import { type BlockedReason, type EvaluationResult, type RequestAnalysis } from '@cloud-copilot/iam-simulate';
import type { DeniedWhoCanExecutionResultWithDetails } from './WhoCanWorker.js';
import type { WhoCanDenyDetail } from './whoCan.js';
/**
 * A lightweight representation of RequestAnalysis containing only the result fields
 * of the various policy analyses (identity, resource, SCP, RCP, permission boundary).
 */
export interface LightResourceAnalysis {
    result: RequestAnalysis['result'];
    sameAccount?: boolean;
    identityAnalysis?: Pick<NonNullable<RequestAnalysis['identityAnalysis']>, 'result'>;
    resourceAnalysis?: Pick<NonNullable<RequestAnalysis['resourceAnalysis']>, 'result'>;
    scpAnalysis?: Pick<NonNullable<RequestAnalysis['scpAnalysis']>, 'result'>;
    rcpAnalysis?: Pick<NonNullable<RequestAnalysis['rcpAnalysis']>, 'result'>;
    permissionBoundaryAnalysis?: Pick<NonNullable<RequestAnalysis['permissionBoundaryAnalysis']>, 'result'>;
    blockedBy: Set<BlockedReason>;
}
/**
 * A LightResourceAnalysis extended with resource pattern and type information.
 * Used for wildcard resource analyses to provide details on each matched pattern.
 */
export interface LightResourceAnalysisWithPattern extends LightResourceAnalysis {
    /**
     * The specific resource pattern that was analyzed, most likely found in a policy statement's Resource field. This is used to provide more granular details in wildcard resource analyses, where multiple patterns may match the requested resource.
     */
    pattern: string;
    /**
     * The resource type that was tested.
     */
    resourceType: string;
}
/**
 * A light request analysis for a single resource.
 */
export interface SingleResourceLightRequestAnalysis extends LightResourceAnalysis {
    type: 'single';
    overallResult: EvaluationResult;
}
/**
 * A light request analysis for a wildcard resource with multiple patterns.
 * Used for wildcard resource analyses to provide details on each matched pattern.
 */
export interface WildcardResourceLightRequestAnalysis {
    type: 'wildcard';
    /**
     * The overall result of the wildcard resource analysis, which is typically a combination of the results of the individual pattern analyses. This provides a high-level summary of whether the requested action is allowed or denied across all matched patterns, while the individual pattern analyses provide more granular details.
     */
    overallResult: EvaluationResult;
    /**
     * The details of the analyses for each matched resource pattern/resource type pair.
     */
    patterns: LightResourceAnalysisWithPattern[];
}
/**
 * A light version of RequestAnalysis containing only the result and sameAccount fields,
 * along with the result fields of the various analyses.
 */
export type LightRequestAnalysis = SingleResourceLightRequestAnalysis | WildcardResourceLightRequestAnalysis;
/**
 * Convert a full RequestAnalysis to a LightRequestAnalysis.
 *
 * @param executionResult - The denied execution result containing the RequestAnalysis to convert
 * @returns A LightRequestAnalysis with only the essential fields
 */
export declare function toLightRequestAnalysis(executionResult: DeniedWhoCanExecutionResultWithDetails): LightRequestAnalysis;
/**
 * Gets the denial reasons for a denied SimulationResult.
 *
 * @param executionResult - The denied execution result containing the RequestAnalysis with denial reasons
 * @returns A WhoCanDenyDetail object containing the denial reasons and other details to be returned to the user
 */
export declare function convertToDenialDetails(executionResult: DeniedWhoCanExecutionResultWithDetails): WhoCanDenyDetail;
//# sourceMappingURL=requestAnalysis.d.ts.map