npm - @inkeep/agents-run-api - Versions diffs - 0.39.5 → 0.40.0 - Mend

@inkeep/agents-run-api 0.39.5 → 0.40.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (180) hide show

package/dist/_virtual/_raw_/home/runner/work/agents/agents/agents-run-api/templates/v1/phase1/system-prompt.js +5 -0
package/dist/_virtual/_raw_/home/runner/work/agents/agents/agents-run-api/templates/v1/phase1/thinking-preparation.js +5 -0
package/dist/_virtual/_raw_/home/runner/work/agents/agents/agents-run-api/templates/v1/phase1/tool.js +5 -0
package/dist/_virtual/_raw_/home/runner/work/agents/agents/agents-run-api/templates/v1/phase2/data-component.js +5 -0
package/dist/_virtual/_raw_/home/runner/work/agents/agents/agents-run-api/templates/v1/phase2/data-components.js +5 -0
package/dist/_virtual/_raw_/home/runner/work/agents/agents/agents-run-api/templates/v1/phase2/system-prompt.js +5 -0
package/dist/_virtual/_raw_/home/runner/work/agents/agents/agents-run-api/templates/v1/shared/artifact-retrieval-guidance.js +5 -0
package/dist/_virtual/_raw_/home/runner/work/agents/agents/agents-run-api/templates/v1/shared/artifact.js +5 -0
package/dist/a2a/client.d.ts +184 -0
package/dist/a2a/client.js +510 -0
package/dist/a2a/handlers.d.ts +7 -0
package/dist/a2a/handlers.js +560 -0
package/dist/a2a/transfer.d.ts +22 -0
package/dist/a2a/transfer.js +46 -0
package/dist/a2a/types.d.ts +79 -0
package/dist/a2a/types.js +22 -0
package/dist/agents/Agent.d.ts +266 -0
package/dist/agents/Agent.js +1927 -0
package/dist/agents/ModelFactory.d.ts +63 -0
package/dist/agents/ModelFactory.js +194 -0
package/dist/agents/SystemPromptBuilder.d.ts +21 -0
package/dist/agents/SystemPromptBuilder.js +48 -0
package/dist/agents/ToolSessionManager.d.ts +63 -0
package/dist/agents/ToolSessionManager.js +146 -0
package/dist/agents/generateTaskHandler.d.ts +49 -0
package/dist/agents/generateTaskHandler.js +521 -0
package/dist/agents/relationTools.d.ts +57 -0
package/dist/agents/relationTools.js +262 -0
package/dist/agents/types.d.ts +28 -0
package/dist/agents/types.js +1 -0
package/dist/agents/versions/v1/Phase1Config.d.ts +27 -0
package/dist/agents/versions/v1/Phase1Config.js +424 -0
package/dist/agents/versions/v1/Phase2Config.d.ts +31 -0
package/dist/agents/versions/v1/Phase2Config.js +330 -0
package/dist/constants/execution-limits/defaults.d.ts +51 -0
package/dist/constants/execution-limits/defaults.js +52 -0
package/dist/constants/execution-limits/index.d.ts +6 -0
package/dist/constants/execution-limits/index.js +21 -0
package/dist/create-app.d.ts +9 -0
package/dist/create-app.js +195 -0
package/dist/data/agent.d.ts +7 -0
package/dist/data/agent.js +72 -0
package/dist/data/agents.d.ts +34 -0
package/dist/data/agents.js +139 -0
package/dist/data/conversations.d.ts +128 -0
package/dist/data/conversations.js +522 -0
package/dist/data/db/dbClient.d.ts +6 -0
package/dist/data/db/dbClient.js +17 -0
package/dist/env.d.ts +57 -0
package/dist/env.js +1 -2
package/dist/handlers/executionHandler.d.ts +39 -0
package/dist/handlers/executionHandler.js +456 -0
package/dist/index.d.ts +8 -29
package/dist/index.js +5 -11386
package/dist/instrumentation.d.ts +1 -2
package/dist/instrumentation.js +66 -3
package/dist/{logger2.js → logger.d.ts} +1 -2
package/dist/logger.js +1 -1
package/dist/middleware/api-key-auth.d.ts +26 -0
package/dist/middleware/api-key-auth.js +240 -0
package/dist/middleware/index.d.ts +2 -0
package/dist/middleware/index.js +3 -0
package/dist/openapi.d.ts +4 -0
package/dist/openapi.js +54 -0
package/dist/routes/agents.d.ts +12 -0
package/dist/routes/agents.js +147 -0
package/dist/routes/chat.d.ts +13 -0
package/dist/routes/chat.js +293 -0
package/dist/routes/chatDataStream.d.ts +13 -0
package/dist/routes/chatDataStream.js +352 -0
package/dist/routes/mcp.d.ts +13 -0
package/dist/routes/mcp.js +495 -0
package/dist/services/AgentSession.d.ts +356 -0
package/dist/services/AgentSession.js +1208 -0
package/dist/services/ArtifactParser.d.ts +105 -0
package/dist/services/ArtifactParser.js +338 -0
package/dist/services/ArtifactService.d.ts +123 -0
package/dist/services/ArtifactService.js +612 -0
package/dist/services/BaseCompressor.d.ts +183 -0
package/dist/services/BaseCompressor.js +504 -0
package/dist/services/ConversationCompressor.d.ts +32 -0
package/dist/services/ConversationCompressor.js +91 -0
package/dist/services/IncrementalStreamParser.d.ts +98 -0
package/dist/services/IncrementalStreamParser.js +327 -0
package/dist/services/MidGenerationCompressor.d.ts +63 -0
package/dist/services/MidGenerationCompressor.js +104 -0
package/dist/services/PendingToolApprovalManager.d.ts +62 -0
package/dist/services/PendingToolApprovalManager.js +133 -0
package/dist/services/ResponseFormatter.d.ts +39 -0
package/dist/services/ResponseFormatter.js +152 -0
package/dist/tools/NativeSandboxExecutor.d.ts +38 -0
package/dist/tools/NativeSandboxExecutor.js +432 -0
package/dist/tools/SandboxExecutorFactory.d.ts +36 -0
package/dist/tools/SandboxExecutorFactory.js +80 -0
package/dist/tools/VercelSandboxExecutor.d.ts +71 -0
package/dist/tools/VercelSandboxExecutor.js +340 -0
package/dist/tools/distill-conversation-history-tool.d.ts +62 -0
package/dist/tools/distill-conversation-history-tool.js +206 -0
package/dist/tools/distill-conversation-tool.d.ts +41 -0
package/dist/tools/distill-conversation-tool.js +141 -0
package/dist/tools/sandbox-utils.d.ts +18 -0
package/dist/tools/sandbox-utils.js +53 -0
package/dist/types/chat.d.ts +27 -0
package/dist/types/chat.js +1 -0
package/dist/types/execution-context.d.ts +46 -0
package/dist/types/execution-context.js +27 -0
package/dist/types/xml.d.ts +5 -0
package/dist/utils/SchemaProcessor.d.ts +52 -0
package/dist/utils/SchemaProcessor.js +182 -0
package/dist/utils/agent-operations.d.ts +62 -0
package/dist/utils/agent-operations.js +53 -0
package/dist/utils/artifact-component-schema.d.ts +42 -0
package/dist/utils/artifact-component-schema.js +186 -0
package/dist/utils/cleanup.d.ts +21 -0
package/dist/utils/cleanup.js +59 -0
package/dist/utils/data-component-schema.d.ts +2 -0
package/dist/utils/data-component-schema.js +3 -0
package/dist/utils/default-status-schemas.d.ts +20 -0
package/dist/utils/default-status-schemas.js +24 -0
package/dist/utils/json-postprocessor.d.ts +13 -0
package/dist/{json-postprocessor.cjs → utils/json-postprocessor.js} +1 -2
package/dist/utils/model-context-utils.d.ts +39 -0
package/dist/utils/model-context-utils.js +181 -0
package/dist/utils/model-resolver.d.ts +6 -0
package/dist/utils/model-resolver.js +34 -0
package/dist/utils/schema-validation.d.ts +44 -0
package/dist/utils/schema-validation.js +97 -0
package/dist/utils/stream-helpers.d.ts +197 -0
package/dist/utils/stream-helpers.js +518 -0
package/dist/utils/stream-registry.d.ts +22 -0
package/dist/utils/stream-registry.js +34 -0
package/dist/utils/token-estimator.d.ts +69 -0
package/dist/utils/token-estimator.js +53 -0
package/dist/utils/tracer.d.ts +7 -0
package/dist/utils/tracer.js +7 -0
package/package.json +4 -20
package/dist/SandboxExecutorFactory.cjs +0 -895
package/dist/SandboxExecutorFactory.js +0 -893
package/dist/SandboxExecutorFactory.js.map +0 -1
package/dist/chunk-VBDAOXYI.cjs +0 -927
package/dist/chunk-VBDAOXYI.js +0 -832
package/dist/chunk-VBDAOXYI.js.map +0 -1
package/dist/chunk.cjs +0 -34
package/dist/conversations.cjs +0 -7
package/dist/conversations.js +0 -7
package/dist/conversations2.cjs +0 -209
package/dist/conversations2.js +0 -180
package/dist/conversations2.js.map +0 -1
package/dist/dbClient.cjs +0 -9676
package/dist/dbClient.js +0 -9670
package/dist/dbClient.js.map +0 -1
package/dist/dbClient2.cjs +0 -5
package/dist/dbClient2.js +0 -5
package/dist/env.cjs +0 -59
package/dist/env.js.map +0 -1
package/dist/execution-limits.cjs +0 -260
package/dist/execution-limits.js +0 -63
package/dist/execution-limits.js.map +0 -1
package/dist/index.cjs +0 -11411
package/dist/index.d.cts +0 -36
package/dist/index.d.cts.map +0 -1
package/dist/index.d.ts.map +0 -1
package/dist/index.js.map +0 -1
package/dist/instrumentation.cjs +0 -12
package/dist/instrumentation.d.cts +0 -18
package/dist/instrumentation.d.cts.map +0 -1
package/dist/instrumentation.d.ts.map +0 -1
package/dist/instrumentation2.cjs +0 -116
package/dist/instrumentation2.js +0 -69
package/dist/instrumentation2.js.map +0 -1
package/dist/json-postprocessor.js +0 -20
package/dist/json-postprocessor.js.map +0 -1
package/dist/logger.cjs +0 -5
package/dist/logger2.cjs +0 -1
package/dist/nodefs.cjs +0 -29
package/dist/nodefs.js +0 -27
package/dist/nodefs.js.map +0 -1
package/dist/opfs-ahp.cjs +0 -367
package/dist/opfs-ahp.js +0 -368
package/dist/opfs-ahp.js.map +0 -1

package/dist/instrumentation.d.ts CHANGED Viewed

@@ -14,5 +14,4 @@ declare const defaultTextMapPropagator: CompositePropagator;
 declare const defaultSDK: NodeSDK;
 declare function flushBatchProcessor(): Promise<void>;
 //#endregion
-export { defaultBatchProcessor, defaultContextManager, defaultInstrumentations, defaultResource, defaultSDK, defaultSpanProcessors, defaultTextMapPropagator, flushBatchProcessor };
-//# sourceMappingURL=instrumentation.d.ts.map
+export { defaultBatchProcessor, defaultContextManager, defaultInstrumentations, defaultResource, defaultSDK, defaultSpanProcessors, defaultTextMapPropagator, flushBatchProcessor };

package/dist/instrumentation.js CHANGED Viewed

@@ -1,5 +1,68 @@
-import "./env.js";
-import "./logger2.js";
-import { a as defaultSDK, c as flushBatchProcessor, i as defaultResource, n as defaultContextManager, o as defaultSpanProcessors, r as defaultInstrumentations, s as defaultTextMapPropagator, t as defaultBatchProcessor } from "./instrumentation2.js";
+import { env } from "./env.js";
+import { getLogger } from "./logger.js";
+import { getNodeAutoInstrumentations } from "@opentelemetry/auto-instrumentations-node";
+import { ALLOW_ALL_BAGGAGE_KEYS, BaggageSpanProcessor } from "@opentelemetry/baggage-span-processor";
+import { AsyncLocalStorageContextManager } from "@opentelemetry/context-async-hooks";
+import { CompositePropagator, W3CBaggagePropagator, W3CTraceContextPropagator } from "@opentelemetry/core";
+import { OTLPTraceExporter } from "@opentelemetry/exporter-trace-otlp-http";
+import { resourceFromAttributes } from "@opentelemetry/resources";
+import { NodeSDK } from "@opentelemetry/sdk-node";
+import { BatchSpanProcessor, NoopSpanProcessor } from "@opentelemetry/sdk-trace-base";
+import { ATTR_SERVICE_NAME } from "@opentelemetry/semantic-conventions";
+//#region src/instrumentation.ts
+const otlpExporter = new OTLPTraceExporter();
+const logger = getLogger("instrumentation");
+/**
+* Creates a safe batch processor that falls back to no-op when SignOz is not configured
+*/
+function createSafeBatchProcessor() {
+	try {
+		return new BatchSpanProcessor(otlpExporter, {
+			scheduledDelayMillis: env.OTEL_BSP_SCHEDULE_DELAY,
+			maxExportBatchSize: env.OTEL_BSP_MAX_EXPORT_BATCH_SIZE
+		});
+	} catch (error) {
+		logger.warn({ error }, "Failed to create batch processor");
+		return new NoopSpanProcessor();
+	}
+}
+const defaultBatchProcessor = createSafeBatchProcessor();
+const defaultResource = resourceFromAttributes({ [ATTR_SERVICE_NAME]: "inkeep-agents-run-api" });
+const defaultInstrumentations = [getNodeAutoInstrumentations({
+	"@opentelemetry/instrumentation-http": {
+		enabled: true,
+		requestHook: (span, request) => {
+			const url = request?.url ?? request?.path;
+			if (!url) return;
+			const u = new URL(url, "http://localhost");
+			span.updateName(`${request?.method || "UNKNOWN"} ${u.pathname}`);
+		}
+	},
+	"@opentelemetry/instrumentation-undici": { requestHook: (span) => {
+		const method = span.attributes?.["http.request.method"];
+		const host = span.attributes?.["server.address"];
+		const path = span.attributes?.["url.path"];
+		if (method && path) span.updateName(host ? `${method} ${host}${path}` : `${method} ${path}`);
+	} }
+})];
+const defaultSpanProcessors = [new BaggageSpanProcessor(ALLOW_ALL_BAGGAGE_KEYS), defaultBatchProcessor];
+const defaultContextManager = new AsyncLocalStorageContextManager();
+const defaultTextMapPropagator = new CompositePropagator({ propagators: [new W3CTraceContextPropagator(), new W3CBaggagePropagator()] });
+const defaultSDK = new NodeSDK({
+	resource: defaultResource,
+	contextManager: defaultContextManager,
+	textMapPropagator: defaultTextMapPropagator,
+	spanProcessors: defaultSpanProcessors,
+	instrumentations: defaultInstrumentations
+});
+async function flushBatchProcessor() {
+	try {
+		await defaultBatchProcessor.forceFlush();
+	} catch (error) {
+		logger.warn({ error }, "Failed to flush batch processor");
+	}
+}
+//#endregion
 export { defaultBatchProcessor, defaultContextManager, defaultInstrumentations, defaultResource, defaultSDK, defaultSpanProcessors, defaultTextMapPropagator, flushBatchProcessor };

package/dist/{logger2.js → logger.d.ts} RENAMED Viewed

@@ -1,3 +1,2 @@
 import { getLogger } from "@inkeep/agents-core";
-export { getLogger as t };
+export { getLogger };

package/dist/logger.js CHANGED Viewed

@@ -1,3 +1,3 @@
-import { t as getLogger } from "./logger2.js";
+import { getLogger } from "@inkeep/agents-core";
 export { getLogger };

package/dist/middleware/api-key-auth.d.ts ADDED Viewed

@@ -0,0 +1,26 @@
+import { ExecutionContext } from "@inkeep/agents-core";
+import * as hono0 from "hono";
+//#region src/middleware/api-key-auth.d.ts
+declare const apiKeyAuth: () => hono0.MiddlewareHandler<{
+  Variables: {
+    executionContext: ExecutionContext;
+  };
+}, string, {}, Response>;
+declare const extractContextFromApiKey: (apiKey: string, baseUrl?: string) => Promise<ExecutionContext>;
+/**
+ * Extract execution context from a team agent JWT token
+ * Team agent tokens are used for intra-tenant agent delegation
+ */
+declare const extractContextFromTeamAgentToken: (token: string, baseUrl?: string, expectedSubAgentId?: string) => Promise<ExecutionContext>;
+/**
+ * Helper middleware for endpoints that optionally support API key authentication
+ * If no auth header is present, it continues without setting the executionContext
+ */
+declare const optionalAuth: () => hono0.MiddlewareHandler<{
+  Variables: {
+    executionContext?: ExecutionContext;
+  };
+}, string, {}, Response>;
+//#endregion
+export { apiKeyAuth, extractContextFromApiKey, extractContextFromTeamAgentToken, optionalAuth };

package/dist/middleware/api-key-auth.js ADDED Viewed

@@ -0,0 +1,240 @@
+import { env } from "../env.js";
+import { getLogger } from "../logger.js";
+import dbClient_default from "../data/db/dbClient.js";
+import { createExecutionContext } from "../types/execution-context.js";
+import { getAgentById, validateAndGetApiKey, validateTargetAgent, verifyServiceToken, verifyTempToken } from "@inkeep/agents-core";
+import { HTTPException } from "hono/http-exception";
+import { createMiddleware } from "hono/factory";
+//#region src/middleware/api-key-auth.ts
+const logger = getLogger("env-key-auth");
+/**
+* Attempts to authenticate using a JWT temporary token
+* Returns execution context if successful, null if token is invalid or not a JWT
+*/
+async function tryAuthenticateWithTempJwt(apiKey, baseUrl, subAgentId) {
+	if (!apiKey.startsWith("eyJ") || !env.INKEEP_AGENTS_TEMP_JWT_PUBLIC_KEY) return null;
+	try {
+		const payload = await verifyTempToken(Buffer.from(env.INKEEP_AGENTS_TEMP_JWT_PUBLIC_KEY, "base64").toString("utf-8"), apiKey);
+		logger.info({}, "JWT temp token authenticated successfully");
+		return createExecutionContext({
+			apiKey,
+			tenantId: payload.tenantId,
+			projectId: payload.projectId,
+			agentId: payload.agentId,
+			apiKeyId: "temp-jwt",
+			baseUrl,
+			subAgentId,
+			metadata: { initiatedBy: payload.initiatedBy }
+		});
+	} catch (error) {
+		logger.debug({ error }, "JWT verification failed");
+		return null;
+	}
+}
+const apiKeyAuth = () => createMiddleware(async (c, next) => {
+	if (c.req.method === "OPTIONS") {
+		await next();
+		return;
+	}
+	const authHeader = c.req.header("Authorization");
+	const tenantId = c.req.header("x-inkeep-tenant-id");
+	const projectId = c.req.header("x-inkeep-project-id");
+	const agentId = c.req.header("x-inkeep-agent-id");
+	const subAgentId = c.req.header("x-inkeep-sub-agent-id");
+	const proto = c.req.header("x-forwarded-proto")?.split(",")[0].trim();
+	const host = c.req.header("x-forwarded-host")?.split(",")[0].trim() ?? c.req.header("host");
+	const reqUrl = new URL(c.req.url);
+	const baseUrl = proto && host ? `${proto}://${host}` : host ? `${reqUrl.protocol}//${host}` : `${reqUrl.origin}`;
+	if (process.env.ENVIRONMENT === "development" || process.env.ENVIRONMENT === "test") {
+		logger.info({}, "development environment");
+		let executionContext;
+		if (authHeader?.startsWith("Bearer ")) {
+			const apiKey$1 = authHeader.substring(7);
+			const jwtContext$1 = await tryAuthenticateWithTempJwt(apiKey$1, baseUrl, subAgentId);
+			if (jwtContext$1) {
+				c.set("executionContext", jwtContext$1);
+				await next();
+				return;
+			}
+			try {
+				executionContext = await extractContextFromApiKey(apiKey$1, baseUrl);
+				if (subAgentId) executionContext.subAgentId = subAgentId;
+				c.set("executionContext", executionContext);
+			} catch {
+				try {
+					executionContext = await extractContextFromTeamAgentToken(apiKey$1, baseUrl, subAgentId);
+					c.set("executionContext", executionContext);
+				} catch {
+					executionContext = createExecutionContext({
+						apiKey: "development",
+						tenantId: tenantId || "test-tenant",
+						projectId: projectId || "test-project",
+						agentId: agentId || "test-agent",
+						apiKeyId: "test-key",
+						baseUrl,
+						subAgentId
+					});
+					c.set("executionContext", executionContext);
+					logger.info({}, "Development/test environment - fallback to default context due to invalid API key");
+				}
+			}
+		} else {
+			executionContext = createExecutionContext({
+				apiKey: "development",
+				tenantId: tenantId || "test-tenant",
+				projectId: projectId || "test-project",
+				agentId: agentId || "test-agent",
+				apiKeyId: "test-key",
+				baseUrl,
+				subAgentId
+			});
+			c.set("executionContext", executionContext);
+			logger.info({}, "Development/test environment - no API key provided, using default context");
+		}
+		await next();
+		return;
+	}
+	if (!authHeader || !authHeader.startsWith("Bearer ")) throw new HTTPException(401, { message: "Missing or invalid authorization header. Expected: Bearer <api_key>" });
+	const apiKey = authHeader.substring(7);
+	const jwtContext = await tryAuthenticateWithTempJwt(apiKey, baseUrl, subAgentId);
+	if (jwtContext) {
+		c.set("executionContext", jwtContext);
+		await next();
+		return;
+	}
+	if (env.INKEEP_AGENTS_RUN_API_BYPASS_SECRET) {
+		if (apiKey === env.INKEEP_AGENTS_RUN_API_BYPASS_SECRET) {
+			if (!tenantId || !projectId || !agentId) throw new HTTPException(401, { message: "Missing or invalid tenant, project, or agent ID" });
+			const executionContext = createExecutionContext({
+				apiKey,
+				tenantId,
+				projectId,
+				agentId,
+				apiKeyId: "bypass",
+				baseUrl,
+				subAgentId
+			});
+			c.set("executionContext", executionContext);
+			logger.info({}, "Bypass secret authenticated successfully");
+			await next();
+			return;
+		}
+		if (apiKey) {
+			try {
+				const executionContext = await extractContextFromApiKey(apiKey, baseUrl);
+				if (subAgentId) executionContext.subAgentId = subAgentId;
+				c.set("executionContext", executionContext);
+				logger.info({}, "API key authenticated successfully");
+			} catch {
+				const executionContext = await extractContextFromTeamAgentToken(apiKey, baseUrl, subAgentId);
+				c.set("executionContext", executionContext);
+			}
+			await next();
+			return;
+		}
+		throw new HTTPException(401, { message: "Invalid Token" });
+	}
+	if (!apiKey || apiKey.length < 16) throw new HTTPException(401, { message: "Invalid API key format" });
+	try {
+		const executionContext = await extractContextFromApiKey(apiKey, baseUrl);
+		if (subAgentId) executionContext.subAgentId = subAgentId;
+		c.set("executionContext", executionContext);
+		logger.debug({
+			tenantId: executionContext.tenantId,
+			projectId: executionContext.projectId,
+			agentId: executionContext.agentId,
+			subAgentId: executionContext.subAgentId
+		}, "API key authenticated successfully");
+		await next();
+	} catch {
+		try {
+			const executionContext = await extractContextFromTeamAgentToken(apiKey, baseUrl, subAgentId);
+			c.set("executionContext", executionContext);
+			await next();
+		} catch (error) {
+			if (error instanceof HTTPException) throw error;
+			logger.error({ error }, "API key authentication error");
+			throw new HTTPException(500, { message: "Authentication failed" });
+		}
+	}
+});
+const extractContextFromApiKey = async (apiKey, baseUrl) => {
+	const apiKeyRecord = await validateAndGetApiKey(apiKey, dbClient_default);
+	if (!apiKeyRecord) throw new HTTPException(401, { message: "Invalid or expired API key" });
+	const agent = await getAgentById(dbClient_default)({ scopes: {
+		tenantId: apiKeyRecord.tenantId,
+		projectId: apiKeyRecord.projectId,
+		agentId: apiKeyRecord.agentId
+	} });
+	if (!agent) throw new HTTPException(401, { message: "Invalid or expired API key" });
+	logger.debug({
+		tenantId: apiKeyRecord.tenantId,
+		projectId: apiKeyRecord.projectId,
+		agentId: apiKeyRecord.agentId,
+		subAgentId: agent.defaultSubAgentId || void 0
+	}, "API key authenticated successfully");
+	return createExecutionContext({
+		apiKey,
+		tenantId: apiKeyRecord.tenantId,
+		projectId: apiKeyRecord.projectId,
+		agentId: apiKeyRecord.agentId,
+		apiKeyId: apiKeyRecord.id,
+		baseUrl,
+		subAgentId: agent.defaultSubAgentId || void 0
+	});
+};
+/**
+* Extract execution context from a team agent JWT token
+* Team agent tokens are used for intra-tenant agent delegation
+*/
+const extractContextFromTeamAgentToken = async (token, baseUrl, expectedSubAgentId) => {
+	const result = await verifyServiceToken(token);
+	if (!result.valid || !result.payload) {
+		logger.warn({ error: result.error }, "Invalid team agent JWT token");
+		throw new HTTPException(401, { message: `Invalid team agent token: ${result.error || "Unknown error"}` });
+	}
+	const payload = result.payload;
+	if (expectedSubAgentId && !validateTargetAgent(payload, expectedSubAgentId)) {
+		logger.error({
+			tokenTargetAgentId: payload.aud,
+			expectedSubAgentId,
+			originAgentId: payload.sub
+		}, "Team agent token target mismatch");
+		throw new HTTPException(403, { message: "Token not valid for the requested agent" });
+	}
+	logger.info({
+		originAgentId: payload.sub,
+		targetAgentId: payload.aud,
+		tenantId: payload.tenantId,
+		projectId: payload.projectId
+	}, "Team agent JWT token authenticated successfully");
+	return createExecutionContext({
+		apiKey: "team-agent-jwt",
+		tenantId: payload.tenantId,
+		projectId: payload.projectId,
+		agentId: payload.aud,
+		apiKeyId: "team-agent-token",
+		baseUrl,
+		subAgentId: void 0,
+		metadata: {
+			teamDelegation: true,
+			originAgentId: payload.sub
+		}
+	});
+};
+/**
+* Helper middleware for endpoints that optionally support API key authentication
+* If no auth header is present, it continues without setting the executionContext
+*/
+const optionalAuth = () => createMiddleware(async (c, next) => {
+	const authHeader = c.req.header("Authorization");
+	if (!authHeader || !authHeader.startsWith("Bearer ")) {
+		await next();
+		return;
+	}
+	return apiKeyAuth()(c, next);
+});
+//#endregion
+export { apiKeyAuth, extractContextFromApiKey, extractContextFromTeamAgentToken, optionalAuth };

package/dist/middleware/index.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import { apiKeyAuth, extractContextFromApiKey, extractContextFromTeamAgentToken, optionalAuth } from "./api-key-auth.js";
2	+ export { apiKeyAuth, extractContextFromApiKey, extractContextFromTeamAgentToken, optionalAuth };

package/dist/middleware/index.js ADDED Viewed

@@ -0,0 +1,3 @@
+import { apiKeyAuth, extractContextFromApiKey, extractContextFromTeamAgentToken, optionalAuth } from "./api-key-auth.js";
+export { apiKeyAuth, extractContextFromApiKey, extractContextFromTeamAgentToken, optionalAuth };

package/dist/openapi.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+//#region src/openapi.d.ts
+declare function setupOpenAPIRoutes(app: any): void;
+//#endregion
+export { setupOpenAPIRoutes };

package/dist/openapi.js ADDED Viewed

@@ -0,0 +1,54 @@
+import { env } from "./env.js";
+import { swaggerUI } from "@hono/swagger-ui";
+//#region src/openapi.ts
+function setupOpenAPIRoutes(app) {
+	app.get("/openapi.json", (c) => {
+		try {
+			const serverUrl = process.env.VERCEL_ENV === "production" && process.env.VERCEL_PROJECT_PRODUCTION_URL ? `https://${process.env.VERCEL_PROJECT_PRODUCTION_URL}` : process.env.VERCEL_ENV === "preview" && process.env.VERCEL_URL ? `https://${process.env.VERCEL_URL}` : env.INKEEP_AGENTS_RUN_API_URL;
+			const document = app.getOpenAPIDocument({
+				openapi: "3.0.0",
+				info: {
+					title: "Inkeep Agents Run API",
+					version: "1.0.0",
+					description: "Chat completions, MCP, and A2A run endpoints in the Inkeep Agent Framework."
+				},
+				servers: [{
+					url: serverUrl,
+					description: "API Server"
+				}]
+			});
+			document.components = {
+				...document.components,
+				securitySchemes: {
+					...document.components?.securitySchemes || {},
+					bearerAuth: {
+						type: "http",
+						scheme: "bearer",
+						bearerFormat: "API Key",
+						description: "API key authentication. All endpoints require a valid API key in the Authorization header as \"Bearer <api-key>\". API keys can be created in the management UI."
+					}
+				}
+			};
+			document.security = [{ bearerAuth: [] }];
+			return c.json(document);
+		} catch (error) {
+			console.error("OpenAPI document generation failed:", error);
+			const errorDetails = error instanceof Error ? {
+				message: error.message,
+				stack: error.stack
+			} : JSON.stringify(error, null, 2);
+			return c.json({
+				error: "Failed to generate OpenAPI document",
+				details: errorDetails
+			}, 500);
+		}
+	});
+	app.get("/docs", swaggerUI({
+		url: "/openapi.json",
+		title: "Inkeep Agents Run API Documentation"
+	}));
+}
+//#endregion
+export { setupOpenAPIRoutes };

package/dist/routes/agents.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import { OpenAPIHono } from "@hono/zod-openapi";
+import { CredentialStoreRegistry } from "@inkeep/agents-core";
+//#region src/routes/agents.d.ts
+type AppVariables = {
+  credentialStores: CredentialStoreRegistry;
+};
+declare const app: OpenAPIHono<{
+  Variables: AppVariables;
+}, {}, "/">;
+//#endregion
+export { app as default };

package/dist/routes/agents.js ADDED Viewed

@@ -0,0 +1,147 @@
+import { getLogger } from "../logger.js";
+import dbClient_default from "../data/db/dbClient.js";
+import { a2aHandler } from "../a2a/handlers.js";
+import { getRegisteredAgent } from "../data/agents.js";
+import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { HeadersScopeSchema, createApiError, getAgentWithDefaultSubAgent, getRequestExecutionContext } from "@inkeep/agents-core";
+//#region src/routes/agents.ts
+const app = new OpenAPIHono();
+const logger = getLogger("agents");
+app.openapi(createRoute({
+	method: "get",
+	path: "/.well-known/agent.json",
+	request: { headers: HeadersScopeSchema },
+	tags: ["a2a"],
+	security: [{ bearerAuth: [] }],
+	responses: {
+		200: {
+			description: "Agent Card for A2A discovery",
+			content: { "application/json": { schema: z.object({
+				name: z.string(),
+				description: z.string().optional(),
+				url: z.string(),
+				version: z.string(),
+				defaultInputModes: z.array(z.string()),
+				defaultOutputModes: z.array(z.string()),
+				skills: z.array(z.any())
+			}) } }
+		},
+		404: { description: "Agent not found" }
+	}
+}), async (c) => {
+	const otelHeaders = {
+		traceparent: c.req.header("traceparent"),
+		tracestate: c.req.header("tracestate"),
+		baggage: c.req.header("baggage")
+	};
+	logger.info({
+		otelHeaders,
+		path: c.req.path,
+		method: c.req.method
+	}, "OpenTelemetry headers: well-known agent.json");
+	const executionContext = getRequestExecutionContext(c);
+	const { tenantId, projectId, agentId, subAgentId } = executionContext;
+	logger.info({ executionContext }, "executionContext");
+	logger.info({
+		message: "getRegisteredAgent (agent-level)",
+		tenantId,
+		projectId,
+		agentId,
+		subAgentId
+	}, "agent-level well-known agent.json");
+	const agent = await getRegisteredAgent({
+		executionContext,
+		credentialStoreRegistry: c.get("credentialStores"),
+		sandboxConfig: c.get("sandboxConfig")
+	});
+	logger.info({ agent }, "agent registered: well-known agent.json");
+	if (!agent) throw createApiError({
+		code: "not_found",
+		message: "Agent not found"
+	});
+	return c.json(agent.agentCard);
+});
+app.post("/a2a", async (c) => {
+	const otelHeaders = {
+		traceparent: c.req.header("traceparent"),
+		tracestate: c.req.header("tracestate"),
+		baggage: c.req.header("baggage")
+	};
+	logger.info({
+		otelHeaders,
+		path: c.req.path,
+		method: c.req.method
+	}, "OpenTelemetry headers: a2a");
+	const executionContext = getRequestExecutionContext(c);
+	const { tenantId, projectId, agentId, subAgentId } = executionContext;
+	if (subAgentId) {
+		logger.info({
+			message: "a2a (agent-level)",
+			tenantId,
+			projectId,
+			agentId,
+			subAgentId
+		}, "agent-level a2a endpoint");
+		const agent$1 = await getRegisteredAgent({
+			executionContext,
+			credentialStoreRegistry: c.get("credentialStores"),
+			sandboxConfig: c.get("sandboxConfig")
+		});
+		if (!agent$1) return c.json({
+			jsonrpc: "2.0",
+			error: {
+				code: -32004,
+				message: "Agent not found"
+			},
+			id: null
+		}, 404);
+		return a2aHandler(c, agent$1);
+	}
+	logger.info({
+		message: "a2a (agent-level)",
+		tenantId,
+		projectId,
+		agentId
+	}, "agent-level a2a endpoint");
+	const agent = await getAgentWithDefaultSubAgent(dbClient_default)({ scopes: {
+		tenantId,
+		projectId,
+		agentId
+	} });
+	if (!agent) return c.json({
+		jsonrpc: "2.0",
+		error: {
+			code: -32004,
+			message: "Agent not found"
+		},
+		id: null
+	}, 404);
+	if (!agent.defaultSubAgentId) return c.json({
+		jsonrpc: "2.0",
+		error: {
+			code: -32004,
+			message: "Agent does not have a default agent configured"
+		},
+		id: null
+	}, 400);
+	executionContext.subAgentId = agent.defaultSubAgentId;
+	const defaultSubAgent = await getRegisteredAgent({
+		executionContext,
+		credentialStoreRegistry: c.get("credentialStores"),
+		sandboxConfig: c.get("sandboxConfig")
+	});
+	if (!defaultSubAgent) return c.json({
+		jsonrpc: "2.0",
+		error: {
+			code: -32004,
+			message: "Agent not found"
+		},
+		id: null
+	}, 404);
+	return a2aHandler(c, defaultSubAgent);
+});
+var agents_default = app;
+//#endregion
+export { agents_default as default };

package/dist/routes/chat.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import { OpenAPIHono } from "@hono/zod-openapi";
+import { CredentialStoreRegistry } from "@inkeep/agents-core";
+//#region src/routes/chat.d.ts
+type AppVariables = {
+  credentialStores: CredentialStoreRegistry;
+  requestBody?: any;
+};
+declare const app: OpenAPIHono<{
+  Variables: AppVariables;
+}, {}, "/">;
+//#endregion
+export { app as default };