import type { CustomRuleDefinition } from '../rules/customRules.types';
import type { ServiceName, Severity } from '../types/analysis.types';
export interface PolicyViolatingResource {
    readonly resourceLogicalId: string;
    readonly locations: string[];
    readonly templatePath: string;
}
export interface PolicyViolation {
    readonly ruleName: string;
    readonly description: string;
    readonly violatingResources: PolicyViolatingResource[];
    readonly fix?: string;
    readonly severity?: string;
    readonly ruleMetadata?: {
        readonly [key: string]: string;
    };
}
export interface PolicyValidationPluginReport {
    readonly violations: PolicyViolation[];
    readonly success: boolean;
    readonly pluginVersion?: string;
    readonly metadata?: {
        readonly [key: string]: string;
    };
}
export interface PolicyValidationContext {
    readonly templatePaths: string[];
}
export interface CdkInsightsPolicyValidationPluginOptions {
    /** Restrict checks to these AWS services. Defaults to all services. */
    readonly selectedServices?: ServiceName[];
    /** Drop violations below this severity. Defaults to LOW (no filter). */
    readonly minimumSeverity?: Severity;
    /** Reported back to CDK for analytics; arbitrary semver string. */
    readonly version?: string;
    /** User-defined custom rules to evaluate alongside built-ins. */
    readonly customRules?: CustomRuleDefinition[];
    /**
     * Skip reading `.cdk-insights.json` from the project root. Defaults to
     * `false` — the plugin honours the same `ignoreRules` / `ignorePaths` the
     * `cdk-insights scan` command does, so plugin and CLI agree on what's a
     * finding. Set to `true` to opt out of project-config suppression.
     */
    readonly ignoreProjectConfig?: boolean;
    /**
     * Skip reading inline `Validations.of(scope).acknowledge(...)` entries
     * from the cdk manifest. Defaults to `false`. Set to `true` to opt out
     * of inline-acknowledgement suppression at synth time.
     */
    readonly ignoreInlineAcknowledgements?: boolean;
    /**
     * Working directory used to locate `.cdk-insights.json`. Defaults to
     * `process.cwd()`. Mostly useful for tests.
     */
    readonly cwd?: string;
}
/**
 * CDK Insights as a CDK policy validation plugin.
 *
 * Register with the v2.251.0+ `Validations` API:
 * ```ts
 * import { App, Validations } from 'aws-cdk-lib';
 * import { CdkInsightsPolicyValidationPlugin } from 'cdk-insights';
 *
 * const app = new App();
 * Validations.of(app).addPlugins(new CdkInsightsPolicyValidationPlugin());
 * ```
 *
 * On older aws-cdk-lib versions, register via the constructor prop:
 * ```ts
 * new App({ policyValidationBeta1: [new CdkInsightsPolicyValidationPlugin()] });
 * ```
 *
 * The plugin only sees synthesized CloudFormation templates (no construct
 * tree, no source locations). Pair it with `createCdkInsightsAspect` if you
 * also want source-location capture in the analyse CLI report.
 */
export declare class CdkInsightsPolicyValidationPlugin {
    readonly name = "cdk-insights";
    readonly version?: string;
    readonly ruleIds: string[];
    private readonly options;
    constructor(options?: CdkInsightsPolicyValidationPluginOptions);
    validate(context: PolicyValidationContext): PolicyValidationPluginReport;
}
/** Functional factory for parity with `createCdkInsightsAspect`. */
export declare const createCdkInsightsPolicyValidationPlugin: (options?: CdkInsightsPolicyValidationPluginOptions) => CdkInsightsPolicyValidationPlugin;