@agentforge-io/core 2.0.23 → 2.1.0

package/dist/domain/platform-secret.d.ts

@@ -1,24 +0,0 @@
-export interface PlatformSecret {
-    id: string;
-    /** Stable identifier matching the canonical env-var name. */
-    key: string;
-    /** Encrypted blob: AES-GCM `iv | ciphertext | tag`. Persisted as bytea. */
-    valueEncrypted: Buffer;
-    /** Last 4 chars of the plaintext (or "••••" when too short). UI display. */
-    valueHint: string;
-    /** Free-form description shown next to the field in the admin UI. */
-    description?: string;
-    /** User who last wrote this row. Optional because the first import from
-     *  .env may have no user attached. */
-    updatedByUserId?: string;
-    createdAt: Date;
-    updatedAt: Date;
-}
-export interface NewPlatformSecret {
-    key: string;
-    valueEncrypted: Buffer;
-    valueHint: string;
-    description?: string;
-    updatedByUserId?: string;
-}
-export type PlatformSecretPatch = Partial<Pick<PlatformSecret, 'valueEncrypted' | 'valueHint' | 'description' | 'updatedByUserId'>>;

package/dist/domain/platform-secret.js

@@ -1,8 +0,0 @@
-"use strict";
-// Domain type for platform-wide secrets (Tavily/Brave/Stripe/Anthropic).
-//
-// Note what's MISSING: the plaintext value. The plaintext only exists at
-// two moments in the system's life — when the operator types it into the
-// UI, and during the boot-time decrypt inside SecretsService. Anything
-// else (repos, API responses, logs) must work off the hint + ciphertext.
-Object.defineProperty(exports, "__esModule", { value: true });

package/dist/domain/refresh-token.d.ts

@@ -1,15 +0,0 @@
-export interface RefreshToken {
-    id: string;
-    userId: string;
-    tokenHash: string;
-    family: string;
-    expiresAt: Date;
-    revokedAt?: Date;
-    replacedById?: string;
-    userAgent?: string;
-    ip?: string;
-    createdAt: Date;
-    lastUsedAt?: Date;
-}
-export type NewRefreshToken = Omit<RefreshToken, 'id' | 'createdAt'>;
-export type RefreshTokenPatch = Partial<Omit<RefreshToken, 'id' | 'createdAt'>>;

package/dist/domain/refresh-token.js

@@ -1,2 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });

package/dist/domain/subscription.d.ts

@@ -1,21 +0,0 @@
-import type { SubscriptionStatus } from '../types/billing.types';
-export interface Subscription {
-    id: string;
-    /** End-user subscription. Set for B2C; may be null in B2B mode where the
-     *  payer is the tenant, not an individual user. */
-    userId?: string;
-    /** Tenant subscription. Set in B2B mode; null for B2C/end-user subs. */
-    tenantId?: string;
-    planId: string;
-    status: SubscriptionStatus;
-    providerSubscriptionId?: string;
-    providerCustomerId?: string;
-    currentPeriodStart?: Date;
-    currentPeriodEnd?: Date;
-    trialEnd?: Date;
-    cancelAtPeriodEnd: boolean;
-    createdAt: Date;
-    updatedAt: Date;
-}
-export type NewSubscription = Omit<Subscription, 'id' | 'createdAt' | 'updatedAt'>;
-export type SubscriptionPatch = Partial<Omit<Subscription, 'id' | 'createdAt' | 'updatedAt'>>;

package/dist/domain/subscription.js

@@ -1,2 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });

package/dist/domain/tenant.d.ts

@@ -1,21 +0,0 @@
-/**
- * A Tenant (a.k.a. "client") is a consumer service that signed up to use
- * AgentForge as a backend. Every B2B request carries an API key that resolves
- * to one Tenant, and all data is scoped under it. The Tenant's `ownerUserId`
- * points at a User row (the human admin who manages the tenant).
- */
-export interface Tenant {
-    id: string;
-    name: string;
-    /** UserId of the human admin who manages this tenant. */
-    ownerUserId: string;
-    planId: string;
-    /** Stripe (or other provider) customer id — lazy-created on first checkout. */
-    providerCustomerId?: string;
-    metadata?: Record<string, unknown>;
-    isActive: boolean;
-    createdAt: Date;
-    updatedAt: Date;
-}
-export type NewTenant = Pick<Tenant, 'id' | 'name' | 'ownerUserId'> & Partial<Omit<Tenant, 'id' | 'name' | 'ownerUserId' | 'createdAt' | 'updatedAt'>>;
-export type TenantPatch = Partial<Omit<Tenant, 'id' | 'createdAt' | 'updatedAt'>>;

package/dist/domain/tenant.js

@@ -1,2 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });

package/dist/domain/usage-record.d.ts

@@ -1,15 +0,0 @@
-export interface UsageRecord {
-    id: string;
-    userId: string;
-    conversationId: string;
-    messageId: string;
-    agentId: string;
-    inputTokens: number;
-    outputTokens: number;
-    totalTokens: number;
-    requestCount: number;
-    /** YYYY-MM bucket used by quota counters. */
-    billingPeriod: string;
-    recordedAt: Date;
-}
-export type NewUsageRecord = Omit<UsageRecord, 'id'>;

package/dist/domain/usage-record.js

@@ -1,2 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });

package/dist/domain/user.d.ts

@@ -1,43 +0,0 @@
-/**
- * Roles in AgentForge's RBAC.
- *
- *   - `user`           — default. Can own tenants, manage their own API keys,
- *                        view their billing. Bulk of signups land here.
- *   - `platform_admin` — operator of the AgentForge instance. Can edit the
- *                        plan catalog, manage users, and any other endpoint
- *                        that operates at instance scope.
- *
- * Bootstrap: the very first user registered on a fresh install is auto-
- * promoted to `platform_admin` (since there's nobody else to grant it).
- * Subsequent users default to `user`; existing platform admins can promote
- * them via the admin UI.
- */
-export type UserRole = 'user' | 'platform_admin';
-/**
- * Plain domain shape for a User. Mirrors the columns of `af_users` but is
- * deliberately decoupled from TypeORM (no decorators, no `@Entity`). Each
- * adapter is free to back this with TypeORM, Prisma, Drizzle, raw SQL, etc.
- */
-export interface User {
-    id: string;
-    email?: string;
-    name?: string;
-    passwordHash?: string;
-    authProvider?: string;
-    providerCustomerId?: string;
-    currentPlanId: string;
-    creditsBalance: number;
-    /** RBAC role. See {@link UserRole} for semantics. */
-    role: UserRole;
-    externalId?: string;
-    metadata?: Record<string, unknown>;
-    isActive: boolean;
-    failedLoginCount: number;
-    lockedUntil?: Date;
-    lastLoginAt?: Date;
-    emailVerifiedAt?: Date;
-    createdAt: Date;
-    updatedAt: Date;
-}
-export type NewUser = Pick<User, 'id'> & Partial<Omit<User, 'id' | 'createdAt' | 'updatedAt'>>;
-export type UserPatch = Partial<Omit<User, 'id' | 'createdAt' | 'updatedAt'>>;

package/dist/domain/user.js

@@ -1,2 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });

package/dist/services/agent-config.service.d.ts

@@ -1,45 +0,0 @@
-import type { AgentConfigRepository, AgentConfigListOptions, AgentConfigListResult } from '../repositories';
-import type { AgentRecord, AgentRecordPatch } from '../domain/agent';
-export declare class AgentConfigError extends Error {
-    status: number;
-    code: 'not_found' | 'duplicate_slug' | 'invalid' | 'forbidden';
-    constructor(code: AgentConfigError['code'], message: string);
-}
-export interface AgentConfigCreateInput {
-    tenantId: string;
-    slug: string;
-    name: string;
-    systemPrompt: string;
-    description?: string;
-    model?: string;
-    context?: string;
-    temperature?: number;
-    topP?: number;
-    maxTokens?: number;
-    tools?: string[];
-    isActive?: boolean;
-    createdByUserId?: string;
-    metadata?: Record<string, unknown>;
-}
-/**
- * Application-level CRUD for per-tenant agent configurations. Controllers
- * call this — they do NOT touch the repository directly so we can keep
- * validation (slug format, unique-per-tenant) in one place.
- */
-export declare class AgentConfigService {
-    private readonly repo;
-    constructor(repo: AgentConfigRepository);
-    create(input: AgentConfigCreateInput): Promise<AgentRecord>;
-    getById(id: string): Promise<AgentRecord>;
-    /**
-     * Confirms the agent belongs to `tenantId`. Used by admin endpoints so a
-     * tenant can't fetch another tenant's agent by guessing the id.
-     */
-    getByIdForTenant(id: string, tenantId: string): Promise<AgentRecord>;
-    /** SDK hot path. Returns null on miss — callers decide whether to 404 or
-     *  fall back to the legacy hardcoded array. */
-    findBySlug(tenantId: string, slug: string): Promise<AgentRecord | null>;
-    listForTenant(tenantId: string, opts?: AgentConfigListOptions): Promise<AgentConfigListResult>;
-    update(id: string, tenantId: string, patch: AgentRecordPatch): Promise<AgentRecord>;
-    deactivate(id: string, tenantId: string): Promise<void>;
-}

package/dist/services/agent-config.service.js

@@ -1,114 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AgentConfigService = exports.AgentConfigError = void 0;
-const crypto_1 = require("crypto");
-class AgentConfigError extends Error {
-    constructor(code, message) {
-        super(message);
-        this.code = code;
-        this.status =
-            code === 'forbidden'
-                ? 403
-                : code === 'not_found'
-                    ? 404
-                    : code === 'duplicate_slug'
-                        ? 409
-                        : 400;
-    }
-}
-exports.AgentConfigError = AgentConfigError;
-// Slug rules are deliberately strict so they're URL-safe and predictable for
-// SDK callers: lowercase letters, digits, hyphen, underscore. Length 2..64.
-const SLUG_RE = /^[a-z0-9][a-z0-9_-]{1,62}[a-z0-9]$/;
-/**
- * Application-level CRUD for per-tenant agent configurations. Controllers
- * call this — they do NOT touch the repository directly so we can keep
- * validation (slug format, unique-per-tenant) in one place.
- */
-class AgentConfigService {
-    constructor(repo) {
-        this.repo = repo;
-    }
-    async create(input) {
-        if (!input.tenantId)
-            throw new AgentConfigError('invalid', 'tenantId is required');
-        if (!input.name?.trim())
-            throw new AgentConfigError('invalid', 'name is required');
-        if (!input.systemPrompt?.trim())
-            throw new AgentConfigError('invalid', 'systemPrompt is required');
-        const slug = input.slug.trim().toLowerCase();
-        if (!SLUG_RE.test(slug)) {
-            throw new AgentConfigError('invalid', 'slug must be 3–64 chars, lowercase letters/digits/hyphen/underscore, start and end alphanumeric');
-        }
-        const existing = await this.repo.findBySlug(input.tenantId, slug);
-        if (existing) {
-            throw new AgentConfigError('duplicate_slug', `An agent with slug "${slug}" already exists for this tenant.`);
-        }
-        const record = {
-            id: (0, crypto_1.randomUUID)(),
-            tenantId: input.tenantId,
-            slug,
-            name: input.name.trim(),
-            systemPrompt: input.systemPrompt,
-            description: input.description?.trim(),
-            model: input.model,
-            context: input.context,
-            temperature: input.temperature,
-            topP: input.topP,
-            maxTokens: input.maxTokens,
-            tools: input.tools,
-            isActive: input.isActive ?? true,
-            createdByUserId: input.createdByUserId,
-            metadata: input.metadata,
-        };
-        return this.repo.create(record);
-    }
-    async getById(id) {
-        const a = await this.repo.findById(id);
-        if (!a)
-            throw new AgentConfigError('not_found', 'Agent not found');
-        return a;
-    }
-    /**
-     * Confirms the agent belongs to `tenantId`. Used by admin endpoints so a
-     * tenant can't fetch another tenant's agent by guessing the id.
-     */
-    async getByIdForTenant(id, tenantId) {
-        const a = await this.getById(id);
-        if (a.tenantId !== tenantId) {
-            // Don't reveal existence — return not_found.
-            throw new AgentConfigError('not_found', 'Agent not found');
-        }
-        return a;
-    }
-    /** SDK hot path. Returns null on miss — callers decide whether to 404 or
-     *  fall back to the legacy hardcoded array. */
-    async findBySlug(tenantId, slug) {
-        return this.repo.findBySlug(tenantId, slug.toLowerCase());
-    }
-    async listForTenant(tenantId, opts = {}) {
-        return this.repo.listForTenant(tenantId, opts);
-    }
-    async update(id, tenantId, patch) {
-        const current = await this.getByIdForTenant(id, tenantId);
-        // Slug changes need re-validation + uniqueness check.
-        if (patch.slug !== undefined && patch.slug !== current.slug) {
-            const nextSlug = patch.slug.trim().toLowerCase();
-            if (!SLUG_RE.test(nextSlug)) {
-                throw new AgentConfigError('invalid', 'slug must be 3–64 chars, lowercase letters/digits/hyphen/underscore');
-            }
-            const dup = await this.repo.findBySlug(tenantId, nextSlug);
-            if (dup && dup.id !== id) {
-                throw new AgentConfigError('duplicate_slug', `An agent with slug "${nextSlug}" already exists for this tenant.`);
-            }
-            patch.slug = nextSlug;
-        }
-        await this.repo.update(id, patch);
-        return this.getById(id);
-    }
-    async deactivate(id, tenantId) {
-        await this.getByIdForTenant(id, tenantId);
-        await this.repo.deactivate(id);
-    }
-}
-exports.AgentConfigService = AgentConfigService;

package/dist/services/api-key.service.d.ts

@@ -1,41 +0,0 @@
-import type { ApiKeyRepository } from '../repositories';
-import type { ApiKey } from '../domain/api-key';
-export interface MintedApiKey {
-    /** Plaintext key. Only available at creation time — never persisted. */
-    key: string;
-    entity: ApiKey;
-}
-/** Operational errors. Adapters map `.status` to an HTTP code. */
-export declare class ApiKeyError extends Error {
-    status: number;
-    code: 'invalid' | 'revoked' | 'expired';
-    constructor(code: 'invalid' | 'revoked' | 'expired', message: string);
-}
-export declare class ApiKeyService {
-    private readonly repo;
-    constructor(repo: ApiKeyRepository);
-    /** Mint a new API key for a tenant. Returns the plaintext key (one-time).
-     *  Pass `agentId` to scope the key to a specific agent in the tenant —
-     *  calls with that key only resolve when the requested agent matches. */
-    issue(input: {
-        tenantId: string;
-        agentId?: string;
-        name: string;
-        scopes?: string[];
-        expiresAt?: Date;
-    }): Promise<MintedApiKey>;
-    /**
-     * Validate a presented key. Returns the matching ApiKey row (without
-     * touching the plaintext) or throws ApiKeyError. Updates lastUsedAt as a
-     * best-effort side-effect (never blocks on the write).
-     */
-    validate(rawKey: string): Promise<ApiKey>;
-    listForTenant(tenantId: string): Promise<ApiKey[]>;
-    listForAgent(tenantId: string, agentId: string): Promise<ApiKey[]>;
-    revoke(id: string): Promise<void>;
-    /** Tells callers (HTTP middleware) whether a header value looks like an API key. */
-    static isApiKeyToken(token: string | undefined | null): boolean;
-    private hash;
-}
-/** Convenience for `randomUUID` access from external callers. */
-export declare const newApiKeyId: () => `${string}-${string}-${string}-${string}-${string}`;

package/dist/services/api-key.service.js

@@ -1,80 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.newApiKeyId = exports.ApiKeyService = exports.ApiKeyError = void 0;
-const crypto_1 = require("crypto");
-const API_KEY_PREFIX_LIVE = 'ak_live_';
-/** Operational errors. Adapters map `.status` to an HTTP code. */
-class ApiKeyError extends Error {
-    constructor(code, message) {
-        super(message);
-        this.code = code;
-        this.status = 401;
-    }
-}
-exports.ApiKeyError = ApiKeyError;
-class ApiKeyService {
-    constructor(repo) {
-        this.repo = repo;
-    }
-    /** Mint a new API key for a tenant. Returns the plaintext key (one-time).
-     *  Pass `agentId` to scope the key to a specific agent in the tenant —
-     *  calls with that key only resolve when the requested agent matches. */
-    async issue(input) {
-        const random = (0, crypto_1.randomBytes)(24).toString('hex'); // 192-bit
-        const key = `${API_KEY_PREFIX_LIVE}${random}`;
-        const keyHash = this.hash(key);
-        const keyPrefix = key.slice(0, 16); // "ak_live_a1b2c3d4"
-        const entity = await this.repo.create({
-            tenantId: input.tenantId,
-            agentId: input.agentId,
-            name: input.name,
-            keyHash,
-            keyPrefix,
-            scopes: input.scopes,
-            expiresAt: input.expiresAt,
-        });
-        return { key, entity };
-    }
-    /**
-     * Validate a presented key. Returns the matching ApiKey row (without
-     * touching the plaintext) or throws ApiKeyError. Updates lastUsedAt as a
-     * best-effort side-effect (never blocks on the write).
-     */
-    async validate(rawKey) {
-        if (!rawKey?.startsWith(API_KEY_PREFIX_LIVE)) {
-            throw new ApiKeyError('invalid', 'Invalid API key');
-        }
-        const keyHash = this.hash(rawKey);
-        const apiKey = await this.repo.findByHash(keyHash);
-        if (!apiKey)
-            throw new ApiKeyError('invalid', 'Invalid API key');
-        if (apiKey.revokedAt)
-            throw new ApiKeyError('revoked', 'API key has been revoked');
-        if (apiKey.expiresAt && apiKey.expiresAt <= new Date()) {
-            throw new ApiKeyError('expired', 'API key has expired');
-        }
-        // Best-effort lastUsedAt update — fire and forget.
-        this.repo.update(apiKey.id, { lastUsedAt: new Date() }).catch(() => { });
-        return apiKey;
-    }
-    async listForTenant(tenantId) {
-        return this.repo.listByTenant(tenantId);
-    }
-    async listForAgent(tenantId, agentId) {
-        return this.repo.listByAgent(tenantId, agentId);
-    }
-    async revoke(id) {
-        await this.repo.update(id, { revokedAt: new Date() });
-    }
-    /** Tells callers (HTTP middleware) whether a header value looks like an API key. */
-    static isApiKeyToken(token) {
-        return !!token && token.startsWith(API_KEY_PREFIX_LIVE);
-    }
-    hash(raw) {
-        return (0, crypto_1.createHash)('sha256').update(raw).digest('hex');
-    }
-}
-exports.ApiKeyService = ApiKeyService;
-/** Convenience for `randomUUID` access from external callers. */
-const newApiKeyId = () => (0, crypto_1.randomUUID)();
-exports.newApiKeyId = newApiKeyId;

package/dist/services/auth.service.d.ts

@@ -1,133 +0,0 @@
-import type { UserRepository, UserListOptions, UserListResult, AuthIdentityRepository, EmailTokenRepository } from '../repositories';
-import type { User } from '../domain/user';
-import type { RefreshTokenService } from './refresh-token.service';
-import type { EmailService } from './email.service';
-import type { Logger } from './tool-registry.service';
-export interface AuthUser {
-    userId: string;
-    email?: string;
-    name?: string;
-    /** RBAC role from the `af_users.role` column. */
-    role?: 'user' | 'platform_admin';
-    /** Convenience boolean derived from `role === 'platform_admin'`. */
-    isPlatformAdmin?: boolean;
-}
-export interface AuthResult {
-    accessToken: string;
-    refreshToken: string;
-    user: {
-        id: string;
-        email?: string;
-        name?: string;
-    };
-}
-export interface SessionMeta {
-    userAgent?: string;
-    ip?: string;
-}
-export interface AuthServiceOptions {
-    jwtSecret: string;
-    /** Access-token TTL — string accepted by jsonwebtoken (e.g. '15m'). Default: '15m'. */
-    accessTokenTtl?: string;
-    /** Lock account after N consecutive failed logins. Default: 5. */
-    lockoutThreshold?: number;
-    /** Lockout duration in minutes. Default: 15. */
-    lockoutMinutes?: number;
-    /** When true, login is blocked until the user has clicked the verify link. Default: false. */
-    requireEmailVerification?: boolean;
-    /** Default plan id assigned at registration. */
-    defaultPlanId?: string;
-    /** Initial credit balance for newly-registered users. */
-    initialCredits?: number;
-    /** Verify-email token TTL in hours. Default: 24. */
-    verifyTokenTtlHours?: number;
-    /** Password-reset token TTL in minutes. Default: 60. */
-    resetTokenTtlMinutes?: number;
-    /** Hook fired after a user is created via any strategy. */
-    onUserCreated?: (user: {
-        id: string;
-        email?: string;
-        name?: string;
-    }) => void | Promise<void>;
-    logger?: Logger;
-}
-export declare class AuthService {
-    private readonly users;
-    private readonly identities;
-    private readonly emailTokens;
-    private readonly refreshTokens;
-    private readonly email;
-    private readonly opts;
-    private readonly logger;
-    constructor(users: UserRepository, identities: AuthIdentityRepository, emailTokens: EmailTokenRepository, refreshTokens: RefreshTokenService, email: EmailService, opts: AuthServiceOptions);
-    register(params: {
-        email: string;
-        password: string;
-        name?: string;
-    }, meta?: SessionMeta): Promise<AuthResult>;
-    validateCredentials(email: string, password: string): Promise<User>;
-    login(email: string, password: string, meta?: SessionMeta): Promise<AuthResult>;
-    refresh(rawToken: string, meta?: SessionMeta): Promise<AuthResult>;
-    logout(rawRefreshToken?: string): Promise<void>;
-    logoutEverywhere(userId: string): Promise<void>;
-    signInWithProvider(profile: {
-        provider: string;
-        providerId: string;
-        email?: string;
-        emailVerified?: boolean;
-        name?: string;
-        metadata?: Record<string, unknown>;
-    }, meta?: SessionMeta): Promise<AuthResult>;
-    sendVerificationEmail(user: User): Promise<void>;
-    resendVerificationEmail(userId: string): Promise<void>;
-    verifyEmail(rawToken: string): Promise<{
-        userId: string;
-    }>;
-    /** Always returns success — never reveals whether the email exists. */
-    requestPasswordReset(email: string): Promise<void>;
-    resetPassword(rawToken: string, newPassword: string): Promise<void>;
-    /**
-     * Verify a JWT and return the resolved user. Returns null if the token is
-     * invalid/expired or the user no longer exists / is disabled.
-     */
-    /**
-     * Resolve a user from their id. Used by adapter-level JWT strategies that
-     * receive the decoded token payload from passport-jwt and need to populate
-     * `req.user`.
-     */
-    getById(userId: string): Promise<AuthUser | null>;
-    verifyAccessToken(rawToken: string): Promise<AuthUser | null>;
-    private toAuthUser;
-    /**
-     * Update a user's role. Caller is responsible for authorization; this
-     * method only enforces invariants:
-     *   - Demoting a platform_admin is blocked if it would leave zero platform
-     *     admins, to prevent locking yourself out of admin operations.
-     */
-    setUserRole(userId: string, role: User['role']): Promise<User>;
-    listUsers(opts?: UserListOptions): Promise<UserListResult>;
-    /**
-     * Look up a user by id and return the full `User` row (role, plan, last
-     * login, etc.) — distinct from `getById` which returns the lightweight
-     * `AuthUser` projection used in request contexts. Used by admin detail
-     * pages. Returns null when not found.
-     */
-    getFullUserById(userId: string): Promise<User | null>;
-    /**
-     * Boot-time backfill for instances upgrading to RBAC. If no user holds the
-     * `platform_admin` role, the oldest user is promoted so the operator isn't
-     * locked out. Idempotent — no-op when at least one admin already exists.
-     *
-     * Call once from your server bootstrap after the DB is connected.
-     */
-    ensurePlatformAdminBootstrap(): Promise<void>;
-    issueSession(user: User, meta?: SessionMeta): Promise<AuthResult>;
-    private signAccess;
-    private recordFailedLogin;
-    private recordSuccessfulLogin;
-    private mintEmailToken;
-    private consumeEmailToken;
-    private hashToken;
-    cleanupExpiredEmailTokens(olderThan?: Date): Promise<number>;
-    private runCreatedHook;
-}