npm - @inkeep/agents-core - Versions diffs - 0.58.21 → 0.59.1 - Mend

@inkeep/agents-core 0.58.21 → 0.59.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (75) hide show

package/dist/auth/auth-config-utils.d.ts +49 -0
package/dist/auth/auth-config-utils.js +133 -0
package/dist/auth/auth-schema.d.ts +102 -85
package/dist/auth/auth-schema.js +1 -0
package/dist/auth/auth-types.d.ts +170 -0
package/dist/auth/auth-types.js +53 -0
package/dist/auth/auth-validation-schemas.d.ts +169 -135
package/dist/auth/auth.d.ts +43 -1286
package/dist/auth/auth.js +61 -70
package/dist/auth/email-send-status-store.js +15 -3
package/dist/auth/init.js +2 -1
package/dist/auth/password-reset-link-store.js +8 -1
package/dist/auth/permissions.d.ts +13 -13
package/dist/client-exports.d.ts +2 -2
package/dist/client-exports.js +2 -2
package/dist/constants/{allowed-image-formats.d.ts → allowed-file-formats.d.ts} +4 -3
package/dist/constants/{allowed-image-formats.js → allowed-file-formats.js} +13 -10
package/dist/credential-stores/composio-store.d.ts +28 -0
package/dist/credential-stores/composio-store.js +53 -0
package/dist/credential-stores/default-constants.d.ts +2 -1
package/dist/credential-stores/default-constants.js +2 -1
package/dist/credential-stores/defaults.js +3 -1
package/dist/credential-stores/index.d.ts +3 -2
package/dist/credential-stores/index.js +3 -2
package/dist/data-access/index.d.ts +5 -4
package/dist/data-access/index.js +4 -4
package/dist/data-access/manage/agents.d.ts +30 -30
package/dist/data-access/manage/artifactComponents.d.ts +10 -10
package/dist/data-access/manage/contextConfigs.d.ts +8 -8
package/dist/data-access/manage/dataComponents.d.ts +2 -2
package/dist/data-access/manage/functionTools.d.ts +14 -14
package/dist/data-access/manage/skills.d.ts +19 -19
package/dist/data-access/manage/subAgentExternalAgentRelations.d.ts +24 -24
package/dist/data-access/manage/subAgentRelations.d.ts +22 -22
package/dist/data-access/manage/subAgentTeamAgentRelations.d.ts +18 -18
package/dist/data-access/manage/subAgents.d.ts +18 -18
package/dist/data-access/manage/tools.d.ts +30 -30
package/dist/data-access/manage/tools.js +17 -5
package/dist/data-access/manage/triggers.d.ts +1 -1
package/dist/data-access/runtime/apiKeys.d.ts +16 -16
package/dist/data-access/runtime/apps.d.ts +12 -12
package/dist/data-access/runtime/auth.d.ts +9 -9
package/dist/data-access/runtime/auth.js +19 -21
package/dist/data-access/runtime/conversations.d.ts +24 -24
package/dist/data-access/runtime/messages.d.ts +12 -12
package/dist/data-access/runtime/organizations.d.ts +28 -4
package/dist/data-access/runtime/organizations.js +131 -9
package/dist/data-access/runtime/scheduledTriggerInvocations.d.ts +10 -1
package/dist/data-access/runtime/scheduledTriggerInvocations.js +13 -1
package/dist/data-access/runtime/tasks.d.ts +5 -5
package/dist/db/manage/manage-schema.d.ts +359 -359
package/dist/db/runtime/runtime-schema.d.ts +298 -298
package/dist/index.d.ts +8 -6
package/dist/index.js +8 -7
package/dist/types/utility.d.ts +1 -0
package/dist/types/utility.js +2 -1
package/dist/utils/credential-store-utils.js +1 -0
package/dist/utils/error.d.ts +51 -48
package/dist/utils/error.js +3 -0
package/dist/utils/index.d.ts +2 -2
package/dist/utils/index.js +4 -4
package/dist/utils/third-party-mcp-servers/composio-client.d.ts +20 -4
package/dist/utils/third-party-mcp-servers/composio-client.js +51 -25
package/dist/utils/third-party-mcp-servers/index.d.ts +2 -2
package/dist/utils/third-party-mcp-servers/index.js +2 -2
package/dist/utils/third-party-mcp-servers/third-party-check.d.ts +3 -4
package/dist/utils/third-party-mcp-servers/third-party-check.js +1 -2
package/dist/validation/drizzle-schema-helpers.d.ts +3 -3
package/dist/validation/schemas.d.ts +2026 -2005
package/dist/validation/schemas.js +3 -1
package/drizzle/runtime/0023_lazy_energizer.sql +1 -0
package/drizzle/runtime/0024_moaning_kingpin.sql +1 -0
package/drizzle/runtime/meta/0024_snapshot.json +4270 -0
package/drizzle/runtime/meta/_journal.json +7 -0
package/package.json +11 -6

package/dist/data-access/runtime/organizations.js CHANGED Viewed

@@ -1,4 +1,5 @@
-import { account, invitation, member, organization } from "../../auth/auth-schema.js";
+import { account, invitation, member, organization, ssoProvider, user } from "../../auth/auth-schema.js";
+import { parseAllowedAuthMethods } from "../../auth/auth-types.js";
 import { and, desc, eq, inArray, or } from "drizzle-orm";
 import { generateId } from "better-auth";
@@ -51,7 +52,10 @@ const getPendingInvitationsByEmail = (db) => async (email) => {
 */
 const addUserToOrganization = (db) => async (data) => {
 	if ((await db.select().from(organization).where(eq(organization.id, data.organizationId)).limit(1)).length === 0) throw new Error(`Organization ${data.organizationId} does not exist`);
-	if ((await db.select().from(member).where(and(eq(member.userId, data.userId), eq(member.organizationId, data.organizationId))).limit(1)).length > 0) return;
+	if ((await db.select().from(member).where(and(eq(member.userId, data.userId), eq(member.organizationId, data.organizationId))).limit(1)).length > 0) {
+		if (data.isServiceAccount) await db.update(organization).set({ serviceAccountUserId: data.userId }).where(eq(organization.id, data.organizationId));
+		return;
+	}
 	await db.insert(member).values({
 		id: `${data.userId}_${data.organizationId}`,
 		userId: data.userId,
@@ -59,6 +63,7 @@ const addUserToOrganization = (db) => async (data) => {
 		role: data.role,
 		createdAt: /* @__PURE__ */ new Date()
 	});
+	if (data.isServiceAccount) await db.update(organization).set({ serviceAccountUserId: data.userId }).where(eq(organization.id, data.organizationId));
 };
 const upsertOrganization = (db) => async (data) => {
 	if ((await db.select().from(organization).where(or(eq(organization.id, data.organizationId), eq(organization.slug, data.slug))).limit(1)).length > 0) return { created: false };
@@ -74,7 +79,7 @@ const upsertOrganization = (db) => async (data) => {
 };
 /**
 * Get authentication providers for a list of users.
-* Returns which providers each user has linked (e.g., 'credential', 'google', 'auth0').
+* Returns which providers each user has linked (e.g., 'credential', 'google').
 */
 const getUserProvidersFromDb = (db) => async (userIds) => {
 	if (userIds.length === 0) return [];
@@ -93,17 +98,23 @@ const getUserProvidersFromDb = (db) => async (userIds) => {
 		providers: providerMap.get(userId) || []
 	}));
 };
+const getAllowedAuthMethods = (db) => async (organizationId) => {
+	const org = (await db.select({ allowedAuthMethods: organization.allowedAuthMethods }).from(organization).where(eq(organization.id, organizationId)).limit(1))[0];
+	if (!org) return [{ method: "email-password" }];
+	return parseAllowedAuthMethods(org.allowedAuthMethods);
+};
 /**
-* Create an invitation directly in db
-* Used when shouldAllowJoinFromWorkspace is enabled for a work_app_slack_workspaces
+* Create an invitation directly in db.
+* Accepts an optional explicit authMethod; defaults to email-password.
 */
 const createInvitationInDb = (db) => async (data) => {
 	const orgSettings = (await db.select({
 		serviceAccountUserId: organization.serviceAccountUserId,
+		allowedAuthMethods: organization.allowedAuthMethods,
 		preferredAuthMethod: organization.preferredAuthMethod
 	}).from(organization).where(eq(organization.id, data.organizationId)).limit(1))[0];
 	if (!orgSettings?.serviceAccountUserId) throw new Error(`Organization ${data.organizationId} does not have a serviceAccountUserId configured`);
-	if (!orgSettings?.preferredAuthMethod) throw new Error(`Organization ${data.organizationId} does not have a preferredAuthMethod configured`);
+	const resolvedMethod = data.authMethod || orgSettings.preferredAuthMethod || "email-password";
 	const inviteId = generateId();
 	const expiresAt = new Date(Date.now() + 3600 * 1e3);
 	await db.insert(invitation).values({
@@ -114,13 +125,124 @@ const createInvitationInDb = (db) => async (data) => {
 		status: "pending",
 		expiresAt,
 		inviterId: orgSettings.serviceAccountUserId,
-		authMethod: orgSettings.preferredAuthMethod
+		authMethod: resolvedMethod
 	});
 	return {
 		id: inviteId,
-		authMethod: orgSettings.preferredAuthMethod
+		authMethod: resolvedMethod
 	};
 };
+const getSSOProvidersByDomain = (db) => async (domain) => {
+	return (await db.select({
+		providerId: ssoProvider.providerId,
+		issuer: ssoProvider.issuer,
+		domain: ssoProvider.domain,
+		organizationId: ssoProvider.organizationId,
+		oidcConfig: ssoProvider.oidcConfig,
+		samlConfig: ssoProvider.samlConfig
+	}).from(ssoProvider).where(eq(ssoProvider.domain, domain))).map((provider) => ({
+		providerId: provider.providerId,
+		issuer: provider.issuer,
+		domain: provider.domain,
+		organizationId: provider.organizationId,
+		providerType: provider.samlConfig ? "saml" : "oidc"
+	}));
+};
+/**
+* Filters org-allowed auth methods by email domain.
+* SSO providers are only included if their domain matches the user's email domain.
+* Non-SSO methods (email-password, google) pass through unfiltered.
+*/
+const getFilteredAuthMethodsForEmail = (db) => async (organizationId, email) => {
+	const emailDomain = email.split("@")[1]?.toLowerCase();
+	if (!emailDomain) return [];
+	const [allowed, domainProviders] = await Promise.all([getAllowedAuthMethods(db)(organizationId), getSSOProvidersByDomain(db)(emailDomain)]);
+	return allowedMethodsToMethodOptions(allowed, domainProviders.filter((p) => p.organizationId === organizationId));
+};
+function allowedMethodsToMethodOptions(methods, ssoProviders) {
+	const options = [];
+	for (const m of methods) if (m.method === "email-password") options.push({ method: "email-password" });
+	else if (m.method === "google") options.push({ method: "google" });
+	else if (m.method === "sso") {
+		if (!m.enabled) continue;
+		const provider = ssoProviders.find((p) => p.providerId === m.providerId);
+		if (!provider) continue;
+		options.push({
+			method: "sso",
+			providerId: m.providerId,
+			providerType: provider.providerType,
+			displayName: m.displayName
+		});
+	}
+	return options;
+}
+/**
+* Main auth-lookup query for the login flow.
+* Returns org-grouped methods based on SSO domain match and/or user org membership.
+*/
+const getAuthLookupForEmail = (db) => async (email) => {
+	const emailDomain = email.split("@")[1]?.toLowerCase();
+	if (!emailDomain) return [];
+	const orgMap = /* @__PURE__ */ new Map();
+	const domainProviders = await getSSOProvidersByDomain(db)(emailDomain);
+	const orgIdsFromSSO = [...new Set(domainProviders.map((p) => p.organizationId).filter(Boolean))];
+	for (const orgId of orgIdsFromSSO) {
+		const org = (await db.select({
+			id: organization.id,
+			name: organization.name,
+			slug: organization.slug,
+			allowedAuthMethods: organization.allowedAuthMethods,
+			preferredAuthMethod: organization.preferredAuthMethod
+		}).from(organization).where(eq(organization.id, orgId)).limit(1))[0];
+		if (!org) continue;
+		const allowed = parseAllowedAuthMethods(org.allowedAuthMethods);
+		const orgSSO = domainProviders.filter((p) => p.organizationId === orgId);
+		orgMap.set(orgId, {
+			organizationId: org.id,
+			organizationName: org.name,
+			organizationSlug: org.slug,
+			methods: allowedMethodsToMethodOptions(allowed, orgSSO)
+		});
+	}
+	const userRow = await db.select({ id: user.id }).from(user).where(eq(user.email, email.toLowerCase())).limit(1);
+	if (userRow[0]) {
+		const memberships = await db.select({
+			organizationId: member.organizationId,
+			orgName: organization.name,
+			orgSlug: organization.slug,
+			allowedAuthMethods: organization.allowedAuthMethods,
+			preferredAuthMethod: organization.preferredAuthMethod
+		}).from(member).innerJoin(organization, eq(member.organizationId, organization.id)).where(eq(member.userId, userRow[0].id));
+		for (const m of memberships) {
+			if (orgMap.has(m.organizationId)) continue;
+			const allowed = parseAllowedAuthMethods(m.allowedAuthMethods);
+			const orgSSO = domainProviders.filter((p) => p.organizationId === m.organizationId);
+			orgMap.set(m.organizationId, {
+				organizationId: m.organizationId,
+				organizationName: m.orgName,
+				organizationSlug: m.orgSlug,
+				methods: allowedMethodsToMethodOptions(allowed, orgSSO)
+			});
+		}
+		const serviceAccountOrgs = await db.select({
+			id: organization.id,
+			name: organization.name,
+			slug: organization.slug
+		}).from(organization).where(eq(organization.serviceAccountUserId, userRow[0].id));
+		for (const org of serviceAccountOrgs) {
+			const existing = orgMap.get(org.id);
+			if (existing) {
+				if (!existing.methods.some((m) => m.method === "email-password")) existing.methods.unshift({ method: "email-password" });
+			} else orgMap.set(org.id, {
+				organizationId: org.id,
+				organizationName: org.name,
+				organizationSlug: org.slug,
+				methods: [{ method: "email-password" }]
+			});
+		}
+	}
+	return [...orgMap.values()];
+};
 //#endregion
-export { addUserToOrganization, createInvitationInDb, getPendingInvitationsByEmail, getUserOrganizationsFromDb, getUserProvidersFromDb, upsertOrganization };
+export { addUserToOrganization, allowedMethodsToMethodOptions, createInvitationInDb, getAllowedAuthMethods, getAuthLookupForEmail, getFilteredAuthMethodsForEmail, getPendingInvitationsByEmail, getSSOProvidersByDomain, getUserOrganizationsFromDb, getUserProvidersFromDb, upsertOrganization };

package/dist/data-access/runtime/scheduledTriggerInvocations.d.ts CHANGED Viewed

@@ -116,6 +116,15 @@ declare const markScheduledTriggerInvocationFailed: (db: AgentsRunDatabaseClient
   scheduledTriggerId: string;
   invocationId: string;
 }) => Promise<ScheduledTriggerInvocation | undefined>;
+/**
+ * Reset a cancelled invocation back to pending.
+ * Only updates if the current status is 'cancelled' to prevent race conditions.
+ */
+declare const resetCancelledInvocationToPending: (db: AgentsRunDatabaseClient) => (params: {
+  scopes: AgentScopeConfig;
+  scheduledTriggerId: string;
+  invocationId: string;
+}) => Promise<ScheduledTriggerInvocation | undefined>;
 /**
  * Add a conversation ID to the invocation's conversationIds array
  * Used to track all conversations created during retries
@@ -245,4 +254,4 @@ declare const listProjectScheduledTriggerInvocationsPaginated: (db: AgentsRunDat
   };
 }>;
 //#endregion
-export { addConversationIdToInvocation, cancelPastPendingInvocationsForTrigger, cancelPendingInvocationsForTrigger, createScheduledTriggerInvocation, deletePendingInvocationsForTrigger, getScheduledTriggerInvocationById, getScheduledTriggerInvocationByIdempotencyKey, getScheduledTriggerRunInfoBatch, listPendingScheduledTriggerInvocations, listProjectScheduledTriggerInvocationsPaginated, listScheduledTriggerInvocationsPaginated, listUpcomingInvocationsForAgentPaginated, markScheduledTriggerInvocationCancelled, markScheduledTriggerInvocationCompleted, markScheduledTriggerInvocationFailed, markScheduledTriggerInvocationRunning, updateScheduledTriggerInvocationStatus };
+export { addConversationIdToInvocation, cancelPastPendingInvocationsForTrigger, cancelPendingInvocationsForTrigger, createScheduledTriggerInvocation, deletePendingInvocationsForTrigger, getScheduledTriggerInvocationById, getScheduledTriggerInvocationByIdempotencyKey, getScheduledTriggerRunInfoBatch, listPendingScheduledTriggerInvocations, listProjectScheduledTriggerInvocationsPaginated, listScheduledTriggerInvocationsPaginated, listUpcomingInvocationsForAgentPaginated, markScheduledTriggerInvocationCancelled, markScheduledTriggerInvocationCompleted, markScheduledTriggerInvocationFailed, markScheduledTriggerInvocationRunning, resetCancelledInvocationToPending, updateScheduledTriggerInvocationStatus };

package/dist/data-access/runtime/scheduledTriggerInvocations.js CHANGED Viewed

@@ -98,6 +98,18 @@ const markScheduledTriggerInvocationFailed = (db) => async (params) => {
 	}).where(and(agentScopedWhere(scheduledTriggerInvocations, params.scopes), eq(scheduledTriggerInvocations.scheduledTriggerId, params.scheduledTriggerId), eq(scheduledTriggerInvocations.id, params.invocationId), ne(scheduledTriggerInvocations.status, "cancelled"))).returning())[0];
 };
 /**
+* Reset a cancelled invocation back to pending.
+* Only updates if the current status is 'cancelled' to prevent race conditions.
+*/
+const resetCancelledInvocationToPending = (db) => async (params) => {
+	return (await db.update(scheduledTriggerInvocations).set({
+		status: "pending",
+		attemptNumber: 1,
+		startedAt: null,
+		completedAt: null
+	}).where(and(agentScopedWhere(scheduledTriggerInvocations, params.scopes), eq(scheduledTriggerInvocations.scheduledTriggerId, params.scheduledTriggerId), eq(scheduledTriggerInvocations.id, params.invocationId), eq(scheduledTriggerInvocations.status, "cancelled"))).returning())[0];
+};
+/**
 * Add a conversation ID to the invocation's conversationIds array
 * Used to track all conversations created during retries
 */
@@ -213,4 +225,4 @@ const listProjectScheduledTriggerInvocationsPaginated = (db) => async (params) =
 };
 //#endregion
-export { addConversationIdToInvocation, cancelPastPendingInvocationsForTrigger, cancelPendingInvocationsForTrigger, createScheduledTriggerInvocation, deletePendingInvocationsForTrigger, getScheduledTriggerInvocationById, getScheduledTriggerInvocationByIdempotencyKey, getScheduledTriggerRunInfoBatch, listPendingScheduledTriggerInvocations, listProjectScheduledTriggerInvocationsPaginated, listScheduledTriggerInvocationsPaginated, listUpcomingInvocationsForAgentPaginated, markScheduledTriggerInvocationCancelled, markScheduledTriggerInvocationCompleted, markScheduledTriggerInvocationFailed, markScheduledTriggerInvocationRunning, updateScheduledTriggerInvocationStatus };
+export { addConversationIdToInvocation, cancelPastPendingInvocationsForTrigger, cancelPendingInvocationsForTrigger, createScheduledTriggerInvocation, deletePendingInvocationsForTrigger, getScheduledTriggerInvocationById, getScheduledTriggerInvocationByIdempotencyKey, getScheduledTriggerRunInfoBatch, listPendingScheduledTriggerInvocations, listProjectScheduledTriggerInvocationsPaginated, listScheduledTriggerInvocationsPaginated, listUpcomingInvocationsForAgentPaginated, markScheduledTriggerInvocationCancelled, markScheduledTriggerInvocationCompleted, markScheduledTriggerInvocationFailed, markScheduledTriggerInvocationRunning, resetCancelledInvocationToPending, updateScheduledTriggerInvocationStatus };

package/dist/data-access/runtime/tasks.d.ts CHANGED Viewed

@@ -7,19 +7,19 @@ import { TaskInsert, TaskSelect } from "../../types/entities.js";
 //#region src/data-access/runtime/tasks.d.ts
 declare const createTask: (db: AgentsRunDatabaseClient) => (params: TaskInsert) => Promise<{
+  metadata: TaskMetadataConfig | null;
   id: string;
-  tenantId: string;
-  projectId: string;
-  agentId: string;
   createdAt: string;
+  status: string;
   updatedAt: string;
-  metadata: TaskMetadataConfig | null;
   ref: {
     type: "commit" | "tag" | "branch";
     name: string;
     hash: string;
   } | null;
-  status: string;
+  tenantId: string;
+  projectId: string;
+  agentId: string;
   subAgentId: string;
   contextId: string;
 }>;