#!/usr/bin/env node
/**
 * NeuroLink Auth Command
 *
 * Unified authentication command for AI providers supporting:
 * - API key authentication (traditional)
 * - OAuth 2.1 authentication with PKCE (for Claude subscription)
 *
 * Subcommands:
 * - login: Authenticate with a provider (supports --add/--label for multi-account)
 * - logout: Clear stored credentials
 * - status: Show authentication status
 * - refresh: Manually refresh OAuth tokens
 * - list: List all authenticated accounts
 * - remove: Remove an authenticated account
 *
 * Currently supports:
 * - Anthropic (API key + OAuth)
 */
import type { AuthCommandArgs } from "../../lib/types/index.js";
/**
 * Handle the login subcommand
 * `neurolink auth login <provider>`
 *
 * When --add is specified, saves tokens to the TokenStore with a compound key
 * (e.g., "anthropic:alice") to support multi-account pools.
 */
export declare function handleLogin(argv: AuthCommandArgs): Promise<void>;
/**
 * Handle the list subcommand
 * `neurolink auth list`
 *
 * Lists all authenticated accounts from the TokenStore.
 */
export declare function handleList(argv: AuthCommandArgs): Promise<void>;
/**
 * Handle the remove subcommand
 * `neurolink auth remove <provider> --label <label>` or `neurolink auth remove <provider> --account <key>`
 *
 * Removes an authenticated account from the TokenStore.
 * When neither --label nor --account is given, removes the default (unlabelled) account
 * for the specified provider.
 */
export declare function handleRemove(argv: AuthCommandArgs): Promise<void>;
/**
 * Handle the logout subcommand
 * `neurolink auth logout <provider>`
 */
export declare function handleLogout(argv: AuthCommandArgs): Promise<void>;
/**
 * Handle the status subcommand
 * `neurolink auth status [provider]`
 */
export declare function handleStatus(argv: AuthCommandArgs): Promise<void>;
/**
 * Handle the refresh subcommand
 * `neurolink auth refresh <provider>`
 */
export declare function handleRefresh(argv: AuthCommandArgs): Promise<void>;
/**
 * Handle the cleanup subcommand
 * `neurolink auth cleanup [--force]`
 *
 * Removes stale accounts from the token store:
 *   1. Expired entries with no refresh token (via pruneExpired)
 *   2. Permanently disabled entries (after confirmation)
 */
export declare function handleCleanup(argv: AuthCommandArgs): Promise<void>;
/**
 * Handle the enable subcommand
 * `neurolink auth enable <account>`
 *
 * Re-enables a previously disabled account so it can be used by the proxy pool again.
 */
export declare function handleEnable(argv: AuthCommandArgs): Promise<void>;
/**
 * Handle the set-primary subcommand
 * `neurolink auth set-primary <email> [--config <path>]`
 *
 * Writes routing.primary-account to the proxy config YAML so the proxy
 * tries this account first under fill-first/round-robin home semantics.
 * Does not touch the token store.
 */
export declare function handleSetPrimary(argv: AuthCommandArgs): Promise<void>;
/**
 * Handle the get-primary subcommand
 * `neurolink auth get-primary [--config <path>]`
 */
export declare function handleGetPrimary(argv: AuthCommandArgs): Promise<void>;
/**
 * Handle the clear-primary subcommand
 * `neurolink auth clear-primary [--config <path>]`
 */
export declare function handleClearPrimary(argv: AuthCommandArgs): Promise<void>;
/**
 * Legacy main auth command handler
 * @deprecated Use subcommand handlers instead
 */
export declare function handleAuth(argv: {
    provider?: string;
    method?: "api-key" | "oauth";
    status?: boolean;
    logout?: boolean;
    nonInteractive?: boolean;
    debug?: boolean;
}): Promise<void>;