/**
 * Sentori Runtime AuditLogger
 * Persists structured audit entries in JSON Lines format and provides
 * lightweight query and statistics APIs.
 */
export interface AuditLogEntry {
    id: string;
    timestamp: string;
    eventType: 'tool_call' | 'anomaly_detected' | 'scan_complete';
    severity?: string;
    data: Record<string, unknown>;
    sessionId?: string;
}
type AuditLogInput = Omit<AuditLogEntry, 'id' | 'timestamp'>;
export interface QueryFilter {
    eventType?: string;
    since?: string;
    limit?: number;
}
export declare class AuditLogger {
    private logPath;
    constructor(logPath: string);
    /**
     * Append a new entry to the log file.
     * `id` and `timestamp` are auto-generated.
     */
    log(entry: AuditLogInput): Promise<void>;
    /** Read all raw lines and parse them into AuditLogEntry objects. */
    private readAll;
    /**
     * Return entries matching the given filter.
     *
     * - `eventType` — exact match on the eventType field
     * - `since`     — ISO 8601 timestamp; only entries at or after this time
     * - `limit`     — maximum number of entries to return (most recent first
     *                 after filtering, then limited)
     */
    query(filter?: QueryFilter): Promise<AuditLogEntry[]>;
    /**
     * Return aggregate statistics for the entire log file.
     */
    getStats(): Promise<{
        total: number;
        byType: Record<string, number>;
    }>;
}
export {};
//# sourceMappingURL=audit-log.d.ts.map