import { BoxClient } from 'box-typescript-sdk-gen';
export { BoxClient } from 'box-typescript-sdk-gen';
import { Adapter, FilesError } from '../index.js';

interface BoxOAuthOptions {
    readonly clientId: string;
    readonly clientSecret: string;
    /**
     * A long-lived refresh token previously obtained via Box's authorization
     * code flow. The adapter seeds the auth's token storage with this value;
     * the SDK then exchanges it for a fresh access token on the first API call
     * and re-refreshes when the access token expires.
     */
    readonly refreshToken: string;
}
interface BoxCcgOptions {
    readonly clientId: string;
    readonly clientSecret: string;
    /**
     * Pass `enterpriseId` to authenticate as the service account, or `userId`
     * to authenticate as a managed/app user. At least one is required.
     */
    readonly enterpriseId?: string;
    readonly userId?: string;
}
type BoxJwtOptions = {
    readonly configJsonString: string;
} | {
    readonly configFilePath: string;
};
interface BoxAdapterOptions {
    /**
     * Logical "bucket root" — virtual keys live under this Box folder ID.
     * Use `"0"` (the default) to anchor at the user's root folder. The folder
     * must already exist; intermediate subfolders are auto-created on upload.
     */
    rootFolderId?: string;
    /**
     * When `true`, `upload()` also creates a public shared link (anyone with
     * the link can preview/download) and `url()` returns that link's
     * `download_url` (or `url` if `download_url` is absent — typical for
     * non-binary previews). When `false` (default), `url()` mints a
     * short-lived signed download URL via `getDownloadFileUrl`.
     *
     * **Plan/policy note:** public shared links may be restricted on Box
     * Business or Enterprise plans; the adapter surfaces Box's
     * `access_denied_insufficient_permissions` error unmodified in that case.
     */
    publicByDefault?: boolean;
    /**
     * Origin used to build URLs from `url()`. When set, `url(key)` returns
     * `${publicBaseUrl}/${key}` and skips both signing and shared-link
     * resolution. Useful when a CDN or vanity domain sits in front of
     * pre-shared Box links.
     */
    publicBaseUrl?: string;
    /**
     * Default expiry, in seconds, used when `url()` mints a signed download
     * URL via `getDownloadFileUrl`. Box does not document a hard maximum
     * for these URLs (they are short-lived by API design); the adapter
     * passes the value through. Defaults to 3600.
     */
    defaultUrlExpiresIn?: number;
    /**
     * Pre-built `BoxClient` — escape hatch for callers that already wire
     * auth themselves (e.g. with custom `NetworkSession`, proxy config, or
     * downscoped tokens).
     */
    client?: BoxClient;
    /**
     * Static developer token from the Box developer console. Useful for
     * scripts and trying the adapter; production apps should use OAuth, CCG,
     * or JWT instead. Falls back to env `BOX_DEVELOPER_TOKEN`.
     */
    developerToken?: string;
    /** OAuth2 user-app flow seeded with a refresh token. */
    oauth?: BoxOAuthOptions;
    /** Server-side Client Credentials Grant. */
    ccg?: BoxCcgOptions;
    /** JWT Server Authentication, configured via the JSON blob from Box's developer console. */
    jwt?: BoxJwtOptions;
}

type BoxAdapter = Adapter<BoxClient> & {
    readonly rootFolderId: string;
};
declare const mapBoxError: (err: unknown) => FilesError;
declare const box: (opts?: BoxAdapterOptions) => BoxAdapter;

export { type BoxAdapter, type BoxAdapterOptions, type BoxCcgOptions, type BoxJwtOptions, type BoxOAuthOptions, box, mapBoxError };