@inkeep/agents-manage-api 0.39.4 → 0.40.0

package/dist/create-app.d.ts

@@ -0,0 +1,21 @@
+import { Hono } from "hono";
+import { ServerConfig } from "@inkeep/agents-core";
+import { auth, createAuth } from "@inkeep/agents-core/auth";
+import * as hono_types0 from "hono/types";
+import { CredentialStoreRegistry as CredentialStoreRegistry$1 } from "@inkeep/agents-core/credential-stores";
+
+//#region src/create-app.d.ts
+type AppVariables = {
+  serverConfig: ServerConfig;
+  credentialStores: CredentialStoreRegistry$1;
+  auth: ReturnType<typeof createAuth> | null;
+  user: typeof auth.$Infer.Session.user | null;
+  session: typeof auth.$Infer.Session.session | null;
+  userId?: string;
+  userEmail?: string;
+  tenantId?: string;
+  tenantRole?: string;
+};
+declare function createManagementHono(serverConfig: ServerConfig, credentialStores: CredentialStoreRegistry$1, auth: ReturnType<typeof createAuth> | null): Hono<hono_types0.BlankEnv, hono_types0.BlankSchema, "/">;
+//#endregion
+export { AppVariables, createManagementHono };

package/dist/create-app.js

@@ -0,0 +1,144 @@
+import { env } from "./env.js";
+import { getLogger } from "./logger.js";
+import { apiKeyAuth } from "./middleware/auth.js";
+import { errorHandler } from "./middleware/error-handler.js";
+import { sessionAuth } from "./middleware/session-auth.js";
+import { requireTenantAccess } from "./middleware/tenant-access.js";
+import { setupOpenAPIRoutes } from "./openapi.js";
+import cliAuth_default from "./routes/cliAuth.js";
+import routes_default from "./routes/index.js";
+import invitations_default from "./routes/invitations.js";
+import mcp_default from "./routes/mcp.js";
+import oauth_default from "./routes/oauth.js";
+import playgroundToken_default from "./routes/playgroundToken.js";
+import projectFull_default from "./routes/projectFull.js";
+import signoz_default from "./routes/signoz.js";
+import userOrganizations_default from "./routes/userOrganizations.js";
+import { authCorsConfig, defaultCorsConfig, isOriginAllowed, playgroundCorsConfig } from "./utils/cors.js";
+import { OpenAPIHono, createRoute } from "@hono/zod-openapi";
+import { Hono } from "hono";
+import { cors } from "hono/cors";
+import { requestId } from "hono/request-id";
+import { pinoLogger } from "hono-pino";
+
+//#region src/create-app.ts
+const logger = getLogger("agents-manage-api");
+logger.info({ logger: logger.getTransports() }, "Logger initialized");
+const isTestEnvironment = () => process.env.ENVIRONMENT === "test";
+function createManagementHono(serverConfig, credentialStores, auth) {
+	const app = new OpenAPIHono();
+	app.use("*", requestId());
+	app.use("*", async (c, next) => {
+		c.set("serverConfig", serverConfig);
+		c.set("credentialStores", credentialStores);
+		c.set("auth", auth);
+		return next();
+	});
+	app.use(pinoLogger({
+		pino: getLogger("agents-manage-api").getPinoInstance(),
+		http: { onResLevel(c) {
+			if (c.res.status >= 500) return "error";
+			return "info";
+		} }
+	}));
+	app.onError(errorHandler);
+	if (auth) {
+		app.use("/api/auth/*", cors(authCorsConfig));
+		app.on(["POST", "GET"], "/api/auth/*", (c) => {
+			return auth.handler(c.req.raw);
+		});
+	}
+	app.use("/tenants/*/playground/token", cors(playgroundCorsConfig));
+	app.use("/tenants/*/signoz/*", cors({
+		origin: (origin) => {
+			return isOriginAllowed(origin) ? origin : null;
+		},
+		allowHeaders: [
+			"content-type",
+			"Content-Type",
+			"authorization",
+			"Authorization",
+			"User-Agent",
+			"Cookie",
+			"X-Forwarded-Cookie"
+		],
+		allowMethods: [
+			"GET",
+			"POST",
+			"OPTIONS"
+		],
+		exposeHeaders: ["Content-Length", "Set-Cookie"],
+		maxAge: 600,
+		credentials: true
+	}));
+	app.use("*", async (c, next) => {
+		if (auth && c.req.path.startsWith("/api/auth/")) return next();
+		if (c.req.path.includes("/playground/token")) return next();
+		if (c.req.path.includes("/signoz/")) return next();
+		return cors(defaultCorsConfig)(c, next);
+	});
+	app.use("*", async (c, next) => {
+		if (env.DISABLE_AUTH || !auth) {
+			c.set("user", null);
+			c.set("session", null);
+			await next();
+			return;
+		}
+		const headers = new Headers(c.req.raw.headers);
+		const forwardedCookie = headers.get("x-forwarded-cookie");
+		if (forwardedCookie && !headers.get("cookie")) headers.set("cookie", forwardedCookie);
+		const session = await auth.api.getSession({ headers });
+		if (!session) {
+			c.set("user", null);
+			c.set("session", null);
+			await next();
+			return;
+		}
+		c.set("user", session.user);
+		c.set("session", session.session);
+		await next();
+	});
+	app.openapi(createRoute({
+		method: "get",
+		path: "/health",
+		operationId: "health",
+		summary: "Health check",
+		description: "Check if the management service is healthy",
+		responses: { 204: { description: "Service is healthy" } }
+	}), (c) => {
+		return c.body(null, 204);
+	});
+	app.use("/tenants/*", async (c, next) => {
+		if (env.DISABLE_AUTH || isTestEnvironment()) {
+			await next();
+			return;
+		}
+		if (c.req.header("Authorization")?.startsWith("Bearer ")) return apiKeyAuth()(c, next);
+		return sessionAuth()(c, next);
+	});
+	if (env.DISABLE_AUTH || isTestEnvironment()) app.use("/tenants/:tenantId/*", async (c, next) => {
+		const tenantId = c.req.param("tenantId");
+		if (tenantId) {
+			c.set("tenantId", tenantId);
+			c.set("userId", "anonymous");
+		}
+		await next();
+	});
+	else app.use("/tenants/:tenantId/*", requireTenantAccess());
+	app.route("/api/users/:userId/organizations", userOrganizations_default);
+	app.route("/api/cli", cliAuth_default);
+	app.route("/api/invitations", invitations_default);
+	app.route("/tenants/:tenantId", routes_default);
+	app.route("/tenants/:tenantId/playground/token", playgroundToken_default);
+	app.route("/tenants/:tenantId/signoz", signoz_default);
+	app.route("/tenants/:tenantId", projectFull_default);
+	app.route("/oauth", oauth_default);
+	app.route("/mcp", mcp_default);
+	setupOpenAPIRoutes(app);
+	const baseApp = new Hono();
+	baseApp.route("/", app);
+	return baseApp;
+}
+
+//#endregion
+export { createManagementHono };

package/dist/data/agentFull.d.ts

@@ -0,0 +1,15 @@
+import { FullAgentDefinition } from "@inkeep/agents-core";
+
+//#region src/data/agentFull.d.ts
+
+/**
+ * Client-side implementation of createFullAgent that makes HTTP requests to the API endpoint.
+ * This function should be used by client code instead of directly accessing the data layer.
+ */
+declare const createFullAgent: (tenantId: string, agentData: FullAgentDefinition) => Promise<FullAgentDefinition>;
+/**
+ * Client-side implementation of updateFullAgent that makes HTTP requests to the API endpoint.
+ */
+declare const updateFullAgent: (tenantId: string, agentId: string, agentData: FullAgentDefinition) => Promise<FullAgentDefinition>;
+//#endregion
+export { createFullAgent, updateFullAgent };

package/dist/data/agentFull.js

@@ -0,0 +1,84 @@
+import { env } from "../env.js";
+import { getLogger as getLogger$1 } from "../logger.js";
+import { validateAndTypeAgentData } from "@inkeep/agents-core";
+
+//#region src/data/agentFull.ts
+const logger = getLogger$1("agentFull");
+/**
+* Client-side implementation of createFullAgent that makes HTTP requests to the API endpoint.
+* This function should be used by client code instead of directly accessing the data layer.
+*/
+const createFullAgent = async (tenantId, agentData) => {
+	logger.info({
+		tenantId,
+		agentId: agentData.id,
+		subAgentCount: Object.keys(agentData.subAgents || {}).length
+	}, "Creating full agent via API endpoint");
+	try {
+		const endpoint = `${env.INKEEP_AGENTS_MANAGE_API_URL}/tenants/${tenantId}/agent`;
+		const response = await fetch(endpoint, {
+			method: "POST",
+			headers: { "Content-Type": "application/json" },
+			body: JSON.stringify(agentData)
+		});
+		if (!response.ok) {
+			const errorText = await response.text();
+			throw new Error(`HTTP error ${response.status}: ${errorText}`);
+		}
+		const result = await response.json();
+		logger.info({
+			tenantId,
+			agentId: agentData.id,
+			status: response.status
+		}, "Full agent created successfully via API");
+		return result.data;
+	} catch (error) {
+		logger.error({
+			tenantId,
+			agentId: agentData.id,
+			error: error instanceof Error ? error.message : "Unknown error"
+		}, "Failed to create full agent via API");
+		throw error;
+	}
+};
+/**
+* Client-side implementation of updateFullAgent that makes HTTP requests to the API endpoint.
+*/
+const updateFullAgent = async (tenantId, agentId, agentData) => {
+	const typed = validateAndTypeAgentData(agentData);
+	if (agentId !== typed.id) throw new Error(`Agent ID mismatch: expected ${agentId}, got ${typed.id}`);
+	logger.info({
+		tenantId,
+		agentId,
+		subAgentCount: Object.keys(agentData.subAgents || {}).length
+	}, "Updating full agent via API endpoint");
+	try {
+		const endpoint = `${env.INKEEP_AGENTS_MANAGE_API_URL}/tenants/${tenantId}/agent/${agentId}`;
+		const response = await fetch(endpoint, {
+			method: "PUT",
+			headers: { "Content-Type": "application/json" },
+			body: JSON.stringify(agentData)
+		});
+		if (!response.ok) {
+			const errorText = await response.text();
+			throw new Error(`HTTP error ${response.status}: ${errorText}`);
+		}
+		const result = await response.json();
+		logger.info({
+			tenantId,
+			agentId,
+			status: response.status
+		}, "Full agent updated successfully via API");
+		return result.data;
+	} catch (error) {
+		logger.error({
+			tenantId,
+			agentId,
+			error: error instanceof Error ? error.message : "Unknown error"
+		}, "Failed to update full agent via API");
+		throw error;
+	}
+};
+
+//#endregion
+export { createFullAgent, updateFullAgent };

package/dist/data/conversations.d.ts

@@ -0,0 +1,77 @@
+import { AgentConversationHistoryConfig, ConversationHistoryConfig, ConversationScopeOptions } from "@inkeep/agents-core";
+
+//#region src/data/conversations.d.ts
+
+/**
+ * Creates default conversation history configuration
+ * @param mode - The conversation history mode ('full' | 'scoped' | 'none')
+ * @returns Default AgentConversationHistoryConfig
+ */
+declare function createDefaultConversationHistoryConfig(mode?: 'full' | 'scoped' | 'none'): AgentConversationHistoryConfig;
+/**
+ * Saves the result of an A2A client sendMessage call as a conversation message
+ * @param response - The response from a2aClient.sendMessage()
+ * @param params - Parameters for saving the message
+ * @returns The saved message or null if no text content was found
+ */
+declare function saveA2AMessageResponse(response: any,
+// SendMessageResponse type
+params: {
+  tenantId: string;
+  projectId: string;
+  conversationId: string;
+  messageType: 'a2a-response' | 'a2a-request';
+  visibility: 'internal' | 'external' | 'user-facing';
+  fromSubAgentId?: string;
+  toSubAgentId?: string;
+  fromExternalAgentId?: string;
+  toExternalAgentId?: string;
+  a2aTaskId?: string;
+  a2aSessionId?: string;
+  metadata?: Record<string, unknown>;
+}): Promise<any | null>;
+/**
+ * Applies filtering based on sub-agent, task, or both criteria
+ * Returns the filtered messages array
+ */
+declare function getScopedHistory({
+  tenantId,
+  projectId,
+  conversationId,
+  filters,
+  options
+}: {
+  tenantId: string;
+  projectId: string;
+  conversationId: string;
+  filters?: ConversationScopeOptions;
+  options?: ConversationHistoryConfig;
+}): Promise<any[]>;
+/**
+ * Get user-facing conversation history (for client display)
+ */
+declare function getUserFacingHistory(tenantId: string, projectId: string, conversationId: string, limit?: number): Promise<any[]>;
+/**
+ * Get full conversation context (for agent processing)
+ */
+declare function getFullConversationContext(tenantId: string, projectId: string, conversationId: string, maxTokens?: number): Promise<any[]>;
+/**
+ * Get formatted conversation history for a2a
+ */
+declare function getFormattedConversationHistory({
+  tenantId,
+  projectId,
+  conversationId,
+  currentMessage,
+  options,
+  filters
+}: {
+  tenantId: string;
+  projectId: string;
+  conversationId: string;
+  currentMessage?: string;
+  options?: ConversationHistoryConfig;
+  filters?: ConversationScopeOptions;
+}): Promise<string>;
+//#endregion
+export { createDefaultConversationHistoryConfig, getFormattedConversationHistory, getFullConversationContext, getScopedHistory, getUserFacingHistory, saveA2AMessageResponse };

package/dist/data/conversations.js

@@ -0,0 +1,152 @@
+import dbClient_default from "./db/dbClient.js";
+import { CONVERSATION_HISTORY_MAX_OUTPUT_TOKENS_DEFAULT, createMessage, generateId, getConversationHistory } from "@inkeep/agents-core";
+
+//#region src/data/conversations.ts
+/**
+* Creates default conversation history configuration
+* @param mode - The conversation history mode ('full' | 'scoped' | 'none')
+* @returns Default AgentConversationHistoryConfig
+*/
+function createDefaultConversationHistoryConfig(mode = "full") {
+	return {
+		mode,
+		limit: 50,
+		includeInternal: true,
+		messageTypes: ["chat"],
+		maxOutputTokens: CONVERSATION_HISTORY_MAX_OUTPUT_TOKENS_DEFAULT
+	};
+}
+/**
+* Extracts text content from A2A Message parts array
+*/
+function extractA2AMessageText(parts) {
+	return parts.filter((part) => part.kind === "text" && part.text).map((part) => part.text).join("");
+}
+/**
+* Saves the result of an A2A client sendMessage call as a conversation message
+* @param response - The response from a2aClient.sendMessage()
+* @param params - Parameters for saving the message
+* @returns The saved message or null if no text content was found
+*/
+async function saveA2AMessageResponse(response, params) {
+	if (response.error) throw new Error(response.error.message);
+	let messageText = "";
+	if (response.result.kind === "message") messageText = extractA2AMessageText(response.result.parts);
+	else if (response.result.kind === "task") {
+		if (response.result.artifacts && response.result.artifacts.length > 0) {
+			const firstArtifact = response.result.artifacts[0];
+			if (firstArtifact.parts) messageText = extractA2AMessageText(firstArtifact.parts);
+		}
+	} else if (typeof response.result === "string") messageText = response.result;
+	if (!messageText || messageText.trim() === "") return null;
+	return await createMessage(dbClient_default)({
+		id: generateId(),
+		tenantId: params.tenantId,
+		projectId: params.projectId,
+		conversationId: params.conversationId,
+		role: "agent",
+		content: { text: messageText },
+		visibility: params.visibility,
+		messageType: params.messageType,
+		fromSubAgentId: params.fromSubAgentId,
+		toSubAgentId: params.toSubAgentId,
+		fromExternalAgentId: params.fromExternalAgentId,
+		toExternalAgentId: params.toExternalAgentId,
+		a2aTaskId: params.a2aTaskId,
+		a2aSessionId: params.a2aSessionId,
+		metadata: params.metadata
+	});
+}
+/**
+* Applies filtering based on sub-agent, task, or both criteria
+* Returns the filtered messages array
+*/
+async function getScopedHistory({ tenantId, projectId, conversationId, filters, options }) {
+	try {
+		const messages = await getConversationHistory(dbClient_default)({
+			scopes: {
+				tenantId,
+				projectId
+			},
+			conversationId,
+			options
+		});
+		if (!filters || !filters.subAgentId && !filters.taskId) return messages;
+		return messages.filter((msg) => {
+			if (msg.role === "user") return true;
+			let matchesAgent = true;
+			let matchesTask = true;
+			if (filters.subAgentId) matchesAgent = msg.role === "agent" && msg.visibility === "user-facing" || msg.toSubAgentId === filters.subAgentId || msg.fromSubAgentId === filters.subAgentId;
+			if (filters.taskId) matchesTask = msg.taskId === filters.taskId || msg.a2aTaskId === filters.taskId;
+			if (filters.subAgentId && filters.taskId) return matchesAgent && matchesTask;
+			if (filters.subAgentId) return matchesAgent;
+			if (filters.taskId) return matchesTask;
+			return false;
+		});
+	} catch (error) {
+		console.error("Failed to fetch scoped messages:", error);
+		return [];
+	}
+}
+/**
+* Get user-facing conversation history (for client display)
+*/
+async function getUserFacingHistory(tenantId, projectId, conversationId, limit = 50) {
+	return await getConversationHistory(dbClient_default)({
+		scopes: {
+			tenantId,
+			projectId
+		},
+		conversationId,
+		options: {
+			limit,
+			includeInternal: false,
+			messageTypes: ["chat"]
+		}
+	});
+}
+/**
+* Get full conversation context (for agent processing)
+*/
+async function getFullConversationContext(tenantId, projectId, conversationId, maxTokens) {
+	return await getConversationHistory(dbClient_default)({
+		scopes: {
+			tenantId,
+			projectId
+		},
+		conversationId,
+		options: {
+			limit: 100,
+			includeInternal: true,
+			maxOutputTokens: maxTokens
+		}
+	});
+}
+/**
+* Get formatted conversation history for a2a
+*/
+async function getFormattedConversationHistory({ tenantId, projectId, conversationId, currentMessage, options, filters }) {
+	const conversationHistory = await getScopedHistory({
+		tenantId,
+		projectId,
+		conversationId,
+		filters,
+		options: options ?? { includeInternal: true }
+	});
+	let messagesToFormat = conversationHistory;
+	if (currentMessage && conversationHistory.length > 0) {
+		if (conversationHistory[conversationHistory.length - 1].content.text === currentMessage) messagesToFormat = conversationHistory.slice(0, -1);
+	}
+	if (!messagesToFormat.length) return "";
+	return `<conversation_history>\n${messagesToFormat.map((msg) => {
+		let roleLabel;
+		if (msg.role === "user") roleLabel = "user";
+		else if (msg.role === "agent" && (msg.messageType === "a2a-request" || msg.messageType === "a2a-response")) roleLabel = `${msg.fromSubAgentId || msg.fromExternalAgentId || "unknown"} to ${msg.toSubAgentId || msg.toExternalAgentId || "unknown"}`;
+		else if (msg.role === "agent" && msg.messageType === "chat") roleLabel = `${msg.fromSubAgentId || "unknown"} to User`;
+		else roleLabel = msg.role || "system";
+		return `${roleLabel}: """${msg.content.text}"""`;
+	}).join("\n")}\n</conversation_history>\n`;
+}
+
+//#endregion
+export { createDefaultConversationHistoryConfig, getFormattedConversationHistory, getFullConversationContext, getScopedHistory, getUserFacingHistory, saveA2AMessageResponse };

package/dist/data/db/dbClient.d.ts

@@ -0,0 +1,6 @@
+import { DatabaseClient } from "@inkeep/agents-core";
+
+//#region src/data/db/dbClient.d.ts
+declare let dbClient: DatabaseClient;
+//#endregion
+export { dbClient as default };

package/dist/data/db/dbClient.js

@@ -0,0 +1,17 @@
+import { env } from "../../env.js";
+import { createDatabaseClient } from "@inkeep/agents-core";
+import { PGlite } from "@electric-sql/pglite";
+import * as schema from "@inkeep/agents-core/db/schema";
+import { drizzle } from "drizzle-orm/pglite";
+
+//#region src/data/db/dbClient.ts
+let dbClient;
+if (env.ENVIRONMENT === "test") dbClient = drizzle({
+	client: new PGlite(),
+	schema
+});
+else dbClient = createDatabaseClient({ connectionString: env.DATABASE_URL });
+var dbClient_default = dbClient;
+
+//#endregion
+export { dbClient_default as default };

package/dist/env.d.ts

@@ -0,0 +1,61 @@
+import { z } from "@hono/zod-openapi";
+
+//#region src/env.d.ts
+declare const envSchema: z.ZodObject<{
+  NODE_ENV: z.ZodOptional<z.ZodEnum<{
+    development: "development";
+    production: "production";
+    test: "test";
+  }>>;
+  ENVIRONMENT: z.ZodOptional<z.ZodEnum<{
+    development: "development";
+    production: "production";
+    test: "test";
+    pentest: "pentest";
+  }>>;
+  INKEEP_AGENTS_MANAGE_API_URL: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+  INKEEP_AGENTS_MANAGE_UI_URL: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+  DATABASE_URL: z.ZodOptional<z.ZodString>;
+  LOG_LEVEL: z.ZodDefault<z.ZodOptional<z.ZodEnum<{
+    trace: "trace";
+    debug: "debug";
+    info: "info";
+    warn: "warn";
+    error: "error";
+  }>>>;
+  NANGO_SERVER_URL: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+  NANGO_SECRET_KEY: z.ZodOptional<z.ZodString>;
+  INKEEP_AGENTS_MANAGE_API_BYPASS_SECRET: z.ZodOptional<z.ZodString>;
+  BETTER_AUTH_SECRET: z.ZodOptional<z.ZodString>;
+  TENANT_ID: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+  INKEEP_AGENTS_MANAGE_UI_USERNAME: z.ZodOptional<z.ZodString>;
+  INKEEP_AGENTS_MANAGE_UI_PASSWORD: z.ZodOptional<z.ZodString>;
+  DISABLE_AUTH: z.ZodPipe<z.ZodDefault<z.ZodOptional<z.ZodString>>, z.ZodTransform<boolean, string>>;
+  INKEEP_AGENTS_TEMP_JWT_PRIVATE_KEY: z.ZodOptional<z.ZodString>;
+  SIGNOZ_URL: z.ZodOptional<z.ZodString>;
+  SIGNOZ_API_KEY: z.ZodOptional<z.ZodString>;
+  PUBLIC_SIGNOZ_URL: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+declare const env: {
+  INKEEP_AGENTS_MANAGE_API_URL: string;
+  INKEEP_AGENTS_MANAGE_UI_URL: string;
+  LOG_LEVEL: "trace" | "debug" | "info" | "warn" | "error";
+  NANGO_SERVER_URL: string;
+  TENANT_ID: string;
+  DISABLE_AUTH: boolean;
+  NODE_ENV?: "development" | "production" | "test" | undefined;
+  ENVIRONMENT?: "development" | "production" | "test" | "pentest" | undefined;
+  DATABASE_URL?: string | undefined;
+  NANGO_SECRET_KEY?: string | undefined;
+  INKEEP_AGENTS_MANAGE_API_BYPASS_SECRET?: string | undefined;
+  BETTER_AUTH_SECRET?: string | undefined;
+  INKEEP_AGENTS_MANAGE_UI_USERNAME?: string | undefined;
+  INKEEP_AGENTS_MANAGE_UI_PASSWORD?: string | undefined;
+  INKEEP_AGENTS_TEMP_JWT_PRIVATE_KEY?: string | undefined;
+  SIGNOZ_URL?: string | undefined;
+  SIGNOZ_API_KEY?: string | undefined;
+  PUBLIC_SIGNOZ_URL?: string | undefined;
+};
+type Env = z.infer<typeof envSchema>;
+//#endregion
+export { Env, env };

package/dist/env.js

@@ -0,0 +1,55 @@
+import { z } from "@hono/zod-openapi";
+import { loadEnvironmentFiles } from "@inkeep/agents-core";
+
+//#region src/env.ts
+loadEnvironmentFiles();
+const envSchema = z.object({
+	NODE_ENV: z.enum([
+		"development",
+		"production",
+		"test"
+	]).optional(),
+	ENVIRONMENT: z.enum([
+		"development",
+		"production",
+		"pentest",
+		"test"
+	]).optional(),
+	INKEEP_AGENTS_MANAGE_API_URL: z.string().optional().default("http://localhost:3002"),
+	INKEEP_AGENTS_MANAGE_UI_URL: z.string().optional().default("http://localhost:3000"),
+	DATABASE_URL: z.string().optional(),
+	LOG_LEVEL: z.enum([
+		"trace",
+		"debug",
+		"info",
+		"warn",
+		"error"
+	]).optional().default("debug"),
+	NANGO_SERVER_URL: z.string().optional().default("https://api.nango.dev"),
+	NANGO_SECRET_KEY: z.string().optional(),
+	INKEEP_AGENTS_MANAGE_API_BYPASS_SECRET: z.string().optional(),
+	BETTER_AUTH_SECRET: z.string().optional(),
+	TENANT_ID: z.string().optional().default("default"),
+	INKEEP_AGENTS_MANAGE_UI_USERNAME: z.string().optional().refine((val) => !val || /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(val), { message: "Invalid email address" }),
+	INKEEP_AGENTS_MANAGE_UI_PASSWORD: z.string().optional().refine((val) => !val || val.length >= 8, { message: "Password must be at least 8 characters" }),
+	DISABLE_AUTH: z.string().optional().default("false").transform((val) => val === "true"),
+	INKEEP_AGENTS_TEMP_JWT_PRIVATE_KEY: z.string().optional(),
+	SIGNOZ_URL: z.string().optional(),
+	SIGNOZ_API_KEY: z.string().optional(),
+	PUBLIC_SIGNOZ_URL: z.string().optional()
+});
+const parseEnv = () => {
+	try {
+		return envSchema.parse(process.env);
+	} catch (error) {
+		if (error instanceof z.ZodError) {
+			const missingVars = error.issues.map((issue) => issue.path.join("."));
+			throw new Error(`❌ Invalid environment variables: ${missingVars.join(", ")}\n${error.message}`);
+		}
+		throw error;
+	}
+};
+const env = parseEnv();
+
+//#endregion
+export { env };

package/dist/factory.d.ts

@@ -1,2 +1,17 @@
-import { a as createOIDCProvider, i as createAuth0Provider, n as UserAuthConfig, o as initializeDefaultUser, r as createManagementApp, s as createManagementHono, t as SSOProviderConfig } from "./factory2.js";
-export { SSOProviderConfig, UserAuthConfig, createAuth0Provider, createManagementApp, createManagementHono, createOIDCProvider, initializeDefaultUser };
+import { createManagementHono } from "./create-app.js";
+import { initializeDefaultUser } from "./initialization.js";
+import { createAuth0Provider, createOIDCProvider } from "./sso-helpers.js";
+import * as hono1 from "hono";
+import { CredentialStore, ServerConfig } from "@inkeep/agents-core";
+import { SSOProviderConfig, UserAuthConfig } from "@inkeep/agents-core/auth";
+import * as hono_types1 from "hono/types";
+
+//#region src/factory.d.ts
+declare function createManagementApp(config?: {
+  serverConfig?: ServerConfig;
+  credentialStores?: CredentialStore[];
+  auth?: UserAuthConfig;
+  skipInitialization?: boolean;
+}): hono1.Hono<hono_types1.BlankEnv, hono_types1.BlankSchema, "/">;
+//#endregion
+export { type SSOProviderConfig, type UserAuthConfig, createAuth0Provider, createManagementApp, createManagementHono, createOIDCProvider, initializeDefaultUser };