/**
 * Deterministic mapping engine using HMAC + salt for irreversible obfuscation.
 *
 * Uses HMAC-SHA256(secretKey, salt + tenantId + value) to produce a seed, then
 * indexes into the appropriate generator's fake value pool. The salt adds
 * randomness so that the same real value produces different fake values across
 * sessions (unless the same salt is reused), preventing inference attacks.
 *
 * When tenantId is set, it's incorporated into the HMAC message, ensuring the
 * same value produces different fakes for different tenants.
 */
import { Category } from "./types.js";
import type { BaseGenerator } from "./generators/base.js";
import { SubnetMapper } from "./generators/network.js";
export declare class MappingEngine {
    private readonly _secretKey;
    private readonly _salt;
    private readonly _tenantId;
    private readonly _generators;
    constructor(secretKey: string, salt?: string, subnetMapper?: SubnetMapper, tenantId?: string);
    /** Return the current salt (for persistence/restore). */
    get salt(): string;
    private _registerDefaults;
    /** Register a custom generator for a category. */
    registerGenerator(category: Category, generator: BaseGenerator): void;
    /**
     * Compute a deterministic seed from a real value using HMAC + salt + tenantId.
     * Reads first 6 bytes as unsigned int (stays in safe integer range).
     */
    computeSeed(value: string): number;
    /** Map a real value to a fake value, preserving format of original. */
    mapValue(value: string, category: Category): string;
}