@inkeep/agents-core 0.64.2 → 0.64.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (58) hide show
  1. package/dist/auth/auth-schema.d.ts +86 -86
  2. package/dist/auth/auth-validation-schemas.d.ts +137 -137
  3. package/dist/auth/init.js +2 -2
  4. package/dist/constants/otel-attributes.d.ts +5 -0
  5. package/dist/constants/otel-attributes.js +7 -2
  6. package/dist/constants/signoz-queries.d.ts +1 -0
  7. package/dist/constants/signoz-queries.js +2 -1
  8. package/dist/data-access/index.d.ts +2 -1
  9. package/dist/data-access/index.js +2 -1
  10. package/dist/data-access/manage/agents.d.ts +32 -32
  11. package/dist/data-access/manage/artifactComponents.d.ts +6 -6
  12. package/dist/data-access/manage/contextConfigs.d.ts +12 -12
  13. package/dist/data-access/manage/dataComponents.d.ts +4 -4
  14. package/dist/data-access/manage/functionTools.d.ts +10 -10
  15. package/dist/data-access/manage/skills.d.ts +5 -5
  16. package/dist/data-access/manage/subAgentExternalAgentRelations.d.ts +12 -12
  17. package/dist/data-access/manage/subAgentRelations.d.ts +20 -20
  18. package/dist/data-access/manage/subAgentTeamAgentRelations.d.ts +12 -12
  19. package/dist/data-access/manage/subAgents.d.ts +12 -12
  20. package/dist/data-access/manage/tools.d.ts +21 -21
  21. package/dist/data-access/manage/tools.js +1 -1
  22. package/dist/data-access/runtime/apiKeys.d.ts +8 -8
  23. package/dist/data-access/runtime/apps.d.ts +4 -4
  24. package/dist/data-access/runtime/conversations.d.ts +12 -12
  25. package/dist/data-access/runtime/messages.d.ts +3 -3
  26. package/dist/data-access/runtime/scheduledTriggerInvocations.d.ts +4 -4
  27. package/dist/data-access/runtime/streamChunks.d.ts +29 -0
  28. package/dist/data-access/runtime/streamChunks.js +65 -0
  29. package/dist/data-access/runtime/tasks.d.ts +3 -3
  30. package/dist/db/manage/dolt-safe-jsonb.d.ts +12 -0
  31. package/dist/db/manage/dolt-safe-jsonb.js +61 -0
  32. package/dist/db/manage/manage-schema.d.ts +388 -388
  33. package/dist/db/manage/manage-schema.js +40 -39
  34. package/dist/db/runtime/runtime-schema.d.ts +136 -4
  35. package/dist/db/runtime/runtime-schema.js +20 -1
  36. package/dist/dolt/ref-helpers.js +15 -1
  37. package/dist/dolt/ref-scope.js +29 -1
  38. package/dist/index.d.ts +5 -4
  39. package/dist/index.js +5 -4
  40. package/dist/setup/setup.d.ts +3 -1
  41. package/dist/setup/setup.js +14 -10
  42. package/dist/utils/index.d.ts +3 -3
  43. package/dist/utils/index.js +3 -3
  44. package/dist/utils/jwt-helpers.d.ts +2 -3
  45. package/dist/utils/jwt-helpers.js +2 -3
  46. package/dist/utils/retry-client.d.ts +8 -0
  47. package/dist/utils/retry-client.js +29 -0
  48. package/dist/utils/service-token-auth.d.ts +3 -0
  49. package/dist/utils/service-token-auth.js +5 -2
  50. package/dist/utils/temp-jwt.d.ts +1 -6
  51. package/dist/utils/temp-jwt.js +1 -12
  52. package/dist/utils/work-app-mcp.js +1 -2
  53. package/dist/validation/schemas/skills.d.ts +25 -25
  54. package/dist/validation/schemas.d.ts +422 -422
  55. package/drizzle/runtime/0031_fantastic_gorilla_man.sql +13 -0
  56. package/drizzle/runtime/meta/0031_snapshot.json +4872 -0
  57. package/drizzle/runtime/meta/_journal.json +7 -0
  58. package/package.json +6 -2
package/dist/setup/setup.js CHANGED
@@ -564,17 +564,21 @@ async function runSetup(config) {
564
564
  await runMigrations(config);
565
565
  logStep(5, "Initializing authentication");
566
566
  await initAuth(config.authInitCommand);
567
- if (config.pushProject && !config.skipPush) {
568
- const resolvedPush = {
569
- ...config.pushProject,
570
- apiKey: config.pushProject.apiKey || process.env.INKEEP_AGENTS_MANAGE_API_BYPASS_SECRET
571
- };
567
+ const pushConfigs = config.pushProject ? Array.isArray(config.pushProject) ? config.pushProject : [config.pushProject] : [];
568
+ if (pushConfigs.length > 0 && !config.skipPush) {
572
569
  logStep(6, "Checking server availability");
573
570
  const servers = await startServersIfNeeded(config);
574
- let pushSuccess = false;
571
+ let allPushSuccess = true;
575
572
  try {
576
- logStep(7, "Pushing project to API");
577
- pushSuccess = await pushProject(resolvedPush);
573
+ logStep(7, "Pushing projects to API");
574
+ for (const push of pushConfigs) if (!await pushProject({
575
+ ...push,
576
+ apiKey: push.apiKey || process.env.INKEEP_AGENTS_MANAGE_API_BYPASS_SECRET
577
+ })) allPushSuccess = false;
578
+ if (config.afterPush) {
579
+ const apiUrl = config.apiHealthUrl?.replace("/health", "") || "http://localhost:3002";
580
+ await config.afterPush(apiUrl);
581
+ }
578
582
  } finally {
579
583
  if (servers.startedApi || servers.startedUi) {
580
584
  logStep(8, "Cleaning up temporarily started servers");
@@ -583,12 +587,12 @@ async function runSetup(config) {
583
587
  }
584
588
  }
585
589
  console.log(`\n${colors.bright}=== Setup Complete ===${colors.reset}\n`);
586
- if (pushSuccess) logSuccess("All steps completed successfully!");
590
+ if (allPushSuccess) logSuccess("All steps completed successfully!");
587
591
  else logWarning("Setup completed with some warnings. See details above.");
588
592
  } else {
589
593
  console.log(`\n${colors.bright}=== Setup Complete ===${colors.reset}\n`);
590
594
  logSuccess("Database setup completed!");
591
- if (!config.pushProject) logInfo("No project push configured. Run \"pnpm dev\" to start development servers.");
595
+ if (pushConfigs.length === 0) logInfo("No project push configured. Run \"pnpm dev\" to start development servers.");
592
596
  }
593
597
  }
594
598
 
package/dist/utils/index.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import { JwtVerifyResult, SignJwtOptions, VerifyJwtOptions, decodeJwtPayload, derivePlaygroundKid, extractBearerToken, getJwtSecret, hasIssuer, signJwt, verifyJwt } from "./jwt-helpers.js";
1
+ import { JwtVerifyResult, SignJwtOptions, VerifyJwtOptions, decodeJwtPayload, deriveKidFromPublicKey, extractBearerToken, getJwtSecret, hasIssuer, signJwt, verifyJwt } from "./jwt-helpers.js";
2
2
  import { GenerateInternalServiceTokenParams, InternalServiceId, InternalServiceTokenPayload, InternalServices, VerifyInternalServiceTokenResult, generateInternalServiceToken, isInternalServiceToken, validateInternalServiceProjectAccess, validateInternalServiceTenantAccess, verifyInternalServiceAuthHeader, verifyInternalServiceToken } from "./internal-service-auth.js";
3
3
  import { GenerationType } from "../db/runtime/runtime-schema.js";
4
4
  import { LoggerFactoryConfig, PinoLogger, PinoLoggerConfig, getLogger, loggerFactory } from "./logger.js";
@@ -26,7 +26,7 @@ import { SKILL_ENTRY_FILE_PATH, parseSkillFromMarkdown, serializeSkillToMarkdown
26
26
  import { SignSlackLinkTokenParams, SlackLinkIntent, SlackLinkIntentSchema, SlackLinkTokenPayload, SlackLinkTokenPayloadSchema, VerifySlackLinkTokenResult, signSlackLinkToken, verifySlackLinkToken } from "./slack-link-token.js";
27
27
  import { SignSlackUserTokenParams, SlackAccessTokenPayload, SlackAccessTokenPayloadSchema, VerifySlackUserTokenResult, isSlackUserToken, signSlackUserToken, verifySlackUserToken } from "./slack-user-token.js";
28
28
  import { ParsedSSEResponse, parseSSEResponse } from "./sse-parser.js";
29
- import { SignedTempToken, TempTokenPayload, signTempToken, verifyTempToken } from "./temp-jwt.js";
29
+ import { TempTokenPayload, verifyTempToken } from "./temp-jwt.js";
30
30
  import { interpolateTemplate } from "./template-interpolation.js";
31
31
  import { ComposioAuthResult, CredentialScope, configureComposioMCPServer, deleteComposioConnectedAccount, extractComposioServerId, fetchComposioServers, fetchSingleComposioServer, getComposioInstance, getComposioOAuthRedirectUrl, getComposioUserId, isComposioMCPServerAuthenticated } from "./third-party-mcp-servers/composio-client.js";
32
32
  import { isThirdPartyMCPServerAuthenticated } from "./third-party-mcp-servers/third-party-check.js";
@@ -39,4 +39,4 @@ import "./usage-tracker.js";
39
39
  import { ValidatePublicKeyResult, validatePublicKey } from "./validate-public-key.js";
40
40
  import { _resetWaitUntilCache, getWaitUntil } from "./wait-until.js";
41
41
  import { TRUSTED_WORK_APP_MCP_PATHS, isTrustedWorkAppMcpUrl } from "./work-app-mcp.js";
42
- export { ApiKeyGenerationResult, AppCredentialResult, AssembleResult, CommonCreateErrorResponses, CommonDeleteErrorResponses, CommonGetErrorResponses, CommonUpdateErrorResponses, ComposioAuthResult, CredentialScope, ERROR_DOCS_BASE_URL, ErrorCode, ErrorCodes, ErrorResponse, GenerateInternalServiceTokenParams, GenerateServiceTokenParams, GenerationType, HashedHeaderValue, InternalServiceId, InternalServiceTokenPayload, InternalServices, JsonTransformer, JwtVerifyResult, LLMMessage, LoggerFactoryConfig, McpClient, McpClientOptions, McpOAuthFlowResult, McpSSEConfig, McpServerConfig, McpStreamableHttpConfig, McpTokenExchangeResult, MockLanguageModel, ModelFactory, OAuthConfig, ParsedSSEResponse, PinoLogger, PinoLoggerConfig, PoWError, PoWResult, ProblemDetails, SKILL_ENTRY_FILE_PATH, ServiceTokenPayload, SignJwtOptions, SignSlackLinkTokenParams, SignSlackUserTokenParams, SignatureVerificationErrorCode, SignatureVerificationResult, SignedTempToken, SlackAccessTokenPayload, SlackAccessTokenPayloadSchema, SlackLinkIntent, SlackLinkIntentSchema, SlackLinkTokenPayload, SlackLinkTokenPayloadSchema, TRUSTED_WORK_APP_MCP_PATHS, TempTokenPayload, TriggerAuthResult, ValidatePublicKeyResult, VerifyInternalServiceTokenResult, VerifyJwtOptions, VerifyServiceTokenResult, VerifySlackLinkTokenResult, VerifySlackUserTokenResult, _resetWaitUntilCache, activeMcpClients, buildConversationMetadata, commonCreateErrorResponses, commonDeleteErrorResponses, commonGetErrorResponses, commonUpdateErrorResponses, computeNextRunAt, configureComposioMCPServer, convertZodToJsonSchema, convertZodToJsonSchemaWithPreview, createApiError, createMockModel, decodeJwtPayload, deleteComposioConnectedAccount, derivePlaygroundKid, deriveRelationId, detectAuthenticationRequired, errorResponseSchema, errorSchemaFactory, estimateTokens, exchangeMcpAuthorizationCode, extractBearerToken, extractComposioServerId, extractPreviewFields, extractPublicId, extractUsageTokens, fetchComposioServers, fetchSingleComposioServer, flushTraces, formatMessagesForLLM, formatMessagesForLLMContext, gatewayCostMiddleware, generateApiKey, generateAppCredential, generateId, generateInternalServiceToken, generateServiceToken, getComposioInstance, getComposioOAuthRedirectUrl, getComposioUserId, getConversationId, getCredentialStoreLookupKeyFromRetrievalParams, getInProcessFetch, getJwtSecret, getLogger, getMetadataFromApiKey, getPoWErrorMessage, getTracer, getWaitUntil, handleApiError, hasIssuer, hashApiKey, hashAuthenticationHeaders, hashTriggerHeaderValue, initiateMcpOAuthFlow, interpolateTemplate, isApiKeyExpired, isComposioMCPServerAuthenticated, isDevelopment, isInternalServiceToken, isPoWEnabled, isProduction, isSlackUserToken, isTest, isThirdPartyMCPServerAuthenticated, isTrustedWorkAppMcpUrl, isUniqueConstraintError, isZodSchema, loggerFactory, makeAllPropertiesRequired, maskApiKey, normalizeDataComponentSchema, normalizeDateString, normalizeModelId, parseEmbeddedJson, parseSSEResponse, parseSkillFromMarkdown, preview, problemDetailsSchema, registerAppFetch, retryWithBackoff, sanitizeAppConfig, serializeSkillToMarkdown, setSpanWithError, signJwt, signSlackLinkToken, signSlackUserToken, signTempToken, stripUnsupportedConstraints, throwIfUniqueConstraintError, toISODateString, unwrapError, validateApiKey, validateInternalServiceProjectAccess, validateInternalServiceTenantAccess, validateOrigin, validatePublicKey, validateTargetAgent, validateTenantId, validateTriggerHeaderValue, verifyAuthorizationHeader, verifyInternalServiceAuthHeader, verifyInternalServiceToken, verifyJwt, verifyPoW, verifyServiceToken, verifySignatureWithConfig, verifySlackLinkToken, verifySlackUserToken, verifyTempToken, verifyTriggerAuth };
42
+ export { ApiKeyGenerationResult, AppCredentialResult, AssembleResult, CommonCreateErrorResponses, CommonDeleteErrorResponses, CommonGetErrorResponses, CommonUpdateErrorResponses, ComposioAuthResult, CredentialScope, ERROR_DOCS_BASE_URL, ErrorCode, ErrorCodes, ErrorResponse, GenerateInternalServiceTokenParams, GenerateServiceTokenParams, GenerationType, HashedHeaderValue, InternalServiceId, InternalServiceTokenPayload, InternalServices, JsonTransformer, JwtVerifyResult, LLMMessage, LoggerFactoryConfig, McpClient, McpClientOptions, McpOAuthFlowResult, McpSSEConfig, McpServerConfig, McpStreamableHttpConfig, McpTokenExchangeResult, MockLanguageModel, ModelFactory, OAuthConfig, ParsedSSEResponse, PinoLogger, PinoLoggerConfig, PoWError, PoWResult, ProblemDetails, SKILL_ENTRY_FILE_PATH, ServiceTokenPayload, SignJwtOptions, SignSlackLinkTokenParams, SignSlackUserTokenParams, SignatureVerificationErrorCode, SignatureVerificationResult, SlackAccessTokenPayload, SlackAccessTokenPayloadSchema, SlackLinkIntent, SlackLinkIntentSchema, SlackLinkTokenPayload, SlackLinkTokenPayloadSchema, TRUSTED_WORK_APP_MCP_PATHS, TempTokenPayload, TriggerAuthResult, ValidatePublicKeyResult, VerifyInternalServiceTokenResult, VerifyJwtOptions, VerifyServiceTokenResult, VerifySlackLinkTokenResult, VerifySlackUserTokenResult, _resetWaitUntilCache, activeMcpClients, buildConversationMetadata, commonCreateErrorResponses, commonDeleteErrorResponses, commonGetErrorResponses, commonUpdateErrorResponses, computeNextRunAt, configureComposioMCPServer, convertZodToJsonSchema, convertZodToJsonSchemaWithPreview, createApiError, createMockModel, decodeJwtPayload, deleteComposioConnectedAccount, deriveKidFromPublicKey, deriveRelationId, detectAuthenticationRequired, errorResponseSchema, errorSchemaFactory, estimateTokens, exchangeMcpAuthorizationCode, extractBearerToken, extractComposioServerId, extractPreviewFields, extractPublicId, extractUsageTokens, fetchComposioServers, fetchSingleComposioServer, flushTraces, formatMessagesForLLM, formatMessagesForLLMContext, gatewayCostMiddleware, generateApiKey, generateAppCredential, generateId, generateInternalServiceToken, generateServiceToken, getComposioInstance, getComposioOAuthRedirectUrl, getComposioUserId, getConversationId, getCredentialStoreLookupKeyFromRetrievalParams, getInProcessFetch, getJwtSecret, getLogger, getMetadataFromApiKey, getPoWErrorMessage, getTracer, getWaitUntil, handleApiError, hasIssuer, hashApiKey, hashAuthenticationHeaders, hashTriggerHeaderValue, initiateMcpOAuthFlow, interpolateTemplate, isApiKeyExpired, isComposioMCPServerAuthenticated, isDevelopment, isInternalServiceToken, isPoWEnabled, isProduction, isSlackUserToken, isTest, isThirdPartyMCPServerAuthenticated, isTrustedWorkAppMcpUrl, isUniqueConstraintError, isZodSchema, loggerFactory, makeAllPropertiesRequired, maskApiKey, normalizeDataComponentSchema, normalizeDateString, normalizeModelId, parseEmbeddedJson, parseSSEResponse, parseSkillFromMarkdown, preview, problemDetailsSchema, registerAppFetch, retryWithBackoff, sanitizeAppConfig, serializeSkillToMarkdown, setSpanWithError, signJwt, signSlackLinkToken, signSlackUserToken, stripUnsupportedConstraints, throwIfUniqueConstraintError, toISODateString, unwrapError, validateApiKey, validateInternalServiceProjectAccess, validateInternalServiceTenantAccess, validateOrigin, validatePublicKey, validateTargetAgent, validateTenantId, validateTriggerHeaderValue, verifyAuthorizationHeader, verifyInternalServiceAuthHeader, verifyInternalServiceToken, verifyJwt, verifyPoW, verifyServiceToken, verifySignatureWithConfig, verifySlackLinkToken, verifySlackUserToken, verifyTempToken, verifyTriggerAuth };
package/dist/utils/index.js CHANGED
@@ -1,7 +1,7 @@
1
1
  import { SKILL_ENTRY_FILE_PATH, parseSkillFromMarkdown, serializeSkillToMarkdown } from "./skill-files.js";
2
2
  import { detectAuthenticationRequired, exchangeMcpAuthorizationCode, initiateMcpOAuthFlow } from "./auth-detection.js";
3
3
  import { PinoLogger, getLogger, loggerFactory } from "./logger.js";
4
- import { decodeJwtPayload, derivePlaygroundKid, extractBearerToken, getJwtSecret, hasIssuer, signJwt, verifyJwt } from "./jwt-helpers.js";
4
+ import { decodeJwtPayload, deriveKidFromPublicKey, extractBearerToken, getJwtSecret, hasIssuer, signJwt, verifyJwt } from "./jwt-helpers.js";
5
5
  import { InternalServices, generateInternalServiceToken, isInternalServiceToken, validateInternalServiceProjectAccess, validateInternalServiceTenantAccess, verifyInternalServiceAuthHeader, verifyInternalServiceToken } from "./internal-service-auth.js";
6
6
  import { convertZodToJsonSchema, convertZodToJsonSchemaWithPreview, extractPreviewFields, isZodSchema, makeAllPropertiesRequired, normalizeDataComponentSchema, preview, stripUnsupportedConstraints } from "./schema-conversion.js";
7
7
  import { configureComposioMCPServer, deleteComposioConnectedAccount, extractComposioServerId, fetchComposioServers, fetchSingleComposioServer, getComposioInstance, getComposioOAuthRedirectUrl, getComposioUserId, isComposioMCPServerAuthenticated } from "./third-party-mcp-servers/composio-client.js";
@@ -29,7 +29,7 @@ import { generateServiceToken, validateTargetAgent, validateTenantId, verifyAuth
29
29
  import { SlackLinkIntentSchema, SlackLinkTokenPayloadSchema, signSlackLinkToken, verifySlackLinkToken } from "./slack-link-token.js";
30
30
  import { SlackAccessTokenPayloadSchema, isSlackUserToken, signSlackUserToken, verifySlackUserToken } from "./slack-user-token.js";
31
31
  import { parseSSEResponse } from "./sse-parser.js";
32
- import { signTempToken, verifyTempToken } from "./temp-jwt.js";
32
+ import { verifyTempToken } from "./temp-jwt.js";
33
33
  import { interpolateTemplate } from "./template-interpolation.js";
34
34
  import { estimateTokens } from "./token-estimator.js";
35
35
  import { flushTraces, getTracer, setSpanWithError, unwrapError } from "./tracer-factory.js";
@@ -38,4 +38,4 @@ import { validatePublicKey } from "./validate-public-key.js";
38
38
  import { _resetWaitUntilCache, getWaitUntil } from "./wait-until.js";
39
39
  import { TRUSTED_WORK_APP_MCP_PATHS, isTrustedWorkAppMcpUrl } from "./work-app-mcp.js";
40
40
 
41
- export { ERROR_DOCS_BASE_URL, ErrorCode, InternalServices, JsonTransformer, McpClient, MockLanguageModel, ModelFactory, PinoLogger, SKILL_ENTRY_FILE_PATH, SlackAccessTokenPayloadSchema, SlackLinkIntentSchema, SlackLinkTokenPayloadSchema, TRUSTED_WORK_APP_MCP_PATHS, _resetWaitUntilCache, activeMcpClients, buildConversationMetadata, commonCreateErrorResponses, commonDeleteErrorResponses, commonGetErrorResponses, commonUpdateErrorResponses, computeNextRunAt, configureComposioMCPServer, convertZodToJsonSchema, convertZodToJsonSchemaWithPreview, createApiError, createMockModel, decodeJwtPayload, deleteComposioConnectedAccount, derivePlaygroundKid, deriveRelationId, detectAuthenticationRequired, errorResponseSchema, errorSchemaFactory, estimateTokens, exchangeMcpAuthorizationCode, extractBearerToken, extractComposioServerId, extractPreviewFields, extractPublicId, extractUsageTokens, fetchComposioServers, fetchSingleComposioServer, flushTraces, formatMessagesForLLM, formatMessagesForLLMContext, gatewayCostMiddleware, generateApiKey, generateAppCredential, generateId, generateInternalServiceToken, generateServiceToken, getComposioInstance, getComposioOAuthRedirectUrl, getComposioUserId, getConversationId, getCredentialStoreLookupKeyFromRetrievalParams, getInProcessFetch, getJwtSecret, getLogger, getMetadataFromApiKey, getPoWErrorMessage, getTracer, getWaitUntil, handleApiError, hasIssuer, hashApiKey, hashAuthenticationHeaders, hashTriggerHeaderValue, initiateMcpOAuthFlow, interpolateTemplate, isApiKeyExpired, isComposioMCPServerAuthenticated, isDevelopment, isInternalServiceToken, isPoWEnabled, isProduction, isSlackUserToken, isTest, isThirdPartyMCPServerAuthenticated, isTrustedWorkAppMcpUrl, isUniqueConstraintError, isZodSchema, loggerFactory, makeAllPropertiesRequired, maskApiKey, normalizeDataComponentSchema, normalizeDateString, normalizeModelId, parseEmbeddedJson, parseSSEResponse, parseSkillFromMarkdown, preview, problemDetailsSchema, registerAppFetch, retryWithBackoff, sanitizeAppConfig, serializeSkillToMarkdown, setSpanWithError, signJwt, signSlackLinkToken, signSlackUserToken, signTempToken, stripUnsupportedConstraints, throwIfUniqueConstraintError, toISODateString, unwrapError, validateApiKey, validateInternalServiceProjectAccess, validateInternalServiceTenantAccess, validateOrigin, validatePublicKey, validateTargetAgent, validateTenantId, validateTriggerHeaderValue, verifyAuthorizationHeader, verifyInternalServiceAuthHeader, verifyInternalServiceToken, verifyJwt, verifyPoW, verifyServiceToken, verifySignatureWithConfig, verifySlackLinkToken, verifySlackUserToken, verifyTempToken, verifyTriggerAuth };
41
+ export { ERROR_DOCS_BASE_URL, ErrorCode, InternalServices, JsonTransformer, McpClient, MockLanguageModel, ModelFactory, PinoLogger, SKILL_ENTRY_FILE_PATH, SlackAccessTokenPayloadSchema, SlackLinkIntentSchema, SlackLinkTokenPayloadSchema, TRUSTED_WORK_APP_MCP_PATHS, _resetWaitUntilCache, activeMcpClients, buildConversationMetadata, commonCreateErrorResponses, commonDeleteErrorResponses, commonGetErrorResponses, commonUpdateErrorResponses, computeNextRunAt, configureComposioMCPServer, convertZodToJsonSchema, convertZodToJsonSchemaWithPreview, createApiError, createMockModel, decodeJwtPayload, deleteComposioConnectedAccount, deriveKidFromPublicKey, deriveRelationId, detectAuthenticationRequired, errorResponseSchema, errorSchemaFactory, estimateTokens, exchangeMcpAuthorizationCode, extractBearerToken, extractComposioServerId, extractPreviewFields, extractPublicId, extractUsageTokens, fetchComposioServers, fetchSingleComposioServer, flushTraces, formatMessagesForLLM, formatMessagesForLLMContext, gatewayCostMiddleware, generateApiKey, generateAppCredential, generateId, generateInternalServiceToken, generateServiceToken, getComposioInstance, getComposioOAuthRedirectUrl, getComposioUserId, getConversationId, getCredentialStoreLookupKeyFromRetrievalParams, getInProcessFetch, getJwtSecret, getLogger, getMetadataFromApiKey, getPoWErrorMessage, getTracer, getWaitUntil, handleApiError, hasIssuer, hashApiKey, hashAuthenticationHeaders, hashTriggerHeaderValue, initiateMcpOAuthFlow, interpolateTemplate, isApiKeyExpired, isComposioMCPServerAuthenticated, isDevelopment, isInternalServiceToken, isPoWEnabled, isProduction, isSlackUserToken, isTest, isThirdPartyMCPServerAuthenticated, isTrustedWorkAppMcpUrl, isUniqueConstraintError, isZodSchema, loggerFactory, makeAllPropertiesRequired, maskApiKey, normalizeDataComponentSchema, normalizeDateString, normalizeModelId, parseEmbeddedJson, parseSSEResponse, parseSkillFromMarkdown, preview, problemDetailsSchema, registerAppFetch, retryWithBackoff, sanitizeAppConfig, serializeSkillToMarkdown, setSpanWithError, signJwt, signSlackLinkToken, signSlackUserToken, stripUnsupportedConstraints, throwIfUniqueConstraintError, toISODateString, unwrapError, validateApiKey, validateInternalServiceProjectAccess, validateInternalServiceTenantAccess, validateOrigin, validatePublicKey, validateTargetAgent, validateTenantId, validateTriggerHeaderValue, verifyAuthorizationHeader, verifyInternalServiceAuthHeader, verifyInternalServiceToken, verifyJwt, verifyPoW, verifyServiceToken, verifySignatureWithConfig, verifySlackLinkToken, verifySlackUserToken, verifyTempToken, verifyTriggerAuth };
package/dist/utils/jwt-helpers.d.ts CHANGED
@@ -54,9 +54,8 @@ declare function decodeJwtPayload(token: string): Record<string, unknown> | null
54
54
  declare function hasIssuer(token: string, issuer: string): boolean;
55
55
  /**
56
56
  * Derive a deterministic kid from a PEM-encoded public key.
57
- * Used for playground app key registration and token signing.
58
57
  * The kid is a truncated SHA-256 hash prefixed with 'pg-'.
59
58
  */
60
- declare function derivePlaygroundKid(publicKeyPem: string): Promise<string>;
59
+ declare function deriveKidFromPublicKey(publicKeyPem: string): Promise<string>;
61
60
  //#endregion
62
- export { JwtVerifyResult, SignJwtOptions, VerifyJwtOptions, decodeJwtPayload, derivePlaygroundKid, extractBearerToken, getJwtSecret, hasIssuer, signJwt, verifyJwt };
61
+ export { JwtVerifyResult, SignJwtOptions, VerifyJwtOptions, decodeJwtPayload, deriveKidFromPublicKey, extractBearerToken, getJwtSecret, hasIssuer, signJwt, verifyJwt };
package/dist/utils/jwt-helpers.js CHANGED
@@ -87,14 +87,13 @@ function hasIssuer(token, issuer) {
87
87
  }
88
88
  /**
89
89
  * Derive a deterministic kid from a PEM-encoded public key.
90
- * Used for playground app key registration and token signing.
91
90
  * The kid is a truncated SHA-256 hash prefixed with 'pg-'.
92
91
  */
93
- async function derivePlaygroundKid(publicKeyPem) {
92
+ async function deriveKidFromPublicKey(publicKeyPem) {
94
93
  const data = new TextEncoder().encode(publicKeyPem);
95
94
  const hashBuffer = await crypto.subtle.digest("SHA-256", data);
96
95
  return `pg-${Array.from(new Uint8Array(hashBuffer)).map((b) => b.toString(16).padStart(2, "0")).join("").substring(0, 12)}`;
97
96
  }
98
97
 
99
98
  //#endregion
100
- export { decodeJwtPayload, derivePlaygroundKid, extractBearerToken, getJwtSecret, hasIssuer, signJwt, verifyJwt };
99
+ export { decodeJwtPayload, deriveKidFromPublicKey, extractBearerToken, getJwtSecret, hasIssuer, signJwt, verifyJwt };
package/dist/utils/retry-client.d.ts ADDED
@@ -0,0 +1,8 @@
1
+ //#region src/utils/retry-client.d.ts
2
+ declare function retryWithBackoff<T>(fn: () => Promise<T>, opts?: {
3
+ maxAttempts?: number;
4
+ maxDelayMs?: number;
5
+ label?: string;
6
+ }): Promise<T>;
7
+ //#endregion
8
+ export { retryWithBackoff };
package/dist/utils/retry-client.js ADDED
@@ -0,0 +1,29 @@
1
+ //#region src/utils/retry-client.ts
2
+ function isRetryableHttpError(error) {
3
+ if (error instanceof TypeError) return true;
4
+ if (error != null && typeof error === "object") {
5
+ if ("name" in error && error.name === "AbortError") return true;
6
+ const status = error.status;
7
+ if (typeof status === "number" && (status === 429 || status >= 500)) return true;
8
+ }
9
+ return false;
10
+ }
11
+ async function retryWithBackoff(fn, opts = {}) {
12
+ const { maxAttempts = 3, maxDelayMs = 3e4, label = "operation" } = opts;
13
+ for (let attempt = 1; attempt <= maxAttempts; attempt++) try {
14
+ return await fn();
15
+ } catch (error) {
16
+ if (!isRetryableHttpError(error) || attempt === maxAttempts) throw error;
17
+ const status = error.status;
18
+ const retryAfter = error.headers?.get?.("Retry-After");
19
+ const retryAfterMs = retryAfter ? (Number(retryAfter) || 0) * 1e3 : 0;
20
+ const baseDelay = Math.min(500 * 2 ** (attempt - 1), maxDelayMs);
21
+ const delay = Math.max(baseDelay, retryAfterMs) + Math.random() * 100;
22
+ console.warn(`[${label}] Retrying after transient failure (attempt ${attempt}/${maxAttempts}, status=${status ?? "n/a"}, delay=${Math.round(delay)}ms)`);
23
+ await new Promise((resolve) => setTimeout(resolve, delay));
24
+ }
25
+ throw new Error("Unreachable");
26
+ }
27
+
28
+ //#endregion
29
+ export { retryWithBackoff };
package/dist/utils/service-token-auth.d.ts CHANGED
@@ -21,6 +21,8 @@ interface ServiceTokenPayload {
21
21
  type: 'user' | 'api_key';
22
22
  id: string;
23
23
  };
24
+ /** App ID - propagated through delegation chain for app-scoped requests */
25
+ appId?: string;
24
26
  /** Issued at timestamp */
25
27
  iat: number;
26
28
  /** Expiration timestamp (5 minutes from issue) */
@@ -38,6 +40,7 @@ interface GenerateServiceTokenParams {
38
40
  type: 'user' | 'api_key';
39
41
  id: string;
40
42
  };
43
+ appId?: string;
41
44
  }
42
45
  /**
43
46
  * Result of verifying a service token
package/dist/utils/service-token-auth.js CHANGED
@@ -18,7 +18,8 @@ async function generateServiceToken(params) {
18
18
  claims: {
19
19
  tenantId: params.tenantId,
20
20
  projectId: params.projectId,
21
- ...params.initiatedBy ? { initiatedBy: params.initiatedBy } : {}
21
+ ...params.initiatedBy ? { initiatedBy: params.initiatedBy } : {},
22
+ ...params.appId ? { appId: params.appId } : {}
22
23
  }
23
24
  });
24
25
  logger.debug({
@@ -52,7 +53,8 @@ async function verifyServiceToken(token) {
52
53
  error: "Invalid token: missing required claims"
53
54
  };
54
55
  }
55
- const initiatedBy = payload.initiatedBy;
56
+ const initiatedBy = payload.initiatedBy && typeof payload.initiatedBy === "object" && "type" in payload.initiatedBy && "id" in payload.initiatedBy && (payload.initiatedBy.type === "user" || payload.initiatedBy.type === "api_key") && typeof payload.initiatedBy.id === "string" ? payload.initiatedBy : void 0;
57
+ const appId = typeof payload.appId === "string" ? payload.appId : void 0;
56
58
  const validPayload = {
57
59
  iss: payload.iss,
58
60
  aud: payload.aud,
@@ -60,6 +62,7 @@ async function verifyServiceToken(token) {
60
62
  tenantId: payload.tenantId,
61
63
  projectId: payload.projectId,
62
64
  ...initiatedBy ? { initiatedBy } : {},
65
+ ...appId ? { appId } : {},
63
66
  iat: payload.iat,
64
67
  exp: payload.exp
65
68
  };
package/dist/utils/temp-jwt.d.ts CHANGED
@@ -10,11 +10,6 @@ interface TempTokenPayload {
10
10
  };
11
11
  sub: string;
12
12
  }
13
- interface SignedTempToken {
14
- token: string;
15
- expiresAt: string;
16
- }
17
- declare function signTempToken(privateKeyPem: string, payload: TempTokenPayload): Promise<SignedTempToken>;
18
13
  declare function verifyTempToken(publicKeyPem: string, token: string): Promise<TempTokenPayload>;
19
14
  //#endregion
20
- export { SignedTempToken, TempTokenPayload, signTempToken, verifyTempToken };
15
+ export { TempTokenPayload, verifyTempToken };
package/dist/utils/temp-jwt.js CHANGED
@@ -1,17 +1,6 @@
1
- import { generateId } from "./conversations.js";
2
1
  import * as jose from "jose";
3
2
 
4
3
  //#region src/utils/temp-jwt.ts
5
- async function signTempToken(privateKeyPem, payload) {
6
- const privateKey = await jose.importPKCS8(privateKeyPem, "RS256");
7
- return {
8
- token: await new jose.SignJWT(payload).setProtectedHeader({
9
- alg: "RS256",
10
- typ: "JWT"
11
- }).setIssuedAt().setExpirationTime("1h").setIssuer("inkeep-manage-api").setAudience("inkeep-run-api").setSubject(payload.sub).setJti(generateId()).sign(privateKey),
12
- expiresAt: new Date(Date.now() + 3600 * 1e3).toISOString()
13
- };
14
- }
15
4
  async function verifyTempToken(publicKeyPem, token) {
16
5
  const publicKey = await jose.importSPKI(publicKeyPem, "RS256");
17
6
  const { payload } = await jose.jwtVerify(token, publicKey, {
@@ -24,4 +13,4 @@ async function verifyTempToken(publicKeyPem, token) {
24
13
  }
25
14
 
26
15
  //#endregion
27
- export { signTempToken, verifyTempToken };
16
+ export { verifyTempToken };
package/dist/utils/work-app-mcp.js CHANGED
@@ -8,8 +8,7 @@ const isTrustedWorkAppMcpUrl = (url, path, baseUrl) => {
8
8
  try {
9
9
  const toolUrl = new URL(String(url));
10
10
  const base = new URL(baseUrl);
11
- const baseDomain = base.hostname.split(".").slice(-2).join(".");
12
- return (toolUrl.hostname === base.hostname || toolUrl.hostname.endsWith(`.${baseDomain}`)) && toolUrl.pathname === path;
11
+ return toolUrl.origin === base.origin && toolUrl.pathname === path;
13
12
  } catch {
14
13
  return false;
15
14
  }
package/dist/validation/schemas/skills.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { z } from "@hono/zod-openapi";
2
- import * as drizzle_orm_pg_core2150 from "drizzle-orm/pg-core";
2
+ import * as drizzle_orm_pg_core1810 from "drizzle-orm/pg-core";
3
3
  import * as drizzle_zod367 from "drizzle-zod";
4
4
 
5
5
  //#region src/validation/schemas/skills.d.ts
@@ -28,7 +28,7 @@ declare const SkillFileContentInputSchema: z.ZodObject<{
28
28
  content: z.ZodString;
29
29
  }, z.core.$strip>;
30
30
  declare const SkillFileSelectSchema: drizzle_zod367.BuildSchema<"select", {
31
- createdAt: drizzle_orm_pg_core2150.PgColumn<{
31
+ createdAt: drizzle_orm_pg_core1810.PgColumn<{
32
32
  name: "created_at";
33
33
  tableName: "skill_files";
34
34
  dataType: "string";
@@ -45,7 +45,7 @@ declare const SkillFileSelectSchema: drizzle_zod367.BuildSchema<"select", {
45
45
  identity: undefined;
46
46
  generated: undefined;
47
47
  }, {}, {}>;
48
- updatedAt: drizzle_orm_pg_core2150.PgColumn<{
48
+ updatedAt: drizzle_orm_pg_core1810.PgColumn<{
49
49
  name: "updated_at";
50
50
  tableName: "skill_files";
51
51
  dataType: "string";
@@ -62,7 +62,7 @@ declare const SkillFileSelectSchema: drizzle_zod367.BuildSchema<"select", {
62
62
  identity: undefined;
63
63
  generated: undefined;
64
64
  }, {}, {}>;
65
- skillId: drizzle_orm_pg_core2150.PgColumn<{
65
+ skillId: drizzle_orm_pg_core1810.PgColumn<{
66
66
  name: "skill_id";
67
67
  tableName: "skill_files";
68
68
  dataType: "string";
@@ -81,7 +81,7 @@ declare const SkillFileSelectSchema: drizzle_zod367.BuildSchema<"select", {
81
81
  }, {}, {
82
82
  length: 64;
83
83
  }>;
84
- filePath: drizzle_orm_pg_core2150.PgColumn<{
84
+ filePath: drizzle_orm_pg_core1810.PgColumn<{
85
85
  name: "file_path";
86
86
  tableName: "skill_files";
87
87
  dataType: "string";
@@ -100,7 +100,7 @@ declare const SkillFileSelectSchema: drizzle_zod367.BuildSchema<"select", {
100
100
  }, {}, {
101
101
  length: 1024;
102
102
  }>;
103
- content: drizzle_orm_pg_core2150.PgColumn<{
103
+ content: drizzle_orm_pg_core1810.PgColumn<{
104
104
  name: "content";
105
105
  tableName: "skill_files";
106
106
  dataType: "string";
@@ -117,7 +117,7 @@ declare const SkillFileSelectSchema: drizzle_zod367.BuildSchema<"select", {
117
117
  identity: undefined;
118
118
  generated: undefined;
119
119
  }, {}, {}>;
120
- projectId: drizzle_orm_pg_core2150.PgColumn<{
120
+ projectId: drizzle_orm_pg_core1810.PgColumn<{
121
121
  name: "project_id";
122
122
  tableName: "skill_files";
123
123
  dataType: "string";
@@ -136,7 +136,7 @@ declare const SkillFileSelectSchema: drizzle_zod367.BuildSchema<"select", {
136
136
  }, {}, {
137
137
  length: 256;
138
138
  }>;
139
- tenantId: drizzle_orm_pg_core2150.PgColumn<{
139
+ tenantId: drizzle_orm_pg_core1810.PgColumn<{
140
140
  name: "tenant_id";
141
141
  tableName: "skill_files";
142
142
  dataType: "string";
@@ -155,7 +155,7 @@ declare const SkillFileSelectSchema: drizzle_zod367.BuildSchema<"select", {
155
155
  }, {}, {
156
156
  length: 256;
157
157
  }>;
158
- id: drizzle_orm_pg_core2150.PgColumn<{
158
+ id: drizzle_orm_pg_core1810.PgColumn<{
159
159
  name: "id";
160
160
  tableName: "skill_files";
161
161
  dataType: "string";
@@ -175,7 +175,7 @@ declare const SkillFileSelectSchema: drizzle_zod367.BuildSchema<"select", {
175
175
  length: 256;
176
176
  }>;
177
177
  }, drizzle_zod367.BuildRefine<{
178
- createdAt: drizzle_orm_pg_core2150.PgColumn<{
178
+ createdAt: drizzle_orm_pg_core1810.PgColumn<{
179
179
  name: "created_at";
180
180
  tableName: "skill_files";
181
181
  dataType: "string";
@@ -192,7 +192,7 @@ declare const SkillFileSelectSchema: drizzle_zod367.BuildSchema<"select", {
192
192
  identity: undefined;
193
193
  generated: undefined;
194
194
  }, {}, {}>;
195
- updatedAt: drizzle_orm_pg_core2150.PgColumn<{
195
+ updatedAt: drizzle_orm_pg_core1810.PgColumn<{
196
196
  name: "updated_at";
197
197
  tableName: "skill_files";
198
198
  dataType: "string";
@@ -209,7 +209,7 @@ declare const SkillFileSelectSchema: drizzle_zod367.BuildSchema<"select", {
209
209
  identity: undefined;
210
210
  generated: undefined;
211
211
  }, {}, {}>;
212
- skillId: drizzle_orm_pg_core2150.PgColumn<{
212
+ skillId: drizzle_orm_pg_core1810.PgColumn<{
213
213
  name: "skill_id";
214
214
  tableName: "skill_files";
215
215
  dataType: "string";
@@ -228,7 +228,7 @@ declare const SkillFileSelectSchema: drizzle_zod367.BuildSchema<"select", {
228
228
  }, {}, {
229
229
  length: 64;
230
230
  }>;
231
- filePath: drizzle_orm_pg_core2150.PgColumn<{
231
+ filePath: drizzle_orm_pg_core1810.PgColumn<{
232
232
  name: "file_path";
233
233
  tableName: "skill_files";
234
234
  dataType: "string";
@@ -247,7 +247,7 @@ declare const SkillFileSelectSchema: drizzle_zod367.BuildSchema<"select", {
247
247
  }, {}, {
248
248
  length: 1024;
249
249
  }>;
250
- content: drizzle_orm_pg_core2150.PgColumn<{
250
+ content: drizzle_orm_pg_core1810.PgColumn<{
251
251
  name: "content";
252
252
  tableName: "skill_files";
253
253
  dataType: "string";
@@ -264,7 +264,7 @@ declare const SkillFileSelectSchema: drizzle_zod367.BuildSchema<"select", {
264
264
  identity: undefined;
265
265
  generated: undefined;
266
266
  }, {}, {}>;
267
- projectId: drizzle_orm_pg_core2150.PgColumn<{
267
+ projectId: drizzle_orm_pg_core1810.PgColumn<{
268
268
  name: "project_id";
269
269
  tableName: "skill_files";
270
270
  dataType: "string";
@@ -283,7 +283,7 @@ declare const SkillFileSelectSchema: drizzle_zod367.BuildSchema<"select", {
283
283
  }, {}, {
284
284
  length: 256;
285
285
  }>;
286
- tenantId: drizzle_orm_pg_core2150.PgColumn<{
286
+ tenantId: drizzle_orm_pg_core1810.PgColumn<{
287
287
  name: "tenant_id";
288
288
  tableName: "skill_files";
289
289
  dataType: "string";
@@ -302,7 +302,7 @@ declare const SkillFileSelectSchema: drizzle_zod367.BuildSchema<"select", {
302
302
  }, {}, {
303
303
  length: 256;
304
304
  }>;
305
- id: drizzle_orm_pg_core2150.PgColumn<{
305
+ id: drizzle_orm_pg_core1810.PgColumn<{
306
306
  name: "id";
307
307
  tableName: "skill_files";
308
308
  dataType: "string";
@@ -413,8 +413,8 @@ declare const SkillFileApiSelectSchema: z.ZodObject<{
413
413
  createdAt: z.ZodString;
414
414
  updatedAt: z.ZodString;
415
415
  content: z.ZodString;
416
- skillId: z.ZodString;
417
416
  filePath: z.ZodString;
417
+ skillId: z.ZodString;
418
418
  }, z.core.$strip>;
419
419
  declare const SkillFileApiInsertSchema: z.ZodObject<{
420
420
  filePath: z.ZodString;
@@ -436,8 +436,8 @@ declare const SkillWithFilesApiSelectSchema: z.ZodObject<{
436
436
  createdAt: z.ZodString;
437
437
  updatedAt: z.ZodString;
438
438
  content: z.ZodString;
439
- skillId: z.ZodString;
440
439
  filePath: z.ZodString;
440
+ skillId: z.ZodString;
441
441
  }, z.core.$strip>>;
442
442
  }, z.core.$strip>;
443
443
  declare const SubAgentSkillSelectSchema: z.ZodObject<{
@@ -490,16 +490,16 @@ declare const SubAgentSkillApiSelectSchema: z.ZodObject<{
490
490
  createdAt: z.ZodString;
491
491
  updatedAt: z.ZodString;
492
492
  subAgentId: z.ZodString;
493
- skillId: z.ZodString;
494
493
  index: z.ZodInt;
495
494
  alwaysLoaded: z.ZodBoolean;
495
+ skillId: z.ZodString;
496
496
  }, z.core.$strip>;
497
497
  declare const SubAgentSkillApiInsertSchema: z.ZodObject<{
498
498
  agentId: z.ZodString;
499
499
  subAgentId: z.ZodString;
500
- skillId: z.ZodString;
501
500
  index: z.ZodInt;
502
501
  alwaysLoaded: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
502
+ skillId: z.ZodString;
503
503
  }, {
504
504
  out: {};
505
505
  in: {};
@@ -509,9 +509,9 @@ declare const SubAgentSkillApiUpdateSchema: z.ZodObject<{
509
509
  createdAt: z.ZodOptional<z.ZodOptional<z.ZodOptional<z.ZodString>>>;
510
510
  updatedAt: z.ZodOptional<z.ZodOptional<z.ZodOptional<z.ZodString>>>;
511
511
  subAgentId: z.ZodOptional<z.ZodOptional<z.ZodString>>;
512
- skillId: z.ZodOptional<z.ZodOptional<z.ZodString>>;
513
512
  index: z.ZodOptional<z.ZodOptional<z.ZodInt>>;
514
513
  alwaysLoaded: z.ZodOptional<z.ZodOptional<z.ZodDefault<z.ZodOptional<z.ZodBoolean>>>>;
514
+ skillId: z.ZodOptional<z.ZodOptional<z.ZodString>>;
515
515
  }, z.core.$strip>;
516
516
  declare const SubAgentSkillWithIndexSchema: z.ZodObject<{
517
517
  id: z.ZodString;
@@ -532,8 +532,8 @@ declare const SkillFileResponse: z.ZodObject<{
532
532
  createdAt: z.ZodString;
533
533
  updatedAt: z.ZodString;
534
534
  content: z.ZodString;
535
- skillId: z.ZodString;
536
535
  filePath: z.ZodString;
536
+ skillId: z.ZodString;
537
537
  }, z.core.$strip>;
538
538
  }, z.core.$strip>;
539
539
  declare const SkillWithFilesResponse: z.ZodObject<{
@@ -550,8 +550,8 @@ declare const SkillWithFilesResponse: z.ZodObject<{
550
550
  createdAt: z.ZodString;
551
551
  updatedAt: z.ZodString;
552
552
  content: z.ZodString;
553
- skillId: z.ZodString;
554
553
  filePath: z.ZodString;
554
+ skillId: z.ZodString;
555
555
  }, z.core.$strip>>;
556
556
  }, z.core.$strip>;
557
557
  }, z.core.$strip>;
@@ -578,9 +578,9 @@ declare const SubAgentSkillResponse: z.ZodObject<{
578
578
  createdAt: z.ZodString;
579
579
  updatedAt: z.ZodString;
580
580
  subAgentId: z.ZodString;
581
- skillId: z.ZodString;
582
581
  index: z.ZodInt;
583
582
  alwaysLoaded: z.ZodBoolean;
583
+ skillId: z.ZodString;
584
584
  }, z.core.$strip>;
585
585
  }, z.core.$strip>;
586
586
  declare const SubAgentSkillWithIndexArrayResponse: z.ZodObject<{