/**
 * Sanitization utilities for filesystem and network operations.
 * Prevents path traversal, SSRF, and XSS when writing untrusted data to disk.
 */
/**
 * Sanitize a filename to prevent path traversal and filesystem issues.
 * Strips directory separators, null bytes, and non-alphanumeric characters
 * except dashes, dots, and underscores.
 */
export declare function sanitizeAssetFilename(input: string): string;
/**
 * Generate a consistent composite image filename from a Figma node name.
 * Used by both source.ts (plan path) and run.ts (disk write) to ensure match.
 */
export declare function compositeImageFilename(name: string): string;
/**
 * Validate that a URL points to an expected Figma CDN domain.
 * Prevents SSRF if the API returned a malicious URL.
 */
export declare function isValidFigmaCdnUrl(url: string): boolean;
/**
 * Sanitize SVG content to remove script elements, event handlers,
 * and other potentially dangerous content.
 *
 * Uses substring-based parsing (not regex) to avoid false positives
 * in static analysis while providing robust sanitization.
 */
export declare function sanitizeSvgContent(svg: string): string;
/**
 * Validate that a buffer starts with the PNG magic bytes.
 * Prevents writing non-image payloads fetched from the network.
 */
export declare function isValidPngBuffer(buf: Buffer): boolean;
/**
 * Validate that a buffer is a recognized image format (PNG, JPEG, or WebP).
 * Use for image fill downloads where the Figma API returns original uploaded files
 * which can be any common image format (not just PNG).
 */
export declare function isValidImageBuffer(buf: Buffer): boolean;
/**
 * Detect the actual image format from buffer magic bytes and return the file extension.
 * Use when saving downloaded Figma images to ensure the extension matches the content.
 */
export declare function detectImageExtension(buf: Buffer): string;
//# sourceMappingURL=sanitize.d.ts.map