export declare function formatEphemeralToken(uuid: string, label: string): string; export declare function isEphemeralToken(value: string): boolean; export declare function parseEphemeralToken(value: string): { label: string; uuid: string; } | null; /** * Parse a token string and exchange the UUID for the decrypted value. * Returns null if the token format is invalid, expired, or uses exhausted. */ export declare function exchangeEphemeralToken(tokenString: string): Promise; /** * Deep-traverse a JSON value, replacing any string matching the eph:v1: format * with the exchanged plaintext. Non-matching values pass through unchanged. */ export declare function exchangeTokensInArgs(obj: any): Promise; export interface StoreEphemeralOptions { /** Max number of exchanges. 0 = unlimited. Default: 0 */ maxUses?: number; /** TTL in seconds. Null/0 = no expiry. Default: null */ ttlSeconds?: number; /** Human-readable label for debugging. */ label?: string; } /** * Store a sensitive value. Returns the raw token UUID. * The value is encrypted at rest using AES-256-GCM. * * - maxUses: 0 (default) = unlimited exchanges until expired/revoked * - ttlSeconds: null (default) = no time-based expiry * - Both can be combined: e.g., maxUses=10, ttlSeconds=900 */ export declare function storeEphemeral(value: string, opts?: StoreEphemeralOptions): Promise; /** * Exchange a raw UUID token for the decrypted value. * * - If max_uses > 0: increments use_count, returns null when exhausted * - If max_uses = 0: unlimited (never blocked by count) * - If expires_at is set: returns null after expiry * - Row is deleted when use_count reaches max_uses (if max_uses > 0) */ export declare function exchangeEphemeral(token: string): Promise; /** * Explicitly revoke a token before expiry/exhaustion. */ export declare function revokeEphemeral(token: string): Promise; /** * Clean up expired tokens. Returns the number of rows deleted. */ export declare function cleanupExpired(): Promise;