/** * Generic API key resolution from env vars, config files, and auth.json. * * Used by provider-specific config modules (synthetic-config, chutes-config) * to resolve API keys with consistent priority and behavior. */ /** A candidate config file path with its format */ export interface ConfigCandidate { path: string; isJsonc: boolean; } /** * Get candidate paths for opencode.json/opencode.jsonc files. * * Order: local (cwd) first, then global (~/.config/opencode). * Within each location, .jsonc takes precedence over .json. */ export declare function getOpencodeConfigCandidatePaths(): ConfigCandidate[]; /** * Get trusted global-only candidate paths for opencode.json/opencode.jsonc files. * * Provider secrets must not be sourced from repo-local config because the * current workspace may be untrusted. */ export declare function getGlobalOpencodeConfigCandidatePaths(): ConfigCandidate[]; /** * Read and parse an opencode config file. * * @returns Parsed config with metadata, or null if file doesn't exist or is invalid */ export declare function readOpencodeConfig(filePath: string, isJsonc: boolean): Promise<{ config: unknown; path: string; isJsonc: boolean; } | null>; /** Result of API key resolution */ export interface ApiKeyResult { key: string; source: Source; } /** Environment variable definition for key resolution */ export interface EnvVarDef { name: string; source: Source; } export declare function getFirstAuthEntryValue(auth: unknown, authKeys: readonly string[]): unknown; export declare function getFirstAuthEntryRecord(auth: unknown, authKeys: readonly string[]): Record | null; export declare function extractProviderOptionsApiKey(config: unknown, params: { providerKeys: readonly string[]; allowedEnvVars?: readonly string[]; }): string | null; export declare function extractAuthApiKeyEntry(auth: unknown, authKeys: readonly string[]): string | null; /** Configuration for resolving an API key from trusted env/config sources */ export interface ResolveEnvAndConfigApiKeyConfig { /** Environment variables to check (in order) */ envVars: EnvVarDef[]; /** Extract API key from parsed config object. Returns null if not found. */ extractFromConfig: (config: unknown) => string | null; /** Source label for opencode.json */ configJsonSource: Source; /** Source label for opencode.jsonc */ configJsoncSource: Source; /** * Candidate config file paths to trust for provider-secret lookup. * * Defaults to trusted user/global OpenCode config paths only. */ getConfigCandidates?: () => ConfigCandidate[]; } /** Configuration for resolving an API key from multiple sources */ export interface ResolveApiKeyConfig extends ResolveEnvAndConfigApiKeyConfig { /** Extract API key from auth.json data. Returns null if not found. */ extractFromAuth: (auth: unknown) => string | null; /** Source label for auth.json */ authSource: Source; } export interface ResolveProviderApiKeyConfig { /** Environment variables to check (in order) */ envVars: EnvVarDef[]; /** Provider keys to inspect under provider..options.apiKey */ providerKeys: readonly string[]; /** Allowed env vars for {env:VAR_NAME} config values. */ allowedEnvVars?: readonly string[]; /** Source label for opencode.json */ configJsonSource: Source; /** Source label for opencode.jsonc */ configJsoncSource: Source; /** Candidate config file paths to trust for provider-secret lookup. */ getConfigCandidates?: () => ConfigCandidate[]; /** Optional auth.json fallback config. Omit for providers without auth fallback. */ auth?: { readAuth: () => Promise; authKeys?: readonly string[]; authSource: Source; }; } export interface ApiKeyCheckedPathsConfig { /** Environment variable names to check */ envVarNames: string[]; /** * Candidate config file paths to report for provider-secret lookup. * * Defaults to trusted user/global OpenCode config paths only. */ getConfigCandidates?: () => ConfigCandidate[]; } export declare function createProviderApiKeyResolver(config: ResolveProviderApiKeyConfig): { resolve: () => Promise | null>; has: () => Promise; diagnostics: () => Promise<{ configured: boolean; source: Source | null; checkedPaths: string[]; }>; }; /** * Resolve an API key from trusted env vars and config files. * * Priority (first wins): * 1. Environment variables (in order specified) * 2. Trusted user/global opencode.json/opencode.jsonc candidates */ export declare function resolveApiKeyFromEnvAndConfig(config: ResolveEnvAndConfigApiKeyConfig): Promise | null>; export declare function getApiKeyCheckedPaths(config: ApiKeyCheckedPathsConfig): string[]; /** * Resolve an API key from multiple sources with consistent priority. * * Priority (first wins): * 1. Environment variables (in order specified) * 2. Trusted user/global opencode.json/opencode.jsonc * 3. auth.json * * @returns API key and source, or null if not found */ export declare function resolveApiKey(config: ResolveApiKeyConfig, readAuth: () => Promise): Promise | null>; export declare function resolveProviderApiKey(config: ResolveProviderApiKeyConfig): Promise | null>; /** Configuration for API key diagnostics */ export interface DiagnosticsConfig { /** Environment variable names to check */ envVarNames: string[]; /** Resolver function to get the current key result */ resolve: () => Promise | null>; /** Candidate config file paths to report for provider-secret lookup. */ getConfigCandidates?: () => ConfigCandidate[]; } /** * Get diagnostic info about API key configuration. * * Reports which sources were checked (env vars that exist, config files that exist) * and whether a key was found. */ export declare function getApiKeyDiagnostics(config: DiagnosticsConfig): Promise<{ configured: boolean; source: Source | null; checkedPaths: string[]; }>; //# sourceMappingURL=api-key-resolver.d.ts.map