/**
 * Plugin name CDK uses for construct-annotation entries in the unified
 * validation report (added in aws-cdk-lib v2.253.0 via #37712). Findings
 * with this pluginName originate from `Annotations.of(...).addError/Warning`
 * calls anywhere in the user's app — not from a registered policy plugin.
 */
export declare const CDK_CONSTRUCT_ANNOTATIONS_PLUGIN_NAME = "Construct Annotations";
/** Plugin name our own `CdkInsightsPolicyValidationPlugin` reports under. */
export declare const CDK_INSIGHTS_PLUGIN_NAME = "cdk-insights";
/**
 * Default location CDK writes the validation report to inside the cloud
 * assembly output directory.
 */
export declare const VALIDATION_REPORT_FILENAME = "policy-validation-report.json";
/**
 * Normalized record of a single violating resource. Either `constructPath`
 * or `resourceLogicalId` will usually be present (CDK guarantees one;
 * construct-annotation entries always have a constructPath, plugin entries
 * usually have a logical id).
 */
export interface ValidationReportResource {
    readonly resourceLogicalId?: string;
    readonly constructPath?: string;
    readonly templatePath?: string;
    readonly locations: string[];
}
/**
 * Normalized validation-report finding emitted by the post-synth helper.
 * One per violation × violating-resource, so consumers don't need to fan out.
 */
export interface ValidationReportFinding {
    /** Plugin that produced the violation (or 'Construct Annotations'). */
    readonly pluginName: string;
    readonly ruleName: string;
    readonly description: string;
    /**
     * Plugin-defined severity. CDK doesn't normalize this — the plugin author
     * decides the strings ('CRITICAL', 'HIGH', 'error', 'warning', etc.).
     * Construct annotations always carry 'error' or 'warning'.
     */
    readonly severity?: string;
    readonly fix?: string;
    readonly resource: ValidationReportResource;
    readonly ruleMetadata?: Record<string, string>;
}
export interface ParseValidationReportOptions {
    /**
     * Cloud assembly output directory. Defaults to `cdk.out` to mirror the
     * rest of the pipeline.
     */
    readonly cdkOutDir?: string;
    /**
     * Override the report filename. Mostly useful for tests; CDK's default
     * is `policy-validation-report.json`.
     */
    readonly filename?: string;
    /**
     * Optional logger for schema-drift warnings. Defaults to `console.warn`.
     * Pass a no-op to silence.
     */
    readonly warn?: (message: string) => void;
}
/**
 * Reads CDK's post-synth validation report (aws-cdk-lib >= 2.251 for plugin
 * output, >= 2.253 for unified annotations) and returns a flat list of
 * findings, one per violating resource.
 *
 * Returns an empty array if the file is missing (the common case when the
 * user hasn't registered any validation plugins and has no `Annotations.of()
 * .addError/Warning(...)` calls). Logs and returns `[]` on shape mismatches
 * so a malformed file never aborts the analyse pipeline.
 */
export declare const parseValidationReport: (options?: ParseValidationReportOptions) => ValidationReportFinding[];