/**
 * Configuration Scanner - Walks configuration files (JSON/YAML/.env) and flags
 * insecure defaults. Rules are intentionally conservative to avoid false
 * positives while still catching common deployment risks called out in the
 * production readiness review.
 */
import type { SecurityScanner, SecurityFinding, ScanContext } from '../types.js';
interface ConfigurationScannerConfig {
    enabled: boolean;
    checkFiles: string[];
}
export declare class ConfigurationScanner implements SecurityScanner {
    name: string;
    private config;
    constructor(config: ConfigurationScannerConfig);
    scan(context: ScanContext): Promise<SecurityFinding[]>;
    isEnabled(): boolean;
    private collectCandidateFiles;
    private matchesPatterns;
    private evaluateFile;
    private evaluateEnvFile;
    private evaluateConfigObject;
    /**
     * Normalize YAML FAILSAFE_SCHEMA values for comparison.
     * FAILSAFE_SCHEMA parses everything as strings, so "false" -> false, "true" -> true.
     */
    private normalizeValue;
    private getValue;
}
export {};
//# sourceMappingURL=ConfigurationScanner.d.ts.map