/**
 * DCR Storage Utilities
 *
 * Keyv-based storage utilities for Dynamic Client Registration.
 * Follows @mcp-z/oauth pattern: single Keyv store with compound keys.
 *
 * Key Patterns:
 * - dcr:client:{clientId} -> RegisteredClient
 * - dcr:provider:{dcrToken} -> ProviderTokens
 * - dcr:authcode:{code} -> AuthorizationCode
 * - dcr:access:{token} -> AccessToken
 * - dcr:refresh:{token} -> AccessToken
 */
import type { DcrClientInformation, DcrClientMetadata, ProviderTokens } from '@mcp-z/oauth';
import type { Keyv } from 'keyv';
import type { AccessToken, AuthorizationCode, RegisteredClient } from '../types.js';
/**
 * Register a new OAuth client (RFC 7591 Section 3.1)
 *
 * @param store - Keyv store for all DCR data
 * @param metadata - Client registration metadata
 * @returns Registered client with credentials
 * @throws Error if validation fails
 */
export declare function registerClient(store: Keyv, metadata: DcrClientMetadata): Promise<DcrClientInformation>;
/**
 * Get a registered client by ID
 *
 * @param store - Keyv store for all DCR data
 * @param clientId - Client identifier
 * @returns Registered client or undefined if not found
 */
export declare function getClient(store: Keyv, clientId: string): Promise<RegisteredClient | undefined>;
/**
 * Validate client credentials
 *
 * @param store - Keyv store for all DCR data
 * @param clientId - Client identifier
 * @param clientSecret - Client secret
 * @returns True if credentials are valid
 */
export declare function validateClient(store: Keyv, clientId: string, clientSecret: string): Promise<boolean>;
/**
 * Validate redirect URI for a client
 *
 * @param store - Keyv store for all DCR data
 * @param clientId - Client identifier
 * @param redirectUri - Redirect URI to validate
 * @returns True if redirect URI is registered
 */
export declare function validateRedirectUri(store: Keyv, clientId: string, redirectUri: string): Promise<boolean>;
/**
 * List all registered clients (for debugging)
 *
 * Note: This method uses Keyv's iterator which may not be available on all storage adapters.
 * For production use, consider maintaining a separate index of client IDs.
 *
 * @param store - Keyv store for all DCR data
 * @returns Array of all registered clients
 */
export declare function listClients(store: Keyv): Promise<RegisteredClient[]>;
/**
 * Delete a registered client
 *
 * @param store - Keyv store for all DCR data
 * @param clientId - Client identifier
 */
export declare function deleteClient(store: Keyv, clientId: string): Promise<void>;
/**
 * Store provider tokens for a DCR access token
 *
 * @param store - Keyv store for all DCR data
 * @param dcrToken - DCR-issued access token (used as key)
 * @param tokens - Google provider tokens (access, refresh, expiry)
 */
export declare function setProviderTokens(store: Keyv, dcrToken: string, tokens: ProviderTokens): Promise<void>;
/**
 * Retrieve provider tokens for a DCR access token
 *
 * @param store - Keyv store for all DCR data
 * @param dcrToken - DCR-issued access token
 * @returns Provider tokens or undefined if not found
 */
export declare function getProviderTokens(store: Keyv, dcrToken: string): Promise<ProviderTokens | undefined>;
/**
 * Delete provider tokens for a DCR access token
 *
 * @param store - Keyv store for all DCR data
 * @param dcrToken - DCR-issued access token
 */
export declare function deleteProviderTokens(store: Keyv, dcrToken: string): Promise<void>;
/**
 * Store an authorization code
 *
 * @param store - Keyv store for all DCR data
 * @param code - Authorization code
 * @param authCode - Authorization code data
 */
export declare function setAuthCode(store: Keyv, code: string, authCode: AuthorizationCode): Promise<void>;
/**
 * Get an authorization code
 *
 * @param store - Keyv store for all DCR data
 * @param code - Authorization code
 * @returns Authorization code data or undefined if not found
 */
export declare function getAuthCode(store: Keyv, code: string): Promise<AuthorizationCode | undefined>;
/**
 * Delete an authorization code
 *
 * @param store - Keyv store for all DCR data
 * @param code - Authorization code
 */
export declare function deleteAuthCode(store: Keyv, code: string): Promise<void>;
/**
 * Store an access token
 *
 * @param store - Keyv store for all DCR data
 * @param token - Access token
 * @param tokenData - Access token data
 */
export declare function setAccessToken(store: Keyv, token: string, tokenData: AccessToken): Promise<void>;
/**
 * Get an access token
 *
 * @param store - Keyv store for all DCR data
 * @param token - Access token
 * @returns Access token data or undefined if not found
 */
export declare function getAccessToken(store: Keyv, token: string): Promise<AccessToken | undefined>;
/**
 * Delete an access token
 *
 * @param store - Keyv store for all DCR data
 * @param token - Access token
 */
export declare function deleteAccessToken(store: Keyv, token: string): Promise<void>;
/**
 * Store a refresh token
 *
 * @param store - Keyv store for all DCR data
 * @param token - Refresh token
 * @param tokenData - Access token data (contains refresh token context)
 */
export declare function setRefreshToken(store: Keyv, token: string, tokenData: AccessToken): Promise<void>;
/**
 * Get a refresh token
 *
 * @param store - Keyv store for all DCR data
 * @param token - Refresh token
 * @returns Access token data or undefined if not found
 */
export declare function getRefreshToken(store: Keyv, token: string): Promise<AccessToken | undefined>;
/**
 * Delete a refresh token
 *
 * @param store - Keyv store for all DCR data
 * @param token - Refresh token
 */
export declare function deleteRefreshToken(store: Keyv, token: string): Promise<void>;