import type { AuthUser, AuthSession, AuthenticatedContext, AuthProviderType, AuthRequestContext } from "../types/index.js";
/**
 * Run a function with authentication context
 *
 * Sets up async local storage so getAuthContext() can be called
 * from anywhere within the callback's execution.
 *
 * @param context - The authenticated context
 * @param callback - Function to run with context available
 * @returns Result of the callback
 *
 * @example
 * ```typescript
 * await runWithAuthContext(authContext, async () => {
 *   // Inside here, getAuthContext() returns the context
 *   const user = getCurrentUser();
 *   await processRequest();
 * });
 * ```
 */
export declare function runWithAuthContext<T>(context: AuthenticatedContext, callback: () => T | Promise<T>): T | Promise<T>;
/**
 * Get the current authentication context
 *
 * Returns the authenticated context for the current request,
 * or undefined if no context is set.
 *
 * @returns Current auth context or undefined
 *
 * @example
 * ```typescript
 * const context = getAuthContext();
 * if (context) {
 *   console.log("Current user:", context.user.email);
 * }
 * ```
 */
export declare function getAuthContext(): AuthenticatedContext | undefined;
/**
 * Get the current authenticated user
 *
 * Convenience function to get just the user from context.
 *
 * @returns Current user or undefined
 *
 * @example
 * ```typescript
 * const user = getCurrentUser();
 * if (user) {
 *   console.log("Hello,", user.name);
 * }
 * ```
 */
export declare function getCurrentUser(): AuthUser | undefined;
/**
 * Get the current session
 *
 * Convenience function to get just the session from context.
 *
 * @returns Current session or undefined
 */
export declare function getCurrentSession(): AuthSession | undefined;
/**
 * Check if the current request is authenticated
 *
 * @returns True if authenticated, false otherwise
 */
export declare function isAuthenticated(): boolean;
/**
 * Require authentication
 *
 * Throws if no auth context is available.
 *
 * @returns The authenticated context
 * @throws Error if not authenticated
 *
 * @example
 * ```typescript
 * const context = requireAuth();
 * // Safe to use context.user here
 * ```
 */
export declare function requireAuth(): AuthenticatedContext;
/**
 * Require a specific user
 *
 * Throws if no auth context or user doesn't match.
 *
 * @param userId - Expected user ID
 * @returns The authenticated context
 * @throws Error if not authenticated or wrong user
 */
export declare function requireUser(userId: string): AuthenticatedContext;
/**
 * Check if current user has a permission
 *
 * @param permission - Permission to check
 * @returns True if user has permission
 */
export declare function hasPermission(permission: string): boolean;
/**
 * Check if current user has a role
 *
 * @param role - Role to check
 * @returns True if user has role
 */
export declare function hasRole(role: string): boolean;
/**
 * Check if current user has any of the roles
 *
 * @param roles - Roles to check (any of)
 * @returns True if user has at least one role
 */
export declare function hasAnyRole(roles: string[]): boolean;
/**
 * Check if current user has all permissions
 *
 * @param permissions - Permissions to check (all of)
 * @returns True if user has all permissions
 */
export declare function hasAllPermissions(permissions: string[]): boolean;
/**
 * Require a permission
 *
 * Throws if user doesn't have the permission.
 *
 * @param permission - Required permission
 * @throws Error if user lacks permission
 *
 * @example
 * ```typescript
 * requirePermission("admin:write");
 * // Safe to proceed with admin write operation
 * ```
 */
export declare function requirePermission(permission: string): void;
/**
 * Require a role
 *
 * Throws if user doesn't have the role.
 *
 * @param role - Required role
 * @throws Error if user lacks role
 */
export declare function requireRole(role: string): void;
/**
 * Create an authenticated context
 *
 * Helper to build an AuthenticatedContext object.
 *
 * @param user - The authenticated user
 * @param session - The user's session
 * @param request - The original request context
 * @param provider - The auth provider type
 * @returns Complete authenticated context
 */
export declare function createAuthenticatedContext(user: AuthUser, session: AuthSession, request: AuthRequestContext, provider: AuthProviderType): AuthenticatedContext;
/**
 * Context holder for non-async-local-storage environments
 *
 * Use this when async local storage is not available.
 */
export declare class AuthContextHolder {
    private context;
    /**
     * Set the auth context
     */
    set(context: AuthenticatedContext): void;
    /**
     * Get the auth context
     */
    get(): AuthenticatedContext | undefined;
    /**
     * Clear the auth context
     */
    clear(): void;
    /**
     * Get the current user
     */
    getUser(): AuthUser | undefined;
    /**
     * Get the current session
     */
    getSession(): AuthSession | undefined;
    /**
     * Check if authenticated
     */
    isAuthenticated(): boolean;
    /**
     * Check if user has permission
     */
    hasPermission(permission: string): boolean;
    /**
     * Check if user has role
     */
    hasRole(role: string): boolean;
}
export declare const globalAuthContext: AuthContextHolder;