/** * Consumer token management — mint, list, and revoke MCP consumer tokens. * * Consumer tokens are stored in the `tokens` table (not the knowledge_base * API key registry). Each token is a random base64url secret whose SHA256+pepper * hash is stored in `tokenHash`. The raw secret is returned only at mint time * and never stored — if lost, the user must revoke and mint a new token. * * Token format: a raw base64url string (no keyId prefix). * URL-embedded form: `https://api.iranti.dev/mcp/` * * Scope is always `mcp_consumer_t0` for Tier 0 (URL-embedded, no OAuth). * Surface tracks which AI frontend the token was created for. */ import { Surface, TokenScope } from '../generated/prisma/client'; export interface ConsumerTokenRecord { id: number; tokenHashPrefix: string; userId: number; scope: TokenScope; surface: Surface; createdAt: Date; lastUsedAt: Date; revokedAt: Date | null; } /** * Mint a new consumer MCP token for a user. * * Returns the raw secret (shown once only) and the token record. * The full URL to use in Claude.ai / ChatGPT is: * `https://api.iranti.dev/mcp/` */ export declare function createConsumerToken(input: { userId: number; surface: Surface; scope?: TokenScope; }): Promise<{ rawSecret: string; record: ConsumerTokenRecord; mcpUrl: string; }>; /** * Revoke a consumer token by its database id. * Returns false if the token does not belong to userId (ownership check). */ export declare function revokeConsumerToken(tokenId: number, userId: number): Promise; /** * List all consumer tokens for a user. * Never returns the raw secret — only the prefix hash for identification. */ export declare function listConsumerTokens(userId: number): Promise; //# sourceMappingURL=consumerTokens.d.ts.map