/**
 * Persistent Audit Log
 *
 * Two backends, selected at runtime:
 * - JSONL (default): append-only writer to ~/.photon/audit.jsonl,
 *   size-based rotation (5MB, 3 archives). Always available.
 * - SQLite (opt-in via initAuditSqlite): indexed, queryable. Preferred for
 *   daemons that need fast per-caller / per-photon audit queries.
 *
 * Silent failure — never blocks execution for audit I/O.
 */
import type { AuditBackend, AuditQuery } from './audit-sqlite.js';
/** Rotate when file exceeds this size (5MB) */
declare const MAX_FILE_SIZE: number;
/** Number of rotated archives to keep */
declare const MAX_ROTATED_FILES = 3;
export interface AuditEntry {
    ts: string;
    event: string;
    photon?: string;
    method?: string;
    instance?: string;
    client?: string;
    sessionId?: string;
    durationMs?: number;
    error?: string;
    [key: string]: unknown;
}
/**
 * Upgrade the audit writer to a SQLite backend for indexed queries.
 * Callers (daemon startup, server bootstrap) invoke this once early.
 * Safe to call multiple times — subsequent calls are no-ops. If SQLite
 * isn't available (no `better-sqlite3` on Node, not running under Bun),
 * throws and the JSONL fallback remains active.
 */
export declare function initAuditSqlite(path?: string): Promise<void>;
/**
 * Swap the SQLite backend for a pre-constructed one. For tests.
 */
export declare function setAuditBackend(backend: AuditBackend | null): void;
/**
 * Query the audit log. Uses SQLite indexes when available, otherwise
 * streams the JSONL file and filters in memory.
 */
export declare function queryAudit(q?: AuditQuery): Promise<AuditEntry[]>;
export declare function audit(entry: AuditEntry): void;
/** Force a rotation check (used by CLI clear/rotate commands) */
export declare function forceRotate(): boolean;
export declare const AUDIT_FILE_PATH: string;
export declare const AUDIT_DIR_PATH: string;
export { MAX_FILE_SIZE, MAX_ROTATED_FILES };
//# sourceMappingURL=audit.d.ts.map