import type { AuthStorage } from "../auth-storage"; export interface AuthBrokerServerOptions { /** Underlying credential storage (wraps the local SQLite store on the broker). */ storage: AuthStorage; /** Listen address; accepts `host:port` or just `port`. */ bind?: string; /** Accept any of these bearer tokens. Empty disables auth (loopback only). */ bearerTokens: string[]; /** Broker version string surfaced on `/v1/healthz`. */ version?: string; /** Refresh credentials expiring within this window. Default 5 min. */ refreshSkewMs?: number; /** Background refresh cadence. Default 60s. */ refreshIntervalMs?: number; /** Disable the background refresher (e.g. for tests). */ disableRefresher?: boolean; /** * Override SSE keepalive cadence in milliseconds for `/v1/snapshot/stream`. * Internal-only — tests use a short interval so they can assert heartbeats * without long sleeps. Default {@link DEFAULT_STREAM_KEEPALIVE_MS}. */ streamKeepaliveMs?: number; } export interface AuthBrokerServerHandle { /** Bound URL (`http://host:port`). */ url: string; port: number; hostname: string; close(): Promise; } /** Boot the broker. Caller owns lifecycle; `handle.close()` to stop. */ export declare function startAuthBroker(opts: AuthBrokerServerOptions): AuthBrokerServerHandle;