/**
 * Sentori Runtime AnomalyDetector
 * Runs AnomalyRules against a ToolCallEvent stream and produces a risk assessment.
 */
import type { ToolCallEvent } from './event-schema';
import { type AnomalyRule, type AnomalyMatch } from './anomaly-rules';
export type RiskLevel = 'safe' | 'low' | 'medium' | 'high' | 'critical';
export interface AnalysisResult {
    matches: AnomalyMatch[];
    riskScore: number;
    riskLevel: RiskLevel;
}
export declare class AnomalyDetector {
    private rules;
    constructor(rules?: AnomalyRule[]);
    /**
     * Analyse a sequence of ToolCallEvents and return a risk assessment.
     * Rules are run in registration order; all matches are collected.
     */
    analyze(events: ToolCallEvent[]): AnalysisResult;
    /** Register an additional rule (appended to the evaluation order). */
    addRule(rule: AnomalyRule): void;
    /** Returns a snapshot of currently registered rule IDs. */
    getRuleIds(): string[];
}
//# sourceMappingURL=anomaly-detector.d.ts.map