@inkeep/agents-core 0.58.20 → 0.59.0

package/dist/data-access/runtime/apiKeys.d.ts

@@ -16,10 +16,10 @@ declare const getApiKeyById: (db: AgentsRunDatabaseClient) => (params: {
   createdAt: string;
   updatedAt: string;
   expiresAt: string | null;
-  lastUsedAt: string | null;
   publicId: string;
   keyHash: string;
   keyPrefix: string;
+  lastUsedAt: string | null;
 } | undefined>;
 declare const getApiKeyByPublicId: (db: AgentsRunDatabaseClient) => (publicId: string) => Promise<{
   id: string;
@@ -30,10 +30,10 @@ declare const getApiKeyByPublicId: (db: AgentsRunDatabaseClient) => (publicId: s
   createdAt: string;
   updatedAt: string;
   expiresAt: string | null;
-  lastUsedAt: string | null;
   publicId: string;
   keyHash: string;
   keyPrefix: string;
+  lastUsedAt: string | null;
 } | undefined>;
 declare const listApiKeys: (db: AgentsRunDatabaseClient) => (params: {
   scopes: ProjectScopeConfig;
@@ -47,10 +47,10 @@ declare const listApiKeys: (db: AgentsRunDatabaseClient) => (params: {
   createdAt: string;
   updatedAt: string;
   expiresAt: string | null;
-  lastUsedAt: string | null;
   publicId: string;
   keyHash: string;
   keyPrefix: string;
+  lastUsedAt: string | null;
 }[]>;
 declare const listApiKeysPaginated: (db: AgentsRunDatabaseClient) => (params: {
   scopes: ProjectScopeConfig;
@@ -74,10 +74,10 @@ declare const createApiKey: (db: AgentsRunDatabaseClient) => (params: ApiKeyInse
   createdAt: string;
   updatedAt: string;
   expiresAt: string | null;
-  lastUsedAt: string | null;
   publicId: string;
   keyHash: string;
   keyPrefix: string;
+  lastUsedAt: string | null;
 }>;
 declare const updateApiKey: (db: AgentsRunDatabaseClient) => (params: {
   scopes: ProjectScopeConfig;

package/dist/data-access/runtime/apps.d.ts

@@ -23,9 +23,9 @@ declare const getAppById: (db: AgentsRunDatabaseClient) => (id: string) => Promi
     type: "api";
     api: Record<string, never>;
   };
-  defaultAgentId: string | null;
-  defaultProjectId: string | null;
   lastUsedAt: string | null;
+  defaultProjectId: string | null;
+  defaultAgentId: string | null;
 } | undefined>;
 declare const updateAppLastUsed: (db: AgentsRunDatabaseClient) => (id: string) => Promise<void>;
 declare const getAppByIdForTenant: (db: AgentsRunDatabaseClient) => (params: {
@@ -70,9 +70,9 @@ declare const createApp: (db: AgentsRunDatabaseClient) => (params: AppInsert) =>
     type: "api";
     api: Record<string, never>;
   };
-  defaultAgentId: string | null;
-  defaultProjectId: string | null;
   lastUsedAt: string | null;
+  defaultProjectId: string | null;
+  defaultAgentId: string | null;
 }>;
 declare const updateAppForTenant: (db: AgentsRunDatabaseClient) => (params: {
   scopes: TenantScopeConfig;

package/dist/data-access/runtime/auth.d.ts

@@ -5,14 +5,14 @@ declare const getInitialOrganization: (db: AgentsRunDatabaseClient) => (userId:
   id: string;
 } | null>;
 declare const queryHasCredentialAccount: (db: AgentsRunDatabaseClient) => (userId: string) => Promise<boolean>;
-interface SSOProviderRegistration {
-  providerId: string;
+declare const querySsoProviderIssuers: (db: AgentsRunDatabaseClient) => () => Promise<{
   issuer: string;
-  domain: string;
-  organizationId?: string;
-  oidcConfig?: object;
-  samlConfig?: object;
-}
-declare const registerSSOProvider: (db: AgentsRunDatabaseClient) => (provider: SSOProviderRegistration) => Promise<void>;
+}[]>;
+declare const querySsoProviderIds: (db: AgentsRunDatabaseClient) => () => Promise<string[]>;
+declare const queryOrgAllowedAuthMethods: (db: AgentsRunDatabaseClient) => (orgId: string) => Promise<{
+  allowedAuthMethods: string | null;
+} | undefined>;
+declare const queryMemberExists: (db: AgentsRunDatabaseClient) => (userId: string, organizationId: string) => Promise<boolean>;
+declare const queryPendingInvitationExists: (db: AgentsRunDatabaseClient) => (email: string, organizationId: string) => Promise<boolean>;
 //#endregion
-export { SSOProviderRegistration, getInitialOrganization, queryHasCredentialAccount, registerSSOProvider };
+export { getInitialOrganization, queryHasCredentialAccount, queryMemberExists, queryOrgAllowedAuthMethods, queryPendingInvitationExists, querySsoProviderIds, querySsoProviderIssuers };

package/dist/data-access/runtime/auth.js

@@ -1,6 +1,4 @@
-import { account, member, ssoProvider } from "../../auth/auth-schema.js";
-import { generateId } from "../../utils/conversations.js";
-import "../../utils/index.js";
+import { account, invitation, member, organization, ssoProvider } from "../../auth/auth-schema.js";
 import { and, eq } from "drizzle-orm";
 
 //#region src/data-access/runtime/auth.ts
@@ -12,24 +10,24 @@ const queryHasCredentialAccount = (db) => async (userId) => {
 	const [row] = await db.select({ id: account.id }).from(account).where(and(eq(account.userId, userId), eq(account.providerId, "credential"))).limit(1);
 	return !!row;
 };
-const registerSSOProvider = (db) => async (provider) => {
-	try {
-		if ((await db.select().from(ssoProvider).where(eq(ssoProvider.providerId, provider.providerId)).limit(1)).length > 0) return;
-		if (!provider.domain) throw new Error(`SSO provider '${provider.providerId}' must have a domain`);
-		await db.insert(ssoProvider).values({
-			id: generateId(),
-			providerId: provider.providerId,
-			issuer: provider.issuer,
-			domain: provider.domain,
-			oidcConfig: provider.oidcConfig ? JSON.stringify(provider.oidcConfig) : null,
-			samlConfig: provider.samlConfig ? JSON.stringify(provider.samlConfig) : null,
-			userId: null,
-			organizationId: provider.organizationId || null
-		});
-	} catch (error) {
-		console.error(`❌ Failed to register SSO provider '${provider.providerId}':`, error);
-	}
+const querySsoProviderIssuers = (db) => async () => {
+	return db.select({ issuer: ssoProvider.issuer }).from(ssoProvider);
+};
+const querySsoProviderIds = (db) => async () => {
+	return (await db.select({ providerId: ssoProvider.providerId }).from(ssoProvider)).map((r) => r.providerId);
+};
+const queryOrgAllowedAuthMethods = (db) => async (orgId) => {
+	const [org] = await db.select({ allowedAuthMethods: organization.allowedAuthMethods }).from(organization).where(eq(organization.id, orgId)).limit(1);
+	return org;
+};
+const queryMemberExists = (db) => async (userId, organizationId) => {
+	const [row] = await db.select({ id: member.id }).from(member).where(and(eq(member.userId, userId), eq(member.organizationId, organizationId))).limit(1);
+	return !!row;
+};
+const queryPendingInvitationExists = (db) => async (email, organizationId) => {
+	const [row] = await db.select({ id: invitation.id }).from(invitation).where(and(eq(invitation.email, email), eq(invitation.organizationId, organizationId), eq(invitation.status, "pending"))).limit(1);
+	return !!row;
 };
 
 //#endregion
-export { getInitialOrganization, queryHasCredentialAccount, registerSSOProvider };
+export { getInitialOrganization, queryHasCredentialAccount, queryMemberExists, queryOrgAllowedAuthMethods, queryPendingInvitationExists, querySsoProviderIds, querySsoProviderIssuers };

package/dist/data-access/runtime/conversations.d.ts

@@ -24,12 +24,12 @@ declare const createConversation: (db: AgentsRunDatabaseClient) => (params: Conv
   createdAt: string;
   updatedAt: string;
   metadata: ConversationMetadata | null;
+  userId: string | null;
   ref: {
     type: "commit" | "tag" | "branch";
     name: string;
     hash: string;
   } | null;
-  userId: string | null;
   activeSubAgentId: string;
   lastContextResolution: string | null;
 }>;
@@ -93,12 +93,12 @@ declare const getConversation: (db: AgentsRunDatabaseClient) => (params: {
   createdAt: string;
   updatedAt: string;
   metadata: ConversationMetadata | null;
+  userId: string | null;
   ref: {
     type: "commit" | "tag" | "branch";
     name: string;
     hash: string;
   } | null;
-  userId: string | null;
   activeSubAgentId: string;
   lastContextResolution: string | null;
 } | undefined>;
@@ -129,12 +129,12 @@ declare const createOrGetConversation: (db: AgentsRunDatabaseClient) => (input:
   createdAt: string;
   updatedAt: string;
   metadata: ConversationMetadata | null;
+  userId: string | null;
   ref: {
     type: "commit" | "tag" | "branch";
     name: string;
     hash: string;
   } | null;
-  userId: string | null;
   activeSubAgentId: string;
   lastContextResolution: string | null;
 }>;
@@ -161,12 +161,12 @@ declare const getActiveAgentForConversation: (db: AgentsRunDatabaseClient) => (p
   createdAt: string;
   updatedAt: string;
   metadata: ConversationMetadata | null;
+  userId: string | null;
   ref: {
     type: "commit" | "tag" | "branch";
     name: string;
     hash: string;
   } | null;
-  userId: string | null;
   activeSubAgentId: string;
   lastContextResolution: string | null;
 } | undefined>;

package/dist/data-access/runtime/messages.d.ts

@@ -17,17 +17,17 @@ declare const getMessageById: (db: AgentsRunDatabaseClient) => (params: {
   updatedAt: string;
   metadata: MessageMetadata | null;
   content: MessageContent;
-  conversationId: string;
+  role: string;
   fromSubAgentId: string | null;
   toSubAgentId: string | null;
   fromExternalAgentId: string | null;
   toExternalAgentId: string | null;
   taskId: string | null;
   a2aTaskId: string | null;
-  role: string;
-  visibility: string;
+  conversationId: string;
   fromTeamAgentId: string | null;
   toTeamAgentId: string | null;
+  visibility: string;
   messageType: string;
   parentMessageId: string | null;
   a2aSessionId: string | null;
@@ -151,17 +151,17 @@ declare const createMessage: (db: AgentsRunDatabaseClient) => (params: {
   updatedAt: string;
   metadata: MessageMetadata | null;
   content: MessageContent;
-  conversationId: string;
+  role: string;
   fromSubAgentId: string | null;
   toSubAgentId: string | null;
   fromExternalAgentId: string | null;
   toExternalAgentId: string | null;
   taskId: string | null;
   a2aTaskId: string | null;
-  role: string;
-  visibility: string;
+  conversationId: string;
   fromTeamAgentId: string | null;
   toTeamAgentId: string | null;
+  visibility: string;
   messageType: string;
   parentMessageId: string | null;
   a2aSessionId: string | null;
@@ -204,17 +204,17 @@ declare const deleteMessage: (db: AgentsRunDatabaseClient) => (params: {
   updatedAt: string;
   metadata: MessageMetadata | null;
   content: MessageContent;
-  conversationId: string;
+  role: string;
   fromSubAgentId: string | null;
   toSubAgentId: string | null;
   fromExternalAgentId: string | null;
   toExternalAgentId: string | null;
   taskId: string | null;
   a2aTaskId: string | null;
-  role: string;
-  visibility: string;
+  conversationId: string;
   fromTeamAgentId: string | null;
   toTeamAgentId: string | null;
+  visibility: string;
   messageType: string;
   parentMessageId: string | null;
   a2aSessionId: string | null;

package/dist/data-access/runtime/organizations.d.ts

@@ -1,4 +1,5 @@
 import { AgentsRunDatabaseClient } from "../../db/runtime/runtime-client.js";
+import { AllowedAuthMethod, MethodOption, OrgAuthInfo } from "../../auth/auth-types.js";
 import { UserOrganization } from "../../auth/auth-validation-schemas.js";
 
 //#region src/data-access/runtime/organizations.d.ts
@@ -39,6 +40,7 @@ declare const addUserToOrganization: (db: AgentsRunDatabaseClient) => (data: {
   userId: string;
   organizationId: string;
   role: string;
+  isServiceAccount?: boolean;
 }) => Promise<void>;
 declare const upsertOrganization: (db: AgentsRunDatabaseClient) => (data: {
   organizationId: string;
@@ -55,19 +57,41 @@ interface UserProviderInfo {
 }
 /**
  * Get authentication providers for a list of users.
- * Returns which providers each user has linked (e.g., 'credential', 'google', 'auth0').
+ * Returns which providers each user has linked (e.g., 'credential', 'google').
  */
 declare const getUserProvidersFromDb: (db: AgentsRunDatabaseClient) => (userIds: string[]) => Promise<UserProviderInfo[]>;
+declare const getAllowedAuthMethods: (db: AgentsRunDatabaseClient) => (organizationId: string) => Promise<AllowedAuthMethod[]>;
 /**
- * Create an invitation directly in db
- * Used when shouldAllowJoinFromWorkspace is enabled for a work_app_slack_workspaces
+ * Create an invitation directly in db.
+ * Accepts an optional explicit authMethod; defaults to email-password.
  */
 declare const createInvitationInDb: (db: AgentsRunDatabaseClient) => (data: {
   organizationId: string;
   email: string;
+  authMethod?: string;
 }) => Promise<{
   id: string;
   authMethod: string;
 }>;
+interface SSOProviderLookupResult {
+  providerId: string;
+  issuer: string;
+  domain: string;
+  organizationId: string | null;
+  providerType: 'oidc' | 'saml';
+}
+declare const getSSOProvidersByDomain: (db: AgentsRunDatabaseClient) => (domain: string) => Promise<SSOProviderLookupResult[]>;
+/**
+ * Filters org-allowed auth methods by email domain.
+ * SSO providers are only included if their domain matches the user's email domain.
+ * Non-SSO methods (email-password, google) pass through unfiltered.
+ */
+declare const getFilteredAuthMethodsForEmail: (db: AgentsRunDatabaseClient) => (organizationId: string, email: string) => Promise<MethodOption[]>;
+declare function allowedMethodsToMethodOptions(methods: AllowedAuthMethod[], ssoProviders: SSOProviderLookupResult[]): MethodOption[];
+/**
+ * Main auth-lookup query for the login flow.
+ * Returns org-grouped methods based on SSO domain match and/or user org membership.
+ */
+declare const getAuthLookupForEmail: (db: AgentsRunDatabaseClient) => (email: string) => Promise<OrgAuthInfo[]>;
 //#endregion
-export { UserProviderInfo, addUserToOrganization, createInvitationInDb, getPendingInvitationsByEmail, getUserOrganizationsFromDb, getUserProvidersFromDb, upsertOrganization };
+export { type MethodOption, type OrgAuthInfo, SSOProviderLookupResult, UserProviderInfo, addUserToOrganization, allowedMethodsToMethodOptions, createInvitationInDb, getAllowedAuthMethods, getAuthLookupForEmail, getFilteredAuthMethodsForEmail, getPendingInvitationsByEmail, getSSOProvidersByDomain, getUserOrganizationsFromDb, getUserProvidersFromDb, upsertOrganization };

package/dist/data-access/runtime/organizations.js

@@ -1,4 +1,5 @@
-import { account, invitation, member, organization } from "../../auth/auth-schema.js";
+import { account, invitation, member, organization, ssoProvider, user } from "../../auth/auth-schema.js";
+import { parseAllowedAuthMethods } from "../../auth/auth-types.js";
 import { and, desc, eq, inArray, or } from "drizzle-orm";
 import { generateId } from "better-auth";
 
@@ -51,7 +52,10 @@ const getPendingInvitationsByEmail = (db) => async (email) => {
 */
 const addUserToOrganization = (db) => async (data) => {
 	if ((await db.select().from(organization).where(eq(organization.id, data.organizationId)).limit(1)).length === 0) throw new Error(`Organization ${data.organizationId} does not exist`);
-	if ((await db.select().from(member).where(and(eq(member.userId, data.userId), eq(member.organizationId, data.organizationId))).limit(1)).length > 0) return;
+	if ((await db.select().from(member).where(and(eq(member.userId, data.userId), eq(member.organizationId, data.organizationId))).limit(1)).length > 0) {
+		if (data.isServiceAccount) await db.update(organization).set({ serviceAccountUserId: data.userId }).where(eq(organization.id, data.organizationId));
+		return;
+	}
 	await db.insert(member).values({
 		id: `${data.userId}_${data.organizationId}`,
 		userId: data.userId,
@@ -59,6 +63,7 @@ const addUserToOrganization = (db) => async (data) => {
 		role: data.role,
 		createdAt: /* @__PURE__ */ new Date()
 	});
+	if (data.isServiceAccount) await db.update(organization).set({ serviceAccountUserId: data.userId }).where(eq(organization.id, data.organizationId));
 };
 const upsertOrganization = (db) => async (data) => {
 	if ((await db.select().from(organization).where(or(eq(organization.id, data.organizationId), eq(organization.slug, data.slug))).limit(1)).length > 0) return { created: false };
@@ -74,7 +79,7 @@ const upsertOrganization = (db) => async (data) => {
 };
 /**
 * Get authentication providers for a list of users.
-* Returns which providers each user has linked (e.g., 'credential', 'google', 'auth0').
+* Returns which providers each user has linked (e.g., 'credential', 'google').
 */
 const getUserProvidersFromDb = (db) => async (userIds) => {
 	if (userIds.length === 0) return [];
@@ -93,17 +98,23 @@ const getUserProvidersFromDb = (db) => async (userIds) => {
 		providers: providerMap.get(userId) || []
 	}));
 };
+const getAllowedAuthMethods = (db) => async (organizationId) => {
+	const org = (await db.select({ allowedAuthMethods: organization.allowedAuthMethods }).from(organization).where(eq(organization.id, organizationId)).limit(1))[0];
+	if (!org) return [{ method: "email-password" }];
+	return parseAllowedAuthMethods(org.allowedAuthMethods);
+};
 /**
-* Create an invitation directly in db
-* Used when shouldAllowJoinFromWorkspace is enabled for a work_app_slack_workspaces
+* Create an invitation directly in db.
+* Accepts an optional explicit authMethod; defaults to email-password.
 */
 const createInvitationInDb = (db) => async (data) => {
 	const orgSettings = (await db.select({
 		serviceAccountUserId: organization.serviceAccountUserId,
+		allowedAuthMethods: organization.allowedAuthMethods,
 		preferredAuthMethod: organization.preferredAuthMethod
 	}).from(organization).where(eq(organization.id, data.organizationId)).limit(1))[0];
 	if (!orgSettings?.serviceAccountUserId) throw new Error(`Organization ${data.organizationId} does not have a serviceAccountUserId configured`);
-	if (!orgSettings?.preferredAuthMethod) throw new Error(`Organization ${data.organizationId} does not have a preferredAuthMethod configured`);
+	const resolvedMethod = data.authMethod || orgSettings.preferredAuthMethod || "email-password";
 	const inviteId = generateId();
 	const expiresAt = new Date(Date.now() + 3600 * 1e3);
 	await db.insert(invitation).values({
@@ -114,13 +125,124 @@ const createInvitationInDb = (db) => async (data) => {
 		status: "pending",
 		expiresAt,
 		inviterId: orgSettings.serviceAccountUserId,
-		authMethod: orgSettings.preferredAuthMethod
+		authMethod: resolvedMethod
 	});
 	return {
 		id: inviteId,
-		authMethod: orgSettings.preferredAuthMethod
+		authMethod: resolvedMethod
 	};
 };
+const getSSOProvidersByDomain = (db) => async (domain) => {
+	return (await db.select({
+		providerId: ssoProvider.providerId,
+		issuer: ssoProvider.issuer,
+		domain: ssoProvider.domain,
+		organizationId: ssoProvider.organizationId,
+		oidcConfig: ssoProvider.oidcConfig,
+		samlConfig: ssoProvider.samlConfig
+	}).from(ssoProvider).where(eq(ssoProvider.domain, domain))).map((provider) => ({
+		providerId: provider.providerId,
+		issuer: provider.issuer,
+		domain: provider.domain,
+		organizationId: provider.organizationId,
+		providerType: provider.samlConfig ? "saml" : "oidc"
+	}));
+};
+/**
+* Filters org-allowed auth methods by email domain.
+* SSO providers are only included if their domain matches the user's email domain.
+* Non-SSO methods (email-password, google) pass through unfiltered.
+*/
+const getFilteredAuthMethodsForEmail = (db) => async (organizationId, email) => {
+	const emailDomain = email.split("@")[1]?.toLowerCase();
+	if (!emailDomain) return [];
+	const [allowed, domainProviders] = await Promise.all([getAllowedAuthMethods(db)(organizationId), getSSOProvidersByDomain(db)(emailDomain)]);
+	return allowedMethodsToMethodOptions(allowed, domainProviders.filter((p) => p.organizationId === organizationId));
+};
+function allowedMethodsToMethodOptions(methods, ssoProviders) {
+	const options = [];
+	for (const m of methods) if (m.method === "email-password") options.push({ method: "email-password" });
+	else if (m.method === "google") options.push({ method: "google" });
+	else if (m.method === "sso") {
+		if (!m.enabled) continue;
+		const provider = ssoProviders.find((p) => p.providerId === m.providerId);
+		if (!provider) continue;
+		options.push({
+			method: "sso",
+			providerId: m.providerId,
+			providerType: provider.providerType,
+			displayName: m.displayName
+		});
+	}
+	return options;
+}
+/**
+* Main auth-lookup query for the login flow.
+* Returns org-grouped methods based on SSO domain match and/or user org membership.
+*/
+const getAuthLookupForEmail = (db) => async (email) => {
+	const emailDomain = email.split("@")[1]?.toLowerCase();
+	if (!emailDomain) return [];
+	const orgMap = /* @__PURE__ */ new Map();
+	const domainProviders = await getSSOProvidersByDomain(db)(emailDomain);
+	const orgIdsFromSSO = [...new Set(domainProviders.map((p) => p.organizationId).filter(Boolean))];
+	for (const orgId of orgIdsFromSSO) {
+		const org = (await db.select({
+			id: organization.id,
+			name: organization.name,
+			slug: organization.slug,
+			allowedAuthMethods: organization.allowedAuthMethods,
+			preferredAuthMethod: organization.preferredAuthMethod
+		}).from(organization).where(eq(organization.id, orgId)).limit(1))[0];
+		if (!org) continue;
+		const allowed = parseAllowedAuthMethods(org.allowedAuthMethods);
+		const orgSSO = domainProviders.filter((p) => p.organizationId === orgId);
+		orgMap.set(orgId, {
+			organizationId: org.id,
+			organizationName: org.name,
+			organizationSlug: org.slug,
+			methods: allowedMethodsToMethodOptions(allowed, orgSSO)
+		});
+	}
+	const userRow = await db.select({ id: user.id }).from(user).where(eq(user.email, email.toLowerCase())).limit(1);
+	if (userRow[0]) {
+		const memberships = await db.select({
+			organizationId: member.organizationId,
+			orgName: organization.name,
+			orgSlug: organization.slug,
+			allowedAuthMethods: organization.allowedAuthMethods,
+			preferredAuthMethod: organization.preferredAuthMethod
+		}).from(member).innerJoin(organization, eq(member.organizationId, organization.id)).where(eq(member.userId, userRow[0].id));
+		for (const m of memberships) {
+			if (orgMap.has(m.organizationId)) continue;
+			const allowed = parseAllowedAuthMethods(m.allowedAuthMethods);
+			const orgSSO = domainProviders.filter((p) => p.organizationId === m.organizationId);
+			orgMap.set(m.organizationId, {
+				organizationId: m.organizationId,
+				organizationName: m.orgName,
+				organizationSlug: m.orgSlug,
+				methods: allowedMethodsToMethodOptions(allowed, orgSSO)
+			});
+		}
+		const serviceAccountOrgs = await db.select({
+			id: organization.id,
+			name: organization.name,
+			slug: organization.slug
+		}).from(organization).where(eq(organization.serviceAccountUserId, userRow[0].id));
+		for (const org of serviceAccountOrgs) {
+			const existing = orgMap.get(org.id);
+			if (existing) {
+				if (!existing.methods.some((m) => m.method === "email-password")) existing.methods.unshift({ method: "email-password" });
+			} else orgMap.set(org.id, {
+				organizationId: org.id,
+				organizationName: org.name,
+				organizationSlug: org.slug,
+				methods: [{ method: "email-password" }]
+			});
+		}
+	}
+	return [...orgMap.values()];
+};
 
 //#endregion
-export { addUserToOrganization, createInvitationInDb, getPendingInvitationsByEmail, getUserOrganizationsFromDb, getUserProvidersFromDb, upsertOrganization };
+export { addUserToOrganization, allowedMethodsToMethodOptions, createInvitationInDb, getAllowedAuthMethods, getAuthLookupForEmail, getFilteredAuthMethodsForEmail, getPendingInvitationsByEmail, getSSOProvidersByDomain, getUserOrganizationsFromDb, getUserProvidersFromDb, upsertOrganization };

package/dist/data-access/runtime/scheduledTriggerInvocations.d.ts

@@ -39,7 +39,7 @@ declare const listScheduledTriggerInvocationsPaginated: (db: AgentsRunDatabaseCl
       name: string;
       hash: string;
     } | null;
-    status: "pending" | "running" | "completed" | "failed" | "cancelled";
+    status: "pending" | "failed" | "running" | "completed" | "cancelled";
     scheduledFor: string;
     startedAt: string | null;
     completedAt: string | null;
@@ -184,7 +184,7 @@ declare const listUpcomingInvocationsForAgentPaginated: (db: AgentsRunDatabaseCl
       name: string;
       hash: string;
     } | null;
-    status: "pending" | "running" | "completed" | "failed" | "cancelled";
+    status: "pending" | "failed" | "running" | "completed" | "cancelled";
     scheduledFor: string;
     startedAt: string | null;
     completedAt: string | null;
@@ -223,7 +223,7 @@ declare const listProjectScheduledTriggerInvocationsPaginated: (db: AgentsRunDat
       name: string;
       hash: string;
     } | null;
-    status: "pending" | "running" | "completed" | "failed" | "cancelled";
+    status: "pending" | "failed" | "running" | "completed" | "cancelled";
     scheduledFor: string;
     startedAt: string | null;
     completedAt: string | null;

package/dist/data-access/runtime/tasks.d.ts

@@ -14,13 +14,13 @@ declare const createTask: (db: AgentsRunDatabaseClient) => (params: TaskInsert)
   createdAt: string;
   updatedAt: string;
   metadata: TaskMetadataConfig | null;
+  status: string;
+  subAgentId: string;
   ref: {
     type: "commit" | "tag" | "branch";
     name: string;
     hash: string;
   } | null;
-  status: string;
-  subAgentId: string;
   contextId: string;
 }>;
 declare const getTask: (db: AgentsRunDatabaseClient) => (params: {