import { GraphQLClient } from 'graphql-request';
/**
 * Error surfaced to callers in place of graphql-request's `ClientError`.
 *
 * `ClientError.message` embeds `JSON.stringify({ response, request })` — i.e. the full
 * GraphQL query, its variables, and the response status/headers/body. Surfacing that into
 * model context or stderr leaks internal API structure and (via variables) potentially
 * sensitive values. This type exposes only the upstream error message and status code.
 */
export declare class JupiterOneApiError extends Error {
    readonly statusCode?: number;
    /**
     * The first GraphQL error's `extensions.code` (e.g. `FORBIDDEN`, `UNAUTHENTICATED`) when the
     * upstream delivered the failure as a GraphQL error inside an HTTP 200. Authorization rejections
     * arrive this way, so preserving the code lets the error layer frame them as access-denied even
     * though the transport status is 200.
     */
    readonly code?: string;
    constructor(message: string, statusCode?: number, code?: string);
}
/**
 * Convert any thrown value into a sanitized error safe for model context and logs.
 *
 * For a `ClientError`, keeps only the upstream GraphQL error message (which the J1QL
 * validator pattern-matches on) and the status code; drops the query, variables, headers,
 * and raw response body. Other errors are reduced to their message with no object dumping.
 */
export declare function sanitizeGraphQLError(error: unknown): JupiterOneApiError;
/**
 * GraphQLClient that routes every thrown error through {@link sanitizeGraphQLError}. Fixing
 * the leak at the single shared client means downstream services and tool handlers never
 * see the raw `ClientError`, without editing every call site.
 */
export declare class SanitizingGraphQLClient extends GraphQLClient {
    request(...args: any[]): Promise<any>;
}
//# sourceMappingURL=sanitize-error.d.ts.map