import { FastifyReply, FastifyRequest } from "fastify"; /** * HTTP header name carrying the MCP API key. Confluent custom-header * convention prefixes with `cflt-`. Defined here (rather than in `server.ts`) * because {@link authErrorSchemas} below is a module-level const that * references it eagerly; putting the constant in `server.ts` would create a * cyclic-import init-order bug. * * Header lookups must use the lowercased form Fastify normalizes incoming * headers to. */ export declare const CFLT_MCP_API_KEY_HEADER = "cflt-mcp-api-key"; /** * Configuration for MCP server authentication */ export interface AuthConfig { /** API key for authentication */ readonly apiKey: string; /** Whether authentication is enabled */ readonly enabled: boolean; /** List of allowed Host header values for DNS rebinding protection */ readonly allowedHosts: readonly string[]; } /** * Generates a cryptographically secure random API key. * * Uses {@linkcode nodeCrypto.randomBytes} (rather than a direct `crypto` import) * so tests can swap the primitive via `vi.spyOn(nodeCrypto, "randomBytes")` * to assert deterministic output. * * @returns 64-character hex string */ export declare function generateApiKey(): string; /** * Creates Fastify onRequest hook for authentication and host validation * @param config Authentication configuration * @returns Fastify hook function */ export declare function createAuthHook(config: AuthConfig): (request: FastifyRequest, reply: FastifyReply) => Promise; /** * Error response schemas for OpenAPI documentation */ export declare const authErrorSchemas: { unauthorized: { type: string; properties: { error: { type: string; example: string; }; message: { type: string; example: string; }; }; }; forbidden: { type: string; properties: { error: { type: string; example: string; }; message: { type: string; example: string; }; }; }; }; //# sourceMappingURL=auth.d.ts.map