npm - @inkeep/agents-manage-api - Versions diffs - 0.39.5 → 0.41.0 - Mend

@inkeep/agents-manage-api 0.39.5 → 0.41.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (123) hide show

package/dist/create-app.d.ts +21 -0
package/dist/create-app.js +144 -0
package/dist/data/agentFull.d.ts +15 -0
package/dist/data/agentFull.js +84 -0
package/dist/data/conversations.d.ts +77 -0
package/dist/data/conversations.js +152 -0
package/dist/data/db/dbClient.d.ts +6 -0
package/dist/data/db/dbClient.js +17 -0
package/dist/env.d.ts +61 -0
package/dist/env.js +55 -0
package/dist/factory.d.ts +17 -2
package/dist/factory.js +35 -2
package/dist/index.d.ts +163 -57
package/dist/index.js +8 -5
package/dist/initialization.d.ts +6 -0
package/dist/initialization.js +79 -0
package/dist/logger.d.ts +2 -0
package/dist/logger.js +3 -0
package/dist/middleware/auth.d.ts +24 -0
package/dist/middleware/auth.js +64 -0
package/dist/middleware/error-handler.d.ts +12 -0
package/dist/middleware/error-handler.js +88 -0
package/dist/middleware/require-permission.d.ts +19 -0
package/dist/middleware/require-permission.js +80 -0
package/dist/middleware/session-auth.d.ts +6 -0
package/dist/middleware/session-auth.js +26 -0
package/dist/middleware/tenant-access.d.ts +12 -0
package/dist/middleware/tenant-access.js +54 -0
package/dist/openapi.d.ts +7 -0
package/dist/openapi.js +157 -0
package/dist/routes/agent.d.ts +9 -0
package/dist/routes/agent.js +244 -0
package/dist/routes/agentFull.d.ts +9 -0
package/dist/routes/agentFull.js +188 -0
package/dist/routes/agentToolRelations.d.ts +9 -0
package/dist/routes/agentToolRelations.js +284 -0
package/dist/routes/apiKeys.d.ts +9 -0
package/dist/routes/apiKeys.js +217 -0
package/dist/routes/artifactComponents.d.ts +9 -0
package/dist/routes/artifactComponents.js +206 -0
package/dist/routes/cliAuth.d.ts +9 -0
package/dist/routes/cliAuth.js +60 -0
package/dist/routes/contextConfigs.d.ts +9 -0
package/dist/routes/contextConfigs.js +175 -0
package/dist/routes/conversations.d.ts +7 -0
package/dist/routes/conversations.js +59 -0
package/dist/routes/credentialStores.d.ts +9 -0
package/dist/routes/credentialStores.js +81 -0
package/dist/routes/credentials.d.ts +9 -0
package/dist/routes/credentials.js +204 -0
package/dist/routes/dataComponents.d.ts +9 -0
package/dist/routes/dataComponents.js +188 -0
package/dist/routes/externalAgents.d.ts +9 -0
package/dist/routes/externalAgents.js +195 -0
package/dist/routes/functionTools.d.ts +9 -0
package/dist/routes/functionTools.js +252 -0
package/dist/routes/functions.d.ts +9 -0
package/dist/routes/functions.js +281 -0
package/dist/routes/index.d.ts +7 -0
package/dist/routes/index.js +54 -0
package/dist/routes/invitations.d.ts +9 -0
package/dist/routes/invitations.js +41 -0
package/dist/routes/mcp.d.ts +7 -0
package/dist/routes/mcp.js +45 -0
package/dist/routes/mcpCatalog.d.ts +13 -0
package/dist/routes/mcpCatalog.js +454 -0
package/dist/routes/oauth.d.ts +10 -0
package/dist/routes/oauth.js +314 -0
package/dist/routes/playgroundToken.d.ts +9 -0
package/dist/routes/playgroundToken.js +108 -0
package/dist/routes/projectFull.d.ts +9 -0
package/dist/routes/projectFull.js +193 -0
package/dist/routes/projects.d.ts +9 -0
package/dist/routes/projects.js +188 -0
package/dist/routes/shared.d.ts +93 -0
package/dist/routes/shared.js +44 -0
package/dist/routes/signoz.d.ts +10 -0
package/dist/routes/signoz.js +155 -0
package/dist/routes/subAgentArtifactComponents.d.ts +9 -0
package/dist/routes/subAgentArtifactComponents.js +198 -0
package/dist/routes/subAgentDataComponents.d.ts +9 -0
package/dist/routes/subAgentDataComponents.js +197 -0
package/dist/routes/subAgentExternalAgentRelations.d.ts +9 -0
package/dist/routes/subAgentExternalAgentRelations.js +213 -0
package/dist/routes/subAgentRelations.d.ts +9 -0
package/dist/routes/subAgentRelations.js +259 -0
package/dist/routes/subAgentTeamAgentRelations.d.ts +9 -0
package/dist/routes/subAgentTeamAgentRelations.js +213 -0
package/dist/routes/subAgentToolRelations.d.ts +9 -0
package/dist/routes/subAgentToolRelations.js +284 -0
package/dist/routes/subAgents.d.ts +9 -0
package/dist/routes/subAgents.js +210 -0
package/dist/routes/thirdPartyMCPServers.d.ts +14 -0
package/dist/routes/thirdPartyMCPServers.js +72 -0
package/dist/routes/tools.d.ts +9 -0
package/dist/routes/tools.js +256 -0
package/dist/routes/userOrganizations.d.ts +9 -0
package/dist/routes/userOrganizations.js +58 -0
package/dist/sso-helpers.d.ts +20 -0
package/dist/sso-helpers.js +51 -0
package/dist/types/app.d.ts +47 -0
package/dist/types/app.js +1 -0
package/dist/utils/cors.d.ts +33 -0
package/dist/utils/cors.js +98 -0
package/dist/utils/oauth-service.d.ts +71 -0
package/dist/utils/oauth-service.js +106 -0
package/dist/utils/signoz-helpers.d.ts +9 -0
package/dist/utils/signoz-helpers.js +33 -0
package/dist/utils/temp-api-keys.d.ts +17 -0
package/dist/utils/temp-api-keys.js +26 -0
package/package.json +6 -13
package/dist/chunk-VBDAOXYI.js +0 -832
package/dist/chunk-VBDAOXYI.js.map +0 -1
package/dist/factory2.d.ts +0 -41
package/dist/factory2.d.ts.map +0 -1
package/dist/factory2.js +0 -37085
package/dist/factory2.js.map +0 -1
package/dist/index.d.ts.map +0 -1
package/dist/index.js.map +0 -1
package/dist/nodefs.js +0 -27
package/dist/nodefs.js.map +0 -1
package/dist/opfs-ahp.js +0 -368
package/dist/opfs-ahp.js.map +0 -1

package/dist/routes/subAgents.js ADDED Viewed

@@ -0,0 +1,210 @@
+import dbClient_default from "../data/db/dbClient.js";
+import { requirePermission } from "../middleware/require-permission.js";
+import { speakeasyOffsetLimitPagination } from "./shared.js";
+import { OpenAPIHono, createRoute } from "@hono/zod-openapi";
+import { ErrorResponseSchema, PaginationQueryParamsSchema, SubAgentApiInsertSchema, SubAgentApiUpdateSchema, SubAgentIsDefaultError, SubAgentListResponse, SubAgentResponse, TenantProjectAgentIdParamsSchema, TenantProjectAgentParamsSchema, commonGetErrorResponses, createApiError, createSubAgent, deleteSubAgent, generateId, getSubAgentById, listSubAgentsPaginated, updateSubAgent } from "@inkeep/agents-core";
+//#region src/routes/subAgents.ts
+const app = new OpenAPIHono();
+app.use("/", async (c, next) => {
+	if (c.req.method === "POST") return requirePermission({ sub_agent: ["create"] })(c, next);
+	return next();
+});
+app.use("/:id", async (c, next) => {
+	if (c.req.method === "PUT") return requirePermission({ sub_agent: ["update"] })(c, next);
+	if (c.req.method === "DELETE") return requirePermission({ sub_agent: ["delete"] })(c, next);
+	return next();
+});
+app.openapi(createRoute({
+	method: "get",
+	path: "/",
+	summary: "List SubAgents",
+	operationId: "list-subagents",
+	tags: ["SubAgent"],
+	request: {
+		params: TenantProjectAgentParamsSchema,
+		query: PaginationQueryParamsSchema
+	},
+	responses: {
+		200: {
+			description: "List of subAgents retrieved successfully",
+			content: { "application/json": { schema: SubAgentListResponse } }
+		},
+		...commonGetErrorResponses
+	},
+	...speakeasyOffsetLimitPagination
+}), async (c) => {
+	const { tenantId, projectId, agentId } = c.req.valid("param");
+	const page = Number(c.req.query("page")) || 1;
+	const limit = Math.min(Number(c.req.query("limit")) || 10, 100);
+	const result = await listSubAgentsPaginated(dbClient_default)({
+		scopes: {
+			tenantId,
+			projectId,
+			agentId
+		},
+		pagination: {
+			page,
+			limit
+		}
+	});
+	const dataWithType = {
+		...result,
+		data: result.data.map((subAgent) => ({
+			...subAgent,
+			type: "internal"
+		}))
+	};
+	return c.json(dataWithType);
+});
+app.openapi(createRoute({
+	method: "get",
+	path: "/{id}",
+	summary: "Get SubAgent",
+	operationId: "get-subagent-by-id",
+	tags: ["SubAgent"],
+	request: { params: TenantProjectAgentIdParamsSchema },
+	responses: {
+		200: {
+			description: "SubAgent found",
+			content: { "application/json": { schema: SubAgentResponse } }
+		},
+		...commonGetErrorResponses
+	}
+}), async (c) => {
+	const { tenantId, projectId, agentId, id } = c.req.valid("param");
+	const subAgent = await getSubAgentById(dbClient_default)({
+		scopes: {
+			tenantId,
+			projectId,
+			agentId
+		},
+		subAgentId: id
+	});
+	if (!subAgent) throw createApiError({
+		code: "not_found",
+		message: "SubAgent not found"
+	});
+	const subAgentWithType = {
+		...subAgent,
+		type: "internal"
+	};
+	return c.json({ data: subAgentWithType });
+});
+app.openapi(createRoute({
+	method: "post",
+	path: "/",
+	summary: "Create SubAgent",
+	operationId: "create-subagent",
+	tags: ["SubAgent"],
+	request: {
+		params: TenantProjectAgentParamsSchema,
+		body: { content: { "application/json": { schema: SubAgentApiInsertSchema } } }
+	},
+	responses: {
+		201: {
+			description: "SubAgent created successfully",
+			content: { "application/json": { schema: SubAgentResponse } }
+		},
+		...commonGetErrorResponses
+	}
+}), async (c) => {
+	const { tenantId, projectId, agentId } = c.req.valid("param");
+	const body = c.req.valid("json");
+	const subAgentId = body.id ? String(body.id) : generateId();
+	const subAgentWithType = {
+		...await createSubAgent(dbClient_default)({
+			...body,
+			id: subAgentId,
+			tenantId,
+			projectId,
+			agentId
+		}),
+		type: "internal"
+	};
+	return c.json({ data: subAgentWithType }, 201);
+});
+app.openapi(createRoute({
+	method: "put",
+	path: "/{id}",
+	summary: "Update SubAgent",
+	operationId: "update-subagent",
+	tags: ["SubAgent"],
+	request: {
+		params: TenantProjectAgentIdParamsSchema,
+		body: { content: { "application/json": { schema: SubAgentApiUpdateSchema } } }
+	},
+	responses: {
+		200: {
+			description: "SubAgent updated successfully",
+			content: { "application/json": { schema: SubAgentResponse } }
+		},
+		...commonGetErrorResponses
+	}
+}), async (c) => {
+	const { tenantId, projectId, agentId, id } = c.req.valid("param");
+	const body = c.req.valid("json");
+	const updatedSubAgent = await updateSubAgent(dbClient_default)({
+		scopes: {
+			tenantId,
+			projectId,
+			agentId
+		},
+		subAgentId: id,
+		data: body
+	});
+	if (!updatedSubAgent) throw createApiError({
+		code: "not_found",
+		message: "SubAgent not found"
+	});
+	const subAgentWithType = {
+		...updatedSubAgent,
+		type: "internal"
+	};
+	return c.json({ data: subAgentWithType });
+});
+app.openapi(createRoute({
+	method: "delete",
+	path: "/{id}",
+	summary: "Delete SubAgent",
+	operationId: "delete-subagent",
+	tags: ["SubAgent"],
+	request: { params: TenantProjectAgentIdParamsSchema },
+	responses: {
+		204: { description: "SubAgent deleted successfully" },
+		404: {
+			description: "SubAgent not found",
+			content: { "application/json": { schema: ErrorResponseSchema } }
+		},
+		409: {
+			description: "SubAgent is set as default and cannot be deleted",
+			content: { "application/json": { schema: ErrorResponseSchema } }
+		}
+	}
+}), async (c) => {
+	const { tenantId, projectId, agentId, id } = c.req.valid("param");
+	try {
+		if (!await deleteSubAgent(dbClient_default)({
+			scopes: {
+				tenantId,
+				projectId,
+				agentId
+			},
+			subAgentId: id
+		})) throw createApiError({
+			code: "not_found",
+			message: "SubAgent not found"
+		});
+		return c.body(null, 204);
+	} catch (error) {
+		if (error instanceof SubAgentIsDefaultError) throw createApiError({
+			code: "conflict",
+			message: error.message
+		});
+		throw error;
+	}
+});
+var subAgents_default = app;
+//#endregion
+export { subAgents_default as default };

package/dist/routes/thirdPartyMCPServers.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import { OpenAPIHono } from "@hono/zod-openapi";
+import { CredentialStoreRegistry, ServerConfig } from "@inkeep/agents-core";
+//#region src/routes/thirdPartyMCPServers.d.ts
+type AppVariables = {
+  serverConfig: ServerConfig;
+  credentialStores: CredentialStoreRegistry;
+  userId?: string;
+};
+declare const app: OpenAPIHono<{
+  Variables: AppVariables;
+}, {}, "/">;
+//#endregion
+export { app as default };

package/dist/routes/thirdPartyMCPServers.js ADDED Viewed

@@ -0,0 +1,72 @@
+import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { TenantProjectParamsSchema, ThirdPartyMCPServerResponse, commonGetErrorResponses, createApiError, fetchSingleComposioServer, getComposioOAuthRedirectUrl } from "@inkeep/agents-core";
+//#region src/routes/thirdPartyMCPServers.ts
+const app = new OpenAPIHono();
+const ThirdPartyMCPServerBodySchema = z.object({
+	url: z.url().describe("The MCP server URL to fetch details for"),
+	credentialScope: z.enum(["project", "user"]).default("project").optional()
+});
+const GetOAuthRedirectBodySchema = z.object({
+	url: z.url().describe("The MCP server URL"),
+	credentialScope: z.enum(["project", "user"]).describe("The credential scope")
+});
+const OAuthRedirectResponse = z.object({ data: z.object({ redirectUrl: z.string().nullable() }) });
+app.openapi(createRoute({
+	method: "post",
+	path: "/",
+	summary: "Get Third-Party MCP Server Details",
+	operationId: "get-third-party-mcp-server",
+	tags: ["Third-Party MCP Servers"],
+	description: "Fetch details for a specific third-party MCP server (e.g., Composio) including authentication status and connect URL",
+	request: {
+		params: TenantProjectParamsSchema,
+		body: { content: { "application/json": { schema: ThirdPartyMCPServerBodySchema } } }
+	},
+	responses: {
+		200: {
+			description: "Third-party MCP server details",
+			content: { "application/json": { schema: ThirdPartyMCPServerResponse } }
+		},
+		...commonGetErrorResponses
+	}
+}), async (c) => {
+	const { tenantId, projectId } = c.req.valid("param");
+	const { url, credentialScope } = c.req.valid("json");
+	const userId = c.get("userId");
+	const server = await fetchSingleComposioServer(tenantId, projectId, url, credentialScope ?? "project", userId);
+	return c.json({ data: server });
+});
+app.openapi(createRoute({
+	method: "post",
+	path: "/oauth-redirect",
+	summary: "Get OAuth Redirect URL",
+	operationId: "get-oauth-redirect-url",
+	tags: ["Third-Party MCP Servers"],
+	description: "Get the OAuth redirect URL for a third-party MCP server. Call this after scope selection to get the correct URL for the selected scope.",
+	request: {
+		params: TenantProjectParamsSchema,
+		body: { content: { "application/json": { schema: GetOAuthRedirectBodySchema } } }
+	},
+	responses: {
+		200: {
+			description: "OAuth redirect URL",
+			content: { "application/json": { schema: OAuthRedirectResponse } }
+		},
+		...commonGetErrorResponses
+	}
+}), async (c) => {
+	const { tenantId, projectId } = c.req.valid("param");
+	const { url, credentialScope } = c.req.valid("json");
+	const userId = c.get("userId");
+	if (credentialScope === "user" && !userId) throw createApiError({
+		code: "bad_request",
+		message: "User ID required for user-scoped credentials"
+	});
+	const redirectUrl = await getComposioOAuthRedirectUrl(tenantId, projectId, url, credentialScope, userId);
+	return c.json({ data: { redirectUrl } });
+});
+var thirdPartyMCPServers_default = app;
+//#endregion
+export { thirdPartyMCPServers_default as default };

package/dist/routes/tools.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import { AppVariablesWithServerConfig } from "../types/app.js";
+import { OpenAPIHono } from "@hono/zod-openapi";
+//#region src/routes/tools.d.ts
+declare const app: OpenAPIHono<{
+  Variables: AppVariablesWithServerConfig;
+}, {}, "/">;
+//#endregion
+export { app as default };

package/dist/routes/tools.js ADDED Viewed

@@ -0,0 +1,256 @@
+import { getLogger as getLogger$1 } from "../logger.js";
+import dbClient_default from "../data/db/dbClient.js";
+import { requirePermission } from "../middleware/require-permission.js";
+import { speakeasyOffsetLimitPagination } from "./shared.js";
+import { OpenAPIHono, createRoute } from "@hono/zod-openapi";
+import { CredentialReferenceApiSelectSchema, CredentialReferenceResponse, McpToolListResponse, McpToolResponse, PaginationQueryParamsSchema, TenantProjectIdParamsSchema, TenantProjectParamsSchema, ToolApiInsertSchema, ToolApiUpdateSchema, ToolStatusSchema, commonGetErrorResponses, createApiError, createTool, dbResultToMcpTool, deleteTool, generateId, getToolById, getUserScopedCredentialReference, listTools, updateTool } from "@inkeep/agents-core";
+//#region src/routes/tools.ts
+const logger = getLogger$1("tools");
+const app = new OpenAPIHono();
+app.use("/", async (c, next) => {
+	if (c.req.method === "POST") return requirePermission({ tool: ["create"] })(c, next);
+	return next();
+});
+app.use("/:id", async (c, next) => {
+	if (c.req.method === "PUT") return requirePermission({ tool: ["update"] })(c, next);
+	if (c.req.method === "DELETE") return requirePermission({ tool: ["delete"] })(c, next);
+	return next();
+});
+app.openapi(createRoute({
+	method: "get",
+	path: "/",
+	summary: "List Tools",
+	operationId: "list-tools",
+	tags: ["Tools"],
+	request: {
+		params: TenantProjectParamsSchema,
+		query: PaginationQueryParamsSchema.extend({ status: ToolStatusSchema.optional() })
+	},
+	responses: {
+		200: {
+			description: "List of tools retrieved successfully",
+			content: { "application/json": { schema: McpToolListResponse } }
+		},
+		...commonGetErrorResponses
+	},
+	...speakeasyOffsetLimitPagination
+}), async (c) => {
+	const { tenantId, projectId } = c.req.valid("param");
+	const { page, limit, status } = c.req.valid("query");
+	let result;
+	const credentialStores = c.get("credentialStores");
+	const userId = c.get("userId");
+	if (status) {
+		const dbResult = await listTools(dbClient_default)({
+			scopes: {
+				tenantId,
+				projectId
+			},
+			pagination: {
+				page,
+				limit
+			}
+		});
+		result = {
+			data: (await Promise.all(dbResult.data.map(async (tool) => await dbResultToMcpTool(tool, dbClient_default, credentialStores, void 0, userId)))).filter((tool) => tool.status === status),
+			pagination: dbResult.pagination
+		};
+	} else {
+		const dbResult = await listTools(dbClient_default)({
+			scopes: {
+				tenantId,
+				projectId
+			},
+			pagination: {
+				page,
+				limit
+			}
+		});
+		result = {
+			data: await Promise.all(dbResult.data.map(async (tool) => await dbResultToMcpTool(tool, dbClient_default, credentialStores, void 0, userId))),
+			pagination: dbResult.pagination
+		};
+	}
+	return c.json(result);
+});
+app.openapi(createRoute({
+	method: "get",
+	path: "/{id}",
+	summary: "Get Tool",
+	operationId: "get-tool",
+	tags: ["Tools"],
+	request: { params: TenantProjectIdParamsSchema },
+	responses: {
+		200: {
+			description: "Tool found",
+			content: { "application/json": { schema: McpToolResponse } }
+		},
+		...commonGetErrorResponses
+	}
+}), async (c) => {
+	const { tenantId, projectId, id } = c.req.valid("param");
+	const tool = await getToolById(dbClient_default)({
+		scopes: {
+			tenantId,
+			projectId
+		},
+		toolId: id
+	});
+	if (!tool) throw createApiError({
+		code: "not_found",
+		message: "Tool not found"
+	});
+	const credentialStores = c.get("credentialStores");
+	const userId = c.get("userId");
+	return c.json({ data: await dbResultToMcpTool(tool, dbClient_default, credentialStores, void 0, userId) });
+});
+app.openapi(createRoute({
+	method: "post",
+	path: "/",
+	summary: "Create Tool",
+	operationId: "create-tool",
+	tags: ["Tools"],
+	request: {
+		params: TenantProjectParamsSchema,
+		body: { content: { "application/json": { schema: ToolApiInsertSchema } } }
+	},
+	responses: {
+		201: {
+			description: "Tool created successfully",
+			content: { "application/json": { schema: McpToolResponse } }
+		},
+		...commonGetErrorResponses
+	}
+}), async (c) => {
+	const { tenantId, projectId } = c.req.valid("param");
+	const body = c.req.valid("json");
+	const credentialStores = c.get("credentialStores");
+	const userId = c.get("userId");
+	logger.info({ body }, "body");
+	const id = body.id || generateId();
+	const tool = await createTool(dbClient_default)({
+		tenantId,
+		projectId,
+		id,
+		name: body.name,
+		config: body.config,
+		credentialReferenceId: body.credentialReferenceId,
+		credentialScope: body.credentialScope,
+		imageUrl: body.imageUrl,
+		headers: body.headers
+	});
+	return c.json({ data: await dbResultToMcpTool(tool, dbClient_default, credentialStores, void 0, userId) }, 201);
+});
+app.openapi(createRoute({
+	method: "put",
+	path: "/{id}",
+	summary: "Update Tool",
+	operationId: "update-tool",
+	tags: ["Tools"],
+	request: {
+		params: TenantProjectIdParamsSchema,
+		body: { content: { "application/json": { schema: ToolApiUpdateSchema } } }
+	},
+	responses: {
+		200: {
+			description: "Tool updated successfully",
+			content: { "application/json": { schema: McpToolResponse } }
+		},
+		...commonGetErrorResponses
+	}
+}), async (c) => {
+	const { tenantId, projectId, id } = c.req.valid("param");
+	const body = c.req.valid("json");
+	const credentialStores = c.get("credentialStores");
+	const userId = c.get("userId");
+	if (Object.keys(body).length === 0) throw createApiError({
+		code: "bad_request",
+		message: "No fields to update"
+	});
+	const updatedTool = await updateTool(dbClient_default)({
+		scopes: {
+			tenantId,
+			projectId
+		},
+		toolId: id,
+		data: {
+			name: body.name,
+			config: body.config,
+			credentialReferenceId: body.credentialReferenceId,
+			credentialScope: body.credentialScope,
+			imageUrl: body.imageUrl,
+			headers: body.headers
+		}
+	});
+	if (!updatedTool) throw createApiError({
+		code: "not_found",
+		message: "Tool not found"
+	});
+	return c.json({ data: await dbResultToMcpTool(updatedTool, dbClient_default, credentialStores, void 0, userId) });
+});
+app.openapi(createRoute({
+	method: "get",
+	path: "/{id}/user-credential",
+	summary: "Get User Credential for Tool",
+	operationId: "get-user-credential-for-tool",
+	tags: ["Tools"],
+	request: { params: TenantProjectIdParamsSchema },
+	responses: {
+		200: {
+			description: "User credential retrieved successfully",
+			content: { "application/json": { schema: CredentialReferenceResponse } }
+		},
+		...commonGetErrorResponses
+	}
+}), async (c) => {
+	const { tenantId, projectId, id: toolId } = c.req.valid("param");
+	const userId = c.get("userId");
+	if (!userId) throw createApiError({
+		code: "unauthorized",
+		message: "User ID required for user-scoped credential lookup"
+	});
+	const credential = await getUserScopedCredentialReference(dbClient_default)({
+		scopes: {
+			tenantId,
+			projectId
+		},
+		toolId,
+		userId
+	});
+	if (!credential) throw createApiError({
+		code: "not_found",
+		message: "User credential not found for this tool"
+	});
+	const validatedCredential = CredentialReferenceApiSelectSchema.parse(credential);
+	return c.json({ data: validatedCredential });
+});
+app.openapi(createRoute({
+	method: "delete",
+	path: "/{id}",
+	summary: "Delete Tool",
+	operationId: "delete-tool",
+	tags: ["Tools"],
+	request: { params: TenantProjectIdParamsSchema },
+	responses: {
+		204: { description: "Tool deleted successfully" },
+		...commonGetErrorResponses
+	}
+}), async (c) => {
+	const { tenantId, projectId, id } = c.req.valid("param");
+	if (!await deleteTool(dbClient_default)({
+		scopes: {
+			tenantId,
+			projectId
+		},
+		toolId: id
+	})) throw createApiError({
+		code: "not_found",
+		message: "Tool not found"
+	});
+	return c.body(null, 204);
+});
+var tools_default = app;
+//#endregion
+export { tools_default as default };

package/dist/routes/userOrganizations.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import { AppVariables } from "../create-app.js";
+import { OpenAPIHono } from "@hono/zod-openapi";
+//#region src/routes/userOrganizations.d.ts
+declare const userOrganizationsRoutes: OpenAPIHono<{
+  Variables: AppVariables;
+}, {}, "/">;
+//#endregion
+export { userOrganizationsRoutes as default };

package/dist/routes/userOrganizations.js ADDED Viewed

@@ -0,0 +1,58 @@
+import dbClient_default from "../data/db/dbClient.js";
+import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { addUserToOrganization, getUserOrganizations } from "@inkeep/agents-core";
+import { AddUserToOrganizationRequestSchema, AddUserToOrganizationResponseSchema, UserOrganizationsResponseSchema } from "@inkeep/agents-core/auth/validation";
+//#region src/routes/userOrganizations.ts
+const userOrganizationsRoutes = new OpenAPIHono();
+userOrganizationsRoutes.openapi(createRoute({
+	method: "get",
+	path: "/",
+	tags: ["user-organizations"],
+	summary: "List user organizations",
+	description: "Get all organizations associated with a user",
+	request: { params: z.object({ userId: z.string().describe("User ID") }) },
+	responses: { 200: {
+		description: "List of user organizations",
+		content: { "application/json": { schema: UserOrganizationsResponseSchema } }
+	} }
+}), async (c) => {
+	const { userId } = c.req.valid("param");
+	const userOrganizations = (await getUserOrganizations(dbClient_default)(userId)).map((org) => ({
+		...org,
+		createdAt: org.createdAt.toISOString()
+	}));
+	return c.json(userOrganizations);
+});
+userOrganizationsRoutes.openapi(createRoute({
+	method: "post",
+	path: "/",
+	tags: ["user-organizations"],
+	summary: "Add user to organization",
+	description: "Associate a user with an organization",
+	request: {
+		params: z.object({ userId: z.string().describe("User ID") }),
+		body: { content: { "application/json": { schema: AddUserToOrganizationRequestSchema } } }
+	},
+	responses: { 201: {
+		description: "User added to organization",
+		content: { "application/json": { schema: AddUserToOrganizationResponseSchema } }
+	} }
+}), async (c) => {
+	const { userId } = c.req.valid("param");
+	const { organizationId, role } = c.req.valid("json");
+	await addUserToOrganization(dbClient_default)({
+		userId,
+		organizationId,
+		role
+	});
+	return c.json({
+		organizationId,
+		role,
+		createdAt: (/* @__PURE__ */ new Date()).toISOString()
+	}, 201);
+});
+var userOrganizations_default = userOrganizationsRoutes;
+//#endregion
+export { userOrganizations_default as default };

package/dist/sso-helpers.d.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import { SSOProviderConfig } from "@inkeep/agents-core/auth";
+//#region src/sso-helpers.d.ts
+interface OIDCProviderOptions {
+  providerId: string;
+  clientId: string;
+  clientSecret: string;
+  domain: string;
+  organizationId?: string;
+  scopes?: string[];
+  pkce?: boolean;
+}
+declare function createOIDCProvider(options: OIDCProviderOptions): Promise<SSOProviderConfig | null>;
+declare function createAuth0Provider(options: {
+  domain: string;
+  clientId: string;
+  clientSecret: string;
+}): Promise<SSOProviderConfig | null>;
+//#endregion
+export { OIDCProviderOptions, createAuth0Provider, createOIDCProvider };