/** * Script A driver: pure-Postgres RLS audit. * * Ingests a catalog snapshot, runs every check, and returns a structured report. */ import { type IntrospectOptions, type QueryExecutor } from '../pg/introspect'; import type { Report } from '../types'; export interface AuditOptions extends IntrospectOptions { /** If provided, bypass `pg_roles` enumeration. Otherwise enumerate roles dynamically. */ includeRoles?: string[]; /** Roles to drop after enumeration. */ excludeRoles?: string[]; /** * Skip AST-level anti-pattern checks (P1, P5). Useful for very fast audits * that only want grants + RLS-flag + coverage findings. */ skipAstChecks?: boolean; } export declare function audit(client: QueryExecutor, options?: AuditOptions): Promise;