export interface ApiKeyRecord { keyId: string; owner: string; secretHash: string; scopes: string[]; isActive: boolean; createdAt: string; revokedAt?: string | null; description?: string; } interface ApiKeyRegistry { version: number; keys: ApiKeyRecord[]; } type AuthMode = 'legacy_env' | 'legacy_list' | 'registry'; export interface ApiKeyValidationResult { ok: boolean; mode?: AuthMode; keyId?: string; owner?: string; scopes?: string[]; userId?: number; tokenScope?: string; status?: 401 | 500; error?: string; } export declare function hashApiKeySecret(secret: string): string; export declare function generateApiKeySecret(length?: number): string; export declare function formatApiKeyToken(keyId: string, secret: string): string; export declare function parseApiKeyToken(token: string): { keyId: string; secret: string; } | null; export declare function invalidateApiKeyCache(): void; export declare function loadApiKeyRegistry(forceRefresh?: boolean): Promise; export declare function saveApiKeyRegistry(registry: ApiKeyRegistry): Promise; export declare function createOrRotateApiKey(input: { keyId: string; owner: string; scopes?: string[]; description?: string; }): Promise<{ token: string; record: ApiKeyRecord; }>; export declare function revokeApiKey(keyIdRaw: string): Promise; export declare function listApiKeys(): Promise; export declare function validateApiKey(providedKey: string | undefined): Promise; export {}; //# sourceMappingURL=apiKeys.d.ts.map