export declare const SENSITIVE_FIELD_PATTERNS: RegExp[];
export declare function isSensitiveFieldName(fieldName: string): boolean;
/**
 * Scan a Drizzle table definition and return the set of JS property names
 * that match sensitive-field patterns.
 */
export declare function getSensitiveFields(table: any): Set<string>;
/**
 * Hash every sensitive field in `data` using bcrypt.
 * Already-hashed values (bcrypt prefix) are left untouched.
 * Returns a new object -- the original is not mutated.
 */
export declare function hashSensitiveFields(data: Record<string, any>, sensitiveFields: Set<string>): Record<string, any>;
/**
 * Replace every sensitive field value with "[REDACTED]".
 * Returns a shallow copy -- the original is not mutated.
 */
export declare function redactSensitiveFields<T extends Record<string, any>>(record: T, sensitiveFields: Set<string>): T;
//# sourceMappingURL=sensitive.d.ts.map