/**
 * Security Utilities
 *
 * Shared security functions for webhook verification and cryptographic operations.
 * DRY Fix: Consolidated from typeform, calendly, weave, nexhealth integrations.
 */
/**
 * Constant-time string comparison to prevent timing attacks
 *
 * Used for comparing webhook signatures, API keys, and other sensitive values
 * where timing attacks could reveal information about the expected value.
 *
 * @param a - First string to compare
 * @param b - Second string to compare
 * @returns true if strings are equal, false otherwise
 *
 * @example
 * ```typescript
 * const isValid = secureCompare(receivedSignature, expectedSignature);
 * ```
 */
export declare function secureCompare(a: string, b: string): boolean;
/**
 * Verify HMAC webhook signature
 *
 * Common pattern for webhook verification across integrations.
 *
 * @param payload - Raw webhook payload (string or buffer)
 * @param signature - Signature from webhook header
 * @param secret - Webhook secret for HMAC computation
 * @param options - Optional configuration
 * @param options.algorithm - Hash algorithm (default: SHA-256)
 * @param options.encoding - Signature encoding format (default: hex)
 * @returns true if signature is valid
 *
 * @example
 * ```typescript
 * // Hex encoding (default - used by most webhooks)
 * const isValid = await verifyHmacSignature(
 *   request.body,
 *   request.headers['x-signature'],
 *   webhookSecret
 * );
 *
 * // Base64 encoding (used by DocuSign, QuickBooks)
 * const isValid = await verifyHmacSignature(
 *   request.body,
 *   request.headers['x-signature'],
 *   webhookSecret,
 *   { encoding: 'base64' }
 * );
 * ```
 */
export declare function verifyHmacSignature(payload: string | ArrayBuffer, signature: string, secret: string, options?: {
    algorithm?: 'SHA-256' | 'SHA-1';
    encoding?: 'hex' | 'base64';
}): Promise<boolean>;
/**
 * Generate a random token for CSRF protection or state parameters
 *
 * @param length - Length of the token in bytes (default: 32)
 * @returns Hex-encoded random token
 */
export declare function generateSecureToken(length?: number): string;
//# sourceMappingURL=security.d.ts.map