@inkeep/agents-sdk 0.42.0 → 0.43.0

package/README.md

@@ -58,7 +58,7 @@ const token = await credentials.get('MY_TOKEN'); // Returns 'env-token'
 | Type | Description | Requirements |
 |------|-------------|--------------|
 | `memory` | In-memory storage with env var fallback | None (default) |
-| `keychain` | OS keychain storage | `keytar` package |
+| `keychain` | OS keychain storage | `@napi-rs/keyring` package |
 | `nango` | OAuth credential management | `@nangohq/node`, `@nangohq/types` |
 | `custom` | Your own implementation | Implement `CredentialStore` interface |
 
@@ -117,6 +117,359 @@ tracer.startActiveSpan('my-operation', (span) => {
 | `ConsoleTelemetryProvider` | Logs to console | None |
 | Custom OpenTelemetry | Full observability | `@opentelemetry/*` packages |
 
+## Webhook Triggers with Signature Verification
+
+Webhook triggers allow your agents to be invoked by external services like GitHub, Slack, Stripe, and Zendesk. The SDK provides flexible HMAC signature verification to ensure webhook requests are authentic.
+
+### Basic Webhook Trigger
+
+Create a simple webhook trigger without signature verification:
+
+```typescript
+import { trigger, credentialReference } from '@inkeep/agents-sdk';
+
+export const myWebhook = trigger({
+  id: 'github-webhook',
+  name: 'GitHub Webhook',
+  description: 'Triggered by GitHub push events',
+});
+```
+
+### Webhook Signature Verification
+
+Different webhook providers use different signature patterns. The SDK supports all common patterns through flexible configuration.
+
+#### Quick Examples
+
+**GitHub Webhooks:**
+
+```typescript
+import { trigger, credentialReference } from '@inkeep/agents-sdk';
+
+export const githubWebhook = trigger({
+  id: 'github-webhook',
+  name: 'GitHub Webhook',
+  description: 'Verified GitHub webhook',
+  signingSecretCredentialReference: credentialReference({
+    id: 'github-webhook-secret',
+  }),
+  signatureVerification: {
+    algorithm: 'sha256',
+    encoding: 'hex',
+    signature: {
+      source: 'header',
+      key: 'X-Hub-Signature-256',
+      prefix: 'sha256=',
+    },
+    signedComponents: [
+      {
+        source: 'body',
+        required: true,
+      },
+    ],
+    componentJoin: {
+      strategy: 'concatenate',
+      separator: '',
+    },
+  },
+});
+```
+
+**Slack Webhooks:**
+
+```typescript
+export const slackWebhook = trigger({
+  id: 'slack-webhook',
+  name: 'Slack Webhook',
+  description: 'Verified Slack webhook',
+  signingSecretCredentialReference: credentialReference({
+    id: 'slack-signing-secret',
+  }),
+  signatureVerification: {
+    algorithm: 'sha256',
+    encoding: 'hex',
+    signature: {
+      source: 'header',
+      key: 'X-Slack-Signature',
+      prefix: 'v0=',
+    },
+    signedComponents: [
+      {
+        source: 'literal',
+        value: 'v0',
+        required: true,
+      },
+      {
+        source: 'header',
+        key: 'X-Slack-Request-Timestamp',
+        required: true,
+      },
+      {
+        source: 'body',
+        required: true,
+      },
+    ],
+    componentJoin: {
+      strategy: 'concatenate',
+      separator: ':',
+    },
+  },
+});
+```
+
+**Zendesk Webhooks:**
+
+```typescript
+export const zendeskWebhook = trigger({
+  id: 'zendesk-webhook',
+  name: 'Zendesk Webhook',
+  description: 'Verified Zendesk webhook',
+  signingSecretCredentialReference: credentialReference({
+    id: 'zendesk-signing-secret',
+  }),
+  signatureVerification: {
+    algorithm: 'sha256',
+    encoding: 'base64',
+    signature: {
+      source: 'header',
+      key: 'X-Zendesk-Webhook-Signature',
+    },
+    signedComponents: [
+      {
+        source: 'header',
+        key: 'X-Zendesk-Webhook-Signature-Timestamp',
+        required: true,
+      },
+      {
+        source: 'body',
+        required: true,
+      },
+    ],
+    componentJoin: {
+      strategy: 'concatenate',
+      separator: '',
+    },
+  },
+});
+```
+
+**Stripe Webhooks:**
+
+```typescript
+export const stripeWebhook = trigger({
+  id: 'stripe-webhook',
+  name: 'Stripe Webhook',
+  description: 'Verified Stripe webhook',
+  signingSecretCredentialReference: credentialReference({
+    id: 'stripe-webhook-secret',
+  }),
+  signatureVerification: {
+    algorithm: 'sha256',
+    encoding: 'hex',
+    signature: {
+      source: 'header',
+      key: 'Stripe-Signature',
+      regex: 'v1=([a-f0-9]+)',
+    },
+    signedComponents: [
+      {
+        source: 'header',
+        key: 'Stripe-Signature',
+        regex: 't=([0-9]+)',
+        required: true,
+      },
+      {
+        source: 'body',
+        required: true,
+      },
+    ],
+    componentJoin: {
+      strategy: 'concatenate',
+      separator: '.',
+    },
+  },
+});
+```
+
+### Configuration Reference
+
+#### SignatureVerificationConfig
+
+The `signatureVerification` object configures how webhook signatures are verified.
+
+**Fields:**
+
+- `algorithm` - HMAC algorithm: `'sha256'` | `'sha512'` | `'sha384'` | `'sha1'` | `'md5'`
+  - **Recommended:** `'sha256'` (most secure and widely supported)
+  - **Warning:** `'sha1'` and `'md5'` are cryptographically weak and only supported for legacy systems
+
+- `encoding` - Signature encoding: `'hex'` | `'base64'`
+  - **Default:** `'hex'` (used by most providers)
+
+- `signature` - Where and how to extract the signature from the request
+
+- `signedComponents` - Array of components that make up the signed data
+
+- `componentJoin` - How to join multiple components before verification
+
+- `validation` (optional) - Advanced validation options
+
+#### Signature Source
+
+The `signature` field specifies where to find the signature in the webhook request.
+
+**Fields:**
+
+- `source` - Location: `'header'` | `'query'` | `'body'`
+  - `'header'` - Extract from HTTP header (most common)
+  - `'query'` - Extract from URL query parameter
+  - `'body'` - Extract from request body using JMESPath
+
+- `key` - Identifier for the signature:
+  - For headers: Header name (e.g., `'X-Hub-Signature-256'`)
+  - For query params: Parameter name (e.g., `'signature'`)
+  - For body: JMESPath expression (e.g., `'signature'` or `'headers."X-Signature"'`)
+
+- `prefix` (optional) - Prefix to strip from signature (e.g., `'sha256='`, `'v0='`)
+
+- `regex` (optional) - Regular expression with capture group for complex formats (e.g., `'v1=([a-f0-9]+)'`)
+
+#### Signed Components
+
+The `signedComponents` array specifies what data was signed by the webhook provider. Components are joined in order using the `componentJoin` configuration.
+
+**Component Fields:**
+
+- `source` - Component location: `'header'` | `'body'` | `'literal'`
+  - `'header'` - Extract from HTTP header
+  - `'body'` - Extract from request body (uses entire body as string)
+  - `'literal'` - Use a fixed string value
+
+- `key` (optional) - Identifier:
+  - For headers: Header name (e.g., `'X-Slack-Request-Timestamp'`)
+  - For body: JMESPath expression (e.g., `'data.timestamp'`)
+  - Not used for literal components
+
+- `value` (optional) - Static string value (only for `source: 'literal'`)
+
+- `regex` (optional) - Regex with capture group to extract part of the value
+
+- `required` - Whether component must be present (default: `true`)
+  - If `false`, missing components are treated as empty strings
+
+#### Component Join
+
+The `componentJoin` field specifies how to combine multiple signed components.
+
+**Fields:**
+
+- `strategy` - Join strategy: `'concatenate'` (only option currently)
+
+- `separator` - String to insert between components:
+  - `''` (empty) - Direct concatenation (GitHub, Zendesk)
+  - `':'` - Colon separator (Slack)
+  - `'.'` - Dot separator (Stripe)
+
+#### Advanced Validation Options
+
+The optional `validation` field provides fine-grained control over verification behavior.
+
+**Fields:**
+
+- `headerCaseSensitive` (default: `false`) - Whether header names are case-sensitive
+  - `false` - Case-insensitive matching (HTTP standard, recommended)
+  - `true` - Exact case match required
+
+- `allowEmptyBody` (default: `true`) - Whether to allow requests with empty bodies
+  - `true` - Empty bodies are valid (some webhooks send header-only verification requests)
+  - `false` - Reject requests with empty bodies
+
+- `normalizeUnicode` (default: `false`) - Whether to normalize Unicode to NFC form
+  - `false` - Use raw body bytes
+  - `true` - Normalize to NFC before verification (handles different Unicode representations)
+
+**Example with validation options:**
+
+```typescript
+signatureVerification: {
+  algorithm: 'sha256',
+  encoding: 'hex',
+  signature: {
+    source: 'header',
+    key: 'X-Signature',
+  },
+  signedComponents: [{ source: 'body', required: true }],
+  componentJoin: { strategy: 'concatenate', separator: '' },
+  validation: {
+    headerCaseSensitive: true,
+    allowEmptyBody: false,
+    normalizeUnicode: true,
+  },
+},
+```
+
+### Migration from Legacy `signingSecret`
+
+**Breaking Change:** The legacy `signingSecret` parameter has been removed. All triggers must use credential references and the new `signatureVerification` configuration.
+
+**Before (deprecated):**
+
+```typescript
+export const webhook = trigger({
+  id: 'my-webhook',
+  signingSecret: 'my-secret-key', // ❌ No longer supported
+});
+```
+
+**After (current):**
+
+```typescript
+export const webhook = trigger({
+  id: 'my-webhook',
+  signingSecretCredentialReference: credentialReference({
+    id: 'webhook-secret',
+  }),
+  signatureVerification: {
+    algorithm: 'sha256',
+    encoding: 'hex',
+    signature: {
+      source: 'header',
+      key: 'X-Hub-Signature-256',
+      prefix: 'sha256=',
+    },
+    signedComponents: [{ source: 'body', required: true }],
+    componentJoin: { strategy: 'concatenate', separator: '' },
+  },
+});
+```
+
+### Security Best Practices
+
+1. **Always use credential references** - Never hardcode signing secrets in your code
+2. **Use strong algorithms** - Prefer `sha256` or stronger; avoid `sha1` and `md5`
+3. **Validate all webhooks** - Always configure signature verification for production webhooks
+4. **Use HTTPS** - Always receive webhooks over HTTPS to prevent man-in-the-middle attacks
+5. **Rotate secrets regularly** - Update signing secrets periodically
+6. **Monitor failed verifications** - Failed signature checks may indicate an attack
+
+### Troubleshooting
+
+**Signature verification always fails:**
+
+1. Verify your signing secret is correct in the credential store
+2. Check that the `algorithm` matches what the provider uses
+3. Verify the `encoding` (hex vs base64)
+4. Ensure `signedComponents` match what the provider actually signs
+5. Check the `separator` in `componentJoin`
+6. For body-based components, ensure you're not modifying the raw body
+
+**Provider-specific tips:**
+
+- **GitHub:** Requires `prefix: 'sha256='` and signs only the raw body
+- **Slack:** Signs three components with colons: `v0:{timestamp}:{body}`
+- **Stripe:** Uses regex extraction for both signature and timestamp from the same header
+- **Zendesk:** Uses base64 encoding instead of hex
+
 ## API Reference
 
 ### Builders
@@ -124,6 +477,7 @@ tracer.startActiveSpan('my-operation', (span) => {
 - `agent()` - Create an agent (top-level container with multiple sub-agents)
 - `subAgent()` - Create a sub-agent configuration
 - `tool()` - Create a tool configuration
+- `trigger()` - Create a webhook trigger configuration
 - `mcpServer()` - Create an MCP server configuration
 - `mcpTool()` - Create an MCP tool
 - `dataComponent()` - Create a data component
@@ -190,7 +544,7 @@ The SDK has minimal required dependencies. Advanced features require optional pa
 | Feature | Required Packages |
 |---------|------------------|
 | Nango credentials | `@nangohq/node`, `@nangohq/types` |
-| Keychain storage | `keytar` |
+| Keychain storage | `@napi-rs/keyring` |
 | OpenTelemetry | `@opentelemetry/api`, `@opentelemetry/sdk-node` |
 
 Install only what you need:

package/dist/agent.js

@@ -58,7 +58,7 @@ var Agent = class {
 			agentCount: this.subAgents.length,
 			defaultSubAgent: this.defaultSubAgent?.getName(),
 			triggerCount: this.triggers.length
-		}, "Agent created");
+		}, "Agent initialized");
 	}
 	/**
 	* Set or update the configuration (tenantId, projectId and apiUrl)
@@ -82,7 +82,7 @@ var Agent = class {
 			tenantId: this.tenantId,
 			projectId: this.projectId,
 			apiUrl: this.baseURL
-		}, "Agent configuration updated");
+		}, "Agent configured");
 	}
 	/**
 	* Convert the Agent to FullAgentDefinition format for the new agent endpoint
@@ -246,7 +246,7 @@ var Agent = class {
 			contextConfig: this.contextConfig?.toObject(),
 			...Object.keys(functionToolsObject).length > 0 && { functionTools: functionToolsObject },
 			...Object.keys(functionsObject).length > 0 && { functions: functionsObject },
-			...Object.keys(triggersObject).length > 0 && { triggers: triggersObject },
+			triggers: triggersObject,
 			models: this.models,
 			stopWhen: this.stopWhen,
 			statusUpdates: processedStatusUpdates,

package/dist/builderFunctions.d.ts

@@ -274,16 +274,24 @@ declare function functionTool(config: FunctionToolConfig): FunctionTool;
 *
 * Triggers allow external services to invoke agents via webhooks.
 * They support authentication via arbitrary header key-value pairs,
-* payload transformation, and input validation.
+* payload transformation, input validation, and signature verification.
 *
 * @param config - Trigger configuration
 * @returns A Trigger instance
+* @throws {Error} If signatureVerification config validation fails
 *
 * @example
 * ```typescript
 * import { z } from 'zod';
 *
-* // GitHub webhook trigger with header-based authentication
+* // GitHub webhook trigger with signature verification
+* const githubWebhookSecret = credential({
+*   id: 'github-webhook-secret',
+*   name: 'GitHub Webhook Secret',
+*   type: 'bearer',
+*   value: process.env.GITHUB_WEBHOOK_SECRET
+* });
+*
 * const githubTrigger = trigger({
 *   name: 'GitHub Events',
 *   description: 'Handle GitHub webhook events',
@@ -304,26 +312,55 @@ declare function functionTool(config: FunctionToolConfig): FunctionTool;
 *       { name: 'X-GitHub-Token', value: process.env.GITHUB_TOKEN }
 *     ]
 *   },
-*   signingSecret: process.env.GITHUB_WEBHOOK_SECRET
+*   signingSecretCredentialReference: githubWebhookSecret,
+*   signatureVerification: {
+*     algorithm: 'sha256',
+*     encoding: 'hex',
+*     signature: {
+*       source: 'header',
+*       key: 'x-hub-signature-256',
+*       prefix: 'sha256='
+*     },
+*     signedComponents: [
+*       { source: 'body', required: true }
+*     ],
+*     componentJoin: {
+*       strategy: 'concatenate',
+*       separator: ''
+*     }
+*   }
 * });
 *
-* // Multiple authentication headers
-* const multiHeaderTrigger = trigger({
-*   name: 'Secure Webhook',
-*   description: 'Webhook with multiple auth headers',
-*   messageTemplate: 'Received: {{data}}',
-*   authentication: {
-*     headers: [
-*       { name: 'X-API-Key', value: process.env.API_KEY },
-*       { name: 'X-Client-ID', value: process.env.CLIENT_ID }
-*     ]
+* // Slack webhook trigger with complex signature
+* const slackTrigger = trigger({
+*   name: 'Slack Events',
+*   description: 'Handle Slack webhook events',
+*   messageTemplate: 'Slack event: {{type}}',
+*   signingSecretCredentialReference: slackSecret,
+*   signatureVerification: {
+*     algorithm: 'sha256',
+*     encoding: 'hex',
+*     signature: {
+*       source: 'header',
+*       key: 'x-slack-signature',
+*       prefix: 'v0='
+*     },
+*     signedComponents: [
+*       { source: 'literal', value: 'v0', required: true },
+*       { source: 'header', key: 'x-slack-request-timestamp', required: true },
+*       { source: 'body', required: true }
+*     ],
+*     componentJoin: {
+*       strategy: 'concatenate',
+*       separator: ':'
+*     }
 *   }
 * });
 *
-* // Simple webhook trigger with no auth
+* // Simple webhook trigger with no signature verification
 * const simpleTrigger = trigger({
-*   name: 'Slack Message',
-*   description: 'Handle Slack messages',
+*   name: 'Internal Webhook',
+*   description: 'Internal webhook with no signature',
 *   messageTemplate: 'New message: {{text}}'
 * });
 * ```

package/dist/builderFunctions.js

@@ -8,7 +8,8 @@ import { StatusComponent as StatusComponent$1 } from "./status-component.js";
 import { Tool } from "./tool.js";
 import { SubAgent } from "./subAgent.js";
 import { Trigger } from "./trigger.js";
-import { CredentialReferenceApiInsertSchema, MCPToolConfigSchema } from "@inkeep/agents-core";
+import { CredentialReferenceApiInsertSchema, MCPToolConfigSchema, SignatureVerificationConfigSchema } from "@inkeep/agents-core";
+import { validateJMESPath, validateRegex } from "@inkeep/agents-core/utils/signature-validation";
 
 //#region src/builderFunctions.ts
 /**
@@ -328,16 +329,24 @@ function functionTool(config) {
 *
 * Triggers allow external services to invoke agents via webhooks.
 * They support authentication via arbitrary header key-value pairs,
-* payload transformation, and input validation.
+* payload transformation, input validation, and signature verification.
 *
 * @param config - Trigger configuration
 * @returns A Trigger instance
+* @throws {Error} If signatureVerification config validation fails
 *
 * @example
 * ```typescript
 * import { z } from 'zod';
 *
-* // GitHub webhook trigger with header-based authentication
+* // GitHub webhook trigger with signature verification
+* const githubWebhookSecret = credential({
+*   id: 'github-webhook-secret',
+*   name: 'GitHub Webhook Secret',
+*   type: 'bearer',
+*   value: process.env.GITHUB_WEBHOOK_SECRET
+* });
+*
 * const githubTrigger = trigger({
 *   name: 'GitHub Events',
 *   description: 'Handle GitHub webhook events',
@@ -358,31 +367,88 @@ function functionTool(config) {
 *       { name: 'X-GitHub-Token', value: process.env.GITHUB_TOKEN }
 *     ]
 *   },
-*   signingSecret: process.env.GITHUB_WEBHOOK_SECRET
+*   signingSecretCredentialReference: githubWebhookSecret,
+*   signatureVerification: {
+*     algorithm: 'sha256',
+*     encoding: 'hex',
+*     signature: {
+*       source: 'header',
+*       key: 'x-hub-signature-256',
+*       prefix: 'sha256='
+*     },
+*     signedComponents: [
+*       { source: 'body', required: true }
+*     ],
+*     componentJoin: {
+*       strategy: 'concatenate',
+*       separator: ''
+*     }
+*   }
 * });
 *
-* // Multiple authentication headers
-* const multiHeaderTrigger = trigger({
-*   name: 'Secure Webhook',
-*   description: 'Webhook with multiple auth headers',
-*   messageTemplate: 'Received: {{data}}',
-*   authentication: {
-*     headers: [
-*       { name: 'X-API-Key', value: process.env.API_KEY },
-*       { name: 'X-Client-ID', value: process.env.CLIENT_ID }
-*     ]
+* // Slack webhook trigger with complex signature
+* const slackTrigger = trigger({
+*   name: 'Slack Events',
+*   description: 'Handle Slack webhook events',
+*   messageTemplate: 'Slack event: {{type}}',
+*   signingSecretCredentialReference: slackSecret,
+*   signatureVerification: {
+*     algorithm: 'sha256',
+*     encoding: 'hex',
+*     signature: {
+*       source: 'header',
+*       key: 'x-slack-signature',
+*       prefix: 'v0='
+*     },
+*     signedComponents: [
+*       { source: 'literal', value: 'v0', required: true },
+*       { source: 'header', key: 'x-slack-request-timestamp', required: true },
+*       { source: 'body', required: true }
+*     ],
+*     componentJoin: {
+*       strategy: 'concatenate',
+*       separator: ':'
+*     }
 *   }
 * });
 *
-* // Simple webhook trigger with no auth
+* // Simple webhook trigger with no signature verification
 * const simpleTrigger = trigger({
-*   name: 'Slack Message',
-*   description: 'Handle Slack messages',
+*   name: 'Internal Webhook',
+*   description: 'Internal webhook with no signature',
 *   messageTemplate: 'New message: {{text}}'
 * });
 * ```
 */
 function trigger(config) {
+	if (config.signatureVerification !== void 0 && config.signatureVerification !== null) {
+		const triggerName = config.name || "unknown";
+		try {
+			SignatureVerificationConfigSchema.parse(config.signatureVerification);
+		} catch (error) {
+			if (error instanceof Error) throw new Error(`Invalid signatureVerification config in trigger '${triggerName}': ${error.message}`);
+			throw error;
+		}
+		const sigConfig = config.signatureVerification;
+		if (sigConfig.signature.regex) {
+			const result = validateRegex(sigConfig.signature.regex);
+			if (!result.valid) throw new Error(`Invalid signatureVerification config in trigger '${triggerName}': ${result.error}`);
+		}
+		if (sigConfig.signature.source === "body" && sigConfig.signature.key) {
+			const result = validateJMESPath(sigConfig.signature.key);
+			if (!result.valid) throw new Error(`Invalid signatureVerification config in trigger '${triggerName}': ${result.error}`);
+		}
+		for (const component of sigConfig.signedComponents) {
+			if (component.regex) {
+				const result = validateRegex(component.regex);
+				if (!result.valid) throw new Error(`Invalid signatureVerification config in trigger '${triggerName}': ${result.error}`);
+			}
+			if (component.source === "body" && component.key) {
+				const result = validateJMESPath(component.key);
+				if (!result.valid) throw new Error(`Invalid signatureVerification config in trigger '${triggerName}': ${result.error}`);
+			}
+		}
+	}
 	return new Trigger(config);
 }
 

package/dist/credential-provider.js

@@ -111,7 +111,7 @@ var InkeepCredentialProvider = class {
 				} catch {
 					return {
 						available: false,
-						reason: "Keychain store requires keytar package to be installed"
+						reason: "Keychain store requires @napi-rs/keyring package to be installed"
 					};
 				}
 			}

package/dist/index.d.ts

@@ -17,5 +17,5 @@ import { EvaluationClient, EvaluationClientConfig, evaluationClient } from "./ev
 import { createFullProjectViaAPI, deleteFullProjectViaAPI, getFullProjectViaAPI, updateFullProjectViaAPI } from "./projectFullClient.js";
 import { Runner, raceAgents, run, stream } from "./runner.js";
 import { ConsoleTelemetryProvider, InkeepTelemetryProvider, NoOpTelemetryProvider, OpenTelemetryConfig, SpanOptions, SpanStatus, SpanStatusType, TelemetryConfig, TelemetryLogger, TelemetryMetrics, TelemetryProvider, TelemetrySpan, TelemetryTracer, createConsoleTelemetryProvider, createNoOpTelemetryProvider, createOpenTelemetryProvider, getGlobalTelemetryProvider, setGlobalTelemetryProvider } from "./telemetry-provider.js";
-import { ANTHROPIC_MODELS, GOOGLE_MODELS, OPENAI_MODELS } from "@inkeep/agents-core";
-export { ANTHROPIC_MODELS, AgentConfig, AgentError, AgentInterface, AgentResponse, AgentTool, AllDelegateInputInterface, AllDelegateOutputInterface, ArtifactComponent, type ArtifactComponentInterface, ArtifactComponentWithZodProps, AssistantMessage, BuilderAgentConfig, BuilderRelationConfig, BuilderToolConfig, ConsoleTelemetryProvider, type CredentialProviderConfig, type CredentialProviderType, type CredentialReference, type CredentialStore, type CustomCredentialConfig, DataComponent, type DataComponentInterface, DataComponentWithZodProps, EvaluationClient, type EvaluationClientConfig, ExternalAgent, ExternalAgentInterface, type ExtractCredentialIds, FetchDefinitionConfig, FunctionTool, FunctionToolConfig, GOOGLE_MODELS, GenerateOptions, InkeepCredentialProvider, InkeepTelemetryProvider, type KeychainCredentialConfig, MCPToolConfig, MaxTurnsExceededError, type MemoryCredentialConfig, Message, MessageInput, ModelSettings, type NangoCredentialConfig, NoOpTelemetryProvider, OPENAI_MODELS, type OpenTelemetryConfig, Project, RequestSchemaConfig, RequestSchemaDefinition, RunResult, Runner, ServerConfig, type SpanOptions, SpanStatus, type SpanStatusType, StatusComponent, type StatusComponentInterface, StreamEvent, StreamResponse, SubAgent, SubAgentCanUseType, SubAgentConfig, SubAgentInterface, SystemMessage, type TelemetryConfig, type TelemetryLogger, type TelemetryMetrics, type TelemetryProvider, type TelemetrySpan, type TelemetryTracer, Tool, ToolCall, ToolConfig, ToolExecutionError, ToolMessage, ToolResult, TransferConfig, TransferError, Trigger, type TriggerConfig, type TriggerInterface, type UnionCredentialIds, UserMessage, agent, agentMcp, artifactComponent, createConsoleTelemetryProvider, createCredentialProvider, createEnvironmentSettings, createFullProjectViaAPI, createNoOpTelemetryProvider, createOpenTelemetryProvider, credential, credentialRef, dataComponent, deleteFullProjectViaAPI, evaluationClient, externalAgent, externalAgents, functionTool, getFullProjectViaAPI, getGlobalTelemetryProvider, isCredentialReference, mcpServer, mcpTool, project, raceAgents, registerEnvironmentSettings, run, setGlobalTelemetryProvider, statusComponent, stream, subAgent, subAgentExternalAgentInterface, subAgentTeamAgentInterface, transfer, trigger, updateFullProjectViaAPI };
+import { ANTHROPIC_MODELS, GOOGLE_MODELS, OPENAI_MODELS, SignatureSource, SignatureVerificationConfig, SignedComponent } from "@inkeep/agents-core";
+export { ANTHROPIC_MODELS, AgentConfig, AgentError, AgentInterface, AgentResponse, AgentTool, AllDelegateInputInterface, AllDelegateOutputInterface, ArtifactComponent, type ArtifactComponentInterface, ArtifactComponentWithZodProps, AssistantMessage, BuilderAgentConfig, BuilderRelationConfig, BuilderToolConfig, ConsoleTelemetryProvider, type CredentialProviderConfig, type CredentialProviderType, type CredentialReference, type CredentialStore, type CustomCredentialConfig, DataComponent, type DataComponentInterface, DataComponentWithZodProps, EvaluationClient, type EvaluationClientConfig, ExternalAgent, ExternalAgentInterface, type ExtractCredentialIds, FetchDefinitionConfig, FunctionTool, FunctionToolConfig, GOOGLE_MODELS, GenerateOptions, InkeepCredentialProvider, InkeepTelemetryProvider, type KeychainCredentialConfig, MCPToolConfig, MaxTurnsExceededError, type MemoryCredentialConfig, Message, MessageInput, ModelSettings, type NangoCredentialConfig, NoOpTelemetryProvider, OPENAI_MODELS, type OpenTelemetryConfig, Project, RequestSchemaConfig, RequestSchemaDefinition, RunResult, Runner, ServerConfig, type SignatureSource, type SignatureVerificationConfig, type SignedComponent, type SpanOptions, SpanStatus, type SpanStatusType, StatusComponent, type StatusComponentInterface, StreamEvent, StreamResponse, SubAgent, SubAgentCanUseType, SubAgentConfig, SubAgentInterface, SystemMessage, type TelemetryConfig, type TelemetryLogger, type TelemetryMetrics, type TelemetryProvider, type TelemetrySpan, type TelemetryTracer, Tool, ToolCall, ToolConfig, ToolExecutionError, ToolMessage, ToolResult, TransferConfig, TransferError, Trigger, type TriggerConfig, type TriggerInterface, type UnionCredentialIds, UserMessage, agent, agentMcp, artifactComponent, createConsoleTelemetryProvider, createCredentialProvider, createEnvironmentSettings, createFullProjectViaAPI, createNoOpTelemetryProvider, createOpenTelemetryProvider, credential, credentialRef, dataComponent, deleteFullProjectViaAPI, evaluationClient, externalAgent, externalAgents, functionTool, getFullProjectViaAPI, getGlobalTelemetryProvider, isCredentialReference, mcpServer, mcpTool, project, raceAgents, registerEnvironmentSettings, run, setGlobalTelemetryProvider, statusComponent, stream, subAgent, subAgentExternalAgentInterface, subAgentTeamAgentInterface, transfer, trigger, updateFullProjectViaAPI };

package/dist/project.js

@@ -74,7 +74,7 @@ var Project = class {
 			projectId: this.projectId,
 			tenantId: this.tenantId,
 			agentCount: this.agents.length
-		}, "Project created");
+		}, "Project loaded");
 	}
 	/**
 	* Set or update the configuration (tenantId and apiUrl)
@@ -93,7 +93,7 @@ var Project = class {
 			apiUrl: this.baseURL,
 			hasModels: !!this.models,
 			hasApiKey: !!this.apiKey
-		}, "Project configuration updated");
+		}, "Project configured");
 	}
 	/**
 	* Set credential references for the project

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inkeep/agents-sdk",
-  "version": "0.42.0",
+  "version": "0.43.0",
   "description": "Agents SDK for building and managing agents in the Inkeep Agent Framework",
   "types": "dist/index.d.ts",
   "type": "module",
@@ -16,7 +16,7 @@
     "js-yaml": "^4.1.0",
     "typescript": "^5.3.3",
     "zod": "^4.1.11",
-    "@inkeep/agents-core": "^0.42.0"
+    "@inkeep/agents-core": "^0.43.0"
   },
   "devDependencies": {
     "@types/js-yaml": "^4.0.9",