import type { DatabaseAdapter } from '@momentumcms/core';
/**
 * Stored API key record.
 */
export interface ApiKeyRecord {
    id: string;
    name: string;
    /** SHA-256 hash of the full key */
    keyHash: string;
    /** First 8 chars of the key for display (e.g., "mcms_abc1...") */
    keyPrefix: string;
    /** User ID that created this key */
    createdBy: string;
    /** Role assigned to this key for access control */
    role: string;
    expiresAt: string | null;
    lastUsedAt: string | null;
    createdAt: string;
    updatedAt: string;
}
/**
 * Result of creating a new API key.
 * The full key is only returned once at creation time.
 */
export interface CreateApiKeyResult {
    id: string;
    name: string;
    /** The full API key - only shown once */
    key: string;
    keyPrefix: string;
    role: string;
    expiresAt: string | null;
    createdAt: string;
}
/**
 * Options for creating an API key.
 */
export interface CreateApiKeyOptions {
    name: string;
    role?: string;
    expiresAt?: Date;
}
/**
 * Generate a cryptographically secure API key.
 * Format: mcms_ + 40 hex chars = 45 chars total
 */
export declare function generateApiKey(): string;
/**
 * Hash an API key using SHA-256 for secure storage.
 */
export declare function hashApiKey(key: string): string;
/**
 * Extract a display-safe prefix from an API key.
 * Returns the first 12 chars (prefix + 7 hex chars).
 */
export declare function getKeyPrefix(key: string): string;
/**
 * Validate that a string looks like a Momentum API key.
 */
export declare function isValidApiKeyFormat(key: string): boolean;
/**
 * Generate a unique ID for an API key record.
 */
export declare function generateApiKeyId(): string;
/**
 * Database operations for API keys.
 * Uses raw SQL queries through the database adapter.
 */
export interface ApiKeyStore {
    /** Create a new API key record, returns the created record ID */
    create(record: Omit<ApiKeyRecord, 'lastUsedAt'>): Promise<string>;
    /** Find an API key by its hash */
    findByHash(keyHash: string): Promise<ApiKeyRecord | null>;
    /** List all API keys (without sensitive data) */
    listAll(): Promise<Omit<ApiKeyRecord, 'keyHash'>[]>;
    /** List API keys created by a specific user */
    listByUser(userId: string): Promise<Omit<ApiKeyRecord, 'keyHash'>[]>;
    /** Find an API key by ID (without keyHash) */
    findById(id: string): Promise<Omit<ApiKeyRecord, 'keyHash'> | null>;
    /** Delete an API key by ID */
    deleteById(id: string): Promise<boolean>;
    /** Update last used timestamp */
    updateLastUsed(id: string, timestamp: string): Promise<void>;
}
/**
 * SQL for creating the API keys table (PostgreSQL).
 */
export declare const API_KEYS_TABLE_SQL_POSTGRES = "\n\tCREATE TABLE IF NOT EXISTS \"_api_keys\" (\n\t\t\"id\" VARCHAR(36) PRIMARY KEY NOT NULL,\n\t\t\"name\" VARCHAR(255) NOT NULL,\n\t\t\"keyHash\" VARCHAR(64) NOT NULL UNIQUE,\n\t\t\"keyPrefix\" VARCHAR(20) NOT NULL,\n\t\t\"createdBy\" VARCHAR(36) NOT NULL REFERENCES \"user\"(\"id\") ON DELETE CASCADE,\n\t\t\"role\" VARCHAR(50) NOT NULL DEFAULT 'user',\n\t\t\"expiresAt\" TIMESTAMPTZ,\n\t\t\"lastUsedAt\" TIMESTAMPTZ,\n\t\t\"createdAt\" TIMESTAMPTZ NOT NULL,\n\t\t\"updatedAt\" TIMESTAMPTZ NOT NULL\n\t);\n\n\tCREATE INDEX IF NOT EXISTS \"idx_api_keys_keyHash\" ON \"_api_keys\"(\"keyHash\");\n\tCREATE INDEX IF NOT EXISTS \"idx_api_keys_createdBy\" ON \"_api_keys\"(\"createdBy\");\n";
/**
 * SQL for creating the API keys table (SQLite).
 */
export declare const API_KEYS_TABLE_SQL_SQLITE = "\n\tCREATE TABLE IF NOT EXISTS \"_api_keys\" (\n\t\t\"id\" TEXT PRIMARY KEY NOT NULL,\n\t\t\"name\" TEXT NOT NULL,\n\t\t\"keyHash\" TEXT NOT NULL UNIQUE,\n\t\t\"keyPrefix\" TEXT NOT NULL,\n\t\t\"createdBy\" TEXT NOT NULL,\n\t\t\"role\" TEXT NOT NULL DEFAULT 'user',\n\t\t\"expiresAt\" TEXT,\n\t\t\"lastUsedAt\" TEXT,\n\t\t\"createdAt\" TEXT NOT NULL,\n\t\t\"updatedAt\" TEXT NOT NULL,\n\t\tFOREIGN KEY (\"createdBy\") REFERENCES \"user\"(\"id\") ON DELETE CASCADE\n\t);\n\n\tCREATE INDEX IF NOT EXISTS \"idx_api_keys_keyHash\" ON \"_api_keys\"(\"keyHash\");\n\tCREATE INDEX IF NOT EXISTS \"idx_api_keys_createdBy\" ON \"_api_keys\"(\"createdBy\");\n";
/**
 * Create an API key store backed by a generic DatabaseAdapter.
 * Works with any adapter (SQLite, Postgres, etc.) using collection CRUD methods.
 */
export declare function createAdapterApiKeyStore(adapter: DatabaseAdapter): ApiKeyStore;
/**
 * Create an API key store backed by PostgreSQL.
 */
export declare function createPostgresApiKeyStore(query: {
    query: (sql: string, params?: unknown[]) => Promise<any[]>;
    queryOne: (sql: string, params?: unknown[]) => Promise<any | null>;
    execute: (sql: string, params?: unknown[]) => Promise<number>;
}): ApiKeyStore;