/** * API key / OAuth token validation for MCP and ACP endpoints. * * Two accepted credential types (checked in order): * * 1. MCP_API_KEY (legacy / admin) * Authorization: Bearer * Validated with constant-time comparison — no DB lookup needed. * * 2. OAuth access token (AI platforms) * Issued by POST /oauth/token (client_credentials grant). * Validated against mcp_access_tokens table in Supabase. * Tokens expire after 1 hour — clients re-fetch automatically. * * When MCP_API_KEY is unset, the server runs in open mode (all callers allowed). */ /** * Full async validation — checks MCP_API_KEY first, then OAuth tokens. * Returns null if valid, error string if invalid. */ export declare function validateAuth(authorizationHeader: string | undefined): Promise; /** * Synchronous legacy validator — only checks MCP_API_KEY. * @deprecated Use validateAuth() for full OAuth support. */ export declare function validateApiKey(authorizationHeader: string | string[] | undefined): string | null;