@agentforge-io/core 0.2.0

package/dist/domain/chat-token.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Public chat token. Generated from the admin UI and embedded in a JS widget
+ * on the customer's website. Each token is bound to exactly one (tenant,
+ * agent) pair, so the browser only ever knows enough to talk to that one
+ * agent — the workspace API key never leaves the customer's server.
+ *
+ * The token string itself is the primary key. We store it in plaintext (not
+ * hashed) because the widget needs to send it in the URL path on every call;
+ * there's no symmetric secret we could verify a hash against. The protection
+ * model is: (1) tokens are easy to rotate from the UI; (2) `allowedOrigins`
+ * cap the damage if a token leaks (a stolen token from acme.com can't be
+ * used on attacker.com); (3) `isActive=false` revokes immediately.
+ *
+ * Visual customization (color, position, greeting…) is NOT here — it lives on
+ * the agent itself (`AgentRecord.appearance`) so a single edit propagates to
+ * every embed of that agent without re-issuing tokens.
+ */
+export interface ChatToken {
+    /** Random opaque string. Doubles as the primary key. */
+    token: string;
+    tenantId: string;
+    agentId: string;
+    /** Human-friendly label so the admin can tell several tokens apart
+     *  ("Production homepage", "Marketing landing", etc). */
+    name: string;
+    /**
+     * If empty/null, the token accepts any Origin (handy for dev/staging).
+     * Otherwise the server only honors requests whose `Origin` header matches
+     * one of these entries. Wildcards are NOT supported on purpose — be explicit.
+     */
+    allowedOrigins?: string[];
+    isActive: boolean;
+    createdByUserId?: string;
+    lastUsedAt?: Date;
+    createdAt: Date;
+    updatedAt: Date;
+}
+export type NewChatToken = Pick<ChatToken, 'token' | 'tenantId' | 'agentId' | 'name'> & Partial<Omit<ChatToken, 'token' | 'tenantId' | 'agentId' | 'name' | 'createdAt' | 'updatedAt'>>;
+export type ChatTokenPatch = Partial<Omit<ChatToken, 'token' | 'tenantId' | 'agentId' | 'createdAt' | 'updatedAt'>>;

package/dist/domain/chat-token.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/domain/connector-auth.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Per-user OAuth credentials for a connector (Google, Notion, Slack, etc.).
+ *
+ * `accessTokenEncrypted` and `refreshTokenEncrypted` are AES-GCM blobs —
+ * exactly the same format as `af_platform_secrets`. The service layer
+ * encrypts on write and decrypts on read using MASTER_KEY; the repo never
+ * sees plaintext. That keeps "leak the DB row" from leaking the token.
+ *
+ * Scope of identity: the row is unique per (userId, connectorId). Today
+ * that's the dashboard user (JWT subject). When we wire chat-session-scoped
+ * connectors later, we add a separate row family with a different identity.
+ */
+export interface ConnectorAuth {
+    id: string;
+    /** Dashboard user (JWT sub). One row per (userId, connectorId). */
+    userId: string;
+    /** Stable connector id from the registry (e.g. "google", "notion"). */
+    connectorId: string;
+    /** Account label shown in the UI — e.g. "alice@acme.com". Pulled from
+     *  the OAuth profile after the first token exchange. Optional. */
+    accountLabel?: string;
+    /** Encrypted access token. Format: AES-GCM blob produced by
+     *  `infra/secrets/crypto.encrypt(plaintext, masterKey)`. */
+    accessTokenEncrypted: Buffer;
+    /** Encrypted refresh token, when the provider returned one. Optional
+     *  because some providers (e.g. Google with `access_type=online`) don't. */
+    refreshTokenEncrypted?: Buffer;
+    /** When the access token expires. Refresh runs before this; the service
+     *  treats anything within `REFRESH_LEEWAY_MS` as already-expired. */
+    expiresAt?: Date;
+    /** Space-separated scopes the user granted. Stored so the UI can show
+     *  "you granted: gmail.readonly, drive.readonly" without re-asking the
+     *  provider. */
+    scope?: string;
+    /** Soft toggle. UI revoke flips this to false and the runtime stops
+     *  resolving the token for tool calls. */
+    isActive: boolean;
+    createdAt: Date;
+    updatedAt: Date;
+}
+export type NewConnectorAuth = Pick<ConnectorAuth, 'id' | 'userId' | 'connectorId' | 'accessTokenEncrypted'> & Partial<Omit<ConnectorAuth, 'id' | 'userId' | 'connectorId' | 'accessTokenEncrypted' | 'createdAt' | 'updatedAt'>>;
+export type ConnectorAuthPatch = Partial<Omit<ConnectorAuth, 'id' | 'userId' | 'connectorId' | 'createdAt' | 'updatedAt'>>;

package/dist/domain/connector-auth.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/domain/connector.d.ts

@@ -0,0 +1,52 @@
+import type { AgentToolDefinition } from '../types';
+import type { OAuth2ProviderConfig } from '../services/oauth2.service';
+/**
+ * Per-tool context handed to a connector tool's handler. The runtime
+ * resolves the user's stored credentials (decrypts the access token, runs
+ * refresh if expired) and passes them in here so each tool can call the
+ * provider's API directly without knowing about OAuth.
+ *
+ * `getAccessToken` is a function rather than a plain field so the runtime
+ * can lazy-refresh on the first invocation rather than refreshing every
+ * tool call up-front.
+ */
+export interface ConnectorToolContext {
+    userId: string;
+    connectorId: string;
+    /** Returns a valid (non-expired) access token. Refreshes transparently
+     *  if the cached one is within the refresh window. */
+    getAccessToken: () => Promise<string>;
+}
+/**
+ * A connector tool is an AgentForge tool that needs an authenticated user
+ * to call it. The `execute` signature is enriched with `ConnectorToolContext`,
+ * but at the registry layer we still expose plain `AgentToolDefinition` to
+ * the agent loop — the registry wraps `execute` to inject the context.
+ */
+export interface ConnectorToolFactory {
+    /** Definition without `execute`. The factory builds the executor. */
+    definition: Omit<AgentToolDefinition, 'execute'>;
+    build: (ctx: ConnectorToolContext) => AgentToolDefinition['execute'];
+}
+/**
+ * Static connector definition. Lives in code (option 1 from the design
+ * discussion): one of these per supported provider, registered into the
+ * `ConnectorRegistry` at boot. The host wires `clientId` / `clientSecret`
+ * from env into the `oauth` config before registering.
+ */
+export interface ConnectorDefinition {
+    /** Stable slug used in URLs and the DB (`google`, `slack`, …). */
+    id: string;
+    /** Human label shown in the Directory UI. */
+    name: string;
+    /** Short pitch shown in the Directory card. */
+    description: string;
+    /** Optional category label (Email, Calendar, Docs, …) for grouping. */
+    category?: string;
+    /** Optional URL of a logo asset served by the host. */
+    iconUrl?: string;
+    oauth: OAuth2ProviderConfig;
+    /** Tools this connector contributes to the agent's toolbelt once a user
+     *  has authorized. */
+    tools: ConnectorToolFactory[];
+}

package/dist/domain/connector.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/domain/conversation.d.ts

@@ -0,0 +1,26 @@
+import type { ConversationStatus, MessageRole, ToolCallRecord, TokenUsage } from '../types/agent.types';
+export interface Conversation {
+    id: string;
+    userId: string;
+    agentId: string;
+    title?: string;
+    status: ConversationStatus;
+    totalInputTokens: number;
+    totalOutputTokens: number;
+    messageCount: number;
+    metadata?: Record<string, unknown>;
+    createdAt: Date;
+    updatedAt: Date;
+}
+export interface Message {
+    id: string;
+    conversationId: string;
+    userId: string;
+    role: MessageRole;
+    content: string;
+    toolCalls?: ToolCallRecord[];
+    usage?: TokenUsage;
+    createdAt: Date;
+}
+export type NewConversation = Pick<Conversation, 'userId' | 'agentId'> & Partial<Omit<Conversation, 'id' | 'createdAt' | 'updatedAt'>>;
+export type NewMessage = Omit<Message, 'id' | 'createdAt'>;

package/dist/domain/conversation.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/domain/email-token.d.ts

@@ -0,0 +1,11 @@
+export type EmailTokenPurpose = 'verify_email' | 'reset_password';
+export interface EmailToken {
+    id: string;
+    userId: string;
+    tokenHash: string;
+    purpose: EmailTokenPurpose;
+    expiresAt: Date;
+    consumedAt?: Date;
+    createdAt: Date;
+}
+export type NewEmailToken = Omit<EmailToken, 'id' | 'createdAt'>;

package/dist/domain/email-token.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/domain/external-user.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Map of (tenantId, externalId) → internal AgentForge userId.
+ *
+ * In B2B mode, the consumer service has its own user system. When it calls
+ * AgentForge with `X-On-Behalf-Of: <theirUserId>`, we look up (or create) an
+ * `ExternalUser` row. The internal `id` is what we store on conversations,
+ * messages, usage records — so the rest of the system runs unchanged.
+ *
+ * Two consumers using "user_42" as an externalId get DIFFERENT internal ids,
+ * because the (tenantId, externalId) tuple is unique.
+ */
+export interface ExternalUser {
+    /** Internal AgentForge UUID (the userId for everything downstream). */
+    id: string;
+    tenantId: string;
+    /** The consumer's own user identifier — opaque to AgentForge. */
+    externalId: string;
+    email?: string;
+    metadata?: Record<string, unknown>;
+    createdAt: Date;
+    updatedAt: Date;
+}
+export type NewExternalUser = Pick<ExternalUser, 'id' | 'tenantId' | 'externalId'> & Partial<Pick<ExternalUser, 'email' | 'metadata'>>;

package/dist/domain/external-user.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/domain/index.d.ts

@@ -0,0 +1,5 @@
+export * from './conversation';
+export * from './chat-token';
+export * from './mcp-server';
+export * from './connector-auth';
+export * from './connector';

package/dist/domain/index.js

@@ -0,0 +1,24 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+// SDK-owned domain types. The chat-token contract lives here because the
+// public chat surface (mounted by @agentforge-io/nest) authenticates with it.
+// Identity, multi-tenant, billing all stay in the host.
+__exportStar(require("./conversation"), exports);
+__exportStar(require("./chat-token"), exports);
+__exportStar(require("./mcp-server"), exports);
+__exportStar(require("./connector-auth"), exports);
+__exportStar(require("./connector"), exports);

package/dist/domain/mcp-server.d.ts

@@ -0,0 +1,33 @@
+/**
+ * Persisted MCP server, scoped to a tenant. The admin UI manages these; at
+ * runtime, AgentForge loads the active ones for each tenant and registers
+ * their tools into the global ToolRegistry under a tenant-scoped key.
+ *
+ * Auth model: tokens live in `headers` as `Authorization: Bearer <plaintext>`.
+ * For production secrecy, store the header value as a `secret://<key>` ref
+ * and resolve via SecretsService before connecting — the lib doesn't
+ * mandate that today because not every deploy has SecretsService wired.
+ */
+export interface McpServerRecord {
+    id: string;
+    /** Tenant that owns the server. Per-tenant scope keeps customer
+     *  integrations isolated even when they share an AgentForge deploy. */
+    tenantId: string;
+    /** Human label + tool-name prefix (e.g. `notion` → `notion__search`). */
+    name: string;
+    description?: string;
+    /** Wire protocol. `http` = Streamable HTTP; `sse` = legacy. */
+    transport: 'http' | 'sse';
+    url: string;
+    /** Static request headers (Authorization, custom API keys, etc). */
+    headers?: Record<string, string>;
+    /** Soft toggle — when false, the runtime skips this server at boot and
+     *  does NOT register its tools. Lets ops disable a server without losing
+     *  its config. */
+    isActive: boolean;
+    createdByUserId?: string;
+    createdAt: Date;
+    updatedAt: Date;
+}
+export type NewMcpServerRecord = Pick<McpServerRecord, 'id' | 'tenantId' | 'name' | 'transport' | 'url'> & Partial<Omit<McpServerRecord, 'id' | 'tenantId' | 'name' | 'transport' | 'url' | 'createdAt' | 'updatedAt'>>;
+export type McpServerRecordPatch = Partial<Omit<McpServerRecord, 'id' | 'tenantId' | 'createdAt' | 'updatedAt'>>;

package/dist/domain/mcp-server.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/domain/plan.d.ts

@@ -0,0 +1,20 @@
+import type { PlanDefinition, UsageLimits } from '../types/config.types';
+/**
+ * A persisted plan row. Plans live in the DB so admins can edit
+ * limits/features/prices at runtime. The container seeds the table from
+ * `config.billing.plans` on first boot (when the table is empty), so existing
+ * deployments don't break; after that, the DB is the source of truth.
+ */
+export interface Plan extends PlanDefinition {
+    /** Soft delete flag — keeps the row for historical subscriptions. */
+    isActive: boolean;
+    createdAt: Date;
+    updatedAt: Date;
+}
+export type NewPlan = Pick<PlanDefinition, 'id' | 'name' | 'limits'> & Partial<Omit<PlanDefinition, 'id' | 'name' | 'limits'>> & {
+    isActive?: boolean;
+};
+export type PlanPatch = Partial<Omit<PlanDefinition, 'id'> & {
+    isActive: boolean;
+}>;
+export type { UsageLimits };

package/dist/domain/plan.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/domain/platform-secret.d.ts

@@ -0,0 +1,24 @@
+export interface PlatformSecret {
+    id: string;
+    /** Stable identifier matching the canonical env-var name. */
+    key: string;
+    /** Encrypted blob: AES-GCM `iv | ciphertext | tag`. Persisted as bytea. */
+    valueEncrypted: Buffer;
+    /** Last 4 chars of the plaintext (or "••••" when too short). UI display. */
+    valueHint: string;
+    /** Free-form description shown next to the field in the admin UI. */
+    description?: string;
+    /** User who last wrote this row. Optional because the first import from
+     *  .env may have no user attached. */
+    updatedByUserId?: string;
+    createdAt: Date;
+    updatedAt: Date;
+}
+export interface NewPlatformSecret {
+    key: string;
+    valueEncrypted: Buffer;
+    valueHint: string;
+    description?: string;
+    updatedByUserId?: string;
+}
+export type PlatformSecretPatch = Partial<Pick<PlatformSecret, 'valueEncrypted' | 'valueHint' | 'description' | 'updatedByUserId'>>;

package/dist/domain/platform-secret.js

@@ -0,0 +1,8 @@
+"use strict";
+// Domain type for platform-wide secrets (Tavily/Brave/Stripe/Anthropic).
+//
+// Note what's MISSING: the plaintext value. The plaintext only exists at
+// two moments in the system's life — when the operator types it into the
+// UI, and during the boot-time decrypt inside SecretsService. Anything
+// else (repos, API responses, logs) must work off the hint + ciphertext.
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/domain/refresh-token.d.ts

@@ -0,0 +1,15 @@
+export interface RefreshToken {
+    id: string;
+    userId: string;
+    tokenHash: string;
+    family: string;
+    expiresAt: Date;
+    revokedAt?: Date;
+    replacedById?: string;
+    userAgent?: string;
+    ip?: string;
+    createdAt: Date;
+    lastUsedAt?: Date;
+}
+export type NewRefreshToken = Omit<RefreshToken, 'id' | 'createdAt'>;
+export type RefreshTokenPatch = Partial<Omit<RefreshToken, 'id' | 'createdAt'>>;

package/dist/domain/refresh-token.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/domain/subscription.d.ts

@@ -0,0 +1,21 @@
+import type { SubscriptionStatus } from '../types/billing.types';
+export interface Subscription {
+    id: string;
+    /** End-user subscription. Set for B2C; may be null in B2B mode where the
+     *  payer is the tenant, not an individual user. */
+    userId?: string;
+    /** Tenant subscription. Set in B2B mode; null for B2C/end-user subs. */
+    tenantId?: string;
+    planId: string;
+    status: SubscriptionStatus;
+    providerSubscriptionId?: string;
+    providerCustomerId?: string;
+    currentPeriodStart?: Date;
+    currentPeriodEnd?: Date;
+    trialEnd?: Date;
+    cancelAtPeriodEnd: boolean;
+    createdAt: Date;
+    updatedAt: Date;
+}
+export type NewSubscription = Omit<Subscription, 'id' | 'createdAt' | 'updatedAt'>;
+export type SubscriptionPatch = Partial<Omit<Subscription, 'id' | 'createdAt' | 'updatedAt'>>;

package/dist/domain/subscription.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/domain/tenant.d.ts

@@ -0,0 +1,21 @@
+/**
+ * A Tenant (a.k.a. "client") is a consumer service that signed up to use
+ * AgentForge as a backend. Every B2B request carries an API key that resolves
+ * to one Tenant, and all data is scoped under it. The Tenant's `ownerUserId`
+ * points at a User row (the human admin who manages the tenant).
+ */
+export interface Tenant {
+    id: string;
+    name: string;
+    /** UserId of the human admin who manages this tenant. */
+    ownerUserId: string;
+    planId: string;
+    /** Stripe (or other provider) customer id — lazy-created on first checkout. */
+    providerCustomerId?: string;
+    metadata?: Record<string, unknown>;
+    isActive: boolean;
+    createdAt: Date;
+    updatedAt: Date;
+}
+export type NewTenant = Pick<Tenant, 'id' | 'name' | 'ownerUserId'> & Partial<Omit<Tenant, 'id' | 'name' | 'ownerUserId' | 'createdAt' | 'updatedAt'>>;
+export type TenantPatch = Partial<Omit<Tenant, 'id' | 'createdAt' | 'updatedAt'>>;

package/dist/domain/tenant.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/domain/usage-record.d.ts

@@ -0,0 +1,15 @@
+export interface UsageRecord {
+    id: string;
+    userId: string;
+    conversationId: string;
+    messageId: string;
+    agentId: string;
+    inputTokens: number;
+    outputTokens: number;
+    totalTokens: number;
+    requestCount: number;
+    /** YYYY-MM bucket used by quota counters. */
+    billingPeriod: string;
+    recordedAt: Date;
+}
+export type NewUsageRecord = Omit<UsageRecord, 'id'>;

package/dist/domain/usage-record.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/domain/user.d.ts

@@ -0,0 +1,43 @@
+/**
+ * Roles in AgentForge's RBAC.
+ *
+ *   - `user`           — default. Can own tenants, manage their own API keys,
+ *                        view their billing. Bulk of signups land here.
+ *   - `platform_admin` — operator of the AgentForge instance. Can edit the
+ *                        plan catalog, manage users, and any other endpoint
+ *                        that operates at instance scope.
+ *
+ * Bootstrap: the very first user registered on a fresh install is auto-
+ * promoted to `platform_admin` (since there's nobody else to grant it).
+ * Subsequent users default to `user`; existing platform admins can promote
+ * them via the admin UI.
+ */
+export type UserRole = 'user' | 'platform_admin';
+/**
+ * Plain domain shape for a User. Mirrors the columns of `af_users` but is
+ * deliberately decoupled from TypeORM (no decorators, no `@Entity`). Each
+ * adapter is free to back this with TypeORM, Prisma, Drizzle, raw SQL, etc.
+ */
+export interface User {
+    id: string;
+    email?: string;
+    name?: string;
+    passwordHash?: string;
+    authProvider?: string;
+    providerCustomerId?: string;
+    currentPlanId: string;
+    creditsBalance: number;
+    /** RBAC role. See {@link UserRole} for semantics. */
+    role: UserRole;
+    externalId?: string;
+    metadata?: Record<string, unknown>;
+    isActive: boolean;
+    failedLoginCount: number;
+    lockedUntil?: Date;
+    lastLoginAt?: Date;
+    emailVerifiedAt?: Date;
+    createdAt: Date;
+    updatedAt: Date;
+}
+export type NewUser = Pick<User, 'id'> & Partial<Omit<User, 'id' | 'createdAt' | 'updatedAt'>>;
+export type UserPatch = Partial<Omit<User, 'id' | 'createdAt' | 'updatedAt'>>;

package/dist/domain/user.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/factory.d.ts

@@ -0,0 +1,68 @@
+import type { AgentForgeConfig } from './types/config.types';
+import type { AgentToolDefinition } from './types/agent.types';
+import type { SdkHooks } from './types/hooks';
+import type { PreparedStreamStore } from './adapters/prepared-stream/prepared-stream.types';
+import type { RateLimiter } from './adapters/rate-limiter/rate-limiter.types';
+import type { JobQueue } from './adapters/job-queue/job-queue.types';
+import type { AgentJobPayload, AgentJobResult } from './types/agent.types';
+import { AgentJobWorker } from './services/agent-job.worker';
+import type { ConversationRepository, MessageRepository } from './repositories';
+import { ToolRegistryService, type Logger } from './services/tool-registry.service';
+import { AgentRunnerService } from './services/agent-runner.service';
+import { PreparedStreamService } from './services/prepared-stream.service';
+import { ConversationService } from './services/conversation.service';
+import { AgentService, type AgentResolver } from './services/agent.service';
+import { OrchestratorService } from './services/orchestrator.service';
+/**
+ * Repositories the SDK needs. After Phase 3 this is just conversation +
+ * message — the host owns everything else (users, tenants, plans, etc).
+ */
+export interface AgentForgeRepositories {
+    conversations: ConversationRepository;
+    messages: MessageRepository;
+}
+/**
+ * Optional adapter overrides for runtime infrastructure. Identity / email
+ * / uploads / secrets are now the host's job and not declared here.
+ */
+export interface AgentForgeAdapters {
+    preparedStreamStore?: PreparedStreamStore;
+    /** Rate limiter for sensitive endpoints. Defaults to in-memory. */
+    rateLimiter?: RateLimiter;
+    /** Background queue for agent-turn jobs. Defaults to in-memory. */
+    jobQueue?: JobQueue<AgentJobPayload, AgentJobResult>;
+    logger?: Logger;
+    /** Host-supplied agent resolver — lookup `AgentRecord` by `(tenantId, slug)`
+     *  or by id. When omitted, the SDK falls back to the static
+     *  `config.agents` array (UUID lookups only). */
+    agentResolver?: AgentResolver;
+}
+/**
+ * Fully-wired AgentForge runtime. Drastically smaller post-Phase 3: the SDK
+ * only owns the AI loop, conversations, prepared streams and the job queue.
+ */
+export interface AgentForgeContainer {
+    config: AgentForgeConfig;
+    toolRegistry: ToolRegistryService;
+    runner: AgentRunnerService;
+    orchestrator: OrchestratorService;
+    preparedStream: PreparedStreamService;
+    conversations: ConversationService;
+    agents: AgentService;
+    rateLimiter: RateLimiter;
+    jobQueue: JobQueue<AgentJobPayload, AgentJobResult>;
+    agentJobWorker: AgentJobWorker;
+}
+export interface CreateAgentForgeOptions {
+    config: AgentForgeConfig;
+    repositories: AgentForgeRepositories;
+    adapters?: AgentForgeAdapters;
+    tools?: AgentToolDefinition[];
+    hooks?: SdkHooks;
+}
+/**
+ * Build a fully-wired AgentForge container from plain inputs. Both
+ * @agentforge-io/nest and external bindings call this and expose the services
+ * through their transport.
+ */
+export declare function createAgentForge(opts: CreateAgentForgeOptions): AgentForgeContainer;

package/dist/factory.js

@@ -0,0 +1,56 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAgentForge = createAgentForge;
+const in_memory_1 = require("./adapters/rate-limiter/in-memory");
+const in_memory_2 = require("./adapters/job-queue/in-memory");
+const agent_job_worker_1 = require("./services/agent-job.worker");
+const tool_registry_service_1 = require("./services/tool-registry.service");
+const agent_runner_service_1 = require("./services/agent-runner.service");
+const prepared_stream_service_1 = require("./services/prepared-stream.service");
+const in_memory_prepared_stream_store_1 = require("./services/in-memory-prepared-stream.store");
+const conversation_service_1 = require("./services/conversation.service");
+const agent_service_1 = require("./services/agent.service");
+const orchestrator_service_1 = require("./services/orchestrator.service");
+/**
+ * Build a fully-wired AgentForge container from plain inputs. Both
+ * @agentforge-io/nest and external bindings call this and expose the services
+ * through their transport.
+ */
+function createAgentForge(opts) {
+    const { config, repositories, adapters = {}, tools = [], hooks } = opts;
+    const logger = adapters.logger;
+    // ─── Tool registry + runner + orchestrator ───────────────────────────────
+    const toolRegistry = new tool_registry_service_1.ToolRegistryService({ logger, initialTools: tools });
+    const runner = new agent_runner_service_1.AgentRunnerService(config.anthropic, toolRegistry, { logger });
+    const orchestrator = new orchestrator_service_1.OrchestratorService(config.anthropic, runner, {
+        agents: config.agents ?? [],
+        logger,
+    });
+    // ─── Prepared-stream store + service ─────────────────────────────────────
+    const preparedStreamStore = adapters.preparedStreamStore ?? new in_memory_prepared_stream_store_1.InMemoryPreparedStreamStore();
+    const preparedStream = new prepared_stream_service_1.PreparedStreamService(preparedStreamStore);
+    // ─── Rate limiter (defaults to in-memory) ────────────────────────────────
+    const rateLimiter = adapters.rateLimiter ?? new in_memory_1.InMemoryRateLimiter();
+    // ─── Conversations + agents ──────────────────────────────────────────────
+    const conversations = new conversation_service_1.ConversationService(repositories.conversations, repositories.messages);
+    const agents = new agent_service_1.AgentService(config.agents ?? [], runner, conversations, adapters.agentResolver, hooks);
+    // ─── Background-job worker + queue (in-memory default) ───────────────────
+    const agentJobWorker = new agent_job_worker_1.AgentJobWorker(orchestrator, conversations, {
+        logger,
+        hooks,
+    });
+    const jobQueue = adapters.jobQueue ??
+        new in_memory_2.InMemoryJobQueue((payload, ctx) => agentJobWorker.process(payload, ctx));
+    return {
+        config,
+        toolRegistry,
+        runner,
+        orchestrator,
+        preparedStream,
+        conversations,
+        agents,
+        rateLimiter,
+        jobQueue,
+        agentJobWorker,
+    };
+}

package/dist/index.d.ts

@@ -0,0 +1,14 @@
+export { AGENT_FORGE_CONFIG, AGENT_QUEUE_NAME, CURRENT_USER, } from './constants';
+export * from './types';
+export * from './domain';
+export * from './repositories';
+export * from './repositories/in-memory';
+export { PREPARED_STREAM_STORE, type PreparedStreamStore, type PreparedStreamPayload, } from './adapters/prepared-stream/prepared-stream.types';
+export { RATE_LIMITER, type RateLimiter, type RateLimitOptions, type RateLimitResult, } from './adapters/rate-limiter/rate-limiter.types';
+export { InMemoryRateLimiter } from './adapters/rate-limiter/in-memory';
+export { RedisRateLimiter, type RedisLike } from './adapters/rate-limiter/redis';
+export { JOB_QUEUE, type JobQueue, type JobStatus, type JobState, type JobContext, type JobProcessor, type EnqueueOptions, type QueueMetrics, } from './adapters/job-queue/job-queue.types';
+export { InMemoryJobQueue, type InMemoryJobQueueOptions, } from './adapters/job-queue/in-memory';
+export * from './services';
+export type { AgentResolver, AgentRecord, AgentResolveParams, } from './services/agent.service';
+export { createAgentForge, type CreateAgentForgeOptions, type AgentForgeContainer, type AgentForgeRepositories, type AgentForgeAdapters, } from './factory';