/**
 * AWS Bedrock Provider Configuration
 *
 * Supports two authentication modes:
 * 1. API Key (Bearer token) - Simplest, for long-term API keys
 * 2. SigV4 (IAM credentials) - For EC2/ECS/Lambda with IAM roles
 */
export interface BedrockConfig {
    /**
     * AWS Region where Bedrock is enabled.
     * Example: "us-east-1", "us-west-2"
     */
    region: string;
    /**
     * Long-term API key generated from AWS Bedrock console.
     * When provided, uses simple Bearer token authentication.
     * Mutually exclusive with accessKeyId/secretAccessKey.
     */
    apiKey?: string;
    /**
     * AWS Access Key ID.
     * Required when using SigV4 authentication (no apiKey).
     */
    accessKeyId?: string;
    /**
     * AWS Secret Access Key.
     * Required when using SigV4 authentication (no apiKey).
     */
    secretAccessKey?: string;
    /**
     * AWS Session Token (optional).
     * Required for temporary credentials from STS, SSO, or assumed roles.
     */
    sessionToken?: string;
    /**
     * Request timeout in milliseconds.
     * Default: 120000 (2 minutes)
     */
    requestTimeout?: number;
    /**
     * Default Bedrock Guardrail identifier (ID or ARN).
     */
    guardrailIdentifier?: string;
    /**
     * Default Bedrock Guardrail version (e.g., "1", "DRAFT").
     */
    guardrailVersion?: string;
}
/**
 * Validates the configuration and determines the auth mode.
 */
export declare function validateBedrockConfig(config: BedrockConfig): "apiKey" | "sigv4";
/**
 * Build the Bedrock Runtime endpoint URL for a given region.
 */
export declare function getBedrockEndpoint(region: string): string;
//# sourceMappingURL=config.d.ts.map