import { type ScanReport } from '../../types/scanReport.types';
export declare const hashLicenseId: (licenseKey: string) => string;
export interface UploadScanInput {
    /** From userConfig.scanHistory.enabled. False or undefined = no-op. */
    enabled: boolean;
    /** Raw license key. Hashed before transmission — the backend never
     * sees the unhashed key. */
    licenseKey?: string;
    /** Cognito JWT from the existing CLI auth flow. Required. */
    authToken?: string;
    /** Tier label ('free' | 'pro' | 'team' | 'trial'). Stored on the scan
     * metadata so dashboard list views can show tier. */
    tier?: string;
    /** Pre-built scan report from buildScanReport(). */
    report: ScanReport;
}
export interface UploadScanResult {
    /** Distinguishes "didn't try" (skipped) from "tried and failed" (sent). */
    skipped: boolean;
    success?: boolean;
    scanId?: string;
    viewUrl?: string;
    retentionDays?: number;
    /**
     * Why the upload was skipped or failed. Strings are stable across
     * versions — surface them in the terminal block.
     */
    reason?: 'disabled' | 'no-license-key' | 'no-auth-token' | 'no-api-base' | 'network' | 'timeout' | 'rejected' | 'server-error';
    /** Server's error message when reason==='rejected' or 'server-error'. */
    serverMessage?: string;
}
/**
 * Best-effort scan upload. Always returns — never throws. Caller decides
 * how to surface success/failure to the user (terminal block in
 * analyse.ts, but other commands could reuse this).
 *
 * Privacy: sends `hashedLicenseId` (sha256, 32 hex chars) and the report
 * body. Never the raw license key. Mirrors the telemetry envelope's
 * privacy posture in `telemetryClient.ts`.
 */
export declare const uploadScan: (input: UploadScanInput) => Promise<UploadScanResult>;
/** Generates a fresh scanId for a new analyse run. UUID v4, lowercase. */
export declare const newScanId: () => string;