import { P as SharedState, d as DevframeNodeContext, f as DevframeNodeRpcSession } from "../devframe-BuR6n9ZD.mjs";
import { n as InternalAnonymousAuthStorage } from "../context-DTRcO_UH.mjs";

//#region src/node/auth/revoke.d.ts
/**
 * Flip `isTrusted` to false on any live WS clients connected with `token`
 * and broadcast the `auth:revoked` event so they can react.
 *
 * Shared between persisted-auth revocation and remote-dock token revocation.
 */
declare function revokeActiveConnectionsForToken(context: DevframeNodeContext, token: string): Promise<void>;
/**
 * Revoke an auth token: remove from storage and notify all connected clients
 * using this token that they are no longer trusted.
 */
declare function revokeAuthToken(context: DevframeNodeContext, storage: SharedState<InternalAnonymousAuthStorage>, token: string): Promise<void>;
//#endregion
//#region src/node/auth/state.d.ts
interface PendingAuthRequest {
  clientAuthToken: string;
  session: DevframeNodeRpcSession;
  ua: string;
  origin: string;
  resolve: (result: {
    isTrusted: boolean;
  }) => void;
  abortController: AbortController;
  timeout: ReturnType<typeof setTimeout>;
}
declare function getTempAuthToken(): string;
declare function refreshTempAuthToken(): string;
declare function getPendingAuth(): PendingAuthRequest | null;
declare function setPendingAuth(request: PendingAuthRequest | null): void;
/**
 * Abort and clean up any existing pending auth request.
 */
declare function abortPendingAuth(): void;
/**
 * Consume the temp auth ID: verify it matches, trust the pending client, and clean up.
 * Returns the client's authToken if successful, null otherwise.
 */
declare function consumeTempAuthToken(id: string, storage: SharedState<InternalAnonymousAuthStorage>): string | null;
//#endregion
export { PendingAuthRequest, abortPendingAuth, consumeTempAuthToken, getPendingAuth, getTempAuthToken, refreshTempAuthToken, revokeActiveConnectionsForToken, revokeAuthToken, setPendingAuth };