/**
 * Runtime API for TERE scripts
 * These functions are available to scripts running inside the TEE
 */
/**
 * State management API for storing and retrieving data
 */
export declare class State {
    /**
     * Get a value from the state store
     * @param key The key to retrieve
     * @returns The value, or null if not found
     */
    static get(key: string): string | null;
    /**
     * Set a value in the state store
     * @param key The key to set
     * @param value The value to store
     * @param callerId Optional caller ID for access control
     * @returns True if successful
     */
    static set(key: string, value: any, callerId?: string): boolean;
    /**
     * Check if a key exists in the state store
     * @param key The key to check
     * @returns True if the key exists
     */
    static exists(key: string): boolean;
    /**
     * Remove a value from the state store
     * @param key The key to remove
     * @param callerId Optional caller ID for access control
     * @returns The removed value, or null if not found
     */
    static remove(key: string, callerId?: string): string | null;
}
/**
 * Access control API for managing permissions
 */
export declare class AccessControl {
    /**
     * Set an access rule for a key
     * @param key The key to set the rule for
     * @param rule The access rule
     * @param callerId Optional caller ID for access control
     * @returns True if successful
     */
    static setAccessRule(key: string, rule: {
        readAccess: string[];
        writeAccess: string[];
    }, callerId?: string): boolean;
    /**
     * Get the access rule for a key
     * @param key The key to get the rule for
     * @returns The access rule, or null if not found
     */
    static getAccessRule(key: string): {
        readAccess: string[];
        writeAccess: string[];
    } | null;
}
/**
 * Options for crypto provider
 */
export interface CryptoProviderOptions {
    /**
     * Provider type ('software' or 'hsm')
     */
    provider?: 'software' | 'hsm';
    /**
     * Key ID for HSM operations
     */
    keyId?: string;
    /**
     * Protection level for key
     */
    protection?: 'software' | 'hsm';
    /**
     * Key ring for HSM keys
     */
    keyRing?: string;
    /**
     * Location for HSM keys
     */
    location?: string;
    /**
     * Additional provider-specific options
     */
    [key: string]: any;
}
/**
 * HSM crypto provider class
 */
export declare class CryptoProvider {
    private options;
    /**
     * Create a new crypto provider
     * @param options Provider options
     */
    constructor(options: CryptoProviderOptions);
    /**
     * Create a new key in the HSM
     * @param keyId ID for the key
     * @param purpose Key purpose: 'encrypt', 'sign', or 'decrypt'
     * @param algorithm Optional algorithm specification
     * @returns Information about the created key
     */
    createKey(keyId: string, purpose: string, algorithm?: string): Promise<any>;
    /**
     * Get an existing key or create it if it doesn't exist
     * @param keyId ID for the key
     * @param purpose Key purpose: 'encrypt', 'sign', or 'decrypt'
     * @param algorithm Optional algorithm specification
     * @returns Information about the key
     */
    getOrCreateKey(keyId: string, purpose: string, algorithm?: string): Promise<any>;
    /**
     * Encrypt data using an HSM-backed key
     * @param data Data to encrypt
     * @param keyId ID of the HSM key to use
     * @returns The encrypted data
     */
    encrypt(data: Uint8Array | string, keyId: string): Promise<Uint8Array>;
    /**
     * Decrypt data using an HSM-backed key
     * @param encryptedData Data to decrypt
     * @param keyId ID of the HSM key to use
     * @returns The decrypted data
     */
    decrypt(encryptedData: Uint8Array, keyId: string): Promise<Uint8Array>;
    /**
     * Sign data using an HSM-backed key
     * @param data Data to sign
     * @param keyId ID of the HSM signing key to use
     * @returns The signature
     */
    sign(data: Uint8Array | string, keyId: string): Promise<Uint8Array>;
    /**
     * Verify a signature using an HSM-backed key
     * @param data Original data that was signed
     * @param signature Signature to verify
     * @param keyId ID of the HSM signing key to use
     * @returns True if the signature is valid
     */
    verify(data: Uint8Array | string, signature: Uint8Array, keyId: string): Promise<boolean>;
    /**
     * List all keys in the HSM key ring
     * @returns Array of key information objects
     */
    listKeys(): Promise<any[]>;
}
/**
 * Cryptography API for secure operations
 */
export declare class Crypto {
    /**
     * Encrypt data using AES-GCM
     * @param data The data to encrypt
     * @param key The encryption key (32 bytes)
     * @param options Optional configuration for encryption
     * @returns The encrypted data with the nonce prepended
     */
    static encrypt(data: Uint8Array | string, key: Uint8Array, options?: any): Uint8Array;
    /**
     * Decrypt data using AES-GCM
     * @param encryptedData The encrypted data with nonce prepended
     * @param key The encryption key (32 bytes)
     * @param options Optional configuration for decryption
     * @returns The decrypted data
     */
    static decrypt(encryptedData: Uint8Array, key: Uint8Array, options?: any): Uint8Array;
    /**
     * Compute a SHA-256 hash
     * @param data The data to hash
     * @returns The hash value
     */
    static hash(data: Uint8Array | string): Uint8Array;
    /**
     * Generate a cryptographically secure random key
     * @param options Optional configuration for key generation
     * @returns A 32-byte random key
     */
    static generateKey(options?: CryptoProviderOptions): Uint8Array;
    /**
     * Generate random bytes
     * @param length The number of bytes to generate
     * @returns Random bytes
     */
    static randomBytes(length: number): Uint8Array;
    /**
     * Derive a key from a password
     * @param password The password
     * @param salt The salt (16 bytes recommended)
     * @param iterations The number of iterations (recommend at least 100,000)
     * @param options Optional configuration for key derivation
     * @returns The derived key
     */
    static deriveKeyFromPassword(password: string, salt: Uint8Array, iterations: number, options?: any): Uint8Array;
    /**
     * Create a cryptography provider that uses HSM for operations
     * @param options Configuration for the HSM provider
     * @returns A provider object for HSM-backed operations
     */
    static withHsmProvider(options?: CryptoProviderOptions): CryptoProvider;
    /**
     * Create a cryptography provider that uses software for operations
     * @param options Configuration for the software provider
     * @returns A provider object for software operations
     */
    static withSoftwareProvider(options?: CryptoProviderOptions): CryptoProvider;
}
/**
 * Cloud KMS integration for key management
 */
export declare class CloudKms {
    /**
     * Encrypt data using a cloud-managed key
     * @param data The data to encrypt
     * @param keyName The name of the key
     * @returns The encrypted data
     */
    static encrypt(data: Uint8Array | string, keyName: string): Promise<Uint8Array>;
    /**
     * Decrypt data using a cloud-managed key
     * @param encryptedData The encrypted data
     * @param keyName The name of the key
     * @returns The decrypted data
     */
    static decrypt(encryptedData: Uint8Array, keyName: string): Promise<Uint8Array>;
    /**
     * Create a new key in Cloud KMS
     * @param keyName The name of the key to create
     * @param purpose The purpose of the key ('encrypt', 'sign', etc.)
     * @param options Optional configuration
     * @returns Information about the created key
     */
    static createKey(keyName: string, purpose: string, options?: any): Promise<any>;
    /**
     * Sign data using a cloud-managed key
     * @param data The data to sign
     * @param keyName The name of the key
     * @returns The signature
     */
    static sign(data: Uint8Array | string, keyName: string): Promise<Uint8Array>;
    /**
     * Verify a signature using a cloud-managed key
     * @param data The data that was signed
     * @param signature The signature to verify
     * @param keyName The name of the key
     * @returns True if the signature is valid
     */
    static verify(data: Uint8Array | string, signature: Uint8Array, keyName: string): Promise<boolean>;
}
/**
 * Attestation API for TEE verification
 */
export declare class Attestation {
    /**
     * Get attestation report for the current TEE
     * @param nonce Optional nonce for freshness
     * @returns The attestation report
     */
    static getReport(nonce?: string): string;
    /**
     * Verify an attestation report
     * @param attestation The attestation report to verify
     * @param expectedNonce Optional nonce to verify
     * @returns True if the attestation is valid
     */
    static verify(attestation: string, expectedNonce?: string): boolean;
}
/**
 * Secure logging utilities
 */
export declare class SecureLog {
    /**
     * Log a message securely (does not expose sensitive data)
     * @param message The message to log
     * @param level The log level
     */
    static log(message: string, level?: 'info' | 'warn' | 'error' | 'debug'): void;
    /**
     * Log information
     * @param message The message to log
     */
    static info(message: string): void;
    /**
     * Log a warning
     * @param message The message to log
     */
    static warn(message: string): void;
    /**
     * Log an error
     * @param message The message to log
     */
    static error(message: string): void;
    /**
     * Log debug information
     * @param message The message to log
     */
    static debug(message: string): void;
}