/**
 * Background Validation Service for Memory Security
 *
 * Part of Issue #1314 Phase 1: Memory Security Architecture
 *
 * PURPOSE:
 * Asynchronously validates UNTRUSTED memory entries and updates their trust levels
 * without blocking memory creation. Runs outside the LLM request path to avoid
 * token costs and latency.
 *
 * ARCHITECTURE:
 * - Layer 2 in the Memory Security Architecture (see docs/development/MEMORY_SECURITY_ARCHITECTURE.md)
 * - Runs server-side, not in LLM context
 * - No token cost for validation
 * - Updates trust levels in-place
 *
 * TRUST LEVEL TRANSITIONS:
 * UNTRUSTED → VALIDATED (clean content, no patterns)
 * UNTRUSTED → FLAGGED (dangerous patterns detected, needs encryption)
 * UNTRUSTED → QUARANTINED (explicitly malicious, critical threat)
 *
 * @module BackgroundValidator
 */
import { PatternExtractor } from './PatternExtractor.js';
/**
 * Configuration for background validation behavior
 */
export interface BackgroundValidatorConfig {
    /** Enable background validation (default: true) */
    enabled: boolean;
    /** Interval in seconds between validation runs (default: 300 = 5 minutes) */
    intervalSeconds: number;
    /** Maximum number of memories to process per batch (default: 10) */
    batchSize: number;
    /** Maximum time in ms for a single validation operation (default: 5000) */
    validationTimeoutMs: number;
}
/**
 * Pattern information for encrypted storage
 */
export interface SanitizedPattern {
    /** Unique reference ID for this pattern */
    ref: string;
    /** Human-readable description of the pattern */
    description: string;
    /** Severity level of the pattern */
    severity: 'critical' | 'high' | 'medium' | 'low';
    /** Location in original content (offset and length) */
    location: string;
    /** Encrypted pattern (AES-256-GCM) - Phase 2 */
    encryptedPattern?: string;
    /** Encryption algorithm used - Phase 2 */
    algorithm?: string;
    /** Initialization vector for decryption - Phase 2 */
    iv?: string;
    /** GCM authentication tag for integrity verification - Phase 2 */
    authTag?: string;
    /** Safety instruction for pattern usage */
    safetyInstruction: string;
}
/**
 * Background validation service for memory entries
 *
 * This service runs outside the LLM request path to validate UNTRUSTED
 * memory entries and update their trust levels based on security analysis.
 *
 * REFACTOR NOTE:
 * Converted to full DI architecture. Removed singleton export.
 * PatternExtractor is now injected as a dependency instead of static calls.
 */
export declare class BackgroundValidator {
    private readonly patternExtractor;
    private readonly memoryManager;
    private readonly config;
    private intervalHandle?;
    private isProcessing;
    constructor(patternExtractor: PatternExtractor, memoryManager: any, // MemoryManager - using any to avoid circular import
    config?: Partial<BackgroundValidatorConfig>);
    /**
     * Start the background validation service
     * Begins periodic validation of UNTRUSTED memories
     */
    start(): void;
    /**
     * Stop the background validation service
     */
    stop(): void;
    /**
     * Process all UNTRUSTED memory entries
     * This is the main background validation loop
     */
    processUntrustedMemories(): Promise<void>;
    /**
     * Find all memories that have UNTRUSTED entries
     *
     * DI REFACTOR: Use injected MemoryManager instead of static Memory methods
     * Loads memories from filesystem and filters by trust level
     */
    private findMemoriesWithUntrustedEntries;
    /**
     * Process a batch of memories for validation
     */
    private processBatch;
    /**
     * Validate all UNTRUSTED entries in a memory
     * FIX #1320: Now uses public Memory API and saves changes
     * FIX (Claude Bot Review): Removed type casting for memory.id
     */
    private validateMemory;
    /**
     * Validate a single memory entry and update its trust level
     *
     * @param entry - The memory entry to validate
     * @returns true if the entry was updated, false otherwise
     */
    private validateEntry;
    /**
     * Determine the appropriate trust level based on validation results
     */
    private determineTrustLevel;
    /**
     * Split an array into batches of specified size
     */
    private createBatches;
    /**
     * Get current validation statistics
     */
    getStats(): {
        enabled: boolean;
        isProcessing: boolean;
        intervalSeconds: number;
        batchSize: number;
    };
    /**
     * Dispose of the validator and clean up resources
     * Implements cleanup for proper DI lifecycle management
     */
    dispose(): Promise<void>;
}
//# sourceMappingURL=BackgroundValidator.d.ts.map