/**
 * Fake network entity generators: IPs, emails, URLs, domains, MACs, BGP ASNs.
 *
 * Design principle: "obfuscate identity, preserve structure — change WHO and
 * WHERE, keep WHAT and HOW."
 */
import { Category } from "../types.js";
import type { BaseGenerator } from "./base.js";
export declare const DOMAINS: string[];
export declare const DOMAINS_BY_TLD: Record<string, string[]>;
export declare const EMAIL_PREFIXES: string[];
export declare const EMAIL_PREFIXES_SHORT: string[];
export declare const EMAIL_PREFIXES_MEDIUM: string[];
export declare const EMAIL_PREFIXES_LONG: string[];
export declare const SNMP_COMMUNITIES: string[];
export declare const HOSTNAME_ROLES: string[];
export declare const FAKE_SITES: string[];
export declare const HOSTNAME_SITES: string[];
export declare const PATH_SEGMENTS: string[];
/** 100.64.0.0 as unsigned 32-bit int */
export declare const CGNAT_BASE: number;
/** Mask for CGNAT /10 range */
export declare const CGNAT_MASK_10 = 4290772992;
export declare function ipToInt(ip: string): number;
export declare function intToIp(n: number): string;
export declare class SubnetMapper {
    /** Forward mapping: serialized key "netInt,prefixLen" -> fake network int */
    subnetFwd: Map<string, number>;
    /** Reverse mapping: fake network int -> serialized key */
    subnetRev: Map<number, string>;
    /** Next CGNAT slot to allocate */
    subnetNextSlot: number;
    /** Learned subnets from text context */
    knownSubnets: Array<{
        networkInt: number;
        prefixLen: number;
    }>;
    /**
     * Scan text for CIDR notation and subnet masks to learn subnet boundaries.
     * Call this before obfuscating IPs so the generator knows the correct
     * prefix length for each address.
     */
    learnSubnetsFromText(text: string): void;
    /** Find the best matching prefix length for an IP from learned subnets. */
    findPrefixLen(ipInt: number): number;
    /** Map a real network address to a fake CGNAT network address. */
    mapSubnet(netInt: number, prefixLen: number): number;
    /** Reset all subnet mapping state. */
    reset(): void;
}
export declare const VLAN_NAMES: string[];
export declare const VRF_NAMES: string[];
export declare const INTERFACE_DESCS: string[];
export declare const ROUTE_MAP_NAMES: string[];
export declare const ACL_NAMES: string[];
export declare class NetworkGenerator implements BaseGenerator {
    readonly categories: Category[];
    private readonly subnetMapper;
    /**
     * Session-level domain mapping for cross-entity consistency.
     * Maps the core org part of a domain (e.g. "acme-corp") to a fake
     * replacement so that emails and hostnames sharing a domain get the
     * same fake domain.
     */
    private _domainMap;
    /**
     * Session-level site code mapping for deterministic site replacement.
     * Maps real site codes (e.g. "CHI") to fake ones (e.g. "DEN").
     */
    private _siteMap;
    private _nextSiteIdx;
    /**
     * Session-level ASN mapping for relationship-preserving replacement.
     * Maps real ASN numbers to fake ones.
     */
    private _asnMap;
    private _nextPrivateAsn;
    private _nextPublicAsn;
    constructor(subnetMapper: SubnetMapper);
    generate(category: Category, seed: number, original?: string): string;
    /**
     * Extract the "org" portion of a domain. Given "acme-corp.com" returns
     * "acme-corp".  Given "mail.acme-corp.co.uk" returns "acme-corp".
     */
    private _extractOrgDomain;
    /** Get or create a consistent fake domain name for an org domain key. */
    private _mapOrgDomain;
    /** Map a real site code to a fake one deterministically. */
    private _mapSite;
    /**
     * Subnet-preserving IP obfuscation for any prefix length.
     *
     * Network bits are mapped to the CGNAT range (100.64.0.0/10),
     * host bits are preserved exactly. Defaults to /24 when no
     * subnet context is available.
     */
    _fakeIp(seed: number, original: string, subnetMapper: SubnetMapper): string;
    _fakeEmail(seed: number, original: string): string;
    _fakeUrl(seed: number, original: string): string;
    /** Generate a fake MAC address preserving format (colon, dash, or Cisco dot). */
    _fakeMac(seed: number, original: string): string;
    /**
     * Map BGP AS numbers preserving private/public ranges and sequential
     * relationships. If AS X and AS X+1 both appear, their fakes are also
     * sequential.
     */
    _fakeAsn(seed: number, original?: string): string;
    /** Replace SNMP community strings preserving RO/RW/READ/WRITE hints. */
    _fakeSnmpCommunity(seed: number, original?: string): string;
    /** Replace network credentials preserving hash/encoding format. */
    _fakeNetworkCredential(seed: number, original: string): string;
    /** Generate a base64-ish string of given length from hex source. */
    private _toBase64ish;
    /** Generate a string with similar complexity patterns (length, has-digit, has-special). */
    private _similarComplexity;
    /**
     * Generate a fake hostname preserving role, tier, and structure.
     *
     * Structured hostnames like CHI-CORE-RTR-01 are parsed into components:
     * site code is swapped from the geographic pool, role and tier are kept,
     * and the ID number is randomized.
     *
     * DNS-style hostnames like web-01.prod.acme.net preserve hierarchy:
     * env labels (prod/staging/dev) and TLD are kept, org is replaced.
     */
    _fakeHostname(seed: number, original?: string): string;
    /** Parse and rebuild a structured hostname like CHI-CORE-RTR-01. */
    private _fakeStructuredHostname;
    /**
     * Parse and rebuild a DNS-style hostname like web-01.prod.acme.net.
     * Preserves: env labels (prod/staging/dev), TLD, segment count.
     * Replaces: role name, org name.
     */
    private _fakeDnsHostname;
    /** Fake VLAN ID/name or VRF name. Preserves semantic prefixes. */
    _fakeVlanId(seed: number, original: string): string;
    /**
     * Fake interface description preserving topology keywords.
     *
     * UPLINK, DOWNLINK, PEER, TRANSIT, TO, FROM, etc. survive obfuscation.
     * Device names, site codes, circuit IDs, and customer names are replaced.
     */
    _fakeInterfaceDesc(seed: number, original: string): string;
    /**
     * Fake route-map or prefix-list name preserving policy semantics.
     *
     * Pattern: RM-<POLICY>-<PROVIDER>-<DIRECTION>
     * Preserves: RM/PL prefix, policy type (TRANSIT/PEER/CUSTOMER/DEFAULT),
     *            IN/OUT direction. Replaces: provider/customer name.
     */
    _fakeRouteMap(seed: number, original: string): string;
    /** Fake OSPF identifiers (router-id or area). */
    _fakeOspfId(seed: number, original: string): string;
    /** Fake ACL name preserving prefix and purpose keywords. */
    _fakeAclName(seed: number, original: string): string;
}