/**
 * Error sanitization utilities to prevent information leakage.
 *
 * This module provides utilities to sanitize error messages and details
 * before they are exposed to external systems or logs. It helps prevent
 * leaking sensitive information like keys, secrets, and tokens.
 */
/**
 * Sanitize an error message by removing sensitive patterns.
 *
 * @param message - The original error message
 * @returns Sanitized message with sensitive data redacted
 *
 * @example
 * ```typescript
 * sanitizeMessage('key=abc123def456 is invalid')
 * // Returns '[KEY_REDACTED] is invalid'
 * ```
 */
export declare function sanitizeMessage(message: string): string;
/**
 * Sanitize error details by removing sensitive fields.
 *
 * @param details - The original error details dictionary
 * @returns Sanitized details with sensitive fields redacted
 */
export declare function sanitizeDetails(details: Record<string, unknown> | null | undefined): Record<string, unknown>;
/**
 * Get a safe public message for an error code.
 *
 * This returns a generic message that doesn't reveal internal details
 * while still being useful for debugging.
 *
 * @param code - The error code
 * @param defaultMessage - The default message to use if no public message is defined
 * @returns A safe public error message
 */
export declare function getPublicMessage(code: string, defaultMessage: string): string;
/**
 * A container for sanitized error information.
 *
 * This class holds both the original (internal) error information
 * and the sanitized (public) version. Use toPublicDict() when
 * returning errors to external systems and toInternalDict() for
 * internal logging.
 */
export declare class SanitizedError {
    /** The error code */
    readonly code: string;
    /** Sanitized message safe for external exposure */
    readonly publicMessage: string;
    /** Original message for internal logging */
    readonly internalMessage: string;
    /** Sanitized details safe for external exposure */
    readonly publicDetails: Record<string, unknown>;
    /** Original details for internal logging */
    readonly internalDetails: Record<string, unknown>;
    constructor(code: string, message: string, details?: Record<string, unknown>);
    /**
     * Return only safe-to-expose information.
     * Use this when returning error info to external systems.
     */
    toPublicDict(): {
        code: string;
        message: string;
    };
    /**
     * Return full information for internal logging.
     * Use this only for internal debugging and logging.
     */
    toInternalDict(): {
        code: string;
        message: string;
        details: Record<string, unknown>;
    };
    /**
     * Return information safe for logging.
     * This includes sanitized message and details but not
     * the full internal details.
     */
    toLogSafeDict(): {
        code: string;
        message: string;
        details: Record<string, unknown>;
    };
}
/**
 * Create a SanitizedError from error components.
 *
 * @param code - The error code
 * @param message - The error message
 * @param details - Optional error details
 * @returns A SanitizedError instance
 */
export declare function createSanitizedError(code: string, message: string, details?: Record<string, unknown>): SanitizedError;
/**
 * Create a SanitizedError from an exception.
 *
 * Works with BelticError subclasses to preserve code and details.
 * For other exceptions, uses a generic code.
 *
 * @param error - The error to sanitize
 * @returns A SanitizedError instance
 */
export declare function sanitizeException(error: Error): SanitizedError;
//# sourceMappingURL=sanitize.d.ts.map