import { t as IamClient } from "./client-0N6XNM6z.js";
import { n as IamPrimitives, t as AccessControl } from "./access-control-CxeWQI64.js";
import { t as IamAdapter } from "./adapter-DeNTUcdv.js";
import { A as ops, C as MAX_CONDITION_DEPTH, D as getCachedRegex, E as evalCondition, F as resolveConditionValue, I as IamEvalCaches, L as iamCreateEvalCaches, M as resolveValue, N as evalConditionGroup, O as isCondition, P as evaluateOperator, S as iamFlushSharedCaches, T as REGEX_CACHE_MAX, _ as evaluatePolicy, a as matchesResource, b as IamConfig, c as pathCache, d as resolveEffectiveRoles, f as rolesToPolicy, g as evaluateFast, h as evaluate, i as matchesAction, j as regexCache, k as isUserSourcedValue, l as resolve, m as Evaluate, n as PATH_CACHE_MAX, o as matchesResourceHierarchical, p as indexPolicy, r as clearPathCache, s as matchesScope, t as ALLOWED_ROOTS, u as MAX_INHERITANCE_DEPTH, v as evaluatePolicyFast, w as MAX_REGEX_LENGTH, x as IamEngine, y as createIam } from "./index-DiOdpz0c.js";
import { a as RuleBuilder, c as when, i as definePolicy, l as DotPath, n as defineRole, o as defineRule, r as PolicyBuilder, s as When, t as RoleBuilder } from "./index-CU--1O9m.js";
import { t as IamRequest } from "./request-BouexCSW.js";
import { n as explainEvaluation, r as Explain, t as escapeHtml } from "./index-gnO2iETD.js";
import { t as IamEngineTypes } from "./engine.types-CKIkd4ez.js";
import { m as IamValidate } from "./index-CX1L5jxQ.js";
import { t as POLICY_JSON_SCHEMA } from "./index-D3UWy0aw.js";

//#region src/shared/cache.d.ts
/**
 * LRU cache with TTL expiration; relies on `Map` insertion order. Used by {@link IamEngine} for policies/roles/subjects.
 *
 * @template V - Type of cached values.
 */
declare class IamLRUCache<V> {
  private _map;
  private _maxSize;
  private _ttl;
  private _hits;
  private _misses;
  /**
   * @param maxSize - Sets the maximum number of entries before LRU eviction.
   * @param ttlMs - Sets time-to-live in milliseconds for each entry.
   * @throws `RangeError` when `maxSize < 1` or `ttlMs < 0`.
   */
  constructor(maxSize: number, ttlMs: number);
  /**
   * Get + refresh LRU; `undefined` when missing or expired.
   *
   * @param key - Looks up the entry under this cache key.
   * @returns The stored value, or `undefined` when missing or expired.
   */
  get(key: string): V | undefined;
  /** Hit/miss counters + current size. */
  get stats(): {
    hits: number;
    misses: number;
    size: number;
  };
  /** Zeroes the hit and miss counters without clearing stored entries. */
  resetStats(): void;
  /**
   * Set + TTL refresh; evicts the oldest at capacity.
   *
   * @param key - Stores the entry under this cache key.
   * @param value - Associates this value with the key.
   */
  set(key: string, value: V): void;
  /**
   * Remove a single entry.
   *
   * @param key - Removes the entry stored under this cache key.
   * @returns `true` when the entry existed and was deleted.
   */
  delete(key: string): boolean;
  /** Clears entries without resetting stat counters. */
  clear(): void;
  get size(): number;
  /** Iterate non-expired entries; does NOT refresh LRU order. */
  entries(): IterableIterator<[string, V]>;
}
//#endregion
//#region src/shared/keys.d.ts
/**
 * Permission map key: `[scope:]action:resource[:resourceId]`; `:` and `\` are backslash-escaped per segment.
 *
 * @param action - Identifies the action (for example `'read'`).
 * @param resource - Identifies the resource (for example `'document'`).
 * @param resourceId - Optionally pins the key to a concrete resource instance.
 * @param scope - Optionally prefixes a scope for tenant or namespace partitioning.
 * @returns Composed colon-delimited key with hostile segments escaped.
 */
declare function iamBuildPermissionKey(action: string, resource: string, resourceId?: string, scope?: string): string;
/**
 * Splits a permission key produced by {@link iamBuildPermissionKey} into its
 * original segments, honouring the `\:` and `\\` escape sequences. Naive
 * `.split(':')` would mis-tokenise any segment containing a literal `:` or
 * `\`.
 *
 * @param key - Permission key, e.g. `'read:document'` or `'tenant_a:write:doc\\:42'`.
 * @returns Array of unescaped segments in declaration order.
 */
declare function iamSplitPermissionKey(key: string): string[];
//#endregion
export { ALLOWED_ROOTS, AccessControl, DotPath, type Evaluate, type Explain, IamAdapter, IamClient, type IamConfig, IamEngine, type IamEngineTypes, IamEvalCaches, IamLRUCache, IamPrimitives, IamRequest, type IamValidate, MAX_CONDITION_DEPTH, MAX_INHERITANCE_DEPTH, MAX_REGEX_LENGTH, PATH_CACHE_MAX, POLICY_JSON_SCHEMA, PolicyBuilder, REGEX_CACHE_MAX, RoleBuilder, RuleBuilder, When, clearPathCache, createIam, definePolicy, defineRole, defineRule, escapeHtml, evalCondition, evalConditionGroup, evaluate, evaluateFast, evaluateOperator, evaluatePolicy, evaluatePolicyFast, explainEvaluation, getCachedRegex, iamBuildPermissionKey, iamCreateEvalCaches, iamFlushSharedCaches, iamSplitPermissionKey, indexPolicy, isCondition, isUserSourcedValue, matchesAction, matchesResource, matchesResourceHierarchical, matchesScope, ops, pathCache, regexCache, resolve, resolveConditionValue, resolveEffectiveRoles, resolveValue, rolesToPolicy, when };
//# sourceMappingURL=index.d.ts.map