feat(api): expose per-agent app connections via REST#7
Merged
matoushavlena merged 1 commit intomainfrom Apr 17, 2026
Merged
Conversation
Adds GET and PUT /api/agents/[agentId]/connections, mirroring the existing /secrets route. The service-layer functions (getAgentAppConnections, updateAgentAppConnections) already exist — this just exposes them to cross-service consumers that can't call Next.js server actions. Motivation: the Humr agent platform needs to read (and eventually write) per-agent app-connection assignments from its own API server. The existing server-action surface is only reachable from inside Next.js, so external integrators have no way to surface "which OAuth apps does this agent have access to" without duplicating the DB.
github-project-automation
Bot
moved this from Backlog
to Done
in Kagenti Issue Prioritization
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds
GETandPUT/api/agents/[agentId]/connections, mirroring the existing/api/agents/[agentId]/secretsroute exactly. The underlying service functions (getAgentAppConnections,updateAgentAppConnectionsinapps/web/src/lib/services/agent-service.ts) already exist and are currently only reachable from Next.js server actions.Motivation
The Humr agent platform (https://github.com/kagenti/humr) runs its own API server and wants to surface per-agent OAuth-app assignments to users — read-only first, then editable — without forcing them to context-switch to the OneCLI dashboard. That needs an HTTP surface, since Next.js server actions aren't callable from outside the Next.js process.
This mirrors the pattern the Humr team already uses for
/api/agents/[agentId]/secrets— the only other "per-agent assignment" endpoint OneCLI exposes.Changes
apps/web/src/app/api/agents/[agentId]/connections/route.ts— GET returns a list ofappConnectionIdstrings assigned to the agent; PUT replaces the assignment set. Both useresolveApiAuth, return401when unauthenticated, and delegate to the existing service functions. PUT invalidates the gateway cache, same as/secrets.updateAgentAppConnectionsSchemainapps/web/src/lib/validations/agent.ts— a zod schema for the PUT body ({ appConnectionIds: string[] }).No schema changes, no service-layer changes — the service and its
ServiceError("NOT_FOUND", ...)/ServiceError("BAD_REQUEST", ...)paths are already covered byhandleServiceError.Test plan
pnpm --filter @onecli/web run lint— cleanpnpm --filter @onecli/web run check-types— cleanpnpm exec prettier --checkon both touched files — cleanGET /api/agents/{id}/connectionswith a valid API token returns[]for an agent with no apps assigned, then returns[...ids]afterPUTingPUTwith an unknownappConnectionIdreturns 400 via the existingBAD_REQUESTservice error