/** * Header used for same-server TEAM calls that may access private teammate agents. * * @private internal Agents Server access wiring */ export declare const TEAM_INTERNAL_AGENT_ACCESS_HEADER = "x-promptbook-team-agent-access-token"; /** * Options for creating same-server TEAM access headers. * * @private internal Agents Server access wiring */ export type TeamInternalAgentAccessHeadersOptions = { /** * URL of the teammate agent that is about to be contacted. */ readonly agentUrl: string; /** * Origin of the current Agents Server. */ readonly localServerUrl?: string; /** * Resolved internal access token carried by the runtime context. */ readonly accessToken?: string | null; }; /** * Resolves the internal token used by same-server TEAM calls. * * `PROMPTBOOK_TEAM_AGENT_ACCESS_TOKEN` must be a dedicated secret — falling * back to `ADMIN_PASSWORD`, `SUPABASE_SERVICE_ROLE_KEY`, or any other shared * credential would let a leak of one secret compromise both authentication * boundaries (admin login and same-server teammate-agent access). When the * dedicated variable is missing, this function returns `null` so the calling * server fails closed — same-server TEAM access is disabled and no header is * sent — instead of silently authorizing requests with the wrong secret. * * @returns Hashed token, or `null` when the dedicated secret is not configured. * * @private internal Agents Server access wiring */ export declare function resolveTeamInternalAgentAccessToken(): string | null; /** * Creates request headers for same-server TEAM calls. * * @param options - Target agent URL, local server URL, and resolved access token. * @returns Header map when the target is same-origin; otherwise an empty map. * * @private internal Agents Server access wiring */ export declare function createTeamInternalAgentAccessHeaders(options: TeamInternalAgentAccessHeadersOptions): Record; /** * Checks whether an incoming header carries the current same-server TEAM access token. * * @param value - Raw request header value. * @returns `true` only when the server has a private token and the value matches it. * * @private internal Agents Server access wiring */ export declare function isTeamInternalAgentAccessToken(value: string | null | undefined): boolean;