@inkeep/agents-manage-api 0.0.0-dev-20250910232631

package/dist/data/graphFullClient.js

@@ -0,0 +1,189 @@
+/**
+ * Client-side functions for interacting with the Full Graph API
+ * These functions make HTTP requests to the server instead of direct database calls
+ */
+import { getLogger } from '../logger';
+const logger = getLogger('graphFullClient');
+/**
+ * Create a full graph via HTTP API
+ */
+export async function createFullGraphViaAPI(tenantId, projectId, apiUrl, graphData) {
+    logger.info({
+        tenantId,
+        projectId,
+        graphId: graphData.id,
+        apiUrl,
+    }, 'Creating full graph via API');
+    const url = `${apiUrl}/tenants/${tenantId}/crud/projects/${projectId}/graph`;
+    const response = await fetch(url, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+        },
+        body: JSON.stringify(graphData),
+    });
+    if (!response.ok) {
+        const errorText = await response.text();
+        let errorMessage = `Failed to create graph: ${response.status} ${response.statusText}`;
+        try {
+            const errorJson = JSON.parse(errorText);
+            if (errorJson.error) {
+                errorMessage = errorJson.error;
+            }
+        }
+        catch {
+            // Use the text as-is if not JSON
+            if (errorText) {
+                errorMessage = errorText;
+            }
+        }
+        logger.error({
+            status: response.status,
+            error: errorMessage,
+        }, 'Failed to create graph via API');
+        throw new Error(errorMessage);
+    }
+    const result = await response.json();
+    logger.info({
+        graphId: graphData.id,
+    }, 'Successfully created graph via API');
+    return result.data;
+}
+/**
+ * Update a full graph via HTTP API (upsert behavior)
+ */
+export async function updateFullGraphViaAPI(tenantId, projectId, apiUrl, graphId, graphData) {
+    logger.info({
+        tenantId,
+        projectId,
+        graphId,
+        apiUrl,
+    }, 'Updating full graph via API');
+    const url = `${apiUrl}/tenants/${tenantId}/crud/projects/${projectId}/graph/${graphId}`;
+    const response = await fetch(url, {
+        method: 'PUT',
+        headers: {
+            'Content-Type': 'application/json',
+        },
+        body: JSON.stringify(graphData),
+    });
+    if (!response.ok) {
+        const errorText = await response.text();
+        let errorMessage = `Failed to update graph: ${response.status} ${response.statusText}`;
+        try {
+            const errorJson = JSON.parse(errorText);
+            if (errorJson.error) {
+                errorMessage = errorJson.error;
+            }
+        }
+        catch {
+            // Use the text as-is if not JSON
+            if (errorText) {
+                errorMessage = errorText;
+            }
+        }
+        logger.error({
+            status: response.status,
+            error: errorMessage,
+        }, 'Failed to update graph via API');
+        throw new Error(errorMessage);
+    }
+    const result = await response.json();
+    logger.info({
+        graphId,
+    }, 'Successfully updated graph via API');
+    return result.data;
+}
+/**
+ * Get a full graph via HTTP API
+ */
+export async function getFullGraphViaAPI(tenantId, projectId, apiUrl, graphId) {
+    logger.info({
+        tenantId,
+        projectId,
+        graphId,
+        apiUrl,
+    }, 'Getting full graph via API');
+    const url = `${apiUrl}/tenants/${tenantId}/crud/projects/${projectId}/graph/${graphId}`;
+    const response = await fetch(url, {
+        method: 'GET',
+        headers: {
+            'Content-Type': 'application/json',
+        },
+    });
+    if (response.status === 404) {
+        return null;
+    }
+    if (!response.ok) {
+        const errorText = await response.text();
+        let errorMessage = `Failed to get graph: ${response.status} ${response.statusText}`;
+        try {
+            const errorJson = JSON.parse(errorText);
+            if (errorJson.error) {
+                errorMessage = errorJson.error;
+            }
+        }
+        catch {
+            // Use the text as-is if not JSON
+            if (errorText) {
+                errorMessage = errorText;
+            }
+        }
+        logger.error({
+            status: response.status,
+            error: errorMessage,
+        }, 'Failed to get graph via API');
+        throw new Error(errorMessage);
+    }
+    const result = await response.json();
+    logger.info({
+        graphId,
+    }, 'Successfully retrieved graph via API');
+    return result.data;
+}
+/**
+ * Delete a full graph via HTTP API
+ */
+export async function deleteFullGraphViaAPI(tenantId, projectId, apiUrl, graphId) {
+    logger.info({
+        tenantId,
+        projectId,
+        graphId,
+        apiUrl,
+    }, 'Deleting full graph via API');
+    const url = `${apiUrl}/tenants/${tenantId}/crud/projects/${projectId}/graph/${graphId}`;
+    const response = await fetch(url, {
+        method: 'DELETE',
+        headers: {
+            'Content-Type': 'application/json',
+        },
+    });
+    if (response.status === 404) {
+        return false;
+    }
+    if (!response.ok) {
+        const errorText = await response.text();
+        let errorMessage = `Failed to delete graph: ${response.status} ${response.statusText}`;
+        try {
+            const errorJson = JSON.parse(errorText);
+            if (errorJson.error) {
+                errorMessage = errorJson.error;
+            }
+        }
+        catch {
+            // Use the text as-is if not JSON
+            if (errorText) {
+                errorMessage = errorText;
+            }
+        }
+        logger.error({
+            status: response.status,
+            error: errorMessage,
+        }, 'Failed to delete graph via API');
+        throw new Error(errorMessage);
+    }
+    logger.info({
+        graphId,
+    }, 'Successfully deleted graph via API');
+    return true;
+}

package/dist/data/tools.d.ts

@@ -0,0 +1,82 @@
+import { type CredentialStoreRegistry, type McpServerCapabilities, type McpTool, type McpToolDefinition, type McpToolStatus } from '@inkeep/agents-core';
+export declare const updateToolHealth: ({ tenantId, projectId, toolId, status, error, }: {
+    tenantId: string;
+    projectId: string;
+    toolId: string;
+    status: McpToolStatus;
+    error?: string;
+}) => Promise<{
+    name: string;
+    headers: Record<string, string> | null;
+    id: string;
+    tenantId: string;
+    projectId: string;
+    createdAt: string;
+    updatedAt: string;
+    credentialReferenceId: string | null;
+    status: string;
+    config: {
+        type: "mcp";
+        mcp: import("@inkeep/agents-core").ToolMcpConfig;
+    };
+    imageUrl: string | null;
+    capabilities: import("@inkeep/agents-core").ToolServerCapabilities | null;
+    lastHealthCheck: string | null;
+    lastError: string | null;
+    availableTools: McpToolDefinition[] | null;
+    lastToolsSync: string | null;
+}>;
+export declare const checkToolHealth: (tool: McpTool, credentialStoreRegistry?: CredentialStoreRegistry) => Promise<{
+    status: McpToolStatus;
+    error?: string;
+    capabilities?: McpServerCapabilities;
+}>;
+export declare const discoverToolsFromServer: (tool: McpTool, credentialStoreRegistry?: CredentialStoreRegistry) => Promise<McpToolDefinition[]>;
+export declare const syncToolDefinitions: ({ tenantId, projectId, toolId, credentialStoreRegistry, }: {
+    tenantId: string;
+    projectId: string;
+    toolId: string;
+    credentialStoreRegistry?: CredentialStoreRegistry;
+}) => Promise<{
+    name: string;
+    headers: Record<string, string> | null;
+    id: string;
+    tenantId: string;
+    projectId: string;
+    createdAt: string;
+    updatedAt: string;
+    credentialReferenceId: string | null;
+    status: string;
+    config: {
+        type: "mcp";
+        mcp: import("@inkeep/agents-core").ToolMcpConfig;
+    };
+    imageUrl: string | null;
+    capabilities: import("@inkeep/agents-core").ToolServerCapabilities | null;
+    lastHealthCheck: string | null;
+    lastError: string | null;
+    availableTools: McpToolDefinition[] | null;
+    lastToolsSync: string | null;
+}>;
+export declare const checkAllToolsHealth: (tenantId: string, projectId: string, credentialStoreRegistry?: CredentialStoreRegistry) => Promise<PromiseSettledResult<{
+    name: string;
+    headers: Record<string, string> | null;
+    id: string;
+    tenantId: string;
+    projectId: string;
+    createdAt: string;
+    updatedAt: string;
+    credentialReferenceId: string | null;
+    status: string;
+    config: {
+        type: "mcp";
+        mcp: import("@inkeep/agents-core").ToolMcpConfig;
+    };
+    imageUrl: string | null;
+    capabilities: import("@inkeep/agents-core").ToolServerCapabilities | null;
+    lastHealthCheck: string | null;
+    lastError: string | null;
+    availableTools: McpToolDefinition[] | null;
+    lastToolsSync: string | null;
+}>[]>;
+//# sourceMappingURL=tools.d.ts.map

package/dist/data/tools.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tools.d.ts","sourceRoot":"","sources":["../../src/data/tools.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,KAAK,uBAAuB,EAS5B,KAAK,qBAAqB,EAI1B,KAAK,OAAO,EACZ,KAAK,iBAAiB,EACtB,KAAK,aAAa,EAGnB,MAAM,qBAAqB,CAAC;AAkD7B,eAAO,MAAM,gBAAgB,GAAU,iDAMpC;IACD,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,aAAa,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;;;;;;;;;;;;;;;;;;;;EAmBA,CAAC;AAEF,eAAO,MAAM,eAAe,GAC1B,MAAM,OAAO,EACb,0BAA0B,uBAAuB,KAChD,OAAO,CAAC;IACT,MAAM,EAAE,aAAa,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,qBAAqB,CAAC;CACtC,CAqGA,CAAC;AAGF,eAAO,MAAM,uBAAuB,GAClC,MAAM,OAAO,EACb,0BAA0B,uBAAuB,KAChD,OAAO,CAAC,iBAAiB,EAAE,CAuF7B,CAAC;AAEF,eAAO,MAAM,mBAAmB,GAAU,2DAKvC;IACD,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,uBAAuB,CAAC,EAAE,uBAAuB,CAAC;CACnD;;;;;;;;;;;;;;;;;;;;EA+CA,CAAC;AAGF,eAAO,MAAM,mBAAmB,GAC9B,UAAU,MAAM,EAChB,WAAW,MAAM,EACjB,0BAA0B,uBAAuB;;;;;;;;;;;;;;;;;;;;KAkBlD,CAAC"}

package/dist/data/tools.js

@@ -0,0 +1,271 @@
+import { ContextResolver, CredentialStuffer, dbResultToMcpTool, detectAuthenticationRequired, getCredentialReference, getToolById, listTools, McpClient, updateTool, } from '@inkeep/agents-core';
+import { getLogger } from '../logger';
+import dbClient from './db/dbClient';
+/**
+ * Extract input schema from MCP tool definition, handling multiple formats
+ * Different MCP servers may use different schema structures:
+ * - inputSchema (direct) - e.g., Notion MCP
+ * - parameters.properties - e.g., some other MCP servers
+ * - parameters (direct) - alternative format
+ * - schema - another possible location
+ */
+function extractInputSchema(toolDef) {
+    // Try different possible locations for the input schema
+    if (toolDef.inputSchema) {
+        return toolDef.inputSchema;
+    }
+    if (toolDef.parameters?.properties) {
+        return toolDef.parameters.properties;
+    }
+    if (toolDef.parameters && typeof toolDef.parameters === 'object') {
+        return toolDef.parameters;
+    }
+    if (toolDef.schema) {
+        return toolDef.schema;
+    }
+    // If none found, return empty object
+    return {};
+}
+const logger = getLogger('tools');
+// Helper function to convert McpTool to MCPToolConfig format for CredentialStuffer
+const convertToMCPToolConfig = (tool) => {
+    return {
+        id: tool.id,
+        name: tool.name,
+        description: tool.name, // Use name as description fallback
+        serverUrl: tool.config.mcp.server.url,
+        mcpType: tool.config.mcp.server.url.includes('api.nango.dev') ? 'nango' : 'generic',
+        transport: tool.config.mcp.transport,
+        headers: tool.headers,
+    };
+};
+// Health checking and monitoring
+export const updateToolHealth = async ({ tenantId, projectId, toolId, status, error, }) => {
+    const now = new Date().toISOString();
+    const updateData = {
+        status,
+        lastHealthCheck: now,
+        updatedAt: now,
+    };
+    if (error !== undefined) {
+        updateData.lastError = error;
+    }
+    const tool = await updateTool(dbClient)({
+        scopes: { tenantId, projectId },
+        toolId,
+        data: updateData,
+    });
+    return tool;
+};
+export const checkToolHealth = async (tool, credentialStoreRegistry) => {
+    try {
+        const transportType = tool.config.mcp.transport?.type || 'streamable_http';
+        const baseConfig = {
+            url: tool.config.mcp.server.url,
+        };
+        const credentialReferenceId = tool.credentialReferenceId;
+        let serverConfig;
+        // Build server config with credentials if available
+        if (credentialReferenceId) {
+            // Get credential store configuration
+            const credentialReference = await getCredentialReference(dbClient)({
+                scopes: { tenantId: tool.tenantId, projectId: tool.projectId },
+                id: credentialReferenceId,
+            });
+            if (!credentialReference) {
+                throw new Error(`Credential store not found: ${credentialReferenceId}`);
+            }
+            const storeReference = {
+                credentialStoreId: credentialReference.credentialStoreId,
+                retrievalParams: credentialReference.retrievalParams || {},
+            };
+            // Use CredentialStuffer to build proper config with auth headers
+            if (!credentialStoreRegistry) {
+                throw new Error('CredentialStoreRegistry is required for authenticated tools');
+            }
+            const contextResolver = new ContextResolver(tool.tenantId, tool.projectId, dbClient, credentialStoreRegistry);
+            const credentialStuffer = new CredentialStuffer(credentialStoreRegistry, contextResolver);
+            serverConfig = await credentialStuffer.buildMcpServerConfig({ tenantId: tool.tenantId, projectId: tool.projectId }, convertToMCPToolConfig(tool), storeReference);
+        }
+        else {
+            if (transportType === 'sse') {
+                serverConfig = {
+                    type: 'sse',
+                    url: baseConfig.url,
+                    activeTools: tool.config.mcp.activeTools,
+                    eventSourceInit: tool.config.mcp.transport?.eventSourceInit,
+                };
+            }
+            else {
+                serverConfig = {
+                    type: 'streamable_http',
+                    url: baseConfig.url,
+                    activeTools: tool.config.mcp.activeTools,
+                    requestInit: tool.config.mcp.transport?.requestInit,
+                    eventSourceInit: tool.config.mcp.transport?.eventSourceInit,
+                    reconnectionOptions: tool.config.mcp.transport?.reconnectionOptions,
+                    sessionId: tool.config.mcp.transport?.sessionId,
+                };
+            }
+        }
+        const client = new McpClient({
+            name: tool.name,
+            server: serverConfig,
+        });
+        await client.connect();
+        // Try to list tools to verify connection
+        await client.tools();
+        await client.disconnect();
+        return {
+            status: 'healthy',
+            capabilities: {
+                tools: true,
+                resources: false, // Could be enhanced to check actual capabilities
+                prompts: false,
+                logging: false,
+            },
+        };
+    }
+    catch (error) {
+        logger.error({ toolId: tool.id, error }, 'Tool health check failed');
+        // Check if error indicates authentication is required
+        if (error instanceof Error && (await detectAuthenticationRequired(tool, error))) {
+            return {
+                status: 'needs_auth',
+                error: 'Authentication required - OAuth login needed',
+            };
+        }
+        return {
+            status: 'unhealthy',
+            error: error instanceof Error ? error.message : 'Unknown error',
+        };
+    }
+};
+// Tool discovery
+export const discoverToolsFromServer = async (tool, credentialStoreRegistry) => {
+    try {
+        const credentialReferenceId = tool.credentialReferenceId;
+        let serverConfig;
+        // Build server config with credentials if available
+        if (credentialReferenceId) {
+            // Get credential store configuration
+            const credentialReference = await getCredentialReference(dbClient)({
+                scopes: { tenantId: tool.tenantId, projectId: tool.projectId },
+                id: credentialReferenceId,
+            });
+            if (!credentialReference) {
+                throw new Error(`Credential store not found: ${credentialReferenceId}`);
+            }
+            const storeReference = {
+                credentialStoreId: credentialReference.credentialStoreId,
+                retrievalParams: credentialReference.retrievalParams || {},
+            };
+            // Use CredentialStuffer to build proper config with auth headers
+            if (!credentialStoreRegistry) {
+                throw new Error('CredentialStoreRegistry is required for authenticated tools');
+            }
+            const contextResolver = new ContextResolver(tool.tenantId, tool.projectId, dbClient, credentialStoreRegistry);
+            const credentialStuffer = new CredentialStuffer(credentialStoreRegistry, contextResolver);
+            serverConfig = (await credentialStuffer.buildMcpServerConfig({ tenantId: tool.tenantId, projectId: tool.projectId }, convertToMCPToolConfig(tool), storeReference));
+        }
+        else {
+            // No credentials - build basic config
+            const transportType = tool.config.mcp.transport?.type || 'streamable_http';
+            if (transportType === 'sse') {
+                serverConfig = {
+                    type: 'sse',
+                    url: tool.config.mcp.server.url,
+                    activeTools: tool.config.mcp.activeTools,
+                    eventSourceInit: tool.config.mcp.transport?.eventSourceInit,
+                };
+            }
+            else {
+                serverConfig = {
+                    type: 'streamable_http',
+                    url: tool.config.mcp.server.url,
+                    activeTools: tool.config.mcp.activeTools,
+                    requestInit: tool.config.mcp.transport?.requestInit,
+                    eventSourceInit: tool.config.mcp.transport?.eventSourceInit,
+                    reconnectionOptions: tool.config.mcp.transport?.reconnectionOptions,
+                    sessionId: tool.config.mcp.transport?.sessionId,
+                };
+            }
+        }
+        const client = new McpClient({
+            name: tool.name,
+            server: serverConfig,
+        });
+        await client.connect();
+        // Get tools from the MCP client
+        const serverTools = await client.tools();
+        await client.disconnect();
+        // Convert to our format
+        const toolDefinitions = Object.entries(serverTools).map(([name, toolDef]) => ({
+            name,
+            description: toolDef.description || '',
+            inputSchema: extractInputSchema(toolDef),
+        }));
+        return toolDefinitions;
+    }
+    catch (error) {
+        logger.error({ toolId: tool.id, error }, 'Tool discovery failed');
+        throw error;
+    }
+};
+export const syncToolDefinitions = async ({ tenantId, projectId, toolId, credentialStoreRegistry, }) => {
+    const tool = await getToolById(dbClient)({ scopes: { tenantId, projectId }, toolId });
+    if (!tool) {
+        throw new Error(`Tool ${toolId} not found`);
+    }
+    const mcpTool = dbResultToMcpTool(tool);
+    try {
+        const availableTools = await discoverToolsFromServer(mcpTool, credentialStoreRegistry);
+        const updatedTool = await updateTool(dbClient)({
+            scopes: { tenantId, projectId },
+            toolId,
+            data: {
+                availableTools,
+                lastToolsSync: new Date().toISOString(),
+                status: 'healthy',
+                updatedAt: new Date().toISOString(),
+            },
+        });
+        return updatedTool;
+    }
+    catch (error) {
+        const toolNeedsAuth = error instanceof Error && (await detectAuthenticationRequired(mcpTool, error));
+        const now = new Date().toISOString();
+        const updatedTool = await updateTool(dbClient)({
+            scopes: { tenantId, projectId },
+            toolId,
+            data: {
+                availableTools: [],
+                lastToolsSync: new Date().toISOString(),
+                status: toolNeedsAuth ? 'needs_auth' : 'unhealthy',
+                lastError: toolNeedsAuth
+                    ? 'Authentication required - OAuth login needed'
+                    : error instanceof Error
+                        ? error.message
+                        : 'Tool sync failed',
+                lastHealthCheck: now,
+                updatedAt: now,
+            },
+        });
+        return updatedTool;
+    }
+};
+// Bulk health checking
+export const checkAllToolsHealth = async (tenantId, projectId, credentialStoreRegistry) => {
+    const toolsList = await listTools(dbClient)({ scopes: { tenantId, projectId } });
+    const results = await Promise.allSettled(toolsList.data.map(async (tool) => {
+        const healthResult = await checkToolHealth(dbResultToMcpTool(tool), credentialStoreRegistry);
+        return await updateToolHealth({
+            tenantId,
+            projectId: tool.projectId,
+            toolId: tool.id,
+            status: healthResult.status,
+            error: healthResult.error,
+        });
+    }));
+    return results;
+};

package/dist/env.d.ts

@@ -0,0 +1,41 @@
+import { z } from 'zod';
+declare const envSchema: z.ZodObject<{
+    NODE_ENV: z.ZodOptional<z.ZodEnum<{
+        development: "development";
+        production: "production";
+        test: "test";
+    }>>;
+    ENVIRONMENT: z.ZodOptional<z.ZodEnum<{
+        development: "development";
+        pentest: "pentest";
+        production: "production";
+        test: "test";
+    }>>;
+    DB_FILE_NAME: z.ZodDefault<z.ZodString>;
+    PORT: z.ZodDefault<z.ZodOptional<z.ZodCoercedNumber<unknown>>>;
+    MANAGEMENT_PORT: z.ZodDefault<z.ZodOptional<z.ZodCoercedNumber<unknown>>>;
+    AGENT_BASE_URL: z.ZodOptional<z.ZodString>;
+    LOG_LEVEL: z.ZodDefault<z.ZodOptional<z.ZodEnum<{
+        error: "error";
+        debug: "debug";
+        info: "info";
+        trace: "trace";
+        warn: "warn";
+    }>>>;
+    NANGO_SECRET_KEY: z.ZodOptional<z.ZodString>;
+    INKEEP_AGENTS_MANAGE_API_SECRET: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export declare const env: {
+    DB_FILE_NAME: string;
+    PORT: number;
+    MANAGEMENT_PORT: number;
+    LOG_LEVEL: "error" | "debug" | "info" | "trace" | "warn";
+    NODE_ENV?: "development" | "production" | "test" | undefined;
+    ENVIRONMENT?: "development" | "pentest" | "production" | "test" | undefined;
+    AGENT_BASE_URL?: string | undefined;
+    NANGO_SECRET_KEY?: string | undefined;
+    INKEEP_AGENTS_MANAGE_API_SECRET?: string | undefined;
+};
+export type Env = z.infer<typeof envSchema>;
+export {};
+//# sourceMappingURL=env.d.ts.map

package/dist/env.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"env.d.ts","sourceRoot":"","sources":["../src/env.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAkCxB,QAAA,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;iBAUb,CAAC;AAuBH,eAAO,MAAM,GAAG;;;;;;;;;;CAAa,CAAC;AAC9B,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,SAAS,CAAC,CAAC"}

package/dist/env.js

@@ -0,0 +1,59 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import * as dotenv from 'dotenv';
+import { z } from 'zod';
+dotenv.config({ quiet: true });
+const _nodeEnvSchema = z.enum(['development', 'production']).default('development');
+const environmentSchema = z.enum(['development', 'pentest', 'production', 'test']);
+const criticalEnv = z
+    .object({
+    ENVIRONMENT: environmentSchema,
+})
+    .parse(process.env);
+const loadEnvFile = () => {
+    // Priority of environment variables:
+    // 1. Existing process.env variables (highest priority)
+    // 2. Values from .env.{nodeEnv}.nonsecret file (lower priority)
+    // 3. Default values defined in schema (lowest priority)
+    const envPath = path.resolve(process.cwd(), `.env.${criticalEnv.ENVIRONMENT}.nonsecret`);
+    if (fs.existsSync(envPath)) {
+        const envConfig = dotenv.parse(fs.readFileSync(envPath));
+        for (const k in envConfig) {
+            // Only set if the environment variable doesn't already exist
+            // This preserves any values that were already set in process.env
+            if (!(k in process.env)) {
+                process.env[k] = envConfig[k];
+            }
+        }
+    }
+};
+loadEnvFile();
+const envSchema = z.object({
+    NODE_ENV: z.enum(['development', 'production', 'test']).optional(),
+    ENVIRONMENT: z.enum(['development', 'production', 'pentest', 'test']).optional(),
+    DB_FILE_NAME: z.string().default('file:../local.db'),
+    PORT: z.coerce.number().optional().default(3002),
+    MANAGEMENT_PORT: z.coerce.number().optional().default(3002),
+    AGENT_BASE_URL: z.string().optional(),
+    LOG_LEVEL: z.enum(['trace', 'debug', 'info', 'warn', 'error']).optional().default('debug'),
+    NANGO_SECRET_KEY: z.string().optional(),
+    INKEEP_AGENTS_MANAGE_API_SECRET: z.string().optional(),
+});
+const parseEnv = () => {
+    try {
+        const parsedEnv = envSchema.parse(process.env);
+        // Set default AGENT_BASE_URL if not provided
+        if (!parsedEnv.AGENT_BASE_URL) {
+            parsedEnv.AGENT_BASE_URL = `http://localhost:${parsedEnv.PORT}`;
+        }
+        return parsedEnv;
+    }
+    catch (error) {
+        if (error instanceof z.ZodError) {
+            const missingVars = error.issues.map((issue) => issue.path.join('.'));
+            throw new Error(`❌ Invalid environment variables: ${missingVars.join(', ')}\n${error.message}`);
+        }
+        throw error;
+    }
+};
+export const env = parseEnv();

package/dist/index.d.ts

@@ -0,0 +1,10 @@
+import { type CredentialStore, type ServerConfig } from '@inkeep/agents-core';
+import { createManagementHono } from './app';
+declare const app: import("hono").Hono<import("hono/types").BlankEnv, import("hono/types").BlankSchema, "/">;
+export default app;
+export { createManagementHono };
+export declare function createManagementApp(config?: {
+    serverConfig?: ServerConfig;
+    credentialStores?: CredentialStore[];
+}): import("hono").Hono<import("hono/types").BlankEnv, import("hono/types").BlankSchema, "/">;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,eAAe,EAGpB,KAAK,YAAY,EAClB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,oBAAoB,EAAE,MAAM,OAAO,CAAC;AAiB7C,QAAA,MAAM,GAAG,2FAAuD,CAAC;AAGjE,eAAe,GAAG,CAAC;AAGnB,OAAO,EAAE,oBAAoB,EAAE,CAAC;AAGhC,wBAAgB,mBAAmB,CAAC,MAAM,CAAC,EAAE;IAC3C,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,gBAAgB,CAAC,EAAE,eAAe,EAAE,CAAC;CACtC,6FAMA"}