/**
 * Security utilities for the SDK.
 * Enhanced origin validation and security enforcement.
 */
/**
 * Validate if an origin is trusted for the given environment
 */
export declare function isOriginTrusted(origin: string, trustedOrigins: string[]): boolean;
/**
 * Enhanced origin validation with logging and strict allowlist
 */
export declare function validatePostMessageOrigin(event: MessageEvent, trustedOrigins: string[], allowedCustomOrigins?: string[], logLabel?: string): boolean;
/**
 * Validate verification message format and content
 */
export declare function validateVerificationMessage(event: MessageEvent, expectedSessionId: string, expectedMessageType: string, legacyMessageType?: string): {
    isValid: boolean;
    error?: string;
};
/**
 * Enforce HTTPS in production environment
 */
export declare function enforceHTTPS(environment: 'production' | 'staging', logLabel?: string): void;
/**
 * Validate URL security for return/cancel URLs
 */
export declare function validateReturnUrl(url: string, environment: 'production' | 'staging', _logLabel?: string): {
    isValid: boolean;
    error?: string;
};
/**
 * Generate secure session ID with entropy validation
 */
export declare function generateSecureSessionId(): string;
/**
 * Rate limiting for verification attempts
 */
declare class VerificationRateLimit {
    private attempts;
    private readonly maxAttempts;
    private readonly timeWindow;
    isAllowed(identifier: string, logLabel?: string): boolean;
    reset(identifier: string): void;
}
export declare const verificationRateLimit: VerificationRateLimit;
/**
 * Log security events with consistent formatting
 */
export declare function logSecurityEvent(event: string, metadata: Record<string, unknown>, logLabel?: string): void;
export {};