Skip to content

2026-01-29

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 29 Jan 01:05
· 57 commits to main since this release
v0.43.0
c40a10d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Changelog

@inkeep/[email protected]

Minor Changes

  • de9bed1: Replace deprecated keytar package with @napi-rs/keyring for native keychain integration

Patch Changes

@inkeep/[email protected]

Minor Changes

  • a5ba56c: Add UI for configurable webhook signature verification

    Added comprehensive UI for configuring webhook signature verification with support for GitHub, Slack, Stripe, Zendesk, and custom webhook providers.

    New Features:

    • Replaced plaintext signing secret input with credential reference selector
    • Added algorithm selector (sha256, sha512, sha384, sha1, md5) with deprecation warnings
    • Added encoding selector (hex, base64)
    • Added signature location configuration (header, query, body with JMESPath)
    • Added signed components builder with reordering, add/remove functionality
    • Added component join configuration (strategy and separator)
    • Added quick setup presets for GitHub, Slack, Zendesk, and Stripe
    • Added advanced validation options (case sensitivity, empty body, Unicode normalization)
    • Added client-side JMESPath and regex validation with error messages
    • All new fields integrate with existing trigger form validation and submission

    UI Improvements:

    • Collapsible "Advanced Validation Options" section reduces visual clutter
    • Provider preset buttons enable one-click configuration for common webhooks
    • Dynamic field labels and placeholders based on selected options
    • Helpful tooltips and FormDescription text throughout
    • Reorder buttons (up/down arrows) for signed components
    • Success toast confirmation when applying presets

  • b215936: add metadata title and descriptions for pages

  • 0b75a6d: add METADATA_BASE_URL, METADATA_TWITTER_SITE and METADATA_TWITTER_CREATOR env variable for setup metadata tags

Patch Changes

  • 0497b9a: bump agents-ui package
  • 5f432f9: stats page
  • eef0a3f: new OAuth callback route
  • 2f9d367: trigger fix
  • 3e3a0db: unneeded code for stats
  • 0f83405: Fix trigger message template removal not working from UI
  • 5ffbf6b: trigger traces
  • 0f86f53: use tanstack query for:
    • fetchThirdPartyMCPServer
    • fetchEvaluators
    • fetchEvaluationSuiteConfigEvaluators
    • fetchEvaluationSuiteConfig
    • fetchUserScopedCredential
    • getAllAgentsAction
  • 05a8a12: adding authorization checks and spicedb setup
  • f1920e3: address unused exports
  • e8da68a: fix(dashboard): use latest [email protected] to fix hydration errors mismatches due radix componenents and react useId hook
  • 0fff69c: Use centralized jmes validation
  • 503ce52: feat(manage-ui): upload source maps if sentry is enabled
  • caefccc: improve mcp servers page loading
  • 720d42f: trigger fix for vercel
  • c47f630: fix(dashboard): variables in prompt editor weren't properly highlighted inside HTML tags, or were incorrectly highlighted inside [] brackets
  • 27a6e3f: Clear context configs when empty in agent serialization
  • 5f66967: triggers for vercel
  • 82b959b: fix hydration errors on triggerId/invocations page
  • 8160ded: improve loading mcps in agent page

@inkeep/[email protected]

Minor Changes

  • de9bed1: Replace deprecated keytar package with @napi-rs/keyring for native keychain integration

  • a5ba56c: BREAKING: Replace hardcoded webhook signature verification with flexible, provider-agnostic configuration

    This major version removes the legacy signingSecret field from triggers and replaces it with a flexible signature verification system that supports GitHub, Slack, Stripe, Zendesk, and other webhook providers.

    Breaking Changes:

    • Removed signingSecret column from triggers table (database migration required)
    • Removed signingSecret parameter from TriggerInsertSchema, TriggerUpdateSchema, and TriggerApiInsert
    • Removed verifySigningSecret() function from trigger-auth.ts
    • Triggers now require signingSecretCredentialReferenceId and signatureVerification configuration for signature verification

    New Features:

    • Added SignatureVerificationConfig type supporting:
      • Multiple HMAC algorithms: sha256, sha512, sha384, sha1, md5
      • Multiple encodings: hex, base64
      • Flexible signature extraction from headers, query parameters, or body
      • Multi-component signing with configurable separators
      • Regex extraction for complex signature formats
      • Advanced validation options (case sensitivity, empty body handling, Unicode normalization)
    • Added verifySignatureWithConfig() function with timing-safe signature comparison
    • Added validation utilities: validateJMESPath(), validateRegex()
    • Added comprehensive unit tests and integration tests
    • Added credential resolution with 5-minute caching in TriggerService

    Migration Guide:

    Before (deprecated):

    const trigger = {
  signingSecret: "my-secret",
};

    After:

    const trigger = {
  signingSecretCredentialReferenceId: "credential-ref-id",
  signatureVerification: {
    algorithm: "sha256",
    encoding: "hex",
    signature: {
      source: "header",
      key: "X-Hub-Signature-256",
      prefix: "sha256=",
    },
    signedComponents: [{ source: "body", required: true }],
    componentJoin: { strategy: "concatenate", separator: "" },
  },
};

    See SDK documentation for complete examples for GitHub, Slack, Stripe, and Zendesk webhooks.

Patch Changes

  • 5f432f9: stats page

  • 0fff69c: Centralized jmes validation

  • eef0a3f: new OAuth callback route

  • 2f9d367: trigger fix

  • 3e3a0db: unneeded code for stats

  • 0f83405: Fix trigger message template removal not working from UI

  • 5ffbf6b: trigger traces

  • 0aa5679: fix: preserve triggers when not included in fullAgent update

    The fullAgent update endpoint now only deletes orphaned triggers when the triggers field is explicitly provided. This prevents triggers from being deleted when saving an agent from the UI (which doesn't manage triggers via this endpoint). The SDK now always includes triggers in agent serialization to ensure proper sync behavior.

  • 05a8a12: adding authorization checks and spicedb setup

  • caefccc: improve mcp servers page loading

  • 720d42f: trigger fix for vercel

  • 31b3310: Migrate fk to varchar in manage schema

  • 5f66967: triggers for vercel

  • 8160ded: improve loading mcps in agent page

  • cfa81bb: fix(agents-core): avoid calling 2 times getCredentialReference or getUserScopedCredentialReference

@inkeep/[email protected]

Minor Changes

  • de5f12c: Add new @inkeep/agents-mcp package providing a unified MCP server for AI assistants to interact with the Inkeep Agents platform. This package combines all APIs (manage, run, evals) into a single MCP server, exposing tools for managing agents, projects, tools, credentials, evaluations, datasets, and workflows.

Patch Changes

@inkeep/[email protected]

Minor Changes

  • de9bed1: Replace deprecated keytar package with @napi-rs/keyring for native keychain integration

  • a5ba56c: BREAKING: Replace hardcoded webhook signature verification with flexible, provider-agnostic configuration

    This major version removes the legacy signingSecret parameter from the trigger() builder function and replaces it with a flexible signature verification system.

    Breaking Changes:

    • Removed signingSecret parameter from trigger() builder function
    • Triggers now require signingSecretCredentialReference and signatureVerification configuration for signature verification

    New Features:

    • Added signatureVerification parameter to trigger() with validation
    • Exported SignatureVerificationConfig, SignatureSource, and SignedComponent types
    • Added validation at trigger creation time for JMESPath and regex patterns
    • Added comprehensive JSDoc documentation with examples for GitHub, Slack, Stripe, and Zendesk

    Migration Guide:

    Before (deprecated):

    export const webhook = trigger({
  id: "my-webhook",
  signingSecret: "my-secret", // ❌ No longer supported
});

    After:

    export const webhook = trigger({
  id: "my-webhook",
  signingSecretCredentialReference: credentialReference({
    id: "webhook-secret",
  }),
  signatureVerification: {
    algorithm: "sha256",
    encoding: "hex",
    signature: {
      source: "header",
      key: "X-Hub-Signature-256",
      prefix: "sha256=",
    },
    signedComponents: [{ source: "body", required: true }],
    componentJoin: { strategy: "concatenate", separator: "" },
  },
});

    See README.md for complete configuration reference and provider-specific examples.

Patch Changes

  • 5f432f9: stats page

  • 2f9d367: trigger fix

  • 3e3a0db: unneeded code for stats

  • 5ffbf6b: trigger traces

  • 0aa5679: fix: preserve triggers when not included in fullAgent update

    The fullAgent update endpoint now only deletes orphaned triggers when the triggers field is explicitly provided. This prevents triggers from being deleted when saving an agent from the UI (which doesn't manage triggers via this endpoint). The SDK now always includes triggers in agent serialization to ensure proper sync behavior.

  • 05a8a12: adding authorization checks and spicedb setup

  • 720d42f: trigger fix for vercel

  • 5f66967: triggers for vercel

@inkeep/[email protected]

Patch Changes

  • 57c5da1: Fix trigger HMAC signature verification to support Nango credential references for cloud deployments
  • e4077a0: Remove duplicate route
  • 5f432f9: stats page
  • eef0a3f: new OAuth callback route
  • 2f9d367: trigger fix
  • 3e3a0db: unneeded code for stats
  • 5ffbf6b: trigger traces
  • 05a8a12: adding authorization checks and spicedb setup
  • c7fa88a: Fix trigger invocation flow: correct agent lookup from Record structure, fix database client usage for conversations/messages, and improve error serialization in logs. Default workflow world to 'local' for development when WORKFLOW_TARGET_WORLD is not set.
  • caad379: Add github token exchange endpoint
  • 800cba5: chore(agents-api): reduce OpenAPI tags
  • c145cb3: fix(agents-api): remove unused files with knip
  • caefccc: improve mcp servers page loading
  • 720d42f: trigger fix for vercel
  • 4b3eb21: fix(agents-api): compile directories which starts with dots
  • 0fff69c: Updated openapi snapshot
  • 5f66967: triggers for vercel
  • 8160ded: improve loading mcps in agent page

@inkeep/[email protected]

Patch Changes

@inkeep/[email protected]

Patch Changes

@inkeep/[email protected]

Patch Changes

Assets 2
Loading