/**
 * Optional API key authentication middleware.
 *
 * When MERIDIAN_API_KEY is set, requests to protected routes must include
 * a matching key via `x-api-key` header or `Authorization: Bearer` header.
 * When unset, all routes are open (default behavior, backward compatible).
 *
 * Uses constant-time comparison to prevent timing attacks.
 */
import type { Context, Next } from "hono";
/**
 * Whether API key authentication is enabled.
 * True when MERIDIAN_API_KEY is set to a non-empty value.
 */
export declare function authEnabled(): boolean;
/**
 * Hono middleware that rejects requests without a valid API key.
 * No-op when MERIDIAN_API_KEY is not set.
 */
export declare function requireAuth(c: Context, next: Next): Promise<void | (Response & import("hono").TypedResponse<{
    type: string;
    error: {
        type: string;
        message: string;
    };
}, 401, "json">)>;
//# sourceMappingURL=auth.d.ts.map