import type { QueryExecutor } from './introspect'; /** A filterable PostgreSQL role for audit purposes. */ export interface RoleInfo { name: string; canLogin: boolean; isSuper: boolean; isSystem: boolean; } /** * Enumerate every non-system role that could meaningfully appear as a * grantee. By default we include every role — caller may pass `--roles` * to narrow to e.g. `authenticated, anonymous`. */ export declare function listAuditableRoles(exec: QueryExecutor): Promise; export interface RoleResolution { /** Final list of role names used for the audit. */ roles: string[]; /** Roles returned by pg_roles but filtered out. */ excluded: string[]; } /** * Apply `--roles` / `--exclude-roles` filters against the full pg_roles list. * * - If `include` is non-empty, only those names survive. * - Else, every non-system role survives. * - `exclude` is applied on top. */ export declare function resolveRoles(allRoles: RoleInfo[], include: string[] | undefined, exclude?: string[]): RoleResolution;