import type { AgentCoreGateway, PolicyEngineMode } from '../../../../schema';
import type { AgentCoreComponentProps } from '../base-props';
import type { AgentCoreKnowledgeBase } from '../primitives/knowledge-base/AgentCoreKnowledgeBase';
import type { AgentCorePolicyEngine } from '../primitives/policy/AgentCorePolicyEngine';
import { AgentCoreRuntime } from '../primitives/runtime/AgentCoreRuntime';
import * as cdk from 'aws-cdk-lib';
import { aws_bedrockagentcore as bedrockagentcore, aws_iam as iam } from 'aws-cdk-lib';
import { Construct } from 'constructs';
export type CredentialDeployedState = Record<string, {
    credentialProviderArn: string;
    clientSecretArn?: string;
}>;
export interface GatewayProps extends AgentCoreComponentProps {
    /** Gateway configuration from schema */
    readonly gateway: AgentCoreGateway;
    /** Config root directory for resolving paths */
    readonly configRoot: string;
    /** Credential deployed state for resolving outbound auth ARNs */
    readonly credentials?: CredentialDeployedState;
    /** Policy engine construct to associate with this gateway */
    readonly policyEngine?: AgentCorePolicyEngine;
    /** Policy engine enforcement mode */
    readonly policyEngineMode?: PolicyEngineMode;
    /** Map of runtime names to their ARNs (for httpRuntime targets) */
    readonly runtimeArns?: Map<string, string>;
    /**
     * Knowledge bases keyed by name from the project's `knowledgeBases[]`.
     * Used by connector targets to resolve project-owned KB name references at synth.
     */
    readonly knowledgeBases?: ReadonlyMap<string, AgentCoreKnowledgeBase>;
}
/**
 * Creates an MCP Gateway with its associated targets and compute.
 *
 * This component orchestrates:
 * - CfnGateway resource creation with optional JWT authorization
 * - Gateway IAM role
 * - Gateway targets (Lambda or AgentCoreRuntime backed)
 * - Proper IAM grants between gateway and compute
 */
export declare class Gateway extends Construct {
    readonly cfnGateway: bedrockagentcore.CfnGateway;
    readonly role: iam.IRole;
    readonly runtimes: Map<string, AgentCoreRuntime>;
    readonly lambdaFunctions: Map<string, cdk.aws_lambda.Function>;
    readonly gatewayTargets: Map<string, cdk.aws_bedrockagentcore.CfnGatewayTarget>;
    private readonly credentials?;
    private readonly props;
    private readonly knowledgeBases?;
    constructor(scope: Construct, id: string, props: GatewayProps);
    /**
     * Adds a policy statement to the gateway's IAM role.
     * Silently no-ops when using an imported role (mutable: false).
     */
    addToPolicy(statement: iam.PolicyStatement): void;
    /**
     * Builds the protocol configuration for a gateway.
     * When semantic search is disabled, no protocol configuration is set.
     * Otherwise, configures MCP with SEMANTIC search type.
     */
    private buildProtocolConfiguration;
    /**
     * Builds credential provider configuration for a gateway target based on outbound auth.
     */
    private buildCredentialConfig;
    /**
     * Creates a Gateway Target with its associated compute.
     */
    private createGatewayTarget;
}
//# sourceMappingURL=Gateway.d.ts.map