/** * Per-domain auth profile. * - developerToken: permanent token, manually provided via `login --token` * - accessToken: temporary OAuth token from Device Code flow * Priority: developerToken > accessToken */ export interface AuthProfile { developerToken?: string; accessToken?: string; accessTokenExpiresAt?: number; refreshToken?: string; refreshTokenExpiresAt?: number; clientId?: string; tokenId?: string; lastUsedAt?: number; } /** Multi-domain auth store: origin → AuthProfile */ export type AuthStore = Record; export declare function resolveConfigDir(): string; export declare function resolveConfigPath(): string; /** Load the full multi-domain auth store from disk. */ export declare function loadStore(): AuthStore; /** Save the full multi-domain auth store to disk. */ export declare function saveStore(store: AuthStore): void; /** Load the auth profile for a specific domain. */ export declare function loadProfile(serverUrl: string): AuthProfile | null; /** Save/update the auth profile for a specific domain (merge, not overwrite). */ export declare function saveProfile(serverUrl: string, update: Partial): void; /** * 给某域名打上「最近使用」时间戳(unix 秒)。仅当该 origin 已是文件里的真实登录态 * 时才写——纯环境变量来源 / 未登录的 origin 不落盘,避免污染 auth.json。 * * 写失败静默吞掉:这只是给 whoami 用的「最近使用」提示,绝不能因为落盘失败 * (磁盘满 / 权限)把一次本该成功的鉴权拖垮(与 loadStore 读失败返回 {} 同策略)。 */ export declare function touchLastUsed(serverUrl: string): void; /** * Load effective auth profile for a domain. * Falls back to env vars if no file-based profile exists. */ export declare function loadEffectiveProfile(serverUrl: string): AuthProfile | null; /** * Resolve the effective Bearer token for a domain. * Priority: developerToken > accessToken * Returns the token string, or null if none available. */ export declare function resolveToken(profile: AuthProfile): string | null; /** * Check whether the profile has a permanent developer token. */ export declare function hasDeveloperToken(profile: AuthProfile): boolean; export declare function authSource(): 'env' | 'config';