import { FlowBase, FlowRunOptions } from '@frontmcp/sdk';
import 'reflect-metadata';
import { z } from 'zod';
declare const inputSchema: z.ZodObject<{
    request: z.ZodObject<{}, "passthrough", z.ZodTypeAny, z.objectOutputType<{}, z.ZodTypeAny, "passthrough">, z.objectInputType<{}, z.ZodTypeAny, "passthrough">>;
}, "strip", z.ZodTypeAny, {
    request: {} & {
        [k: string]: unknown;
    };
}, {
    request: {} & {
        [k: string]: unknown;
    };
}>;
declare const stateSchema: z.ZodObject<{
    baseUrl: z.ZodString;
    authorizationHeader: z.ZodOptional<z.ZodString>;
    token: z.ZodOptional<z.ZodString>;
    sessionIdHeader: z.ZodOptional<z.ZodString>;
    sessionProtocol: z.ZodOptional<z.ZodString>;
    prmMetadataPath: z.ZodOptional<z.ZodString>;
    prmMetadataHeader: z.ZodOptional<z.ZodString>;
    jwtPayload: z.ZodOptional<z.ZodObject<{}, "passthrough", z.ZodTypeAny, z.objectOutputType<{}, z.ZodTypeAny, "passthrough">, z.objectInputType<{}, z.ZodTypeAny, "passthrough">>>;
    user: z.ZodOptional<z.ZodObject<{
        iss: z.ZodString;
        sid: z.ZodOptional<z.ZodString>;
        sub: z.ZodString;
        exp: z.ZodOptional<z.ZodNumber>;
        iat: z.ZodOptional<z.ZodNumber>;
        aud: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
        email: z.ZodOptional<z.ZodString>;
        username: z.ZodOptional<z.ZodString>;
        preferred_username: z.ZodOptional<z.ZodString>;
        name: z.ZodOptional<z.ZodString>;
        picture: z.ZodOptional<z.ZodString>;
    }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
        iss: z.ZodString;
        sid: z.ZodOptional<z.ZodString>;
        sub: z.ZodString;
        exp: z.ZodOptional<z.ZodNumber>;
        iat: z.ZodOptional<z.ZodNumber>;
        aud: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
        email: z.ZodOptional<z.ZodString>;
        username: z.ZodOptional<z.ZodString>;
        preferred_username: z.ZodOptional<z.ZodString>;
        name: z.ZodOptional<z.ZodString>;
        picture: z.ZodOptional<z.ZodString>;
    }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
        iss: z.ZodString;
        sid: z.ZodOptional<z.ZodString>;
        sub: z.ZodString;
        exp: z.ZodOptional<z.ZodNumber>;
        iat: z.ZodOptional<z.ZodNumber>;
        aud: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
        email: z.ZodOptional<z.ZodString>;
        username: z.ZodOptional<z.ZodString>;
        preferred_username: z.ZodOptional<z.ZodString>;
        name: z.ZodOptional<z.ZodString>;
        picture: z.ZodOptional<z.ZodString>;
    }, z.ZodTypeAny, "passthrough">>>;
    session: z.ZodOptional<z.ZodObject<{
        id: z.ZodString;
        payload: z.ZodObject<{
            nodeId: z.ZodString;
            authSig: z.ZodString;
            uuid: z.ZodString;
            iat: z.ZodNumber;
            protocol: z.ZodEnum<["legacy-sse", "sse", "streamable-http", "stateful-http", "stateless-http"]>;
        }, "strip", z.ZodTypeAny, {
            iat: number;
            nodeId: string;
            authSig: string;
            uuid: string;
            protocol: "legacy-sse" | "sse" | "streamable-http" | "stateful-http" | "stateless-http";
        }, {
            iat: number;
            nodeId: string;
            authSig: string;
            uuid: string;
            protocol: "legacy-sse" | "sse" | "streamable-http" | "stateful-http" | "stateless-http";
        }>;
    }, "strip", z.ZodTypeAny, {
        id: string;
        payload: {
            iat: number;
            nodeId: string;
            authSig: string;
            uuid: string;
            protocol: "legacy-sse" | "sse" | "streamable-http" | "stateful-http" | "stateless-http";
        };
    }, {
        id: string;
        payload: {
            iat: number;
            nodeId: string;
            authSig: string;
            uuid: string;
            protocol: "legacy-sse" | "sse" | "streamable-http" | "stateful-http" | "stateless-http";
        };
    }>>;
}, "strip", z.ZodTypeAny, {
    baseUrl: string;
    token?: string | undefined;
    prmMetadataHeader?: string | undefined;
    authorizationHeader?: string | undefined;
    sessionIdHeader?: string | undefined;
    sessionProtocol?: string | undefined;
    prmMetadataPath?: string | undefined;
    jwtPayload?: z.objectOutputType<{}, z.ZodTypeAny, "passthrough"> | undefined;
    user?: z.objectOutputType<{
        iss: z.ZodString;
        sid: z.ZodOptional<z.ZodString>;
        sub: z.ZodString;
        exp: z.ZodOptional<z.ZodNumber>;
        iat: z.ZodOptional<z.ZodNumber>;
        aud: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
        email: z.ZodOptional<z.ZodString>;
        username: z.ZodOptional<z.ZodString>;
        preferred_username: z.ZodOptional<z.ZodString>;
        name: z.ZodOptional<z.ZodString>;
        picture: z.ZodOptional<z.ZodString>;
    }, z.ZodTypeAny, "passthrough"> | undefined;
    session?: {
        id: string;
        payload: {
            iat: number;
            nodeId: string;
            authSig: string;
            uuid: string;
            protocol: "legacy-sse" | "sse" | "streamable-http" | "stateful-http" | "stateless-http";
        };
    } | undefined;
}, {
    baseUrl: string;
    token?: string | undefined;
    prmMetadataHeader?: string | undefined;
    authorizationHeader?: string | undefined;
    sessionIdHeader?: string | undefined;
    sessionProtocol?: string | undefined;
    prmMetadataPath?: string | undefined;
    jwtPayload?: z.objectInputType<{}, z.ZodTypeAny, "passthrough"> | undefined;
    user?: z.objectInputType<{
        iss: z.ZodString;
        sid: z.ZodOptional<z.ZodString>;
        sub: z.ZodString;
        exp: z.ZodOptional<z.ZodNumber>;
        iat: z.ZodOptional<z.ZodNumber>;
        aud: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
        email: z.ZodOptional<z.ZodString>;
        username: z.ZodOptional<z.ZodString>;
        preferred_username: z.ZodOptional<z.ZodString>;
        name: z.ZodOptional<z.ZodString>;
        picture: z.ZodOptional<z.ZodString>;
    }, z.ZodTypeAny, "passthrough"> | undefined;
    session?: {
        id: string;
        payload: {
            iat: number;
            nodeId: string;
            authSig: string;
            uuid: string;
            protocol: "legacy-sse" | "sse" | "streamable-http" | "stateful-http" | "stateless-http";
        };
    } | undefined;
}>;
export declare const sessionVerifyOutputSchema: z.ZodUnion<[z.ZodObject<{
    kind: z.ZodLiteral<"unauthorized">;
    prmMetadataHeader: z.ZodString;
}, "strip", z.ZodTypeAny, {
    kind: "unauthorized";
    prmMetadataHeader: string;
}, {
    kind: "unauthorized";
    prmMetadataHeader: string;
}>, z.ZodObject<{
    kind: z.ZodLiteral<"authorized">;
    authorization: z.ZodObject<{
        token: z.ZodString;
        session: z.ZodOptional<z.ZodObject<{
            id: z.ZodString;
            payload: z.ZodObject<{
                nodeId: z.ZodString;
                authSig: z.ZodString;
                uuid: z.ZodString;
                iat: z.ZodNumber;
                protocol: z.ZodEnum<["legacy-sse", "sse", "streamable-http", "stateful-http", "stateless-http"]>;
            }, "strip", z.ZodTypeAny, {
                iat: number;
                nodeId: string;
                authSig: string;
                uuid: string;
                protocol: "legacy-sse" | "sse" | "streamable-http" | "stateful-http" | "stateless-http";
            }, {
                iat: number;
                nodeId: string;
                authSig: string;
                uuid: string;
                protocol: "legacy-sse" | "sse" | "streamable-http" | "stateful-http" | "stateless-http";
            }>;
        }, "strip", z.ZodTypeAny, {
            id: string;
            payload: {
                iat: number;
                nodeId: string;
                authSig: string;
                uuid: string;
                protocol: "legacy-sse" | "sse" | "streamable-http" | "stateful-http" | "stateless-http";
            };
        }, {
            id: string;
            payload: {
                iat: number;
                nodeId: string;
                authSig: string;
                uuid: string;
                protocol: "legacy-sse" | "sse" | "streamable-http" | "stateful-http" | "stateless-http";
            };
        }>>;
        user: z.ZodObject<{
            iss: z.ZodString;
            sid: z.ZodOptional<z.ZodString>;
            sub: z.ZodString;
            exp: z.ZodOptional<z.ZodNumber>;
            iat: z.ZodOptional<z.ZodNumber>;
            aud: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
            email: z.ZodOptional<z.ZodString>;
            username: z.ZodOptional<z.ZodString>;
            preferred_username: z.ZodOptional<z.ZodString>;
            name: z.ZodOptional<z.ZodString>;
            picture: z.ZodOptional<z.ZodString>;
        }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
            iss: z.ZodString;
            sid: z.ZodOptional<z.ZodString>;
            sub: z.ZodString;
            exp: z.ZodOptional<z.ZodNumber>;
            iat: z.ZodOptional<z.ZodNumber>;
            aud: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
            email: z.ZodOptional<z.ZodString>;
            username: z.ZodOptional<z.ZodString>;
            preferred_username: z.ZodOptional<z.ZodString>;
            name: z.ZodOptional<z.ZodString>;
            picture: z.ZodOptional<z.ZodString>;
        }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
            iss: z.ZodString;
            sid: z.ZodOptional<z.ZodString>;
            sub: z.ZodString;
            exp: z.ZodOptional<z.ZodNumber>;
            iat: z.ZodOptional<z.ZodNumber>;
            aud: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
            email: z.ZodOptional<z.ZodString>;
            username: z.ZodOptional<z.ZodString>;
            preferred_username: z.ZodOptional<z.ZodString>;
            name: z.ZodOptional<z.ZodString>;
            picture: z.ZodOptional<z.ZodString>;
        }, z.ZodTypeAny, "passthrough">>;
    }, "strip", z.ZodTypeAny, {
        token: string;
        user: {
            iss: string;
            sub: string;
            name?: string | undefined;
            sid?: string | undefined;
            exp?: number | undefined;
            iat?: number | undefined;
            aud?: string | string[] | undefined;
            email?: string | undefined;
            username?: string | undefined;
            preferred_username?: string | undefined;
            picture?: string | undefined;
        } & {
            [k: string]: unknown;
        };
        session?: {
            id: string;
            payload: {
                iat: number;
                nodeId: string;
                authSig: string;
                uuid: string;
                protocol: "legacy-sse" | "sse" | "streamable-http" | "stateful-http" | "stateless-http";
            };
        } | undefined;
    }, {
        token: string;
        user: {
            iss: string;
            sub: string;
            name?: string | undefined;
            sid?: string | undefined;
            exp?: number | undefined;
            iat?: number | undefined;
            aud?: string | string[] | undefined;
            email?: string | undefined;
            username?: string | undefined;
            preferred_username?: string | undefined;
            picture?: string | undefined;
        } & {
            [k: string]: unknown;
        };
        session?: {
            id: string;
            payload: {
                iat: number;
                nodeId: string;
                authSig: string;
                uuid: string;
                protocol: "legacy-sse" | "sse" | "streamable-http" | "stateful-http" | "stateless-http";
            };
        } | undefined;
    }>;
}, "strip", z.ZodTypeAny, {
    kind: "authorized";
    authorization: {
        token: string;
        user: {
            iss: string;
            sub: string;
            name?: string | undefined;
            sid?: string | undefined;
            exp?: number | undefined;
            iat?: number | undefined;
            aud?: string | string[] | undefined;
            email?: string | undefined;
            username?: string | undefined;
            preferred_username?: string | undefined;
            picture?: string | undefined;
        } & {
            [k: string]: unknown;
        };
        session?: {
            id: string;
            payload: {
                iat: number;
                nodeId: string;
                authSig: string;
                uuid: string;
                protocol: "legacy-sse" | "sse" | "streamable-http" | "stateful-http" | "stateless-http";
            };
        } | undefined;
    };
}, {
    kind: "authorized";
    authorization: {
        token: string;
        user: {
            iss: string;
            sub: string;
            name?: string | undefined;
            sid?: string | undefined;
            exp?: number | undefined;
            iat?: number | undefined;
            aud?: string | string[] | undefined;
            email?: string | undefined;
            username?: string | undefined;
            preferred_username?: string | undefined;
            picture?: string | undefined;
        } & {
            [k: string]: unknown;
        };
        session?: {
            id: string;
            payload: {
                iat: number;
                nodeId: string;
                authSig: string;
                uuid: string;
                protocol: "legacy-sse" | "sse" | "streamable-http" | "stateful-http" | "stateless-http";
            };
        } | undefined;
    };
}>]>;
export type SessionVerifyFlowResult = z.infer<typeof sessionVerifyOutputSchema>;
declare const plan: {
    readonly pre: ["parseInput", "requireAuthorizationHeader", "verifyIfJwt"];
    readonly execute: ["deriveUser", "parseSessionHeader", "buildAuthorizedOutput"];
};
declare global {
    export interface ExtendFlows {
        'session:verify': FlowRunOptions<SessionVerifyFlow, typeof plan, typeof inputSchema, typeof sessionVerifyOutputSchema, typeof stateSchema>;
    }
}
declare const name: "session:verify";
export default class SessionVerifyFlow extends FlowBase<typeof name> {
    parseInput(): Promise<void>;
    requireAuthorizationOrChallenge(): Promise<void>;
    /**
     * If Authorization is a JWT:
     *  - Attempt verification against any known / cached public keys we have (gateway/local)
     *  - If verification fails → 401
     *  - If verification ok → capture payload
     * If NOT a JWT:
     *  - we do NOT attempt verification, just pass the raw token through
     */
    verifyIfJwt(): Promise<void>;
    deriveUser(): Promise<void>;
    /**
     * Parse the session header (mcp-session-id)
     * - If session id is present, validate it
     * - If valid, capture the session info
     * - If NOT valid, ignore (no session)
     */
    parseSessionHeader(): Promise<void>;
    buildAuthorizedOutput(): Promise<void>;
}
export {};