/**
 * @license
 * Copyright 2025 Google LLC
 * SPDX-License-Identifier: Apache-2.0
 */
import { BaseTokenStore, type MCPOAuthToken, type MCPOAuthCredentials } from './token-store.js';
/**
 * File-based implementation of the BaseTokenStore.
 * Stores MCP OAuth tokens in a JSON file in the user's configuration directory.
 */
export declare class FileTokenStore extends BaseTokenStore {
    private readonly tokenFilePath;
    private readonly encryptionKey;
    private readonly serviceName;
    constructor(tokenFilePath?: string, options?: {
        serviceName?: string;
        encryptionKey?: Buffer;
    });
    /**
     * Ensure the config directory exists.
     */
    private ensureConfigDir;
    /**
     * Derive an encryption key for securing stored tokens.
     */
    private deriveEncryptionKey;
    /**
     * Encrypt token payload with AES-256-GCM.
     */
    private encrypt;
    /**
     * Decrypt stored payload. Falls back to plaintext for backward compatibility.
     */
    private decrypt;
    private readTokenPayload;
    private writeTokenPayload;
    /**
     * Load all stored MCP OAuth tokens.
     *
     * @returns A map of server names to credentials
     */
    loadTokens(): Promise<Map<string, MCPOAuthCredentials>>;
    /**
     * Save a token for a specific MCP server.
     *
     * @param serverName The name of the MCP server
     * @param token The OAuth token to save
     * @param clientId Optional client ID used for this token
     * @param tokenUrl Optional token URL used for this token
     * @param mcpServerUrl Optional MCP server URL
     */
    saveToken(serverName: string, token: MCPOAuthToken, clientId?: string, tokenUrl?: string, mcpServerUrl?: string): Promise<void>;
    /**
     * Get a token for a specific MCP server.
     *
     * @param serverName The name of the MCP server
     * @returns The stored credentials or null if not found
     */
    getToken(serverName: string): Promise<MCPOAuthCredentials | null>;
    /**
     * Remove a token for a specific MCP server.
     *
     * @param serverName The name of the MCP server
     */
    removeToken(serverName: string): Promise<void>;
    /**
     * Clear all stored MCP OAuth tokens.
     */
    clearAllTokens(): Promise<void>;
    /**
     * Validate that credentials object has the required structure.
     *
     * @param credentials The credentials to validate
     * @returns True if valid, false otherwise
     */
    private isValidCredentials;
}