import { Buffer } from 'node:buffer';
import type { AppflowEffectDeps } from './flow.js';
import type { AppflowProgress } from './types.js';
import type { AppflowToken } from './auth.js';
/** Load a cached Appflow token, or null when absent/unreadable. Never throws. */
export declare function loadAppflowToken(): AppflowToken | null;
/** Persist an Appflow token to the credentials dir (0700 dir / best-effort). Never throws. */
/** Persist an Appflow token to the credentials dir atomically (0700 dir / 0600
 * file, temp+rename). Best-effort and never throws: a failure just means the next
 * run re-auths. Uses the shared safe-write helpers (symlink-guarded, atomic). */
export declare function saveAppflowToken(token: AppflowToken): void;
/**
 * PLAY_CONFIG_JSON is stored base64-encoded (the same convention the native
 * android flow uses — see android/types.ts). Decode it to the raw service-account
 * JSON bytes for validation; if the value is already raw JSON (starts with '{'),
 * pass it through as utf8. Exported for unit testing the encoding contract.
 */
export declare function serviceAccountJsonBytes(value: string): Buffer;
/**
 * Reader: load a user-provided App Store Connect API key (.p8) file and return
 * its base64-encoded bytes, ready to store as APPLE_KEY_CONTENT (the same
 * encoding the native iOS flow and the generate path use). Reads the raw bytes
 * (a .p8 is PEM text, but we base64 the file as-is to match the generate path).
 * Advisory: returns null on any error (missing / unreadable file), never throws.
 */
export declare function readP8File(path: string): Promise<string | null>;
/**
 * Build the production AppflowEffectDeps for a given app id. The `packageName`
 * (the Play package, when known) sharpens the service-account probe; pass the
 * appId as a fallback. Token cache, browser, logger, and validators are all
 * wired here so the engine and the TUI share one source of truth.
 */
export declare function buildAppflowEffectDeps(opts?: {
    appId?: string;
    packageName?: string;
}): AppflowEffectDeps;
/**
 * Persist the collected per-platform Capgo creds into the REAL credential store
 * (the same path the native flows use), so the build/validate/CI tail cannot
 * tell migrated creds from natively-set-up ones. Writes only the platforms that
 * actually collected creds. Returns the platforms written.
 */
export declare function persistAppflowCredentials(appId: string, progress: AppflowProgress, local?: boolean): Promise<('ios' | 'android')[]>;
