UNPKG

bknd

Version:

Lightweight Firebase/Supabase alternative built to run anywhere — incl. Next.js, React Router, Astro, Cloudflare, Bun, Node, AWS Lambda & more.

889 lines (888 loc) 44 kB
import { jwtConfig } from "../auth/authenticate/Authenticator"; import { CustomOAuthStrategy, OAuthStrategy, PasswordStrategy } from "../auth/authenticate/strategies"; import { s } from "bknd/utils"; export declare const Strategies: { readonly password: { readonly cls: typeof PasswordStrategy; readonly schema: s.ObjectSchema<{ readonly hashing: s.StringSchema<{ readonly enum: readonly ["plain", "sha256", "bcrypt"]; readonly default: "sha256"; }> & { readonly enum: readonly ["plain", "sha256", "bcrypt"]; readonly default: "sha256"; }; readonly rounds: { readonly maximum: 10; readonly minimum: 1; } & s.Schema<s.ISchemaOptions, number | undefined, number | undefined>; readonly minLength: { readonly default: 8; readonly minimum: 1; } & s.Schema<s.ISchemaOptions, number | undefined, number | undefined>; }, s.Merge<s.IObjectOptions & { additionalProperties: false; }>>; }; readonly oauth: { readonly cls: typeof OAuthStrategy; readonly schema: s.ObjectSchema<{ readonly name: s.StringSchema<{ readonly enum: ("google" | "github")[]; }> & { readonly enum: ("google" | "github")[]; }; readonly type: s.StringSchema<{ readonly enum: readonly ["oidc", "oauth2"]; readonly default: "oauth2"; }> & { readonly enum: readonly ["oidc", "oauth2"]; readonly default: "oauth2"; }; readonly client: s.ObjectSchema<{ readonly client_id: s.StringSchema<s.IStringOptions> & s.IStringOptions; readonly client_secret: s.StringSchema<s.IStringOptions> & s.IStringOptions; }, s.Merge<s.IObjectOptions & { additionalProperties: false; }>>; }, { readonly title: "OAuth"; }> & { readonly title: "OAuth"; }; }; readonly custom_oauth: { readonly cls: typeof CustomOAuthStrategy; readonly schema: s.ObjectSchema<{ readonly type: s.StringSchema<{ readonly enum: readonly ["oidc", "oauth2"]; readonly default: "oidc"; }> & { readonly enum: readonly ["oidc", "oauth2"]; readonly default: "oidc"; }; readonly name: s.StringSchema<s.IStringOptions> & s.IStringOptions; readonly client: s.ObjectSchema<{ readonly client_id: s.StringSchema<s.IStringOptions> & s.IStringOptions; readonly client_secret: s.StringSchema<s.IStringOptions> & s.IStringOptions; readonly token_endpoint_auth_method: s.StringSchema<{ readonly enum: readonly ["client_secret_basic"]; }> & { readonly enum: readonly ["client_secret_basic"]; }; }, s.IObjectOptions> & s.IObjectOptions; readonly as: s.ObjectSchema<{ readonly issuer: s.StringSchema<s.IStringOptions> & s.IStringOptions; readonly code_challenge_methods_supported: { readonly enum: ["S256"]; } & s.Schema<s.ISchemaOptions, "S256" | undefined, "S256" | undefined>; readonly scopes_supported: { default?: any; enum?: (readonly any[] | any[]) | undefined; const?: any; $defs?: Record<string, s.Schema> | undefined; contains?: s.Schema | undefined; minContains?: number | undefined; maxContains?: number | undefined; prefixItems?: s.Schema[] | undefined; uniqueItems?: boolean | undefined; maxItems?: number | undefined; minItems?: number | undefined; readonly items?: (s.StringSchema<s.IStringOptions> & s.IStringOptions) | undefined; } & s.Schema<s.ISchemaOptions, string[] | undefined, string[] | undefined>; readonly scope_separator: { readonly default: " "; } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>; readonly authorization_endpoint: { readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$"; } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>; readonly token_endpoint: { readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$"; } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>; readonly userinfo_endpoint: { readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$"; } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>; }, s.Merge<s.IObjectOptions & { additionalProperties: false; }>>; }, s.Merge<{ readonly title: "Custom OAuth"; } & { additionalProperties: false; }>>; }; }; export declare const STRATEGIES: { readonly password: { readonly cls: typeof PasswordStrategy; readonly schema: s.ObjectSchema<{ readonly hashing: s.StringSchema<{ readonly enum: readonly ["plain", "sha256", "bcrypt"]; readonly default: "sha256"; }> & { readonly enum: readonly ["plain", "sha256", "bcrypt"]; readonly default: "sha256"; }; readonly rounds: { readonly maximum: 10; readonly minimum: 1; } & s.Schema<s.ISchemaOptions, number | undefined, number | undefined>; readonly minLength: { readonly default: 8; readonly minimum: 1; } & s.Schema<s.ISchemaOptions, number | undefined, number | undefined>; }, s.Merge<s.IObjectOptions & { additionalProperties: false; }>>; }; readonly oauth: { readonly cls: typeof OAuthStrategy; readonly schema: s.ObjectSchema<{ readonly name: s.StringSchema<{ readonly enum: ("google" | "github")[]; }> & { readonly enum: ("google" | "github")[]; }; readonly type: s.StringSchema<{ readonly enum: readonly ["oidc", "oauth2"]; readonly default: "oauth2"; }> & { readonly enum: readonly ["oidc", "oauth2"]; readonly default: "oauth2"; }; readonly client: s.ObjectSchema<{ readonly client_id: s.StringSchema<s.IStringOptions> & s.IStringOptions; readonly client_secret: s.StringSchema<s.IStringOptions> & s.IStringOptions; }, s.Merge<s.IObjectOptions & { additionalProperties: false; }>>; }, { readonly title: "OAuth"; }> & { readonly title: "OAuth"; }; }; readonly custom_oauth: { readonly cls: typeof CustomOAuthStrategy; readonly schema: s.ObjectSchema<{ readonly type: s.StringSchema<{ readonly enum: readonly ["oidc", "oauth2"]; readonly default: "oidc"; }> & { readonly enum: readonly ["oidc", "oauth2"]; readonly default: "oidc"; }; readonly name: s.StringSchema<s.IStringOptions> & s.IStringOptions; readonly client: s.ObjectSchema<{ readonly client_id: s.StringSchema<s.IStringOptions> & s.IStringOptions; readonly client_secret: s.StringSchema<s.IStringOptions> & s.IStringOptions; readonly token_endpoint_auth_method: s.StringSchema<{ readonly enum: readonly ["client_secret_basic"]; }> & { readonly enum: readonly ["client_secret_basic"]; }; }, s.IObjectOptions> & s.IObjectOptions; readonly as: s.ObjectSchema<{ readonly issuer: s.StringSchema<s.IStringOptions> & s.IStringOptions; readonly code_challenge_methods_supported: { readonly enum: ["S256"]; } & s.Schema<s.ISchemaOptions, "S256" | undefined, "S256" | undefined>; readonly scopes_supported: { default?: any; enum?: (readonly any[] | any[]) | undefined; const?: any; $defs?: Record<string, s.Schema> | undefined; contains?: s.Schema | undefined; minContains?: number | undefined; maxContains?: number | undefined; prefixItems?: s.Schema[] | undefined; uniqueItems?: boolean | undefined; maxItems?: number | undefined; minItems?: number | undefined; readonly items?: (s.StringSchema<s.IStringOptions> & s.IStringOptions) | undefined; } & s.Schema<s.ISchemaOptions, string[] | undefined, string[] | undefined>; readonly scope_separator: { readonly default: " "; } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>; readonly authorization_endpoint: { readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$"; } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>; readonly token_endpoint: { readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$"; } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>; readonly userinfo_endpoint: { readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$"; } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>; }, s.Merge<s.IObjectOptions & { additionalProperties: false; }>>; }, s.Merge<{ readonly title: "Custom OAuth"; } & { additionalProperties: false; }>>; }; }; declare const strategiesSchema: s.Schema<s.IUnionOptions, { enabled?: boolean | undefined; type: "password" | "oauth" | "custom_oauth"; config: { minLength?: number | undefined; rounds?: number | undefined; hashing: "plain" | "sha256" | "bcrypt"; } | { [x: string]: unknown; name: "google" | "github"; type: "oidc" | "oauth2"; client: { client_id: string; client_secret: string; }; } | { name: string; type: "oidc" | "oauth2"; client: { [x: string]: unknown; client_id: string; client_secret: string; token_endpoint_auth_method: "client_secret_basic"; }; as: { code_challenge_methods_supported?: "S256" | undefined; scopes_supported?: string[] | undefined; scope_separator?: string | undefined; authorization_endpoint?: string | undefined; token_endpoint?: string | undefined; userinfo_endpoint?: string | undefined; issuer: string; }; }; }, never> & s.Merge<s.IUnionOptions & { anyOf: s.ObjectSchema<{ readonly enabled: { readonly default: true; } & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>; readonly type: s.Schema<s.ILiteralOptions, "password" | "oauth" | "custom_oauth", "password" | "oauth" | "custom_oauth"> & s.Merge<s.ILiteralOptions & { const: "password" | "oauth" | "custom_oauth"; }>; readonly config: s.ObjectSchema<{ readonly hashing: s.StringSchema<{ readonly enum: readonly ["plain", "sha256", "bcrypt"]; readonly default: "sha256"; }> & { readonly enum: readonly ["plain", "sha256", "bcrypt"]; readonly default: "sha256"; }; readonly rounds: { readonly maximum: 10; readonly minimum: 1; } & s.Schema<s.ISchemaOptions, number | undefined, number | undefined>; readonly minLength: { readonly default: 8; readonly minimum: 1; } & s.Schema<s.ISchemaOptions, number | undefined, number | undefined>; }, s.Merge<s.IObjectOptions & { additionalProperties: false; }>> | (s.ObjectSchema<{ readonly name: s.StringSchema<{ readonly enum: ("google" | "github")[]; }> & { readonly enum: ("google" | "github")[]; }; readonly type: s.StringSchema<{ readonly enum: readonly ["oidc", "oauth2"]; readonly default: "oauth2"; }> & { readonly enum: readonly ["oidc", "oauth2"]; readonly default: "oauth2"; }; readonly client: s.ObjectSchema<{ readonly client_id: s.StringSchema<s.IStringOptions> & s.IStringOptions; readonly client_secret: s.StringSchema<s.IStringOptions> & s.IStringOptions; }, s.Merge<s.IObjectOptions & { additionalProperties: false; }>>; }, { readonly title: "OAuth"; }> & { readonly title: "OAuth"; }) | s.ObjectSchema<{ readonly type: s.StringSchema<{ readonly enum: readonly ["oidc", "oauth2"]; readonly default: "oidc"; }> & { readonly enum: readonly ["oidc", "oauth2"]; readonly default: "oidc"; }; readonly name: s.StringSchema<s.IStringOptions> & s.IStringOptions; readonly client: s.ObjectSchema<{ readonly client_id: s.StringSchema<s.IStringOptions> & s.IStringOptions; readonly client_secret: s.StringSchema<s.IStringOptions> & s.IStringOptions; readonly token_endpoint_auth_method: s.StringSchema<{ readonly enum: readonly ["client_secret_basic"]; }> & { readonly enum: readonly ["client_secret_basic"]; }; }, s.IObjectOptions> & s.IObjectOptions; readonly as: s.ObjectSchema<{ readonly issuer: s.StringSchema<s.IStringOptions> & s.IStringOptions; readonly code_challenge_methods_supported: { readonly enum: ["S256"]; } & s.Schema<s.ISchemaOptions, "S256" | undefined, "S256" | undefined>; readonly scopes_supported: { default?: any; enum?: (readonly any[] | any[]) | undefined; const?: any; $defs?: Record<string, s.Schema> | undefined; contains?: s.Schema | undefined; minContains?: number | undefined; maxContains?: number | undefined; prefixItems?: s.Schema[] | undefined; uniqueItems?: boolean | undefined; maxItems?: number | undefined; minItems?: number | undefined; readonly items?: (s.StringSchema<s.IStringOptions> & s.IStringOptions) | undefined; } & s.Schema<s.ISchemaOptions, string[] | undefined, string[] | undefined>; readonly scope_separator: { readonly default: " "; } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>; readonly authorization_endpoint: { readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$"; } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>; readonly token_endpoint: { readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$"; } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>; readonly userinfo_endpoint: { readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$"; } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>; }, s.Merge<s.IObjectOptions & { additionalProperties: false; }>>; }, s.Merge<{ readonly title: "Custom OAuth"; } & { additionalProperties: false; }>>; }, s.Merge<{ readonly title: "password" | "oauth" | "custom_oauth"; } & { additionalProperties: false; }>>[]; }>; export type AppAuthStrategies = s.Static<typeof strategiesSchema>; export type AppAuthOAuthStrategy = s.Static<typeof STRATEGIES.oauth.schema>; export type AppAuthCustomOAuthStrategy = s.Static<typeof STRATEGIES.custom_oauth.schema>; export declare const guardRoleSchema: s.ObjectSchema<{ readonly permissions: { default?: any; enum?: (readonly any[] | any[]) | undefined; const?: any; anyOf: [s.ArraySchema<s.StringSchema<s.IStringOptions> & s.IStringOptions, s.Schema<s.ISchemaOptions, unknown, unknown>> & s.Schema<s.ISchemaOptions, unknown, unknown>, s.ArraySchema<s.ObjectSchema<{ readonly permission: s.StringSchema<s.IStringOptions> & s.IStringOptions; readonly effect: { readonly default: "allow"; readonly enum: ["allow", "deny"]; } & s.Schema<s.ISchemaOptions, "allow" | "deny" | undefined, "allow" | "deny" | undefined>; readonly policies: { default?: any; enum?: (readonly any[] | any[]) | undefined; const?: any; $defs?: Record<string, s.Schema> | undefined; contains?: s.Schema | undefined; minContains?: number | undefined; maxContains?: number | undefined; prefixItems?: s.Schema[] | undefined; uniqueItems?: boolean | undefined; maxItems?: number | undefined; minItems?: number | undefined; readonly items?: s.ObjectSchema<{ readonly description: s.Schema<s.ISchemaOptions, string | undefined, string | undefined>; readonly condition: s.Schema<{}, import("../core/object/query/object-query").ObjectQuery | undefined>; readonly effect: s.Schema<s.ISchemaOptions, "filter" | "allow" | "deny" | undefined, "filter" | "allow" | "deny" | undefined>; readonly filter: s.Schema<{}, import("../core/object/query/object-query").ObjectQuery | undefined>; }, s.Merge<s.IObjectOptions & { additionalProperties: false; }>> | undefined; } & s.Schema<s.ISchemaOptions, { description?: string | undefined; filter?: import("../core/object/query/object-query").ObjectQuery | undefined; effect?: "filter" | "allow" | "deny" | undefined; condition?: import("../core/object/query/object-query").ObjectQuery | undefined; }[] | undefined, { description?: string | undefined; filter?: import("../core/object/query/object-query").ObjectQuery | undefined; effect?: "filter" | "allow" | "deny" | undefined; condition?: import("../core/object/query/object-query").ObjectQuery | undefined; }[] | undefined>; }, s.Merge<s.IObjectOptions & { additionalProperties: false; }>>, s.Schema<s.ISchemaOptions, unknown, unknown>> & s.Schema<s.ISchemaOptions, unknown, unknown>]; } & s.Schema<s.ISchemaOptions, string[] | { effect?: "allow" | "deny" | undefined; policies?: { description?: string | undefined; filter?: import("../core/object/query/object-query").ObjectQuery | undefined; effect?: "filter" | "allow" | "deny" | undefined; condition?: import("../core/object/query/object-query").ObjectQuery | undefined; }[] | undefined; permission: string; }[] | undefined, any>; readonly is_default: { default?: any; enum?: (readonly any[] | any[]) | undefined; const?: any; } & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>; readonly implicit_allow: { default?: any; enum?: (readonly any[] | any[]) | undefined; const?: any; } & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>; }, s.Merge<s.IObjectOptions & { additionalProperties: false; }>>; export declare const authConfigSchema: import("../modules/mcp").ObjectToolSchema<{ readonly enabled: s.Schema<{ readonly default: false; }, boolean, boolean> & { readonly default: false; }; readonly basepath: s.StringSchema<{ readonly default: "/api/auth"; }> & { readonly default: "/api/auth"; }; readonly entity_name: s.StringSchema<{ readonly default: "users"; }> & { readonly default: "users"; }; readonly allow_register: { readonly default: true; } & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>; readonly default_role_register: { default?: any; maxLength?: number | undefined; minLength?: number | undefined; pattern?: (string | RegExp) | undefined; format?: string | undefined; enum?: (readonly any[] | any[]) | undefined; const?: any; } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>; readonly jwt: s.ObjectSchema<{ readonly secret: import("bknd/utils").SecretSchema<{ default: string; }> & { default: string; }; readonly alg: { readonly default: "HS256"; readonly enum: ["HS256", "HS384", "HS512"]; } & s.Schema<s.ISchemaOptions, "HS256" | "HS384" | "HS512" | undefined, "HS256" | "HS384" | "HS512" | undefined>; readonly expires: { default?: any; enum?: (readonly any[] | any[]) | undefined; const?: any; multipleOf?: number | undefined; maximum?: number | undefined; exclusiveMaximum?: number | undefined; minimum?: number | undefined; exclusiveMinimum?: number | undefined; } & s.Schema<s.ISchemaOptions, number | undefined, number | undefined>; readonly issuer: { default?: any; maxLength?: number | undefined; minLength?: number | undefined; pattern?: (string | RegExp) | undefined; format?: string | undefined; enum?: (readonly any[] | any[]) | undefined; const?: any; } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>; readonly fields: s.ArraySchema<s.StringSchema<s.IStringOptions> & s.IStringOptions, { readonly default: readonly ["id", "email", "role"]; }> & { readonly default: readonly ["id", "email", "role"]; }; }, s.Merge<{ readonly default: {}; } & { additionalProperties: false; }>>; readonly cookie: s.ObjectSchema<{ readonly domain: s.Schema<s.ISchemaOptions, string | undefined, string | undefined>; readonly path: s.Schema<s.ISchemaOptions, string | undefined, string | undefined>; readonly sameSite: s.Schema<s.ISchemaOptions, "strict" | "lax" | "none" | undefined, "strict" | "lax" | "none" | undefined>; readonly secure: s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>; readonly httpOnly: s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>; readonly expires: s.Schema<s.ISchemaOptions, number | undefined, number | undefined>; readonly partitioned: s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>; readonly renew: s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>; readonly pathSuccess: s.Schema<s.ISchemaOptions, string | undefined, string | undefined>; readonly pathLoggedOut: s.Schema<s.ISchemaOptions, string | undefined, string | undefined>; }, s.Merge<s.IObjectOptions & { additionalProperties: false; }>>; readonly strategies: import("../modules/mcp").RecordToolSchema<s.Schema<s.IUnionOptions, { enabled?: boolean | undefined; type: "password" | "oauth" | "custom_oauth"; config: { minLength?: number | undefined; rounds?: number | undefined; hashing: "plain" | "sha256" | "bcrypt"; } | { [x: string]: unknown; name: "google" | "github"; type: "oidc" | "oauth2"; client: { client_id: string; client_secret: string; }; } | { name: string; type: "oidc" | "oauth2"; client: { [x: string]: unknown; client_id: string; client_secret: string; token_endpoint_auth_method: "client_secret_basic"; }; as: { code_challenge_methods_supported?: "S256" | undefined; scopes_supported?: string[] | undefined; scope_separator?: string | undefined; authorization_endpoint?: string | undefined; token_endpoint?: string | undefined; userinfo_endpoint?: string | undefined; issuer: string; }; }; }, never> & s.Merge<s.IUnionOptions & { anyOf: s.ObjectSchema<{ readonly enabled: { readonly default: true; } & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>; readonly type: s.Schema<s.ILiteralOptions, "password" | "oauth" | "custom_oauth", "password" | "oauth" | "custom_oauth"> & s.Merge<s.ILiteralOptions & { const: "password" | "oauth" | "custom_oauth"; }>; readonly config: s.ObjectSchema<{ readonly hashing: s.StringSchema<{ readonly enum: readonly ["plain", "sha256", "bcrypt"]; readonly default: "sha256"; }> & { readonly enum: readonly ["plain", "sha256", "bcrypt"]; readonly default: "sha256"; }; readonly rounds: { readonly maximum: 10; readonly minimum: 1; } & s.Schema<s.ISchemaOptions, number | undefined, number | undefined>; readonly minLength: { readonly default: 8; readonly minimum: 1; } & s.Schema<s.ISchemaOptions, number | undefined, number | undefined>; }, s.Merge<s.IObjectOptions & { additionalProperties: false; }>> | (s.ObjectSchema<{ readonly name: s.StringSchema<{ readonly enum: ("google" | "github")[]; }> & { readonly enum: ("google" | "github")[]; }; readonly type: s.StringSchema<{ readonly enum: readonly ["oidc", "oauth2"]; readonly default: "oauth2"; }> & { readonly enum: readonly ["oidc", "oauth2"]; readonly default: "oauth2"; }; readonly client: s.ObjectSchema<{ readonly client_id: s.StringSchema<s.IStringOptions> & s.IStringOptions; readonly client_secret: s.StringSchema<s.IStringOptions> & s.IStringOptions; }, s.Merge<s.IObjectOptions & { additionalProperties: false; }>>; }, { readonly title: "OAuth"; }> & { readonly title: "OAuth"; }) | s.ObjectSchema<{ readonly type: s.StringSchema<{ readonly enum: readonly ["oidc", "oauth2"]; readonly default: "oidc"; }> & { readonly enum: readonly ["oidc", "oauth2"]; readonly default: "oidc"; }; readonly name: s.StringSchema<s.IStringOptions> & s.IStringOptions; readonly client: s.ObjectSchema<{ readonly client_id: s.StringSchema<s.IStringOptions> & s.IStringOptions; readonly client_secret: s.StringSchema<s.IStringOptions> & s.IStringOptions; readonly token_endpoint_auth_method: s.StringSchema<{ readonly enum: readonly ["client_secret_basic"]; }> & { readonly enum: readonly ["client_secret_basic"]; }; }, s.IObjectOptions> & s.IObjectOptions; readonly as: s.ObjectSchema<{ readonly issuer: s.StringSchema<s.IStringOptions> & s.IStringOptions; readonly code_challenge_methods_supported: { readonly enum: ["S256"]; } & s.Schema<s.ISchemaOptions, "S256" | undefined, "S256" | undefined>; readonly scopes_supported: { default?: any; enum?: (readonly any[] | any[]) | undefined; const?: any; $defs?: Record<string, s.Schema> | undefined; contains?: s.Schema | undefined; minContains?: number | undefined; maxContains?: number | undefined; prefixItems?: s.Schema[] | undefined; uniqueItems?: boolean | undefined; maxItems?: number | undefined; minItems?: number | undefined; readonly items?: (s.StringSchema<s.IStringOptions> & s.IStringOptions) | undefined; } & s.Schema<s.ISchemaOptions, string[] | undefined, string[] | undefined>; readonly scope_separator: { readonly default: " "; } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>; readonly authorization_endpoint: { readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$"; } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>; readonly token_endpoint: { readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$"; } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>; readonly userinfo_endpoint: { readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$"; } & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>; }, s.Merge<s.IObjectOptions & { additionalProperties: false; }>>; }, s.Merge<{ readonly title: "Custom OAuth"; } & { additionalProperties: false; }>>; }, s.Merge<{ readonly title: "password" | "oauth" | "custom_oauth"; } & { additionalProperties: false; }>>[]; }>, { readonly title: "Strategies"; readonly default: { readonly password: { readonly type: "password"; readonly enabled: true; readonly config: { readonly hashing: "sha256"; }; }; }; }>; readonly guard: { default?: any; enum?: (readonly any[] | any[]) | undefined; const?: any; $defs?: Record<string, s.Schema> | undefined; patternProperties?: Record<string, s.Schema> | undefined; additionalProperties?: (s.Schema | false) | undefined; minProperties?: number | undefined; maxProperties?: number | undefined; propertyNames?: s.Schema | undefined; properties: { readonly enabled: { readonly default: false; } & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>; }; required: string[] | undefined; strict: () => s.ObjectSchema<{ readonly enabled: { readonly default: false; } & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>; }, s.Merge<s.IObjectOptions & { additionalProperties: false; }>>; partial: () => s.ObjectSchema<{ readonly enabled: s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>; }, s.IObjectOptions>; } & s.Schema<s.ISchemaOptions, { [x: string]: unknown; enabled?: boolean | undefined; } | undefined, { [x: string]: unknown; enabled?: boolean | undefined; } | undefined>; readonly roles: { additionalProperties: s.ObjectSchema<{ readonly permissions: { default?: any; enum?: (readonly any[] | any[]) | undefined; const?: any; anyOf: [s.ArraySchema<s.StringSchema<s.IStringOptions> & s.IStringOptions, s.Schema<s.ISchemaOptions, unknown, unknown>> & s.Schema<s.ISchemaOptions, unknown, unknown>, s.ArraySchema<s.ObjectSchema<{ readonly permission: s.StringSchema<s.IStringOptions> & s.IStringOptions; readonly effect: { readonly default: "allow"; readonly enum: ["allow", "deny"]; } & s.Schema<s.ISchemaOptions, "allow" | "deny" | undefined, "allow" | "deny" | undefined>; readonly policies: { default?: any; enum?: (readonly any[] | any[]) | undefined; const?: any; $defs?: Record<string, s.Schema> | undefined; contains?: s.Schema | undefined; minContains?: number | undefined; maxContains?: number | undefined; prefixItems?: s.Schema[] | undefined; uniqueItems?: boolean | undefined; maxItems?: number | undefined; minItems?: number | undefined; readonly items?: s.ObjectSchema<{ readonly description: s.Schema<s.ISchemaOptions, string | undefined, string | undefined>; readonly condition: s.Schema<{}, import("../core/object/query/object-query").ObjectQuery | undefined>; readonly effect: s.Schema<s.ISchemaOptions, "filter" | "allow" | "deny" | undefined, "filter" | "allow" | "deny" | undefined>; readonly filter: s.Schema<{}, import("../core/object/query/object-query").ObjectQuery | undefined>; }, s.Merge<s.IObjectOptions & { additionalProperties: false; }>> | undefined; } & s.Schema<s.ISchemaOptions, { description?: string | undefined; filter?: import("../core/object/query/object-query").ObjectQuery | undefined; effect?: "filter" | "allow" | "deny" | undefined; condition?: import("../core/object/query/object-query").ObjectQuery | undefined; }[] | undefined, { description?: string | undefined; filter?: import("../core/object/query/object-query").ObjectQuery | undefined; effect?: "filter" | "allow" | "deny" | undefined; condition?: import("../core/object/query/object-query").ObjectQuery | undefined; }[] | undefined>; }, s.Merge<s.IObjectOptions & { additionalProperties: false; }>>, s.Schema<s.ISchemaOptions, unknown, unknown>> & s.Schema<s.ISchemaOptions, unknown, unknown>]; } & s.Schema<s.ISchemaOptions, string[] | { effect?: "allow" | "deny" | undefined; policies?: { description?: string | undefined; filter?: import("../core/object/query/object-query").ObjectQuery | undefined; effect?: "filter" | "allow" | "deny" | undefined; condition?: import("../core/object/query/object-query").ObjectQuery | undefined; }[] | undefined; permission: string; }[] | undefined, any>; readonly is_default: { default?: any; enum?: (readonly any[] | any[]) | undefined; const?: any; } & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>; readonly implicit_allow: { default?: any; enum?: (readonly any[] | any[]) | undefined; const?: any; } & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>; }, s.Merge<s.IObjectOptions & { additionalProperties: false; }>>; readonly mcp: import("../modules/mcp").McpSchemaHelper<{ get?: boolean; add?: boolean; update?: boolean; remove?: boolean; }>; getTools: (node: s.Node<import("../modules/mcp").RecordToolSchema<s.ObjectSchema<{ readonly permissions: { default?: any; enum?: (readonly any[] | any[]) | undefined; const?: any; anyOf: [s.ArraySchema<s.StringSchema<s.IStringOptions> & s.IStringOptions, s.Schema<s.ISchemaOptions, unknown, unknown>> & s.Schema<s.ISchemaOptions, unknown, unknown>, s.ArraySchema<s.ObjectSchema<{ readonly permission: s.StringSchema<s.IStringOptions> & s.IStringOptions; readonly effect: { readonly default: "allow"; readonly enum: ["allow", "deny"]; } & s.Schema<s.ISchemaOptions, "allow" | "deny" | undefined, "allow" | "deny" | undefined>; readonly policies: { default?: any; enum?: (readonly any[] | any[]) | undefined; const?: any; $defs?: Record<string, s.Schema> | undefined; contains?: s.Schema | undefined; minContains?: number | undefined; maxContains?: number | undefined; prefixItems?: s.Schema[] | undefined; uniqueItems?: boolean | undefined; maxItems?: number | undefined; minItems?: number | undefined; readonly items?: s.ObjectSchema<{ readonly description: s.Schema<s.ISchemaOptions, string | undefined, string | undefined>; readonly condition: s.Schema<{}, import("../core/object/query/object-query").ObjectQuery | undefined>; readonly effect: s.Schema<s.ISchemaOptions, "filter" | "allow" | "deny" | undefined, "filter" | "allow" | "deny" | undefined>; readonly filter: s.Schema<{}, import("../core/object/query/object-query").ObjectQuery | undefined>; }, s.Merge<s.IObjectOptions & { additionalProperties: false; }>> | undefined; } & s.Schema<s.ISchemaOptions, { description?: string | undefined; filter?: import("../core/object/query/object-query").ObjectQuery | undefined; effect?: "filter" | "allow" | "deny" | undefined; condition?: import("../core/object/query/object-query").ObjectQuery | undefined; }[] | undefined, { description?: string | undefined; filter?: import("../core/object/query/object-query").ObjectQuery | undefined; effect?: "filter" | "allow" | "deny" | undefined; condition?: import("../core/object/query/object-query").ObjectQuery | undefined; }[] | undefined>; }, s.Merge<s.IObjectOptions & { additionalProperties: false; }>>, s.Schema<s.ISchemaOptions, unknown, unknown>> & s.Schema<s.ISchemaOptions, unknown, unknown>]; } & s.Schema<s.ISchemaOptions, string[] | { effect?: "allow" | "deny" | undefined; policies?: { description?: string | undefined; filter?: import("../core/object/query/object-query").ObjectQuery | undefined; effect?: "filter" | "allow" | "deny" | undefined; condition?: import("../core/object/query/object-query").ObjectQuery | undefined; }[] | undefined; permission: string; }[] | undefined, any>; readonly is_default: { default?: any; enum?: (readonly any[] | any[]) | undefined; const?: any; } & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>; readonly implicit_allow: { default?: any; enum?: (readonly any[] | any[]) | undefined; const?: any; } & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>; }, s.Merge<s.IObjectOptions & { additionalProperties: false; }>>, { readonly default: {}; }>>) => import("jsonv-ts/mcp").Tool<any, any, any>[]; } & s.Schema<s.ISchemaOptions, { [x: string]: { permissions?: string[] | { effect?: "allow" | "deny" | undefined; policies?: { description?: string | undefined; filter?: import("../core/object/query/object-query").ObjectQuery | undefined; effect?: "filter" | "allow" | "deny" | undefined; condition?: import("../core/object/query/object-query").ObjectQuery | undefined; }[] | undefined; permission: string; }[] | undefined; is_default?: boolean | undefined; implicit_allow?: boolean | undefined; }; } | undefined, { [x: string]: { permissions?: any; is_default?: boolean | undefined; implicit_allow?: boolean | undefined; }; } | undefined>; }, { readonly title: "Authentication"; }> & { readonly title: "Authentication"; }; export type AppAuthJWTConfig = s.Static<typeof jwtConfig>; export type AppAuthSchema = s.Static<typeof authConfigSchema>; export {};