export type TokenSource = "nextauth_convex" | "auth0" | "custom_oidc";
export type JwtAudience = string | Array<string>;
export interface JwtClaims {
    sub?: string;
    iss?: string;
    aud?: JwtAudience;
    exp?: number;
    [key: string]: unknown;
}
export interface JwtClaimValidationOptions {
    expectedIssuer?: string;
    expectedAudience?: string;
    nowMs?: number;
}
export interface JwtClaimValidationResult {
    valid: boolean;
    reason?: "malformed_token" | "expired" | "issuer_mismatch" | "audience_mismatch";
    claims: JwtClaims | null;
}
export interface AgentBridgeStrictHeadersInput {
    serviceId: string;
    serviceKey: string;
    appKey: string;
    userToken?: string | null;
}
export interface NextAuthSessionLike {
    convexToken?: string | null;
}
export type UserTokenResolver = () => Promise<string | null>;
export interface TokenSourceAdapter {
    tokenSource: TokenSource;
    resolveUserToken: UserTokenResolver;
}
export declare function buildAgentBridgeStrictHeaders(input: AgentBridgeStrictHeadersInput): Record<string, string>;
export declare function decodeJwtClaims(token: string): JwtClaims | null;
export declare function validateJwtClaims(token: string, options?: JwtClaimValidationOptions): JwtClaimValidationResult;
export declare function createNextAuthConvexTokenAdapter(args: {
    getSession: () => Promise<NextAuthSessionLike | null | undefined>;
}): TokenSourceAdapter;
export declare function createAuth0TokenAdapter(args: {
    getAccessToken: () => Promise<string | null | undefined>;
}): TokenSourceAdapter;
export declare function createCustomOidcTokenAdapter(args: {
    getToken: () => Promise<string | null | undefined>;
}): TokenSourceAdapter;
export declare function resolveUserToken(adapter: TokenSourceAdapter): Promise<string | null>;
//# sourceMappingURL=userAuth.d.ts.map