import { Cache } from '@vltpkg/cache';
import type { Integrity } from '@vltpkg/types';
import type { Dispatcher } from 'undici';
import { RetryAgent } from 'undici';
import type { Token } from './auth.ts';
import { clearRuntimeTokens, deleteToken, getKC, getToken, getTokenByURL, isToken, keychains, normalizeRegistryKey, registryBase, runtimeTokens, setRuntimeToken, setToken } from './auth.ts';
import type { JSONObj } from './cache-entry.ts';
import { CacheEntry } from './cache-entry.ts';
import type { TokenResponse } from './token-response.ts';
import type { WebAuthChallenge } from './web-auth-challenge.ts';
import { oidc } from './oidc.ts';
import type { OidcOptions } from './oidc.ts';
export { CacheEntry, clearRuntimeTokens, deleteToken, getKC, getToken, getTokenByURL, isToken, keychains, normalizeRegistryKey, oidc, registryBase, runtimeTokens, setRuntimeToken, setToken, type JSONObj, type OidcOptions, type Token, type TokenResponse, type WebAuthChallenge, };
export type CacheableMethod = 'GET' | 'HEAD';
export declare const isCacheableMethod: (m: unknown) => m is CacheableMethod;
export type RegistryClientOptions = {
    /**
     * Path on disk where the cache should be stored
     *
     * Defaults to the XDG cache folder for `vlt/registry-client`
     */
    cache?: string;
    /**
     * Number of retries to perform when encountering network errors or
     * likely-transient errors from git hosts.
     */
    'fetch-retries'?: number;
    /** The exponential backoff factor to use when retrying git hosts */
    'fetch-retry-factor'?: number;
    /** Number of milliseconds before starting first retry */
    'fetch-retry-mintimeout'?: number;
    /** Maximum number of milliseconds between two retries */
    'fetch-retry-maxtimeout'?: number;
    /** the identity to use for storing auth tokens */
    identity?: string;
    /**
     * If the server does not serve a `stale-while-revalidate` value in the
     * `cache-control` header, then this multiplier is applied to the `max-age`
     * or `s-maxage` values.
     *
     * By default, this is `60`, so for example a response that is cacheable for
     * 5 minutes will allow a stale response while revalidating for up to 5
     * hours.
     *
     * If the server *does* provide a `stale-while-revalidate` value, then that
     * is always used.
     *
     * Set to 0 to prevent any `stale-while-revalidate` behavior unless
     * explicitly allowed by the server's `cache-control` header.
     */
    'stale-while-revalidate-factor'?: number;
};
export type RegistryClientRequestOptions = Omit<Dispatcher.RequestOptions, 'method' | 'path'> & {
    /**
     * `path` should not be set when using the RegistryClient.
     * It will be overwritten with the path on the URL being requested.
     * This only here for compliance with the DispatchOptions base type.
     * @deprecated
     */
    path?: string;
    /**
     * Method is optional, defaults to 'GET'
     */
    method?: Dispatcher.DispatchOptions['method'];
    /**
     * Provide an SRI string to verify integrity of the item being fetched.
     *
     * This is only relevant when it must make a request to the registry. Once in
     * the local disk cache, items are assumed to be trustworthy.
     */
    integrity?: Integrity;
    /**
     * Set to true if the integrity should be trusted implicitly without
     * a recalculation, for example if it comes from a trusted registry that
     * also serves the tarball itself.
     */
    trustIntegrity?: boolean;
    /**
     * Follow up to 10 redirections by default. Set this to 0 to just return
     * the 3xx response. If the max redirections are expired, and we still get
     * a redirection response, then fail the request. Redirection cycles are
     * always treated as an error.
     */
    maxRedirections?: number;
    /**
     * the number of redirections that have already been seen. This is used
     * internally, and should always start at 0.
     * @internal
     */
    redirections?: Set<string>;
    /**
     * Set to `false` to suppress ANY lookups from cache. This will also
     * prevent storing the result to the cache.
     */
    useCache?: false;
    /**
     * Set to pass an `npm-otp` header on the request.
     *
     * This should not be set except by the RegistryClient itself, when
     * we receive a 401 response with an OTP challenge.
     * @internal
     */
    otp?: string;
    /**
     * Set to false to explicitly prevent `stale-while-revalidate` behavior,
     * for use in revalidating while stale.
     * @internal
     */
    staleWhileRevalidate?: false;
};
export declare const userAgent: string;
export declare class RegistryClient {
    #private;
    agent: RetryAgent;
    cache: Cache;
    identity: string;
    staleWhileRevalidateFactor: number;
    constructor(options: RegistryClientOptions);
    /**
     * Fetch the entire set of a paginated list of objects
     */
    scroll<T>(url: URL | string, options?: RegistryClientRequestOptions, seek?: (obj: T) => boolean): Promise<T[]>;
    /**
     * find a given item in a paginated set
     */
    seek<T>(url: URL | string, seek: (obj: T) => boolean, options?: RegistryClientRequestOptions): Promise<T | undefined>;
    /**
     * Log out from the registry specified, attempting to destroy the
     * token if the registry supports that endpoint.
     */
    logout(registry: string): Promise<void>;
    /**
     * Log into the registry specified
     *
     * Does not return the token or expose it, just saves to the auth keychain
     * and returns void if it worked. Otherwise, error is raised.
     */
    login(registry: string): Promise<void>;
    /**
     * Given a {@link WebAuthChallenge}, open the `authUrl` in a browser and
     * hang on the `doneUrl` until it returns a {@link TokenResponse} object.
     */
    webAuthOpener({ doneUrl, authUrl }: WebAuthChallenge): Promise<TokenResponse>;
    request(url: URL | string, options?: RegistryClientRequestOptions): Promise<CacheEntry>;
}