import { WalletInterface, OriginatorDomainNameStringUnder250Bytes, GetPublicKeyArgs, GetPublicKeyResult, RevealCounterpartyKeyLinkageArgs, RevealCounterpartyKeyLinkageResult, RevealSpecificKeyLinkageArgs, RevealSpecificKeyLinkageResult, WalletEncryptArgs, WalletEncryptResult, WalletDecryptArgs, WalletDecryptResult, CreateHmacArgs, CreateHmacResult, VerifyHmacArgs, VerifyHmacResult, CreateSignatureArgs, CreateSignatureResult, VerifySignatureArgs, VerifySignatureResult, CreateActionArgs, CreateActionResult, SignActionArgs, SignActionResult, AbortActionArgs, AbortActionResult, ListActionsArgs, ListActionsResult, InternalizeActionArgs, InternalizeActionResult, ListOutputsArgs, ListOutputsResult, RelinquishOutputArgs, RelinquishOutputResult, AcquireCertificateArgs, AcquireCertificateResult, ListCertificatesArgs, ListCertificatesResult, ProveCertificateArgs, ProveCertificateResult, RelinquishCertificateArgs, RelinquishCertificateResult, DiscoverByIdentityKeyArgs, DiscoverByAttributesArgs, DiscoverCertificatesResult, AuthenticatedResult, GetHeightResult, GetHeaderArgs, GetHeaderResult, GetNetworkResult, GetVersionResult } from '@bsv/sdk';
import { PrivilegedKeyManager } from './sdk/PrivilegedKeyManager';
/**
 * SimpleWalletManager is a slimmed-down wallet manager that only requires two things to authenticate:
 *  1. A primary key (32 bytes), which represents the core secret for the wallet.
 *  2. A privileged key manager (an instance of `PrivilegedKeyManager`), responsible for
 *     more sensitive operations.
 *
 * Once both pieces are provided (or if a snapshot containing the primary key is loaded,
 * and the privileged key manager is provided separately), the wallet becomes authenticated.
 *
 * After authentication, calls to the standard wallet methods (`createAction`, `signAction`, etc.)
 * are proxied to an underlying `WalletInterface` instance returned by a user-supplied `walletBuilder`.
 *
 * **Important**: This manager does not handle user password flows, recovery, or on-chain
 * token management. It is a straightforward wrapper that ensures the user has provided
 * both their main secret (primary key) and a privileged key manager before allowing usage.
 *
 * It also prevents calls from the special "admin originator" from being used externally.
 * (Any call that tries to use the admin originator as its originator, other than the manager itself,
 * will result in an error, ensuring that only internal operations can use that originator.)
 *
 * The manager can also save and load snapshots of its state. In this simplified version,
 * the snapshot only contains the primary key. If you load a snapshot, you still need to
 * re-provide the privileged key manager to complete authentication.
 */
export declare class SimpleWalletManager implements WalletInterface {
    /**
     * Whether the user is currently authenticated (meaning both the primary key
     * and privileged key manager have been provided).
     */
    authenticated: boolean;
    /**
     * Resolves once the optional snapshot (if provided to the constructor) has been
     * fully loaded and the wallet is ready to accept calls.
     * When no snapshot is provided this resolves immediately.
     * Await `ready` before calling wallet methods after constructing with a snapshot.
     */
    get ready(): Promise<void>;
    private _readyInit?;
    private readonly _initSnapshot?;
    /**
     * The domain name of the administrative originator (wallet operator / vendor, or your own).
     */
    private readonly adminOriginator;
    /**
     * A function that, given the user's primary key and privileged key manager,
     * returns a new `WalletInterface` instance that handles the actual signing,
     * encryption, transaction building, etc.
     */
    private readonly walletBuilder;
    /**
     * The underlying wallet instance that is built once authenticated.
     */
    private underlying?;
    /**
     * The privileged key manager, responsible for sensitive tasks.
     */
    private underlyingPrivilegedKeyManager?;
    /**
     * The primary key (32 bytes) that unlocks the wallet functionality.
     */
    private primaryKey?;
    /**
     * Constructs a new `SimpleWalletManager`.
     *
     * @param adminOriginator The domain name of the administrative originator.
     * @param walletBuilder   A function that, given a primary key and privileged key manager,
     *                        returns a fully functional `WalletInterface`.
     * @param stateSnapshot   If provided, a previously saved snapshot of the wallet's state.
     *                        If the snapshot contains a primary key, it will be loaded immediately
     *                        (though you will still need to provide a privileged key manager to authenticate).
     */
    constructor(adminOriginator: OriginatorDomainNameStringUnder250Bytes, walletBuilder: (primaryKey: number[], privilegedKeyManager: PrivilegedKeyManager) => Promise<WalletInterface>, stateSnapshot?: number[]);
    private _init;
    /**
     * Provides the primary key (32 bytes) needed for authentication.
     * If a privileged key manager has already been provided, we attempt to build
     * the underlying wallet. Otherwise, we wait until the manager is also provided.
     *
     * @param key A 32-byte primary key.
     */
    providePrimaryKey(key: number[]): Promise<void>;
    /**
     * Provides the privileged key manager needed for sensitive tasks.
     * If a primary key has already been provided (or loaded from a snapshot),
     * we attempt to build the underlying wallet. Otherwise, we wait until the key is provided.
     *
     * @param manager An instance of `PrivilegedKeyManager`.
     */
    providePrivilegedKeyManager(manager: PrivilegedKeyManager): Promise<void>;
    /**
     * Internal method that checks if we have both the primary key and privileged manager.
     * If so, we build the underlying wallet instance and become authenticated.
     */
    private tryBuildUnderlying;
    /**
     * Destroys the underlying wallet, returning to a default (unauthenticated) state.
     *
     * This clears the primary key, the privileged key manager, and the `authenticated` flag.
     */
    destroy(): void;
    /**
     * Saves the current wallet state (including just the primary key)
     * into an encrypted snapshot. This snapshot can be stored and later
     * passed to `loadSnapshot` to restore the primary key (and partially authenticate).
     *
     * **Note**: The snapshot does NOT include the privileged key manager.
     * You must still provide that separately after loading the snapshot
     * in order to complete authentication.
     *
     * @remarks
     * Storing the snapshot (which contains the primary key) provides a significant
     * portion of the wallet's secret material. It must be protected carefully.
     *
     * @returns A byte array representing the encrypted snapshot.
     * @throws {Error} if no primary key is currently set.
     */
    saveSnapshot(): number[];
    /**
     * Loads a previously saved state snapshot (produced by `saveSnapshot`).
     * This will restore the primary key but will **not** restore the privileged key manager
     * (that must be provided separately to complete authentication).
     *
     * @param snapshot A byte array that was previously returned by `saveSnapshot`.
     * @throws {Error} If the snapshot format is invalid or decryption fails.
     */
    loadSnapshot(snapshot: number[]): Promise<void>;
    /**
     * Returns whether the user is currently authenticated (the wallet has a primary key
     * and a privileged key manager). If not authenticated, an error is thrown.
     *
     * @param _ Not used in this manager.
     * @param originator The originator domain, which must not be the admin originator.
     * @throws If not authenticated, or if the originator is the admin.
     */
    isAuthenticated(_: {}, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<AuthenticatedResult>;
    /**
     * Blocks until the user is authenticated (by providing primaryKey and privileged manager).
     * If not authenticated yet, it waits until that occurs.
     *
     * @param _ Not used in this manager.
     * @param originator The originator domain, which must not be the admin originator.
     * @throws If the originator is the admin.
     */
    waitForAuthentication(_: {}, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<AuthenticatedResult>;
    getPublicKey(args: GetPublicKeyArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<GetPublicKeyResult>;
    revealCounterpartyKeyLinkage(args: RevealCounterpartyKeyLinkageArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<RevealCounterpartyKeyLinkageResult>;
    revealSpecificKeyLinkage(args: RevealSpecificKeyLinkageArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<RevealSpecificKeyLinkageResult>;
    encrypt(args: WalletEncryptArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<WalletEncryptResult>;
    decrypt(args: WalletDecryptArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<WalletDecryptResult>;
    createHmac(args: CreateHmacArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<CreateHmacResult>;
    verifyHmac(args: VerifyHmacArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<VerifyHmacResult>;
    createSignature(args: CreateSignatureArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<CreateSignatureResult>;
    verifySignature(args: VerifySignatureArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<VerifySignatureResult>;
    createAction(args: CreateActionArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<CreateActionResult>;
    signAction(args: SignActionArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<SignActionResult>;
    abortAction(args: AbortActionArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<AbortActionResult>;
    listActions(args: ListActionsArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<ListActionsResult>;
    internalizeAction(args: InternalizeActionArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<InternalizeActionResult>;
    listOutputs(args: ListOutputsArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<ListOutputsResult>;
    relinquishOutput(args: RelinquishOutputArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<RelinquishOutputResult>;
    acquireCertificate(args: AcquireCertificateArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<AcquireCertificateResult>;
    listCertificates(args: ListCertificatesArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<ListCertificatesResult>;
    proveCertificate(args: ProveCertificateArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<ProveCertificateResult>;
    relinquishCertificate(args: RelinquishCertificateArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<RelinquishCertificateResult>;
    discoverByIdentityKey(args: DiscoverByIdentityKeyArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<DiscoverCertificatesResult>;
    discoverByAttributes(args: DiscoverByAttributesArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<DiscoverCertificatesResult>;
    getHeight(_: {}, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<GetHeightResult>;
    getHeaderForHeight(args: GetHeaderArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<GetHeaderResult>;
    getNetwork(_: {}, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<GetNetworkResult>;
    getVersion(_: {}, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<GetVersionResult>;
    /**
     * A small helper that throws if the user is not authenticated or if the
     * provided originator is the admin (which is not permitted externally).
     */
    private ensureCanCall;
}
//# sourceMappingURL=SimpleWalletManager.d.ts.map