import type { AgentCoreMcpSpec } from '../../../schema';
import { type CredentialDeployedState } from '../components/mcp';
import { AgentCoreRuntime } from '../components/primitives/runtime/AgentCoreRuntime';
import type { AgentCoreApplication } from './AgentCoreApplication';
import { aws_bedrockagentcore as bedrockagentcore, aws_lambda as lambda } from 'aws-cdk-lib';
import { Construct } from 'constructs';
export interface AgentCoreMcpProps {
    /**
     * The project name.
     */
    projectName: string;
    /**
     * The MCP specification.
     */
    mcpSpec: AgentCoreMcpSpec;
    /**
     * Optional AgentCoreApplication instance.
     * If provided, gateway URLs will be wired into agent runtime environment variables,
     * and the application's KMS key will be used for CloudWatch Logs encryption.
     * Optional because MCP resources can exist without agents.
     */
    agentCoreApplication?: AgentCoreApplication;
    /**
     * Credential deployed state for resolving outbound auth ARNs
     */
    credentials?: CredentialDeployedState;
    /** Project-level tags to propagate to MCP resources */
    projectTags?: Record<string, string>;
}
/**
 * AgentCore MCP L3 Construct which defines MCP infrastructure on AgentCore.
 *
 * This construct orchestrates:
 * - MCP Gateways with their targets (via Gateway component)
 * - MCP Runtime tools (via McpRuntimeCompute component)
 * - Wiring gateway URLs to agent environments
 * - Wiring MCP runtime references to agent environments
 * - CloudFormation outputs for all MCP resources
 */
export declare class AgentCoreMcp extends Construct {
    readonly gateways: Map<string, bedrockagentcore.CfnGateway>;
    readonly runtimes: Map<string, AgentCoreRuntime>;
    readonly lambdaFunctions: Map<string, lambda.Function>;
    private readonly mcpGateways;
    private readonly configRoot;
    private readonly projectName;
    private readonly mcpSpec;
    private readonly credentials?;
    constructor(scope: Construct, id: string, props: AgentCoreMcpProps);
    /**
     * Get the runtime ARN for a specific tool.
     */
    getRuntimeArn(toolName: string): string | undefined;
    /**
     * Get the runtime ID for a specific tool.
     */
    getRuntimeId(toolName: string): string | undefined;
    /**
     * Get the runtime endpoint URL for a specific tool.
     */
    getRuntimeEndpoint(toolName: string): string | undefined;
    /**
     * Creates an MCP Runtime tool (not behind a Gateway).
     * Directly addressable by agents via the generated DNS endpoint.
     */
    private createMcpRuntimeTool;
    /**
     * Creates CloudFormation outputs for MCP resources.
     * Uses toPascalId to convert dynamic names to valid output IDs.
     */
    private createOutputs;
    /**
     * Wire gateway URLs, auth types, and IAM grants to all agent runtimes.
     * In v2 schema, all resources have implicit access, so all gateways are wired to all agents.
     * Environment variable patterns:
     *   GATEWAY_{NAME}_URL — gateway endpoint URL
     *   GATEWAY_{NAME}_AUTH_TYPE — authorization type (AWS_IAM, CUSTOM_JWT, NONE)
     *   GATEWAY_{NAME}_CREDENTIAL_PROVIDER — credential provider ARN (CUSTOM_JWT only)
     */
    private wireGatewayUrlsToAgents;
    /**
     * Wire MCP runtime tool bindings to agent runtimes.
     * Iterates through MCP runtime tools and their bindings, granting
     * InvokeAgentRuntime permission and setting environment variable with runtime ARN.
     */
    private wireMcpRuntimeReferences;
    /**
     * Grant each gateway role policy engine permissions on all policy engines.
     * Required so the gateway service can read policy engine configuration and
     * authorize requests when a gateway is associated with a policy engine.
     */
    private grantGatewayPolicyEngineAccess;
}
//# sourceMappingURL=AgentCoreMcp.d.ts.map