/**
 * SignatureVerifier - Verifies GitHub release signatures to ensure authenticity
 *
 * Security features:
 * - Verifies GPG signatures on git tags
 * - Validates release artifacts checksums
 * - Ensures releases come from trusted sources
 * - Prevents tampering and supply chain attacks
 */
export interface SignatureVerificationResult {
    verified: boolean;
    signerKey?: string;
    signerEmail?: string;
    signatureDate?: Date;
    error?: string;
}
export interface ChecksumVerificationResult {
    verified: boolean;
    expectedChecksum?: string;
    actualChecksum?: string;
    error?: string;
}
export declare class SignatureVerifier {
    private trustedKeys;
    private allowUnsignedInDev;
    constructor(options?: {
        trustedKeys?: string[];
        allowUnsignedInDev?: boolean;
    });
    /**
     * Verify a git tag signature
     * @param tagName The tag to verify (e.g., 'v1.2.0')
     * @returns Verification result with signer information
     */
    verifyTagSignature(tagName: string): Promise<SignatureVerificationResult>;
    /**
     * Verify a file checksum against expected value
     * @param filePath Path to the file to verify
     * @param expectedChecksum Expected SHA256 checksum
     * @returns Verification result
     */
    verifyChecksum(filePath: string, expectedChecksum: string): Promise<ChecksumVerificationResult>;
    /**
     * Verify release artifacts using a checksums file
     * @param checksumsFile Path to checksums file (e.g., SHA256SUMS)
     * @param artifactDir Directory containing artifacts to verify
     * @returns Map of filename to verification result
     */
    verifyReleaseArtifacts(checksumsFile: string, artifactDir: string): Promise<Map<string, ChecksumVerificationResult>>;
    /**
     * Add a trusted key for signature verification
     * @param keyId GPG key ID or fingerprint
     */
    addTrustedKey(keyId: string): void;
    /**
     * Remove a trusted key
     * @param keyId GPG key ID or fingerprint
     */
    removeTrustedKey(keyId: string): void;
    /**
     * Get list of trusted keys
     */
    getTrustedKeys(): string[];
    /**
     * Import a GPG public key
     * @param keyData The public key data to import
     * @returns Success status
     */
    importPublicKey(keyData: string): Promise<boolean>;
}
//# sourceMappingURL=SignatureVerifier.d.ts.map