export declare function json(status: number, body: unknown): Response; export declare function resolvePeer(req: Request): string; /** * Constant-time byte comparison. Falls back to a manual XOR accumulator if * `node:crypto.timingSafeEqual` isn't available. Always processes every byte * of the longer input so length itself doesn't leak via timing. */ export declare function timingSafeEqual(a: Uint8Array, b: Uint8Array): boolean; export declare function isAuthorized(req: Request, tokens: ReadonlySet): boolean; /** * Extract allow-listed passthrough headers from an inbound request. Keys are * lowercased; empty values are dropped. Called once per request in * `handleFormatEndpoint`; parsers then read `options.headers`. */ export declare function captureRequestHeaders(headers: Headers): Record; /** * Resolve a prompt-cache identity from inbound request body + headers. * Order of precedence (first wins): * 1. Body `prompt_cache_key` * 2. Body `metadata.{prompt_cache_key,session_id,conversation_id}` * 3. Header `x-prompt-cache-key` * 4. Header `session_id` / `conversation_id` (Codex / ChatGPT-OAuth surface) * 5. Header `x-session-id` / `x-conversation-id` (common informal) * Returns undefined when none present; the gateway then derives a stable * UUID from the request's stable parts. */ export declare function resolvePromptCacheKey(body: unknown, headers?: Headers): string | undefined; /** * CORS headers for the auth-gateway. Currently echoes a wildcard origin; the * request is accepted so future tightening can mirror `Origin` without * threading the request through every caller. */ export declare function corsHeaders(_req: Request): Record; /** * Re-emit `response` with CORS headers merged. The original response body is * passed through unchanged. Used by the gateway wrapper so every outbound * format-endpoint response carries the same CORS surface as the preflight. */ export declare function withCors(response: Response, req: Request): Response;