@inkeep/agents-core 0.59.0 → 0.59.2

package/dist/utils/third-party-mcp-servers/composio-client.js

@@ -70,19 +70,21 @@ function getComposioUserId(tenantId, projectId, credentialScope, userId) {
 * Configure a Composio MCP server config with the appropriate user_id and x-api-key.
 * Mutates serverConfig in place:
 *  - Injects user_id query param into the URL (scoped by tenant/project/user)
+*  - Injects connected_account_id query param if provided (pins to a specific account)
 *  - Injects x-api-key header from COMPOSIO_API_KEY env var
 *
 * No-op if the URL is not a composio.dev URL or already has a user_id.
 */
-function configureComposioMCPServer(serverConfig, tenantId, projectId, credentialScope, userId) {
+function configureComposioMCPServer(serverConfig, tenantId, projectId, credentialScope, userId, connectedAccountId) {
 	const baseUrl = serverConfig.url?.toString();
 	if (!baseUrl?.includes("composio.dev")) return;
 	const urlObj = new URL(baseUrl);
 	if (!urlObj.searchParams.has("user_id")) {
 		const composioUserId = getComposioUserId(tenantId, projectId, credentialScope, userId);
 		urlObj.searchParams.set("user_id", composioUserId);
-		serverConfig.url = urlObj.toString();
 	}
+	if (connectedAccountId && !urlObj.searchParams.has("connected_account_id")) urlObj.searchParams.set("connected_account_id", connectedAccountId);
+	serverConfig.url = urlObj.toString();
 	const composioApiKey = process.env.COMPOSIO_API_KEY;
 	if (composioApiKey) serverConfig.headers = {
 		...serverConfig.headers,
@@ -135,7 +137,11 @@ async function fetchComposioConnectedAccounts(derivedUserId) {
 	try {
 		return await composioInstance.connectedAccounts.list({
 			userIds: [derivedUserId],
-			statuses: ["ACTIVE", "INITIATED"]
+			statuses: [
+				"ACTIVE",
+				"INITIATED",
+				"EXPIRED"
+			]
 		});
 	} catch (error) {
 		logger$1.error({ error }, "Error fetching Composio connected accounts");
@@ -144,44 +150,52 @@ async function fetchComposioConnectedAccounts(derivedUserId) {
 }
 /**
 * Check if a Composio MCP server is authenticated for the given tenant/project/user
-* Returns true if authenticated, false otherwise
 * @param credentialScope - 'project' for shared team credentials, 'user' for per-user credentials
 * @param userId - The actual user ID (required if credentialScope is 'user')
 */
 async function isComposioMCPServerAuthenticated(tenantId, projectId, mcpServerUrl, credentialScope = "project", userId) {
 	if (!process.env.COMPOSIO_API_KEY) {
 		logger$1.info({}, "Composio API key not configured, skipping auth check");
-		return false;
+		return { authenticated: false };
 	}
 	const serverId = extractComposioServerId(mcpServerUrl);
 	if (!serverId) {
 		logger$1.info({ mcpServerUrl }, "Could not extract Composio server ID from URL");
-		return false;
+		return { authenticated: false };
 	}
 	const composioUserId = getComposioUserId(tenantId, projectId, credentialScope, userId);
 	const composioInstance = getComposioInstance();
 	if (!composioInstance) {
 		logger$1.info({}, "Composio not configured, skipping auth check");
-		return false;
+		return { authenticated: false };
 	}
 	try {
 		const [composioMcpServer, connectedAccounts] = await Promise.all([composioInstance.mcp.get(serverId), fetchComposioConnectedAccounts(composioUserId)]);
-		if (!(composioMcpServer.authConfigIds.length > 0 ? composioMcpServer.authConfigIds[0] : null)) return false;
-		if (!connectedAccounts) return false;
-		const activeAuthConfigIds = new Set(connectedAccounts.items.filter((account) => account.status === "ACTIVE").map((account) => account.authConfig.id));
-		return composioMcpServer.authConfigIds.some((authConfigId) => activeAuthConfigIds.has(authConfigId));
+		if (!(composioMcpServer.authConfigIds.length > 0 ? composioMcpServer.authConfigIds[0] : null)) return { authenticated: false };
+		if (!connectedAccounts) return { authenticated: false };
+		const activeAccounts = connectedAccounts.items.filter((account) => account.status === "ACTIVE");
+		const activeAuthConfigIds = new Set(activeAccounts.map((account) => account.authConfig.id));
+		if (!composioMcpServer.authConfigIds.some((authConfigId) => activeAuthConfigIds.has(authConfigId))) return { authenticated: false };
+		const connectedAccountId = activeAccounts.find((account) => composioMcpServer.authConfigIds.includes(account.authConfig.id))?.id;
+		return {
+			authenticated: !!connectedAccountId,
+			connectedAccountId
+		};
 	} catch (error) {
 		logger$1.error({
 			error,
 			mcpServerUrl
 		}, "Error checking Composio authentication status");
-		return false;
+		return {
+			authenticated: false,
+			error: true
+		};
 	}
 }
 /**
 * Convert Composio server data to PrebuiltMCPServer format
 */
-function transformComposioServerData(composioMcpServer, isAuthenticated, url, thirdPartyConnectAccountUrl) {
+function transformComposioServerData(composioMcpServer, isAuthenticated, url, thirdPartyConnectAccountUrl, connectedAccountId, authScheme) {
 	const firstToolkit = composioMcpServer.toolkits[0];
 	const category = firstToolkit ? TOOLKIT_TO_CATEGORY[firstToolkit] || "integration" : "integration";
 	const imageUrl = composioMcpServer.toolkitIcons?.[firstToolkit];
@@ -195,7 +209,9 @@ function transformComposioServerData(composioMcpServer, isAuthenticated, url, th
 		category,
 		description,
 		isOpen: isAuthenticated,
-		thirdPartyConnectAccountUrl
+		thirdPartyConnectAccountUrl,
+		connectedAccountId,
+		authScheme
 	};
 }
 /**
@@ -203,14 +219,14 @@ function transformComposioServerData(composioMcpServer, isAuthenticated, url, th
 * Handles account creation/deletion and returns the redirect URL
 * Returns null if account creation fails
 */
-async function ensureComposioAccount(composioMcpServer, derivedUserId, initiatedAccounts) {
+async function ensureComposioAccount(composioMcpServer, derivedUserId, staleAccounts) {
 	const firstAuthConfigId = composioMcpServer.authConfigIds[0];
 	if (!firstAuthConfigId) {
 		logger$1.error({ serverId: composioMcpServer.id }, "No auth config ID found for MCP server");
 		return null;
 	}
-	const existingInitiatedAccount = initiatedAccounts.find((account) => account.authConfig.id === firstAuthConfigId);
-	if (existingInitiatedAccount) await deleteComposioConnectedAccount(existingInitiatedAccount.id);
+	const existingStaleAccounts = staleAccounts.filter((account) => account.authConfig.id === firstAuthConfigId);
+	await Promise.all(existingStaleAccounts.map((account) => deleteComposioConnectedAccount(account.id)));
 	try {
 		const composioInstance = getComposioInstance();
 		if (!composioInstance) {
@@ -249,7 +265,7 @@ async function getComposioOAuthRedirectUrl(tenantId, projectId, mcpServerUrl, cr
 	}
 	const composioUserId = getComposioUserId(tenantId, projectId, credentialScope, userId);
 	try {
-		return await ensureComposioAccount(await composioInstance.mcp.get(serverId), composioUserId, (await fetchComposioConnectedAccounts(composioUserId))?.items.filter((account) => account.status === "INITIATED") ?? []);
+		return await ensureComposioAccount(await composioInstance.mcp.get(serverId), composioUserId, (await fetchComposioConnectedAccounts(composioUserId))?.items.filter((account) => account.status === "INITIATED" || account.status === "EXPIRED") ?? []);
 	} catch (error) {
 		logger$1.error({
 			error,
@@ -263,15 +279,21 @@ async function getComposioOAuthRedirectUrl(tenantId, projectId, mcpServerUrl, cr
 * Coordinates authentication checks and account management
 * Returns null if the server cannot be properly configured
 */
-async function transformComposioServer(composioMcpServer, authenticatedAuthConfigIds, initiatedAccounts, derivedUserId) {
+async function transformComposioServer(composioMcpServer, authenticatedAuthConfigIds, activeAccounts, staleAccounts, derivedUserId) {
 	const isAuthenticated = composioMcpServer.authConfigIds.some((authConfigId) => authenticatedAuthConfigIds.has(authConfigId));
 	let thirdPartyConnectAccountUrl;
+	let connectedAccountId;
+	let authScheme;
 	if (!isAuthenticated) {
-		const redirectUrl = await ensureComposioAccount(composioMcpServer, derivedUserId, initiatedAccounts);
+		const redirectUrl = await ensureComposioAccount(composioMcpServer, derivedUserId, staleAccounts);
 		if (!redirectUrl) return null;
 		thirdPartyConnectAccountUrl = redirectUrl;
+	} else {
+		const matchingAccount = activeAccounts.find((account) => composioMcpServer.authConfigIds.includes(account.authConfig.id));
+		connectedAccountId = matchingAccount?.id;
+		authScheme = matchingAccount?.state?.authScheme;
 	}
-	return transformComposioServerData(composioMcpServer, isAuthenticated, composioMcpServer.MCPUrl, thirdPartyConnectAccountUrl);
+	return transformComposioServerData(composioMcpServer, isAuthenticated, composioMcpServer.MCPUrl, thirdPartyConnectAccountUrl, connectedAccountId, authScheme);
 }
 /**
 * Fetch Composio MCP servers for the catalog
@@ -323,11 +345,15 @@ async function fetchSingleComposioServer(tenantId, projectId, mcpServerUrl, cred
 		const composioMcpServer = await composioInstance.mcp.get(serverId);
 		const userConnectedAccounts = await composioInstance.connectedAccounts.list({
 			userIds: [composioUserId],
-			statuses: ["ACTIVE", "INITIATED"]
+			statuses: [
+				"ACTIVE",
+				"INITIATED",
+				"EXPIRED"
+			]
 		});
 		const activeAccounts = userConnectedAccounts?.items.filter((account) => account.status === "ACTIVE");
-		const initiatedAccounts = userConnectedAccounts?.items.filter((account) => account.status === "INITIATED");
-		return await transformComposioServer(composioMcpServer, new Set(activeAccounts?.map((account) => account.authConfig.id) ?? []), initiatedAccounts ?? [], composioUserId);
+		const staleAccounts = userConnectedAccounts?.items.filter((account) => account.status === "INITIATED" || account.status === "EXPIRED");
+		return await transformComposioServer(composioMcpServer, new Set(activeAccounts?.map((account) => account.authConfig.id) ?? []), activeAccounts ?? [], staleAccounts ?? [], composioUserId);
 	} catch (error) {
 		logger$1.error({
 			error,
@@ -338,4 +364,4 @@ async function fetchSingleComposioServer(tenantId, projectId, mcpServerUrl, cred
 }
 
 //#endregion
-export { configureComposioMCPServer, extractComposioServerId, fetchComposioServers, fetchSingleComposioServer, getComposioOAuthRedirectUrl, getComposioUserId, isComposioMCPServerAuthenticated };
+export { configureComposioMCPServer, deleteComposioConnectedAccount, extractComposioServerId, fetchComposioServers, fetchSingleComposioServer, getComposioInstance, getComposioOAuthRedirectUrl, getComposioUserId, isComposioMCPServerAuthenticated };

package/dist/utils/third-party-mcp-servers/index.d.ts

@@ -1,3 +1,3 @@
-import { CredentialScope, configureComposioMCPServer, extractComposioServerId, fetchComposioServers, fetchSingleComposioServer, getComposioOAuthRedirectUrl, getComposioUserId, isComposioMCPServerAuthenticated } from "./composio-client.js";
+import { ComposioAuthResult, CredentialScope, configureComposioMCPServer, deleteComposioConnectedAccount, extractComposioServerId, fetchComposioServers, fetchSingleComposioServer, getComposioInstance, getComposioOAuthRedirectUrl, getComposioUserId, isComposioMCPServerAuthenticated } from "./composio-client.js";
 import { isThirdPartyMCPServerAuthenticated } from "./third-party-check.js";
-export { CredentialScope, configureComposioMCPServer, extractComposioServerId, fetchComposioServers, fetchSingleComposioServer, getComposioOAuthRedirectUrl, getComposioUserId, isComposioMCPServerAuthenticated, isThirdPartyMCPServerAuthenticated };
+export { ComposioAuthResult, CredentialScope, configureComposioMCPServer, deleteComposioConnectedAccount, extractComposioServerId, fetchComposioServers, fetchSingleComposioServer, getComposioInstance, getComposioOAuthRedirectUrl, getComposioUserId, isComposioMCPServerAuthenticated, isThirdPartyMCPServerAuthenticated };

package/dist/utils/third-party-mcp-servers/index.js

@@ -1,4 +1,4 @@
-import { configureComposioMCPServer, extractComposioServerId, fetchComposioServers, fetchSingleComposioServer, getComposioOAuthRedirectUrl, getComposioUserId, isComposioMCPServerAuthenticated } from "./composio-client.js";
+import { configureComposioMCPServer, deleteComposioConnectedAccount, extractComposioServerId, fetchComposioServers, fetchSingleComposioServer, getComposioInstance, getComposioOAuthRedirectUrl, getComposioUserId, isComposioMCPServerAuthenticated } from "./composio-client.js";
 import { isThirdPartyMCPServerAuthenticated } from "./third-party-check.js";
 
-export { configureComposioMCPServer, extractComposioServerId, fetchComposioServers, fetchSingleComposioServer, getComposioOAuthRedirectUrl, getComposioUserId, isComposioMCPServerAuthenticated, isThirdPartyMCPServerAuthenticated };
+export { configureComposioMCPServer, deleteComposioConnectedAccount, extractComposioServerId, fetchComposioServers, fetchSingleComposioServer, getComposioInstance, getComposioOAuthRedirectUrl, getComposioUserId, isComposioMCPServerAuthenticated, isThirdPartyMCPServerAuthenticated };

package/dist/utils/third-party-mcp-servers/third-party-check.d.ts

@@ -1,14 +1,13 @@
-import { CredentialScope } from "./composio-client.js";
+import { ComposioAuthResult, CredentialScope } from "./composio-client.js";
 
 //#region src/utils/third-party-mcp-servers/third-party-check.d.ts
 
 /**
  * Check if a third-party MCP server is authenticated for the given tenant/project/user
  * This is a generic function that routes to the appropriate provider-specific check
- * Returns true if authenticated, false otherwise
  * @param credentialScope - 'project' for shared team credentials, 'user' for per-user credentials
  * @param userId - The actual user ID (required if credentialScope is 'user')
  */
-declare function isThirdPartyMCPServerAuthenticated(tenantId: string, projectId: string, mcpServerUrl: string, credentialScope?: CredentialScope, userId?: string): Promise<boolean>;
+declare function isThirdPartyMCPServerAuthenticated(tenantId: string, projectId: string, mcpServerUrl: string, credentialScope?: CredentialScope, userId?: string): Promise<ComposioAuthResult>;
 //#endregion
-export { isThirdPartyMCPServerAuthenticated };
+export { type ComposioAuthResult, isThirdPartyMCPServerAuthenticated };

package/dist/utils/third-party-mcp-servers/third-party-check.js

@@ -10,7 +10,6 @@ const logger = getLogger("third-party-check");
 /**
 * Check if a third-party MCP server is authenticated for the given tenant/project/user
 * This is a generic function that routes to the appropriate provider-specific check
-* Returns true if authenticated, false otherwise
 * @param credentialScope - 'project' for shared team credentials, 'user' for per-user credentials
 * @param userId - The actual user ID (required if credentialScope is 'user')
 */
@@ -20,7 +19,7 @@ async function isThirdPartyMCPServerAuthenticated(tenantId, projectId, mcpServer
 		return isComposioMCPServerAuthenticated(tenantId, projectId, mcpServerUrl, credentialScope, userId);
 	}
 	logger.info({ mcpServerUrl }, "Unknown third-party MCP server provider");
-	return false;
+	return { authenticated: false };
 }
 
 //#endregion

package/dist/validation/dolt-schemas.d.ts

@@ -32,8 +32,8 @@ declare const BranchNameParamsSchema: z.ZodObject<{
 }, z.core.$strip>;
 declare const ResolvedRefSchema: z.ZodObject<{
   type: z.ZodEnum<{
-    commit: "commit";
     tag: "tag";
+    commit: "commit";
     branch: "branch";
   }>;
   name: z.ZodString;

package/dist/validation/drizzle-schema-helpers.d.ts

@@ -1,10 +1,10 @@
 import { z } from "@hono/zod-openapi";
-import * as drizzle_zod0 from "drizzle-zod";
+import * as drizzle_zod15 from "drizzle-zod";
 import { AnySQLiteTable } from "drizzle-orm/sqlite-core";
 
 //#region src/validation/drizzle-schema-helpers.d.ts
-declare function createSelectSchemaWithModifiers<T extends AnySQLiteTable>(table: T, overrides?: Partial<Record<keyof T['_']['columns'], (schema: z.ZodTypeAny) => z.ZodTypeAny>>): drizzle_zod0.BuildSchema<"select", T["_"]["columns"], drizzle_zod0.BuildRefine<T["_"]["columns"], undefined>, undefined>;
-declare function createInsertSchemaWithModifiers<T extends AnySQLiteTable>(table: T, overrides?: Partial<Record<keyof T['_']['columns'], (schema: z.ZodTypeAny) => z.ZodTypeAny>>): drizzle_zod0.BuildSchema<"insert", T["_"]["columns"], drizzle_zod0.BuildRefine<Pick<T["_"]["columns"], keyof T["$inferInsert"]>, undefined>, undefined>;
+declare function createSelectSchemaWithModifiers<T extends AnySQLiteTable>(table: T, overrides?: Partial<Record<keyof T['_']['columns'], (schema: z.ZodTypeAny) => z.ZodTypeAny>>): drizzle_zod15.BuildSchema<"select", T["_"]["columns"], drizzle_zod15.BuildRefine<T["_"]["columns"], undefined>, undefined>;
+declare function createInsertSchemaWithModifiers<T extends AnySQLiteTable>(table: T, overrides?: Partial<Record<keyof T['_']['columns'], (schema: z.ZodTypeAny) => z.ZodTypeAny>>): drizzle_zod15.BuildSchema<"insert", T["_"]["columns"], drizzle_zod15.BuildRefine<Pick<T["_"]["columns"], keyof T["$inferInsert"]>, undefined>, undefined>;
 declare const createSelectSchema: typeof createSelectSchemaWithModifiers;
 declare const createInsertSchema: typeof createInsertSchemaWithModifiers;
 /**