export interface SecurityEvent {
    id: string;
    type: 'xss_attempt' | 'csrf_violation' | 'injection_attempt' | 'rate_limit_exceeded' | 'auth_failure' | 'suspicious_activity';
    severity: 'low' | 'medium' | 'high' | 'critical';
    timestamp: Date;
    source: {
        ip?: string;
        userAgent?: string;
        userId?: string;
        sessionId?: string;
    };
    details: Record<string, any>;
    blocked: boolean;
}
export interface SecurityMetrics {
    totalEvents: number;
    blockedEvents: number;
    eventsByType: Record<string, number>;
    eventsBySeverity: Record<string, number>;
    topSources: Array<{
        ip: string;
        count: number;
    }>;
    timeRange: {
        start: Date;
        end: Date;
    };
}
export interface RuntimeMonitorOptions {
    enableLogging?: boolean;
    logLevel?: 'debug' | 'info' | 'warn' | 'error';
    maxEvents?: number;
    alertThresholds?: {
        critical: number;
        high: number;
        medium: number;
    };
    onAlert?: (event: SecurityEvent) => void;
    onMetricsUpdate?: (metrics: SecurityMetrics) => void;
}
export declare class RuntimeSecurityMonitor {
    private events;
    private options;
    private alertCounts;
    private startTime;
    constructor(options?: RuntimeMonitorOptions);
    recordEvent(event: Omit<SecurityEvent, 'id' | 'timestamp'>): void;
    recordXSSAttempt(details: {
        payload: string;
        source: SecurityEvent['source'];
        blocked: boolean;
        context?: string;
    }): void;
    recordCSRFViolation(details: {
        expectedToken?: string;
        receivedToken?: string;
        source: SecurityEvent['source'];
        endpoint: string;
    }): void;
    recordInjectionAttempt(details: {
        type: 'sql' | 'nosql' | 'ldap' | 'command';
        payload: string;
        source: SecurityEvent['source'];
        blocked: boolean;
        query?: string;
    }): void;
    recordRateLimitExceeded(details: {
        limit: number;
        current: number;
        window: string;
        source: SecurityEvent['source'];
        endpoint?: string;
    }): void;
    recordAuthFailure(details: {
        reason: 'invalid_credentials' | 'account_locked' | 'token_expired' | 'insufficient_permissions';
        source: SecurityEvent['source'];
        username?: string;
        endpoint?: string;
    }): void;
    recordSuspiciousActivity(details: {
        activity: string;
        riskScore: number;
        source: SecurityEvent['source'];
        context?: Record<string, any>;
    }): void;
    getMetrics(): SecurityMetrics;
    getEvents(filter?: {
        type?: SecurityEvent['type'];
        severity?: SecurityEvent['severity'];
        since?: Date;
        limit?: number;
    }): SecurityEvent[];
    clearEvents(): void;
    exportEvents(format?: 'json' | 'csv'): string;
    private generateEventId;
    private logEvent;
    private getLogLevel;
    private shouldLog;
    private checkAlertThresholds;
}
export declare const runtimeMonitor: RuntimeSecurityMonitor;
//# sourceMappingURL=runtime-monitor.d.ts.map