/**
 * Generate a JWT for App Store Connect API authentication.
 * Uses ES256 algorithm with the .p8 private key.
 */
export declare function generateJwt(keyId: string, issuerId: string, p8Content: string): string;
/**
 * Verify the API key works and try to detect the team ID from existing certificates.
 * Throws on 401/403 with a user-friendly message.
 */
export declare function verifyApiKey(token: string): Promise<{
    valid: true;
    teamId: string;
}>;
/**
 * List all iOS distribution certificates.
 */
export declare function listDistributionCerts(token: string): Promise<Array<{
    id: string;
    name: string;
    serialNumber: string;
    expirationDate: string;
}>>;
/**
 * Revoke (delete) a certificate by ID.
 */
export declare function revokeCertificate(token: string, certId: string): Promise<void>;
/**
 * Error thrown when certificate limit is reached.
 * Contains the existing certificates so the UI can ask the user which to revoke.
 */
export declare class CertificateLimitError extends Error {
    readonly certificates: Array<{
        id: string;
        name: string;
        serialNumber: string;
        expirationDate: string;
    }>;
    constructor(certificates: Array<{
        id: string;
        name: string;
        serialNumber: string;
        expirationDate: string;
    }>);
}
/**
 * Create a distribution certificate using a CSR.
 * Returns the certificate ID, base64 DER content, expiration date, and team ID.
 *
 * Throws CertificateLimitError if the limit is reached, so the UI can ask
 * the user which certificate to revoke.
 */
export declare function createCertificate(token: string, csrPem: string): Promise<{
    certificateId: string;
    certificateContent: string;
    expirationDate: string;
    teamId: string;
}>;
/**
 * Find an existing bundle ID or register a new one.
 * Returns the Apple resource ID needed for profile creation.
 */
export declare function ensureBundleId(token: string, identifier: string): Promise<{
    bundleIdResourceId: string;
}>;
/**
 * Get the profile name we use for a given appId.
 */
export declare function getCapgoProfileName(appId: string): string;
/**
 * Find existing provisioning profiles matching our naming convention.
 * Only returns profiles we created (named "Capgo <appId> AppStore").
 */
export declare function findCapgoProfiles(token: string, appId: string): Promise<Array<{
    id: string;
    name: string;
    profileType: string;
}>>;
/**
 * Delete a provisioning profile by ID.
 */
export declare function deleteProfile(token: string, profileId: string): Promise<void>;
/**
 * Create an App Store provisioning profile linking a certificate and bundle ID.
 * Returns the base64 mobileprovision content.
 *
 * Throws a DuplicateProfileError if duplicate profiles exist, so the caller
 * can ask the user whether to delete them and retry.
 */
export declare class DuplicateProfileError extends Error {
    readonly profiles: Array<{
        id: string;
        name: string;
        profileType: string;
    }>;
    constructor(profiles: Array<{
        id: string;
        name: string;
        profileType: string;
    }>);
}
export declare function createProfile(token: string, bundleIdResourceId: string, certificateId: string, appId: string): Promise<{
    profileId: string;
    profileName: string;
    profileContent: string;
    expirationDate: string;
}>;