import { type ExecConfig, type TLSConfig } from './config.js';
import type { PluginAutoUpdateService } from '../services/plugin-auto-update.js';
import type { NpmAutoUpdateService } from '../services/npm-auto-update.js';
export type { CertificateEvent, SecretEvent, AgentUpdateEvent, ApiKeyRotationEvent, HostConfigEvent, DegradedReason, DegradedConnectionInfo, ReprovisionEvent, UnifiedAgentEvent, UnifiedWebSocketClient, } from './websocket/index.js';
export { createUnifiedWebSocketClient, setShuttingDown, getIsShuttingDown, } from './websocket/index.js';
/**
 * Start the agent daemon with unified WebSocket connection
 */
export declare function startDaemon(options?: {
    verbose?: boolean;
    healthPort?: number;
    /**
     * Bind host for the agent's health/metrics/plugin HTTP server.
     * Default '127.0.0.1' (loopback only). Operators who genuinely need
     * network exposure must set this to '0.0.0.0' explicitly via config
     * and accept that the endpoints (including plugin routes and update
     * triggers) are not authenticated today.
     */
    healthHost?: string;
    exec?: ExecConfig;
    pluginAutoUpdateService?: PluginAutoUpdateService | null;
    npmAutoUpdateService?: NpmAutoUpdateService | null;
    configFromVault?: boolean;
    tls?: TLSConfig;
}): Promise<void>;
//# sourceMappingURL=websocket.d.ts.map