export type User = {
    id: string;
    username: string;
    roles: string[];
    tenant?: string;
    metadata?: Record<string, unknown>;
};
export type Permission = {
    resource: string;
    action: string;
    conditions?: Record<string, unknown>;
};
export type Role = {
    name: string;
    permissions: Permission[];
    description?: string;
};
export type AuthProvider = {
    authenticate(token: string): Promise<User>;
    authorize(user: User, permission: Permission): Promise<boolean>;
};
export declare class RBACAuthProvider implements AuthProvider {
    private readonly roles;
    constructor(roles?: Role[]);
    private initializeDefaultRoles;
    authenticate(token: string): Promise<User>;
    authorize(user: User, permission: Permission): Promise<boolean>;
    private matchesPermission;
    addRole(role: Role): void;
    getRole(name: string): Role | undefined;
    listRoles(): Role[];
}
export declare class JWTAuthProvider implements AuthProvider {
    private readonly config;
    constructor(config: {
        secretKey: string;
        issuer?: string;
        audience?: string;
    });
    authenticate(_token: string): Promise<User>;
    authorize(user: User, permission: Permission): Promise<boolean>;
}
//# sourceMappingURL=auth.d.ts.map