/**
 * Cross-platform keychain service for secure credential storage.
 *
 * Uses the system keychain:
 * - macOS: Keychain
 * - Windows: Credential Manager
 * - Linux: Secret Service (libsecret)
 *
 * Gracefully degrades if keychain is unavailable (e.g., CI environments).
 */
import type { LLMProviderId } from '../llm/client.js';
export declare function isEncryptedEnvValue(value: string): boolean;
export declare function encryptEnvValue(value: string): string;
export declare function decryptEnvValue(value: string): string | undefined;
/**
 * Keychain interface - can be implemented by different backends.
 */
export interface KeychainBackend {
    getPassword(service: string, account: string): Promise<string | null>;
    setPassword(service: string, account: string, password: string): Promise<void>;
    deletePassword(service: string, account: string): Promise<boolean>;
}
/**
 * Keychain service - manages API key storage.
 */
export declare class KeychainService {
    private backend;
    private useFileBackend;
    constructor();
    /**
     * Check if secure keychain (keytar) is available.
     */
    isSecureKeychainAvailable(): Promise<boolean>;
    /**
     * Get the backend being used.
     */
    getBackendType(): Promise<'keychain' | 'file'>;
    /**
     * Enable file-based fallback explicitly.
     */
    enableFileBackend(): void;
    /**
     * Get API key for a provider from keychain.
     */
    getApiKey(provider: LLMProviderId): Promise<string | null>;
    /**
     * Store API key for a provider in keychain.
     */
    setApiKey(provider: LLMProviderId, apiKey: string): Promise<void>;
    /**
     * Delete API key for a provider from keychain.
     */
    deleteApiKey(provider: LLMProviderId): Promise<boolean>;
    /**
     * Get all stored credentials (without values, just which providers have keys).
     */
    getStoredProviders(): Promise<LLMProviderId[]>;
    /**
     * Clear all stored credentials.
     */
    clearAll(): Promise<void>;
}
/**
 * Get the keychain service instance.
 */
export declare function getKeychainService(): KeychainService;
//# sourceMappingURL=keychain.d.ts.map