import { jwtConfig } from "../auth/authenticate/Authenticator";
import { CustomOAuthStrategy, OAuthStrategy, PasswordStrategy } from "../auth/authenticate/strategies";
import { s } from "bknd/utils";
export declare const Strategies: {
    readonly password: {
        readonly cls: typeof PasswordStrategy;
        readonly schema: s.ObjectSchema<{
            readonly hashing: s.StringSchema<{
                readonly enum: readonly ["plain", "sha256", "bcrypt"];
                readonly default: "sha256";
            }> & {
                readonly enum: readonly ["plain", "sha256", "bcrypt"];
                readonly default: "sha256";
            };
            readonly rounds: {
                readonly maximum: 10;
                readonly minimum: 1;
            } & s.Schema<s.ISchemaOptions, number | undefined, number | undefined>;
            readonly minLength: {
                readonly default: 8;
                readonly minimum: 1;
            } & s.Schema<s.ISchemaOptions, number | undefined, number | undefined>;
        }, s.Merge<s.IObjectOptions & {
            additionalProperties: false;
        }>>;
    };
    readonly oauth: {
        readonly cls: typeof OAuthStrategy;
        readonly schema: s.ObjectSchema<{
            readonly name: s.StringSchema<{
                readonly enum: ("google" | "github")[];
            }> & {
                readonly enum: ("google" | "github")[];
            };
            readonly type: s.StringSchema<{
                readonly enum: readonly ["oidc", "oauth2"];
                readonly default: "oauth2";
            }> & {
                readonly enum: readonly ["oidc", "oauth2"];
                readonly default: "oauth2";
            };
            readonly client: s.ObjectSchema<{
                readonly client_id: s.StringSchema<s.IStringOptions> & s.IStringOptions;
                readonly client_secret: s.StringSchema<s.IStringOptions> & s.IStringOptions;
            }, s.Merge<s.IObjectOptions & {
                additionalProperties: false;
            }>>;
        }, {
            readonly title: "OAuth";
        }> & {
            readonly title: "OAuth";
        };
    };
    readonly custom_oauth: {
        readonly cls: typeof CustomOAuthStrategy;
        readonly schema: s.ObjectSchema<{
            readonly type: s.StringSchema<{
                readonly enum: readonly ["oidc", "oauth2"];
                readonly default: "oidc";
            }> & {
                readonly enum: readonly ["oidc", "oauth2"];
                readonly default: "oidc";
            };
            readonly name: s.StringSchema<s.IStringOptions> & s.IStringOptions;
            readonly client: s.ObjectSchema<{
                readonly client_id: s.StringSchema<s.IStringOptions> & s.IStringOptions;
                readonly client_secret: s.StringSchema<s.IStringOptions> & s.IStringOptions;
                readonly token_endpoint_auth_method: s.StringSchema<{
                    readonly enum: readonly ["client_secret_basic"];
                }> & {
                    readonly enum: readonly ["client_secret_basic"];
                };
            }, s.IObjectOptions> & s.IObjectOptions;
            readonly as: s.ObjectSchema<{
                readonly issuer: s.StringSchema<s.IStringOptions> & s.IStringOptions;
                readonly code_challenge_methods_supported: {
                    readonly enum: ["S256"];
                } & s.Schema<s.ISchemaOptions, "S256" | undefined, "S256" | undefined>;
                readonly scopes_supported: {
                    default?: any;
                    enum?: (readonly any[] | any[]) | undefined;
                    const?: any;
                    $defs?: Record<string, s.Schema> | undefined;
                    contains?: s.Schema | undefined;
                    minContains?: number | undefined;
                    maxContains?: number | undefined;
                    prefixItems?: s.Schema[] | undefined;
                    uniqueItems?: boolean | undefined;
                    maxItems?: number | undefined;
                    minItems?: number | undefined;
                    readonly items?: (s.StringSchema<s.IStringOptions> & s.IStringOptions) | undefined;
                } & s.Schema<s.ISchemaOptions, string[] | undefined, string[] | undefined>;
                readonly scope_separator: {
                    readonly default: " ";
                } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
                readonly authorization_endpoint: {
                    readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$";
                } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
                readonly token_endpoint: {
                    readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$";
                } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
                readonly userinfo_endpoint: {
                    readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$";
                } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
            }, s.Merge<s.IObjectOptions & {
                additionalProperties: false;
            }>>;
        }, s.Merge<{
            readonly title: "Custom OAuth";
        } & {
            additionalProperties: false;
        }>>;
    };
};
export declare const STRATEGIES: {
    readonly password: {
        readonly cls: typeof PasswordStrategy;
        readonly schema: s.ObjectSchema<{
            readonly hashing: s.StringSchema<{
                readonly enum: readonly ["plain", "sha256", "bcrypt"];
                readonly default: "sha256";
            }> & {
                readonly enum: readonly ["plain", "sha256", "bcrypt"];
                readonly default: "sha256";
            };
            readonly rounds: {
                readonly maximum: 10;
                readonly minimum: 1;
            } & s.Schema<s.ISchemaOptions, number | undefined, number | undefined>;
            readonly minLength: {
                readonly default: 8;
                readonly minimum: 1;
            } & s.Schema<s.ISchemaOptions, number | undefined, number | undefined>;
        }, s.Merge<s.IObjectOptions & {
            additionalProperties: false;
        }>>;
    };
    readonly oauth: {
        readonly cls: typeof OAuthStrategy;
        readonly schema: s.ObjectSchema<{
            readonly name: s.StringSchema<{
                readonly enum: ("google" | "github")[];
            }> & {
                readonly enum: ("google" | "github")[];
            };
            readonly type: s.StringSchema<{
                readonly enum: readonly ["oidc", "oauth2"];
                readonly default: "oauth2";
            }> & {
                readonly enum: readonly ["oidc", "oauth2"];
                readonly default: "oauth2";
            };
            readonly client: s.ObjectSchema<{
                readonly client_id: s.StringSchema<s.IStringOptions> & s.IStringOptions;
                readonly client_secret: s.StringSchema<s.IStringOptions> & s.IStringOptions;
            }, s.Merge<s.IObjectOptions & {
                additionalProperties: false;
            }>>;
        }, {
            readonly title: "OAuth";
        }> & {
            readonly title: "OAuth";
        };
    };
    readonly custom_oauth: {
        readonly cls: typeof CustomOAuthStrategy;
        readonly schema: s.ObjectSchema<{
            readonly type: s.StringSchema<{
                readonly enum: readonly ["oidc", "oauth2"];
                readonly default: "oidc";
            }> & {
                readonly enum: readonly ["oidc", "oauth2"];
                readonly default: "oidc";
            };
            readonly name: s.StringSchema<s.IStringOptions> & s.IStringOptions;
            readonly client: s.ObjectSchema<{
                readonly client_id: s.StringSchema<s.IStringOptions> & s.IStringOptions;
                readonly client_secret: s.StringSchema<s.IStringOptions> & s.IStringOptions;
                readonly token_endpoint_auth_method: s.StringSchema<{
                    readonly enum: readonly ["client_secret_basic"];
                }> & {
                    readonly enum: readonly ["client_secret_basic"];
                };
            }, s.IObjectOptions> & s.IObjectOptions;
            readonly as: s.ObjectSchema<{
                readonly issuer: s.StringSchema<s.IStringOptions> & s.IStringOptions;
                readonly code_challenge_methods_supported: {
                    readonly enum: ["S256"];
                } & s.Schema<s.ISchemaOptions, "S256" | undefined, "S256" | undefined>;
                readonly scopes_supported: {
                    default?: any;
                    enum?: (readonly any[] | any[]) | undefined;
                    const?: any;
                    $defs?: Record<string, s.Schema> | undefined;
                    contains?: s.Schema | undefined;
                    minContains?: number | undefined;
                    maxContains?: number | undefined;
                    prefixItems?: s.Schema[] | undefined;
                    uniqueItems?: boolean | undefined;
                    maxItems?: number | undefined;
                    minItems?: number | undefined;
                    readonly items?: (s.StringSchema<s.IStringOptions> & s.IStringOptions) | undefined;
                } & s.Schema<s.ISchemaOptions, string[] | undefined, string[] | undefined>;
                readonly scope_separator: {
                    readonly default: " ";
                } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
                readonly authorization_endpoint: {
                    readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$";
                } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
                readonly token_endpoint: {
                    readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$";
                } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
                readonly userinfo_endpoint: {
                    readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$";
                } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
            }, s.Merge<s.IObjectOptions & {
                additionalProperties: false;
            }>>;
        }, s.Merge<{
            readonly title: "Custom OAuth";
        } & {
            additionalProperties: false;
        }>>;
    };
};
declare const strategiesSchema: s.Schema<s.IUnionOptions, {
    enabled?: boolean | undefined;
    type: "password" | "oauth" | "custom_oauth";
    config: {
        minLength?: number | undefined;
        rounds?: number | undefined;
        hashing: "plain" | "sha256" | "bcrypt";
    } | {
        [x: string]: unknown;
        name: "google" | "github";
        type: "oidc" | "oauth2";
        client: {
            client_id: string;
            client_secret: string;
        };
    } | {
        name: string;
        type: "oidc" | "oauth2";
        client: {
            [x: string]: unknown;
            client_id: string;
            client_secret: string;
            token_endpoint_auth_method: "client_secret_basic";
        };
        as: {
            code_challenge_methods_supported?: "S256" | undefined;
            scopes_supported?: string[] | undefined;
            scope_separator?: string | undefined;
            authorization_endpoint?: string | undefined;
            token_endpoint?: string | undefined;
            userinfo_endpoint?: string | undefined;
            issuer: string;
        };
    };
}, never> & s.Merge<s.IUnionOptions & {
    anyOf: s.ObjectSchema<{
        readonly enabled: {
            readonly default: true;
        } & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
        readonly type: s.Schema<s.ILiteralOptions, "password" | "oauth" | "custom_oauth", "password" | "oauth" | "custom_oauth"> & s.Merge<s.ILiteralOptions & {
            const: "password" | "oauth" | "custom_oauth";
        }>;
        readonly config: s.ObjectSchema<{
            readonly hashing: s.StringSchema<{
                readonly enum: readonly ["plain", "sha256", "bcrypt"];
                readonly default: "sha256";
            }> & {
                readonly enum: readonly ["plain", "sha256", "bcrypt"];
                readonly default: "sha256";
            };
            readonly rounds: {
                readonly maximum: 10;
                readonly minimum: 1;
            } & s.Schema<s.ISchemaOptions, number | undefined, number | undefined>;
            readonly minLength: {
                readonly default: 8;
                readonly minimum: 1;
            } & s.Schema<s.ISchemaOptions, number | undefined, number | undefined>;
        }, s.Merge<s.IObjectOptions & {
            additionalProperties: false;
        }>> | (s.ObjectSchema<{
            readonly name: s.StringSchema<{
                readonly enum: ("google" | "github")[];
            }> & {
                readonly enum: ("google" | "github")[];
            };
            readonly type: s.StringSchema<{
                readonly enum: readonly ["oidc", "oauth2"];
                readonly default: "oauth2";
            }> & {
                readonly enum: readonly ["oidc", "oauth2"];
                readonly default: "oauth2";
            };
            readonly client: s.ObjectSchema<{
                readonly client_id: s.StringSchema<s.IStringOptions> & s.IStringOptions;
                readonly client_secret: s.StringSchema<s.IStringOptions> & s.IStringOptions;
            }, s.Merge<s.IObjectOptions & {
                additionalProperties: false;
            }>>;
        }, {
            readonly title: "OAuth";
        }> & {
            readonly title: "OAuth";
        }) | s.ObjectSchema<{
            readonly type: s.StringSchema<{
                readonly enum: readonly ["oidc", "oauth2"];
                readonly default: "oidc";
            }> & {
                readonly enum: readonly ["oidc", "oauth2"];
                readonly default: "oidc";
            };
            readonly name: s.StringSchema<s.IStringOptions> & s.IStringOptions;
            readonly client: s.ObjectSchema<{
                readonly client_id: s.StringSchema<s.IStringOptions> & s.IStringOptions;
                readonly client_secret: s.StringSchema<s.IStringOptions> & s.IStringOptions;
                readonly token_endpoint_auth_method: s.StringSchema<{
                    readonly enum: readonly ["client_secret_basic"];
                }> & {
                    readonly enum: readonly ["client_secret_basic"];
                };
            }, s.IObjectOptions> & s.IObjectOptions;
            readonly as: s.ObjectSchema<{
                readonly issuer: s.StringSchema<s.IStringOptions> & s.IStringOptions;
                readonly code_challenge_methods_supported: {
                    readonly enum: ["S256"];
                } & s.Schema<s.ISchemaOptions, "S256" | undefined, "S256" | undefined>;
                readonly scopes_supported: {
                    default?: any;
                    enum?: (readonly any[] | any[]) | undefined;
                    const?: any;
                    $defs?: Record<string, s.Schema> | undefined;
                    contains?: s.Schema | undefined;
                    minContains?: number | undefined;
                    maxContains?: number | undefined;
                    prefixItems?: s.Schema[] | undefined;
                    uniqueItems?: boolean | undefined;
                    maxItems?: number | undefined;
                    minItems?: number | undefined;
                    readonly items?: (s.StringSchema<s.IStringOptions> & s.IStringOptions) | undefined;
                } & s.Schema<s.ISchemaOptions, string[] | undefined, string[] | undefined>;
                readonly scope_separator: {
                    readonly default: " ";
                } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
                readonly authorization_endpoint: {
                    readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$";
                } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
                readonly token_endpoint: {
                    readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$";
                } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
                readonly userinfo_endpoint: {
                    readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$";
                } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
            }, s.Merge<s.IObjectOptions & {
                additionalProperties: false;
            }>>;
        }, s.Merge<{
            readonly title: "Custom OAuth";
        } & {
            additionalProperties: false;
        }>>;
    }, s.Merge<{
        readonly title: "password" | "oauth" | "custom_oauth";
    } & {
        additionalProperties: false;
    }>>[];
}>;
export type AppAuthStrategies = s.Static<typeof strategiesSchema>;
export type AppAuthOAuthStrategy = s.Static<typeof STRATEGIES.oauth.schema>;
export type AppAuthCustomOAuthStrategy = s.Static<typeof STRATEGIES.custom_oauth.schema>;
export declare const guardRoleSchema: s.ObjectSchema<{
    readonly permissions: {
        default?: any;
        enum?: (readonly any[] | any[]) | undefined;
        const?: any;
        anyOf: [s.ArraySchema<s.StringSchema<s.IStringOptions> & s.IStringOptions, s.Schema<s.ISchemaOptions, unknown, unknown>> & s.Schema<s.ISchemaOptions, unknown, unknown>, s.ArraySchema<s.ObjectSchema<{
            readonly permission: s.StringSchema<s.IStringOptions> & s.IStringOptions;
            readonly effect: {
                readonly default: "allow";
                readonly enum: ["allow", "deny"];
            } & s.Schema<s.ISchemaOptions, "allow" | "deny" | undefined, "allow" | "deny" | undefined>;
            readonly policies: {
                default?: any;
                enum?: (readonly any[] | any[]) | undefined;
                const?: any;
                $defs?: Record<string, s.Schema> | undefined;
                contains?: s.Schema | undefined;
                minContains?: number | undefined;
                maxContains?: number | undefined;
                prefixItems?: s.Schema[] | undefined;
                uniqueItems?: boolean | undefined;
                maxItems?: number | undefined;
                minItems?: number | undefined;
                readonly items?: s.ObjectSchema<{
                    readonly description: s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
                    readonly condition: s.Schema<{}, import("../core/object/query/object-query").ObjectQuery | undefined>;
                    readonly effect: s.Schema<s.ISchemaOptions, "filter" | "allow" | "deny" | undefined, "filter" | "allow" | "deny" | undefined>;
                    readonly filter: s.Schema<{}, import("../core/object/query/object-query").ObjectQuery | undefined>;
                }, s.Merge<s.IObjectOptions & {
                    additionalProperties: false;
                }>> | undefined;
            } & s.Schema<s.ISchemaOptions, {
                description?: string | undefined;
                filter?: import("../core/object/query/object-query").ObjectQuery | undefined;
                effect?: "filter" | "allow" | "deny" | undefined;
                condition?: import("../core/object/query/object-query").ObjectQuery | undefined;
            }[] | undefined, {
                description?: string | undefined;
                filter?: import("../core/object/query/object-query").ObjectQuery | undefined;
                effect?: "filter" | "allow" | "deny" | undefined;
                condition?: import("../core/object/query/object-query").ObjectQuery | undefined;
            }[] | undefined>;
        }, s.Merge<s.IObjectOptions & {
            additionalProperties: false;
        }>>, s.Schema<s.ISchemaOptions, unknown, unknown>> & s.Schema<s.ISchemaOptions, unknown, unknown>];
    } & s.Schema<s.ISchemaOptions, string[] | {
        effect?: "allow" | "deny" | undefined;
        policies?: {
            description?: string | undefined;
            filter?: import("../core/object/query/object-query").ObjectQuery | undefined;
            effect?: "filter" | "allow" | "deny" | undefined;
            condition?: import("../core/object/query/object-query").ObjectQuery | undefined;
        }[] | undefined;
        permission: string;
    }[] | undefined, any>;
    readonly is_default: {
        default?: any;
        enum?: (readonly any[] | any[]) | undefined;
        const?: any;
    } & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
    readonly implicit_allow: {
        default?: any;
        enum?: (readonly any[] | any[]) | undefined;
        const?: any;
    } & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
}, s.Merge<s.IObjectOptions & {
    additionalProperties: false;
}>>;
export declare const authConfigSchema: import("../modules/mcp").ObjectToolSchema<{
    readonly enabled: s.Schema<{
        readonly default: false;
    }, boolean, boolean> & {
        readonly default: false;
    };
    readonly basepath: s.StringSchema<{
        readonly default: "/api/auth";
    }> & {
        readonly default: "/api/auth";
    };
    readonly entity_name: s.StringSchema<{
        readonly default: "users";
    }> & {
        readonly default: "users";
    };
    readonly allow_register: {
        readonly default: true;
    } & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
    readonly default_role_register: {
        default?: any;
        maxLength?: number | undefined;
        minLength?: number | undefined;
        pattern?: (string | RegExp) | undefined;
        format?: string | undefined;
        enum?: (readonly any[] | any[]) | undefined;
        const?: any;
    } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
    readonly jwt: s.ObjectSchema<{
        readonly secret: import("bknd/utils").SecretSchema<{
            default: string;
        }> & {
            default: string;
        };
        readonly alg: {
            readonly default: "HS256";
            readonly enum: ["HS256", "HS384", "HS512"];
        } & s.Schema<s.ISchemaOptions, "HS256" | "HS384" | "HS512" | undefined, "HS256" | "HS384" | "HS512" | undefined>;
        readonly expires: {
            default?: any;
            enum?: (readonly any[] | any[]) | undefined;
            const?: any;
            multipleOf?: number | undefined;
            maximum?: number | undefined;
            exclusiveMaximum?: number | undefined;
            minimum?: number | undefined;
            exclusiveMinimum?: number | undefined;
        } & s.Schema<s.ISchemaOptions, number | undefined, number | undefined>;
        readonly issuer: {
            default?: any;
            maxLength?: number | undefined;
            minLength?: number | undefined;
            pattern?: (string | RegExp) | undefined;
            format?: string | undefined;
            enum?: (readonly any[] | any[]) | undefined;
            const?: any;
        } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
        readonly fields: s.ArraySchema<s.StringSchema<s.IStringOptions> & s.IStringOptions, {
            readonly default: readonly ["id", "email", "role"];
        }> & {
            readonly default: readonly ["id", "email", "role"];
        };
    }, s.Merge<{
        readonly default: {};
    } & {
        additionalProperties: false;
    }>>;
    readonly cookie: s.ObjectSchema<{
        readonly domain: s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
        readonly path: s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
        readonly sameSite: s.Schema<s.ISchemaOptions, "strict" | "lax" | "none" | undefined, "strict" | "lax" | "none" | undefined>;
        readonly secure: s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
        readonly httpOnly: s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
        readonly expires: s.Schema<s.ISchemaOptions, number | undefined, number | undefined>;
        readonly partitioned: s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
        readonly renew: s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
        readonly pathSuccess: s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
        readonly pathLoggedOut: s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
    }, s.Merge<s.IObjectOptions & {
        additionalProperties: false;
    }>>;
    readonly strategies: import("../modules/mcp").RecordToolSchema<s.Schema<s.IUnionOptions, {
        enabled?: boolean | undefined;
        type: "password" | "oauth" | "custom_oauth";
        config: {
            minLength?: number | undefined;
            rounds?: number | undefined;
            hashing: "plain" | "sha256" | "bcrypt";
        } | {
            [x: string]: unknown;
            name: "google" | "github";
            type: "oidc" | "oauth2";
            client: {
                client_id: string;
                client_secret: string;
            };
        } | {
            name: string;
            type: "oidc" | "oauth2";
            client: {
                [x: string]: unknown;
                client_id: string;
                client_secret: string;
                token_endpoint_auth_method: "client_secret_basic";
            };
            as: {
                code_challenge_methods_supported?: "S256" | undefined;
                scopes_supported?: string[] | undefined;
                scope_separator?: string | undefined;
                authorization_endpoint?: string | undefined;
                token_endpoint?: string | undefined;
                userinfo_endpoint?: string | undefined;
                issuer: string;
            };
        };
    }, never> & s.Merge<s.IUnionOptions & {
        anyOf: s.ObjectSchema<{
            readonly enabled: {
                readonly default: true;
            } & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
            readonly type: s.Schema<s.ILiteralOptions, "password" | "oauth" | "custom_oauth", "password" | "oauth" | "custom_oauth"> & s.Merge<s.ILiteralOptions & {
                const: "password" | "oauth" | "custom_oauth";
            }>;
            readonly config: s.ObjectSchema<{
                readonly hashing: s.StringSchema<{
                    readonly enum: readonly ["plain", "sha256", "bcrypt"];
                    readonly default: "sha256";
                }> & {
                    readonly enum: readonly ["plain", "sha256", "bcrypt"];
                    readonly default: "sha256";
                };
                readonly rounds: {
                    readonly maximum: 10;
                    readonly minimum: 1;
                } & s.Schema<s.ISchemaOptions, number | undefined, number | undefined>;
                readonly minLength: {
                    readonly default: 8;
                    readonly minimum: 1;
                } & s.Schema<s.ISchemaOptions, number | undefined, number | undefined>;
            }, s.Merge<s.IObjectOptions & {
                additionalProperties: false;
            }>> | (s.ObjectSchema<{
                readonly name: s.StringSchema<{
                    readonly enum: ("google" | "github")[];
                }> & {
                    readonly enum: ("google" | "github")[];
                };
                readonly type: s.StringSchema<{
                    readonly enum: readonly ["oidc", "oauth2"];
                    readonly default: "oauth2";
                }> & {
                    readonly enum: readonly ["oidc", "oauth2"];
                    readonly default: "oauth2";
                };
                readonly client: s.ObjectSchema<{
                    readonly client_id: s.StringSchema<s.IStringOptions> & s.IStringOptions;
                    readonly client_secret: s.StringSchema<s.IStringOptions> & s.IStringOptions;
                }, s.Merge<s.IObjectOptions & {
                    additionalProperties: false;
                }>>;
            }, {
                readonly title: "OAuth";
            }> & {
                readonly title: "OAuth";
            }) | s.ObjectSchema<{
                readonly type: s.StringSchema<{
                    readonly enum: readonly ["oidc", "oauth2"];
                    readonly default: "oidc";
                }> & {
                    readonly enum: readonly ["oidc", "oauth2"];
                    readonly default: "oidc";
                };
                readonly name: s.StringSchema<s.IStringOptions> & s.IStringOptions;
                readonly client: s.ObjectSchema<{
                    readonly client_id: s.StringSchema<s.IStringOptions> & s.IStringOptions;
                    readonly client_secret: s.StringSchema<s.IStringOptions> & s.IStringOptions;
                    readonly token_endpoint_auth_method: s.StringSchema<{
                        readonly enum: readonly ["client_secret_basic"];
                    }> & {
                        readonly enum: readonly ["client_secret_basic"];
                    };
                }, s.IObjectOptions> & s.IObjectOptions;
                readonly as: s.ObjectSchema<{
                    readonly issuer: s.StringSchema<s.IStringOptions> & s.IStringOptions;
                    readonly code_challenge_methods_supported: {
                        readonly enum: ["S256"];
                    } & s.Schema<s.ISchemaOptions, "S256" | undefined, "S256" | undefined>;
                    readonly scopes_supported: {
                        default?: any;
                        enum?: (readonly any[] | any[]) | undefined;
                        const?: any;
                        $defs?: Record<string, s.Schema> | undefined;
                        contains?: s.Schema | undefined;
                        minContains?: number | undefined;
                        maxContains?: number | undefined;
                        prefixItems?: s.Schema[] | undefined;
                        uniqueItems?: boolean | undefined;
                        maxItems?: number | undefined;
                        minItems?: number | undefined;
                        readonly items?: (s.StringSchema<s.IStringOptions> & s.IStringOptions) | undefined;
                    } & s.Schema<s.ISchemaOptions, string[] | undefined, string[] | undefined>;
                    readonly scope_separator: {
                        readonly default: " ";
                    } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
                    readonly authorization_endpoint: {
                        readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$";
                    } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
                    readonly token_endpoint: {
                        readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$";
                    } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
                    readonly userinfo_endpoint: {
                        readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$";
                    } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
                }, s.Merge<s.IObjectOptions & {
                    additionalProperties: false;
                }>>;
            }, s.Merge<{
                readonly title: "Custom OAuth";
            } & {
                additionalProperties: false;
            }>>;
        }, s.Merge<{
            readonly title: "password" | "oauth" | "custom_oauth";
        } & {
            additionalProperties: false;
        }>>[];
    }>, {
        readonly title: "Strategies";
        readonly default: {
            readonly password: {
                readonly type: "password";
                readonly enabled: true;
                readonly config: {
                    readonly hashing: "sha256";
                };
            };
        };
    }>;
    readonly guard: {
        default?: any;
        enum?: (readonly any[] | any[]) | undefined;
        const?: any;
        $defs?: Record<string, s.Schema> | undefined;
        patternProperties?: Record<string, s.Schema> | undefined;
        additionalProperties?: (s.Schema | false) | undefined;
        minProperties?: number | undefined;
        maxProperties?: number | undefined;
        propertyNames?: s.Schema | undefined;
        properties: {
            readonly enabled: {
                readonly default: false;
            } & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
        };
        required: string[] | undefined;
        strict: () => s.ObjectSchema<{
            readonly enabled: {
                readonly default: false;
            } & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
        }, s.Merge<s.IObjectOptions & {
            additionalProperties: false;
        }>>;
        partial: () => s.ObjectSchema<{
            readonly enabled: s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
        }, s.IObjectOptions>;
    } & s.Schema<s.ISchemaOptions, {
        [x: string]: unknown;
        enabled?: boolean | undefined;
    } | undefined, {
        [x: string]: unknown;
        enabled?: boolean | undefined;
    } | undefined>;
    readonly roles: {
        additionalProperties: s.ObjectSchema<{
            readonly permissions: {
                default?: any;
                enum?: (readonly any[] | any[]) | undefined;
                const?: any;
                anyOf: [s.ArraySchema<s.StringSchema<s.IStringOptions> & s.IStringOptions, s.Schema<s.ISchemaOptions, unknown, unknown>> & s.Schema<s.ISchemaOptions, unknown, unknown>, s.ArraySchema<s.ObjectSchema<{
                    readonly permission: s.StringSchema<s.IStringOptions> & s.IStringOptions;
                    readonly effect: {
                        readonly default: "allow";
                        readonly enum: ["allow", "deny"];
                    } & s.Schema<s.ISchemaOptions, "allow" | "deny" | undefined, "allow" | "deny" | undefined>;
                    readonly policies: {
                        default?: any;
                        enum?: (readonly any[] | any[]) | undefined;
                        const?: any;
                        $defs?: Record<string, s.Schema> | undefined;
                        contains?: s.Schema | undefined;
                        minContains?: number | undefined;
                        maxContains?: number | undefined;
                        prefixItems?: s.Schema[] | undefined;
                        uniqueItems?: boolean | undefined;
                        maxItems?: number | undefined;
                        minItems?: number | undefined;
                        readonly items?: s.ObjectSchema<{
                            readonly description: s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
                            readonly condition: s.Schema<{}, import("../core/object/query/object-query").ObjectQuery | undefined>;
                            readonly effect: s.Schema<s.ISchemaOptions, "filter" | "allow" | "deny" | undefined, "filter" | "allow" | "deny" | undefined>;
                            readonly filter: s.Schema<{}, import("../core/object/query/object-query").ObjectQuery | undefined>;
                        }, s.Merge<s.IObjectOptions & {
                            additionalProperties: false;
                        }>> | undefined;
                    } & s.Schema<s.ISchemaOptions, {
                        description?: string | undefined;
                        filter?: import("../core/object/query/object-query").ObjectQuery | undefined;
                        effect?: "filter" | "allow" | "deny" | undefined;
                        condition?: import("../core/object/query/object-query").ObjectQuery | undefined;
                    }[] | undefined, {
                        description?: string | undefined;
                        filter?: import("../core/object/query/object-query").ObjectQuery | undefined;
                        effect?: "filter" | "allow" | "deny" | undefined;
                        condition?: import("../core/object/query/object-query").ObjectQuery | undefined;
                    }[] | undefined>;
                }, s.Merge<s.IObjectOptions & {
                    additionalProperties: false;
                }>>, s.Schema<s.ISchemaOptions, unknown, unknown>> & s.Schema<s.ISchemaOptions, unknown, unknown>];
            } & s.Schema<s.ISchemaOptions, string[] | {
                effect?: "allow" | "deny" | undefined;
                policies?: {
                    description?: string | undefined;
                    filter?: import("../core/object/query/object-query").ObjectQuery | undefined;
                    effect?: "filter" | "allow" | "deny" | undefined;
                    condition?: import("../core/object/query/object-query").ObjectQuery | undefined;
                }[] | undefined;
                permission: string;
            }[] | undefined, any>;
            readonly is_default: {
                default?: any;
                enum?: (readonly any[] | any[]) | undefined;
                const?: any;
            } & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
            readonly implicit_allow: {
                default?: any;
                enum?: (readonly any[] | any[]) | undefined;
                const?: any;
            } & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
        }, s.Merge<s.IObjectOptions & {
            additionalProperties: false;
        }>>;
        readonly mcp: import("../modules/mcp").McpSchemaHelper<{
            get?: boolean;
            add?: boolean;
            update?: boolean;
            remove?: boolean;
        }>;
        getTools: (node: s.Node<import("../modules/mcp").RecordToolSchema<s.ObjectSchema<{
            readonly permissions: {
                default?: any;
                enum?: (readonly any[] | any[]) | undefined;
                const?: any;
                anyOf: [s.ArraySchema<s.StringSchema<s.IStringOptions> & s.IStringOptions, s.Schema<s.ISchemaOptions, unknown, unknown>> & s.Schema<s.ISchemaOptions, unknown, unknown>, s.ArraySchema<s.ObjectSchema<{
                    readonly permission: s.StringSchema<s.IStringOptions> & s.IStringOptions;
                    readonly effect: {
                        readonly default: "allow";
                        readonly enum: ["allow", "deny"];
                    } & s.Schema<s.ISchemaOptions, "allow" | "deny" | undefined, "allow" | "deny" | undefined>;
                    readonly policies: {
                        default?: any;
                        enum?: (readonly any[] | any[]) | undefined;
                        const?: any;
                        $defs?: Record<string, s.Schema> | undefined;
                        contains?: s.Schema | undefined;
                        minContains?: number | undefined;
                        maxContains?: number | undefined;
                        prefixItems?: s.Schema[] | undefined;
                        uniqueItems?: boolean | undefined;
                        maxItems?: number | undefined;
                        minItems?: number | undefined;
                        readonly items?: s.ObjectSchema<{
                            readonly description: s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
                            readonly condition: s.Schema<{}, import("../core/object/query/object-query").ObjectQuery | undefined>;
                            readonly effect: s.Schema<s.ISchemaOptions, "filter" | "allow" | "deny" | undefined, "filter" | "allow" | "deny" | undefined>;
                            readonly filter: s.Schema<{}, import("../core/object/query/object-query").ObjectQuery | undefined>;
                        }, s.Merge<s.IObjectOptions & {
                            additionalProperties: false;
                        }>> | undefined;
                    } & s.Schema<s.ISchemaOptions, {
                        description?: string | undefined;
                        filter?: import("../core/object/query/object-query").ObjectQuery | undefined;
                        effect?: "filter" | "allow" | "deny" | undefined;
                        condition?: import("../core/object/query/object-query").ObjectQuery | undefined;
                    }[] | undefined, {
                        description?: string | undefined;
                        filter?: import("../core/object/query/object-query").ObjectQuery | undefined;
                        effect?: "filter" | "allow" | "deny" | undefined;
                        condition?: import("../core/object/query/object-query").ObjectQuery | undefined;
                    }[] | undefined>;
                }, s.Merge<s.IObjectOptions & {
                    additionalProperties: false;
                }>>, s.Schema<s.ISchemaOptions, unknown, unknown>> & s.Schema<s.ISchemaOptions, unknown, unknown>];
            } & s.Schema<s.ISchemaOptions, string[] | {
                effect?: "allow" | "deny" | undefined;
                policies?: {
                    description?: string | undefined;
                    filter?: import("../core/object/query/object-query").ObjectQuery | undefined;
                    effect?: "filter" | "allow" | "deny" | undefined;
                    condition?: import("../core/object/query/object-query").ObjectQuery | undefined;
                }[] | undefined;
                permission: string;
            }[] | undefined, any>;
            readonly is_default: {
                default?: any;
                enum?: (readonly any[] | any[]) | undefined;
                const?: any;
            } & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
            readonly implicit_allow: {
                default?: any;
                enum?: (readonly any[] | any[]) | undefined;
                const?: any;
            } & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
        }, s.Merge<s.IObjectOptions & {
            additionalProperties: false;
        }>>, {
            readonly default: {};
        }>>) => import("jsonv-ts/mcp").Tool<any, any, any>[];
    } & s.Schema<s.ISchemaOptions, {
        [x: string]: {
            permissions?: string[] | {
                effect?: "allow" | "deny" | undefined;
                policies?: {
                    description?: string | undefined;
                    filter?: import("../core/object/query/object-query").ObjectQuery | undefined;
                    effect?: "filter" | "allow" | "deny" | undefined;
                    condition?: import("../core/object/query/object-query").ObjectQuery | undefined;
                }[] | undefined;
                permission: string;
            }[] | undefined;
            is_default?: boolean | undefined;
            implicit_allow?: boolean | undefined;
        };
    } | undefined, {
        [x: string]: {
            permissions?: any;
            is_default?: boolean | undefined;
            implicit_allow?: boolean | undefined;
        };
    } | undefined>;
}, {
    readonly title: "Authentication";
}> & {
    readonly title: "Authentication";
};
export type AppAuthJWTConfig = s.Static<typeof jwtConfig>;
export type AppAuthSchema = s.Static<typeof authConfigSchema>;
export {};
