import type { HonoRequest } from 'hono';
import type { CredentialsResult } from '../auth/index.js';
import type { MastraAuthProviderOptions } from './auth.js';
import { MastraAuthProvider } from './auth.js';
type TokenToUser<TUser> = Record<string, TUser>;
export interface SimpleAuthOptions<TUser> extends MastraAuthProviderOptions<TUser> {
    /**
     * Valid tokens to authenticate against
     */
    tokens: TokenToUser<TUser>;
    /**
     * Headers to check for authentication
     * @default ['Authorization', 'X-Playground-Access']
     */
    headers?: string | string[];
}
export declare class SimpleAuth<TUser> extends MastraAuthProvider<TUser> {
    /**
     * Marker to exempt SimpleAuth from EE license requirement.
     * SimpleAuth is for development/testing and should work without a license.
     */
    readonly isSimpleAuth = true;
    private tokens;
    private headers;
    private users;
    private userById;
    constructor(options: SimpleAuthOptions<TUser>);
    authenticateToken(token: string, request: HonoRequest): Promise<TUser | null>;
    authorizeUser(user: TUser, _request: HonoRequest): Promise<boolean>;
    /** Get current user from request headers or cookie. */
    getCurrentUser(request: Request): Promise<TUser | null>;
    private getUserFromCookie;
    /** Get user by ID. */
    getUser(userId: string): Promise<TUser | null>;
    /**
     * Sign in with token (passed as password field).
     * The email field is ignored - only the token matters.
     */
    signIn(_email: string, password: string, _request: Request): Promise<CredentialsResult<TUser>>;
    signUp(): Promise<CredentialsResult<TUser>>;
    isSignUpEnabled(): boolean;
    /**
     * Get headers to clear the session cookie on logout.
     * Partial ISessionProvider implementation for logout support.
     */
    getClearSessionHeaders(): Record<string, string>;
    private stripBearerPrefix;
    /**
     * Get a header value from either a HonoRequest or standard Request.
     * The auth middleware passes a raw Request (c.req.raw), not a HonoRequest,
     * so we need to handle both APIs.
     */
    private getRequestHeader;
    private getTokensFromHeaders;
}
export {};
//# sourceMappingURL=simple-auth.d.ts.map