@inkeep/agents-core 0.50.1 → 0.50.4

package/dist/auth/auth.d.ts

@@ -880,25 +880,25 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
       ac: better_auth_plugins0.AccessControl;
       roles: {
         member: {
-          authorize<K_1 extends "project" | "organization" | "member" | "invitation" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
         };
         admin: {
-          authorize<K_1 extends "project" | "organization" | "member" | "invitation" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
         };
         owner: {
-          authorize<K_1 extends "project" | "organization" | "member" | "invitation" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
         };
       };
       creatorRole: "admin";
@@ -947,7 +947,7 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
           user: better_auth0.User & Record<string, any>;
           organization: better_auth_plugins0.Organization & Record<string, any>;
         }) => Promise<void>;
-        afterRemoveMember: ({
+        beforeRemoveMember: ({
           member,
           organization: org
         }: {
@@ -1084,7 +1084,7 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
         id: string;
         organizationId: string;
         email: string;
-        role: "owner" | "admin" | "member";
+        role: "member" | "admin" | "owner";
         status: better_auth_plugins0.InvitationStatus;
         inviterId: string;
         expiresAt: Date;
@@ -1094,7 +1094,7 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
       Member: {
         id: string;
         organizationId: string;
-        role: "owner" | "admin" | "member";
+        role: "member" | "admin" | "owner";
         createdAt: Date;
         userId: string;
         user: {
@@ -1110,7 +1110,7 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
         members: {
           id: string;
           organizationId: string;
-          role: "owner" | "admin" | "member";
+          role: "member" | "admin" | "owner";
           createdAt: Date;
           userId: string;
           user: {
@@ -1124,7 +1124,7 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
           id: string;
           organizationId: string;
           email: string;
-          role: "owner" | "admin" | "member";
+          role: "member" | "admin" | "owner";
           status: better_auth_plugins0.InvitationStatus;
           inviterId: string;
           expiresAt: Date;
@@ -1203,25 +1203,25 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
       ac: better_auth_plugins0.AccessControl;
       roles: {
         member: {
-          authorize<K_1 extends "project" | "organization" | "member" | "invitation" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
         };
         admin: {
-          authorize<K_1 extends "project" | "organization" | "member" | "invitation" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
         };
         owner: {
-          authorize<K_1 extends "project" | "organization" | "member" | "invitation" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>[key] | {
-            actions: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>[key];
+          authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
+            actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
             connector: "OR" | "AND";
           } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
-          statements: better_auth_plugins0.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins0.Statements>;
+          statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
         };
       };
       creatorRole: "admin";
@@ -1270,7 +1270,7 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
           user: better_auth0.User & Record<string, any>;
           organization: better_auth_plugins0.Organization & Record<string, any>;
         }) => Promise<void>;
-        afterRemoveMember: ({
+        beforeRemoveMember: ({
           member,
           organization: org
         }: {

package/dist/auth/auth.js

@@ -117,7 +117,7 @@ function createAuth(config) {
 			updateAge: 3600 * 24,
 			cookieCache: {
 				enabled: true,
-				maxAge: 300,
+				maxAge: 30,
 				strategy: "compact"
 			}
 		},
@@ -209,18 +209,17 @@ function createAuth(config) {
 							console.log(`🔐 SpiceDB: Revoked all project memberships for ${member$1.userId} (promoted to ${targetRole})`);
 						}
 					},
-					afterRemoveMember: async ({ member: member$1, organization: org }) => {
+					beforeRemoveMember: async ({ member: member$1, organization: org }) => {
 						try {
-							const { syncOrgMemberToSpiceDb } = await import("./authz/sync.js");
-							await syncOrgMemberToSpiceDb({
+							const { revokeAllUserRelationships } = await import("./authz/sync.js");
+							await revokeAllUserRelationships({
 								tenantId: org.id,
-								userId: member$1.userId,
-								role: member$1.role,
-								action: "remove"
+								userId: member$1.userId
 							});
-							console.log(`🔐 SpiceDB: Removed member ${member$1.userId} from org ${org.name}`);
+							console.log(`🔐 SpiceDB: Preparing to remove member ${member$1.userId} - revoked all relationships in org ${org.name}`);
 						} catch (error) {
-							console.error("❌ SpiceDB sync failed for member removal:", error);
+							console.error("❌ SpiceDB cleanup failed before member removal:", error);
+							throw new Error(`Failed to clean up user permissions: ${error instanceof Error ? error.message : "Unknown error"}`);
 						}
 					}
 				}

package/dist/auth/authz/sync.d.ts

@@ -73,6 +73,9 @@ declare function removeProjectFromSpiceDb(params: {
 /**
  * List all explicit project members from SpiceDB.
  * Returns users with project_admin, project_member, or project_viewer roles.
+ *
+ * NOTE: This is an appropriate use of readRelationships for data introspection,
+ * not permission logic (per SpiceDB best practices).
  */
 declare function listProjectMembers(params: {
   tenantId: string;
@@ -84,6 +87,9 @@ declare function listProjectMembers(params: {
 /**
  * List all project memberships for a specific user.
  * Returns projects where the user has explicit project_admin, project_member, or project_viewer roles.
+ *
+ * NOTE: This is an appropriate use of readRelationships for data introspection,
+ * not permission logic (per SpiceDB best practices).
  */
 declare function listUserProjectMembershipsInSpiceDb(params: {
   tenantId: string;
@@ -102,5 +108,20 @@ declare function revokeAllProjectMemberships(params: {
   tenantId: string;
   userId: string;
 }): Promise<void>;
+/**
+ * Revoke ALL user relationships within an organization.
+ * Call when: user is being removed from an organization.
+ *
+ * This removes:
+ * 1. Organization-level relationships (owner, admin, member)
+ * 2. All project-level relationships within the organization
+ *
+ * Uses the most efficient approach: filters by subject without specifying relation.
+ * This is much more efficient than individual relation-specific deletions.
+ */
+declare function revokeAllUserRelationships(params: {
+  tenantId: string;
+  userId: string;
+}): Promise<void>;
 //#endregion
-export { changeOrgRole, changeProjectRole, grantProjectAccess, listProjectMembers, listUserProjectMembershipsInSpiceDb, removeProjectFromSpiceDb, revokeAllProjectMemberships, revokeProjectAccess, syncOrgMemberToSpiceDb, syncProjectToSpiceDb };
+export { changeOrgRole, changeProjectRole, grantProjectAccess, listProjectMembers, listUserProjectMembershipsInSpiceDb, removeProjectFromSpiceDb, revokeAllProjectMemberships, revokeAllUserRelationships, revokeProjectAccess, syncOrgMemberToSpiceDb, syncProjectToSpiceDb };

package/dist/auth/authz/sync.js

@@ -1,6 +1,6 @@
 import { SpiceDbRelations, SpiceDbResourceTypes } from "./types.js";
 import { fromSpiceDbProjectId, toSpiceDbProjectId } from "./config.js";
-import { RelationshipOperation, deleteRelationship, getSpiceClient, readRelationships, writeRelationship } from "./client.js";
+import { RelationshipOperation, checkBulkPermissions, deleteRelationship, getSpiceClient, readRelationships, writeRelationship } from "./client.js";
 
 //#region src/auth/authz/sync.ts
 /**
@@ -82,12 +82,13 @@ async function changeOrgRole(params) {
 */
 async function syncProjectToSpiceDb(params) {
 	const spice = getSpiceClient();
-	const isOrgAdminOrOwner = (await readRelationships({
+	const isOrgAdminOrOwner = (await checkBulkPermissions({
 		resourceType: SpiceDbResourceTypes.ORGANIZATION,
 		resourceId: params.tenantId,
+		permissions: ["manage"],
 		subjectType: SpiceDbResourceTypes.USER,
 		subjectId: params.creatorUserId
-	})).some((r) => r.relation === SpiceDbRelations.ADMIN || r.relation === SpiceDbRelations.OWNER);
+	})).manage;
 	const spiceProjectId = toSpiceDbProjectId(params.tenantId, params.projectId);
 	const updates = [{
 		operation: RelationshipOperation.TOUCH,
@@ -224,6 +225,9 @@ async function removeProjectFromSpiceDb(params) {
 /**
 * List all explicit project members from SpiceDB.
 * Returns users with project_admin, project_member, or project_viewer roles.
+*
+* NOTE: This is an appropriate use of readRelationships for data introspection,
+* not permission logic (per SpiceDB best practices).
 */
 async function listProjectMembers(params) {
 	return (await readRelationships({
@@ -237,6 +241,9 @@ async function listProjectMembers(params) {
 /**
 * List all project memberships for a specific user.
 * Returns projects where the user has explicit project_admin, project_member, or project_viewer roles.
+*
+* NOTE: This is an appropriate use of readRelationships for data introspection,
+* not permission logic (per SpiceDB best practices).
 */
 async function listUserProjectMembershipsInSpiceDb(params) {
 	return (await readRelationships({
@@ -319,6 +326,54 @@ async function revokeAllProjectMemberships(params) {
 		})
 	]);
 }
+/**
+* Revoke ALL user relationships within an organization.
+* Call when: user is being removed from an organization.
+*
+* This removes:
+* 1. Organization-level relationships (owner, admin, member)
+* 2. All project-level relationships within the organization
+*
+* Uses the most efficient approach: filters by subject without specifying relation.
+* This is much more efficient than individual relation-specific deletions.
+*/
+async function revokeAllUserRelationships(params) {
+	const spice = getSpiceClient();
+	const tenantPrefix = `${params.tenantId}/`;
+	await Promise.all([spice.promises.deleteRelationships({
+		relationshipFilter: {
+			resourceType: SpiceDbResourceTypes.ORGANIZATION,
+			optionalResourceId: params.tenantId,
+			optionalResourceIdPrefix: "",
+			optionalRelation: "",
+			optionalSubjectFilter: {
+				subjectType: SpiceDbResourceTypes.USER,
+				optionalSubjectId: params.userId,
+				optionalRelation: void 0
+			}
+		},
+		optionalPreconditions: [],
+		optionalLimit: 0,
+		optionalAllowPartialDeletions: false,
+		optionalTransactionMetadata: void 0
+	}), spice.promises.deleteRelationships({
+		relationshipFilter: {
+			resourceType: SpiceDbResourceTypes.PROJECT,
+			optionalResourceId: "",
+			optionalResourceIdPrefix: tenantPrefix,
+			optionalRelation: "",
+			optionalSubjectFilter: {
+				subjectType: SpiceDbResourceTypes.USER,
+				optionalSubjectId: params.userId,
+				optionalRelation: void 0
+			}
+		},
+		optionalPreconditions: [],
+		optionalLimit: 0,
+		optionalAllowPartialDeletions: false,
+		optionalTransactionMetadata: void 0
+	})]);
+}
 
 //#endregion
-export { changeOrgRole, changeProjectRole, grantProjectAccess, listProjectMembers, listUserProjectMembershipsInSpiceDb, removeProjectFromSpiceDb, revokeAllProjectMemberships, revokeProjectAccess, syncOrgMemberToSpiceDb, syncProjectToSpiceDb };
+export { changeOrgRole, changeProjectRole, grantProjectAccess, listProjectMembers, listUserProjectMembershipsInSpiceDb, removeProjectFromSpiceDb, revokeAllProjectMemberships, revokeAllUserRelationships, revokeProjectAccess, syncOrgMemberToSpiceDb, syncProjectToSpiceDb };

package/dist/auth/permissions.d.ts

@@ -5,25 +5,25 @@ import { organizationClient } from "better-auth/client/plugins";
 //#region src/auth/permissions.d.ts
 declare const ac: AccessControl;
 declare const memberRole: {
-  authorize<K_1 extends "project" | "organization" | "member" | "invitation" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins69.Statements>[key] | {
-    actions: better_auth_plugins69.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins69.Statements>[key];
+  authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key] | {
+    actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key];
     connector: "OR" | "AND";
   } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
-  statements: better_auth_plugins69.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins69.Statements>;
+  statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>;
 };
 declare const adminRole: {
-  authorize<K_1 extends "project" | "organization" | "member" | "invitation" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins69.Statements>[key] | {
-    actions: better_auth_plugins69.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins69.Statements>[key];
+  authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key] | {
+    actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key];
     connector: "OR" | "AND";
   } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
-  statements: better_auth_plugins69.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins69.Statements>;
+  statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>;
 };
 declare const ownerRole: {
-  authorize<K_1 extends "project" | "organization" | "member" | "invitation" | "ac" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins69.Statements>[key] | {
-    actions: better_auth_plugins69.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins69.Statements>[key];
+  authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key] | {
+    actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key];
     connector: "OR" | "AND";
   } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
-  statements: better_auth_plugins69.Subset<"project" | "organization" | "member" | "invitation" | "ac" | "team", better_auth_plugins69.Statements>;
+  statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>;
 };
 //#endregion
 export { ac, adminRole, memberRole, organizationClient, ownerRole };

package/dist/constants/models.d.ts

@@ -38,6 +38,7 @@ declare const OPENAI_MODELS: {
   readonly GPT_4_1_NANO_20250414: "openai/gpt-4.1-nano-2025-04-14";
 };
 declare const GOOGLE_MODELS: {
+  readonly GEMINI_3_1_PRO_PREVIEW: "google/gemini-3.1-pro-preview";
   readonly GEMINI_3_PRO_PREVIEW: "google/gemini-3-pro-preview";
   readonly GEMINI_3_FLASH_PREVIEW: "google/gemini-3-flash-preview";
   readonly GEMINI_2_5_PRO: "google/gemini-2.5-pro";

package/dist/constants/models.js

@@ -38,6 +38,7 @@ const OPENAI_MODELS = {
 	GPT_4_1_NANO_20250414: "openai/gpt-4.1-nano-2025-04-14"
 };
 const GOOGLE_MODELS = {
+	GEMINI_3_1_PRO_PREVIEW: "google/gemini-3.1-pro-preview",
 	GEMINI_3_PRO_PREVIEW: "google/gemini-3-pro-preview",
 	GEMINI_3_FLASH_PREVIEW: "google/gemini-3-flash-preview",
 	GEMINI_2_5_PRO: "google/gemini-2.5-pro",

package/dist/constants/otel-attributes.d.ts

@@ -93,6 +93,10 @@ declare const SPAN_KEYS: {
   readonly ARTIFACT_DATA: "artifact.data";
   readonly ARTIFACT_NAME: "artifact.name";
   readonly ARTIFACT_DESCRIPTION: "artifact.description";
+  readonly ARTIFACT_IS_OVERSIZED: "artifact.is_oversized";
+  readonly ARTIFACT_RETRIEVAL_BLOCKED: "artifact.retrieval_blocked";
+  readonly ARTIFACT_ORIGINAL_TOKEN_SIZE: "artifact.original_token_size";
+  readonly ARTIFACT_CONTEXT_WINDOW_SIZE: "artifact.context_window_size";
   readonly CONTEXT_BREAKDOWN_SYSTEM_TEMPLATE: "context.breakdown.system_template_tokens";
   readonly CONTEXT_BREAKDOWN_CORE_INSTRUCTIONS: "context.breakdown.core_instructions_tokens";
   readonly CONTEXT_BREAKDOWN_AGENT_PROMPT: "context.breakdown.agent_prompt_tokens";

package/dist/constants/otel-attributes.js

@@ -93,6 +93,10 @@ const SPAN_KEYS = {
 	ARTIFACT_DATA: "artifact.data",
 	ARTIFACT_NAME: "artifact.name",
 	ARTIFACT_DESCRIPTION: "artifact.description",
+	ARTIFACT_IS_OVERSIZED: "artifact.is_oversized",
+	ARTIFACT_RETRIEVAL_BLOCKED: "artifact.retrieval_blocked",
+	ARTIFACT_ORIGINAL_TOKEN_SIZE: "artifact.original_token_size",
+	ARTIFACT_CONTEXT_WINDOW_SIZE: "artifact.context_window_size",
 	CONTEXT_BREAKDOWN_SYSTEM_TEMPLATE: "context.breakdown.system_template_tokens",
 	CONTEXT_BREAKDOWN_CORE_INSTRUCTIONS: "context.breakdown.core_instructions_tokens",
 	CONTEXT_BREAKDOWN_AGENT_PROMPT: "context.breakdown.agent_prompt_tokens",

package/dist/data-access/manage/agents.d.ts

@@ -10,11 +10,13 @@ declare const getAgentById: (db: AgentsManageDatabaseClient) => (params: {
 }) => Promise<{
   id: string;
   name: string;
+  createdAt: string;
+  updatedAt: string;
+  projectId: string;
+  tenantId: string;
   description: string | null;
   defaultSubAgentId: string | null;
-  tenantId: string;
-  projectId: string;
-  prompt: string | null;
+  contextConfigId: string | null;
   models: {
     base?: {
       model?: string | undefined;
@@ -29,12 +31,7 @@ declare const getAgentById: (db: AgentsManageDatabaseClient) => (params: {
       providerOptions?: Record<string, any> | undefined;
     } | undefined;
   } | null;
-  stopWhen: {
-    transferCountIs?: number | undefined;
-  } | null;
-  createdAt: string;
-  updatedAt: string;
-  contextConfigId: string | null;
+  prompt: string | null;
   statusUpdates: {
     enabled?: boolean | undefined;
     numEvents?: number | undefined;
@@ -50,17 +47,22 @@ declare const getAgentById: (db: AgentsManageDatabaseClient) => (params: {
       } | undefined;
     }[] | undefined;
   } | null;
+  stopWhen: {
+    transferCountIs?: number | undefined;
+  } | null;
 } | null>;
 declare const getAgentWithDefaultSubAgent: (db: AgentsManageDatabaseClient) => (params: {
   scopes: AgentScopeConfig;
 }) => Promise<{
   id: string;
   name: string;
+  createdAt: string;
+  updatedAt: string;
+  projectId: string;
+  tenantId: string;
   description: string | null;
   defaultSubAgentId: string | null;
-  tenantId: string;
-  projectId: string;
-  prompt: string | null;
+  contextConfigId: string | null;
   models: {
     base?: {
       model?: string | undefined;
@@ -75,12 +77,7 @@ declare const getAgentWithDefaultSubAgent: (db: AgentsManageDatabaseClient) => (
       providerOptions?: Record<string, any> | undefined;
     } | undefined;
   } | null;
-  stopWhen: {
-    transferCountIs?: number | undefined;
-  } | null;
-  createdAt: string;
-  updatedAt: string;
-  contextConfigId: string | null;
+  prompt: string | null;
   statusUpdates: {
     enabled?: boolean | undefined;
     numEvents?: number | undefined;
@@ -96,15 +93,18 @@ declare const getAgentWithDefaultSubAgent: (db: AgentsManageDatabaseClient) => (
       } | undefined;
     }[] | undefined;
   } | null;
+  stopWhen: {
+    transferCountIs?: number | undefined;
+  } | null;
   defaultSubAgent: {
     id: string;
     name: string;
-    description: string | null;
-    tenantId: string;
-    projectId: string;
+    createdAt: string;
+    updatedAt: string;
     agentId: string;
-    prompt: string | null;
-    conversationHistoryConfig: ConversationHistoryConfig | null;
+    projectId: string;
+    tenantId: string;
+    description: string | null;
     models: {
       base?: {
         model?: string | undefined;
@@ -119,11 +119,11 @@ declare const getAgentWithDefaultSubAgent: (db: AgentsManageDatabaseClient) => (
         providerOptions?: Record<string, any> | undefined;
       } | undefined;
     } | null;
+    prompt: string | null;
     stopWhen: {
       stepCountIs?: number | undefined;
     } | null;
-    createdAt: string;
-    updatedAt: string;
+    conversationHistoryConfig: ConversationHistoryConfig | null;
   } | null;
 } | null>;
 declare const listAgents: (db: AgentsManageDatabaseClient) => (params: {
@@ -131,11 +131,13 @@ declare const listAgents: (db: AgentsManageDatabaseClient) => (params: {
 }) => Promise<{
   id: string;
   name: string;
+  createdAt: string;
+  updatedAt: string;
+  projectId: string;
+  tenantId: string;
   description: string | null;
   defaultSubAgentId: string | null;
-  tenantId: string;
-  projectId: string;
-  prompt: string | null;
+  contextConfigId: string | null;
   models: {
     base?: {
       model?: string | undefined;
@@ -150,12 +152,7 @@ declare const listAgents: (db: AgentsManageDatabaseClient) => (params: {
       providerOptions?: Record<string, any> | undefined;
     } | undefined;
   } | null;
-  stopWhen: {
-    transferCountIs?: number | undefined;
-  } | null;
-  createdAt: string;
-  updatedAt: string;
-  contextConfigId: string | null;
+  prompt: string | null;
   statusUpdates: {
     enabled?: boolean | undefined;
     numEvents?: number | undefined;
@@ -171,6 +168,9 @@ declare const listAgents: (db: AgentsManageDatabaseClient) => (params: {
       } | undefined;
     }[] | undefined;
   } | null;
+  stopWhen: {
+    transferCountIs?: number | undefined;
+  } | null;
 }[]>;
 declare const listAgentsPaginated: (db: AgentsManageDatabaseClient) => (params: {
   scopes: ProjectScopeConfig;
@@ -247,11 +247,13 @@ declare function listAgentsAcrossProjectMainBranches(db: AgentsManageDatabaseCli
 declare const createAgent: (db: AgentsManageDatabaseClient) => (data: AgentInsert) => Promise<{
   id: string;
   name: string;
+  createdAt: string;
+  updatedAt: string;
+  projectId: string;
+  tenantId: string;
   description: string | null;
   defaultSubAgentId: string | null;
-  tenantId: string;
-  projectId: string;
-  prompt: string | null;
+  contextConfigId: string | null;
   models: {
     base?: {
       model?: string | undefined;
@@ -266,12 +268,7 @@ declare const createAgent: (db: AgentsManageDatabaseClient) => (data: AgentInser
       providerOptions?: Record<string, any> | undefined;
     } | undefined;
   } | null;
-  stopWhen: {
-    transferCountIs?: number | undefined;
-  } | null;
-  createdAt: string;
-  updatedAt: string;
-  contextConfigId: string | null;
+  prompt: string | null;
   statusUpdates: {
     enabled?: boolean | undefined;
     numEvents?: number | undefined;
@@ -287,6 +284,9 @@ declare const createAgent: (db: AgentsManageDatabaseClient) => (data: AgentInser
       } | undefined;
     }[] | undefined;
   } | null;
+  stopWhen: {
+    transferCountIs?: number | undefined;
+  } | null;
 }>;
 declare const updateAgent: (db: AgentsManageDatabaseClient) => (params: {
   scopes: AgentScopeConfig;

package/dist/data-access/manage/artifactComponents.d.ts

@@ -10,11 +10,11 @@ declare const getArtifactComponentById: (db: AgentsManageDatabaseClient) => (par
 }) => Promise<{
   id: string;
   name: string;
-  description: string | null;
-  tenantId: string;
-  projectId: string;
   createdAt: string;
   updatedAt: string;
+  projectId: string;
+  tenantId: string;
+  description: string | null;
   props: {
     [x: string]: unknown;
     type: "object";
@@ -66,11 +66,11 @@ declare const listArtifactComponentsPaginated: (db: AgentsManageDatabaseClient)
 declare const createArtifactComponent: (db: AgentsManageDatabaseClient) => (params: ArtifactComponentInsert) => Promise<{
   id: string;
   name: string;
-  description: string | null;
-  tenantId: string;
-  projectId: string;
   createdAt: string;
   updatedAt: string;
+  projectId: string;
+  tenantId: string;
+  description: string | null;
   props: {
     [x: string]: unknown;
     type: "object";
@@ -141,10 +141,10 @@ declare const associateArtifactComponentWithAgent: (db: AgentsManageDatabaseClie
   artifactComponentId: string;
 }) => Promise<{
   id: string;
-  tenantId: string;
-  projectId: string;
-  agentId: string;
   createdAt: string;
+  agentId: string;
+  projectId: string;
+  tenantId: string;
   subAgentId: string;
   artifactComponentId: string;
 }>;
@@ -184,10 +184,10 @@ declare const upsertAgentArtifactComponentRelation: (db: AgentsManageDatabaseCli
   artifactComponentId: string;
 }) => Promise<{
   id: string;
-  tenantId: string;
-  projectId: string;
-  agentId: string;
   createdAt: string;
+  agentId: string;
+  projectId: string;
+  tenantId: string;
   subAgentId: string;
   artifactComponentId: string;
 } | null>;