@wopr-network/platform-core 1.10.0 → 1.12.0

package/dist/account/deletion-executor-repository.d.ts

@@ -7,11 +7,79 @@ export interface IDeletionExecutorRepository {
     markCompleted(id: string, deletionSummary: string): Promise<boolean>;
     /** Find the active (pending) deletion request for a tenant, if any. */
     findPendingByTenant(tenantId: string): Promise<DeletionRequestRow | null>;
+    deleteBotInstances(tenantId: string): Promise<number>;
+    deleteCreditTransactions(tenantId: string): Promise<number>;
+    deleteCreditBalances(tenantId: string): Promise<number>;
+    deleteCreditAdjustments(tenantId: string): Promise<number | null>;
+    deleteMeterEvents(tenantId: string): Promise<number>;
+    deleteUsageSummaries(tenantId: string): Promise<number>;
+    deleteBillingPeriodSummaries(tenantId: string): Promise<number>;
+    deleteStripeUsageReports(tenantId: string): Promise<number>;
+    deleteNotificationQueue(tenantId: string): Promise<number>;
+    deleteNotificationPreferences(tenantId: string): Promise<number>;
+    deleteEmailNotifications(tenantId: string): Promise<number>;
+    deleteAuditLog(tenantId: string): Promise<number>;
+    anonymizeAuditLog(tenantId: string): Promise<number>;
+    deleteAdminNotes(tenantId: string): Promise<number>;
+    listSnapshotS3Keys(tenantId: string): Promise<{
+        id: string;
+        s3Key: string | null;
+    }[]>;
+    deleteSnapshots(tenantId: string): Promise<number>;
+    deleteBackupStatus(tenantId: string): Promise<number>;
+    deletePayramCharges(tenantId: string): Promise<number>;
+    deleteTenantStatus(tenantId: string): Promise<number>;
+    deleteUserRolesByUser(tenantId: string): Promise<number>;
+    deleteUserRolesByTenant(tenantId: string): Promise<number>;
+    deleteTenantCustomers(tenantId: string): Promise<number>;
+    deleteAuthUser(tenantId: string): Promise<{
+        sessionChanges: number;
+        accountChanges: number;
+        verificationChanges: number;
+        userChanges: number;
+    }>;
 }
 export declare class DrizzleDeletionExecutorRepository implements IDeletionExecutorRepository {
     private readonly db;
-    constructor(db: PlatformDb);
+    private readonly authDb?;
+    constructor(db: PlatformDb, authDb?: {
+        query: (sql: string, params?: unknown[]) => Promise<{
+            affectedRows?: number;
+            rowCount?: number;
+        }>;
+    } | undefined);
     findRipe(now: string): Promise<DeletionRequestRow[]>;
     markCompleted(id: string, deletionSummary: string): Promise<boolean>;
     findPendingByTenant(tenantId: string): Promise<DeletionRequestRow | null>;
+    deleteBotInstances(tenantId: string): Promise<number>;
+    deleteCreditTransactions(tenantId: string): Promise<number>;
+    deleteCreditBalances(tenantId: string): Promise<number>;
+    deleteCreditAdjustments(tenantId: string): Promise<number | null>;
+    deleteMeterEvents(tenantId: string): Promise<number>;
+    deleteUsageSummaries(tenantId: string): Promise<number>;
+    deleteBillingPeriodSummaries(tenantId: string): Promise<number>;
+    deleteStripeUsageReports(tenantId: string): Promise<number>;
+    deleteNotificationQueue(tenantId: string): Promise<number>;
+    deleteNotificationPreferences(tenantId: string): Promise<number>;
+    deleteEmailNotifications(tenantId: string): Promise<number>;
+    deleteAuditLog(tenantId: string): Promise<number>;
+    anonymizeAuditLog(tenantId: string): Promise<number>;
+    deleteAdminNotes(tenantId: string): Promise<number>;
+    listSnapshotS3Keys(tenantId: string): Promise<{
+        id: string;
+        s3Key: string | null;
+    }[]>;
+    deleteSnapshots(tenantId: string): Promise<number>;
+    deleteBackupStatus(tenantId: string): Promise<number>;
+    deletePayramCharges(tenantId: string): Promise<number>;
+    deleteTenantStatus(tenantId: string): Promise<number>;
+    deleteUserRolesByUser(tenantId: string): Promise<number>;
+    deleteUserRolesByTenant(tenantId: string): Promise<number>;
+    deleteTenantCustomers(tenantId: string): Promise<number>;
+    deleteAuthUser(tenantId: string): Promise<{
+        sessionChanges: number;
+        accountChanges: number;
+        verificationChanges: number;
+        userChanges: number;
+    }>;
 }

package/dist/account/deletion-executor-repository.js

@@ -1,13 +1,15 @@
-import { and, eq, lte, sql } from "drizzle-orm";
-import { accountDeletionRequests } from "../db/schema/index.js";
+import { and, eq, like, lte, or, sql } from "drizzle-orm";
+import { accountDeletionRequests, adminAuditLog, adminNotes, auditLog, backupStatus, billingPeriodSummaries, botInstances, creditBalances, creditTransactions, emailNotifications, meterEvents, notificationPreferences, notificationQueue, payramCharges, snapshots, stripeUsageReports, tenantCustomers, tenantStatus, usageSummaries, userRoles, } from "../db/schema/index.js";
 import { toRow } from "./deletion-repository.js";
 // ---------------------------------------------------------------------------
 // Implementation
 // ---------------------------------------------------------------------------
 export class DrizzleDeletionExecutorRepository {
     db;
-    constructor(db) {
+    authDb;
+    constructor(db, authDb) {
         this.db = db;
+        this.authDb = authDb;
     }
     async findRipe(now) {
         const rows = await this.db
@@ -38,4 +40,194 @@ export class DrizzleDeletionExecutorRepository {
         const row = rows[0];
         return row ? toRow(row) : null;
     }
+    // --- Data deletion methods ---
+    async deleteBotInstances(tenantId) {
+        const result = await this.db
+            .delete(botInstances)
+            .where(eq(botInstances.tenantId, tenantId))
+            .returning({ id: botInstances.id });
+        return result.length;
+    }
+    async deleteCreditTransactions(tenantId) {
+        const result = await this.db
+            .delete(creditTransactions)
+            .where(eq(creditTransactions.tenantId, tenantId))
+            .returning({ id: creditTransactions.id });
+        return result.length;
+    }
+    async deleteCreditBalances(tenantId) {
+        const result = await this.db
+            .delete(creditBalances)
+            .where(eq(creditBalances.tenantId, tenantId))
+            .returning({ tenantId: creditBalances.tenantId });
+        return result.length;
+    }
+    async deleteCreditAdjustments(tenantId) {
+        // raw SQL: credit_adjustments is not in the Drizzle schema (optional table)
+        try {
+            const result = await this.db.execute(sql `DELETE FROM credit_adjustments WHERE tenant_id = ${tenantId}`);
+            return result.rowCount ?? 0;
+        }
+        catch (err) {
+            const pgCode = err.code;
+            if (pgCode === "42P01")
+                return null; // table does not exist
+            throw err;
+        }
+    }
+    async deleteMeterEvents(tenantId) {
+        const result = await this.db
+            .delete(meterEvents)
+            .where(eq(meterEvents.tenant, tenantId))
+            .returning({ id: meterEvents.id });
+        return result.length;
+    }
+    async deleteUsageSummaries(tenantId) {
+        const result = await this.db
+            .delete(usageSummaries)
+            .where(eq(usageSummaries.tenant, tenantId))
+            .returning({ id: usageSummaries.id });
+        return result.length;
+    }
+    async deleteBillingPeriodSummaries(tenantId) {
+        const result = await this.db
+            .delete(billingPeriodSummaries)
+            .where(eq(billingPeriodSummaries.tenant, tenantId))
+            .returning({ id: billingPeriodSummaries.id });
+        return result.length;
+    }
+    async deleteStripeUsageReports(tenantId) {
+        const result = await this.db
+            .delete(stripeUsageReports)
+            .where(eq(stripeUsageReports.tenant, tenantId))
+            .returning({ id: stripeUsageReports.id });
+        return result.length;
+    }
+    async deleteNotificationQueue(tenantId) {
+        const result = await this.db
+            .delete(notificationQueue)
+            .where(eq(notificationQueue.tenantId, tenantId))
+            .returning({ id: notificationQueue.id });
+        return result.length;
+    }
+    async deleteNotificationPreferences(tenantId) {
+        const result = await this.db
+            .delete(notificationPreferences)
+            .where(eq(notificationPreferences.tenantId, tenantId))
+            .returning({ tenantId: notificationPreferences.tenantId });
+        return result.length;
+    }
+    async deleteEmailNotifications(tenantId) {
+        const result = await this.db
+            .delete(emailNotifications)
+            .where(eq(emailNotifications.tenantId, tenantId))
+            .returning({ id: emailNotifications.id });
+        return result.length;
+    }
+    async deleteAuditLog(tenantId) {
+        const result = await this.db.delete(auditLog).where(eq(auditLog.userId, tenantId)).returning({ id: auditLog.id });
+        return result.length;
+    }
+    async anonymizeAuditLog(tenantId) {
+        const result = await this.db
+            .update(adminAuditLog)
+            .set({ targetTenant: "[deleted]", targetUser: "[deleted]" })
+            .where(or(eq(adminAuditLog.targetTenant, tenantId), eq(adminAuditLog.targetUser, tenantId)))
+            .returning({ id: adminAuditLog.id });
+        return result.length;
+    }
+    async deleteAdminNotes(tenantId) {
+        const result = await this.db
+            .delete(adminNotes)
+            .where(eq(adminNotes.tenantId, tenantId))
+            .returning({ id: adminNotes.id });
+        return result.length;
+    }
+    async listSnapshotS3Keys(tenantId) {
+        const rows = await this.db
+            .select({ id: snapshots.id, s3Key: snapshots.s3Key })
+            .from(snapshots)
+            .where(eq(snapshots.tenant, tenantId));
+        return rows;
+    }
+    async deleteSnapshots(tenantId) {
+        const result = await this.db
+            .delete(snapshots)
+            .where(eq(snapshots.tenant, tenantId))
+            .returning({ id: snapshots.id });
+        return result.length;
+    }
+    async deleteBackupStatus(tenantId) {
+        // Escape LIKE wildcards in tenantId to prevent injection
+        const safeTenantId = tenantId.replace(/%/g, "\\%").replace(/_/g, "\\_");
+        // backup_status uses containerId with pattern "tenant_{id}_..."
+        const result = await this.db
+            .delete(backupStatus)
+            .where(like(backupStatus.containerId, `tenant_${safeTenantId}%`))
+            .returning({ containerId: backupStatus.containerId });
+        return result.length;
+    }
+    async deletePayramCharges(tenantId) {
+        const result = await this.db
+            .delete(payramCharges)
+            .where(eq(payramCharges.tenantId, tenantId))
+            .returning({ referenceId: payramCharges.referenceId });
+        return result.length;
+    }
+    async deleteTenantStatus(tenantId) {
+        const result = await this.db
+            .delete(tenantStatus)
+            .where(eq(tenantStatus.tenantId, tenantId))
+            .returning({ tenantId: tenantStatus.tenantId });
+        return result.length;
+    }
+    async deleteUserRolesByUser(tenantId) {
+        const result = await this.db
+            .delete(userRoles)
+            .where(eq(userRoles.userId, tenantId))
+            .returning({ userId: userRoles.userId });
+        return result.length;
+    }
+    async deleteUserRolesByTenant(tenantId) {
+        const result = await this.db
+            .delete(userRoles)
+            .where(eq(userRoles.tenantId, tenantId))
+            .returning({ userId: userRoles.userId });
+        return result.length;
+    }
+    async deleteTenantCustomers(tenantId) {
+        const result = await this.db
+            .delete(tenantCustomers)
+            .where(eq(tenantCustomers.tenant, tenantId))
+            .returning({ tenant: tenantCustomers.tenant });
+        return result.length;
+    }
+    async deleteAuthUser(tenantId) {
+        if (!this.authDb) {
+            return { sessionChanges: 0, accountChanges: 0, verificationChanges: 0, userChanges: 0 };
+        }
+        const getCount = (result) => result.affectedRows ?? result.rowCount ?? 0;
+        // raw SQL: better-auth tables are not in the Drizzle schema
+        // Wrapped in a transaction — all four DELETEs must succeed or none.
+        await this.authDb.query("BEGIN", []);
+        try {
+            const sessionResult = await this.authDb.query(`DELETE FROM session WHERE user_id = $1`, [tenantId]);
+            const accountResult = await this.authDb.query(`DELETE FROM account WHERE user_id = $1`, [tenantId]);
+            const verificationResult = await this.authDb.query(`DELETE FROM email_verification_tokens WHERE user_id = $1`, [
+                tenantId,
+            ]);
+            const userResult = await this.authDb.query(`DELETE FROM "user" WHERE id = $1`, [tenantId]);
+            await this.authDb.query("COMMIT", []);
+            return {
+                sessionChanges: getCount(sessionResult),
+                accountChanges: getCount(accountResult),
+                verificationChanges: getCount(verificationResult),
+                userChanges: getCount(userResult),
+            };
+        }
+        catch (err) {
+            await this.authDb.query("ROLLBACK", []);
+            throw err;
+        }
+    }
 }

package/dist/account/deletion-repository.d.ts

@@ -1,12 +1,23 @@
 import type { PlatformDb } from "../db/index.js";
 import { accountDeletionRequests } from "../db/schema/index.js";
-import type { DeletionRequestRow, InsertDeletionRequest } from "./repository-types.js";
+import type { DeletionRequestRow, DeletionStatus, InsertDeletionRequest } from "./repository-types.js";
 export type { DeletionRequestRow, InsertDeletionRequest };
 export interface IDeletionRepository {
     insert(data: InsertDeletionRequest): Promise<void>;
     getById(id: string): Promise<DeletionRequestRow | null>;
     listByTenant(tenantId: string): Promise<DeletionRequestRow[]>;
+    getPendingForTenant(tenantId: string): Promise<DeletionRequestRow | null>;
     cancel(id: string, cancelReason: string): Promise<boolean>;
+    markCompleted(id: string, summary: string): Promise<void>;
+    findExpired(): Promise<DeletionRequestRow[]>;
+    list(opts: {
+        status?: DeletionStatus;
+        limit: number;
+        offset: number;
+    }): Promise<{
+        requests: DeletionRequestRow[];
+        total: number;
+    }>;
 }
 export declare class DrizzleDeletionRepository implements IDeletionRepository {
     private readonly db;
@@ -14,6 +25,17 @@ export declare class DrizzleDeletionRepository implements IDeletionRepository {
     insert(data: InsertDeletionRequest): Promise<void>;
     getById(id: string): Promise<DeletionRequestRow | null>;
     listByTenant(tenantId: string): Promise<DeletionRequestRow[]>;
+    getPendingForTenant(tenantId: string): Promise<DeletionRequestRow | null>;
     cancel(id: string, cancelReason: string): Promise<boolean>;
+    markCompleted(id: string, summary: string): Promise<void>;
+    findExpired(): Promise<DeletionRequestRow[]>;
+    list(opts: {
+        status?: DeletionStatus;
+        limit: number;
+        offset: number;
+    }): Promise<{
+        requests: DeletionRequestRow[];
+        total: number;
+    }>;
 }
 export declare function toRow(row: typeof accountDeletionRequests.$inferSelect): DeletionRequestRow;

package/dist/account/deletion-repository.js

@@ -1,4 +1,4 @@
-import { and, eq, sql } from "drizzle-orm";
+import { and, count, desc, eq, lte, sql } from "drizzle-orm";
 import { accountDeletionRequests } from "../db/schema/index.js";
 // ---------------------------------------------------------------------------
 // Implementation
@@ -9,11 +9,12 @@ export class DrizzleDeletionRepository {
         this.db = db;
     }
     async insert(data) {
+        const deleteAfter = data.deleteAfter ?? new Date(Date.now() + (data.graceDays ?? 30) * 24 * 60 * 60 * 1000).toISOString();
         await this.db.insert(accountDeletionRequests).values({
             id: data.id,
             tenantId: data.tenantId,
             requestedBy: data.requestedBy,
-            deleteAfter: data.deleteAfter,
+            deleteAfter,
             reason: data.reason ?? null,
         });
     }
@@ -29,6 +30,15 @@ export class DrizzleDeletionRepository {
             .where(eq(accountDeletionRequests.tenantId, tenantId));
         return rows.map(toRow);
     }
+    async getPendingForTenant(tenantId) {
+        const rows = await this.db
+            .select()
+            .from(accountDeletionRequests)
+            .where(and(eq(accountDeletionRequests.tenantId, tenantId), eq(accountDeletionRequests.status, "pending")))
+            .limit(1);
+        const row = rows[0];
+        return row ? toRow(row) : null;
+    }
     async cancel(id, cancelReason) {
         const result = await this.db
             .update(accountDeletionRequests)
@@ -41,6 +51,41 @@ export class DrizzleDeletionRepository {
             .returning({ id: accountDeletionRequests.id });
         return result.length > 0;
     }
+    async markCompleted(id, summary) {
+        await this.db
+            .update(accountDeletionRequests)
+            .set({
+            status: "completed",
+            completedAt: sql `now()`,
+            deletionSummary: summary,
+            updatedAt: sql `now()`,
+        })
+            .where(and(eq(accountDeletionRequests.id, id), eq(accountDeletionRequests.status, "pending")));
+    }
+    async findExpired() {
+        const rows = await this.db
+            .select()
+            .from(accountDeletionRequests)
+            .where(and(eq(accountDeletionRequests.status, "pending"), lte(accountDeletionRequests.deleteAfter, sql `now()`)));
+        return rows.map(toRow);
+    }
+    async list(opts) {
+        const conditions = opts.status ? eq(accountDeletionRequests.status, opts.status) : undefined;
+        const [rows, totalResult] = await Promise.all([
+            this.db
+                .select()
+                .from(accountDeletionRequests)
+                .where(conditions)
+                .orderBy(desc(accountDeletionRequests.createdAt))
+                .limit(opts.limit)
+                .offset(opts.offset),
+            this.db.select({ count: count() }).from(accountDeletionRequests).where(conditions),
+        ]);
+        return {
+            requests: rows.map(toRow),
+            total: totalResult[0]?.count ?? 0,
+        };
+    }
 }
 // ---------------------------------------------------------------------------
 // Row mapper

package/dist/account/export-repository.d.ts

@@ -1,5 +1,5 @@
 import type { PlatformDb } from "../db/index.js";
-import type { ExportRequestRow, InsertExportRequest } from "./repository-types.js";
+import type { ExportRequestRow, ExportStatus, InsertExportRequest } from "./repository-types.js";
 export type { ExportRequestRow, InsertExportRequest };
 export interface IExportRepository {
     insert(data: InsertExportRequest): Promise<void>;
@@ -8,6 +8,15 @@ export interface IExportRepository {
     markProcessing(id: string): Promise<boolean>;
     markCompleted(id: string, downloadUrl: string): Promise<boolean>;
     markFailed(id: string, errorMessage?: string): Promise<boolean>;
+    list(filters: {
+        status?: ExportStatus;
+        limit: number;
+        offset: number;
+    }): Promise<{
+        rows: ExportRequestRow[];
+        total: number;
+    }>;
+    updateStatus(id: string, status: ExportStatus, downloadUrl?: string): Promise<void>;
 }
 export declare class DrizzleExportRepository implements IExportRepository {
     private readonly db;
@@ -18,4 +27,13 @@ export declare class DrizzleExportRepository implements IExportRepository {
     markProcessing(id: string): Promise<boolean>;
     markCompleted(id: string, downloadUrl: string): Promise<boolean>;
     markFailed(id: string, _errorMessage?: string): Promise<boolean>;
+    list(filters: {
+        status?: ExportStatus;
+        limit: number;
+        offset: number;
+    }): Promise<{
+        rows: ExportRequestRow[];
+        total: number;
+    }>;
+    updateStatus(id: string, status: ExportStatus, downloadUrl?: string): Promise<void>;
 }

package/dist/account/export-repository.js

@@ -1,4 +1,4 @@
-import { and, eq, sql } from "drizzle-orm";
+import { and, count, desc, eq, sql } from "drizzle-orm";
 import { accountExportRequests } from "../db/schema/index.js";
 // ---------------------------------------------------------------------------
 // Implementation
@@ -59,6 +59,34 @@ export class DrizzleExportRepository {
             .returning({ id: accountExportRequests.id });
         return result.length > 0;
     }
+    async list(filters) {
+        const conditions = filters.status ? eq(accountExportRequests.status, filters.status) : undefined;
+        const [rows, totalResult] = await Promise.all([
+            this.db
+                .select()
+                .from(accountExportRequests)
+                .where(conditions)
+                .orderBy(desc(accountExportRequests.createdAt))
+                .limit(filters.limit)
+                .offset(filters.offset),
+            this.db.select({ count: count() }).from(accountExportRequests).where(conditions),
+        ]);
+        return {
+            rows: rows.map(toRow),
+            total: totalResult[0]?.count ?? 0,
+        };
+    }
+    async updateStatus(id, status, downloadUrl) {
+        await this.db
+            .update(accountExportRequests)
+            .set({
+            status,
+            // Clear stale downloadUrl when transitioning away from completed
+            downloadUrl: downloadUrl ?? (status === "completed" ? undefined : null),
+            updatedAt: sql `now()`,
+        })
+            .where(eq(accountExportRequests.id, id));
+    }
 }
 // ---------------------------------------------------------------------------
 // Row mapper

package/dist/account/repository-types.d.ts

@@ -17,8 +17,11 @@ export interface InsertDeletionRequest {
     id: string;
     tenantId: string;
     requestedBy: string;
-    deleteAfter: string;
-    reason?: string;
+    /** Explicit ISO timestamp for when deletion should execute. */
+    deleteAfter?: string;
+    /** Number of grace days from now. Used if deleteAfter is not provided. */
+    graceDays?: number;
+    reason?: string | null;
 }
 export interface ExportRequestRow {
     id: string;

package/dist/auth/middleware.d.ts

@@ -15,6 +15,8 @@ import type { Context, Next } from "hono";
 import type { IApiKeyRepository } from "./api-key-repository.js";
 import type { Auth } from "./better-auth.js";
 import type { AuthUser } from "./index.js";
+/** Minimum length for API key tokens (rejects obviously short tokens). */
+export declare const MIN_API_KEY_LENGTH = 22;
 export interface SessionAuthEnv {
     Variables: {
         user: AuthUser;

package/dist/auth/middleware.js

@@ -12,6 +12,8 @@
  * If neither is present, the request is rejected with 401.
  */
 import { createHash } from "node:crypto";
+/** Minimum length for API key tokens (rejects obviously short tokens). */
+export const MIN_API_KEY_LENGTH = 22;
 /**
  * Create middleware that authenticates requests via better-auth session cookies.
  *

package/dist/db/index.d.ts

@@ -15,6 +15,9 @@ export type PlatformDb = DrizzleDb;
 /** Create a Drizzle database instance wrapping the given pg.Pool. */
 export declare function createDb(pool: Pool): PlatformDb;
 export { schema };
+export type { SQL } from "drizzle-orm";
+export { and, asc, count, desc, eq, gt, gte, ilike, inArray, isNull, like, lt, lte, ne, or, sql } from "drizzle-orm";
+export { pgTable, text } from "drizzle-orm/pg-core";
 export type { AuthUser, IAuthUserRepository } from "./auth-user-repository.js";
 export { BetterAuthUserRepository } from "./auth-user-repository.js";
 export { creditColumn } from "./credit-column.js";

package/dist/db/index.js

@@ -5,5 +5,10 @@ export function createDb(pool) {
     return drizzle(pool, { schema });
 }
 export { schema };
+// Re-export commonly used drizzle-orm operators so consumers using pnpm link
+// resolve them from the same drizzle-orm instance as the schema tables.
+export { and, asc, count, desc, eq, gt, gte, ilike, inArray, isNull, like, lt, lte, ne, or, sql } from "drizzle-orm";
+// Re-export pg-core table builders for consumers that define local tables.
+export { pgTable, text } from "drizzle-orm/pg-core";
 export { BetterAuthUserRepository } from "./auth-user-repository.js";
 export { creditColumn } from "./credit-column.js";

package/dist/monetization/adapters/bootstrap.d.ts

@@ -12,11 +12,10 @@
  *   - tts (Chatterbox GPU, ElevenLabs)
  *   - transcription (Deepgram)
  *   - embeddings (OpenRouter)
- *
- * Image-generation (Nano Banana, Replicate) will be wired once the
- * image-gen-factory PR merges.
+ *   - image-generation (Replicate, Nano Banana)
  */
 import { type EmbeddingsFactoryConfig } from "./embeddings-factory.js";
+import { type ImageGenFactoryConfig } from "./image-gen-factory.js";
 import { type TextGenFactoryConfig } from "./text-gen-factory.js";
 import { type TranscriptionFactoryConfig } from "./transcription-factory.js";
 import { type TTSFactoryConfig } from "./tts-factory.js";
@@ -31,6 +30,8 @@ export interface BootstrapConfig {
     transcription?: TranscriptionFactoryConfig;
     /** Embeddings adapter config */
     embeddings?: EmbeddingsFactoryConfig;
+    /** Image generation adapter config */
+    imageGen?: ImageGenFactoryConfig;
 }
 /** Result of bootstrapping all adapters. */
 export interface BootstrapResult {
@@ -42,6 +43,12 @@ export interface BootstrapResult {
      * capabilities (e.g. OpenRouter for both text-gen and embeddings). Each
      * instance is independently configured. Use the per-capability factory
      * results if you need a name→adapter map within a single capability.
+     *
+     * NOTE: Some adapters advertise more capabilities than the factory that
+     * created them (e.g. Replicate advertises text-generation and transcription
+     * in addition to image-generation). The ArbitrageRouter should use the
+     * factory-assigned capability (reflected in byCapability), not the adapter's
+     * own capabilities array, for routing decisions.
      */
     adapters: ProviderAdapter[];
     /** Names of providers that were skipped (missing config), grouped by capability. */
@@ -68,6 +75,7 @@ export declare function bootstrapAdapters(config: BootstrapConfig): BootstrapRes
  *   - CHATTERBOX_BASE_URL, ELEVENLABS_API_KEY (TTS)
  *   - DEEPGRAM_API_KEY (transcription)
  *   - OPENROUTER_API_KEY (embeddings)
+ *   - REPLICATE_API_TOKEN, NANO_BANANA_API_KEY (image-gen)
  *
  * Accepts optional per-capability config overrides.
  */

package/dist/monetization/adapters/bootstrap.js

@@ -12,11 +12,10 @@
  *   - tts (Chatterbox GPU, ElevenLabs)
  *   - transcription (Deepgram)
  *   - embeddings (OpenRouter)
- *
- * Image-generation (Nano Banana, Replicate) will be wired once the
- * image-gen-factory PR merges.
+ *   - image-generation (Replicate, Nano Banana)
  */
 import { createEmbeddingsAdapters } from "./embeddings-factory.js";
+import { createImageGenAdapters } from "./image-gen-factory.js";
 import { createTextGenAdapters } from "./text-gen-factory.js";
 import { createTranscriptionAdapters } from "./transcription-factory.js";
 import { createTTSAdapters } from "./tts-factory.js";
@@ -31,11 +30,13 @@ export function bootstrapAdapters(config) {
     const tts = createTTSAdapters(config.tts ?? {});
     const transcription = createTranscriptionAdapters(config.transcription ?? {});
     const embeddings = createEmbeddingsAdapters(config.embeddings ?? {});
+    const imageGen = createImageGenAdapters(config.imageGen ?? {});
     const adapters = [
         ...textGen.adapters,
         ...tts.adapters,
         ...transcription.adapters,
         ...embeddings.adapters,
+        ...imageGen.adapters,
     ];
     const skipped = {};
     if (textGen.skipped.length > 0)
@@ -46,6 +47,8 @@ export function bootstrapAdapters(config) {
         skipped.transcription = transcription.skipped;
     if (embeddings.skipped.length > 0)
         skipped.embeddings = embeddings.skipped;
+    if (imageGen.skipped.length > 0)
+        skipped["image-generation"] = imageGen.skipped;
     let totalSkipped = 0;
     for (const list of Object.values(skipped)) {
         totalSkipped += list.length;
@@ -61,6 +64,7 @@ export function bootstrapAdapters(config) {
                 tts: tts.adapters.length,
                 transcription: transcription.adapters.length,
                 embeddings: embeddings.adapters.length,
+                "image-generation": imageGen.adapters.length,
             },
         },
     };
@@ -73,6 +77,7 @@ export function bootstrapAdapters(config) {
  *   - CHATTERBOX_BASE_URL, ELEVENLABS_API_KEY (TTS)
  *   - DEEPGRAM_API_KEY (transcription)
  *   - OPENROUTER_API_KEY (embeddings)
+ *   - REPLICATE_API_TOKEN, NANO_BANANA_API_KEY (image-gen)
  *
  * Accepts optional per-capability config overrides.
  */
@@ -99,5 +104,12 @@ export function bootstrapAdaptersFromEnv(overrides) {
             openrouterApiKey: process.env.OPENROUTER_API_KEY,
             ...overrides?.embeddings,
         },
+        imageGen: {
+            replicateApiToken: process.env.REPLICATE_API_TOKEN,
+            // Separate env var from GEMINI_API_KEY (used for text-gen) to avoid
+            // silently enabling image-gen when only text-gen is intended.
+            geminiApiKey: process.env.NANO_BANANA_API_KEY,
+            ...overrides?.imageGen,
+        },
     });
 }