/**
 * Base Webhook Adapter for Storage
 *
 * Abstract base class for storage webhook adapters providing common functionality:
 * - Signature verification utilities (HMAC, AWS Signature V4)
 * - Error handling
 * - Logging
 * - Idempotency key generation
 * - Compliance integration
 * - Security helpers (IP verification, timestamp validation)
 */
import type { StorageWebhookAdapter, StorageWebhookPayload, StorageWebhookVerificationResult, ProcessedStorageWebhookEvent, StorageBaseWebhookAdapterConfig } from '@plyaz/types/storage';
import type { LoggerInterface } from '@plyaz/types';
import { STORAGE_SIGNATURE_METHOD } from '@plyaz/types/storage';
import { type SchemaValidationResult, type InternalValidationSchema } from '@plyaz/types/errors';
/**
 * Abstract Base Webhook Adapter for Storage
 *
 * Provides common functionality for all storage webhook adapters
 *
 * @template TPayload - Provider-specific payload type
 * @template TSchema - Schema type (internal validation implementation)
 */
export declare abstract class BaseWebhookAdapter<TPayload = unknown, TSchema extends InternalValidationSchema<TPayload> = InternalValidationSchema<TPayload>> implements StorageWebhookAdapter<TPayload, TSchema> {
    abstract readonly providerName: string;
    abstract readonly eventType: string;
    abstract readonly schema: TSchema;
    readonly priority: number;
    protected readonly secret: string;
    protected readonly signatureMethod: STORAGE_SIGNATURE_METHOD;
    protected readonly signatureHeader: string;
    protected readonly timestampHeader?: string;
    protected readonly timestampTolerance: number;
    protected readonly allowedIPs?: string[];
    protected readonly logger?: LoggerInterface;
    constructor(config: StorageBaseWebhookAdapterConfig);
    /**
     * Verify webhook signature and security checks
     * Default implementation - can be overridden by subclasses
     */
    verify(payload: StorageWebhookPayload<unknown>): StorageWebhookVerificationResult;
    /**
     * Process webhook payload
     * Must be implemented by subclasses
     */
    abstract process(payload: StorageWebhookPayload<TPayload>): ProcessedStorageWebhookEvent[] | Promise<ProcessedStorageWebhookEvent[]>;
    /**
     * Generate idempotency key from payload
     * Default implementation - can be overridden
     */
    getIdempotencyKey(payload: StorageWebhookPayload<TPayload>): string;
    /**
     * Check if this adapter should process the webhook
     * Default: always process (can be overridden for multi-adapter scenarios)
     */
    shouldProcess(_payload?: StorageWebhookPayload<unknown>): boolean;
    /**
     * Handle errors
     * Default implementation - can be overridden
     */
    handleError(error: Error, payload: StorageWebhookPayload<unknown>): void;
    /**
     * Get signature from headers
     */
    protected getSignature(payload: StorageWebhookPayload<unknown>): string | undefined;
    /**
     * Compute expected signature
     * Can be overridden for custom signature schemes (e.g., AWS Signature V4)
     */
    protected computeSignature(payload: StorageWebhookPayload<unknown>): string;
    /**
     * Get the payload string to sign
     * Can be overridden for custom payload formats
     */
    protected getSignaturePayload(payload: StorageWebhookPayload<unknown>): string;
    /**
     * Compute HMAC signature
     */
    protected computeHMAC(data: string, algorithm: 'sha256' | 'sha512'): string;
    /**
     * Compute HMAC signature in base64
     */
    protected computeHMACBase64(data: string, algorithm: 'sha256' | 'sha512'): string;
    /**
     * Compare signatures (timing-safe)
     */
    protected compareSignatures(signature: string, expected: string): boolean;
    /**
     * Validate payload against Zod schema
     * Throws StoragePackageError if validation fails
     */
    protected validatePayload<T = TPayload>(payload: T): TPayload;
    /**
     * Safe payload validation with error handling
     * Returns result object instead of throwing
     */
    protected safeValidatePayload<T = TPayload>(payload: T): SchemaValidationResult<TPayload>;
    /**
     * Extract object key from event
     * Must be implemented by subclasses
     */
    protected abstract extractObjectKey(event: TPayload): string;
    /**
     * Extract bucket name from event
     * Can be overridden by subclasses
     */
    protected extractBucket(event: TPayload): string | undefined;
    /**
     * Extract timestamp from event
     * Default implementation - can be overridden
     */
    protected extractTimestamp(event: TPayload): Date;
    /**
     * Extract timestamp from headers (for replay attack prevention)
     */
    protected extractTimestampFromHeaders(payload: StorageWebhookPayload<unknown>): Date | undefined;
    /**
     * Check if timestamp is within acceptable range
     */
    protected isTimestampValid(timestamp: Date): boolean;
    /**
     * Extract source IP from payload
     */
    protected extractSourceIP(payload: StorageWebhookPayload<unknown>): string | undefined;
    /**
     * Extract first IP from header value (handles arrays and comma-separated strings)
     */
    private extractFirstIP;
    /**
     * Check if IP is in allowlist
     */
    protected isIPAllowed(ip: string): boolean;
    /**
     * Extract file size from event
     */
    protected extractFileSize(event: TPayload): number | undefined;
    /**
     * Extract content type from event
     */
    protected extractContentType(event: TPayload): string | undefined;
    /**
     * Extract etag from event
     */
    protected extractETag(event: TPayload): string | undefined;
}