npm - @inkeep/agents-manage-api - Versions diffs - 0.36.1 → 0.37.1 - Mend

@inkeep/agents-manage-api 0.36.1 → 0.37.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/{chunk-NMRIX6IG.js → chunk-QKQOZRHG.js} +523 -267
package/dist/factory.js +1 -1
package/dist/index.js +2 -2
package/package.json +6 -2

package/dist/{chunk-NMRIX6IG.js → chunk-QKQOZRHG.js} RENAMED Viewed

@@ -1,5 +1,5 @@
 import { F, u, R, x, T, h, U, L, or, C, Vr, ce, ur, P } from './chunk-SBJLXGYG.js';
-import { loadEnvironmentFiles, getLogger, createDatabaseClient, commonGetErrorResponses, AgentListResponse, PaginationQueryParamsSchema, TenantProjectParamsSchema, listAgents, AgentResponse, TenantProjectIdParamsSchema, getAgentById, createApiError, RelatedAgentInfoListResponse, TenantProjectAgentSubAgentParamsSchema, getAgentSubAgentInfos, AgentWithinContextOfProjectResponse, TenantProjectAgentParamsSchema, getFullAgentDefinition, AgentApiInsertSchema, createAgent, generateId, AgentApiUpdateSchema, updateAgent, ErrorResponseSchema, deleteAgent, AgentWithinContextOfProjectSchema, createFullAgentServerSide, getFullAgent, updateFullAgentServerSide, deleteFullAgent, ApiKeyListResponse, listApiKeysPaginated, ApiKeyResponse, getApiKeyById, ApiKeyApiCreationResponseSchema, ApiKeyApiInsertSchema, generateApiKey, createApiKey, ApiKeyApiUpdateSchema, updateApiKey, deleteApiKey, ArtifactComponentListResponse, listArtifactComponentsPaginated, ArtifactComponentResponse, getArtifactComponentById, ArtifactComponentApiInsertSchema, validatePropsAsJsonSchema, createArtifactComponent, ArtifactComponentApiUpdateSchema, updateArtifactComponent, deleteArtifactComponent, ContextConfigListResponse, listContextConfigsPaginated, ContextConfigResponse, TenantProjectAgentIdParamsSchema, getContextConfigById, ContextConfigApiInsertSchema, createContextConfig, commonUpdateErrorResponses, ContextConfigApiUpdateSchema, updateContextConfig, commonDeleteErrorResponses, deleteContextConfig, CredentialStoreListResponseSchema, CreateCredentialInStoreResponseSchema, CreateCredentialInStoreRequestSchema, CredentialReferenceListResponse, listCredentialReferencesPaginated, ListResponseSchema, CredentialReferenceApiSelectSchema, CredentialReferenceResponse, getCredentialReferenceWithResources, CredentialReferenceApiInsertSchema, createCredentialReference, CredentialReferenceApiUpdateSchema, updateCredentialReference, getCredentialReferenceById, getCredentialStoreLookupKeyFromRetrievalParams, deleteCredentialReference, DataComponentListResponse, listDataComponentsPaginated, DataComponentResponse, getDataComponent, DataComponentApiInsertSchema, createDataComponent, DataComponentApiUpdateSchema, updateDataComponent, deleteDataComponent, ExternalAgentListResponse, listExternalAgentsPaginated, ExternalAgentResponse, getExternalAgent, ExternalAgentApiInsertSchema, createExternalAgent, ExternalAgentApiUpdateSchema, updateExternalAgent, deleteExternalAgent, FunctionListResponse, listFunctions, FunctionResponse, getFunction, FunctionApiInsertSchema, upsertFunction, FunctionApiUpdateSchema, deleteFunction, FunctionToolListResponse, listFunctionTools, FunctionToolResponse, getFunctionToolById, FunctionToolApiInsertSchema, createFunctionTool, FunctionToolApiUpdateSchema, updateFunctionTool, deleteFunctionTool, MCPCatalogListResponse, fetchComposioServers, MCPTransportType, ProjectListResponse, TenantParamsSchema, listProjectsPaginated, ProjectResponse, TenantIdParamsSchema, getProject, ProjectApiInsertSchema, createProject, ProjectApiUpdateSchema, updateProject, deleteProject, ArtifactComponentArrayResponse, getArtifactComponentsForAgent, ComponentAssociationListResponse, getAgentsUsingArtifactComponent, SubAgentArtifactComponentResponse, SubAgentArtifactComponentApiInsertSchema, getSubAgentById, isArtifactComponentAssociatedWithAgent, associateArtifactComponentWithAgent, RemovedResponseSchema, removeArtifactComponentFromAgent, ExistsResponseSchema, DataComponentArrayResponse, getDataComponentsForAgent, getAgentsUsingDataComponent, SubAgentDataComponentResponse, SubAgentDataComponentApiInsertSchema, isDataComponentAssociatedWithAgent, associateDataComponentWithAgent, removeDataComponentFromAgent, SubAgentExternalAgentRelationListResponse, listSubAgentExternalAgentRelations, SubAgentExternalAgentRelationResponse, TenantProjectAgentSubAgentIdParamsSchema, getSubAgentExternalAgentRelationById, SubAgentExternalAgentRelationApiInsertSchema, createSubAgentExternalAgentRelation, SubAgentExternalAgentRelationApiUpdateSchema, updateSubAgentExternalAgentRelation, deleteSubAgentExternalAgentRelation, SubAgentRelationListResponse, SubAgentRelationQuerySchema, getAgentRelationsBySource, getSubAgentRelationsByTarget, listAgentRelations, SubAgentRelationResponse, getAgentRelationById, SubAgentRelationApiInsertSchema, validateSubAgent, createSubAgentRelation, SubAgentRelationApiUpdateSchema, updateAgentRelation, deleteSubAgentRelation, SubAgentListResponse, listSubAgentsPaginated, SubAgentResponse, SubAgentApiInsertSchema, createSubAgent, SubAgentApiUpdateSchema, updateSubAgent, deleteSubAgent, SubAgentTeamAgentRelationListResponse, listSubAgentTeamAgentRelations, SubAgentTeamAgentRelationResponse, getSubAgentTeamAgentRelationById, SubAgentTeamAgentRelationApiInsertSchema, createSubAgentTeamAgentRelation, SubAgentTeamAgentRelationApiUpdateSchema, updateSubAgentTeamAgentRelation, deleteSubAgentTeamAgentRelation, SubAgentToolRelationListResponse, getAgentToolRelationByAgent, getAgentToolRelationByTool, listAgentToolRelations, SubAgentToolRelationResponse, getAgentToolRelationById, getAgentsForTool, SubAgentToolRelationApiInsertSchema, createAgentToolRelation, SubAgentToolRelationApiUpdateSchema, updateAgentToolRelation, deleteAgentToolRelation, ThirdPartyMCPServerResponse, fetchSingleComposioServer, McpToolListResponse, ToolStatusSchema, listTools, dbResultToMcpTool, McpToolResponse, getToolById, ToolApiInsertSchema, createTool, ToolApiUpdateSchema, updateTool, deleteTool, getPendingInvitationsByEmail, OAuthLoginQuerySchema, OAuthCallbackQuerySchema, CredentialStoreType, FullProjectDefinitionResponse, FullProjectDefinitionSchema, createFullProjectServerSide, getFullProject, updateFullProjectServerSide, deleteFullProject, getUserOrganizations, addUserToOrganization, initiateMcpOAuthFlow, exchangeMcpAuthorizationCode, handleApiError, organization, getUserByEmail, member, createDefaultCredentialStores, CredentialStoreRegistry } from '@inkeep/agents-core';
+import { loadEnvironmentFiles, getLogger, createDatabaseClient, commonGetErrorResponses, AgentListResponse, PaginationQueryParamsSchema, TenantProjectParamsSchema, listAgents, AgentResponse, TenantProjectIdParamsSchema, getAgentById, createApiError, RelatedAgentInfoListResponse, TenantProjectAgentSubAgentParamsSchema, getAgentSubAgentInfos, AgentWithinContextOfProjectResponse, TenantProjectAgentParamsSchema, getFullAgentDefinition, AgentApiInsertSchema, createAgent, generateId, AgentApiUpdateSchema, updateAgent, ErrorResponseSchema, deleteAgent, AgentWithinContextOfProjectSchema, createFullAgentServerSide, getFullAgent, updateFullAgentServerSide, deleteFullAgent, ApiKeyListResponse, listApiKeysPaginated, ApiKeyResponse, getApiKeyById, ApiKeyApiCreationResponseSchema, ApiKeyApiInsertSchema, generateApiKey, createApiKey, ApiKeyApiUpdateSchema, updateApiKey, deleteApiKey, ArtifactComponentListResponse, listArtifactComponentsPaginated, ArtifactComponentResponse, getArtifactComponentById, ArtifactComponentApiInsertSchema, validatePropsAsJsonSchema, createArtifactComponent, ArtifactComponentApiUpdateSchema, updateArtifactComponent, deleteArtifactComponent, ContextConfigListResponse, listContextConfigsPaginated, ContextConfigResponse, TenantProjectAgentIdParamsSchema, getContextConfigById, ContextConfigApiInsertSchema, createContextConfig, commonUpdateErrorResponses, ContextConfigApiUpdateSchema, updateContextConfig, commonDeleteErrorResponses, deleteContextConfig, getConversationHistory, formatMessagesForLLMContext, CredentialStoreListResponseSchema, CreateCredentialInStoreResponseSchema, CreateCredentialInStoreRequestSchema, CredentialReferenceListResponse, listCredentialReferencesPaginated, ListResponseSchema, CredentialReferenceApiSelectSchema, CredentialReferenceResponse, getCredentialReferenceWithResources, CredentialReferenceApiInsertSchema, createCredentialReference, CredentialReferenceApiUpdateSchema, updateCredentialReference, getCredentialReferenceById, getCredentialStoreLookupKeyFromRetrievalParams, deleteCredentialReference, DataComponentListResponse, listDataComponentsPaginated, DataComponentResponse, getDataComponent, DataComponentApiInsertSchema, createDataComponent, DataComponentApiUpdateSchema, updateDataComponent, deleteDataComponent, ExternalAgentListResponse, listExternalAgentsPaginated, ExternalAgentResponse, getExternalAgent, ExternalAgentApiInsertSchema, createExternalAgent, ExternalAgentApiUpdateSchema, updateExternalAgent, deleteExternalAgent, FunctionListResponse, listFunctions, FunctionResponse, getFunction, FunctionApiInsertSchema, upsertFunction, FunctionApiUpdateSchema, deleteFunction, FunctionToolListResponse, listFunctionTools, FunctionToolResponse, getFunctionToolById, FunctionToolApiInsertSchema, createFunctionTool, FunctionToolApiUpdateSchema, updateFunctionTool, deleteFunctionTool, MCPCatalogListResponse, fetchComposioServers, MCPTransportType, ProjectListResponse, TenantParamsSchema, listProjectsPaginated, ProjectResponse, TenantIdParamsSchema, getProject, ProjectApiInsertSchema, createProject, ProjectApiUpdateSchema, updateProject, deleteProject, ArtifactComponentArrayResponse, getArtifactComponentsForAgent, ComponentAssociationListResponse, getAgentsUsingArtifactComponent, SubAgentArtifactComponentResponse, SubAgentArtifactComponentApiInsertSchema, getSubAgentById, isArtifactComponentAssociatedWithAgent, associateArtifactComponentWithAgent, RemovedResponseSchema, removeArtifactComponentFromAgent, ExistsResponseSchema, DataComponentArrayResponse, getDataComponentsForAgent, getAgentsUsingDataComponent, SubAgentDataComponentResponse, SubAgentDataComponentApiInsertSchema, isDataComponentAssociatedWithAgent, associateDataComponentWithAgent, removeDataComponentFromAgent, SubAgentExternalAgentRelationListResponse, listSubAgentExternalAgentRelations, SubAgentExternalAgentRelationResponse, TenantProjectAgentSubAgentIdParamsSchema, getSubAgentExternalAgentRelationById, SubAgentExternalAgentRelationApiInsertSchema, createSubAgentExternalAgentRelation, SubAgentExternalAgentRelationApiUpdateSchema, updateSubAgentExternalAgentRelation, deleteSubAgentExternalAgentRelation, SubAgentRelationListResponse, SubAgentRelationQuerySchema, getAgentRelationsBySource, getSubAgentRelationsByTarget, listAgentRelations, SubAgentRelationResponse, getAgentRelationById, SubAgentRelationApiInsertSchema, validateSubAgent, createSubAgentRelation, SubAgentRelationApiUpdateSchema, updateAgentRelation, deleteSubAgentRelation, SubAgentListResponse, listSubAgentsPaginated, SubAgentResponse, SubAgentApiInsertSchema, createSubAgent, SubAgentApiUpdateSchema, updateSubAgent, deleteSubAgent, SubAgentIsDefaultError, SubAgentTeamAgentRelationListResponse, listSubAgentTeamAgentRelations, SubAgentTeamAgentRelationResponse, getSubAgentTeamAgentRelationById, SubAgentTeamAgentRelationApiInsertSchema, createSubAgentTeamAgentRelation, SubAgentTeamAgentRelationApiUpdateSchema, updateSubAgentTeamAgentRelation, deleteSubAgentTeamAgentRelation, SubAgentToolRelationListResponse, getAgentToolRelationByAgent, getAgentToolRelationByTool, listAgentToolRelations, SubAgentToolRelationResponse, getAgentToolRelationById, getAgentsForTool, SubAgentToolRelationApiInsertSchema, createAgentToolRelation, SubAgentToolRelationApiUpdateSchema, updateAgentToolRelation, deleteAgentToolRelation, ThirdPartyMCPServerResponse, fetchSingleComposioServer, McpToolListResponse, ToolStatusSchema, listTools, dbResultToMcpTool, McpToolResponse, getToolById, ToolApiInsertSchema, createTool, ToolApiUpdateSchema, updateTool, deleteTool, getPendingInvitationsByEmail, OAuthLoginQuerySchema, OAuthCallbackQuerySchema, CredentialStoreType, projectExists, signTempToken, FullProjectDefinitionResponse, FullProjectDefinitionSchema, createFullProjectServerSide, getFullProject, updateFullProjectServerSide, deleteFullProject, getUserOrganizations, addUserToOrganization, initiateMcpOAuthFlow, exchangeMcpAuthorizationCode, handleApiError, organization, getUserByEmail, member, createDefaultCredentialStores, CredentialStoreRegistry } from '@inkeep/agents-core';
 import { createAuth } from '@inkeep/agents-core/auth';
 import { OpenAPIHono, createRoute, z as z$1 } from '@hono/zod-openapi';
 import { Hono } from 'hono';
@@ -13,6 +13,8 @@ import * as schema from '@inkeep/agents-core/db/schema';
 import { drizzle } from 'drizzle-orm/pglite';
 import { swaggerUI } from '@hono/swagger-ui';
 import { nanoid } from 'nanoid';
+import { StreamableHTTPTransport } from '@hono/mcp';
+import { createConsoleLogger, createMCPServer } from '@inkeep/agents-manage-mcp';
 import { UserOrganizationsResponseSchema, AddUserToOrganizationResponseSchema, AddUserToOrganizationRequestSchema } from '@inkeep/agents-core/auth/validation';
 import { eq, and } from 'drizzle-orm';
 import * as client from 'openid-client';
@@ -36,7 +38,8 @@ var envSchema = z.object({
   INKEEP_AGENTS_MANAGE_UI_PASSWORD: z.string().optional().refine((val) => !val || val.length >= 8, {
     message: "Password must be at least 8 characters"
   }),
-  DISABLE_AUTH: z.string().optional().default("false").transform((val) => val === "true")
+  DISABLE_AUTH: z.string().optional().default("false").transform((val) => val === "true"),
+  INKEEP_AGENTS_TEMP_JWT_PRIVATE_KEY: z.string().optional()
 });
 var parseEnv = () => {
   try {
@@ -67,11 +70,10 @@ var apiKeyAuth = () => createMiddleware(async (c, next) => {
       logger.info({}, "Bypass secret authenticated successfully");
       await next();
       return;
-    } else {
-      throw new HTTPException(401, {
-        message: "Invalid Token"
-      });
     }
+    throw new HTTPException(401, {
+      message: "Invalid Token"
+    });
   }
   await next();
   return;
@@ -80,8 +82,9 @@ var sessionAuth = () => createMiddleware(async (c, next) => {
   try {
     const user = c.get("user");
     if (!user) {
-      throw new HTTPException(401, {
-        message: "Unauthorized - Please log in"
+      throw createApiError({
+        code: "unauthorized",
+        message: "Please log in to access this resource"
       });
     }
     c.set("userId", user.id);
@@ -91,7 +94,8 @@ var sessionAuth = () => createMiddleware(async (c, next) => {
     if (error instanceof HTTPException) {
       throw error;
     }
-    throw new HTTPException(401, {
+    throw createApiError({
+      code: "unauthorized",
       message: "Authentication failed"
     });
   }
@@ -5165,22 +5169,23 @@ var requireTenantAccess = () => createMiddleware(async (c, next) => {
   const userId = c.get("userId");
   const tenantId = c.req.param("tenantId");
   if (!userId) {
-    throw new HTTPException(401, {
-      message: "Unauthorized - User ID not found"
+    throw createApiError({
+      code: "unauthorized",
+      message: "User ID not found"
     });
   }
   if (!tenantId) {
-    throw new HTTPException(400, {
-      message: "Bad Request - Organization ID is required"
+    throw createApiError({
+      code: "bad_request",
+      message: "Organization ID is required"
     });
   }
   try {
     const userOrganizations = await getUserOrganizations(dbClient_default)(userId);
-    const organizationAccess = userOrganizations.find(
-      (org) => org.organizationId === tenantId
-    );
+    const organizationAccess = userOrganizations.find((org) => org.organizationId === tenantId);
     if (!organizationAccess) {
-      throw new HTTPException(403, {
+      throw createApiError({
+        code: "forbidden",
         message: "Access denied to this organization"
       });
     }
@@ -5191,16 +5196,17 @@ var requireTenantAccess = () => createMiddleware(async (c, next) => {
     if (error instanceof HTTPException) {
       throw error;
     }
-    throw new HTTPException(500, {
+    throw createApiError({
+      code: "internal_server_error",
       message: "Failed to verify organization access"
     });
   }
 });
-function setupOpenAPIRoutes(app26) {
-  app26.get("/openapi.json", (c) => {
+function setupOpenAPIRoutes(app29) {
+  app29.get("/openapi.json", (c) => {
     try {
       const serverUrl = process.env.VERCEL_ENV === "production" && process.env.VERCEL_PROJECT_PRODUCTION_URL ? `https://${process.env.VERCEL_PROJECT_PRODUCTION_URL}` : process.env.VERCEL_ENV === "preview" && process.env.VERCEL_URL ? `https://${process.env.VERCEL_URL}` : env.INKEEP_AGENTS_MANAGE_API_URL;
-      const document2 = app26.getOpenAPIDocument({
+      const document2 = app29.getOpenAPIDocument({
         openapi: "3.0.0",
         info: {
           title: "Inkeep Agents Manage API",
@@ -5308,6 +5314,30 @@ function setupOpenAPIRoutes(app26) {
           }
         ]
       });
+      document2.components = {
+        ...document2.components,
+        securitySchemes: {
+          ...document2.components?.securitySchemes || {},
+          cookieAuth: {
+            type: "apiKey",
+            in: "cookie",
+            name: "better-auth.session_token",
+            description: 'Session-based authentication using HTTP-only cookies. Cookies are automatically sent by browsers. For server-side requests, include cookies with names starting with "better-auth." in the Cookie header.'
+          },
+          bearerAuth: {
+            type: "http",
+            scheme: "bearer",
+            bearerFormat: "Token",
+            description: 'Bearer token authentication. Use this for API clients and service-to-service communication. Set the Authorization header to "Bearer <token>".'
+          }
+        }
+      };
+      document2.security = [
+        {
+          cookieAuth: [],
+          bearerAuth: []
+        }
+      ];
       return c.json(document2);
     } catch (error) {
       console.error("OpenAPI document generation failed:", error);
@@ -5315,7 +5345,7 @@ function setupOpenAPIRoutes(app26) {
       return c.json({ error: "Failed to generate OpenAPI document", details: errorDetails }, 500);
     }
   });
-  app26.get(
+  app29.get(
     "/docs",
     swaggerUI({
       url: "/openapi.json",
@@ -5564,15 +5594,26 @@ app.openapi(
   async (c) => {
     const { tenantId, projectId } = c.req.valid("param");
     const validatedBody = c.req.valid("json");
-    const agent = await createAgent(dbClient_default)({
-      tenantId,
-      projectId,
-      id: validatedBody.id || generateId(),
-      name: validatedBody.name,
-      defaultSubAgentId: validatedBody.defaultSubAgentId,
-      contextConfigId: validatedBody.contextConfigId ?? void 0
-    });
-    return c.json({ data: agent }, 201);
+    try {
+      const agent = await createAgent(dbClient_default)({
+        tenantId,
+        projectId,
+        id: validatedBody.id || generateId(),
+        name: validatedBody.name,
+        defaultSubAgentId: validatedBody.defaultSubAgentId,
+        contextConfigId: validatedBody.contextConfigId ?? void 0
+      });
+      return c.json({ data: agent }, 201);
+    } catch (error) {
+      if (error?.cause?.code === "23505") {
+        const agentId = validatedBody.id || "unknown";
+        throw createApiError({
+          code: "conflict",
+          message: `An agent with ID '${agentId}' already exists`
+        });
+      }
+      throw error;
+    }
   }
 );
 app.openapi(
@@ -6656,7 +6697,72 @@ app5.openapi(
 );
 var contextConfigs_default = app5;
 var app6 = new OpenAPIHono();
+var ConversationQueryParamsSchema = z.object({
+  limit: z.coerce.number().min(1).max(200).default(20).optional(),
+  includeInternal: z.coerce.boolean().default(false).optional()
+});
+var ConversationWithFormattedMessagesResponse = z.object({
+  data: z.object({
+    messages: z.array(z.any()),
+    formatted: z.object({
+      llmContext: z.string()
+    })
+  })
+}).openapi("ConversationWithFormattedMessagesResponse");
 app6.openapi(
+  createRoute({
+    method: "get",
+    path: "/{id}",
+    summary: "Get Conversation",
+    operationId: "get-conversation",
+    tags: ["Conversations"],
+    request: {
+      params: TenantProjectIdParamsSchema,
+      query: ConversationQueryParamsSchema
+    },
+    responses: {
+      200: {
+        description: "Conversation found with formatted messages for LLM use",
+        content: {
+          "application/json": {
+            schema: ConversationWithFormattedMessagesResponse
+          }
+        }
+      },
+      ...commonGetErrorResponses
+    }
+  }),
+  async (c) => {
+    const { tenantId, projectId, id } = c.req.valid("param");
+    const { limit = 20, includeInternal = true } = c.req.valid("query");
+    const messages = await getConversationHistory(dbClient_default)({
+      scopes: { tenantId, projectId },
+      conversationId: id,
+      options: {
+        limit,
+        includeInternal
+      }
+    });
+    if (!messages || messages.length === 0) {
+      throw createApiError({
+        code: "not_found",
+        message: "Conversation not found"
+      });
+    }
+    const llmContext = formatMessagesForLLMContext(messages);
+    return c.json({
+      data: {
+        messages,
+        formatted: {
+          llmContext
+        }
+      }
+    });
+  }
+);
+var conversations_default = app6;
+var app7 = new OpenAPIHono();
+app7.openapi(
   createRoute({
     method: "get",
     path: "/",
@@ -6697,7 +6803,7 @@ app6.openapi(
     });
   }
 );
-app6.openapi(
+app7.openapi(
   createRoute({
     method: "post",
     path: "/{id}/credentials",
@@ -6765,33 +6871,30 @@ app6.openapi(
     }
   }
 );
-var credentialStores_default = app6;
-var app7 = new OpenAPIHono();
-app7.use("/", async (c, next) => {
+var credentialStores_default = app7;
+var app8 = new OpenAPIHono();
+app8.use("/", async (c, next) => {
   if (c.req.method === "POST") {
-    return requirePermission({ credential: ["create"] })(
-      c,
-      next
-    );
+    return requirePermission({
+      credential: ["create"]
+    })(c, next);
   }
   return next();
 });
-app7.use("/:id", async (c, next) => {
+app8.use("/:id", async (c, next) => {
   if (c.req.method === "PATCH") {
-    return requirePermission({ credential: ["update"] })(
-      c,
-      next
-    );
+    return requirePermission({
+      credential: ["update"]
+    })(c, next);
   }
   if (c.req.method === "DELETE") {
-    return requirePermission({ credential: ["delete"] })(
-      c,
-      next
-    );
+    return requirePermission({
+      credential: ["delete"]
+    })(c, next);
   }
   return next();
 });
-app7.openapi(
+app8.openapi(
   createRoute({
     method: "get",
     path: "/",
@@ -6826,7 +6929,7 @@ app7.openapi(
     return c.json(validatedResult);
   }
 );
-app7.openapi(
+app8.openapi(
   createRoute({
     method: "get",
     path: "/{id}",
@@ -6864,7 +6967,7 @@ app7.openapi(
     return c.json({ data: validatedCredential });
   }
 );
-app7.openapi(
+app8.openapi(
   createRoute({
     method: "post",
     path: "/",
@@ -6906,7 +7009,7 @@ app7.openapi(
     return c.json({ data: validatedCredential }, 201);
   }
 );
-app7.openapi(
+app8.openapi(
   createRoute({
     method: "put",
     path: "/{id}",
@@ -6953,7 +7056,7 @@ app7.openapi(
     return c.json({ data: validatedCredential });
   }
 );
-app7.openapi(
+app8.openapi(
   createRoute({
     method: "delete",
     path: "/{id}",
@@ -7024,15 +7127,15 @@ app7.openapi(
     return c.body(null, 204);
   }
 );
-var credentials_default = app7;
-var app8 = new OpenAPIHono();
-app8.use("/", async (c, next) => {
+var credentials_default = app8;
+var app9 = new OpenAPIHono();
+app9.use("/", async (c, next) => {
   if (c.req.method === "POST") {
     return requirePermission({ data_component: ["create"] })(c, next);
   }
   return next();
 });
-app8.use("/:id", async (c, next) => {
+app9.use("/:id", async (c, next) => {
   if (c.req.method === "PATCH") {
     return requirePermission({ data_component: ["update"] })(c, next);
   }
@@ -7041,7 +7144,7 @@ app8.use("/:id", async (c, next) => {
   }
   return next();
 });
-app8.openapi(
+app9.openapi(
   createRoute({
     method: "get",
     path: "/",
@@ -7075,7 +7178,7 @@ app8.openapi(
     return c.json(result);
   }
 );
-app8.openapi(
+app9.openapi(
   createRoute({
     method: "get",
     path: "/{id}",
@@ -7112,7 +7215,7 @@ app8.openapi(
     return c.json({ data: dataComponent });
   }
 );
-app8.openapi(
+app9.openapi(
   createRoute({
     method: "post",
     path: "/",
@@ -7163,7 +7266,7 @@ app8.openapi(
     return c.json({ data: dataComponent }, 201);
   }
 );
-app8.openapi(
+app9.openapi(
   createRoute({
     method: "put",
     path: "/{id}",
@@ -7219,7 +7322,7 @@ app8.openapi(
     return c.json({ data: updatedDataComponent });
   }
 );
-app8.openapi(
+app9.openapi(
   createRoute({
     method: "delete",
     path: "/{id}",
@@ -7258,15 +7361,15 @@ app8.openapi(
     return c.body(null, 204);
   }
 );
-var dataComponents_default = app8;
-var app9 = new OpenAPIHono();
-app9.use("/", async (c, next) => {
+var dataComponents_default = app9;
+var app10 = new OpenAPIHono();
+app10.use("/", async (c, next) => {
   if (c.req.method === "POST") {
     return requirePermission({ external_agent: ["create"] })(c, next);
   }
   return next();
 });
-app9.use("/:id", async (c, next) => {
+app10.use("/:id", async (c, next) => {
   if (c.req.method === "PATCH") {
     return requirePermission({ external_agent: ["update"] })(c, next);
   }
@@ -7275,7 +7378,7 @@ app9.use("/:id", async (c, next) => {
   }
   return next();
 });
-app9.openapi(
+app10.openapi(
   createRoute({
     method: "get",
     path: "/",
@@ -7315,7 +7418,7 @@ app9.openapi(
     return c.json(dataWithType);
   }
 );
-app9.openapi(
+app10.openapi(
   createRoute({
     method: "get",
     path: "/{id}",
@@ -7356,7 +7459,7 @@ app9.openapi(
     return c.json({ data: agentWithType });
   }
 );
-app9.openapi(
+app10.openapi(
   createRoute({
     method: "post",
     path: "/",
@@ -7405,7 +7508,7 @@ app9.openapi(
     return c.json({ data: agentWithType }, 201);
   }
 );
-app9.openapi(
+app10.openapi(
   createRoute({
     method: "put",
     path: "/{id}",
@@ -7455,7 +7558,7 @@ app9.openapi(
     return c.json({ data: agentWithType });
   }
 );
-app9.openapi(
+app10.openapi(
   createRoute({
     method: "delete",
     path: "/{id}",
@@ -7494,16 +7597,16 @@ app9.openapi(
     return c.body(null, 204);
   }
 );
-var externalAgents_default = app9;
+var externalAgents_default = app10;
 var logger3 = getLogger("functions");
-var app10 = new OpenAPIHono();
-app10.use("/", async (c, next) => {
+var app11 = new OpenAPIHono();
+app11.use("/", async (c, next) => {
   if (c.req.method === "POST") {
     return requirePermission({ function: ["create"] })(c, next);
   }
   return next();
 });
-app10.use("/:id", async (c, next) => {
+app11.use("/:id", async (c, next) => {
   if (c.req.method === "PUT") {
     return requirePermission({ function: ["update"] })(c, next);
   }
@@ -7512,7 +7615,7 @@ app10.use("/:id", async (c, next) => {
   }
   return next();
 });
-app10.openapi(
+app11.openapi(
   createRoute({
     method: "get",
     path: "/",
@@ -7557,7 +7660,7 @@ app10.openapi(
     }
   }
 );
-app10.openapi(
+app11.openapi(
   createRoute({
     method: "get",
     path: "/{id}",
@@ -7602,7 +7705,7 @@ app10.openapi(
     }
   }
 );
-app10.openapi(
+app11.openapi(
   createRoute({
     method: "post",
     path: "/",
@@ -7658,7 +7761,7 @@ app10.openapi(
     }
   }
 );
-app10.openapi(
+app11.openapi(
   createRoute({
     method: "put",
     path: "/{id}",
@@ -7724,7 +7827,7 @@ app10.openapi(
     }
   }
 );
-app10.openapi(
+app11.openapi(
   createRoute({
     method: "delete",
     path: "/{id}",
@@ -7769,16 +7872,16 @@ app10.openapi(
     }
   }
 );
-var functions_default = app10;
+var functions_default = app11;
 var logger4 = getLogger("functionTools");
-var app11 = new OpenAPIHono();
-app11.use("/", async (c, next) => {
+var app12 = new OpenAPIHono();
+app12.use("/", async (c, next) => {
   if (c.req.method === "POST") {
     return requirePermission({ function: ["create"] })(c, next);
   }
   return next();
 });
-app11.use("/:id", async (c, next) => {
+app12.use("/:id", async (c, next) => {
   if (c.req.method === "PUT") {
     return requirePermission({ function: ["update"] })(c, next);
   }
@@ -7787,7 +7890,7 @@ app11.use("/:id", async (c, next) => {
   }
   return next();
 });
-app11.openapi(
+app12.openapi(
   createRoute({
     method: "get",
     path: "/",
@@ -7828,7 +7931,7 @@ app11.openapi(
     }
   }
 );
-app11.openapi(
+app12.openapi(
   createRoute({
     method: "get",
     path: "/{id}",
@@ -7873,7 +7976,7 @@ app11.openapi(
     }
   }
 );
-app11.openapi(
+app12.openapi(
   createRoute({
     method: "post",
     path: "/",
@@ -7927,7 +8030,7 @@ app11.openapi(
     }
   }
 );
-app11.openapi(
+app12.openapi(
   createRoute({
     method: "put",
     path: "/{id}",
@@ -7987,7 +8090,7 @@ app11.openapi(
     }
   }
 );
-app11.openapi(
+app12.openapi(
   createRoute({
     method: "delete",
     path: "/{id}",
@@ -8030,8 +8133,8 @@ app11.openapi(
     }
   }
 );
-var functionTools_default = app11;
-var app12 = new OpenAPIHono();
+var functionTools_default = app12;
+var app13 = new OpenAPIHono();
 var PREBUILT_MCP_SERVERS = [
   {
     id: "apify",
@@ -8453,7 +8556,7 @@ var PREBUILT_MCP_SERVERS = [
     description: "AI-powered content creation"
   }
 ];
-app12.openapi(
+app13.openapi(
   createRoute({
     method: "get",
     path: "/",
@@ -8488,15 +8591,15 @@ app12.openapi(
     });
   }
 );
-var mcpCatalog_default = app12;
-var app13 = new OpenAPIHono();
-app13.use("/", async (c, next) => {
+var mcpCatalog_default = app13;
+var app14 = new OpenAPIHono();
+app14.use("/", async (c, next) => {
   if (c.req.method === "POST") {
     return requirePermission({ project: ["create"] })(c, next);
   }
   return next();
 });
-app13.use("/:id", async (c, next) => {
+app14.use("/:id", async (c, next) => {
   if (c.req.method === "PATCH") {
     return requirePermission({ project: ["update"] })(c, next);
   }
@@ -8505,7 +8608,7 @@ app13.use("/:id", async (c, next) => {
   }
   return next();
 });
-app13.openapi(
+app14.openapi(
   createRoute({
     method: "get",
     path: "/",
@@ -8540,7 +8643,7 @@ app13.openapi(
     return c.json(result);
   }
 );
-app13.openapi(
+app14.openapi(
   createRoute({
     method: "get",
     path: "/{id}",
@@ -8575,7 +8678,7 @@ app13.openapi(
     return c.json({ data: project });
   }
 );
-app13.openapi(
+app14.openapi(
   createRoute({
     method: "post",
     path: "/",
@@ -8633,7 +8736,7 @@ app13.openapi(
     }
   }
 );
-app13.openapi(
+app14.openapi(
   createRoute({
     method: "patch",
     path: "/{id}",
@@ -8679,7 +8782,7 @@ app13.openapi(
     return c.json({ data: project });
   }
 );
-app13.openapi(
+app14.openapi(
   createRoute({
     method: "delete",
     path: "/{id}",
@@ -8729,21 +8832,21 @@ app13.openapi(
     }
   }
 );
-var projects_default = app13;
-var app14 = new OpenAPIHono();
-app14.use("/", async (c, next) => {
+var projects_default = app14;
+var app15 = new OpenAPIHono();
+app15.use("/", async (c, next) => {
   if (c.req.method === "POST") {
     return requirePermission({ sub_agent: ["create"] })(c, next);
   }
   return next();
 });
-app14.use("/agent/:subAgentId/component/:artifactComponentId", async (c, next) => {
+app15.use("/agent/:subAgentId/component/:artifactComponentId", async (c, next) => {
   if (c.req.method === "DELETE") {
     return requirePermission({ sub_agent: ["delete"] })(c, next);
   }
   return next();
 });
-app14.openapi(
+app15.openapi(
   createRoute({
     method: "get",
     path: "/agent/{subAgentId}",
@@ -8775,7 +8878,7 @@ app14.openapi(
     });
   }
 );
-app14.openapi(
+app15.openapi(
   createRoute({
     method: "get",
     path: "/component/{artifactComponentId}/agents",
@@ -8808,7 +8911,7 @@ app14.openapi(
     return c.json({ data: agents });
   }
 );
-app14.openapi(
+app15.openapi(
   createRoute({
     method: "post",
     path: "/",
@@ -8885,7 +8988,7 @@ app14.openapi(
     return c.json({ data: association }, 201);
   }
 );
-app14.openapi(
+app15.openapi(
   createRoute({
     method: "delete",
     path: "/agent/{subAgentId}/component/{artifactComponentId}",
@@ -8927,7 +9030,7 @@ app14.openapi(
     });
   }
 );
-app14.openapi(
+app15.openapi(
   createRoute({
     method: "get",
     path: "/agent/{subAgentId}/component/{artifactComponentId}/exists",
@@ -8960,21 +9063,21 @@ app14.openapi(
     return c.json({ exists });
   }
 );
-var subAgentArtifactComponents_default = app14;
-var app15 = new OpenAPIHono();
-app15.use("/", async (c, next) => {
+var subAgentArtifactComponents_default = app15;
+var app16 = new OpenAPIHono();
+app16.use("/", async (c, next) => {
   if (c.req.method === "POST") {
     return requirePermission({ sub_agent: ["create"] })(c, next);
   }
   return next();
 });
-app15.use("/agent/:subAgentId/component/:dataComponentId", async (c, next) => {
+app16.use("/agent/:subAgentId/component/:dataComponentId", async (c, next) => {
   if (c.req.method === "DELETE") {
     return requirePermission({ sub_agent: ["delete"] })(c, next);
   }
   return next();
 });
-app15.openapi(
+app16.openapi(
   createRoute({
     method: "get",
     path: "/agent/{subAgentId}",
@@ -9004,7 +9107,7 @@ app15.openapi(
     return c.json({ data: dataComponents });
   }
 );
-app15.openapi(
+app16.openapi(
   createRoute({
     method: "get",
     path: "/component/{dataComponentId}/agents",
@@ -9037,7 +9140,7 @@ app15.openapi(
     return c.json({ data: agents });
   }
 );
-app15.openapi(
+app16.openapi(
   createRoute({
     method: "post",
     path: "/",
@@ -9110,7 +9213,7 @@ app15.openapi(
     return c.json({ data: association }, 201);
   }
 );
-app15.openapi(
+app16.openapi(
   createRoute({
     method: "delete",
     path: "/agent/{subAgentId}/component/{dataComponentId}",
@@ -9152,7 +9255,7 @@ app15.openapi(
     });
   }
 );
-app15.openapi(
+app16.openapi(
   createRoute({
     method: "get",
     path: "/agent/{subAgentId}/component/{dataComponentId}/exists",
@@ -9185,15 +9288,15 @@ app15.openapi(
     return c.json({ exists });
   }
 );
-var subAgentDataComponents_default = app15;
-var app16 = new OpenAPIHono();
-app16.use("/", async (c, next) => {
+var subAgentDataComponents_default = app16;
+var app17 = new OpenAPIHono();
+app17.use("/", async (c, next) => {
   if (c.req.method === "POST") {
     return requirePermission({ sub_agent: ["create"] })(c, next);
   }
   return next();
 });
-app16.use("/:id", async (c, next) => {
+app17.use("/:id", async (c, next) => {
   if (c.req.method === "PUT") {
     return requirePermission({ sub_agent: ["update"] })(c, next);
   }
@@ -9202,7 +9305,7 @@ app16.use("/:id", async (c, next) => {
   }
   return next();
 });
-app16.openapi(
+app17.openapi(
   createRoute({
     method: "get",
     path: "/",
@@ -9244,7 +9347,7 @@ app16.openapi(
     }
   }
 );
-app16.openapi(
+app17.openapi(
   createRoute({
     method: "get",
     path: "/{id}",
@@ -9281,7 +9384,7 @@ app16.openapi(
     return c.json({ data: relation });
   }
 );
-app16.openapi(
+app17.openapi(
   createRoute({
     method: "post",
     path: "/",
@@ -9337,7 +9440,7 @@ app16.openapi(
     return c.json({ data: relation }, 201);
   }
 );
-app16.openapi(
+app17.openapi(
   createRoute({
     method: "put",
     path: "/{id}",
@@ -9383,7 +9486,7 @@ app16.openapi(
     return c.json({ data: updatedRelation });
   }
 );
-app16.openapi(
+app17.openapi(
   createRoute({
     method: "delete",
     path: "/{id}",
@@ -9422,15 +9525,15 @@ app16.openapi(
     return c.body(null, 204);
   }
 );
-var subAgentExternalAgentRelations_default = app16;
-var app17 = new OpenAPIHono();
-app17.use("/", async (c, next) => {
+var subAgentExternalAgentRelations_default = app17;
+var app18 = new OpenAPIHono();
+app18.use("/", async (c, next) => {
   if (c.req.method === "POST") {
     return requirePermission({ sub_agent: ["create"] })(c, next);
   }
   return next();
 });
-app17.use("/:id", async (c, next) => {
+app18.use("/:id", async (c, next) => {
   if (c.req.method === "PUT") {
     return requirePermission({ sub_agent: ["update"] })(c, next);
   }
@@ -9439,7 +9542,7 @@ app17.use("/:id", async (c, next) => {
   }
   return next();
 });
-app17.openapi(
+app18.openapi(
   createRoute({
     method: "get",
     path: "/",
@@ -9499,7 +9602,7 @@ app17.openapi(
     }
   }
 );
-app17.openapi(
+app18.openapi(
   createRoute({
     method: "get",
     path: "/{id}",
@@ -9536,7 +9639,7 @@ app17.openapi(
     return c.json({ data: agentRelation });
   }
 );
-app17.openapi(
+app18.openapi(
   createRoute({
     method: "post",
     path: "/",
@@ -9610,7 +9713,7 @@ app17.openapi(
     return c.json({ data: agentRelation }, 201);
   }
 );
-app17.openapi(
+app18.openapi(
   createRoute({
     method: "put",
     path: "/{id}",
@@ -9656,7 +9759,7 @@ app17.openapi(
     return c.json({ data: updatedAgentRelation });
   }
 );
-app17.openapi(
+app18.openapi(
   createRoute({
     method: "delete",
     path: "/{id}",
@@ -9695,15 +9798,15 @@ app17.openapi(
     return c.body(null, 204);
   }
 );
-var subAgentRelations_default = app17;
-var app18 = new OpenAPIHono();
-app18.use("/", async (c, next) => {
+var subAgentRelations_default = app18;
+var app19 = new OpenAPIHono();
+app19.use("/", async (c, next) => {
   if (c.req.method === "POST") {
     return requirePermission({ sub_agent: ["create"] })(c, next);
   }
   return next();
 });
-app18.use("/:id", async (c, next) => {
+app19.use("/:id", async (c, next) => {
   if (c.req.method === "PUT") {
     return requirePermission({ sub_agent: ["update"] })(c, next);
   }
@@ -9712,7 +9815,7 @@ app18.use("/:id", async (c, next) => {
   }
   return next();
 });
-app18.openapi(
+app19.openapi(
   createRoute({
     method: "get",
     path: "/",
@@ -9753,7 +9856,7 @@ app18.openapi(
     return c.json(dataWithType);
   }
 );
-app18.openapi(
+app19.openapi(
   createRoute({
     method: "get",
     path: "/{id}",
@@ -9794,7 +9897,7 @@ app18.openapi(
     return c.json({ data: subAgentWithType });
   }
 );
-app18.openapi(
+app19.openapi(
   createRoute({
     method: "post",
     path: "/",
@@ -9841,7 +9944,7 @@ app18.openapi(
     return c.json({ data: subAgentWithType }, 201);
   }
 );
-app18.openapi(
+app19.openapi(
   createRoute({
     method: "put",
     path: "/{id}",
@@ -9891,7 +9994,7 @@ app18.openapi(
     return c.json({ data: subAgentWithType });
   }
 );
-app18.openapi(
+app19.openapi(
   createRoute({
     method: "delete",
     path: "/{id}",
@@ -9912,33 +10015,51 @@ app18.openapi(
             schema: ErrorResponseSchema
           }
         }
+      },
+      409: {
+        description: "SubAgent is set as default and cannot be deleted",
+        content: {
+          "application/json": {
+            schema: ErrorResponseSchema
+          }
+        }
       }
     }
   }),
   async (c) => {
     const { tenantId, projectId, agentId, id } = c.req.valid("param");
-    const deleted = await deleteSubAgent(dbClient_default)({
-      scopes: { tenantId, projectId, agentId },
-      subAgentId: id
-    });
-    if (!deleted) {
-      throw createApiError({
-        code: "not_found",
-        message: "SubAgent not found"
+    try {
+      const deleted = await deleteSubAgent(dbClient_default)({
+        scopes: { tenantId, projectId, agentId },
+        subAgentId: id
       });
+      if (!deleted) {
+        throw createApiError({
+          code: "not_found",
+          message: "SubAgent not found"
+        });
+      }
+      return c.body(null, 204);
+    } catch (error) {
+      if (error instanceof SubAgentIsDefaultError) {
+        throw createApiError({
+          code: "conflict",
+          message: error.message
+        });
+      }
+      throw error;
     }
-    return c.body(null, 204);
   }
 );
-var subAgents_default = app18;
-var app19 = new OpenAPIHono();
-app19.use("/", async (c, next) => {
+var subAgents_default = app19;
+var app20 = new OpenAPIHono();
+app20.use("/", async (c, next) => {
   if (c.req.method === "POST") {
     return requirePermission({ sub_agent: ["create"] })(c, next);
   }
   return next();
 });
-app19.use("/:id", async (c, next) => {
+app20.use("/:id", async (c, next) => {
   if (c.req.method === "PUT") {
     return requirePermission({ sub_agent: ["update"] })(c, next);
   }
@@ -9947,7 +10068,7 @@ app19.use("/:id", async (c, next) => {
   }
   return next();
 });
-app19.openapi(
+app20.openapi(
   createRoute({
     method: "get",
     path: "/",
@@ -9989,7 +10110,7 @@ app19.openapi(
     }
   }
 );
-app19.openapi(
+app20.openapi(
   createRoute({
     method: "get",
     path: "/{id}",
@@ -10026,7 +10147,7 @@ app19.openapi(
     return c.json({ data: relation });
   }
 );
-app19.openapi(
+app20.openapi(
   createRoute({
     method: "post",
     path: "/",
@@ -10082,7 +10203,7 @@ app19.openapi(
     return c.json({ data: relation }, 201);
   }
 );
-app19.openapi(
+app20.openapi(
   createRoute({
     method: "put",
     path: "/{id}",
@@ -10128,7 +10249,7 @@ app19.openapi(
     return c.json({ data: updatedRelation });
   }
 );
-app19.openapi(
+app20.openapi(
   createRoute({
     method: "delete",
     path: "/{id}",
@@ -10167,15 +10288,15 @@ app19.openapi(
     return c.body(null, 204);
   }
 );
-var subAgentTeamAgentRelations_default = app19;
-var app20 = new OpenAPIHono();
-app20.use("/", async (c, next) => {
+var subAgentTeamAgentRelations_default = app20;
+var app21 = new OpenAPIHono();
+app21.use("/", async (c, next) => {
   if (c.req.method === "POST") {
     return requirePermission({ sub_agent: ["create"] })(c, next);
   }
   return next();
 });
-app20.use("/:id", async (c, next) => {
+app21.use("/:id", async (c, next) => {
   if (c.req.method === "PUT") {
     return requirePermission({ sub_agent: ["update"] })(c, next);
   }
@@ -10184,7 +10305,7 @@ app20.use("/:id", async (c, next) => {
   }
   return next();
 });
-app20.openapi(
+app21.openapi(
   createRoute({
     method: "get",
     path: "/",
@@ -10246,7 +10367,7 @@ app20.openapi(
     return c.json(result);
   }
 );
-app20.openapi(
+app21.openapi(
   createRoute({
     method: "get",
     path: "/{id}",
@@ -10283,7 +10404,7 @@ app20.openapi(
     return c.json({ data: agentToolRelation });
   }
 );
-app20.openapi(
+app21.openapi(
   createRoute({
     method: "get",
     path: "/tool/{toolId}/sub-agents",
@@ -10319,7 +10440,7 @@ app20.openapi(
     return c.json(dbResult);
   }
 );
-app20.openapi(
+app21.openapi(
   createRoute({
     method: "post",
     path: "/",
@@ -10382,7 +10503,7 @@ app20.openapi(
     }
   }
 );
-app20.openapi(
+app21.openapi(
   createRoute({
     method: "put",
     path: "/{id}",
@@ -10434,7 +10555,7 @@ app20.openapi(
     return c.json({ data: updatedAgentToolRelation });
   }
 );
-app20.openapi(
+app21.openapi(
   createRoute({
     method: "delete",
     path: "/{id}",
@@ -10473,12 +10594,12 @@ app20.openapi(
     return c.body(null, 204);
   }
 );
-var subAgentToolRelations_default = app20;
-var app21 = new OpenAPIHono();
+var subAgentToolRelations_default = app21;
+var app22 = new OpenAPIHono();
 var ThirdPartyMCPServerBodySchema = z.object({
   url: z.url().describe("The MCP server URL to fetch details for")
 });
-app21.openapi(
+app22.openapi(
   createRoute({
     method: "post",
     path: "/",
@@ -10517,10 +10638,10 @@ app21.openapi(
     });
   }
 );
-var thirdPartyMCPServers_default = app21;
+var thirdPartyMCPServers_default = app22;
 var logger5 = getLogger("tools");
-var app22 = new OpenAPIHono();
-app22.use("/", async (c, next) => {
+var app23 = new OpenAPIHono();
+app23.use("/", async (c, next) => {
   if (c.req.method === "POST") {
     return requirePermission({ tool: ["create"] })(
       c,
@@ -10529,7 +10650,7 @@ app22.use("/", async (c, next) => {
   }
   return next();
 });
-app22.use("/:id", async (c, next) => {
+app23.use("/:id", async (c, next) => {
   if (c.req.method === "PUT") {
     return requirePermission({ tool: ["update"] })(
       c,
@@ -10544,7 +10665,7 @@ app22.use("/:id", async (c, next) => {
   }
   return next();
 });
-app22.openapi(
+app23.openapi(
   createRoute({
     method: "get",
     path: "/",
@@ -10604,7 +10725,7 @@ app22.openapi(
     return c.json(result);
   }
 );
-app22.openapi(
+app23.openapi(
   createRoute({
     method: "get",
     path: "/{id}",
@@ -10641,7 +10762,7 @@ app22.openapi(
     });
   }
 );
-app22.openapi(
+app23.openapi(
   createRoute({
     method: "post",
     path: "/",
@@ -10694,7 +10815,7 @@ app22.openapi(
     );
   }
 );
-app22.openapi(
+app23.openapi(
   createRoute({
     method: "put",
     path: "/{id}",
@@ -10755,7 +10876,7 @@ app22.openapi(
     });
   }
 );
-app22.openapi(
+app23.openapi(
   createRoute({
     method: "delete",
     path: "/{id}",
@@ -10784,48 +10905,49 @@ app22.openapi(
     return c.body(null, 204);
   }
 );
-var tools_default = app22;
+var tools_default = app23;
 // src/routes/index.ts
-var app23 = new OpenAPIHono();
-app23.route("/projects", projects_default);
-app23.route("/projects/:projectId/agents/:agentId/sub-agents", subAgents_default);
-app23.route("/projects/:projectId/agents/:agentId/sub-agent-relations", subAgentRelations_default);
-app23.route(
+var app24 = new OpenAPIHono();
+app24.route("/projects", projects_default);
+app24.route("/projects/:projectId/agents/:agentId/sub-agents", subAgents_default);
+app24.route("/projects/:projectId/agents/:agentId/sub-agent-relations", subAgentRelations_default);
+app24.route(
   "/projects/:projectId/agents/:agentId/sub-agents/:subAgentId/external-agent-relations",
   subAgentExternalAgentRelations_default
 );
-app23.route(
+app24.route(
   "/projects/:projectId/agents/:agentId/sub-agents/:subAgentId/team-agent-relations",
   subAgentTeamAgentRelations_default
 );
-app23.route("/projects/:projectId/agents", agent_default);
-app23.route(
+app24.route("/projects/:projectId/agents", agent_default);
+app24.route(
   "/projects/:projectId/agents/:agentId/sub-agent-tool-relations",
   subAgentToolRelations_default
 );
-app23.route(
+app24.route(
   "/projects/:projectId/agents/:agentId/sub-agent-artifact-components",
   subAgentArtifactComponents_default
 );
-app23.route(
+app24.route(
   "/projects/:projectId/agents/:agentId/sub-agent-data-components",
   subAgentDataComponents_default
 );
-app23.route("/projects/:projectId/artifact-components", artifactComponents_default);
-app23.route("/projects/:projectId/agents/:agentId/context-configs", contextConfigs_default);
-app23.route("/projects/:projectId/credentials", credentials_default);
-app23.route("/projects/:projectId/credential-stores", credentialStores_default);
-app23.route("/projects/:projectId/data-components", dataComponents_default);
-app23.route("/projects/:projectId/external-agents", externalAgents_default);
-app23.route("/projects/:projectId/agents/:agentId/function-tools", functionTools_default);
-app23.route("/projects/:projectId/functions", functions_default);
-app23.route("/projects/:projectId/tools", tools_default);
-app23.route("/projects/:projectId/api-keys", apiKeys_default);
-app23.route("/projects/:projectId/agent", agentFull_default);
-app23.route("/projects/:projectId/mcp-catalog", mcpCatalog_default);
-app23.route("/projects/:projectId/third-party-mcp-servers", thirdPartyMCPServers_default);
-var routes_default = app23;
+app24.route("/projects/:projectId/artifact-components", artifactComponents_default);
+app24.route("/projects/:projectId/agents/:agentId/context-configs", contextConfigs_default);
+app24.route("/projects/:projectId/conversations", conversations_default);
+app24.route("/projects/:projectId/credentials", credentials_default);
+app24.route("/projects/:projectId/credential-stores", credentialStores_default);
+app24.route("/projects/:projectId/data-components", dataComponents_default);
+app24.route("/projects/:projectId/external-agents", externalAgents_default);
+app24.route("/projects/:projectId/agents/:agentId/function-tools", functionTools_default);
+app24.route("/projects/:projectId/functions", functions_default);
+app24.route("/projects/:projectId/tools", tools_default);
+app24.route("/projects/:projectId/api-keys", apiKeys_default);
+app24.route("/projects/:projectId/agent", agentFull_default);
+app24.route("/projects/:projectId/mcp-catalog", mcpCatalog_default);
+app24.route("/projects/:projectId/third-party-mcp-servers", thirdPartyMCPServers_default);
+var routes_default = app24;
 var invitationsRoutes = new OpenAPIHono();
 var PendingInvitationSchema = z$1.object({
   id: z$1.string(),
@@ -10873,6 +10995,17 @@ invitationsRoutes.openapi(
   }
 );
 var invitations_default = invitationsRoutes;
+var app25 = new Hono();
+app25.all("/", async (c) => {
+  const transport = new StreamableHTTPTransport();
+  const noOpLogger = createConsoleLogger("error");
+  const mcpServer = createMCPServer({
+    logger: noOpLogger
+  });
+  await mcpServer.connect(transport);
+  return transport.handleRequest(c);
+});
+var mcp_default = app25;
 var logger6 = getLogger("oauth-service");
 var pkceStore = /* @__PURE__ */ new Map();
 function storePKCEVerifier(state, codeVerifier, toolId, tenantId, projectId, clientInformation, metadata2, resourceUrl) {
@@ -11010,7 +11143,7 @@ async function findOrCreateCredential(tenantId, projectId, credentialData) {
     throw new Error(`Failed to save credential '${credentialData.id}' to database`);
   }
 }
-var app24 = new OpenAPIHono();
+var app26 = new OpenAPIHono();
 var logger7 = getLogger("oauth-callback");
 function getBaseUrlFromRequest(c) {
   const url = new URL(c.req.url);
@@ -11086,7 +11219,7 @@ function generateOAuthCallbackPage(params) {
     </html>
   `;
 }
-app24.openapi(
+app26.openapi(
   createRoute({
     method: "get",
     path: "/login",
@@ -11151,7 +11284,7 @@ app24.openapi(
     }
   }
 );
-app24.openapi(
+app26.openapi(
   createRoute({
     method: "get",
     path: "/callback",
@@ -11294,16 +11427,119 @@ app24.openapi(
     }
   }
 );
-var oauth_default = app24;
-var logger8 = getLogger("projectFull");
-var app25 = new OpenAPIHono();
-app25.use("/project-full", async (c, next) => {
+var oauth_default = app26;
+var logger8 = getLogger("playgroundToken");
+var app27 = new OpenAPIHono();
+app27.use("/", requirePermission({ agent: ["create"] }));
+var PlaygroundTokenRequestSchema = z$1.object({
+  projectId: z$1.string(),
+  agentId: z$1.string()
+});
+var PlaygroundTokenResponseSchema = z$1.object({
+  apiKey: z$1.string().describe("Temporary API key for playground use"),
+  expiresAt: z$1.string().describe("ISO 8601 timestamp when the key expires")
+});
+app27.openapi(
+  createRoute({
+    method: "post",
+    path: "/",
+    summary: "Generate temporary API key for playground",
+    operationId: "create-playground-token",
+    tags: ["Playground"],
+    description: "Generates a short-lived API key (1 hour expiry) for authenticated users to access the run-api from the playground",
+    security: [{ cookieAuth: [] }],
+    request: {
+      body: {
+        content: {
+          "application/json": {
+            schema: PlaygroundTokenRequestSchema
+          }
+        }
+      }
+    },
+    responses: {
+      200: {
+        description: "Temporary API key generated successfully",
+        content: {
+          "application/json": {
+            schema: PlaygroundTokenResponseSchema
+          }
+        }
+      },
+      401: {
+        description: "Unauthorized - session required",
+        content: {
+          "application/json": {
+            schema: ErrorResponseSchema
+          }
+        }
+      }
+    }
+  }),
+  async (c) => {
+    const userId = c.get("userId");
+    const tenantId = c.get("tenantId");
+    const { projectId, agentId } = c.req.valid("json");
+    logger8.info(
+      { userId, tenantId, projectId, agentId },
+      "Generating temporary JWT token for playground"
+    );
+    const projectExistsCheck = await projectExists(dbClient_default)({ tenantId, projectId });
+    if (!projectExistsCheck) {
+      logger8.warn({ userId, tenantId, projectId }, "Project not found or access denied");
+      throw createApiError({
+        code: "not_found",
+        message: "Project not found"
+      });
+    }
+    const agent = await getAgentById(dbClient_default)({ scopes: { tenantId, projectId, agentId } });
+    if (!agent) {
+      logger8.warn({ userId, tenantId, projectId, agentId }, "Agent not found or access denied");
+      throw createApiError({
+        code: "not_found",
+        message: "Agent not found"
+      });
+    }
+    if (!env.INKEEP_AGENTS_TEMP_JWT_PRIVATE_KEY) {
+      throw createApiError({
+        code: "internal_server_error",
+        message: "Temporary token signing not configured"
+      });
+    }
+    const privateKeyPem = Buffer.from(env.INKEEP_AGENTS_TEMP_JWT_PRIVATE_KEY, "base64").toString(
+      "utf-8"
+    );
+    const result = await signTempToken(
+      privateKeyPem,
+      {
+        tenantId,
+        projectId,
+        agentId,
+        type: "temporary",
+        initiatedBy: { type: "user", id: userId }
+      },
+      userId
+    );
+    logger8.info({ userId, expiresAt: result.expiresAt }, "Temporary JWT token generated");
+    return c.json(
+      {
+        apiKey: result.token,
+        expiresAt: result.expiresAt
+      },
+      200
+    );
+  }
+);
+var playgroundToken_default = app27;
+var logger9 = getLogger("projectFull");
+var app28 = new OpenAPIHono();
+app28.use("/project-full", async (c, next) => {
   if (c.req.method === "POST") {
     return requirePermission({ project: ["create"] })(c, next);
   }
   return next();
 });
-app25.use("/project-full/:projectId", async (c, next) => {
+app28.use("/project-full/:projectId", async (c, next) => {
   if (c.req.method === "PUT") {
     return requirePermission({ project: ["update"] })(c, next);
   }
@@ -11312,7 +11548,7 @@ app25.use("/project-full/:projectId", async (c, next) => {
   }
   return next();
 });
-app25.openapi(
+app28.openapi(
   createRoute({
     method: "post",
     path: "/project-full",
@@ -11355,13 +11591,13 @@ app25.openapi(
     const projectData = c.req.valid("json");
     const validatedProjectData = FullProjectDefinitionSchema.parse(projectData);
     try {
-      const createdProject = await createFullProjectServerSide(dbClient_default, logger8)(
+      const createdProject = await createFullProjectServerSide(dbClient_default, logger9)(
         { tenantId, projectId: validatedProjectData.id },
         validatedProjectData
       );
       return c.json({ data: createdProject }, 201);
     } catch (error) {
-      logger8.error({ error }, "Error creating project");
+      logger9.error({ error }, "Error creating project");
       if (error?.cause?.code === "23505") {
         throw createApiError({
           code: "conflict",
@@ -11372,7 +11608,7 @@ app25.openapi(
     }
   }
 );
-app25.openapi(
+app28.openapi(
   createRoute({
     method: "get",
     path: "/project-full/{projectId}",
@@ -11400,7 +11636,7 @@ app25.openapi(
     try {
       const project = await getFullProject(
         dbClient_default,
-        logger8
+        logger9
       )({
         scopes: { tenantId, projectId }
       });
@@ -11425,7 +11661,7 @@ app25.openapi(
     }
   }
 );
-app25.openapi(
+app28.openapi(
   createRoute({
     method: "put",
     path: "/project-full/{projectId}",
@@ -11476,15 +11712,15 @@ app25.openapi(
       }
       const existingProject = await getFullProject(
         dbClient_default,
-        logger8
+        logger9
       )({
         scopes: { tenantId, projectId }
       });
       const isCreate = !existingProject;
-      const updatedProject = isCreate ? await createFullProjectServerSide(dbClient_default, logger8)(
+      const updatedProject = isCreate ? await createFullProjectServerSide(dbClient_default, logger9)(
         { tenantId, projectId },
         validatedProjectData
-      ) : await updateFullProjectServerSide(dbClient_default, logger8)(
+      ) : await updateFullProjectServerSide(dbClient_default, logger9)(
         { tenantId, projectId },
         validatedProjectData
       );
@@ -11509,7 +11745,7 @@ app25.openapi(
     }
   }
 );
-app25.openapi(
+app28.openapi(
   createRoute({
     method: "delete",
     path: "/project-full/{projectId}",
@@ -11532,7 +11768,7 @@ app25.openapi(
     try {
       const deleted = await deleteFullProject(
         dbClient_default,
-        logger8
+        logger9
       )({
         scopes: { tenantId, projectId }
       });
@@ -11557,7 +11793,7 @@ app25.openapi(
     }
   }
 );
-var projectFull_default = app25;
+var projectFull_default = app28;
 var userOrganizationsRoutes = new OpenAPIHono();
 userOrganizationsRoutes.openapi(
   createRoute({
@@ -11632,8 +11868,8 @@ userOrganizationsRoutes.openapi(
 var userOrganizations_default = userOrganizationsRoutes;
 // src/app.ts
-var logger9 = getLogger("agents-manage-api");
-logger9.info({ logger: logger9.getTransports() }, "Logger initialized");
+var logger10 = getLogger("agents-manage-api");
+logger10.info({ logger: logger10.getTransports() }, "Logger initialized");
 function isOriginAllowed(origin) {
   if (!origin) return false;
   try {
@@ -11652,15 +11888,15 @@ function isOriginAllowed(origin) {
   }
 }
 function createManagementHono(serverConfig, credentialStores, auth) {
-  const app26 = new OpenAPIHono();
-  app26.use("*", requestId());
-  app26.use("*", async (c, next) => {
+  const app29 = new OpenAPIHono();
+  app29.use("*", requestId());
+  app29.use("*", async (c, next) => {
     c.set("serverConfig", serverConfig);
     c.set("credentialStores", credentialStores);
     c.set("auth", auth);
     return next();
   });
-  app26.use(
+  app29.use(
     pinoLogger({
       pino: getLogger("agents-manage-api").getPinoInstance(),
       http: {
@@ -11673,7 +11909,7 @@ function createManagementHono(serverConfig, credentialStores, auth) {
       }
     })
   );
-  app26.onError(async (err2, c) => {
+  app29.onError(async (err2, c) => {
     const isExpectedError = err2 instanceof HTTPException;
     const status = isExpectedError ? err2.status : 500;
     const requestId2 = c.get("requestId") || "unknown";
@@ -11706,7 +11942,7 @@ function createManagementHono(serverConfig, credentialStores, auth) {
       if (!isExpectedError) {
         const errorMessage = err2 instanceof Error ? err2.message : String(err2);
         const errorStack = err2 instanceof Error ? err2.stack : void 0;
-        logger9.error(
+        logger10.error(
           {
             error: err2,
             message: errorMessage,
@@ -11717,7 +11953,7 @@ function createManagementHono(serverConfig, credentialStores, auth) {
           "Unexpected server error occurred"
         );
       } else {
-        logger9.error(
+        logger10.error(
           {
             error: err2,
             path: c.req.path,
@@ -11743,7 +11979,7 @@ function createManagementHono(serverConfig, credentialStores, auth) {
     return c.body(JSON.stringify(responseBody));
   });
   if (auth) {
-    app26.use(
+    app29.use(
       "/api/auth/*",
       cors({
         origin: (origin) => {
@@ -11756,14 +11992,30 @@ function createManagementHono(serverConfig, credentialStores, auth) {
         credentials: true
       })
     );
-    app26.on(["POST", "GET"], "/api/auth/*", (c) => {
+    app29.on(["POST", "GET", "OPTIONS"], "/api/auth/*", (c) => {
       return auth.handler(c.req.raw);
     });
   }
-  app26.use("*", async (c, next) => {
+  app29.use(
+    "/tenants/*/playground/token",
+    cors({
+      origin: (origin) => {
+        return isOriginAllowed(origin) ? origin : null;
+      },
+      allowHeaders: ["content-type", "Content-Type", "authorization", "Authorization"],
+      allowMethods: ["POST", "OPTIONS"],
+      exposeHeaders: ["Content-Length"],
+      maxAge: 600,
+      credentials: true
+    })
+  );
+  app29.use("*", async (c, next) => {
     if (auth && c.req.path.startsWith("/api/auth/")) {
       return next();
     }
+    if (c.req.path.includes("/playground/token")) {
+      return next();
+    }
     return cors({
       origin: (origin) => {
         return isOriginAllowed(origin) ? origin : null;
@@ -11775,7 +12027,7 @@ function createManagementHono(serverConfig, credentialStores, auth) {
       credentials: true
     })(c, next);
   });
-  app26.use("*", async (c, next) => {
+  app29.use("*", async (c, next) => {
     if (env.DISABLE_AUTH || !auth) {
       c.set("user", null);
       c.set("session", null);
@@ -11793,7 +12045,7 @@ function createManagementHono(serverConfig, credentialStores, auth) {
     c.set("session", session.session);
     await next();
   });
-  app26.openapi(
+  app29.openapi(
     createRoute({
       method: "get",
       path: "/health",
@@ -11810,7 +12062,7 @@ function createManagementHono(serverConfig, credentialStores, auth) {
       return c.body(null, 204);
     }
   );
-  app26.use("/tenants/*", async (c, next) => {
+  app29.use("/tenants/*", async (c, next) => {
     const isTestEnvironment = process.env.ENVIRONMENT === "test";
     if (env.DISABLE_AUTH || isTestEnvironment) {
       await next();
@@ -11824,19 +12076,21 @@ function createManagementHono(serverConfig, credentialStores, auth) {
   });
   const isTestEnv = process.env.ENVIRONMENT === "test";
   if (!env.DISABLE_AUTH && !isTestEnv) {
-    app26.use("/tenants/:tenantId/*", requireTenantAccess());
-  }
-  app26.route("/api/users/:userId/organizations", userOrganizations_default);
-  app26.route("/api/invitations", invitations_default);
-  app26.route("/tenants/:tenantId", routes_default);
-  app26.route("/tenants/:tenantId", projectFull_default);
-  app26.route("/oauth", oauth_default);
-  setupOpenAPIRoutes(app26);
+    app29.use("/tenants/:tenantId/*", requireTenantAccess());
+  }
+  app29.route("/api/users/:userId/organizations", userOrganizations_default);
+  app29.route("/api/invitations", invitations_default);
+  app29.route("/tenants/:tenantId", routes_default);
+  app29.route("/tenants/:tenantId/playground/token", playgroundToken_default);
+  app29.route("/tenants/:tenantId", projectFull_default);
+  app29.route("/oauth", oauth_default);
+  app29.route("/mcp", mcp_default);
+  setupOpenAPIRoutes(app29);
   const baseApp = new Hono();
-  baseApp.route("/", app26);
+  baseApp.route("/", app29);
   return baseApp;
 }
-var logger10 = getLogger("initialization");
+var logger11 = getLogger("initialization");
 async function initializeDefaultUser(authInstance) {
   const { INKEEP_AGENTS_MANAGE_UI_USERNAME, INKEEP_AGENTS_MANAGE_UI_PASSWORD, DISABLE_AUTH } = env;
   const hasCredentials = INKEEP_AGENTS_MANAGE_UI_USERNAME && INKEEP_AGENTS_MANAGE_UI_PASSWORD;
@@ -11851,23 +12105,23 @@ async function initializeDefaultUser(authInstance) {
       logo: null,
       metadata: null
     });
-    logger10.info({ organizationId: orgId }, "Created default organization");
+    logger11.info({ organizationId: orgId }, "Created default organization");
   } else {
-    logger10.info({ organizationId: orgId }, "Organization already exists");
+    logger11.info({ organizationId: orgId }, "Organization already exists");
   }
   if (!hasCredentials || DISABLE_AUTH || !authInstance) {
-    logger10.info({ hasCredentials: false }, "Skipping default user creation");
+    logger11.info({ hasCredentials: false }, "Skipping default user creation");
     return;
   }
   try {
     let user = await getUserByEmail(dbClient_default)(INKEEP_AGENTS_MANAGE_UI_USERNAME);
     if (user) {
-      logger10.info(
+      logger11.info(
         { email: INKEEP_AGENTS_MANAGE_UI_USERNAME, userId: user.id },
         "Default user already exists"
       );
     } else {
-      logger10.info(
+      logger11.info(
         { email: INKEEP_AGENTS_MANAGE_UI_USERNAME },
         "Creating default user with Better Auth..."
       );
@@ -11886,7 +12140,7 @@ async function initializeDefaultUser(authInstance) {
       if (!user) {
         throw new Error("User was created but could not be retrieved from database");
       }
-      logger10.info(
+      logger11.info(
         {
           email: user.email,
           id: user.id
@@ -11903,14 +12157,14 @@ async function initializeDefaultUser(authInstance) {
         role: "owner",
         createdAt: /* @__PURE__ */ new Date()
       });
-      logger10.info({ userId: user.id, organizationId: orgId }, "Added user as organization owner");
+      logger11.info({ userId: user.id, organizationId: orgId }, "Added user as organization owner");
     } else {
-      logger10.info(
+      logger11.info(
         { userId: user.id, organizationId: orgId },
         "User already a member of organization"
       );
     }
-    logger10.info(
+    logger11.info(
       {
         organizationId: orgId,
         organizationSlug: env.TENANT_ID,
@@ -11920,7 +12174,7 @@ async function initializeDefaultUser(authInstance) {
       "\u2705 Initialization complete - login with these credentials"
     );
   } catch (error) {
-    logger10.error(
+    logger11.error(
       { error, email: INKEEP_AGENTS_MANAGE_UI_USERNAME },
       "\u274C Failed to create default user"
     );
@@ -11932,7 +12186,9 @@ async function createOIDCProvider(options) {
     const config = await client.discovery(issuerUrl, client.randomPKCECodeVerifier());
     const metadata2 = config.serverMetadata();
     if (!metadata2.issuer || !metadata2.authorization_endpoint || !metadata2.token_endpoint || !metadata2.userinfo_endpoint || !metadata2.jwks_uri) {
-      console.log("Some OIDC configuration endpoints are missing, which might cause issues with SSO");
+      console.log(
+        "Some OIDC configuration endpoints are missing, which might cause issues with SSO"
+      );
     }
     const oidcConfig = {
       clientId: options.clientId,