@juspay/neurolink/dist/server/voice/tokenCompare.d.ts

Universal AI Development Platform with working MCP integration, multi-provider support, voice (TTS/STT/realtime), and professional CLI. 58+ external MCP servers discoverable, multimodal file processing, RAG pipelines. Build, test, and deploy AI applicatio

/**
 * Constant-time bearer-token comparison.
 *
 * Bug 2 mitigation: a normal `===` compare on bearer tokens leaks the token
 * length and the position of the first mismatching byte through timing
 * differences, which is reachable when the voice server is bound publicly
 * (`VOICE_SERVER_ALLOW_PUBLIC=1`).
 *
 * Returns `false` for any comparison whose lengths differ — this avoids the
 * `RangeError` that `crypto.timingSafeEqual` throws on mismatched buffers
 * while still preserving the constant-time property for equal-length inputs
 * (which is the only case an attacker can probe).
 */
export declare function timingSafeEqualString(provided: string, expected: string): boolean;