@inkeep/agents-manage-api 0.1.0 → 0.1.2

package/LICENSE.md

@@ -0,0 +1,49 @@
+# Inkeep SDK – Elastic License 2.0 with Supplemental Terms
+
+NOTE: The Inkeep SDK is licensed under the Elastic License 2.0 (ELv2), subject to Supplemental Terms included in [SUPPLEMENTAL_TERMS.md](SUPPLEMENTAL_TERMS.md). In the event of conflict, the Supplemental Terms control.
+
+# Elastic License 2.0
+
+## Acceptance  
+By using the software, you agree to all of the terms and conditions below.
+
+## Copyright License
+The licensor grants you a non-exclusive, royalty-free, worldwide, non-sublicensable, non-transferable license to use, copy, distribute, make available, and prepare derivative works of the software, in each case subject to the limitations and conditions below.
+
+## Limitations
+You may not provide the software to third parties as a hosted or managed service, where the service provides users with access to any substantial set of the features or functionality of the software.
+
+You may not move, change, disable, or circumvent the license key functionality in the software, and you may not remove or obscure any functionality in the software that is protected by the license key.
+
+You may not alter, remove, or obscure any licensing, copyright, or other notices of the licensor in the software. Any use of the licensor’s trademarks is subject to applicable law.
+
+## Patents
+The licensor grants you a license, under any patent claims the licensor can license, or becomes able to license, to make, have made, use, sell, offer for sale, import and have imported the software, in each case subject to the limitations and conditions in this license. This license does not cover any patent claims that you cause to be infringed by modifications or additions to the software. If you or your company make any written claim that the software infringes or contributes to infringement of any patent, your patent license for the software granted under these terms ends immediately. If your company makes such a claim, your patent license ends immediately for work on behalf of your company.
+
+## Notices
+You must ensure that anyone who gets a copy of any part of the software from you also gets a copy of these terms.
+
+If you modify the software, you must include in any modified copies of the software prominent notices stating that you have modified the software.
+
+## No Other Rights
+These terms do not imply any licenses other than those expressly granted in these terms.
+
+## Termination
+If you use the software in violation of these terms, such use is not licensed, and your licenses will automatically terminate. If the licensor provides you with a notice of your violation, and you cease all violation of this license no later than 30 days after you receive that notice, your licenses will be reinstated retroactively. However, if you violate these terms after such reinstatement, any additional violation of these terms will cause your licenses to terminate automatically and permanently.
+
+## No Liability
+***As far as the law allows, the software comes as is, without any warranty or condition, and the licensor will not be liable to you for any damages arising out of these terms or the use or nature of the software, under any kind of legal claim.***
+
+## Definitions
+The **licensor** is the entity offering these terms, and the **software** is the software the licensor makes available under these terms, including any portion of it.
+
+**you** refers to the individual or entity agreeing to these terms.
+
+**your company** is any legal entity, sole proprietorship, or other kind of organization that you work for, plus all organizations that have control over, are under the control of, or are under common control with that organization. **control** means ownership of substantially all the assets of an entity, or the power to direct its management and policies by vote, contract, or otherwise. Control can be direct or indirect.
+
+**your licenses** are all the licenses granted to you for the software under these terms.
+
+**use** means anything you do with the software requiring one of your licenses.
+
+**trademark** means trademarks, service marks, and similar rights.
+

package/dist/__tests__/utils/testRequest.js

@@ -1,4 +1,4 @@
-import app from '../../app.js';
+import app from '../../index.js';
 // Helper function to make requests with JSON headers
 export const makeRequest = async (url, options = {}) => {
     return app.request(url, {

package/dist/app.d.ts

@@ -1,4 +1,11 @@
-import { OpenApiHonoWithExecutionContext } from '@inkeep/agents-core';
-declare const app: OpenApiHonoWithExecutionContext;
-export default app;
+import { OpenAPIHono } from '@hono/zod-openapi';
+import type { ServerConfig, CredentialStoreRegistry } from '@inkeep/agents-core';
+type AppVariables = {
+    serverConfig: ServerConfig;
+    credentialStores: CredentialStoreRegistry;
+};
+declare function createManagementHono(serverConfig: ServerConfig, credentialStores: CredentialStoreRegistry): OpenAPIHono<{
+    Variables: AppVariables;
+}, {}, "/">;
+export { createManagementHono };
 //# sourceMappingURL=app.d.ts.map

package/dist/app.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"app.d.ts","sourceRoot":"","sources":["../src/app.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,+BAA+B,EAAE,MAAM,qBAAqB,CAAC;AAatE,QAAA,MAAM,GAAG,iCAAwC,CAAC;AAwJlD,eAAe,GAAG,CAAC"}
+{"version":3,"file":"app.d.ts","sourceRoot":"","sources":["../src/app.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAC7D,OAAO,KAAK,EAAE,YAAY,EAAE,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AAajF,KAAK,YAAY,GAAG;IAClB,YAAY,EAAE,YAAY,CAAC;IAC3B,gBAAgB,EAAE,uBAAuB,CAAC;CAC3C,CAAC;AAEF,iBAAS,oBAAoB,CAC3B,YAAY,EAAE,YAAY,EAC1B,gBAAgB,EAAE,uBAAuB;eAEA,YAAY;YAgKtD;AAED,OAAO,EAAE,oBAAoB,EAAE,CAAC"}

package/dist/app.js

@@ -1,5 +1,4 @@
-import { createRoute } from '@hono/zod-openapi';
-import { OpenApiHonoWithExecutionContext } from '@inkeep/agents-core';
+import { createRoute, OpenAPIHono } from '@hono/zod-openapi';
 import { cors } from 'hono/cors';
 import { HTTPException } from 'hono/http-exception';
 import { requestId } from 'hono/request-id';
@@ -10,131 +9,140 @@ import crudRoutes from './routes/index.js';
 import { apiKeyAuth } from './middleware/auth.js';
 import oauthRoutes from './routes/oauth.js';
 import { setupOpenAPIRoutes } from './openapi.js';
-const app = new OpenApiHonoWithExecutionContext();
-// Request ID middleware
-app.use('*', requestId());
-// Logging middleware
-app.use(pinoLogger({
-    pino: getLogger(),
-    http: {
-        onResLevel(c) {
-            if (c.res.status >= 500) {
-                return 'error';
-            }
-            return 'info';
+function createManagementHono(serverConfig, credentialStores) {
+    const app = new OpenAPIHono();
+    // Request ID middleware
+    app.use('*', requestId());
+    // Server config and credential stores middleware
+    app.use('*', async (c, next) => {
+        c.set('serverConfig', serverConfig);
+        c.set('credentialStores', credentialStores);
+        return next();
+    });
+    // Logging middleware
+    app.use(pinoLogger({
+        pino: getLogger(),
+        http: {
+            onResLevel(c) {
+                if (c.res.status >= 500) {
+                    return 'error';
+                }
+                return 'info';
+            },
         },
-    },
-}));
-// Error handling
-app.onError(async (err, c) => {
-    const isExpectedError = err instanceof HTTPException;
-    const status = isExpectedError ? err.status : 500;
-    const requestId = c.get('requestId') || 'unknown';
-    // Zod validation error detection
-    let zodIssues;
-    if (err && typeof err === 'object') {
-        if (err.cause && Array.isArray(err.cause.issues)) {
-            zodIssues = err.cause.issues;
+    }));
+    // Error handling
+    app.onError(async (err, c) => {
+        const isExpectedError = err instanceof HTTPException;
+        const status = isExpectedError ? err.status : 500;
+        const requestId = c.get('requestId') || 'unknown';
+        // Zod validation error detection
+        let zodIssues;
+        if (err && typeof err === 'object') {
+            if (err.cause && Array.isArray(err.cause.issues)) {
+                zodIssues = err.cause.issues;
+            }
+            else if (Array.isArray(err.issues)) {
+                zodIssues = err.issues;
+            }
+        }
+        if (status === 400 && Array.isArray(zodIssues)) {
+            c.status(400);
+            c.header('Content-Type', 'application/problem+json');
+            c.header('X-Content-Type-Options', 'nosniff');
+            return c.json({
+                type: 'https://docs.inkeep.com/agents-api/errors#bad_request',
+                title: 'Validation Failed',
+                status: 400,
+                detail: 'Request validation failed',
+                errors: zodIssues.map((issue) => ({
+                    detail: issue.message,
+                    pointer: issue.path ? `/${issue.path.join('/')}` : undefined,
+                    name: issue.path ? issue.path.join('.') : undefined,
+                    reason: issue.message,
+                })),
+            });
+        }
+        if (status >= 500) {
+            if (!isExpectedError) {
+                const errorMessage = err instanceof Error ? err.message : String(err);
+                const errorStack = err instanceof Error ? err.stack : undefined;
+                getLogger().error({
+                    error: err,
+                    message: errorMessage,
+                    stack: errorStack,
+                    path: c.req.path,
+                    requestId,
+                }, 'Unexpected server error occurred');
+            }
+            else {
+                getLogger().error({
+                    error: err,
+                    path: c.req.path,
+                    requestId,
+                    status,
+                }, 'Server error occurred');
+            }
         }
-        else if (Array.isArray(err.issues)) {
-            zodIssues = err.issues;
+        if (isExpectedError) {
+            try {
+                const response = err.getResponse();
+                return response;
+            }
+            catch (responseError) {
+                getLogger().error({ error: responseError }, 'Error while handling HTTPException response');
+            }
         }
-    }
-    if (status === 400 && Array.isArray(zodIssues)) {
-        c.status(400);
+        const { status: respStatus, title, detail, instance } = await handleApiError(err, requestId);
+        c.status(respStatus);
         c.header('Content-Type', 'application/problem+json');
         c.header('X-Content-Type-Options', 'nosniff');
         return c.json({
-            type: 'https://docs.inkeep.com/agents-api/errors#bad_request',
-            title: 'Validation Failed',
-            status: 400,
-            detail: 'Request validation failed',
-            errors: zodIssues.map((issue) => ({
-                detail: issue.message,
-                pointer: issue.path ? `/${issue.path.join('/')}` : undefined,
-                name: issue.path ? issue.path.join('.') : undefined,
-                reason: issue.message,
-            })),
+            type: 'https://docs.inkeep.com/agents-api/errors#internal_server_error',
+            title,
+            status: respStatus,
+            detail,
+            ...(instance && { instance }),
         });
-    }
-    if (status >= 500) {
-        if (!isExpectedError) {
-            const errorMessage = err instanceof Error ? err.message : String(err);
-            const errorStack = err instanceof Error ? err.stack : undefined;
-            getLogger().error({
-                error: err,
-                message: errorMessage,
-                stack: errorStack,
-                path: c.req.path,
-                requestId,
-            }, 'Unexpected server error occurred');
-        }
-        else {
-            getLogger().error({
-                error: err,
-                path: c.req.path,
-                requestId,
-                status,
-            }, 'Server error occurred');
-        }
-    }
-    if (isExpectedError) {
-        try {
-            const response = err.getResponse();
-            return response;
-        }
-        catch (responseError) {
-            getLogger().error({ error: responseError }, 'Error while handling HTTPException response');
-        }
-    }
-    const { status: respStatus, title, detail, instance } = await handleApiError(err, requestId);
-    c.status(respStatus);
-    c.header('Content-Type', 'application/problem+json');
-    c.header('X-Content-Type-Options', 'nosniff');
-    return c.json({
-        type: 'https://docs.inkeep.com/agents-api/errors#internal_server_error',
-        title,
-        status: respStatus,
-        detail,
-        ...(instance && { instance }),
     });
-});
-// CORS middleware
-app.use('*', cors({
-    origin: (origin) => {
-        if (!origin)
-            return origin;
-        return origin.startsWith('http://localhost:') || origin.startsWith('https://localhost:')
-            ? origin
-            : null;
-    },
-    allowMethods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'PATCH'],
-    allowHeaders: ['*'],
-    exposeHeaders: ['Content-Length'],
-    maxAge: 86400,
-    credentials: true,
-}));
-// Health check endpoint
-app.openapi(createRoute({
-    method: 'get',
-    path: '/health',
-    tags: ['health'],
-    summary: 'Health check',
-    description: 'Check if the management service is healthy',
-    responses: {
-        204: {
-            description: 'Service is healthy',
+    // CORS middleware
+    app.use('*', cors({
+        origin: (origin) => {
+            if (!origin)
+                return origin;
+            return origin.startsWith('http://localhost:') || origin.startsWith('https://localhost:')
+                ? origin
+                : null;
         },
-    },
-}), (c) => {
-    return c.body(null, 204);
-});
-// API Key authentication middleware for protected routes
-app.use('/tenants/*', apiKeyAuth());
-// Mount CRUD routes for all entities
-app.route('/tenants/:tenantId/crud', crudRoutes);
-// Mount OAuth routes - global OAuth callback endpoint
-app.route('/oauth', oauthRoutes);
-// Setup OpenAPI documentation endpoints (/openapi.json and /docs)
-setupOpenAPIRoutes(app);
-export default app;
+        allowMethods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'PATCH'],
+        allowHeaders: ['*'],
+        exposeHeaders: ['Content-Length'],
+        maxAge: 86400,
+        credentials: true,
+    }));
+    // Health check endpoint
+    app.openapi(createRoute({
+        method: 'get',
+        path: '/health',
+        tags: ['health'],
+        summary: 'Health check',
+        description: 'Check if the management service is healthy',
+        responses: {
+            204: {
+                description: 'Service is healthy',
+            },
+        },
+    }), (c) => {
+        return c.body(null, 204);
+    });
+    // API Key authentication middleware for protected routes
+    app.use('/tenants/*', apiKeyAuth());
+    // Mount CRUD routes for all entities
+    app.route('/tenants/:tenantId/crud', crudRoutes);
+    // Mount OAuth routes - global OAuth callback endpoint
+    app.route('/oauth', oauthRoutes);
+    // Setup OpenAPI documentation endpoints (/openapi.json and /docs)
+    setupOpenAPIRoutes(app);
+    return app;
+}
+export { createManagementHono };

package/dist/data/tools.d.ts

@@ -1,4 +1,4 @@
-import { type McpServerCapabilities, type McpTool, type McpToolDefinition, type McpToolStatus } from '@inkeep/agents-core';
+import { type McpServerCapabilities, type McpTool, type McpToolDefinition, type McpToolStatus, type CredentialStoreRegistry } from '@inkeep/agents-core';
 export declare const updateToolHealth: ({ tenantId, projectId, toolId, status, error, }: {
     tenantId: string;
     projectId: string;
@@ -10,72 +10,73 @@ export declare const updateToolHealth: ({ tenantId, projectId, toolId, status, e
     projectId: string;
     id: string;
     name: string;
+    createdAt: string;
+    updatedAt: string;
+    status: string;
     config: {
         type: "mcp";
         mcp: import("@inkeep/agents-core").ToolMcpConfig;
     };
     credentialReferenceId: string | null;
-    createdAt: string;
-    updatedAt: string;
-    status: string;
     headers: Record<string, string> | null;
     imageUrl: string | null;
     capabilities: import("@inkeep/agents-core").ToolServerCapabilities | null;
     lastHealthCheck: string | null;
     lastError: string | null;
-    availableTools: import("@inkeep/agents-core").McpToolDefinition[] | null;
+    availableTools: McpToolDefinition[] | null;
     lastToolsSync: string | null;
 }>;
-export declare const checkToolHealth: (tool: McpTool) => Promise<{
+export declare const checkToolHealth: (tool: McpTool, credentialStoreRegistry?: CredentialStoreRegistry) => Promise<{
     status: McpToolStatus;
     error?: string;
     capabilities?: McpServerCapabilities;
 }>;
-export declare const discoverToolsFromServer: (tool: McpTool) => Promise<McpToolDefinition[]>;
-export declare const syncToolDefinitions: ({ tenantId, projectId, toolId, }: {
+export declare const discoverToolsFromServer: (tool: McpTool, credentialStoreRegistry?: CredentialStoreRegistry) => Promise<McpToolDefinition[]>;
+export declare const syncToolDefinitions: ({ tenantId, projectId, toolId, credentialStoreRegistry, }: {
     tenantId: string;
     projectId: string;
     toolId: string;
+    credentialStoreRegistry?: CredentialStoreRegistry;
 }) => Promise<{
     tenantId: string;
     projectId: string;
     id: string;
     name: string;
+    createdAt: string;
+    updatedAt: string;
+    status: string;
     config: {
         type: "mcp";
         mcp: import("@inkeep/agents-core").ToolMcpConfig;
     };
     credentialReferenceId: string | null;
-    createdAt: string;
-    updatedAt: string;
-    status: string;
     headers: Record<string, string> | null;
     imageUrl: string | null;
     capabilities: import("@inkeep/agents-core").ToolServerCapabilities | null;
     lastHealthCheck: string | null;
     lastError: string | null;
-    availableTools: import("@inkeep/agents-core").McpToolDefinition[] | null;
+    availableTools: McpToolDefinition[] | null;
     lastToolsSync: string | null;
 }>;
-export declare const checkAllToolsHealth: (tenantId: string, projectId: string) => Promise<PromiseSettledResult<{
+export declare const checkAllToolsHealth: (tenantId: string, projectId: string, credentialStoreRegistry?: CredentialStoreRegistry) => Promise<PromiseSettledResult<{
     tenantId: string;
     projectId: string;
     id: string;
     name: string;
+    createdAt: string;
+    updatedAt: string;
+    status: string;
     config: {
         type: "mcp";
         mcp: import("@inkeep/agents-core").ToolMcpConfig;
     };
     credentialReferenceId: string | null;
-    createdAt: string;
-    updatedAt: string;
-    status: string;
     headers: Record<string, string> | null;
     imageUrl: string | null;
     capabilities: import("@inkeep/agents-core").ToolServerCapabilities | null;
     lastHealthCheck: string | null;
     lastError: string | null;
-    availableTools: import("@inkeep/agents-core").McpToolDefinition[] | null;
+    availableTools: McpToolDefinition[] | null;
     lastToolsSync: string | null;
 }>[]>;
 //# sourceMappingURL=tools.d.ts.map

package/dist/data/tools.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tools.d.ts","sourceRoot":"","sources":["../../src/data/tools.ts"],"names":[],"mappings":"AAIA,OAAO,EAML,KAAK,qBAAqB,EAC1B,KAAK,OAAO,EACZ,KAAK,iBAAiB,EACtB,KAAK,aAAa,EAUnB,MAAM,qBAAqB,CAAC;AAgD7B,eAAO,MAAM,gBAAgB,GAAU,iDAMpC;IACD,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,aAAa,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;;;;;;;;;;;;;;;;;;;;EAmBA,CAAC;AAEF,eAAO,MAAM,eAAe,GAC1B,MAAM,OAAO,KACZ,OAAO,CAAC;IACT,MAAM,EAAE,aAAa,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,qBAAqB,CAAC;CACtC,CAkGA,CAAC;AAGF,eAAO,MAAM,uBAAuB,GAAU,MAAM,OAAO,KAAG,OAAO,CAAC,iBAAiB,EAAE,CAoFxF,CAAC;AAEF,eAAO,MAAM,mBAAmB,GAAU,kCAIvC;IACD,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;;;;;;;;;;;;;;;;;;;;EA+CA,CAAC;AAGF,eAAO,MAAM,mBAAmB,GAAU,UAAU,MAAM,EAAE,WAAW,MAAM;;;;;;;;;;;;;;;;;;;;KAiB5E,CAAC"}
+{"version":3,"file":"tools.d.ts","sourceRoot":"","sources":["../../src/data/tools.ts"],"names":[],"mappings":"AAGA,OAAO,EAML,KAAK,qBAAqB,EAC1B,KAAK,OAAO,EACZ,KAAK,iBAAiB,EACtB,KAAK,aAAa,EAUlB,KAAK,uBAAuB,EAC7B,MAAM,qBAAqB,CAAC;AAgD7B,eAAO,MAAM,gBAAgB,GAAU,iDAMpC;IACD,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,aAAa,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;;;;;;;;;;;;;;;;;;;;EAmBA,CAAC;AAEF,eAAO,MAAM,eAAe,GAC1B,MAAM,OAAO,EACb,0BAA0B,uBAAuB,KAChD,OAAO,CAAC;IACT,MAAM,EAAE,aAAa,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,qBAAqB,CAAC;CACtC,CAqGA,CAAC;AAGF,eAAO,MAAM,uBAAuB,GAAU,MAAM,OAAO,EAAE,0BAA0B,uBAAuB,KAAG,OAAO,CAAC,iBAAiB,EAAE,CAuF3I,CAAC;AAEF,eAAO,MAAM,mBAAmB,GAAU,2DAKvC;IACD,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,uBAAuB,CAAC,EAAE,uBAAuB,CAAC;CACnD;;;;;;;;;;;;;;;;;;;;EA+CA,CAAC;AAGF,eAAO,MAAM,mBAAmB,GAAU,UAAU,MAAM,EAAE,WAAW,MAAM,EAAE,0BAA0B,uBAAuB;;;;;;;;;;;;;;;;;;;;KAiB/H,CAAC"}

package/dist/data/tools.js

@@ -1,4 +1,3 @@
-import { managementServer } from '../index.js';
 import { getLogger } from '../logger.js';
 import dbClient from './db/dbClient.js';
 import { McpClient, CredentialStuffer, getCredentialReference, updateTool, dbResultToMcpTool, listTools, getToolById, detectAuthenticationRequired, ContextResolver, } from '@inkeep/agents-core';
@@ -58,7 +57,7 @@ export const updateToolHealth = async ({ tenantId, projectId, toolId, status, er
     });
     return tool;
 };
-export const checkToolHealth = async (tool) => {
+export const checkToolHealth = async (tool, credentialStoreRegistry) => {
     try {
         const transportType = tool.config.mcp.transport?.type || 'streamable_http';
         const baseConfig = {
@@ -81,8 +80,11 @@ export const checkToolHealth = async (tool) => {
                 retrievalParams: credentialReference.retrievalParams || {},
             };
             // Use CredentialStuffer to build proper config with auth headers
-            const contextResolver = new ContextResolver(tool.tenantId, tool.projectId, dbClient, managementServer);
-            const credentialStuffer = new CredentialStuffer(managementServer, contextResolver);
+            if (!credentialStoreRegistry) {
+                throw new Error('CredentialStoreRegistry is required for authenticated tools');
+            }
+            const contextResolver = new ContextResolver(tool.tenantId, tool.projectId, dbClient, credentialStoreRegistry);
+            const credentialStuffer = new CredentialStuffer(credentialStoreRegistry, contextResolver);
             serverConfig = await credentialStuffer.buildMcpServerConfig({ tenantId: tool.tenantId, projectId: tool.projectId }, convertToMCPToolConfig(tool), storeReference);
         }
         else {
@@ -140,7 +142,7 @@ export const checkToolHealth = async (tool) => {
     }
 };
 // Tool discovery
-export const discoverToolsFromServer = async (tool) => {
+export const discoverToolsFromServer = async (tool, credentialStoreRegistry) => {
     try {
         const credentialReferenceId = tool.credentialReferenceId;
         let serverConfig;
@@ -159,8 +161,11 @@ export const discoverToolsFromServer = async (tool) => {
                 retrievalParams: credentialReference.retrievalParams || {},
             };
             // Use CredentialStuffer to build proper config with auth headers
-            const contextResolver = new ContextResolver(tool.tenantId, tool.projectId, dbClient, managementServer);
-            const credentialStuffer = new CredentialStuffer(managementServer, contextResolver);
+            if (!credentialStoreRegistry) {
+                throw new Error('CredentialStoreRegistry is required for authenticated tools');
+            }
+            const contextResolver = new ContextResolver(tool.tenantId, tool.projectId, dbClient, credentialStoreRegistry);
+            const credentialStuffer = new CredentialStuffer(credentialStoreRegistry, contextResolver);
             serverConfig = (await credentialStuffer.buildMcpServerConfig({ tenantId: tool.tenantId, projectId: tool.projectId }, convertToMCPToolConfig(tool), storeReference));
         }
         else {
@@ -207,14 +212,14 @@ export const discoverToolsFromServer = async (tool) => {
         throw error;
     }
 };
-export const syncToolDefinitions = async ({ tenantId, projectId, toolId, }) => {
+export const syncToolDefinitions = async ({ tenantId, projectId, toolId, credentialStoreRegistry, }) => {
     const tool = await getToolById(dbClient)({ scopes: { tenantId, projectId }, toolId });
     if (!tool) {
         throw new Error(`Tool ${toolId} not found`);
     }
     const mcpTool = dbResultToMcpTool(tool);
     try {
-        const availableTools = await discoverToolsFromServer(mcpTool);
+        const availableTools = await discoverToolsFromServer(mcpTool, credentialStoreRegistry);
         const updatedTool = await updateTool(dbClient)({
             scopes: { tenantId, projectId },
             toolId,
@@ -250,10 +255,10 @@ export const syncToolDefinitions = async ({ tenantId, projectId, toolId, }) => {
     }
 };
 // Bulk health checking
-export const checkAllToolsHealth = async (tenantId, projectId) => {
+export const checkAllToolsHealth = async (tenantId, projectId, credentialStoreRegistry) => {
     const toolsList = await listTools(dbClient)({ scopes: { tenantId, projectId } });
     const results = await Promise.allSettled(toolsList.data.map(async (tool) => {
-        const healthResult = await checkToolHealth(dbResultToMcpTool(tool));
+        const healthResult = await checkToolHealth(dbResultToMcpTool(tool), credentialStoreRegistry);
         return await updateToolHealth({
             tenantId,
             projectId: tool.projectId,

package/dist/env.d.ts

@@ -7,8 +7,8 @@ declare const envSchema: z.ZodObject<{
     }>>;
     ENVIRONMENT: z.ZodOptional<z.ZodEnum<{
         development: "development";
-        production: "production";
         pentest: "pentest";
+        production: "production";
         test: "test";
     }>>;
     DB_FILE_NAME: z.ZodDefault<z.ZodString>;
@@ -16,11 +16,11 @@ declare const envSchema: z.ZodObject<{
     MANAGEMENT_PORT: z.ZodDefault<z.ZodOptional<z.ZodCoercedNumber<unknown>>>;
     AGENT_BASE_URL: z.ZodOptional<z.ZodString>;
     LOG_LEVEL: z.ZodDefault<z.ZodOptional<z.ZodEnum<{
-        trace: "trace";
+        error: "error";
         debug: "debug";
         info: "info";
+        trace: "trace";
         warn: "warn";
-        error: "error";
     }>>>;
     NANGO_SECRET_KEY: z.ZodOptional<z.ZodString>;
     INKEEP_AGENTS_MANAGE_API_SECRET: z.ZodOptional<z.ZodString>;
@@ -29,9 +29,9 @@ export declare const env: {
     DB_FILE_NAME: string;
     PORT: number;
     MANAGEMENT_PORT: number;
-    LOG_LEVEL: "trace" | "debug" | "info" | "warn" | "error";
+    LOG_LEVEL: "error" | "debug" | "info" | "trace" | "warn";
     NODE_ENV?: "development" | "production" | "test" | undefined;
-    ENVIRONMENT?: "development" | "production" | "pentest" | "test" | undefined;
+    ENVIRONMENT?: "development" | "pentest" | "production" | "test" | undefined;
     AGENT_BASE_URL?: string | undefined;
     NANGO_SECRET_KEY?: string | undefined;
     INKEEP_AGENTS_MANAGE_API_SECRET?: string | undefined;

package/dist/index.d.ts

@@ -1,4 +1,20 @@
-import { ManagementServer } from './ManagementServer.js';
-export declare const MANAGEMENT_API_PORT = 3002;
-export declare const managementServer: ManagementServer;
+import { createManagementHono } from './app.js';
+import { CredentialStoreRegistry, type CredentialStore, type ServerConfig } from '@inkeep/agents-core';
+declare const app: import("@hono/zod-openapi").OpenAPIHono<{
+    Variables: {
+        serverConfig: ServerConfig;
+        credentialStores: CredentialStoreRegistry;
+    };
+}, {}, "/">;
+export default app;
+export { createManagementHono };
+export declare function createManagementApp(config?: {
+    serverConfig?: ServerConfig;
+    credentialStores?: CredentialStore[];
+}): import("@hono/zod-openapi").OpenAPIHono<{
+    Variables: {
+        serverConfig: ServerConfig;
+        credentialStores: CredentialStoreRegistry;
+    };
+}, {}, "/">;
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAUzD,eAAO,MAAM,mBAAmB,OAAO,CAAC;AAgBxC,eAAO,MAAM,gBAAgB,kBAQ3B,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,UAAU,CAAC;AAChD,OAAO,EACL,uBAAuB,EAEvB,KAAK,eAAe,EACpB,KAAK,YAAY,EAClB,MAAM,qBAAqB,CAAC;AAiB7B,QAAA,MAAM,GAAG;;;;;WAAuD,CAAC;AAGjE,eAAe,GAAG,CAAC;AAGnB,OAAO,EAAE,oBAAoB,EAAE,CAAC;AAGhC,wBAAgB,mBAAmB,CAAC,MAAM,CAAC,EAAE;IAC3C,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,gBAAgB,CAAC,EAAE,eAAe,EAAE,CAAC;CACtC;;;;;YAMA"}

package/dist/index.js

@@ -1,42 +1,27 @@
-import { ManagementServer } from './ManagementServer.js';
-import { InMemoryCredentialStore, createNangoCredentialStore, createKeyChainStore, } from '@inkeep/agents-core';
-import { env } from './env.js';
-import { getLogger } from './logger.js';
-const logger = getLogger('management-api');
-export const MANAGEMENT_API_PORT = 3002;
-// Create credential stores
-const credentialStores = [
-    new InMemoryCredentialStore('memory-default'), // In-memory store + env vars
-    // Nango store (only loads if NANGO_SECRET_KEY is set)
-    ...(process.env.NANGO_SECRET_KEY
-        ? [
-            createNangoCredentialStore('nango-default', {
-                apiUrl: process.env.NANGO_HOST || 'https://api.nango.dev',
-                secretKey: process.env.NANGO_SECRET_KEY,
-            }),
-        ]
-        : []),
-    createKeyChainStore('keychain-default'),
-];
-// Initialize Management Server
-export const managementServer = new ManagementServer({
-    port: MANAGEMENT_API_PORT,
-    credentialStores,
+import { createManagementHono } from './app.js';
+import { CredentialStoreRegistry, createDefaultCredentialStores, } from '@inkeep/agents-core';
+// Create default configuration
+const defaultConfig = {
+    port: 3002,
     serverOptions: {
-        requestTimeout: 60000, // 60 seconds
+        requestTimeout: 60000, // 60 seconds for management requests
         keepAliveTimeout: 60000,
         keepAlive: true,
     },
-});
-// Start the server only if not in test environment
-if (env.ENVIRONMENT !== 'test') {
-    managementServer
-        .serve()
-        .then(() => {
-        logger.info(`📝 OpenAPI documentation available at http://localhost:${MANAGEMENT_API_PORT}/openapi.json`);
-    })
-        .catch((error) => {
-        logger.error('Failed to start Management API server:', error);
-        process.exit(1);
-    });
+};
+// Create default credential stores
+const defaultStores = createDefaultCredentialStores();
+const defaultRegistry = new CredentialStoreRegistry(defaultStores);
+// Create default app instance for simple usage
+const app = createManagementHono(defaultConfig, defaultRegistry);
+// Export the default app for Vite dev server and simple deployments
+export default app;
+// Also export the factory function for advanced usage
+export { createManagementHono };
+// Export a helper to create app with custom credential stores
+export function createManagementApp(config) {
+    const serverConfig = config?.serverConfig ?? defaultConfig;
+    const stores = config?.credentialStores ?? defaultStores;
+    const registry = new CredentialStoreRegistry(stores);
+    return createManagementHono(serverConfig, registry);
 }

package/dist/routes/credentials.d.ts

@@ -1,4 +1,10 @@
 import { OpenAPIHono } from '@hono/zod-openapi';
-declare const app: OpenAPIHono<import("hono").Env, {}, "/">;
+import { type CredentialStoreRegistry } from '@inkeep/agents-core';
+type AppVariables = {
+    credentialStores: CredentialStoreRegistry;
+};
+declare const app: OpenAPIHono<{
+    Variables: AppVariables;
+}, {}, "/">;
 export default app;
 //# sourceMappingURL=credentials.d.ts.map

package/dist/routes/credentials.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"credentials.d.ts","sourceRoot":"","sources":["../../src/routes/credentials.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAsB7D,QAAA,MAAM,GAAG,0CAAoB,CAAC;AA8P9B,eAAe,GAAG,CAAC"}
+{"version":3,"file":"credentials.d.ts","sourceRoot":"","sources":["../../src/routes/credentials.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAC7D,OAAO,EAGL,KAAK,uBAAuB,EAC7B,MAAM,qBAAqB,CAAC;AAoB7B,KAAK,YAAY,GAAG;IAClB,gBAAgB,EAAE,uBAAuB,CAAC;CAC3C,CAAC;AAEF,QAAA,MAAM,GAAG;eAAgC,YAAY;WAAK,CAAC;AA+P3D,eAAe,GAAG,CAAC"}

package/dist/routes/credentials.js

@@ -1,6 +1,5 @@
 import { createRoute, OpenAPIHono } from '@hono/zod-openapi';
-import { commonGetErrorResponses, createApiError } from '@inkeep/agents-core';
-import { managementServer } from '../index.js';
+import { commonGetErrorResponses, createApiError, } from '@inkeep/agents-core';
 import { CredentialReferenceApiInsertSchema, CredentialReferenceApiSelectSchema, CredentialReferenceApiUpdateSchema, ErrorResponseSchema, IdParamsSchema, ListResponseSchema, PaginationQueryParamsSchema, SingleResponseSchema, TenantProjectParamsSchema, createCredentialReference, deleteCredentialReference, getCredentialReferenceById, listCredentialReferencesPaginated, updateCredentialReference, getCredentialStoreLookupKeyFromRetrievalParams, } from '@inkeep/agents-core';
 import dbClient from '../data/db/dbClient.js';
 const app = new OpenAPIHono();
@@ -184,7 +183,8 @@ app.openapi(createRoute({
             message: 'Credential not found',
         });
     }
-    const credentialStore = managementServer.getCredentialStore(credential.credentialStoreId);
+    const credentialStores = c.get('credentialStores');
+    const credentialStore = credentialStores.get(credential.credentialStoreId);
     if (credentialStore && credential.retrievalParams) {
         const lookupKey = getCredentialStoreLookupKeyFromRetrievalParams({
             retrievalParams: credential.retrievalParams,

package/dist/routes/oauth.d.ts

@@ -9,6 +9,13 @@
  * - Redirects users back to frontend
  */
 import { OpenAPIHono } from '@hono/zod-openapi';
-declare const app: OpenAPIHono<import("hono").Env, {}, "/">;
+import { type CredentialStoreRegistry, type ServerConfig } from '@inkeep/agents-core';
+type AppVariables = {
+    serverConfig: ServerConfig;
+    credentialStores: CredentialStoreRegistry;
+};
+declare const app: OpenAPIHono<{
+    Variables: AppVariables;
+}, {}, "/">;
 export default app;
 //# sourceMappingURL=oauth.d.ts.map

package/dist/routes/oauth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../../src/routes/oauth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAe,WAAW,EAAK,MAAM,mBAAmB,CAAC;AAehE,QAAA,MAAM,GAAG,0CAAoB,CAAC;AA6M9B,eAAe,GAAG,CAAC"}
+{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../../src/routes/oauth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAe,WAAW,EAAK,MAAM,mBAAmB,CAAC;AAChE,OAAO,EAOL,KAAK,uBAAuB,EAC5B,KAAK,YAAY,EAClB,MAAM,qBAAqB,CAAC;AAK7B,KAAK,YAAY,GAAG;IAClB,YAAY,EAAE,YAAY,CAAC;IAC3B,gBAAgB,EAAE,uBAAuB,CAAC;CAC3C,CAAC;AAEF,QAAA,MAAM,GAAG;eAAgC,YAAY;WAAK,CAAC;AA8M3D,eAAe,GAAG,CAAC"}

package/dist/routes/oauth.js

@@ -10,7 +10,6 @@
  */
 import { createRoute, OpenAPIHono, z } from '@hono/zod-openapi';
 import { dbResultToMcpTool, getToolById, updateTool, createCredentialReference, getCredentialReference, updateCredentialReference, } from '@inkeep/agents-core';
-import { managementServer } from '../index.js';
 import { getLogger } from '../logger.js';
 import { oauthService, retrievePKCEVerifier } from '../utils/oauth-service.js';
 import dbClient from '../data/db/dbClient.js';
@@ -93,7 +92,8 @@ app.openapi(createRoute({
         });
         logger.info({ toolId, tokenType: tokens.token_type, hasRefresh: !!tokens.refresh_token }, 'Token exchange successful');
         // Store access token in keychain
-        const keychainStore = managementServer.getCredentialStore('keychain-default');
+        const credentialStores = c.get('credentialStores');
+        const keychainStore = credentialStores.get('keychain-default');
         const keychainKey = `oauth_token_${toolId}`;
         await keychainStore?.set(keychainKey, JSON.stringify(tokens));
         const credentialId = tool.name;

package/dist/routes/tools.d.ts

@@ -1,4 +1,11 @@
 import { OpenAPIHono } from '@hono/zod-openapi';
-declare const app: OpenAPIHono<import("hono").Env, {}, "/">;
+import type { CredentialStoreRegistry, ServerConfig } from '@inkeep/agents-core';
+type AppVariables = {
+    serverConfig: ServerConfig;
+    credentialStores: CredentialStoreRegistry;
+};
+declare const app: OpenAPIHono<{
+    Variables: AppVariables;
+}, {}, "/">;
 export default app;
 //# sourceMappingURL=tools.d.ts.map

package/dist/routes/tools.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tools.d.ts","sourceRoot":"","sources":["../../src/routes/tools.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAmC7D,QAAA,MAAM,GAAG,0CAAoB,CAAC;AAioB9B,eAAe,GAAG,CAAC"}
+{"version":3,"file":"tools.d.ts","sourceRoot":"","sources":["../../src/routes/tools.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAC7D,OAAO,KAAK,EAAE,uBAAuB,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAmCjF,KAAK,YAAY,GAAG;IAClB,YAAY,EAAE,YAAY,CAAC;IAC3B,gBAAgB,EAAE,uBAAuB,CAAC;CAC3C,CAAC;AAEF,QAAA,MAAM,GAAG;eAAgC,YAAY;WAAK,CAAC;AAyoB3D,eAAe,GAAG,CAAC"}

package/dist/routes/tools.js

@@ -272,7 +272,8 @@ app.openapi(createRoute({
             message: 'Tool not found',
         });
     }
-    const healthResult = await checkToolHealth(dbResultToMcpTool(tool));
+    const credentialStores = c.get('credentialStores');
+    const healthResult = await checkToolHealth(dbResultToMcpTool(tool), credentialStores);
     const updatedTool = await updateToolHealth({
         tenantId,
         projectId,
@@ -320,7 +321,8 @@ app.openapi(createRoute({
     },
 }), async (c) => {
     const { tenantId, projectId } = c.req.valid('param');
-    const results = await checkAllToolsHealth(tenantId, projectId);
+    const credentialStores = c.get('credentialStores');
+    const results = await checkAllToolsHealth(tenantId, projectId, credentialStores);
     const summary = {
         total: results.length,
         successful: results.filter((r) => r.status === 'fulfilled').length,
@@ -375,7 +377,13 @@ app.openapi(createRoute({
             message: 'Tool not found',
         });
     }
-    const updatedTool = await syncToolDefinitions({ tenantId, projectId, toolId: id });
+    const credentialStores = c.get('credentialStores');
+    const updatedTool = await syncToolDefinitions({
+        tenantId,
+        projectId,
+        toolId: id,
+        credentialStoreRegistry: credentialStores,
+    });
     return c.json({
         data: dbResultToMcpTool(updatedTool),
         message: 'Tool definitions synchronized successfully',

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inkeep/agents-manage-api",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "Management API for Inkeep Agent Framework - handles CRUD operations and OAuth",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -9,21 +9,10 @@
     ".": "./dist/index.js"
   },
   "type": "module",
-  "scripts": {
-    "dev": "nodemon --watch src --ext ts --exec 'tsx src/index.ts'",
-    "dev:apis": "nodemon --watch src --ext ts --exec 'tsx src/index.ts'",
-    "build": "tsc",
-    "start": "node dist/index.js",
-    "test": "ENVIRONMENT=test vitest --run",
-    "test:watch": "ENVIRONMENT=test vitest",
-    "test:coverage": "ENVIRONMENT=test vitest --run --coverage",
-    "typecheck": "tsc --noEmit"
-  },
   "dependencies": {
     "@hono/node-server": "^1.14.3",
     "@hono/swagger-ui": "^0.5.1",
     "@hono/zod-openapi": "^1.0.2",
-    "@inkeep/agents-core": "workspace:*",
     "@nangohq/node": "^0.66.0",
     "@nangohq/types": "^0.66.0",
     "dotenv": "^17.2.1",
@@ -35,19 +24,22 @@
     "openid-client": "^6.6.4",
     "pino": "^9.7.0",
     "pino-pretty": "^13.0.0",
-    "zod": "^4.1.5"
+    "zod": "^4.1.5",
+    "@inkeep/agents-core": "^0.1.2"
   },
   "devDependencies": {
     "@biomejs/biome": "2.1.4",
+    "@hono/vite-dev-server": "^0.20.1",
     "@types/node": "^20.11.24",
     "@vitest/coverage-v8": "^2.0.0",
     "drizzle-kit": "^0.31.4",
     "nodemon": "^3.1.0",
     "tsx": "^4.7.1",
     "typescript": "^5.3.3",
+    "vite": "^7.1.4",
+    "vite-tsconfig-paths": "^5.1.4",
     "vitest": "^3.1.4"
   },
-  "packageManager": "pnpm@10.11.0",
   "engines": {
     "node": ">=22.0.0"
   },
@@ -64,5 +56,14 @@
     "type": "git",
     "url": "git+https://github.com/inkeep/agent-framework.git",
     "directory": "agents-manage-api"
+  },
+  "scripts": {
+    "dev": "vite",
+    "build": "tsc",
+    "start": "node dist/server.js",
+    "test": "ENVIRONMENT=test vitest --run",
+    "test:watch": "ENVIRONMENT=test vitest",
+    "test:coverage": "ENVIRONMENT=test vitest --run --coverage",
+    "typecheck": "tsc --noEmit"
   }
-}
+}