/**
 * Web3Signed Authorization header parsing and verification.
 *
 * @remarks
 * Header format: `"Web3Signed {base64url(payload)}.{signature}"`.
 * Payload is JSON with fields `aud`, `method`, `uri`, `bodyHash`, `iat`, `exp`,
 * and optional `grantId`. The signature is EIP-191 over the base64url-encoded
 * payload string.
 *
 * Ported from `personal-server-ts` (`packages/core/src/auth/web3-signed.ts`).
 * Adjusted to be isomorphic (no `Buffer`) and to use SDK-local error types.
 *
 * @category Auth
 */
export interface Web3SignedPayload {
    aud: string;
    method: string;
    uri: string;
    bodyHash: string;
    iat: number;
    exp: number;
    grantId?: string;
}
export interface VerifiedAuth {
    signer: `0x${string}`;
    payload: Web3SignedPayload;
}
/**
 * Parse a `"Web3Signed <base64url>.<signature>"` header value.
 *
 * @throws {MissingAuthError} If the header is missing or empty.
 * @throws {InvalidSignatureError} If the format is invalid.
 */
export declare function parseWeb3SignedHeader(headerValue: string | undefined): {
    payloadBase64: string;
    payload: Web3SignedPayload;
    signature: `0x${string}`;
};
/**
 * Full verification: parse header, recover signer via EIP-191, check claims.
 *
 * @remarks
 * Steps:
 * 1. Parse header to base64url + signature.
 * 2. Recover signer via {@link recoverMessageAddress} (EIP-191) over the base64url payload string.
 * 3. Check `aud === expectedOrigin`, `method === expectedMethod`, `uri === expectedPath`.
 * 4. Optionally check `bodyHash` against `bodyBytes`.
 * 5. Check `iat`/`exp` within a 60s clock skew.
 *
 * @returns The recovered signer address and parsed payload.
 */
export declare function verifyWeb3Signed(params: {
    headerValue: string | undefined;
    expectedOrigin: string;
    expectedMethod: string;
    expectedPath: string;
    bodyBytes?: Uint8Array;
    now?: number;
}): Promise<VerifiedAuth>;