@frontmcp/sdk 0.6.1 → 0.6.2

package/src/common/types/options/auth.options.d.ts

@@ -1,1266 +0,0 @@
-import { z } from 'zod';
-import { JWK } from '../auth';
-/**
- * Public access configuration for tools/prompts
- */
-export declare const publicAccessConfigSchema: z.ZodObject<{
-    tools: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-    prompts: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-    rateLimit: z.ZodDefault<z.ZodNumber>;
-}, z.core.$strip>;
-/**
- * Local signing configuration (for orchestrated local type)
- */
-export declare const localSigningConfigSchema: z.ZodObject<{
-    signKey: z.ZodOptional<z.ZodUnion<[z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>, z.ZodCustom<Uint8Array<ArrayBuffer>, Uint8Array<ArrayBuffer>>]>>;
-    jwks: z.ZodOptional<z.ZodObject<{
-        keys: z.ZodArray<z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>>;
-    }, z.core.$strip>>;
-    issuer: z.ZodOptional<z.ZodString>;
-}, z.core.$strip>;
-/**
- * Remote OAuth provider configuration (for orchestrated remote and transparent)
- */
-export declare const remoteProviderConfigSchema: z.ZodObject<{
-    provider: z.ZodString;
-    name: z.ZodOptional<z.ZodString>;
-    id: z.ZodOptional<z.ZodString>;
-    jwks: z.ZodOptional<z.ZodObject<{
-        keys: z.ZodArray<z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>>;
-    }, z.core.$strip>>;
-    jwksUri: z.ZodOptional<z.ZodString>;
-    clientId: z.ZodOptional<z.ZodString>;
-    clientSecret: z.ZodOptional<z.ZodString>;
-    scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
-    dcrEnabled: z.ZodDefault<z.ZodBoolean>;
-    authEndpoint: z.ZodOptional<z.ZodString>;
-    tokenEndpoint: z.ZodOptional<z.ZodString>;
-    registrationEndpoint: z.ZodOptional<z.ZodString>;
-    userInfoEndpoint: z.ZodOptional<z.ZodString>;
-}, z.core.$strip>;
-/**
- * Token storage configuration for orchestrated mode
- */
-export declare const tokenStorageConfigSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
-    type: z.ZodLiteral<"memory">;
-}, z.core.$strip>, z.ZodObject<{
-    type: z.ZodLiteral<"redis">;
-    config: z.ZodObject<{
-        host: z.ZodString;
-        port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-        password: z.ZodOptional<z.ZodString>;
-        db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-        tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
-        keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-        defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-    }, z.core.$strip>;
-}, z.core.$strip>], "type">;
-/**
- * Token refresh configuration
- */
-export declare const tokenRefreshConfigSchema: z.ZodObject<{
-    enabled: z.ZodDefault<z.ZodBoolean>;
-    skewSeconds: z.ZodDefault<z.ZodNumber>;
-}, z.core.$strip>;
-/**
- * Behavior when a tool from a skipped (not yet authorized) app is called
- */
-export declare const skippedAppBehaviorSchema: z.ZodEnum<{
-    anonymous: "anonymous";
-    "require-auth": "require-auth";
-}>;
-/**
- * Consent configuration for tool selection
- * Allows users to choose which MCP tools to expose to the LLM
- *
- * Note: This schema is the canonical definition. It is duplicated in
- * auth/consent/consent.types.ts for domain-specific use. Both schemas
- * MUST be kept in sync. The duplication exists to avoid circular
- * dependencies between common/ and auth/ modules.
- */
-export declare const consentConfigSchema: z.ZodObject<{
-    enabled: z.ZodDefault<z.ZodBoolean>;
-    groupByApp: z.ZodDefault<z.ZodBoolean>;
-    showDescriptions: z.ZodDefault<z.ZodBoolean>;
-    allowSelectAll: z.ZodDefault<z.ZodBoolean>;
-    requireSelection: z.ZodDefault<z.ZodBoolean>;
-    customMessage: z.ZodOptional<z.ZodString>;
-    rememberConsent: z.ZodDefault<z.ZodBoolean>;
-    excludedTools: z.ZodOptional<z.ZodArray<z.ZodString>>;
-    defaultSelectedTools: z.ZodOptional<z.ZodArray<z.ZodString>>;
-}, z.core.$strip>;
-/**
- * Progressive/Incremental authorization configuration
- * Allows users to authorize apps one at a time after initial auth
- */
-export declare const incrementalAuthConfigSchema: z.ZodObject<{
-    enabled: z.ZodDefault<z.ZodBoolean>;
-    skippedAppBehavior: z.ZodDefault<z.ZodEnum<{
-        anonymous: "anonymous";
-        "require-auth": "require-auth";
-    }>>;
-    allowSkip: z.ZodDefault<z.ZodBoolean>;
-    showAllAppsAtOnce: z.ZodDefault<z.ZodBoolean>;
-}, z.core.$strip>;
-/**
- * @deprecated Use top-level transport config instead. This will be removed in v1.0.0.
- */
-export declare const transportRecreationConfigSchema: z.ZodObject<{
-    enabled: z.ZodDefault<z.ZodBoolean>;
-    redis: z.ZodOptional<z.ZodObject<{
-        host: z.ZodString;
-        port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-        password: z.ZodOptional<z.ZodString>;
-        db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-        tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
-        keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-        defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-    }, z.core.$strip>>;
-    defaultTtlMs: z.ZodDefault<z.ZodNumber>;
-}, z.core.$strip>;
-/**
- * @deprecated Use top-level transport config instead. This will be removed in v1.0.0.
- */
-export declare const transportConfigSchema: z.ZodObject<{
-    enableLegacySSE: z.ZodDefault<z.ZodBoolean>;
-    enableSseListener: z.ZodDefault<z.ZodBoolean>;
-    enableStreamableHttp: z.ZodDefault<z.ZodBoolean>;
-    enableStatelessHttp: z.ZodDefault<z.ZodBoolean>;
-    enableStatefulHttp: z.ZodDefault<z.ZodBoolean>;
-    requireSessionForStreamable: z.ZodDefault<z.ZodBoolean>;
-    recreation: z.ZodOptional<z.ZodLazy<z.ZodObject<{
-        enabled: z.ZodDefault<z.ZodBoolean>;
-        redis: z.ZodOptional<z.ZodObject<{
-            host: z.ZodString;
-            port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            password: z.ZodOptional<z.ZodString>;
-            db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
-            keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-            defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-        }, z.core.$strip>>;
-        defaultTtlMs: z.ZodDefault<z.ZodNumber>;
-    }, z.core.$strip>>>;
-}, z.core.$strip>;
-export declare const publicAuthOptionsSchema: z.ZodObject<{
-    mode: z.ZodLiteral<"public">;
-    issuer: z.ZodOptional<z.ZodString>;
-    sessionTtl: z.ZodDefault<z.ZodNumber>;
-    anonymousScopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
-    publicAccess: z.ZodOptional<z.ZodObject<{
-        tools: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        prompts: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        rateLimit: z.ZodDefault<z.ZodNumber>;
-    }, z.core.$strip>>;
-    jwks: z.ZodOptional<z.ZodObject<{
-        keys: z.ZodArray<z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>>;
-    }, z.core.$strip>>;
-    signKey: z.ZodOptional<z.ZodUnion<[z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>, z.ZodCustom<Uint8Array<ArrayBuffer>, Uint8Array<ArrayBuffer>>]>>;
-    transport: z.ZodOptional<z.ZodObject<{
-        enableLegacySSE: z.ZodDefault<z.ZodBoolean>;
-        enableSseListener: z.ZodDefault<z.ZodBoolean>;
-        enableStreamableHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatelessHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatefulHttp: z.ZodDefault<z.ZodBoolean>;
-        requireSessionForStreamable: z.ZodDefault<z.ZodBoolean>;
-        recreation: z.ZodOptional<z.ZodLazy<z.ZodObject<{
-            enabled: z.ZodDefault<z.ZodBoolean>;
-            redis: z.ZodOptional<z.ZodObject<{
-                host: z.ZodString;
-                port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                password: z.ZodOptional<z.ZodString>;
-                db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
-                keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-                defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            }, z.core.$strip>>;
-            defaultTtlMs: z.ZodDefault<z.ZodNumber>;
-        }, z.core.$strip>>>;
-    }, z.core.$strip>>;
-}, z.core.$strip>;
-export declare const transparentAuthOptionsSchema: z.ZodObject<{
-    mode: z.ZodLiteral<"transparent">;
-    remote: z.ZodObject<{
-        provider: z.ZodString;
-        name: z.ZodOptional<z.ZodString>;
-        id: z.ZodOptional<z.ZodString>;
-        jwks: z.ZodOptional<z.ZodObject<{
-            keys: z.ZodArray<z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>>;
-        }, z.core.$strip>>;
-        jwksUri: z.ZodOptional<z.ZodString>;
-        clientId: z.ZodOptional<z.ZodString>;
-        clientSecret: z.ZodOptional<z.ZodString>;
-        scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
-        dcrEnabled: z.ZodDefault<z.ZodBoolean>;
-        authEndpoint: z.ZodOptional<z.ZodString>;
-        tokenEndpoint: z.ZodOptional<z.ZodString>;
-        registrationEndpoint: z.ZodOptional<z.ZodString>;
-        userInfoEndpoint: z.ZodOptional<z.ZodString>;
-    }, z.core.$strip>;
-    expectedAudience: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
-    requiredScopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
-    allowAnonymous: z.ZodDefault<z.ZodBoolean>;
-    anonymousScopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
-    publicAccess: z.ZodOptional<z.ZodObject<{
-        tools: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        prompts: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        rateLimit: z.ZodDefault<z.ZodNumber>;
-    }, z.core.$strip>>;
-    transport: z.ZodOptional<z.ZodObject<{
-        enableLegacySSE: z.ZodDefault<z.ZodBoolean>;
-        enableSseListener: z.ZodDefault<z.ZodBoolean>;
-        enableStreamableHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatelessHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatefulHttp: z.ZodDefault<z.ZodBoolean>;
-        requireSessionForStreamable: z.ZodDefault<z.ZodBoolean>;
-        recreation: z.ZodOptional<z.ZodLazy<z.ZodObject<{
-            enabled: z.ZodDefault<z.ZodBoolean>;
-            redis: z.ZodOptional<z.ZodObject<{
-                host: z.ZodString;
-                port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                password: z.ZodOptional<z.ZodString>;
-                db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
-                keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-                defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            }, z.core.$strip>>;
-            defaultTtlMs: z.ZodDefault<z.ZodNumber>;
-        }, z.core.$strip>>>;
-    }, z.core.$strip>>;
-}, z.core.$strip>;
-/**
- * Orchestrated mode with local authentication only
- */
-export declare const orchestratedLocalSchema: z.ZodObject<{
-    mode: z.ZodLiteral<"orchestrated">;
-    type: z.ZodLiteral<"local">;
-    local: z.ZodOptional<z.ZodObject<{
-        signKey: z.ZodOptional<z.ZodUnion<[z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>, z.ZodCustom<Uint8Array<ArrayBuffer>, Uint8Array<ArrayBuffer>>]>>;
-        jwks: z.ZodOptional<z.ZodObject<{
-            keys: z.ZodArray<z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>>;
-        }, z.core.$strip>>;
-        issuer: z.ZodOptional<z.ZodString>;
-    }, z.core.$strip>>;
-    tokenStorage: z.ZodDefault<z.ZodDiscriminatedUnion<[z.ZodObject<{
-        type: z.ZodLiteral<"memory">;
-    }, z.core.$strip>, z.ZodObject<{
-        type: z.ZodLiteral<"redis">;
-        config: z.ZodObject<{
-            host: z.ZodString;
-            port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            password: z.ZodOptional<z.ZodString>;
-            db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
-            keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-            defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-        }, z.core.$strip>;
-    }, z.core.$strip>], "type">>;
-    sessionMode: z.ZodDefault<z.ZodEnum<{
-        stateful: "stateful";
-        stateless: "stateless";
-    }>>;
-    allowDefaultPublic: z.ZodDefault<z.ZodBoolean>;
-    anonymousScopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
-    publicAccess: z.ZodOptional<z.ZodObject<{
-        tools: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        prompts: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        rateLimit: z.ZodDefault<z.ZodNumber>;
-    }, z.core.$strip>>;
-    consent: z.ZodOptional<z.ZodObject<{
-        enabled: z.ZodDefault<z.ZodBoolean>;
-        groupByApp: z.ZodDefault<z.ZodBoolean>;
-        showDescriptions: z.ZodDefault<z.ZodBoolean>;
-        allowSelectAll: z.ZodDefault<z.ZodBoolean>;
-        requireSelection: z.ZodDefault<z.ZodBoolean>;
-        customMessage: z.ZodOptional<z.ZodString>;
-        rememberConsent: z.ZodDefault<z.ZodBoolean>;
-        excludedTools: z.ZodOptional<z.ZodArray<z.ZodString>>;
-        defaultSelectedTools: z.ZodOptional<z.ZodArray<z.ZodString>>;
-    }, z.core.$strip>>;
-    refresh: z.ZodOptional<z.ZodObject<{
-        enabled: z.ZodDefault<z.ZodBoolean>;
-        skewSeconds: z.ZodDefault<z.ZodNumber>;
-    }, z.core.$strip>>;
-    expectedAudience: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
-    incrementalAuth: z.ZodOptional<z.ZodObject<{
-        enabled: z.ZodDefault<z.ZodBoolean>;
-        skippedAppBehavior: z.ZodDefault<z.ZodEnum<{
-            anonymous: "anonymous";
-            "require-auth": "require-auth";
-        }>>;
-        allowSkip: z.ZodDefault<z.ZodBoolean>;
-        showAllAppsAtOnce: z.ZodDefault<z.ZodBoolean>;
-    }, z.core.$strip>>;
-    transport: z.ZodOptional<z.ZodObject<{
-        enableLegacySSE: z.ZodDefault<z.ZodBoolean>;
-        enableSseListener: z.ZodDefault<z.ZodBoolean>;
-        enableStreamableHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatelessHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatefulHttp: z.ZodDefault<z.ZodBoolean>;
-        requireSessionForStreamable: z.ZodDefault<z.ZodBoolean>;
-        recreation: z.ZodOptional<z.ZodLazy<z.ZodObject<{
-            enabled: z.ZodDefault<z.ZodBoolean>;
-            redis: z.ZodOptional<z.ZodObject<{
-                host: z.ZodString;
-                port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                password: z.ZodOptional<z.ZodString>;
-                db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
-                keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-                defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            }, z.core.$strip>>;
-            defaultTtlMs: z.ZodDefault<z.ZodNumber>;
-        }, z.core.$strip>>>;
-    }, z.core.$strip>>;
-}, z.core.$strip>;
-/**
- * Orchestrated mode with remote OAuth provider
- */
-export declare const orchestratedRemoteSchema: z.ZodObject<{
-    mode: z.ZodLiteral<"orchestrated">;
-    type: z.ZodLiteral<"remote">;
-    remote: z.ZodObject<{
-        provider: z.ZodString;
-        name: z.ZodOptional<z.ZodString>;
-        id: z.ZodOptional<z.ZodString>;
-        jwks: z.ZodOptional<z.ZodObject<{
-            keys: z.ZodArray<z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>>;
-        }, z.core.$strip>>;
-        jwksUri: z.ZodOptional<z.ZodString>;
-        clientId: z.ZodOptional<z.ZodString>;
-        clientSecret: z.ZodOptional<z.ZodString>;
-        scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
-        dcrEnabled: z.ZodDefault<z.ZodBoolean>;
-        authEndpoint: z.ZodOptional<z.ZodString>;
-        tokenEndpoint: z.ZodOptional<z.ZodString>;
-        registrationEndpoint: z.ZodOptional<z.ZodString>;
-        userInfoEndpoint: z.ZodOptional<z.ZodString>;
-    }, z.core.$strip>;
-    local: z.ZodOptional<z.ZodObject<{
-        signKey: z.ZodOptional<z.ZodUnion<[z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>, z.ZodCustom<Uint8Array<ArrayBuffer>, Uint8Array<ArrayBuffer>>]>>;
-        jwks: z.ZodOptional<z.ZodObject<{
-            keys: z.ZodArray<z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>>;
-        }, z.core.$strip>>;
-        issuer: z.ZodOptional<z.ZodString>;
-    }, z.core.$strip>>;
-    tokenStorage: z.ZodDefault<z.ZodDiscriminatedUnion<[z.ZodObject<{
-        type: z.ZodLiteral<"memory">;
-    }, z.core.$strip>, z.ZodObject<{
-        type: z.ZodLiteral<"redis">;
-        config: z.ZodObject<{
-            host: z.ZodString;
-            port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            password: z.ZodOptional<z.ZodString>;
-            db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
-            keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-            defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-        }, z.core.$strip>;
-    }, z.core.$strip>], "type">>;
-    sessionMode: z.ZodDefault<z.ZodEnum<{
-        stateful: "stateful";
-        stateless: "stateless";
-    }>>;
-    allowDefaultPublic: z.ZodDefault<z.ZodBoolean>;
-    anonymousScopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
-    publicAccess: z.ZodOptional<z.ZodObject<{
-        tools: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        prompts: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        rateLimit: z.ZodDefault<z.ZodNumber>;
-    }, z.core.$strip>>;
-    consent: z.ZodOptional<z.ZodObject<{
-        enabled: z.ZodDefault<z.ZodBoolean>;
-        groupByApp: z.ZodDefault<z.ZodBoolean>;
-        showDescriptions: z.ZodDefault<z.ZodBoolean>;
-        allowSelectAll: z.ZodDefault<z.ZodBoolean>;
-        requireSelection: z.ZodDefault<z.ZodBoolean>;
-        customMessage: z.ZodOptional<z.ZodString>;
-        rememberConsent: z.ZodDefault<z.ZodBoolean>;
-        excludedTools: z.ZodOptional<z.ZodArray<z.ZodString>>;
-        defaultSelectedTools: z.ZodOptional<z.ZodArray<z.ZodString>>;
-    }, z.core.$strip>>;
-    refresh: z.ZodOptional<z.ZodObject<{
-        enabled: z.ZodDefault<z.ZodBoolean>;
-        skewSeconds: z.ZodDefault<z.ZodNumber>;
-    }, z.core.$strip>>;
-    expectedAudience: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
-    incrementalAuth: z.ZodOptional<z.ZodObject<{
-        enabled: z.ZodDefault<z.ZodBoolean>;
-        skippedAppBehavior: z.ZodDefault<z.ZodEnum<{
-            anonymous: "anonymous";
-            "require-auth": "require-auth";
-        }>>;
-        allowSkip: z.ZodDefault<z.ZodBoolean>;
-        showAllAppsAtOnce: z.ZodDefault<z.ZodBoolean>;
-    }, z.core.$strip>>;
-    transport: z.ZodOptional<z.ZodObject<{
-        enableLegacySSE: z.ZodDefault<z.ZodBoolean>;
-        enableSseListener: z.ZodDefault<z.ZodBoolean>;
-        enableStreamableHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatelessHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatefulHttp: z.ZodDefault<z.ZodBoolean>;
-        requireSessionForStreamable: z.ZodDefault<z.ZodBoolean>;
-        recreation: z.ZodOptional<z.ZodLazy<z.ZodObject<{
-            enabled: z.ZodDefault<z.ZodBoolean>;
-            redis: z.ZodOptional<z.ZodObject<{
-                host: z.ZodString;
-                port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                password: z.ZodOptional<z.ZodString>;
-                db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
-                keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-                defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            }, z.core.$strip>>;
-            defaultTtlMs: z.ZodDefault<z.ZodNumber>;
-        }, z.core.$strip>>>;
-    }, z.core.$strip>>;
-}, z.core.$strip>;
-export declare const orchestratedAuthOptionsSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
-    mode: z.ZodLiteral<"orchestrated">;
-    type: z.ZodLiteral<"local">;
-    local: z.ZodOptional<z.ZodObject<{
-        signKey: z.ZodOptional<z.ZodUnion<[z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>, z.ZodCustom<Uint8Array<ArrayBuffer>, Uint8Array<ArrayBuffer>>]>>;
-        jwks: z.ZodOptional<z.ZodObject<{
-            keys: z.ZodArray<z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>>;
-        }, z.core.$strip>>;
-        issuer: z.ZodOptional<z.ZodString>;
-    }, z.core.$strip>>;
-    tokenStorage: z.ZodDefault<z.ZodDiscriminatedUnion<[z.ZodObject<{
-        type: z.ZodLiteral<"memory">;
-    }, z.core.$strip>, z.ZodObject<{
-        type: z.ZodLiteral<"redis">;
-        config: z.ZodObject<{
-            host: z.ZodString;
-            port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            password: z.ZodOptional<z.ZodString>;
-            db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
-            keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-            defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-        }, z.core.$strip>;
-    }, z.core.$strip>], "type">>;
-    sessionMode: z.ZodDefault<z.ZodEnum<{
-        stateful: "stateful";
-        stateless: "stateless";
-    }>>;
-    allowDefaultPublic: z.ZodDefault<z.ZodBoolean>;
-    anonymousScopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
-    publicAccess: z.ZodOptional<z.ZodObject<{
-        tools: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        prompts: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        rateLimit: z.ZodDefault<z.ZodNumber>;
-    }, z.core.$strip>>;
-    consent: z.ZodOptional<z.ZodObject<{
-        enabled: z.ZodDefault<z.ZodBoolean>;
-        groupByApp: z.ZodDefault<z.ZodBoolean>;
-        showDescriptions: z.ZodDefault<z.ZodBoolean>;
-        allowSelectAll: z.ZodDefault<z.ZodBoolean>;
-        requireSelection: z.ZodDefault<z.ZodBoolean>;
-        customMessage: z.ZodOptional<z.ZodString>;
-        rememberConsent: z.ZodDefault<z.ZodBoolean>;
-        excludedTools: z.ZodOptional<z.ZodArray<z.ZodString>>;
-        defaultSelectedTools: z.ZodOptional<z.ZodArray<z.ZodString>>;
-    }, z.core.$strip>>;
-    refresh: z.ZodOptional<z.ZodObject<{
-        enabled: z.ZodDefault<z.ZodBoolean>;
-        skewSeconds: z.ZodDefault<z.ZodNumber>;
-    }, z.core.$strip>>;
-    expectedAudience: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
-    incrementalAuth: z.ZodOptional<z.ZodObject<{
-        enabled: z.ZodDefault<z.ZodBoolean>;
-        skippedAppBehavior: z.ZodDefault<z.ZodEnum<{
-            anonymous: "anonymous";
-            "require-auth": "require-auth";
-        }>>;
-        allowSkip: z.ZodDefault<z.ZodBoolean>;
-        showAllAppsAtOnce: z.ZodDefault<z.ZodBoolean>;
-    }, z.core.$strip>>;
-    transport: z.ZodOptional<z.ZodObject<{
-        enableLegacySSE: z.ZodDefault<z.ZodBoolean>;
-        enableSseListener: z.ZodDefault<z.ZodBoolean>;
-        enableStreamableHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatelessHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatefulHttp: z.ZodDefault<z.ZodBoolean>;
-        requireSessionForStreamable: z.ZodDefault<z.ZodBoolean>;
-        recreation: z.ZodOptional<z.ZodLazy<z.ZodObject<{
-            enabled: z.ZodDefault<z.ZodBoolean>;
-            redis: z.ZodOptional<z.ZodObject<{
-                host: z.ZodString;
-                port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                password: z.ZodOptional<z.ZodString>;
-                db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
-                keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-                defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            }, z.core.$strip>>;
-            defaultTtlMs: z.ZodDefault<z.ZodNumber>;
-        }, z.core.$strip>>>;
-    }, z.core.$strip>>;
-}, z.core.$strip>, z.ZodObject<{
-    mode: z.ZodLiteral<"orchestrated">;
-    type: z.ZodLiteral<"remote">;
-    remote: z.ZodObject<{
-        provider: z.ZodString;
-        name: z.ZodOptional<z.ZodString>;
-        id: z.ZodOptional<z.ZodString>;
-        jwks: z.ZodOptional<z.ZodObject<{
-            keys: z.ZodArray<z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>>;
-        }, z.core.$strip>>;
-        jwksUri: z.ZodOptional<z.ZodString>;
-        clientId: z.ZodOptional<z.ZodString>;
-        clientSecret: z.ZodOptional<z.ZodString>;
-        scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
-        dcrEnabled: z.ZodDefault<z.ZodBoolean>;
-        authEndpoint: z.ZodOptional<z.ZodString>;
-        tokenEndpoint: z.ZodOptional<z.ZodString>;
-        registrationEndpoint: z.ZodOptional<z.ZodString>;
-        userInfoEndpoint: z.ZodOptional<z.ZodString>;
-    }, z.core.$strip>;
-    local: z.ZodOptional<z.ZodObject<{
-        signKey: z.ZodOptional<z.ZodUnion<[z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>, z.ZodCustom<Uint8Array<ArrayBuffer>, Uint8Array<ArrayBuffer>>]>>;
-        jwks: z.ZodOptional<z.ZodObject<{
-            keys: z.ZodArray<z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>>;
-        }, z.core.$strip>>;
-        issuer: z.ZodOptional<z.ZodString>;
-    }, z.core.$strip>>;
-    tokenStorage: z.ZodDefault<z.ZodDiscriminatedUnion<[z.ZodObject<{
-        type: z.ZodLiteral<"memory">;
-    }, z.core.$strip>, z.ZodObject<{
-        type: z.ZodLiteral<"redis">;
-        config: z.ZodObject<{
-            host: z.ZodString;
-            port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            password: z.ZodOptional<z.ZodString>;
-            db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
-            keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-            defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-        }, z.core.$strip>;
-    }, z.core.$strip>], "type">>;
-    sessionMode: z.ZodDefault<z.ZodEnum<{
-        stateful: "stateful";
-        stateless: "stateless";
-    }>>;
-    allowDefaultPublic: z.ZodDefault<z.ZodBoolean>;
-    anonymousScopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
-    publicAccess: z.ZodOptional<z.ZodObject<{
-        tools: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        prompts: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        rateLimit: z.ZodDefault<z.ZodNumber>;
-    }, z.core.$strip>>;
-    consent: z.ZodOptional<z.ZodObject<{
-        enabled: z.ZodDefault<z.ZodBoolean>;
-        groupByApp: z.ZodDefault<z.ZodBoolean>;
-        showDescriptions: z.ZodDefault<z.ZodBoolean>;
-        allowSelectAll: z.ZodDefault<z.ZodBoolean>;
-        requireSelection: z.ZodDefault<z.ZodBoolean>;
-        customMessage: z.ZodOptional<z.ZodString>;
-        rememberConsent: z.ZodDefault<z.ZodBoolean>;
-        excludedTools: z.ZodOptional<z.ZodArray<z.ZodString>>;
-        defaultSelectedTools: z.ZodOptional<z.ZodArray<z.ZodString>>;
-    }, z.core.$strip>>;
-    refresh: z.ZodOptional<z.ZodObject<{
-        enabled: z.ZodDefault<z.ZodBoolean>;
-        skewSeconds: z.ZodDefault<z.ZodNumber>;
-    }, z.core.$strip>>;
-    expectedAudience: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
-    incrementalAuth: z.ZodOptional<z.ZodObject<{
-        enabled: z.ZodDefault<z.ZodBoolean>;
-        skippedAppBehavior: z.ZodDefault<z.ZodEnum<{
-            anonymous: "anonymous";
-            "require-auth": "require-auth";
-        }>>;
-        allowSkip: z.ZodDefault<z.ZodBoolean>;
-        showAllAppsAtOnce: z.ZodDefault<z.ZodBoolean>;
-    }, z.core.$strip>>;
-    transport: z.ZodOptional<z.ZodObject<{
-        enableLegacySSE: z.ZodDefault<z.ZodBoolean>;
-        enableSseListener: z.ZodDefault<z.ZodBoolean>;
-        enableStreamableHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatelessHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatefulHttp: z.ZodDefault<z.ZodBoolean>;
-        requireSessionForStreamable: z.ZodDefault<z.ZodBoolean>;
-        recreation: z.ZodOptional<z.ZodLazy<z.ZodObject<{
-            enabled: z.ZodDefault<z.ZodBoolean>;
-            redis: z.ZodOptional<z.ZodObject<{
-                host: z.ZodString;
-                port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                password: z.ZodOptional<z.ZodString>;
-                db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
-                keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-                defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            }, z.core.$strip>>;
-            defaultTtlMs: z.ZodDefault<z.ZodNumber>;
-        }, z.core.$strip>>>;
-    }, z.core.$strip>>;
-}, z.core.$strip>], "type">;
-/**
- * Main auth options schema - discriminated by 'mode'
- *
- * Uses z.union because we have nested discriminators (orchestrated has 'type')
- */
-export declare const authOptionsSchema: z.ZodUnion<readonly [z.ZodObject<{
-    mode: z.ZodLiteral<"public">;
-    issuer: z.ZodOptional<z.ZodString>;
-    sessionTtl: z.ZodDefault<z.ZodNumber>;
-    anonymousScopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
-    publicAccess: z.ZodOptional<z.ZodObject<{
-        tools: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        prompts: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        rateLimit: z.ZodDefault<z.ZodNumber>;
-    }, z.core.$strip>>;
-    jwks: z.ZodOptional<z.ZodObject<{
-        keys: z.ZodArray<z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>>;
-    }, z.core.$strip>>;
-    signKey: z.ZodOptional<z.ZodUnion<[z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>, z.ZodCustom<Uint8Array<ArrayBuffer>, Uint8Array<ArrayBuffer>>]>>;
-    transport: z.ZodOptional<z.ZodObject<{
-        enableLegacySSE: z.ZodDefault<z.ZodBoolean>;
-        enableSseListener: z.ZodDefault<z.ZodBoolean>;
-        enableStreamableHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatelessHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatefulHttp: z.ZodDefault<z.ZodBoolean>;
-        requireSessionForStreamable: z.ZodDefault<z.ZodBoolean>;
-        recreation: z.ZodOptional<z.ZodLazy<z.ZodObject<{
-            enabled: z.ZodDefault<z.ZodBoolean>;
-            redis: z.ZodOptional<z.ZodObject<{
-                host: z.ZodString;
-                port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                password: z.ZodOptional<z.ZodString>;
-                db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
-                keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-                defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            }, z.core.$strip>>;
-            defaultTtlMs: z.ZodDefault<z.ZodNumber>;
-        }, z.core.$strip>>>;
-    }, z.core.$strip>>;
-}, z.core.$strip>, z.ZodObject<{
-    mode: z.ZodLiteral<"transparent">;
-    remote: z.ZodObject<{
-        provider: z.ZodString;
-        name: z.ZodOptional<z.ZodString>;
-        id: z.ZodOptional<z.ZodString>;
-        jwks: z.ZodOptional<z.ZodObject<{
-            keys: z.ZodArray<z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>>;
-        }, z.core.$strip>>;
-        jwksUri: z.ZodOptional<z.ZodString>;
-        clientId: z.ZodOptional<z.ZodString>;
-        clientSecret: z.ZodOptional<z.ZodString>;
-        scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
-        dcrEnabled: z.ZodDefault<z.ZodBoolean>;
-        authEndpoint: z.ZodOptional<z.ZodString>;
-        tokenEndpoint: z.ZodOptional<z.ZodString>;
-        registrationEndpoint: z.ZodOptional<z.ZodString>;
-        userInfoEndpoint: z.ZodOptional<z.ZodString>;
-    }, z.core.$strip>;
-    expectedAudience: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
-    requiredScopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
-    allowAnonymous: z.ZodDefault<z.ZodBoolean>;
-    anonymousScopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
-    publicAccess: z.ZodOptional<z.ZodObject<{
-        tools: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        prompts: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        rateLimit: z.ZodDefault<z.ZodNumber>;
-    }, z.core.$strip>>;
-    transport: z.ZodOptional<z.ZodObject<{
-        enableLegacySSE: z.ZodDefault<z.ZodBoolean>;
-        enableSseListener: z.ZodDefault<z.ZodBoolean>;
-        enableStreamableHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatelessHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatefulHttp: z.ZodDefault<z.ZodBoolean>;
-        requireSessionForStreamable: z.ZodDefault<z.ZodBoolean>;
-        recreation: z.ZodOptional<z.ZodLazy<z.ZodObject<{
-            enabled: z.ZodDefault<z.ZodBoolean>;
-            redis: z.ZodOptional<z.ZodObject<{
-                host: z.ZodString;
-                port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                password: z.ZodOptional<z.ZodString>;
-                db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
-                keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-                defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            }, z.core.$strip>>;
-            defaultTtlMs: z.ZodDefault<z.ZodNumber>;
-        }, z.core.$strip>>>;
-    }, z.core.$strip>>;
-}, z.core.$strip>, z.ZodObject<{
-    mode: z.ZodLiteral<"orchestrated">;
-    type: z.ZodLiteral<"local">;
-    local: z.ZodOptional<z.ZodObject<{
-        signKey: z.ZodOptional<z.ZodUnion<[z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>, z.ZodCustom<Uint8Array<ArrayBuffer>, Uint8Array<ArrayBuffer>>]>>;
-        jwks: z.ZodOptional<z.ZodObject<{
-            keys: z.ZodArray<z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>>;
-        }, z.core.$strip>>;
-        issuer: z.ZodOptional<z.ZodString>;
-    }, z.core.$strip>>;
-    tokenStorage: z.ZodDefault<z.ZodDiscriminatedUnion<[z.ZodObject<{
-        type: z.ZodLiteral<"memory">;
-    }, z.core.$strip>, z.ZodObject<{
-        type: z.ZodLiteral<"redis">;
-        config: z.ZodObject<{
-            host: z.ZodString;
-            port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            password: z.ZodOptional<z.ZodString>;
-            db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
-            keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-            defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-        }, z.core.$strip>;
-    }, z.core.$strip>], "type">>;
-    sessionMode: z.ZodDefault<z.ZodEnum<{
-        stateful: "stateful";
-        stateless: "stateless";
-    }>>;
-    allowDefaultPublic: z.ZodDefault<z.ZodBoolean>;
-    anonymousScopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
-    publicAccess: z.ZodOptional<z.ZodObject<{
-        tools: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        prompts: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        rateLimit: z.ZodDefault<z.ZodNumber>;
-    }, z.core.$strip>>;
-    consent: z.ZodOptional<z.ZodObject<{
-        enabled: z.ZodDefault<z.ZodBoolean>;
-        groupByApp: z.ZodDefault<z.ZodBoolean>;
-        showDescriptions: z.ZodDefault<z.ZodBoolean>;
-        allowSelectAll: z.ZodDefault<z.ZodBoolean>;
-        requireSelection: z.ZodDefault<z.ZodBoolean>;
-        customMessage: z.ZodOptional<z.ZodString>;
-        rememberConsent: z.ZodDefault<z.ZodBoolean>;
-        excludedTools: z.ZodOptional<z.ZodArray<z.ZodString>>;
-        defaultSelectedTools: z.ZodOptional<z.ZodArray<z.ZodString>>;
-    }, z.core.$strip>>;
-    refresh: z.ZodOptional<z.ZodObject<{
-        enabled: z.ZodDefault<z.ZodBoolean>;
-        skewSeconds: z.ZodDefault<z.ZodNumber>;
-    }, z.core.$strip>>;
-    expectedAudience: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
-    incrementalAuth: z.ZodOptional<z.ZodObject<{
-        enabled: z.ZodDefault<z.ZodBoolean>;
-        skippedAppBehavior: z.ZodDefault<z.ZodEnum<{
-            anonymous: "anonymous";
-            "require-auth": "require-auth";
-        }>>;
-        allowSkip: z.ZodDefault<z.ZodBoolean>;
-        showAllAppsAtOnce: z.ZodDefault<z.ZodBoolean>;
-    }, z.core.$strip>>;
-    transport: z.ZodOptional<z.ZodObject<{
-        enableLegacySSE: z.ZodDefault<z.ZodBoolean>;
-        enableSseListener: z.ZodDefault<z.ZodBoolean>;
-        enableStreamableHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatelessHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatefulHttp: z.ZodDefault<z.ZodBoolean>;
-        requireSessionForStreamable: z.ZodDefault<z.ZodBoolean>;
-        recreation: z.ZodOptional<z.ZodLazy<z.ZodObject<{
-            enabled: z.ZodDefault<z.ZodBoolean>;
-            redis: z.ZodOptional<z.ZodObject<{
-                host: z.ZodString;
-                port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                password: z.ZodOptional<z.ZodString>;
-                db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
-                keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-                defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            }, z.core.$strip>>;
-            defaultTtlMs: z.ZodDefault<z.ZodNumber>;
-        }, z.core.$strip>>>;
-    }, z.core.$strip>>;
-}, z.core.$strip>, z.ZodObject<{
-    mode: z.ZodLiteral<"orchestrated">;
-    type: z.ZodLiteral<"remote">;
-    remote: z.ZodObject<{
-        provider: z.ZodString;
-        name: z.ZodOptional<z.ZodString>;
-        id: z.ZodOptional<z.ZodString>;
-        jwks: z.ZodOptional<z.ZodObject<{
-            keys: z.ZodArray<z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>>;
-        }, z.core.$strip>>;
-        jwksUri: z.ZodOptional<z.ZodString>;
-        clientId: z.ZodOptional<z.ZodString>;
-        clientSecret: z.ZodOptional<z.ZodString>;
-        scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
-        dcrEnabled: z.ZodDefault<z.ZodBoolean>;
-        authEndpoint: z.ZodOptional<z.ZodString>;
-        tokenEndpoint: z.ZodOptional<z.ZodString>;
-        registrationEndpoint: z.ZodOptional<z.ZodString>;
-        userInfoEndpoint: z.ZodOptional<z.ZodString>;
-    }, z.core.$strip>;
-    local: z.ZodOptional<z.ZodObject<{
-        signKey: z.ZodOptional<z.ZodUnion<[z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>, z.ZodCustom<Uint8Array<ArrayBuffer>, Uint8Array<ArrayBuffer>>]>>;
-        jwks: z.ZodOptional<z.ZodObject<{
-            keys: z.ZodArray<z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>>;
-        }, z.core.$strip>>;
-        issuer: z.ZodOptional<z.ZodString>;
-    }, z.core.$strip>>;
-    tokenStorage: z.ZodDefault<z.ZodDiscriminatedUnion<[z.ZodObject<{
-        type: z.ZodLiteral<"memory">;
-    }, z.core.$strip>, z.ZodObject<{
-        type: z.ZodLiteral<"redis">;
-        config: z.ZodObject<{
-            host: z.ZodString;
-            port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            password: z.ZodOptional<z.ZodString>;
-            db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
-            keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-            defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-        }, z.core.$strip>;
-    }, z.core.$strip>], "type">>;
-    sessionMode: z.ZodDefault<z.ZodEnum<{
-        stateful: "stateful";
-        stateless: "stateless";
-    }>>;
-    allowDefaultPublic: z.ZodDefault<z.ZodBoolean>;
-    anonymousScopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
-    publicAccess: z.ZodOptional<z.ZodObject<{
-        tools: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        prompts: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        rateLimit: z.ZodDefault<z.ZodNumber>;
-    }, z.core.$strip>>;
-    consent: z.ZodOptional<z.ZodObject<{
-        enabled: z.ZodDefault<z.ZodBoolean>;
-        groupByApp: z.ZodDefault<z.ZodBoolean>;
-        showDescriptions: z.ZodDefault<z.ZodBoolean>;
-        allowSelectAll: z.ZodDefault<z.ZodBoolean>;
-        requireSelection: z.ZodDefault<z.ZodBoolean>;
-        customMessage: z.ZodOptional<z.ZodString>;
-        rememberConsent: z.ZodDefault<z.ZodBoolean>;
-        excludedTools: z.ZodOptional<z.ZodArray<z.ZodString>>;
-        defaultSelectedTools: z.ZodOptional<z.ZodArray<z.ZodString>>;
-    }, z.core.$strip>>;
-    refresh: z.ZodOptional<z.ZodObject<{
-        enabled: z.ZodDefault<z.ZodBoolean>;
-        skewSeconds: z.ZodDefault<z.ZodNumber>;
-    }, z.core.$strip>>;
-    expectedAudience: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
-    incrementalAuth: z.ZodOptional<z.ZodObject<{
-        enabled: z.ZodDefault<z.ZodBoolean>;
-        skippedAppBehavior: z.ZodDefault<z.ZodEnum<{
-            anonymous: "anonymous";
-            "require-auth": "require-auth";
-        }>>;
-        allowSkip: z.ZodDefault<z.ZodBoolean>;
-        showAllAppsAtOnce: z.ZodDefault<z.ZodBoolean>;
-    }, z.core.$strip>>;
-    transport: z.ZodOptional<z.ZodObject<{
-        enableLegacySSE: z.ZodDefault<z.ZodBoolean>;
-        enableSseListener: z.ZodDefault<z.ZodBoolean>;
-        enableStreamableHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatelessHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatefulHttp: z.ZodDefault<z.ZodBoolean>;
-        requireSessionForStreamable: z.ZodDefault<z.ZodBoolean>;
-        recreation: z.ZodOptional<z.ZodLazy<z.ZodObject<{
-            enabled: z.ZodDefault<z.ZodBoolean>;
-            redis: z.ZodOptional<z.ZodObject<{
-                host: z.ZodString;
-                port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                password: z.ZodOptional<z.ZodString>;
-                db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
-                keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-                defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            }, z.core.$strip>>;
-            defaultTtlMs: z.ZodDefault<z.ZodNumber>;
-        }, z.core.$strip>>>;
-    }, z.core.$strip>>;
-}, z.core.$strip>]>;
-/**
- * Public access configuration
- */
-export type PublicAccessConfig = z.infer<typeof publicAccessConfigSchema>;
-export type PublicAccessConfigInput = z.input<typeof publicAccessConfigSchema>;
-/**
- * Local signing configuration
- */
-export type LocalSigningConfig = z.infer<typeof localSigningConfigSchema>;
-export type LocalSigningConfigInput = z.input<typeof localSigningConfigSchema>;
-/**
- * Remote provider configuration
- */
-export type RemoteProviderConfig = z.infer<typeof remoteProviderConfigSchema>;
-export type RemoteProviderConfigInput = z.input<typeof remoteProviderConfigSchema>;
-/**
- * Token storage configuration
- */
-export type TokenStorageConfig = z.infer<typeof tokenStorageConfigSchema>;
-export type TokenStorageConfigInput = z.input<typeof tokenStorageConfigSchema>;
-/**
- * Token refresh configuration
- */
-export type TokenRefreshConfig = z.infer<typeof tokenRefreshConfigSchema>;
-export type TokenRefreshConfigInput = z.input<typeof tokenRefreshConfigSchema>;
-/**
- * Incremental (progressive) authorization configuration
- */
-export type IncrementalAuthConfig = z.infer<typeof incrementalAuthConfigSchema>;
-export type IncrementalAuthConfigInput = z.input<typeof incrementalAuthConfigSchema>;
-/**
- * Skipped app behavior type
- */
-export type SkippedAppBehavior = z.infer<typeof skippedAppBehaviorSchema>;
-/**
- * Consent configuration for tool selection
- */
-export type ConsentConfig = z.infer<typeof consentConfigSchema>;
-export type ConsentConfigInput = z.input<typeof consentConfigSchema>;
-/**
- * @deprecated Use TransportOptions from transport.options.ts instead
- */
-export type TransportConfig = z.infer<typeof transportConfigSchema>;
-/**
- * @deprecated Use TransportOptionsInput from transport.options.ts instead
- */
-export type TransportConfigInput = z.input<typeof transportConfigSchema>;
-/**
- * @deprecated Use TransportPersistenceConfig from transport.options.ts instead
- */
-export type TransportRecreationConfig = z.infer<typeof transportRecreationConfigSchema>;
-/**
- * @deprecated Use TransportPersistenceConfigInput from transport.options.ts instead
- */
-export type TransportRecreationConfigInput = z.input<typeof transportRecreationConfigSchema>;
-/**
- * Public mode options (output type with defaults applied)
- */
-export type PublicAuthOptions = z.infer<typeof publicAuthOptionsSchema>;
-export type PublicAuthOptionsInput = z.input<typeof publicAuthOptionsSchema>;
-/**
- * Transparent mode options (output type with defaults applied)
- */
-export type TransparentAuthOptions = z.infer<typeof transparentAuthOptionsSchema>;
-export type TransparentAuthOptionsInput = z.input<typeof transparentAuthOptionsSchema>;
-/**
- * Orchestrated local mode options
- */
-export type OrchestratedLocalOptions = z.infer<typeof orchestratedLocalSchema>;
-export type OrchestratedLocalOptionsInput = z.input<typeof orchestratedLocalSchema>;
-/**
- * Orchestrated remote mode options
- */
-export type OrchestratedRemoteOptions = z.infer<typeof orchestratedRemoteSchema>;
-export type OrchestratedRemoteOptionsInput = z.input<typeof orchestratedRemoteSchema>;
-/**
- * Orchestrated mode options (union of local and remote)
- */
-export type OrchestratedAuthOptions = z.infer<typeof orchestratedAuthOptionsSchema>;
-export type OrchestratedAuthOptionsInput = z.input<typeof orchestratedAuthOptionsSchema>;
-/**
- * Auth options (output type with defaults applied)
- * Use this type when working with parsed/validated options
- */
-export type AuthOptions = z.infer<typeof authOptionsSchema>;
-/**
- * Auth options input (input type for user configuration)
- * Use this type for the @frontmcp configuration
- */
-export type AuthOptionsInput = z.input<typeof authOptionsSchema>;
-/**
- * Authentication mode
- */
-export type AuthMode = 'public' | 'transparent' | 'orchestrated';
-/**
- * Orchestrated type (local or remote)
- */
-export type OrchestratedType = 'local' | 'remote';
-export declare const appAuthOptionsSchema: z.ZodUnion<readonly [z.ZodObject<{
-    mode: z.ZodLiteral<"public">;
-    issuer: z.ZodOptional<z.ZodString>;
-    sessionTtl: z.ZodDefault<z.ZodNumber>;
-    anonymousScopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
-    publicAccess: z.ZodOptional<z.ZodObject<{
-        tools: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        prompts: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        rateLimit: z.ZodDefault<z.ZodNumber>;
-    }, z.core.$strip>>;
-    jwks: z.ZodOptional<z.ZodObject<{
-        keys: z.ZodArray<z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>>;
-    }, z.core.$strip>>;
-    signKey: z.ZodOptional<z.ZodUnion<[z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>, z.ZodCustom<Uint8Array<ArrayBuffer>, Uint8Array<ArrayBuffer>>]>>;
-    transport: z.ZodOptional<z.ZodObject<{
-        enableLegacySSE: z.ZodDefault<z.ZodBoolean>;
-        enableSseListener: z.ZodDefault<z.ZodBoolean>;
-        enableStreamableHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatelessHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatefulHttp: z.ZodDefault<z.ZodBoolean>;
-        requireSessionForStreamable: z.ZodDefault<z.ZodBoolean>;
-        recreation: z.ZodOptional<z.ZodLazy<z.ZodObject<{
-            enabled: z.ZodDefault<z.ZodBoolean>;
-            redis: z.ZodOptional<z.ZodObject<{
-                host: z.ZodString;
-                port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                password: z.ZodOptional<z.ZodString>;
-                db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
-                keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-                defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            }, z.core.$strip>>;
-            defaultTtlMs: z.ZodDefault<z.ZodNumber>;
-        }, z.core.$strip>>>;
-    }, z.core.$strip>>;
-    standalone: z.ZodOptional<z.ZodBoolean>;
-    excludeFromParent: z.ZodOptional<z.ZodBoolean>;
-}, z.core.$strip>, z.ZodObject<{
-    mode: z.ZodLiteral<"transparent">;
-    remote: z.ZodObject<{
-        provider: z.ZodString;
-        name: z.ZodOptional<z.ZodString>;
-        id: z.ZodOptional<z.ZodString>;
-        jwks: z.ZodOptional<z.ZodObject<{
-            keys: z.ZodArray<z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>>;
-        }, z.core.$strip>>;
-        jwksUri: z.ZodOptional<z.ZodString>;
-        clientId: z.ZodOptional<z.ZodString>;
-        clientSecret: z.ZodOptional<z.ZodString>;
-        scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
-        dcrEnabled: z.ZodDefault<z.ZodBoolean>;
-        authEndpoint: z.ZodOptional<z.ZodString>;
-        tokenEndpoint: z.ZodOptional<z.ZodString>;
-        registrationEndpoint: z.ZodOptional<z.ZodString>;
-        userInfoEndpoint: z.ZodOptional<z.ZodString>;
-    }, z.core.$strip>;
-    expectedAudience: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
-    requiredScopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
-    allowAnonymous: z.ZodDefault<z.ZodBoolean>;
-    anonymousScopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
-    publicAccess: z.ZodOptional<z.ZodObject<{
-        tools: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        prompts: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        rateLimit: z.ZodDefault<z.ZodNumber>;
-    }, z.core.$strip>>;
-    transport: z.ZodOptional<z.ZodObject<{
-        enableLegacySSE: z.ZodDefault<z.ZodBoolean>;
-        enableSseListener: z.ZodDefault<z.ZodBoolean>;
-        enableStreamableHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatelessHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatefulHttp: z.ZodDefault<z.ZodBoolean>;
-        requireSessionForStreamable: z.ZodDefault<z.ZodBoolean>;
-        recreation: z.ZodOptional<z.ZodLazy<z.ZodObject<{
-            enabled: z.ZodDefault<z.ZodBoolean>;
-            redis: z.ZodOptional<z.ZodObject<{
-                host: z.ZodString;
-                port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                password: z.ZodOptional<z.ZodString>;
-                db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
-                keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-                defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            }, z.core.$strip>>;
-            defaultTtlMs: z.ZodDefault<z.ZodNumber>;
-        }, z.core.$strip>>>;
-    }, z.core.$strip>>;
-    standalone: z.ZodOptional<z.ZodBoolean>;
-    excludeFromParent: z.ZodOptional<z.ZodBoolean>;
-}, z.core.$strip>, z.ZodObject<{
-    mode: z.ZodLiteral<"orchestrated">;
-    type: z.ZodLiteral<"local">;
-    local: z.ZodOptional<z.ZodObject<{
-        signKey: z.ZodOptional<z.ZodUnion<[z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>, z.ZodCustom<Uint8Array<ArrayBuffer>, Uint8Array<ArrayBuffer>>]>>;
-        jwks: z.ZodOptional<z.ZodObject<{
-            keys: z.ZodArray<z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>>;
-        }, z.core.$strip>>;
-        issuer: z.ZodOptional<z.ZodString>;
-    }, z.core.$strip>>;
-    tokenStorage: z.ZodDefault<z.ZodDiscriminatedUnion<[z.ZodObject<{
-        type: z.ZodLiteral<"memory">;
-    }, z.core.$strip>, z.ZodObject<{
-        type: z.ZodLiteral<"redis">;
-        config: z.ZodObject<{
-            host: z.ZodString;
-            port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            password: z.ZodOptional<z.ZodString>;
-            db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
-            keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-            defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-        }, z.core.$strip>;
-    }, z.core.$strip>], "type">>;
-    sessionMode: z.ZodDefault<z.ZodEnum<{
-        stateful: "stateful";
-        stateless: "stateless";
-    }>>;
-    allowDefaultPublic: z.ZodDefault<z.ZodBoolean>;
-    anonymousScopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
-    publicAccess: z.ZodOptional<z.ZodObject<{
-        tools: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        prompts: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        rateLimit: z.ZodDefault<z.ZodNumber>;
-    }, z.core.$strip>>;
-    consent: z.ZodOptional<z.ZodObject<{
-        enabled: z.ZodDefault<z.ZodBoolean>;
-        groupByApp: z.ZodDefault<z.ZodBoolean>;
-        showDescriptions: z.ZodDefault<z.ZodBoolean>;
-        allowSelectAll: z.ZodDefault<z.ZodBoolean>;
-        requireSelection: z.ZodDefault<z.ZodBoolean>;
-        customMessage: z.ZodOptional<z.ZodString>;
-        rememberConsent: z.ZodDefault<z.ZodBoolean>;
-        excludedTools: z.ZodOptional<z.ZodArray<z.ZodString>>;
-        defaultSelectedTools: z.ZodOptional<z.ZodArray<z.ZodString>>;
-    }, z.core.$strip>>;
-    refresh: z.ZodOptional<z.ZodObject<{
-        enabled: z.ZodDefault<z.ZodBoolean>;
-        skewSeconds: z.ZodDefault<z.ZodNumber>;
-    }, z.core.$strip>>;
-    expectedAudience: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
-    incrementalAuth: z.ZodOptional<z.ZodObject<{
-        enabled: z.ZodDefault<z.ZodBoolean>;
-        skippedAppBehavior: z.ZodDefault<z.ZodEnum<{
-            anonymous: "anonymous";
-            "require-auth": "require-auth";
-        }>>;
-        allowSkip: z.ZodDefault<z.ZodBoolean>;
-        showAllAppsAtOnce: z.ZodDefault<z.ZodBoolean>;
-    }, z.core.$strip>>;
-    transport: z.ZodOptional<z.ZodObject<{
-        enableLegacySSE: z.ZodDefault<z.ZodBoolean>;
-        enableSseListener: z.ZodDefault<z.ZodBoolean>;
-        enableStreamableHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatelessHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatefulHttp: z.ZodDefault<z.ZodBoolean>;
-        requireSessionForStreamable: z.ZodDefault<z.ZodBoolean>;
-        recreation: z.ZodOptional<z.ZodLazy<z.ZodObject<{
-            enabled: z.ZodDefault<z.ZodBoolean>;
-            redis: z.ZodOptional<z.ZodObject<{
-                host: z.ZodString;
-                port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                password: z.ZodOptional<z.ZodString>;
-                db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
-                keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-                defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            }, z.core.$strip>>;
-            defaultTtlMs: z.ZodDefault<z.ZodNumber>;
-        }, z.core.$strip>>>;
-    }, z.core.$strip>>;
-    standalone: z.ZodOptional<z.ZodBoolean>;
-    excludeFromParent: z.ZodOptional<z.ZodBoolean>;
-}, z.core.$strip>, z.ZodObject<{
-    mode: z.ZodLiteral<"orchestrated">;
-    type: z.ZodLiteral<"remote">;
-    remote: z.ZodObject<{
-        provider: z.ZodString;
-        name: z.ZodOptional<z.ZodString>;
-        id: z.ZodOptional<z.ZodString>;
-        jwks: z.ZodOptional<z.ZodObject<{
-            keys: z.ZodArray<z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>>;
-        }, z.core.$strip>>;
-        jwksUri: z.ZodOptional<z.ZodString>;
-        clientId: z.ZodOptional<z.ZodString>;
-        clientSecret: z.ZodOptional<z.ZodString>;
-        scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
-        dcrEnabled: z.ZodDefault<z.ZodBoolean>;
-        authEndpoint: z.ZodOptional<z.ZodString>;
-        tokenEndpoint: z.ZodOptional<z.ZodString>;
-        registrationEndpoint: z.ZodOptional<z.ZodString>;
-        userInfoEndpoint: z.ZodOptional<z.ZodString>;
-    }, z.core.$strip>;
-    local: z.ZodOptional<z.ZodObject<{
-        signKey: z.ZodOptional<z.ZodUnion<[z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>, z.ZodCustom<Uint8Array<ArrayBuffer>, Uint8Array<ArrayBuffer>>]>>;
-        jwks: z.ZodOptional<z.ZodObject<{
-            keys: z.ZodArray<z.ZodType<JWK, unknown, z.core.$ZodTypeInternals<JWK, unknown>>>;
-        }, z.core.$strip>>;
-        issuer: z.ZodOptional<z.ZodString>;
-    }, z.core.$strip>>;
-    tokenStorage: z.ZodDefault<z.ZodDiscriminatedUnion<[z.ZodObject<{
-        type: z.ZodLiteral<"memory">;
-    }, z.core.$strip>, z.ZodObject<{
-        type: z.ZodLiteral<"redis">;
-        config: z.ZodObject<{
-            host: z.ZodString;
-            port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            password: z.ZodOptional<z.ZodString>;
-            db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
-            keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-            defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-        }, z.core.$strip>;
-    }, z.core.$strip>], "type">>;
-    sessionMode: z.ZodDefault<z.ZodEnum<{
-        stateful: "stateful";
-        stateless: "stateless";
-    }>>;
-    allowDefaultPublic: z.ZodDefault<z.ZodBoolean>;
-    anonymousScopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
-    publicAccess: z.ZodOptional<z.ZodObject<{
-        tools: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        prompts: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
-        rateLimit: z.ZodDefault<z.ZodNumber>;
-    }, z.core.$strip>>;
-    consent: z.ZodOptional<z.ZodObject<{
-        enabled: z.ZodDefault<z.ZodBoolean>;
-        groupByApp: z.ZodDefault<z.ZodBoolean>;
-        showDescriptions: z.ZodDefault<z.ZodBoolean>;
-        allowSelectAll: z.ZodDefault<z.ZodBoolean>;
-        requireSelection: z.ZodDefault<z.ZodBoolean>;
-        customMessage: z.ZodOptional<z.ZodString>;
-        rememberConsent: z.ZodDefault<z.ZodBoolean>;
-        excludedTools: z.ZodOptional<z.ZodArray<z.ZodString>>;
-        defaultSelectedTools: z.ZodOptional<z.ZodArray<z.ZodString>>;
-    }, z.core.$strip>>;
-    refresh: z.ZodOptional<z.ZodObject<{
-        enabled: z.ZodDefault<z.ZodBoolean>;
-        skewSeconds: z.ZodDefault<z.ZodNumber>;
-    }, z.core.$strip>>;
-    expectedAudience: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
-    incrementalAuth: z.ZodOptional<z.ZodObject<{
-        enabled: z.ZodDefault<z.ZodBoolean>;
-        skippedAppBehavior: z.ZodDefault<z.ZodEnum<{
-            anonymous: "anonymous";
-            "require-auth": "require-auth";
-        }>>;
-        allowSkip: z.ZodDefault<z.ZodBoolean>;
-        showAllAppsAtOnce: z.ZodDefault<z.ZodBoolean>;
-    }, z.core.$strip>>;
-    transport: z.ZodOptional<z.ZodObject<{
-        enableLegacySSE: z.ZodDefault<z.ZodBoolean>;
-        enableSseListener: z.ZodDefault<z.ZodBoolean>;
-        enableStreamableHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatelessHttp: z.ZodDefault<z.ZodBoolean>;
-        enableStatefulHttp: z.ZodDefault<z.ZodBoolean>;
-        requireSessionForStreamable: z.ZodDefault<z.ZodBoolean>;
-        recreation: z.ZodOptional<z.ZodLazy<z.ZodObject<{
-            enabled: z.ZodDefault<z.ZodBoolean>;
-            redis: z.ZodOptional<z.ZodObject<{
-                host: z.ZodString;
-                port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                password: z.ZodOptional<z.ZodString>;
-                db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-                tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
-                keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-                defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
-            }, z.core.$strip>>;
-            defaultTtlMs: z.ZodDefault<z.ZodNumber>;
-        }, z.core.$strip>>>;
-    }, z.core.$strip>>;
-    standalone: z.ZodOptional<z.ZodBoolean>;
-    excludeFromParent: z.ZodOptional<z.ZodBoolean>;
-}, z.core.$strip>]>;
-export type AppAuthOptions = z.infer<typeof appAuthOptionsSchema>;
-export type AppAuthOptionsInput = z.input<typeof appAuthOptionsSchema>;
-/**
- * Parse and validate auth options with defaults
- */
-export declare function parseAuthOptions(input: AuthOptionsInput): AuthOptions;
-/**
- * Check if options are public mode
- */
-export declare function isPublicMode(options: AuthOptions | AuthOptionsInput): options is PublicAuthOptions;
-/**
- * Check if options are transparent mode
- */
-export declare function isTransparentMode(options: AuthOptions | AuthOptionsInput): options is TransparentAuthOptions;
-/**
- * Check if options are orchestrated mode
- */
-export declare function isOrchestratedMode(options: AuthOptions | AuthOptionsInput): options is OrchestratedAuthOptions;
-/**
- * Check if orchestrated options are local type
- */
-export declare function isOrchestratedLocal(options: OrchestratedAuthOptions): options is OrchestratedLocalOptions;
-/**
- * Check if orchestrated options are remote type
- */
-export declare function isOrchestratedRemote(options: OrchestratedAuthOptions): options is OrchestratedRemoteOptions;
-/**
- * Check if options allow public/anonymous access
- */
-export declare function allowsPublicAccess(options: AuthOptions): boolean;