credential id reference added#2967
Conversation
|
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
TL;DR — Documents how to use Key changes
Summary | 2 files | 2 commits | base:
|
There was a problem hiding this comment.
High severity — the TypeScript SDK example will silently fail to attach credentials at runtime.
The visual builder doc changes look correct. The heading promotion (### → ##) and rename from credential to credentialReferenceId are both appropriate for the JSON/persisted format. However, the TypeScript SDK example uses the wrong property name for the builder API.
Claude Opus | 𝕏
| id: "project-info", | ||
| name: "Project Information", | ||
| trigger: "initialization", | ||
| credentialReferenceId: "u6zq98tz0lkloakuqbpdv", |
There was a problem hiding this comment.
Bug: fetchDefinition() accepts credentialReference (a CredentialReferenceApiInsert object), not credentialReferenceId (a string). The function internally converts credentialReference.id → credentialReferenceId at line 451–452 of ContextConfig.ts.
Passing credentialReferenceId here is a no-op — the credential will never be injected into request headers at runtime because the code reads from options.credentialReference?.id, not options.credentialReferenceId.
The correct usage should be something like:
credentialReference: {
id: "u6zq98tz0lkloakuqbpdv",
type: "nango", // or appropriate store type
credentialStoreId: "<store-id>",
},Alternatively, if the intent is to document a simpler API that accepts just an ID string, the builderFetchDefinition type and fetchDefinition() function need to be updated to support that.
| ### Finding the Credential Reference ID | ||
|
|
||
| To find the credential reference ID: | ||
|
|
||
| 1. Navigate to the **Credentials** page in the Inkeep dashboard. | ||
| 2. Click on the credential you want to use. | ||
| 3. Copy the ID from the browser URL — it is the last path segment. For example, in `https://app.inkeep.com/.../credentials/u6zq98tz0lkloakuqbpdv`, the credential reference ID is `u6zq98tz0lkloakuqbpdv`. |
There was a problem hiding this comment.
The instructions to copy the ID from the browser URL are a reasonable UX pattern for the visual builder (where users paste raw JSON). For the TypeScript SDK, however, the user needs to construct a full CredentialReferenceApiInsert object — not just the ID. This section should either show how to build that object, or reference the credential() helper from @inkeep/agents-sdk (defined in builderFunctions.ts).
There was a problem hiding this comment.
PR Review Summary
(1) Total Issues | Risk: High
🔴❗ Critical (1) ❗🔴
Inline Comments:
- 🔴 Critical:
context-fetchers.mdx:131-151TypeScript SDK example uses incorrect property name (credentialReferenceIdinstead ofcredentialReference: { id }) and missing requiredresponseSchema
🟠⚠️ Major (0) 🟠⚠️
None.
🟡 Minor (1) 🟡
🟡 1) agents-docs/content/visual-builder/context-fetchers.mdx:59 Credential injection mechanism unclear
Issue: The property description says "The credential's secret value will be injected into the request headers at runtime" but doesn't specify which header name/format is used.
Why: Users won't know how to configure their API to expect the credential. Is it Authorization: Bearer <secret>? A custom header?
Fix: Clarify the injection mechanism, e.g., "The credential's secret value will be injected as an Authorization: Bearer <secret> header at runtime" — or link to credential documentation that explains this.
Refs: Line 59
💭 Consider (2) 💭
💭 1) agents-docs/content/visual-builder/context-fetchers.mdx:129 Section heading level inconsistency
Issue: "Optional Context Fetches" was promoted from h3 (###) to h2 (##) in the visual-builder file, but remains at h3 in the typescript-sdk file.
Why: Parallel documentation files should maintain consistent structure for easier navigation.
Fix: Either keep as h3 to match typescript-sdk, or promote to h2 in both files.
💭 2) agents-docs/content/typescript-sdk/context-fetchers.mdx:154-160 UI-focused instructions in SDK docs
Issue: The "Finding the Credential Reference ID" subsection describes navigating the dashboard UI, which is a visual builder workflow being documented in the TypeScript SDK reference.
Why: SDK users typically define credentials in code. Consider linking to visual-builder docs instead or showing both approaches.
Fix: Add a note about SDK-native credential definition or link to visual-builder docs for UI approach.
🚫 REQUEST CHANGES
Summary: The TypeScript SDK documentation uses the wrong property name (credentialReferenceId instead of credentialReference: { id }) which will cause TypeScript compilation errors for users copying the example. The Visual Builder documentation is correct since it uses the JSON API format. Please fix the TypeScript SDK example to use the correct object-form property and add the missing responseSchema.
Reviewers (2)
| Reviewer | Returned | Main Findings | Consider | While You're Here | Inline Comments | Pending Recs | Discarded |
|---|---|---|---|---|---|---|---|
pr-review-docs |
5 | 1 | 2 | 0 | 1 | 0 | 1 |
pr-review-consistency |
3 | 0 | 1 | 0 | 0 | 0 | 2 |
| Total | 8 | 1 | 3 | 0 | 1 | 0 | 3 |
Discarded (3)
| Location | Issue | Reason Discarded |
|---|---|---|
typescript-sdk/context-fetchers.mdx:133-151 |
Missing responseSchema in example | Merged with the inline comment for critical finding — addressed together |
typescript-sdk/context-fetchers.mdx:131 |
Introduction text mentions wrong property name | Merged with inline comment — the suggestion block fixes both the text and code example |
visual-builder/context-fetchers.mdx |
Heading promoted from h3 to h2 | Valid change — h2 is appropriate for major feature sections per visual-builder conventions |
| If your fetch requires authentication via a stored credential, pass the `credentialReferenceId` to the `fetchDefinition`: | ||
|
|
||
| ```typescript | ||
| const projectInfoFetcher = fetchDefinition({ | ||
| id: "project-info", | ||
| name: "Project Information", | ||
| trigger: "initialization", | ||
| credentialReferenceId: "u6zq98tz0lkloakuqbpdv", | ||
| fetchConfig: { | ||
| url: "https://api.example.com/graphql", | ||
| method: "POST", | ||
| headers: { | ||
| "Content-Type": "application/json", | ||
| }, | ||
| body: { | ||
| query: "query GetProjectInfo { project { name description } }", | ||
| }, | ||
| transform: "data.project", | ||
| }, | ||
| defaultValue: "Unable to fetch project information", | ||
| }); |
There was a problem hiding this comment.
🔴 CRITICAL: TypeScript SDK example uses incorrect property name
Issue: The code example uses credentialReferenceId as a direct string property, but the TypeScript SDK's fetchDefinition() function expects credentialReference: { id: "..." } (an object with an id field). Additionally, the example is missing the required responseSchema property.
Why: Users copying this example will get TypeScript compilation errors since credentialReferenceId is not a valid property on the builderFetchDefinition type. The code uses an internal API property name that only works at runtime via a fallback, not through the typed SDK interface.
Fix: Update the section to use the correct SDK property name and include the required responseSchema:
| If your fetch requires authentication via a stored credential, pass the `credentialReferenceId` to the `fetchDefinition`: | |
| ```typescript | |
| const projectInfoFetcher = fetchDefinition({ | |
| id: "project-info", | |
| name: "Project Information", | |
| trigger: "initialization", | |
| credentialReferenceId: "u6zq98tz0lkloakuqbpdv", | |
| fetchConfig: { | |
| url: "https://api.example.com/graphql", | |
| method: "POST", | |
| headers: { | |
| "Content-Type": "application/json", | |
| }, | |
| body: { | |
| query: "query GetProjectInfo { project { name description } }", | |
| }, | |
| transform: "data.project", | |
| }, | |
| defaultValue: "Unable to fetch project information", | |
| }); | |
| ## Using Credentials | |
| If your fetch requires authentication via a stored credential, pass the `credentialReference` to the `fetchDefinition`: | |
| ```typescript | |
| const projectInfoFetcher = fetchDefinition({ | |
| id: "project-info", | |
| name: "Project Information", | |
| trigger: "initialization", | |
| credentialReference: { id: "u6zq98tz0lkloakuqbpdv" }, | |
| fetchConfig: { | |
| url: "https://api.example.com/graphql", | |
| method: "POST", | |
| headers: { | |
| "Content-Type": "application/json", | |
| }, | |
| body: { | |
| query: "query GetProjectInfo { project { name description } }", | |
| }, | |
| transform: "data.project", | |
| }, | |
| responseSchema: z.object({ | |
| name: z.string(), | |
| description: z.string(), | |
| }), | |
| defaultValue: "Unable to fetch project information", | |
| }); |
Refs:
- builderFetchDefinition type definition — shows
credentialReference?: CredentialReferenceApiInsert - ContextConfig.test.ts — test uses
credentialReference: { id: 'cred-456' }
Preview URLsUse these stable preview aliases for testing this PR:
These point to the same Vercel preview deployment as the bot comment, but they stay stable and easier to find. Raw Vercel deployment URLs
|
|
🔎💬 Inkeep AI search and chat service is syncing content for source 'Inkeep Agent Framework Docs' |
* chore(dashboard): dockerize visual regression tests for cross-OS consistency Run Playwright browser inside a Docker container so visual screenshot tests produce identical results on macOS (local dev) and Linux (CI). - Add docker-compose.visual.yml with Playwright server container - Update vitest config to connect to Docker browser via websocket when PW_TEST_CONNECT_WS_ENDPOINT env var is set - Add test:visual and test:visual:update npm scripts - Update CI workflow to use Docker Playwright server instead of bare Playwright install - Regenerate screenshot baselines from Linux container Closes PRD-6191 Co-Authored-By: Claude Opus 4.6 <[email protected]> * fix: address PR review feedback - Add explicit failure handling if Playwright server doesn't start - Bind Docker port to 127.0.0.1 only (don't expose to network) - Align npx playwright version with Docker image (both 1.58.0) Co-Authored-By: Claude Opus 4.6 <[email protected]> * fix: restore Playwright install step in CI The @vitest/browser-playwright package requires a local Playwright install to initialize, even when the actual browser runs in Docker via connectOptions. Keep the install step alongside the Docker server. Co-Authored-By: Claude Opus 4.6 <[email protected]> * fix(dashboard): pass PW_TEST_CONNECT_WS_ENDPOINT through turbo strict mode Turbo v2 strict mode filters env vars not listed in turbo.json from child processes. The Playwright WebSocket endpoint was being silently dropped, causing vitest to fall back to local Chromium instead of the Docker server — producing mismatched screenshots in CI. Also pins docker-compose.visual.yml to linux/amd64 so local baselines match CI regardless of host architecture (see microsoft/playwright#13873), and fixes the Playwright cache restore-keys prefix mismatch. Co-Authored-By: Claude Opus 4.6 <[email protected]> * docs: add visual regression test workflow to AGENTS.md * fix(dashboard): resolve Monaco strict locator violation in nested error state visual test * fix(dashboard): fix Monaco strict locator violation with data-testid and stable render wait * Refactor vitest.config.ts by removing unused code * Update vitest.config.ts * fix(dashboard): restore onUnhandledError handler for Monaco browser tests The previous refactor removed the onUnhandledError handler, causing CI to fail with exit code 1 due to 3 known, unfixable Monaco Editor errors in Vitest browser mode: 1. "Cannot use import statement outside a module" - Monaco web workers cannot load ESM in the Vitest browser sandbox 2. "InvalidCharacterError" / "is not a valid name" - Monaco attempts createElement with an SVG data URI as the tag name 3. "Closing rpc while" - Vitest worker RPC shutdown race condition These errors were originally suppressed by Nick in #2046 and #2078 after investigation confirmed they are unfixable Monaco/Vitest internals that do not affect test correctness. Refs: #2046, #2078 * fix(dashboard): remove unused pixelmatch devDependency The pixelmatch package is no longer imported after the vitest.config.ts refactor removed the custom tolerantPixelmatch comparator. Knip correctly flags it as unused. * fix * upd * upd * format * lock * rm * fix * Create fluffy-gorillas-joke.md * Apply suggestion from @claude[bot] Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> * fix(@inkeep/agents-work-apps): mark `@slack/socket-mode` as `dependency` (#2951) * upd * upd * Apply suggestion from @dimaMachina * Apply suggestion from @dimaMachina * Create breezy-lemons-dream.md * Document MCP header forwarding in Visual Builder docs (#2956) * docs: add MCP header forwarding and fix header key casing examples * updated warnings in headers docs * updated warnings in mcp servers docs * In product copilot tutorial (#2957) * docs build updated api reference * tutorial done * implements pnpm minimumReleaseAge and upgrades pnpm to 10.33.0 (#2958) * implements pnpm minimumReleaseAge * upgrades pnpm to 10.16.0 * upgrades pnpm to 10.33.0 * ci: surface stable preview URLs in PRs (#2799) * ci: surface stable preview urls in PRs * fix: add temp file cleanup trap and paginate comment search - Add EXIT trap to clean up mktemp file - Paginate through all PR comments when searching for the existing marker comment, fixing duplicate-comment risk on PRs with 100+ comments Co-authored-by: Andrew Mikofalvy <[email protected]> Co-Authored-By: Claude Opus 4.6 <[email protected]> * ci: fix preview URL comment updates --------- Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com> Co-authored-by: Andrew Mikofalvy <[email protected]> Co-authored-by: Claude Opus 4.6 <[email protected]> * feat: S3 presigned URLs for private media delivery (#2887) * feat: add S3 presigned URL support for private media delivery - Add optional getPresignedUrl() to BlobStorageProvider interface - Implement in S3BlobStorageProvider using @aws-sdk/s3-request-presigner - Make resolveMessageBlobUris() async with presigned URL first, manage proxy fallback for non-S3 backends (Option D hybrid) - Update both call sites (run + manage conversation routes) with await - Add presigned URL tests to s3-provider and resolve-blob-uris test suites - Include full spec with evidence files Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> * docs: add S3 blob storage deployment guide Covers S3 setup, IAM permissions, env vars, S3-compatible services, storage backend priority, and presigned URL delivery flow. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> * chore: add changeset for S3 presigned URL support Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> * fix: add error handling for presigned URL failures with proxy fallback - Wrap getPresignedUrl() in try-catch so failures fall through to manage proxy URL instead of crashing the entire conversation response - Add test for presigned URL failure → proxy fallback path - Add mixed-content test with presigned URLs active - Fix doc icon quoting convention Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> * fix: correct callout type and remove inaccurate configurable claim in docs Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> * feat: make presigned URL expiry configurable via `BLOB_STORAGE_PRESIGNED_URL_EXPIRY_SECONDS` - Add `BLOB_STORAGE_PRESIGNED_URL_EXPIRY_SECONDS` to env.ts Zod schema (default 7200s / 2 hours, range 60–604800) - Replace hardcoded `DEFAULT_PRESIGNED_EXPIRY_SECONDS` constant in s3-provider.ts with env var lookup - Update tests to use env var in mocks and verify new default - Add env var to .env.example files and deployment docs * fix: address PR review comments - Clarify Vercel Blob is also a valid production backend (serves via proxy) - Add per-service S3-compatible path-style guidance (R2 vs B2 vs Spaces) - Make first resolve-blob-uris test explicitly set its mock (test isolation) Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> * chore: reset lockfile from main to minimize resolution drift Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> * fix: pin s3-request-presigner to match client-s3 to prevent lockfile drift Pin @aws-sdk/s3-request-presigner to 3.995.0 (same as resolved client-s3) to minimize pnpm-lock.yaml changes and prevent react version mismatch that caused agents-email test failures in CI. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> * Resolve blob storage provider once per message list instead of per message Addresses PR feedback: call getBlobStorageProvider() once in resolveMessagesListBlobUris and pass the provider through to resolveMessageBlobUris, avoiding N singleton lookups per conversation retrieval. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> * chore: reset lockfile from main and reinstall to fix CI Reset pnpm-lock.yaml from main per repo guidelines to prevent resolution drift that was causing monaco-editor ESM import failures in agents-manage-ui tests. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> * Address remaining review suggestions: list-level presigned URL test and AWS CLI prerequisite - Add test for resolveMessagesListBlobUris with presigned URLs active across multiple messages, covering Promise.all handling - Add AWS CLI prerequisite note to S3 setup docs Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> * Remove AWS CLI prerequisite note from S3 docs Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> --------- Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]> Co-authored-by: pullfrog[bot] <226033991+pullfrog[bot]@users.noreply.github.com> * ci: add preview janitor and recreate control (#2930) * ci: add preview state janitor and recreate path * ci: simplify preview janitor and var resolution * ci: address preview janitor review feedback * ci: gate preview auth on SpiceDB deployment readiness * ci: tighten preview bootstrap retry budget * ci: retry preview recreate after Railway delete * ci: clarify skipped preview workflow jobs * Rename headers in schema and usage to hyphen format (#2962) * Version Packages (#2952) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Andrew Mikofalvy <[email protected]> * Update actions/setup-node and pnpm/action-setup to Node.js 24 versions (#2963) Upgrade actions/setup-node from v4 to v6.3.0 and pnpm/action-setup from v4 to v5.0.0 across all workflows to resolve the Node.js 20 deprecation warning. Node.js 20 actions will be forced to Node.js 24 starting June 2, 2026. https://claude.ai/code/session_01D5Ah1eAYvZCS2SfZ5Lopi3 Co-authored-by: Claude <[email protected]> * credential id reference added (#2967) * Add minimumReleaseAgeExclude for @inkeep/* packages (#2968) Excludes @inkeep scoped packages from the 1440-minute minimum release age gate so our own published packages can be installed immediately after release. https://claude.ai/code/session_01LBEnpfsjj6r4cdwXs2VeHx Co-authored-by: Claude <[email protected]> * add TooltipProvider * add back timeout * should fix tests * polish * fix * pnpm i * upd --------- Co-authored-by: Varun Varahabhotla <[email protected]> Co-authored-by: Claude Opus 4.6 <[email protected]> Co-authored-by: Varun Varahabhotla <[email protected]> Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> Co-authored-by: bryan-inkeep <[email protected]> Co-authored-by: Gaurav Varma <[email protected]> Co-authored-by: robert-inkeep <[email protected]> Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com> Co-authored-by: Andrew Mikofalvy <[email protected]> Co-authored-by: Andrew Mikofalvy <[email protected]> Co-authored-by: pullfrog[bot] <226033991+pullfrog[bot]@users.noreply.github.com> Co-authored-by: inkeep-internal-ci[bot] <259778081+inkeep-internal-ci[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
No description provided.