/**
 * `@sylphx/management/adminRateLimits` — operator-driven tuning of
 * per-credential-type rate-limit multipliers (Production-Ready audit M-3).
 *
 * Mirrors `/admin/rate-limits/*` in
 * `apps/api/src/server/platform/routes/admin/rate-limits.ts`.
 *
 * Auth: service token + scope `platform:ratelimits:write`. Super-admin
 * sessions also pass through `requireScopes` (their `scopes` are `null`),
 * but the preferred path is a programmatic step in an Ops runbook.
 *
 * Typical use:
 *
 *   sylphx admin rate-limits list
 *   sylphx admin rate-limits set --type public --multiplier 0.05 \
 *     --reason "credential-enumeration alert"
 *
 * dispatches here via `requireAuthEffect` + `withAuthedSdk`. The endpoint
 * upserts the row + triggers `invalidateAndReload()` on the enforcement
 * layer so the new value is live within seconds.
 */
import type { Client } from './client.js';
/** Credential-type literal — mirrors `AdminRateLimitCredentialType` in the contract. */
export type AdminRateLimitCredentialType = 'public' | 'secret' | 'service' | 'session' | 'spiffe' | 'unknown';
export interface AdminRateLimitMultiplierStatus {
    readonly credentialType: AdminRateLimitCredentialType;
    readonly multiplier: number;
    readonly exempt: boolean;
    readonly notes: string | null;
    readonly lastUpdatedAt: string | null;
}
export interface ListMultipliersResult {
    readonly multipliers: ReadonlyArray<AdminRateLimitMultiplierStatus>;
}
export interface SetMultiplierInput {
    readonly credentialType: AdminRateLimitCredentialType;
    readonly multiplier: number;
    readonly exempt?: boolean;
    readonly reason: string;
}
export interface SetMultiplierResult {
    readonly updated: AdminRateLimitMultiplierStatus;
    readonly auditLogId: string | null;
    readonly message: string;
}
/**
 * List the per-credential-type multipliers currently applied to every
 * `RateLimitPresets` base limit. Returns one row per credential type from
 * the closed enumeration (`public`, `secret`, `service`, `session`,
 * `spiffe`, `unknown`); rows missing in the DB fall back to the live
 * in-memory cache so the dashboard never sees a hole.
 */
export declare const list: (client: Client) => Promise<ListMultipliersResult>;
/**
 * Upsert the multiplier (or exempt flag) for a single credential type.
 * `reason` is required (≥3 chars) and recorded on the audit log. The
 * server fires `invalidateAndReload()` immediately after the write so the
 * new value is live within seconds — no 5-minute wait.
 */
export declare const set: (client: Client, body: SetMultiplierInput) => Promise<SetMultiplierResult>;
//# sourceMappingURL=adminRateLimits.d.ts.map