import { type EvaluationResult, type RunSimulationResults, type Simulation, type SimulationMode } from '@cloud-copilot/iam-simulate';
import { IamCollectClient } from '../collect/client.js';
import { type S3AbacOverride } from '../utils/s3Abac.js';
import { type ContextKeys } from './contextKeys.js';
/**
 * The request details for simulating an IAM request.
 */
export interface SimulationRequest {
    /**
     * The ARN of the resource to simulate access to. Can be undefined for wildcard actions.
     */
    resourceArn: string | undefined;
    /**
     * The account ID of the resource, only required if it cannot be determined from the resource ARN.
     */
    resourceAccount: string | undefined;
    /**
     * The action to simulate; must be a valid IAM service and action such as `s3:ListBucket`.
     */
    action: string;
    /**
     * The ARN of the principal to simulate. Can be a user, role, session, or AWS service.
     */
    principal: string;
    /**
     * Any custom context keys to use for the simulation.
     */
    customContextKeys: ContextKeys;
    /**
     * The simulation mode to use for the request.
     */
    simulationMode: SimulationMode;
    /**
     * Whether to ignore missing principal errors.
     */
    ignoreMissingPrincipal?: boolean;
    /**
     * Override for S3 ABAC settings for the simulation.
     */
    s3AbacOverride?: S3AbacOverride;
    /**
     * The session policy to use for the simulation, if the principal type supports it.
     */
    sessionPolicy?: any;
    /**
     * Additional strict context keys to include for the simulation. These will be added to the default strict context keys.
     */
    additionalStrictContextKeys?: string[];
}
/**
 * The result of a simulation request, containing the original request and the simulation result.
 */
export interface SimulateRequestResult {
    /**
     * The simulation request that was evaluated.
     */
    request: Simulation['request'];
    /**
     * The result of the simulation, which may be an error, a single result, or a wildcard result.
     */
    result: RunSimulationResults;
}
/**
 * Simulate an IAM request against the collected IAM data.
 *
 * @param simulationRequest the simulation request details.
 * @param collectClient the IAM collect client to use for data access.
 * @returns the simulation result, including the request and the evaluation result.
 */
export declare function simulateRequest(simulationRequest: SimulationRequest, collectClient: IamCollectClient): Promise<SimulateRequestResult>;
export declare function resultMatchesExpectation(expected: EvaluationResult | 'AnyDeny' | undefined, result: EvaluationResult): boolean;
//# sourceMappingURL=simulate.d.ts.map