import type { CloudFormationStack, InlineAcknowledgement, Issue, IssueGroup, RuleContext, ServiceName } from './types/analysis.types';
/**
 * Export the CDK Insights aspect for enhanced analysis
 */
export { CDK_INSIGHTS_ANNOTATION_PREFIX, CDK_INSIGHTS_METADATA_VERSION, CDK_INSIGHTS_NAG_FINDING_PREFIX, CdkInsightsAspect, type CdkInsightsAspectOptions, type CdkInsightsLoggerOptions, type CdkInsightsMetadata, type CdkInsightsNagFinding, type ConstructHierarchyEntry, clearCaches, createCdkInsightsAspect, createCdkInsightsLogger, createExtremelyHelpfulConsoleLogger, ExtremelyHelpfulConsoleLogger, getCacheStats, isCdkDebugEnabled, type SensitiveProperty, type SourceLocation, type SourceLocationConfidence, } from './aspects/CdkInsightsAspect';
export { type AiSkippedReason as ScanReportAiSkippedReason, SCAN_REPORT_SCHEMA_VERSION, type ScanDetailResponse, type ScanMetadata, type ScanReport, type ScanReportEnvelope, type ScanReportFinding, type ScanReportResource, type ScanReportSchemaVersion, type ScanReportSourceLocation, type ScanReportStack, type ScanTotals, type Severity as ScanReportSeverity, type SeverityCounts as ScanReportSeverityCounts, type WAFPillar as ScanReportWAFPillar, type WAFPillarCounts as ScanReportWAFPillarCounts, } from './types/scanReport.types';
export { CdkInsightsPolicyValidationPlugin, type CdkInsightsPolicyValidationPluginOptions, createCdkInsightsPolicyValidationPlugin, type PolicyValidationContext, type PolicyValidationPluginReport, type PolicyViolatingResource, type PolicyViolation, } from './validation/CdkInsightsPolicyValidationPlugin';
type Tier = 'free' | 'pro';
type CacheConfig = {
    enabled: boolean;
    ttl: number;
    maxSize: number;
};
type QuotaValidation = {
    canRunStaticAnalysis: boolean;
    canRunAIAnalysis: boolean;
    quota: {
        isTrial: boolean;
        currentResourcesAnalyzed: number;
        maxResources: number;
        wouldExceed?: boolean;
    };
};
interface SensitiveDataDetectionConfig {
    disabled?: boolean;
    ignoreProperties?: string[];
    allowPatterns?: string[];
    strictMode?: boolean;
}
interface RunAnalysisTypes {
    stacks: Record<string, CloudFormationStack>;
    inlineFindings: Issue[];
    pathToLogicalId: Record<string, string>;
    output?: string;
    recommendationMapPerStack: Record<string, Record<string, IssueGroup>>;
    assetSourcePaths?: Record<string, string>;
    redact?: boolean;
    withIssue?: boolean;
    services?: ServiceName[];
    ruleFilter?: string[];
    ignoreRules?: string[];
    ignorePaths?: string[];
    acknowledgementsPerStack?: Record<string, InlineAcknowledgement[]>;
    authToken?: string;
    fingerprint?: string;
    failOnCritical?: boolean;
    tier?: Tier;
    noCache?: boolean;
    allowOveruse?: boolean;
    warnSensitive?: boolean;
    sensitiveDataDetection?: SensitiveDataDetectionConfig;
    cache?: CacheConfig;
    quotaValidation?: QuotaValidation;
    /** User's `cdk.json` `context` block — exposed to context-aware rules. */
    cdkContext?: Record<string, unknown>;
    /**
     * Per-logical-id metadata (construct level, FQN) from tree.json — exposed
     * to context-aware rules so they can adapt to L1 / L2 / L3 patterns.
     */
    resourceIdMetadata?: NonNullable<RuleContext['resourceIdMetadata']>;
    /**
     * Resolved Bedrock model ID for AI insights, or `undefined` to let the
     * backend pick its tier default. Resolution happens upstream in the CLI
     * (flag → cdk.json → user config → tier default) before we get here.
     */
    aiModelId?: string;
    /**
     * Group resources into batched calls to the backend's `/analyze/batch`
     * endpoint. Default 1 = per-resource path. >1 turns on batching;
     * the orchestrator clamps to the backend max (10).
     */
    aiBatchSize?: number;
    /**
     * `--local`: user explicitly asked for static-only analysis. Surfaces
     * as `aiSkippedReason: 'local-mode'` in the rendered report so the
     * banner reads as informational rather than a credit-cap warning.
     */
    forceLocal?: boolean;
    /**
     * --diff: fingerprints from `.cdk-insights-baseline.json` that should be
     * filtered out of the rendered report and not counted toward fail-on-critical.
     */
    baselineExclude?: Set<string>;
    /**
     * --writeBaseline: caller-owned set populated with every issue's fingerprint
     * during analysis. Used to write a fresh baseline at the end of the run.
     */
    collectFingerprints?: Set<string>;
    /**
     * Suppress per-stack and consolidated rendering. Used by --writeBaseline,
     * which only cares about the fingerprint snapshot.
     */
    skipRendering?: boolean;
}
/**
 * ---------------------------------------
 * Main analysis entry
 * ---------------------------------------
 */
export declare const runAnalysis: ({ stacks, inlineFindings, pathToLogicalId, output, recommendationMapPerStack, withIssue, services, ruleFilter, ignoreRules, ignorePaths, acknowledgementsPerStack, authToken, fingerprint, failOnCritical, tier, noCache, allowOveruse, warnSensitive, sensitiveDataDetection, cache, quotaValidation, cdkContext, resourceIdMetadata, aiModelId, aiBatchSize, forceLocal, baselineExclude, collectFingerprints, skipRendering, }: RunAnalysisTypes) => Promise<{
    recommendationMaps: {};
    hasCriticalIssues: boolean;
    scannedResourceIds: Set<string>;
    hasSensitiveData?: undefined;
} | {
    recommendationMaps: Record<string, IssueGroup>;
    hasCriticalIssues: boolean;
    hasSensitiveData: boolean;
    scannedResourceIds: Set<string>;
}>;