import type { Context } from "../context.ts";
import type { Secret } from "../secret.ts";
import { type CloudflareApiOptions } from "./api.ts";
/**
 * Properties for creating or updating an {@link AccessServiceToken}.
 */
export interface AccessServiceTokenProps extends CloudflareApiOptions {
    /**
     * Display name of the service token.
     *
     * @default ${app}-${stage}-${id}
     */
    name?: string;
    /**
     * How long the token is valid for. Format: a Cloudflare duration string
     * such as `"24h"`, `"30d"`, or `"8760h"` (one year).
     *
     * @default "8760h"
     */
    duration?: string;
    /**
     * Adopt an existing service token with the same name instead of failing
     * with a duplicate-name error.
     *
     * Note: when adopting, the `clientSecret` cannot be recovered — the output
     * `clientSecret` will be `undefined`. Recreate the resource (or rotate via
     * the Cloudflare dashboard) if you need a new secret.
     *
     * @default false
     */
    adopt?: boolean;
    /**
     * Whether to delete the token when removed from Alchemy.
     *
     * @default true
     */
    delete?: boolean;
}
/**
 * Output for an {@link AccessServiceToken}.
 */
export type AccessServiceToken = Omit<AccessServiceTokenProps, "delete" | "adopt"> & {
    /** Cloudflare-assigned token UUID. */
    id: string;
    /** Display name of the token. */
    name: string;
    /**
     * Value sent in the `CF-Access-Client-Id` header when authenticating.
     */
    clientId: string;
    /**
     * Value sent in the `CF-Access-Client-Secret` header when authenticating.
     * **Returned only on creation** — `undefined` for adopted tokens.
     */
    clientSecret?: Secret;
    /** ISO 8601 creation timestamp. */
    createdAt: string;
    /** ISO 8601 last-update timestamp. */
    updatedAt: string;
};
/**
 * Type guard for {@link AccessServiceToken}.
 */
export declare function isAccessServiceToken(resource: any): resource is AccessServiceToken;
/**
 * Creates a Cloudflare Zero Trust [Access service token](https://developers.cloudflare.com/cloudflare-one/identity/service-tokens/)
 * for machine-to-machine authentication against Access-protected applications.
 *
 * The returned `clientSecret` is only available on creation — store it
 * immediately. Adopted tokens have `clientSecret: undefined`.
 *
 * @example
 * // Basic service token (defaults to 1 year duration)
 * const token = await AccessServiceToken("ci-token", {
 *   name: "ci-runner",
 * });
 *
 * @example
 * // Custom duration
 * const shortLived = await AccessServiceToken("preview", {
 *   name: "preview-deploy-token",
 *   duration: "720h", // 30 days
 * });
 */
export declare const AccessServiceToken: (((this: any, id: string, props?: {}) => never) & (new (_: never) => never)) | ((this: Context<AccessServiceToken>, id: string, props: AccessServiceTokenProps) => Promise<AccessServiceToken>);
//# sourceMappingURL=access-service-token.d.ts.map