agentkitai
diff --git a/‎docker-compose.production.yml‎
Lines changed: 21 additions & 7 deletions b/‎docker-compose.production.yml‎
Lines changed: 21 additions & 7 deletions
diff --git a/‎docker-compose.yml‎
Lines changed: 3 additions & 3 deletions b/‎docker-compose.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎docs/events.md‎
Lines changed: 76 additions & 0 deletions b/‎docs/events.md‎
Lines changed: 76 additions & 0 deletions
diff --git a/‎packages/dashboard/src/pages/ApiKeys.tsx‎
Lines changed: 3 additions & 0 deletions b/‎packages/dashboard/src/pages/ApiKeys.tsx‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎packages/dashboard/src/pages/AuditLog.tsx‎
Lines changed: 3 additions & 0 deletions b/‎packages/dashboard/src/pages/AuditLog.tsx‎
Lines changed: 3 additions & 0 deletions
@@ -23,10 +23,13 @@ services:
       POSTGRES_USER: ${POSTGRES_USER:-agentgate}
       POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-agentgate}
       POSTGRES_DB: ${POSTGRES_DB:-agentgate}
-    ports:
-      - "${POSTGRES_PORT:-5432}:5432"
+    # Not exposed to host — only accessible within the internal network
+    expose:
+      - "5432"
     volumes:
       - postgres-data:/var/lib/postgresql/data
+    networks:
+      - agentgate-internal
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-agentgate} -d ${POSTGRES_DB:-agentgate}"]
       interval: 10s
@@ -40,13 +43,16 @@ services:
   redis:
     image: redis:7-alpine
     container_name: agentgate-redis
-    ports:
-      - "${REDIS_PORT:-6379}:6379"
+    # Not exposed to host — only accessible within the internal network
+    expose:
+      - "6379"
     volumes:
       - redis-data:/data
-    command: redis-server --appendonly yes
+    networks:
+      - agentgate-internal
+    command: redis-server --appendonly yes --requirepass ${REDIS_PASSWORD:-changeme}
     healthcheck:
-      test: ["CMD", "redis-cli", "ping"]
+      test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD:-changeme}", "ping"]
       interval: 10s
       timeout: 5s
       retries: 3
@@ -69,7 +75,7 @@ services:
       DATABASE_URL: postgresql://${POSTGRES_USER:-agentgate}:${POSTGRES_PASSWORD:-agentgate}@postgres:5432/${POSTGRES_DB:-agentgate}
 
       # Redis
-      REDIS_URL: redis://redis:6379
+      REDIS_URL: redis://:${REDIS_PASSWORD:-changeme}@redis:6379
       RATE_LIMIT_BACKEND: redis
 
       # Security
@@ -116,6 +122,8 @@ services:
       CHANNEL_ROUTES: ${CHANNEL_ROUTES:-[]}
     ports:
       - "${SERVER_PORT:-3000}:3000"
+    networks:
+      - agentgate-internal
     depends_on:
       postgres:
         condition: service_healthy
@@ -137,6 +145,8 @@ services:
     container_name: agentgate-dashboard
     ports:
       - "${DASHBOARD_PORT:-8080}:80"
+    networks:
+      - agentgate-internal
     depends_on:
       server:
         condition: service_healthy
@@ -151,3 +161,7 @@ services:
 volumes:
   postgres-data:
   redis-data:
+
+networks:
+  agentgate-internal:
+    driver: bridge
@@ -36,9 +36,9 @@ services:
       - redis-data:/data
     networks:
       - agentgate-internal
-    command: redis-server --appendonly yes
+    command: redis-server --appendonly yes --requirepass ${REDIS_PASSWORD:-agentgate}
     healthcheck:
-      test: ["CMD", "redis-cli", "ping"]
+      test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD:-agentgate}", "ping"]
       interval: 10s
       timeout: 5s
       retries: 3
@@ -63,7 +63,7 @@ services:
       DATABASE_URL: postgresql://${POSTGRES_USER:-agentgate}:${POSTGRES_PASSWORD:-agentgate}@postgres:5432/${POSTGRES_DB:-agentgate}
 
       # Redis
-      REDIS_URL: redis://redis:6379
+      REDIS_URL: redis://:${REDIS_PASSWORD:-agentgate}@redis:6379
       RATE_LIMIT_BACKEND: redis
 
       # Security
 
@@ -67,6 +67,82 @@ const base = createBaseEvent("request.created", "my-plugin");
 
 ---
 
+## Subscribing to Events
+
+Use the `AgentGateEmitter` class to subscribe to events. The global singleton is available via `getGlobalEmitter()`, or create an isolated instance with `createEmitter()`.
+
+```typescript
+import { getGlobalEmitter, createEmitter } from "@agentgate/core";
+
+const emitter = getGlobalEmitter();
+```
+
+### `emitter.on(eventType, listener)`
+
+Subscribe to events of a specific type. Returns an unsubscribe function.
+
+```typescript
+const unsub = emitter.on("request.created", (event) => {
+  console.log("New request:", event.payload.requestId);
+});
+
+// Later: unsubscribe
+unsub();
+```
+
+### `emitter.once(eventType, listener)`
+
+Subscribe to a single event — the listener is automatically removed after the first emission.
+
+```typescript
+emitter.once("request.decided", (event) => {
+  console.log("First decision:", event.payload.status);
+});
+```
+
+### `emitter.onAll(listener)`
+
+Subscribe to all events regardless of type. Useful for logging and audit.
+
+```typescript
+const unsub = emitter.onAll((event) => {
+  console.log(`[${event.type}]`, event.eventId);
+});
+```
+
+### `emitter.off(eventType, listener)` / `emitter.offAll(listener)`
+
+Explicitly unsubscribe a listener (alternative to calling the function returned by `on`).
+
+### `emitter.emit(event)` / `emitter.emitSync(event)`
+
+Emit an event. `emit` is async and awaits all listeners; `emitSync` is fire-and-forget.
+
+```typescript
+import { createBaseEvent, EventNames } from "@agentgate/core";
+
+const event = {
+  ...createBaseEvent(EventNames.SYSTEM_ERROR, "my-plugin"),
+  payload: { message: "Something went wrong" },
+};
+
+// Await all listeners
+await emitter.emit(event);
+
+// Or fire-and-forget
+emitter.emitSync(event);
+```
+
+### Utility Methods
+
+| Method | Description |
+|--------|-------------|
+| `listenerCount(eventType?)` | Number of listeners (specific type + wildcards, or total) |
+| `removeAllListeners(eventType?)` | Remove all listeners (optionally for a specific event type) |
+| `eventTypes()` | List all event types with registered listeners |
+
+---
+
 ## Event Payload Types
 
 Each event type carries a typed `payload`. All fields are listed below.
 
@@ -3,6 +3,7 @@ import { adminApi } from '../api';
 import { ResponsiveTable, type Column } from '../components/ResponsiveTable';
 import { useToast } from '../components/Toast';
 import { Modal } from '../components/Modal';
+import { ApiKeysSkeleton } from '../components/Skeleton';
 import { ConfirmDialog } from '../components/ConfirmDialog';
 
 interface ApiKey {
@@ -198,6 +199,8 @@ export default function ApiKeys() {
     },
   ];
 
+  if (loading) return <ApiKeysSkeleton />;
+
   if (error) {
     return (
       <div className="p-4 sm:p-6">
 
@@ -3,6 +3,7 @@ import { useSearchParams, useNavigate } from 'react-router-dom';
 import { api, type AuditEntryWithRequest, type ApprovalStatus } from '../api';
 import { StatusBadge } from '../components/StatusBadge';
 import { ResponsiveTable, type Column } from '../components/ResponsiveTable';
+import { AuditLogSkeleton } from '../components/Skeleton';
 
 const EVENT_TYPES = [
   { value: '', label: 'All Events' },
@@ -185,6 +186,8 @@ export default function AuditLog() {
     },
   ];
 
+  if (loading) return <AuditLogSkeleton />;
+
   return (
     <div className="space-y-6">
       {/* Header */}