/**
 * Nexus Server — Node.js HTTP server adapter.
 * Handles SSR, static assets, Server Actions and dev HMR.
 */
import { type TenancyConfig } from './tenancy.js';
export { STUDIO_DEFAULT_PORT } from './constants.js';
export { createAction, registerAction, ActionError, getRegisteredActionNames, isInternalUrl, isSafeUrl, } from './actions.js';
export { loadAndCacheNexusBuildId, getExpectedNexusBuildId } from './build-id.js';
export { createContext } from './context.js';
export { nexusVault } from '@nexus_js/security';
export { resolveTenant } from './tenancy.js';
export type { NexusContext, NexusLocals, CookieOptions } from './context.js';
export type { TenancyConfig, TenantResolution } from './tenancy.js';
export type { RenderResult, RenderOptions } from './renderer.js';
export { mergeRoutePretext } from './renderer.js';
export { defineMetadata, escapeHtml } from './metadata.js';
export type { MetadataInput, MetadataResult } from './metadata.js';
export { defineHead, useHead, flushHead, renderHeadToString } from '@nexus_js/head';
export type { HeadMeta, HeadContext } from '@nexus_js/head';
export { registerDevRadarSink, emitDevRadar, sanitizeTelemetryValue, newTraceId } from './devradar.js';
export type { DevRadarEvent, ActionCallPayload, ActionResultPayload, ActionErrorPayload, PretextProfilePayload, SecurityAuditPayload, SecurityReportPayload, SecurityReportCheck, RuneTelemetryPayload, } from './devradar.js';
export { wrapExpressMiddleware, wrapExpressHandler } from './legacy-wrapper.js';
export type { ExpressMiddleware } from './legacy-wrapper.js';
export interface RequestLogInfo {
    method: string;
    path: string;
    status: number;
    /** Request duration in milliseconds */
    duration: number;
    /** Cache strategy used by the renderer (e.g. 'swr', 'static-immutable', 'no-store') */
    cacheStrategy?: string;
    /** True when the route was served from a Server Action */
    isAction?: boolean;
}
/**
 * Custom route mount — handler is called before static files and SSR.
 * Compatible with `@nexus_js/graphql` createGraphQLHandler() and any other
 * Web-standard (Request → Response) handler.
 *
 * @example
 *   import { createGraphQLHandler } from '@nexus_js/graphql';
 *   mounts: [{ path: '/graphql', handler: createGraphQLHandler({ schema }) }]
 */
export interface NexusMountDef {
    /**
     * URL path prefix to match. The handler is invoked when
     * `request.url.pathname === path` or starts with `path + '/'`.
     */
    path: string;
    /**
     * HTTP methods to handle. Default: all methods including OPTIONS
     * (needed for GraphQL CORS preflight).
     */
    methods?: string[];
    /**
     * Web-standard handler.
     * `nexusCtx` gives access to `secrets`, `locals`, `getCookie`, etc.
     */
    handler: (request: Request, nexusCtx: import('./context.js').NexusContext) => Promise<Response>;
}
export interface NexusServerOptions {
    /** Root directory of the Nexus app */
    root: string;
    /** Port to listen on (default: 3000) */
    port?: number;
    /** Enable dev mode (HMR, verbose errors, detailed logs) */
    dev?: boolean;
    /** Static assets directory */
    publicDir?: string;
    /** Custom global CSS entry path relative to app root (overrides auto-discovery) */
    cssEntry?: string;
    /**
     * Called after each HTTP request completes.
     * Use this to implement a custom request logger in the CLI or integrations.
     * The server itself does NOT print request logs — the host controls formatting.
     */
    onRequest?: (info: RequestLogInfo) => void;
    /**
     * Custom route handlers mounted before static files and SSR.
     * Evaluated in order; the first matching mount wins.
     * Use for GraphQL endpoints, webhooks, or any non-Nexus HTTP handler.
     */
    mounts?: NexusMountDef[];
    /**
     * HTTP proxy fallback for legacy backend integration.
     * If a request doesn't match any Nexus route, mount, or static file,
     * forward it to this URL instead of returning 404.
     *
     * Use this for gradual migration: Nexus sits in front of your old backend,
     * handling new routes while forwarding unknown paths to the legacy system.
     *
     * @example { fallbackProxy: 'http://localhost:8080' }
     */
    fallbackProxy?: string;
    /**
     * From `nexus.config.ts` `security` — when `hardened: true`, HTML and API responses get baseline security headers.
     * `shieldLite`: unknown server action names return 403 (manifest + registry allowlist) instead of 404.
     * `csp`: extend the generated Content-Security-Policy with additional allowed sources per directive.
     */
    security?: {
        hardened?: boolean;
        shieldLite?: boolean;
        csp?: {
            /**
             * Extra origins for `style-src` — e.g. `['https://fonts.googleapis.com']` for Google Fonts.
             * Nexus always includes `'self' 'unsafe-inline'`; these are appended after.
             */
            additionalStyleSrc?: string[];
            /**
             * Extra origins for `font-src` — e.g. `['https://fonts.gstatic.com']` for Google Fonts files.
             * Nexus always includes `'self'`; these are appended after.
             */
            additionalFontSrc?: string[];
            /**
             * Extra origins for `script-src` — e.g. `['https://cdn.example.com']` for external scripts.
             */
            additionalScriptSrc?: string[];
            /**
             * Extra origins for `connect-src` — e.g. `['https://api.example.com']` for fetch/XHR/WS.
             * Nexus always includes `'self'`; these are appended after.
             */
            additionalConnectSrc?: string[];
            /**
             * Extra origins for `img-src` — e.g. `['https://cdn.example.com']` for external images.
             * Nexus always includes `'self' data: blob:`; these are appended after.
             */
            additionalImgSrc?: string[];
            /**
             * Extra sources for `frame-src` (after baseline `'self' blob:`).
             * Use for embeds, e.g. `['https://www.youtube-nocookie.com']`.
             */
            additionalFrameSrc?: string[];
        };
    };
    /**
     * Flush the HTML shell (head + skeleton) before `nxPretext` resolves — improves TTFB when Pretext is slow.
     * Fragment layouts only (route output must not be a full `&lt;html&gt;` document).
     */
    streamingPretext?: boolean;
    /** Merged into document import map for island `import()` resolution (from `nexus.config` `browser.importMap`). */
    browserImportMap?: Record<string, string>;
    /** Nexus Connect (SSE) endpoint configuration. */
    connect?: {
        /** Which browser origins may subscribe to `/_nexus/connect/*`. Default: `'self'` in production, `'*'` in dev. */
        corsOrigins?: 'self' | '*' | string[];
    };
    tenancy?: TenancyConfig & {
        vaultIsolation?: 'strict' | 'fallback';
    };
}
export declare function createNexusServer(opts: NexusServerOptions): Promise<{
    /** Starts listening. Resolves when the server is bound to the port. */
    listen(): Promise<void>;
    /** Re-scans src/routes — called on file changes in dev mode. */
    reload(): Promise<void>;
    close(): void;
    readonly port: number;
}>;
//# sourceMappingURL=index.d.ts.map