgentRelations.js → manage/subAgentRelations.js} +3 -3
package/dist/data-access/{subAgentTeamAgentRelations.d.ts → manage/subAgentTeamAgentRelations.d.ts} +19 -19
package/dist/data-access/{subAgentTeamAgentRelations.js → manage/subAgentTeamAgentRelations.js} +2 -2
package/dist/data-access/{subAgents.d.ts → manage/subAgents.d.ts} +13 -13
package/dist/data-access/{subAgents.js → manage/subAgents.js} +4 -4
package/dist/data-access/{tools.d.ts → manage/tools.d.ts} +26 -19
package/dist/data-access/{tools.js → manage/tools.js} +57 -35
package/dist/data-access/manage/triggers.d.ts +80 -0
package/dist/data-access/manage/triggers.js +81 -0
package/dist/data-access/{apiKeys.d.ts → runtime/apiKeys.d.ts} +17 -17
package/dist/data-access/{apiKeys.js → runtime/apiKeys.js} +3 -3
package/dist/data-access/runtime/cascade-delete.d.ts +77 -0
package/dist/data-access/runtime/cascade-delete.js +111 -0
package/dist/data-access/{contextCache.d.ts → runtime/contextCache.d.ts} +13 -13
package/dist/data-access/{contextCache.js → runtime/contextCache.js} +5 -5
package/dist/data-access/{conversations.d.ts → runtime/conversations.d.ts} +68 -19
package/dist/data-access/{conversations.js → runtime/conversations.js} +13 -7
package/dist/data-access/runtime/evalRuns.d.ts +120 -0
package/dist/data-access/runtime/evalRuns.js +168 -0
package/dist/data-access/{ledgerArtifacts.d.ts → runtime/ledgerArtifacts.d.ts} +13 -13
package/dist/data-access/{ledgerArtifacts.js → runtime/ledgerArtifacts.js} +3 -3
package/dist/data-access/{messages.d.ts → runtime/messages.d.ts} +15 -15
package/dist/data-access/{messages.js → runtime/messages.js} +2 -2
package/dist/data-access/{organizations.d.ts → runtime/organizations.d.ts} +16 -7
package/dist/data-access/{organizations.js → runtime/organizations.js} +15 -3
package/dist/data-access/runtime/projects.d.ts +62 -0
package/dist/data-access/runtime/projects.js +90 -0
package/dist/data-access/runtime/tasks.d.ts +55 -0
package/dist/data-access/{tasks.js → runtime/tasks.js} +2 -2
package/dist/data-access/runtime/triggerInvocations.d.ts +62 -0
package/dist/data-access/runtime/triggerInvocations.js +54 -0
package/dist/data-access/runtime/users.d.ts +19 -0
package/dist/data-access/{users.js → runtime/users.js} +2 -2
package/dist/data-access/validation.d.ts +4 -4
package/dist/data-access/validation.js +1 -1
package/dist/db/clean.d.ts +8 -4
package/dist/db/clean.js +14 -105
package/dist/db/delete.d.ts +1 -1
package/dist/db/delete.js +7 -10
package/dist/db/manage/dolt-cleanup.d.ts +51 -0
package/dist/db/manage/dolt-cleanup.js +132 -0
package/dist/db/manage/manage-client.d.ts +26 -0
package/dist/db/manage/manage-client.js +68 -0
package/dist/db/{schema.d.ts → manage/manage-schema.d.ts} +1459 -1285
package/dist/db/{schema.js → manage/manage-schema.js} +433 -341
package/dist/db/manage/test-manage-client.d.ts +27 -0
package/dist/db/manage/test-manage-client.js +68 -0
package/dist/db/runtime/runtime-client.d.ts +20 -0
package/dist/db/runtime/runtime-client.js +30 -0
package/dist/db/runtime/runtime-schema.d.ts +2834 -0
package/dist/db/runtime/runtime-schema.js +483 -0
package/dist/db/runtime/test-runtime-client.d.ts +27 -0
package/dist/db/{test-client.js → runtime/test-runtime-client.js} +11 -25
package/dist/dolt/branch.d.ts +62 -0
package/dist/dolt/branch.js +82 -0
package/dist/dolt/branches-api.d.ts +108 -0
package/dist/dolt/branches-api.js +162 -0
package/dist/dolt/commit.d.ts +94 -0
package/dist/dolt/commit.js +103 -0
package/dist/dolt/diff.d.ts +27 -0
package/dist/dolt/diff.js +21 -0
package/dist/dolt/index.d.ts +10 -0
package/dist/dolt/index.js +11 -0
package/dist/dolt/merge.d.ts +63 -0
package/dist/dolt/merge.js +81 -0
package/dist/dolt/migrate-all-branches.d.ts +4 -0
package/dist/dolt/migrate-all-branches.js +78 -0
package/dist/dolt/migrate-dolt.d.ts +1 -0
package/dist/dolt/migrate-dolt.js +22 -0
package/dist/dolt/ref-helpers.d.ts +19 -0
package/dist/dolt/ref-helpers.js +65 -0
package/dist/dolt/ref-middleware.d.ts +82 -0
package/dist/dolt/ref-middleware.js +217 -0
package/dist/dolt/ref-scope.d.ts +101 -0
package/dist/dolt/ref-scope.js +231 -0
package/dist/dolt/schema-sync.d.ts +134 -0
package/dist/dolt/schema-sync.js +246 -0
package/dist/env.d.ts +6 -4
package/dist/env.js +3 -2
package/dist/index.d.ts +71 -44
package/dist/index.js +74 -47
package/dist/types/entities.d.ts +81 -2
package/dist/types/index.d.ts +3 -3
package/dist/types/utility.d.ts +45 -4
package/dist/utils/JsonTransformer.d.ts +44 -0
package/dist/utils/JsonTransformer.js +112 -0
package/dist/utils/apiKeys.d.ts +5 -1
package/dist/utils/apiKeys.js +11 -1
package/dist/utils/colors.d.ts +34 -0
package/dist/utils/colors.js +49 -0
package/dist/utils/credential-store-utils.d.ts +1 -1
package/dist/utils/format-messages.d.ts +1 -1
package/dist/utils/index.d.ts +7 -3
package/dist/utils/index.js +7 -3
package/dist/utils/internal-service-auth.d.ts +79 -0
package/dist/utils/internal-service-auth.js +140 -0
package/dist/utils/jwt-helpers.d.ts +56 -0
package/dist/utils/jwt-helpers.js +90 -0
package/dist/utils/service-token-auth.d.ts +9 -27
package/dist/utils/service-token-auth.js +48 -96
package/dist/utils/template-interpolation.d.ts +22 -0
package/dist/utils/template-interpolation.js +62 -0
package/dist/utils/third-party-mcp-servers/composio-client.js +23 -23
package/dist/utils/trigger-auth.d.ts +62 -0
package/dist/utils/trigger-auth.js +125 -0
package/dist/validation/agentFull.js +2 -4
package/dist/validation/dolt-schemas.d.ts +49 -0
package/dist/validation/dolt-schemas.js +44 -0
package/dist/validation/drizzle-schema-helpers.d.ts +4 -26
package/dist/validation/drizzle-schema-helpers.js +5 -151
package/dist/validation/index.d.ts +4 -3
package/dist/validation/index.js +3 -2
package/dist/validation/schemas.d.ts +17647 -4789
package/dist/validation/schemas.js +328 -11
package/drizzle/manage/0000_tearful_rhodey.sql +414 -0
package/drizzle/manage/0001_broken_wendell_vaughn.sql +19 -0
package/drizzle/manage/0002_bent_sunfire.sql +1 -0
package/drizzle/manage/meta/0000_snapshot.json +2987 -0
package/drizzle/manage/meta/0001_snapshot.json +3115 -0
package/drizzle/manage/meta/0002_snapshot.json +3115 -0
package/drizzle/manage/meta/_journal.json +27 -0
package/drizzle/runtime/0008_silly_preak.sql +127 -0
package/drizzle/runtime/0009_freezing_leo.sql +17 -0
package/drizzle/runtime/meta/0008_snapshot.json +2263 -0
package/drizzle/runtime/meta/0009_snapshot.json +2397 -0
package/drizzle/{meta → runtime/meta}/_journal.json +14 -0
package/package.json +48 -15
package/dist/context/ContextFetcher.d.ts +0 -73
package/dist/context/ContextFetcher.js +0 -291
package/dist/context/ContextResolver.d.ts +0 -60
package/dist/context/ContextResolver.js +0 -278
package/dist/context/context.d.ts +0 -27
package/dist/context/context.js +0 -128
package/dist/context/contextCache.d.ts +0 -58
package/dist/context/contextCache.js +0 -177
package/dist/data-access/agentFull.d.ts +0 -33
package/dist/data-access/projectFull.d.ts +0 -32
package/dist/data-access/projects.d.ts +0 -71
package/dist/data-access/tasks.d.ts +0 -45
package/dist/data-access/users.d.ts +0 -19
package/dist/db/client.d.ts +0 -20
package/dist/db/client.js +0 -28
package/dist/db/test-client.d.ts +0 -31
package/dist/middleware/contextValidation.d.ts +0 -46
package/dist/middleware/contextValidation.js +0 -280
package/dist/middleware/index.d.ts +0 -2
package/dist/middleware/index.js +0 -3
package/dist/utils/execution.d.ts +0 -22
package/dist/utils/execution.js +0 -25
/package/drizzle/{0000_exotic_mysterio.sql → runtime/0000_exotic_mysterio.sql} +0 -0
/package/drizzle/{0001_calm_sheva_callister.sql → runtime/0001_calm_sheva_callister.sql} +0 -0
/package/drizzle/{0002_puzzling_goblin_queen.sql → runtime/0002_puzzling_goblin_queen.sql} +0 -0
/package/drizzle/{0003_sweet_human_robot.sql → runtime/0003_sweet_human_robot.sql} +0 -0
/package/drizzle/{0004_cuddly_shooting_star.sql → runtime/0004_cuddly_shooting_star.sql} +0 -0
/package/drizzle/{0005_reflective_starfox.sql → runtime/0005_reflective_starfox.sql} +0 -0
/package/drizzle/{0006_stale_thaddeus_ross.sql → runtime/0006_stale_thaddeus_ross.sql} +0 -0
/package/drizzle/{0007_slim_karma.sql → runtime/0007_slim_karma.sql} +0 -0
/package/drizzle/{meta → runtime/meta}/0000_snapshot.json +0 -0
/package/drizzle/{meta → runtime/meta}/0001_snapshot.json +0 -0
/package/drizzle/{meta → runtime/meta}/0003_snapshot.json +0 -0
/package/drizzle/{meta → runtime/meta}/0005_snapshot.json +0 -0
/package/drizzle/{meta → runtime/meta}/0006_snapshot.json +0 -0
/package/drizzle/{meta → runtime/meta}/0007_snapshot.json +0 -0

package/dist/utils/third-party-mcp-servers/composio-client.js CHANGED Viewed

@@ -7,7 +7,7 @@ import { Composio } from "@composio/core";
 * Composio MCP Server Client
 * Handles all Composio-specific operations for MCP server integration
 */
-const logger = getLogger("composio-client");
+const logger$1 = getLogger("composio-client");
 const TOOLKIT_TO_CATEGORY = {
 	github: "development",
 	gitlab: "development",
@@ -88,14 +88,14 @@ function extractComposioServerId(mcpUrl) {
 async function deleteComposioConnectedAccount(accountId) {
 	const composioInstance = getComposioInstance();
 	if (!composioInstance) {
-		logger.info({}, "Composio not configured, skipping account deletion");
+		logger$1.info({}, "Composio not configured, skipping account deletion");
 		return false;
 	}
 	try {
 		await composioInstance.connectedAccounts.delete(accountId);
 		return true;
 	} catch (error) {
-		logger.warn({ error }, "Error deleting Composio connected account");
+		logger$1.warn({ error }, "Error deleting Composio connected account");
 		return false;
 	}
 }
@@ -106,7 +106,7 @@ async function deleteComposioConnectedAccount(accountId) {
 async function fetchComposioConnectedAccounts(derivedUserId) {
 	const composioInstance = getComposioInstance();
 	if (!composioInstance) {
-		logger.info({}, "Composio not configured, skipping connected accounts fetch");
+		logger$1.info({}, "Composio not configured, skipping connected accounts fetch");
 		return null;
 	}
 	try {
@@ -115,7 +115,7 @@ async function fetchComposioConnectedAccounts(derivedUserId) {
 			statuses: ["ACTIVE", "INITIATED"]
 		});
 	} catch (error) {
-		logger.error({ error }, "Error fetching Composio connected accounts");
+		logger$1.error({ error }, "Error fetching Composio connected accounts");
 		return null;
 	}
 }
@@ -127,18 +127,18 @@ async function fetchComposioConnectedAccounts(derivedUserId) {
 */
 async function isComposioMCPServerAuthenticated(tenantId, projectId, mcpServerUrl, credentialScope = "project", userId) {
 	if (!process.env.COMPOSIO_API_KEY) {
-		logger.info({}, "Composio API key not configured, skipping auth check");
+		logger$1.info({}, "Composio API key not configured, skipping auth check");
 		return false;
 	}
 	const serverId = extractComposioServerId(mcpServerUrl);
 	if (!serverId) {
-		logger.info({ mcpServerUrl }, "Could not extract Composio server ID from URL");
+		logger$1.info({ mcpServerUrl }, "Could not extract Composio server ID from URL");
 		return false;
 	}
 	const composioUserId = getComposioUserId(tenantId, projectId, credentialScope, userId);
 	const composioInstance = getComposioInstance();
 	if (!composioInstance) {
-		logger.info({}, "Composio not configured, skipping auth check");
+		logger$1.info({}, "Composio not configured, skipping auth check");
 		return false;
 	}
 	try {
@@ -149,7 +149,7 @@ async function isComposioMCPServerAuthenticated(tenantId, projectId, mcpServerUr
 		if (!connectedAccounts) return false;
 		return !!connectedAccounts.items.find((account) => account.authConfig.id === firstAuthConfigId && account.status === "ACTIVE");
 	} catch (error) {
-		logger.error({
+		logger$1.error({
 			error,
 			mcpServerUrl
 		}, "Error checking Composio authentication status");
@@ -184,7 +184,7 @@ function transformComposioServerData(composioMcpServer, isAuthenticated, url, th
 async function ensureComposioAccount(composioMcpServer, derivedUserId, initiatedAccounts) {
 	const firstAuthConfigId = composioMcpServer.authConfigIds[0];
 	if (!firstAuthConfigId) {
-		logger.error({ serverId: composioMcpServer.id }, "No auth config ID found for MCP server");
+		logger$1.error({ serverId: composioMcpServer.id }, "No auth config ID found for MCP server");
 		return null;
 	}
 	const existingInitiatedAccount = initiatedAccounts.find((account) => account.authConfig.id === firstAuthConfigId);
@@ -192,12 +192,12 @@ async function ensureComposioAccount(composioMcpServer, derivedUserId, initiated
 	try {
 		const composioInstance = getComposioInstance();
 		if (!composioInstance) {
-			logger.error({ serverId: composioMcpServer.id }, "Composio not configured");
+			logger$1.error({ serverId: composioMcpServer.id }, "Composio not configured");
 			return null;
 		}
 		return (await composioInstance.connectedAccounts.link(derivedUserId, firstAuthConfigId)).redirectUrl ?? null;
 	} catch (error) {
-		logger.error({
+		logger$1.error({
 			serverId: composioMcpServer.id,
 			error
 		}, "Error creating connected account for MCP server");
@@ -212,24 +212,24 @@ async function ensureComposioAccount(composioMcpServer, derivedUserId, initiated
 */
 async function getComposioOAuthRedirectUrl(tenantId, projectId, mcpServerUrl, credentialScope, userId) {
 	if (!process.env.COMPOSIO_API_KEY) {
-		logger.info({}, "Composio API key not configured");
+		logger$1.info({}, "Composio API key not configured");
 		return null;
 	}
 	const serverId = extractComposioServerId(mcpServerUrl);
 	if (!serverId) {
-		logger.info({ mcpServerUrl }, "Could not extract Composio server ID from URL");
+		logger$1.info({ mcpServerUrl }, "Could not extract Composio server ID from URL");
 		return null;
 	}
 	const composioInstance = getComposioInstance();
 	if (!composioInstance) {
-		logger.info({}, "Composio not configured");
+		logger$1.info({}, "Composio not configured");
 		return null;
 	}
 	const composioUserId = getComposioUserId(tenantId, projectId, credentialScope, userId);
 	try {
 		return await ensureComposioAccount(await composioInstance.mcp.get(serverId), composioUserId, (await fetchComposioConnectedAccounts(composioUserId))?.items.filter((account) => account.status === "INITIATED") ?? []);
 	} catch (error) {
-		logger.error({
+		logger$1.error({
 			error,
 			mcpServerUrl
 		}, "Failed to get Composio OAuth redirect URL");
@@ -256,12 +256,12 @@ async function transformComposioServer(composioMcpServer, authenticatedAuthConfi
 */
 async function fetchComposioServers() {
 	if (!process.env.COMPOSIO_API_KEY) {
-		logger.info({}, "COMPOSIO_API_KEY not configured, skipping Composio servers");
+		logger$1.info({}, "COMPOSIO_API_KEY not configured, skipping Composio servers");
 		return [];
 	}
 	const composioInstance = getComposioInstance();
 	if (!composioInstance) {
-		logger.info({}, "Composio not configured, returning empty list");
+		logger$1.info({}, "Composio not configured, returning empty list");
 		return [];
 	}
 	try {
@@ -272,7 +272,7 @@ async function fetchComposioServers() {
 			authConfigs: []
 		}))?.items.map((server) => transformComposioServerData(server, false, server.MCPUrl, void 0)) ?? [];
 	} catch (error) {
-		logger.error({ error }, "Failed to fetch Composio servers");
+		logger$1.error({ error }, "Failed to fetch Composio servers");
 		return [];
 	}
 }
@@ -283,19 +283,19 @@ async function fetchComposioServers() {
 */
 async function fetchSingleComposioServer(tenantId, projectId, mcpServerUrl, credentialScope = "project", userId) {
 	if (!process.env.COMPOSIO_API_KEY) {
-		logger.debug({}, "COMPOSIO_API_KEY not configured");
+		logger$1.debug({}, "COMPOSIO_API_KEY not configured");
 		return null;
 	}
 	const composioUserId = getComposioUserId(tenantId, projectId, credentialScope, userId);
 	const composioInstance = getComposioInstance();
 	if (!composioInstance) {
-		logger.info({}, "Composio not configured, returning null");
+		logger$1.info({}, "Composio not configured, returning null");
 		return null;
 	}
 	try {
 		const serverId = extractComposioServerId(mcpServerUrl);
 		if (!serverId) {
-			logger.error({ mcpServerUrl }, "Could not extract Composio server ID from URL");
+			logger$1.error({ mcpServerUrl }, "Could not extract Composio server ID from URL");
 			return null;
 		}
 		const composioMcpServer = await composioInstance.mcp.get(serverId);
@@ -307,7 +307,7 @@ async function fetchSingleComposioServer(tenantId, projectId, mcpServerUrl, cred
 		const initiatedAccounts = userConnectedAccounts?.items.filter((account) => account.status === "INITIATED");
 		return await transformComposioServer(composioMcpServer, new Set(activeAccounts?.map((account) => account.authConfig.id) ?? []), initiatedAccounts ?? [], composioUserId);
 	} catch (error) {
-		logger.error({
+		logger$1.error({
 			error,
 			mcpServerUrl
 		}, "Failed to fetch single Composio server");

package/dist/utils/trigger-auth.d.ts ADDED Viewed

@@ -0,0 +1,62 @@
+import { TriggerAuthHeaderInputSchema, TriggerAuthHeaderStoredSchema, TriggerAuthenticationStoredSchema } from "../validation/schemas.js";
+import { Context } from "hono";
+import { z } from "zod";
+//#region src/utils/trigger-auth.d.ts
+type TriggerAuthHeaderInput = z.infer<typeof TriggerAuthHeaderInputSchema>;
+type TriggerAuthHeaderStored = z.infer<typeof TriggerAuthHeaderStoredSchema>;
+type TriggerAuthenticationStored = z.infer<typeof TriggerAuthenticationStoredSchema>;
+interface TriggerAuthResult {
+  success: boolean;
+  status?: number;
+  message?: string;
+}
+interface HashedHeaderValue {
+  valueHash: string;
+  valuePrefix: string;
+}
+/**
+ * Hash a header value using scrypt for secure storage.
+ * Returns the hash and a prefix for display purposes.
+ *
+ * @param value - The plaintext header value to hash
+ * @returns Object containing valueHash (for storage) and valuePrefix (for display)
+ */
+declare function hashTriggerHeaderValue(value: string): Promise<HashedHeaderValue>;
+/**
+ * Validate a header value against its stored hash using timing-safe comparison.
+ *
+ * @param value - The plaintext header value from the incoming request
+ * @param storedHash - The hash stored in the database
+ * @returns True if the value matches the hash
+ */
+declare function validateTriggerHeaderValue(value: string, storedHash: string): Promise<boolean>;
+/**
+ * Transform authentication input (plaintext values) to stored format (hashed values).
+ * Used when creating or updating triggers.
+ *
+ * @param headers - Array of header inputs with plaintext values
+ * @returns Array of headers with hashed values for storage
+ */
+declare function hashAuthenticationHeaders(headers: TriggerAuthHeaderInput[]): Promise<TriggerAuthHeaderStored[]>;
+/**
+ * Verifies incoming webhook requests using the configured authentication headers.
+ * Each configured header must be present and match its expected value (via hash comparison).
+ *
+ * @param c - Hono context containing the request headers
+ * @param authentication - Trigger authentication configuration with hashed header values
+ * @returns TriggerAuthResult indicating success/failure with appropriate HTTP status
+ */
+declare function verifyTriggerAuth(c: Context, authentication?: TriggerAuthenticationStored | null): Promise<TriggerAuthResult>;
+/**
+ * Verifies webhook request integrity using HMAC-SHA256 signing secret.
+ * Reads signature from X-Signature-256 header and uses timing-safe comparison.
+ *
+ * @param c - Hono context containing the request headers and body
+ * @param signingSecret - HMAC-SHA256 signing secret
+ * @param body - Raw request body as string
+ * @returns TriggerAuthResult indicating success/failure
+ */
+declare function verifySigningSecret(c: Context, signingSecret: string | null | undefined, body: string): TriggerAuthResult;
+//#endregion
+export { HashedHeaderValue, TriggerAuthResult, hashAuthenticationHeaders, hashTriggerHeaderValue, validateTriggerHeaderValue, verifySigningSecret, verifyTriggerAuth };

package/dist/utils/trigger-auth.js ADDED Viewed

@@ -0,0 +1,125 @@
+import { createHmac, randomBytes, scrypt, timingSafeEqual } from "node:crypto";
+import { promisify } from "node:util";
+//#region src/utils/trigger-auth.ts
+const scryptAsync = promisify(scrypt);
+const SALT_LENGTH = 32;
+const KEY_LENGTH = 64;
+const VALUE_PREFIX_LENGTH = 8;
+/**
+* Hash a header value using scrypt for secure storage.
+* Returns the hash and a prefix for display purposes.
+*
+* @param value - The plaintext header value to hash
+* @returns Object containing valueHash (for storage) and valuePrefix (for display)
+*/
+async function hashTriggerHeaderValue(value) {
+	const salt = randomBytes(SALT_LENGTH);
+	const hashedBuffer = await scryptAsync(value, salt, KEY_LENGTH);
+	return {
+		valueHash: Buffer.concat([salt, hashedBuffer]).toString("base64"),
+		valuePrefix: value.substring(0, VALUE_PREFIX_LENGTH)
+	};
+}
+/**
+* Validate a header value against its stored hash using timing-safe comparison.
+*
+* @param value - The plaintext header value from the incoming request
+* @param storedHash - The hash stored in the database
+* @returns True if the value matches the hash
+*/
+async function validateTriggerHeaderValue(value, storedHash) {
+	try {
+		const combined = Buffer.from(storedHash, "base64");
+		const salt = combined.subarray(0, SALT_LENGTH);
+		return timingSafeEqual(combined.subarray(SALT_LENGTH), await scryptAsync(value, salt, KEY_LENGTH));
+	} catch {
+		return false;
+	}
+}
+/**
+* Transform authentication input (plaintext values) to stored format (hashed values).
+* Used when creating or updating triggers.
+*
+* @param headers - Array of header inputs with plaintext values
+* @returns Array of headers with hashed values for storage
+*/
+async function hashAuthenticationHeaders(headers) {
+	return Promise.all(headers.map(async (header) => {
+		const { valueHash, valuePrefix } = await hashTriggerHeaderValue(header.value);
+		return {
+			name: header.name,
+			valueHash,
+			valuePrefix
+		};
+	}));
+}
+/**
+* Verifies incoming webhook requests using the configured authentication headers.
+* Each configured header must be present and match its expected value (via hash comparison).
+*
+* @param c - Hono context containing the request headers
+* @param authentication - Trigger authentication configuration with hashed header values
+* @returns TriggerAuthResult indicating success/failure with appropriate HTTP status
+*/
+async function verifyTriggerAuth(c, authentication) {
+	if (!authentication || !authentication.headers || authentication.headers.length === 0) return { success: true };
+	for (const header of authentication.headers) {
+		const headerName = header.name.toLowerCase();
+		const actualValue = c.req.header(headerName);
+		if (!actualValue) return {
+			success: false,
+			status: 401,
+			message: `Missing authentication header: ${header.name}`
+		};
+		if (!await validateTriggerHeaderValue(actualValue, header.valueHash)) return {
+			success: false,
+			status: 403,
+			message: `Invalid value for header: ${header.name}`
+		};
+	}
+	return { success: true };
+}
+/**
+* Verifies webhook request integrity using HMAC-SHA256 signing secret.
+* Reads signature from X-Signature-256 header and uses timing-safe comparison.
+*
+* @param c - Hono context containing the request headers and body
+* @param signingSecret - HMAC-SHA256 signing secret
+* @param body - Raw request body as string
+* @returns TriggerAuthResult indicating success/failure
+*/
+function verifySigningSecret(c, signingSecret, body) {
+	if (!signingSecret) return { success: true };
+	const signature = c.req.header("x-signature-256");
+	if (!signature) return {
+		success: false,
+		status: 401,
+		message: "Missing X-Signature-256 header"
+	};
+	const expectedSignature = `sha256=${createHmac("sha256", signingSecret).update(body).digest("hex")}`;
+	try {
+		const signatureBuffer = Buffer.from(signature);
+		const expectedBuffer = Buffer.from(expectedSignature);
+		if (signatureBuffer.length !== expectedBuffer.length) return {
+			success: false,
+			status: 403,
+			message: "Invalid signature"
+		};
+		if (!timingSafeEqual(signatureBuffer, expectedBuffer)) return {
+			success: false,
+			status: 403,
+			message: "Invalid signature"
+		};
+		return { success: true };
+	} catch {
+		return {
+			success: false,
+			status: 403,
+			message: "Invalid signature format"
+		};
+	}
+}
+//#endregion
+export { hashAuthenticationHeaders, hashTriggerHeaderValue, validateTriggerHeaderValue, verifySigningSecret, verifyTriggerAuth };

package/dist/validation/agentFull.js CHANGED Viewed

@@ -53,10 +53,8 @@ function validateAgentRelationships(agentData) {
 		if (subAgent.canTransferTo && Array.isArray(subAgent.canTransferTo)) {
 			for (const targetId of subAgent.canTransferTo) if (!availableAgentIds.has(targetId)) errors.push(`Agent '${subAgentId}' has transfer target '${targetId}' that doesn't exist in agent`);
 		}
-		if (subAgent.canDelegateTo && Array.isArray(subAgent.canDelegateTo)) for (const targetItem of subAgent.canDelegateTo) {
-			console.log("targetItem", targetItem);
-			if (typeof targetItem === "string") {
-				console.log("targetItem is string", targetItem);
+		if (subAgent.canDelegateTo && Array.isArray(subAgent.canDelegateTo)) {
+			for (const targetItem of subAgent.canDelegateTo) if (typeof targetItem === "string") {
 				if (!availableAgentIds.has(targetItem) && !availableExternalAgentIds.has(targetItem)) errors.push(`Agent '${subAgentId}' has delegation target '${targetItem}' that doesn't exist in agent`);
 			}
 		}

package/dist/validation/dolt-schemas.d.ts ADDED Viewed

@@ -0,0 +1,49 @@
+import { z } from "@hono/zod-openapi";
+//#region src/validation/dolt-schemas.d.ts
+declare const BranchNameSchema: z.ZodString;
+declare const CreateBranchRequestSchema: z.ZodObject<{
+  name: z.ZodString;
+  from: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+declare const BranchInfoSchema: z.ZodObject<{
+  baseName: z.ZodString;
+  fullName: z.ZodString;
+  hash: z.ZodString;
+}, z.core.$strip>;
+declare const BranchResponseSchema: z.ZodObject<{
+  data: z.ZodObject<{
+    baseName: z.ZodString;
+    fullName: z.ZodString;
+    hash: z.ZodString;
+  }, z.core.$strip>;
+}, z.core.$strip>;
+declare const BranchListResponseSchema: z.ZodObject<{
+  data: z.ZodArray<z.ZodObject<{
+    baseName: z.ZodString;
+    fullName: z.ZodString;
+    hash: z.ZodString;
+  }, z.core.$strip>>;
+}, z.core.$strip>;
+declare const BranchNameParamsSchema: z.ZodObject<{
+  tenantId: z.ZodString;
+  projectId: z.ZodString;
+  branchName: z.ZodString;
+}, z.core.$strip>;
+declare const ResolvedRefSchema: z.ZodObject<{
+  type: z.ZodEnum<{
+    tag: "tag";
+    commit: "commit";
+    branch: "branch";
+  }>;
+  name: z.ZodString;
+  hash: z.ZodString;
+}, z.core.$strip>;
+type ResolvedRef = z.infer<typeof ResolvedRefSchema>;
+type CreateBranchRequest = z.infer<typeof CreateBranchRequestSchema>;
+type BranchInfo = z.infer<typeof BranchInfoSchema>;
+type BranchResponse = z.infer<typeof BranchResponseSchema>;
+type BranchListResponse = z.infer<typeof BranchListResponseSchema>;
+type BranchNameParams = z.infer<typeof BranchNameParamsSchema>;
+//#endregion
+export { BranchInfo, BranchInfoSchema, BranchListResponse, BranchListResponseSchema, BranchNameParams, BranchNameParamsSchema, BranchNameSchema, BranchResponse, BranchResponseSchema, CreateBranchRequest, CreateBranchRequestSchema, ResolvedRef, ResolvedRefSchema };

package/dist/validation/dolt-schemas.js ADDED Viewed

@@ -0,0 +1,44 @@
+import { z } from "@hono/zod-openapi";
+//#region src/validation/dolt-schemas.ts
+const BranchNameSchema = z.string().min(1, "Branch name cannot be empty").max(255, "Branch name too long").regex(/^[a-zA-Z0-9\-_./]+$/, { message: "Branch name can only contain letters, numbers, hyphens, underscores, dots, and slashes" }).openapi({
+	example: "feature-x",
+	description: "Name of the branch"
+});
+const CreateBranchRequestSchema = z.object({
+	name: BranchNameSchema,
+	from: z.string().optional().describe("Branch or commit to create from. Defaults to tenant main branch.")
+}).openapi("CreateBranchRequest");
+const BranchInfoSchema = z.object({
+	baseName: z.string().describe("User-provided branch name"),
+	fullName: z.string().describe("Full namespaced branch name"),
+	hash: z.string().describe("Current commit hash of the branch")
+}).openapi("BranchInfo");
+const BranchResponseSchema = z.object({ data: BranchInfoSchema }).openapi("BranchResponse");
+const BranchListResponseSchema = z.object({ data: z.array(BranchInfoSchema) }).openapi("BranchListResponse");
+const BranchNameParamsSchema = z.object({
+	tenantId: z.string().openapi({ param: {
+		name: "tenantId",
+		in: "path"
+	} }),
+	projectId: z.string().openapi({ param: {
+		name: "projectId",
+		in: "path"
+	} }),
+	branchName: z.string().openapi({ param: {
+		name: "branchName",
+		in: "path"
+	} })
+}).openapi("BranchNameParams");
+const ResolvedRefSchema = z.object({
+	type: z.enum([
+		"commit",
+		"tag",
+		"branch"
+	]).describe("The type of ref"),
+	name: z.string().describe("The name of the ref (branch name, tag name, or commit hash)"),
+	hash: z.string().describe("The commit hash this ref resolves to")
+}).openapi("ResolvedRef");
+//#endregion
+export { BranchInfoSchema, BranchListResponseSchema, BranchNameParamsSchema, BranchNameSchema, BranchResponseSchema, CreateBranchRequestSchema, ResolvedRefSchema };

package/dist/validation/drizzle-schema-helpers.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { z } from "@hono/zod-openapi";
-import * as drizzle_zod141 from "drizzle-zod";
+import * as drizzle_zod231 from "drizzle-zod";
 import { AnySQLiteTable } from "drizzle-orm/sqlite-core";
 //#region src/validation/drizzle-schema-helpers.d.ts
@@ -22,8 +22,8 @@ declare const resourceIdSchema: z.ZodString;
 declare function createResourceIdSchema(description: string, options?: {
   example?: string;
 }): z.ZodString;
-declare function createSelectSchemaWithModifiers<T extends AnySQLiteTable>(table: T, overrides?: Partial<Record<keyof T['_']['columns'], (schema: z.ZodTypeAny) => z.ZodTypeAny>>): drizzle_zod141.BuildSchema<"select", T["_"]["columns"], drizzle_zod141.BuildRefine<T["_"]["columns"], undefined>, undefined>;
-declare function createInsertSchemaWithModifiers<T extends AnySQLiteTable>(table: T, overrides?: Partial<Record<keyof T['_']['columns'], (schema: z.ZodTypeAny) => z.ZodTypeAny>>): drizzle_zod141.BuildSchema<"insert", T["_"]["columns"], drizzle_zod141.BuildRefine<Pick<T["_"]["columns"], keyof T["$inferInsert"]>, undefined>, undefined>;
+declare function createSelectSchemaWithModifiers<T extends AnySQLiteTable>(table: T, overrides?: Partial<Record<keyof T['_']['columns'], (schema: z.ZodTypeAny) => z.ZodTypeAny>>): drizzle_zod231.BuildSchema<"select", T["_"]["columns"], drizzle_zod231.BuildRefine<T["_"]["columns"], undefined>, undefined>;
+declare function createInsertSchemaWithModifiers<T extends AnySQLiteTable>(table: T, overrides?: Partial<Record<keyof T['_']['columns'], (schema: z.ZodTypeAny) => z.ZodTypeAny>>): drizzle_zod231.BuildSchema<"insert", T["_"]["columns"], drizzle_zod231.BuildRefine<Pick<T["_"]["columns"], keyof T["$inferInsert"]>, undefined>, undefined>;
 declare const createSelectSchema: typeof createSelectSchemaWithModifiers;
 declare const createInsertSchema: typeof createInsertSchemaWithModifiers;
 /**
@@ -38,27 +38,5 @@ declare const createInsertSchema: typeof createInsertSchemaWithModifiers;
  * The schema shape itself is not modified, but the field schemas are registered.
  */
 declare function registerFieldSchemas<T extends z.ZodObject<any>>(schema: T): T;
-/**
- * Wrapper for .partial() that registers the resulting schema and its fields in the global registry.
- * This function ensures that field schemas are properly registered and configured with OpenAPI metadata.
- */
-declare function partialWithRegistry<T extends z.ZodObject<any>>(schema: T, metadata?: {
-  description?: string;
-  [key: string]: unknown;
-}): T;
-/**
- * Wrapper for .omit() that registers the resulting schema and its fields in the global registry
- */
-declare function omitWithRegistry<T extends z.ZodObject<any>>(schema: T, keys: z.ZodObject<any>['shape'], metadata?: {
-  description?: string;
-  [key: string]: unknown;
-}): T;
-/**
- * Wrapper for .extend() that registers the resulting schema and its fields in the global registry
- */
-declare function extendWithRegistry<T extends z.ZodObject<any>>(schema: T, shape: z.ZodRawShape, metadata?: {
-  description?: string;
-  [key: string]: unknown;
-}): T;
 //#endregion
-export { MAX_ID_LENGTH, MIN_ID_LENGTH, URL_SAFE_ID_PATTERN, createInsertSchema, createResourceIdSchema, createSelectSchema, extendWithRegistry, omitWithRegistry, partialWithRegistry, registerFieldSchemas, resourceIdSchema };
+export { MAX_ID_LENGTH, MIN_ID_LENGTH, URL_SAFE_ID_PATTERN, createInsertSchema, createResourceIdSchema, createSelectSchema, registerFieldSchemas, resourceIdSchema };