import { Middleware } from "openapi-fetch";
/**
 * Thrown by the bearer middleware when the token getter returns undefined —
 * typically because OAuth bootstrap has not completed (or has been cleared by
 * shutdown) at the moment a request is about to be sent. Surfaces a clear
 * message for callers; tool handlers can catch it explicitly to return
 * `{ isError: true }` instead of letting it propagate as a protocol-level
 * error from the MCP transport.
 */
export declare class BearerTokenUnavailableError extends Error {
    constructor(message: string);
}
/**
 * Build a {@link Middleware} that attaches `Authorization: Bearer <token>`
 * read from `getToken()` and sets a `User-Agent` header containing this
 * package's version. The closure is supplied by the caller; this middleware
 * has no knowledge of where the token comes from or when it expires. Throws
 * {@link BearerTokenUnavailableError} when `getToken` returns `undefined`.
 */
export declare const createBearerMiddleware: (getToken: () => string | undefined) => Middleware;
export interface ConfluentEndpoints {
    cloud?: string;
    flink?: string;
    schemaRegistry?: string;
    kafka?: string;
    telemetry?: string;
}
/**
 * Discriminated union over the two authentication shapes the middleware
 * understands. The `api_key` variant's `type` field is optional so existing
 * call sites that pass `{ apiKey, apiSecret }` keep working.
 */
export type ConfluentAuth = {
    type?: "api_key";
    apiKey?: string;
    apiSecret?: string;
} | {
    type: "oauth";
    getToken: () => string | undefined;
};
/**
 * Creates a middleware that attaches an Authorization header. Dispatches on
 * the `type` discriminator: `oauth` → bearer; `api_key` (or unset) → Basic.
 */
export declare const createAuthMiddleware: (auth: ConfluentAuth) => Middleware;
//# sourceMappingURL=middleware.d.ts.map