import type { FilesOperation } from "./protocol.js"; export interface AuthorizeContext { operation: FilesOperation; /** The raw request — cookies, headers, and session live here. */ req: Request; /** Single-key ops (client-supplied, before the authorize prefix is applied). */ key?: string; /** Bulk ops. */ keys?: string[]; from?: string; to?: string; /** Parsed, validated op params (read-only). */ params: Readonly>; } export type AuthorizeResult = void | { /** Prepended to every key/from/to before the `Files` call. */ keyPrefix?: string; /** Hard cap on `url()`/`download` expiry (further clamped by capability). */ maxExpiresIn?: number; /** Allow inline disposition for download/url (default forces attachment). */ disposition?: "attachment" | "inline" | string; /** Narrow which keys a bulk op may touch (filter, don't reject the batch). */ filterKeys?: (key: string) => boolean; /** Clamp list/search page size below the router default. */ maxResults?: number; }; export type Authorize = (ctx: AuthorizeContext) => AuthorizeResult | Promise; export interface Scope { prefix: string; maxExpiresIn?: number; disposition?: string; filterKeys?: (key: string) => boolean; maxResults?: number; } export declare const runAuthorize: (authorize: Authorize | undefined, operations: ReadonlySet | undefined, ctx: AuthorizeContext) => Promise; //# sourceMappingURL=authorize.d.ts.map