/**
 * Adequacy status of a destination country
 */
export declare type AdequacyStatus = 'adequate' | 'inadequate' | 'pending_review' | 'unknown';

/**
 * Production-ready API storage adapter.
 *
 * Backward-compatible with the 3.5.x signature — `apiAdapter('/api/x')`
 * still works exactly as before. New options are all opt-in.
 *
 * @example basic
 *   const adapter = apiAdapter<ConsentSettings>('/api/consent');
 *
 * @example with credentials and CSRF
 *   const adapter = apiAdapter<ConsentSettings>('/api/consent', {
 *     credentials: 'include',
 *     headers: () => ({
 *       'X-CSRF-Token': document.querySelector<HTMLMetaElement>(
 *         'meta[name="csrf-token"]'
 *       )?.content ?? '',
 *     }),
 *   });
 *
 * @example with retry + telemetry
 *   const adapter = apiAdapter<ConsentSettings>('/api/consent', {
 *     retry: { attempts: 2, baseDelayMs: 300 },
 *     onError: (ctx) => Sentry.captureException(ctx.error, { extra: ctx }),
 *     onSuccess: (ctx) => analytics.track('consent_saved', { method: ctx.method }),
 *   });
 *
 * @example with response unwrap
 *   const adapter = apiAdapter<ConsentSettings>('/api/consent', {
 *     // API returns { data: ConsentSettings, ok: true }
 *     unwrap: (raw) => (raw as { data: ConsentSettings }).data,
 *   });
 */
export declare function apiAdapter<T = unknown>(endpoint: string, options?: ApiAdapterOptions<T>): StorageAdapter<T>;

declare interface ApiAdapterErrorContext<T = unknown> {
    /** Which adapter operation triggered this — `load`, `save`, or `remove`. */
    method: ApiAdapterMethod;
    /** The endpoint URL that failed. */
    endpoint: string;
    /** Underlying error (for network failures / parse errors). */
    error?: unknown;
    /** Response object, if a response was received. */
    response?: Response;
    /** HTTP status code, if available. */
    status?: number;
    /** For `save`, the payload that failed to send. */
    payload?: T;
    /** Which retry attempt this is (0 = first try). Capped at `retry.attempts`. */
    attempt: number;
}

declare type ApiAdapterMethod = 'load' | 'save' | 'remove';

declare interface ApiAdapterOptions<T = unknown> {
    /**
     * Extra HTTP headers to send with every request. Useful for `Authorization`,
     * `X-CSRF-Token`, `X-Requested-With`, etc.
     *
     * Can also be a function that returns headers, which lets you read a CSRF
     * token from the DOM/cookie at request time rather than at adapter
     * construction time.
     */
    headers?: Record<string, string> | (() => Record<string, string>);
    /**
     * Forwarded to fetch's `credentials` option. Defaults to `'same-origin'`
     * (the browser default). Set to `'include'` for cross-origin endpoints
     * that need cookies / auth.
     */
    credentials?: RequestCredentials;
    /**
     * HTTP method override for the load operation. Defaults to `'GET'`.
     */
    loadMethod?: 'GET' | 'POST';
    /**
     * HTTP method override for the save operation. Defaults to `'POST'`. Some
     * REST APIs prefer `'PUT'` for upsert semantics.
     */
    saveMethod?: 'POST' | 'PUT' | 'PATCH';
    /**
     * Transform the raw JSON response into the expected `T`. Useful for APIs
     * that wrap responses in `{ data: ... }` or similar envelopes. Called
     * after `res.json()`. If omitted, the parsed JSON is used as-is.
     */
    unwrap?: (raw: unknown) => T | null;
    /**
     * Retry policy for failed requests. Defaults to no retries (preserves the
     * pre-3.6.0 behaviour). When configured, applies to all three operations.
     */
    retry?: ApiAdapterRetryConfig;
    /**
     * Called when a request fails (after all retries exhausted). The adapter
     * still returns a graceful null/void result so the consuming hook
     * doesn't crash — this hook is for telemetry, toasts, or audit logging.
     */
    onError?: (ctx: ApiAdapterErrorContext<T>) => void;
    /**
     * Called when a request succeeds. Useful for cache invalidation,
     * analytics, or syncing other state.
     */
    onSuccess?: (ctx: ApiAdapterSuccessContext<T>) => void;
    /**
     * Per-request fetch options to merge into every request. Use this for
     * things `fetch` itself supports that aren't directly modelled above —
     * `signal`, `mode`, `cache`, `redirect`, etc.
     */
    fetchInit?: Omit<RequestInit, 'method' | 'headers' | 'body' | 'credentials'>;
}

declare interface ApiAdapterRetryConfig {
    /**
     * Number of additional attempts after the initial request. Defaults to 0
     * (no retries). e.g. `attempts: 2` means up to 3 total requests.
     */
    attempts?: number;
    /**
     * Base delay in ms between attempts. Defaults to 250ms. The actual delay
     * uses exponential backoff: `baseDelayMs * 2^attempt`.
     */
    baseDelayMs?: number;
    /**
     * Predicate that decides whether to retry given the failure context. By
     * default we retry on network errors and 5xx responses, but not on 4xx
     * (those are client errors that won't fix themselves).
     */
    shouldRetry?: (ctx: ApiAdapterErrorContext<unknown>) => boolean;
}

declare interface ApiAdapterSuccessContext<T = unknown> {
    /** Which adapter operation succeeded — `load`, `save`, or `remove`. */
    method: ApiAdapterMethod;
    /** The endpoint URL. */
    endpoint: string;
    /** Response object. */
    response: Response;
    /** For `load` operations, the parsed (and optionally unwrapped) data. */
    data?: T;
    /** For `save` operations, the payload that was sent. */
    payload?: T;
}

/**
 * Appends a single audit entry to the consent audit log in localStorage.
 * The log is append-only; existing entries are never modified.
 *
 * @param entry     - The audit entry to append
 * @param storageKey - Base storage key (the audit key is derived as `${storageKey}_audit`)
 */
export declare function appendAuditEntry(entry: ConsentAuditEntry, storageKey?: string): void;

export declare const arabicLocale: Required<{
    [K in keyof NDPRLocale]: Required<NonNullable<NDPRLocale[K]>>;
}>;

/**
 * Assemble an ordered, NDPA-aligned array of privacy-policy sections from
 * a {@link TemplateContext}. This is the canonical "compute the policy"
 * function — it produces structured `PolicySection[]` data that downstream
 * renderers (`exportHTML`, `exportMarkdown`, `exportPDF`, `exportDOCX`,
 * `<PolicyPage />`) consume.
 *
 * Section composition:
 * - **Core sections** (always included): Introduction, Data Collection,
 *   Legal Basis, Data Usage, Data Sharing, Data Retention, Data Security,
 *   Data Subject Rights, Contact Information.
 * - **Conditional sections** (included based on context flags):
 *   - `hasChildrenData` → Children's Data Protection (NDPA §31)
 *   - `hasSensitiveData` → Sensitive / Special-Category Data
 *   - `hasCrossBorderTransfer` → Cross-Border Transfers (NDPA Part VI)
 *   - `hasAutomatedDecisions` → Automated Decision-Making (NDPA §37)
 *
 * Section text uses `«TODO: fieldName»` markers (the `UNFILLED_PREFIX` constant)
 * for any required org-info field that's empty in the context. Pair with
 * {@link findUnfilledTokens} to surface those before publishing.
 *
 * @param context - Organisation info, data categories, processing purposes,
 *                  third-party processors, and feature flags. Build a default
 *                  context with `createDefaultContext()` then mutate.
 * @returns An ordered array of {@link PolicySection} objects ready to pass
 *          to `exportHTML(policy)` or `<PolicyPage policy={...} />`.
 *
 * @example
 * ```ts
 * import { assemblePolicy, createDefaultContext } from '@tantainnovative/ndpr-toolkit/server';
 *
 * const ctx = createDefaultContext();
 * ctx.org.name = 'Acme Nigeria Ltd';
 * ctx.org.privacyEmail = 'privacy@acme.ng';
 * ctx.hasCrossBorderTransfer = true;
 *
 * const sections = assemblePolicy(ctx);
 * // sections is a 10-element array (9 core + 1 cross-border)
 * ```
 */
export declare function assemblePolicy(context: TemplateContext): PolicySection[];

/**
 * Assess a breach report against the NDPA S. 40 / GAID 2025 Article 33
 * notification requirements.
 */
export declare function assessBreachNotification(report: BreachReport, options?: BreachNotificationOptions): BreachNotificationAssessment;

/**
 * Analyzes all processing activities and returns compliance gaps including
 * missing DPO approval, overdue reviews, undocumented justifications,
 * missing LIA for legitimate interests, and other documentation issues.
 *
 * @param activities Array of processing activities to analyze
 * @returns Array of identified compliance gaps
 */
export declare function assessComplianceGaps(activities: ProcessingActivity[]): LawfulBasisComplianceGap[];

/**
 * Assesses the risk level of a DPIA based on the identified risks
 * @param dpiaResult The DPIA result containing risks to assess
 * @returns Assessment result with overall risk level and recommendations
 */
export declare function assessDPIARisk(dpiaResult: DPIAResult): {
    overallRiskLevel: 'low' | 'medium' | 'high' | 'critical';
    requiresConsultation: boolean;
    canProceed: boolean;
    recommendations: string[];
};

/**
 * Performs a basic risk assessment of a cross-border transfer based on adequacy status,
 * transfer mechanism, and data sensitivity.
 *
 * @param transfer The cross-border transfer to assess
 * @returns Risk assessment result with score, factors, and recommendations
 */
export declare function assessTransferRisk(transfer: CrossBorderTransfer): TransferRiskResult;

export declare interface AuditCheck {
    id: string;
    label: string;
    status: AuditCheckStatus;
    detail: string;
}

export declare type AuditCheckStatus = 'pass' | 'warn' | 'fail';

/**
 * Breach notification types aligned with NDPA 2023 Section 40
 * Data controllers must notify the NDPC within 72 hours of becoming aware of a breach
 * Data subjects must be notified without undue delay when breach is likely to result in high risk
 */
/**
 * Represents a data breach category
 */
export declare interface BreachCategory {
    /** Unique identifier for the category */
    id: string;
    /** Display name for the category */
    name: string;
    /** Description of this breach category */
    description: string;
    /** Default severity level for this category */
    defaultSeverity: 'low' | 'medium' | 'high' | 'critical';
}

export declare interface BreachNotificationAssessment {
    /** Whether all applicable mandated content items are satisfied. */
    complete: boolean;
    /** Completeness of applicable content items, 0–100. */
    completeness: number;
    /** GAID 2025 Article 33(5) / NDPA S. 40(2) content of the notification to the Commission. */
    notificationToCommission: BreachNotificationItem[];
    /** NDPA S. 40(3) communication to data subjects — populated only when high-risk. */
    dataSubjectCommunication: BreachNotificationItem[];
    /** Whether a data-subject communication is owed (high risk). */
    dataSubjectCommunicationRequired: boolean;
    timing: BreachNotificationTiming;
    /** Labels of unsatisfied applicable items. */
    missing: string[];
    /** Actionable next steps, including timing warnings. */
    recommendations: string[];
    asOf: number;
}

declare interface BreachNotificationItem {
    /** Stable identifier for the requirement. */
    id: string;
    /** Human-readable requirement. */
    label: string;
    /** Authoritative citation, e.g. `GAID 2025 Art. 33(5)(a)`. */
    section: string;
    /** Whether the report satisfies it. */
    satisfied: boolean;
}

/**
 * Personal-data-breach notification completeness checker for NDPA 2023
 * Section 40, as detailed by NDPC General Application and Implementation
 * Directive (GAID) 2025 Article 33.
 *
 * Section 40(2) requires a data controller to notify the Commission within 72
 * hours of becoming aware of a breach likely to result in a risk to data
 * subjects' rights and freedoms. GAID 2025 Article 33(5)(a)–(h) enumerates the
 * content that a notification to the Commission "shall include". Where the
 * breach is likely to result in a *high* risk, Section 40(3) additionally
 * requires the controller to communicate the breach to affected data subjects
 * in plain and clear language.
 *
 * This assesses a `BreachReport` against those requirements: which mandated
 * content items are present, whether the 72-hour window is met, and whether a
 * data-subject communication is owed. It is a documentation-completeness aid,
 * not legal advice — verify against current NDPC guidance.
 *
 * @see NDPA 2023 Section 40 (Personal data breaches)
 * @see NDPC GAID 2025 Article 33 (Data Breach Notification)
 */

export declare interface BreachNotificationOptions {
    /** Risk assessment for the breach; drives whether data-subject communication is required. */
    assessment?: RiskAssessment;
    /** The regulatory notification actually sent, if any — used to judge timeliness. */
    notification?: RegulatoryNotification;
    /** Reference "now" in epoch ms. Defaults to `Date.now()`. */
    asOf?: number;
    /** Notification window in hours. Defaults to 72 (NDPA S. 40(2)). */
    deadlineHours?: number;
    /**
     * Explicit high-risk flag (NDPA S. 40(3)). When omitted, derived from
     * `assessment.highRisksToRightsAndFreedoms`.
     */
    highRisk?: boolean;
}

declare interface BreachNotificationTiming {
    /** `discoveredAt` + the notification window. */
    deadline: number;
    /** Whole hours between discovery and `asOf`. */
    hoursSinceDiscovery: number;
    /** Whether a regulatory notification has been recorded. */
    notified: boolean;
    /** When the regulatory notification was sent, if any. */
    notifiedAt?: number;
    /** Whether the notification (or, if none, `asOf`) falls within the deadline. */
    withinDeadline: boolean;
    /** Whole hours from `asOf` to the deadline (negative once past). */
    hoursRemaining: number;
    /** Whether the deadline has been missed. */
    overdue: boolean;
    /** Late filings must state the reasons for the delay (NDPA S. 40(2)). */
    requiresDelayJustification: boolean;
}

/**
 * Represents a data breach report
 */
export declare interface BreachReport {
    /** Unique identifier for the breach report */
    id: string;
    /** Title/summary of the breach */
    title: string;
    /** Detailed description of the breach */
    description: string;
    /** Category of the breach */
    category: string;
    /** Timestamp when the breach was discovered */
    discoveredAt: number;
    /** Timestamp when the breach occurred (if known) */
    occurredAt?: number;
    /** Timestamp when the breach was reported internally */
    reportedAt: number;
    /** Person who reported the breach */
    reporter: {
        name: string;
        email: string;
        department: string;
        phone?: string;
    };
    /** Systems or data affected by the breach */
    affectedSystems: string[];
    /** Types of data involved in the breach */
    dataTypes: string[];
    /** Whether sensitive personal data is involved (NDPA Section 30) */
    involvesSensitiveData?: boolean;
    /** Estimated number of data subjects affected */
    estimatedAffectedSubjects?: number;
    /**
     * Approximate number of personal data RECORDS concerned (distinct from subject count).
     * Required content under NDPA Section 40(1)(a) and Section 40(2).
     */
    approximateRecordCount?: number;
    /**
     * Categories of data subjects affected (e.g. customers, employees, minors, patients).
     * Required content under NDPA Section 40(1)(a) and Section 40(2).
     */
    dataSubjectCategories?: string[];
    /**
     * Likely consequences of the breach for affected data subjects (e.g. identity theft,
     * financial loss, reputational damage). Reported to the NDPC and, where applicable,
     * communicated to data subjects under Section 40(3).
     */
    likelyConsequences?: string;
    /**
     * Measures taken or proposed to mitigate adverse effects of the breach.
     * Required content for Section 40(3) communications to data subjects.
     */
    mitigationMeasures?: string;
    /**
     * Whether this is a phased / interim report submitted before full investigation
     * is complete. The NDPC permits phased reporting where complete information is
     * not available within 72 hours.
     */
    isPhasedReport?: boolean;
    /**
     * ID of the prior phased report this report supplements, if any.
     */
    supplementsReportId?: string;
    /**
     * Data Protection Officer contact details. The DPO is the named contact point
     * for the NDPC per NDPA Section 32(3)(c). Required content in the regulatory
     * report (Section 40(2)).
     */
    dpoContact?: {
        name: string;
        email: string;
        phone?: string;
    };
    /** Whether the breach is ongoing or contained */
    status: 'ongoing' | 'contained' | 'resolved';
    /** Initial actions taken to address the breach */
    initialActions?: string;
    /** Attachments related to the breach */
    attachments?: Array<{
        id: string;
        name: string;
        type: string;
        url: string;
        addedAt: number;
    }>;
}

/**
 * Calculates the severity of a data breach based on various factors
 * @param report The breach report
 * @param assessment The risk assessment (if available)
 * @returns The calculated severity and notification requirements
 */
export declare function calculateBreachSeverity(report: BreachReport, assessment?: RiskAssessment): {
    severityLevel: 'low' | 'medium' | 'high' | 'critical';
    notificationRequired: boolean;
    urgentNotificationRequired: boolean;
    timeframeHours: number;
    justification: string;
};

/**
 * Compliance Audit Returns (CAR) scheduling under the NDPC General Application
 * and Implementation Directive (GAID) 2025.
 *
 * A Data Controller/Processor of Major Importance (DCPMI) must conduct an
 * initial compliance audit within 15 months of commencing data processing, and
 * thereafter file a Compliance Audit Return with the NDPC annually (default
 * deadline 31 March, filed through the NDPC Information Management Portal/NIMP).
 *
 * This computes the schedule (initial-audit due date, the next annual filing
 * deadline relative to a reference date) and a light status. NDPC deadlines
 * shift (the 2026 filing was extended to 30 May), so the annual deadline is
 * configurable and per-year overrides are supported. The audit *content* itself
 * is the organisation's compliance posture — pair this with `getComplianceScore`.
 *
 * @see NDPC General Application and Implementation Directive (GAID) 2025
 */

export declare interface CARInput {
    /** ISO date (YYYY-MM-DD) the organisation commenced data processing. */
    commencementDate: string;
    /** Reference date to evaluate against (YYYY-MM-DD). Defaults to today. */
    asOf?: string;
    /** DCPMI tier; CAR applies to DCPMIs only. Omit to assume applicable. */
    tier?: DCPMITier;
}

export declare interface CAROptions {
    /** Default annual filing deadline (month is 1-12). Defaults to 31 March. */
    annualDeadline?: {
        month: number;
        day: number;
    };
    /** Per-year overrides for the annual deadline, e.g. `{ 2026: '2026-05-30' }`. */
    deadlineOverrides?: Record<number, string>;
    /** Months after commencement the initial audit is due. Defaults to 15. */
    initialAuditWithinMonths?: number;
}

/**
 * Classify an organisation's DCPMI status, registration tier, annual fee, and
 * Compliance Audit Returns obligations under NDPC GAID 2025.
 */
export declare function classifyDCPMI(input: DCPMIInput, options?: DCPMIClassificationOptions): DCPMIClassification;

export declare interface ComplianceAuditReturn {
    /** Whether CAR applies (false for non-DCPMI organisations). */
    applicable: boolean;
    schedule: {
        commencementDate: string;
        initialAuditWithinMonths: number;
        /** Commencement date + the initial-audit window. */
        initialAuditDueDate: string;
        /** The next annual filing deadline on or after `asOf`. */
        nextFilingDeadline: string;
        /** The year the next filing deadline falls in. */
        filingYear: number;
    };
    status: {
        /** Whether the initial-audit obligation has arisen (asOf ≥ due date). */
        initialAuditDue: boolean;
        /** Whole days from `asOf` to the next filing deadline. */
        daysUntilNextDeadline: number;
    };
    notes: string[];
    asOf: string;
}

/** A single gap found during NDPA compliance evaluation. */
export declare interface ComplianceGap {
    /** Machine-readable requirement identifier. */
    requirementId: string;
    /** Human-readable name of the requirement. */
    requirement: string;
    /** Reference to the relevant NDPA section. */
    ndpaSection: string;
    /** How severe the gap is. */
    severity: 'critical' | 'important' | 'recommended';
    /** Explanation of what is missing. */
    message: string;
    /** Suggested fix type for the UI. */
    fixType: 'add_section' | 'add_content' | 'fill_field';
    /** Label for the fix action button. */
    fixLabel: string;
    /** Pre-written content the user can insert to close the gap. */
    suggestedContent?: string;
}

export declare interface ComplianceInput {
    consent: {
        hasConsentMechanism: boolean;
        hasPurposeSpecification: boolean;
        hasWithdrawalMechanism: boolean;
        hasMinorProtection: boolean;
        consentRecordsRetained: boolean;
    };
    dsr: {
        hasRequestMechanism: boolean;
        supportsAccess: boolean;
        supportsRectification: boolean;
        supportsErasure: boolean;
        supportsPortability: boolean;
        supportsObjection: boolean;
        /** Expected max response time in days (>30 counts as a gap) */
        responseTimelineDays: number;
    };
    dpia: {
        conductedForHighRisk: boolean;
        documentedRisks: boolean;
        mitigationMeasures: boolean;
    };
    breach: {
        hasNotificationProcess: boolean;
        notifiesWithin72Hours: boolean;
        hasRiskAssessment: boolean;
        hasRecordKeeping: boolean;
    };
    policy: {
        hasPrivacyPolicy: boolean;
        isPubliclyAccessible: boolean;
        /** ISO date string (YYYY-MM-DD); >13 months old counts as a gap */
        lastUpdated: string;
        coversAllSections: boolean;
    };
    lawfulBasis: {
        documentedForAllProcessing: boolean;
        hasLegitimateInterestAssessment: boolean;
    };
    crossBorder: {
        hasTransferMechanisms: boolean;
        adequacyAssessed: boolean;
        ndpcApprovalObtained: boolean;
    };
    ropa: {
        maintained: boolean;
        includesAllProcessing: boolean;
        /** ISO date string (YYYY-MM-DD); >6 months since review counts as a gap */
        lastReviewed: string;
    };
}

/**
 * Compliance Score Engine
 *
 * Evaluates an organisation's NDPA compliance posture across eight modules and
 * returns a scored, rated report with per-module breakdowns and sorted
 * recommendations.
 *
 * Pure utility — zero React dependency.
 */
export declare type ComplianceRating = 'excellent' | 'good' | 'needs-work' | 'critical';

export declare interface ComplianceReport {
    /** Overall compliance score, 0–100 */
    score: number;
    /** Rating bucket */
    rating: ComplianceRating;
    /** Per-module breakdown keyed by module name */
    modules: Record<string, ModuleScore>;
    /** Recommendations sorted by priority (critical first) */
    recommendations: Recommendation[];
    /** Top-level regulatory references */
    regulatoryReferences: RegulatoryReference[];
    /** ISO date of when the report was generated */
    generatedAt: string;
}

/** Result of evaluating a policy against NDPA requirements. */
export declare interface ComplianceResult {
    /** Points earned. */
    score: number;
    /** Maximum achievable points (115). */
    maxScore: number;
    /** Percentage score (0-100). */
    percentage: number;
    /** Overall compliance rating. */
    rating: 'compliant' | 'nearly_compliant' | 'not_compliant';
    /** List of identified compliance gaps. */
    gaps: ComplianceGap[];
    /** List of requirement ids that passed. */
    passed: string[];
}

/**
 * Compose a primary adapter with one or more secondary adapters. Reads
 * always go to the primary; writes (`save` / `remove`) fan out to the
 * primary first, then each secondary. Secondary failures are logged but
 * never propagated.
 *
 * Useful for shadowing localStorage to an API endpoint, mirroring consent
 * to a cookie for SSR, or building offline-first sync.
 *
 * @example
 * ```ts
 * import {
 *   composeAdapters,
 *   localStorageAdapter,
 *   apiAdapter,
 * } from '@tantainnovative/ndpr-toolkit/adapters';
 * import { useConsent } from '@tantainnovative/ndpr-toolkit/hooks';
 *
 * const adapter = composeAdapters(
 *   localStorageAdapter('ndpr_consent'),
 *   apiAdapter('/api/consent'),
 * );
 * useConsent({ options, adapter });
 * ```
 */
export declare function composeAdapters<T = unknown>(primary: StorageAdapter<T>, ...secondaries: StorageAdapter<T>[]): StorageAdapter<T>;

/**
 * Represents a single entry in the consent audit trail.
 * Each entry captures what happened, when, and the full consent state
 * at that point in time, satisfying NDPA recordkeeping requirements.
 */
export declare interface ConsentAuditEntry {
    /** The type of consent action that occurred */
    action: 'consent_given' | 'consent_withdrawn' | 'consent_updated' | 'consent_expired';
    /** Unix timestamp (ms) when the action occurred */
    timestamp: number;
    /** Version of the consent form at the time of the action */
    version: string;
    /** Full snapshot of consent category states */
    categories: Record<string, boolean>;
    /** How consent was collected (e.g. "banner", "customize", "api") */
    method: string;
    /** Browser user-agent string for forensic traceability */
    userAgent?: string;
}

/**
 * Consent types aligned with NDPA 2023 Section 25-26
 * Consent must be freely given, specific, informed, and unambiguous
 */
/**
 * Represents a consent option that can be presented to users
 */
export declare interface ConsentOption {
    /** Unique identifier for the consent option */
    id: string;
    /** Display label for the consent option */
    label: string;
    /** Detailed description of what this consent option covers */
    description: string;
    /** Whether this consent option is required (cannot be declined) */
    required: boolean;
    /**
     * The specific purpose for which data will be processed
     * NDPA Section 25(2) requires consent to be specific to each purpose
     */
    purpose: string;
    /**
     * Default state of the consent option
     * @default false
     */
    defaultValue?: boolean;
    /**
     * Categories of personal data covered by this consent option
     */
    dataCategories?: string[];
}

/**
 * Represents the user's consent settings
 */
export declare interface ConsentSettings {
    /** Map of consent option IDs to boolean values indicating consent status */
    consents: Record<string, boolean>;
    /** Timestamp when consent was last updated */
    timestamp: number;
    /** Version of the consent form that was accepted */
    version: string;
    /** Method used to collect consent (e.g., "banner", "settings", "api") */
    method: string;
    /** Whether the user has actively made a choice (as opposed to default settings) */
    hasInteracted: boolean;
    /**
     * The lawful basis under which processing is conducted
     * Required by NDPA Section 25(1)
     */
    lawfulBasis?: LawfulBasisType;
}

/**
 * Represents the storage mechanism for consent settings
 */
export declare interface ConsentStorageOptions {
    /**
     * Storage key for consent settings
     * @default "ndpr_consent"
     */
    storageKey?: string;
    /**
     * Storage type to use
     * @default "localStorage"
     */
    storageType?: 'localStorage' | 'sessionStorage' | 'cookie';
    /**
     * Cookie options (only used when storageType is "cookie")
     */
    cookieOptions?: {
        /** Domain for the cookie */
        domain?: string;
        /**
         * Path for the cookie
         * @default "/"
         */
        path?: string;
        /**
         * Expiration days for the cookie
         * @default 365
         */
        expires?: number;
        /**
         * Whether the cookie should be secure
         * @default true
         */
        secure?: boolean;
        /**
         * SameSite attribute for the cookie
         * @default "Lax"
         */
        sameSite?: 'Strict' | 'Lax' | 'None';
    };
}

/**
 * Storage adapter backed by a browser cookie. Useful for consent state that
 * needs to be shared with server-side rendering, or for cross-subdomain
 * persistence via the `domain` option.
 *
 * @example
 * ```ts
 * import { cookieAdapter } from '@tantainnovative/ndpr-toolkit/adapters';
 * import { useConsent } from '@tantainnovative/ndpr-toolkit/hooks';
 *
 * const adapter = cookieAdapter('ndpr_consent', {
 *   domain: '.example.com',
 *   sameSite: 'Lax',
 *   expires: 180,
 * });
 * useConsent({ options, adapter });
 * ```
 */
export declare function cookieAdapter<T = unknown>(key: string, options?: CookieAdapterOptions): StorageAdapter<T>;

declare interface CookieAdapterOptions {
    domain?: string;
    path?: string;
    expires?: number;
    secure?: boolean;
    sameSite?: 'Strict' | 'Lax' | 'None';
}

/** How a present cookie was classified. */
export declare type CookieMatchSource = 'declared' | 'known' | 'none';

export declare interface CookieScanOptions {
    /**
     * The cookie string to scan, in `document.cookie` form (`a=1; b=2`).
     * Defaults to `document.cookie` in the browser, or `''` on the server.
     */
    cookieString?: string;
    /** Reference timestamp (epoch ms) recorded on the result. Defaults to `Date.now()`. */
    asOf?: number;
    /** Extra known cookies, checked before the built-in registry (so they can override it). */
    knownCookies?: DeclaredCookie[];
    /** Whether to fall back to the built-in known-cookie registry for undeclared cookies. @default true */
    useKnownRegistry?: boolean;
}

export declare interface CookieScanResult {
    /** When the scan ran (epoch ms). */
    scannedAt: number;
    /** Number of cookies present. */
    total: number;
    /** Every present cookie, classified. */
    cookies: ScannedCookie[];
    /** Cookies that matched one of your declared cookies. */
    declared: ScannedCookie[];
    /** Cookies present but NOT in your declaration — the compliance gap. */
    undeclared: ScannedCookie[];
    /** Undeclared cookies the built-in registry could still identify. */
    identified: ScannedCookie[];
    /** Undeclared cookies that could not be identified at all. */
    unknown: ScannedCookie[];
    /** Present cookies grouped by resolved category; unclassified cookies go under `uncategorized`. */
    byCategory: Record<string, ScannedCookie[]>;
    /** True when there are no undeclared cookies. */
    complete: boolean;
}

/**
 * Creates a new audit entry from consent settings. If `previousSettings` is
 * provided, the action is automatically determined by comparing old and new
 * states. Otherwise `action` defaults to `'consent_given'`.
 */
export declare function createAuditEntry(settings: ConsentSettings, previousSettings?: ConsentSettings | null, actionOverride?: ConsentAuditEntry['action']): ConsentAuditEntry;

/**
 * Creates a complete business privacy policy template with default
 * NDPA-compliant sections and variables.
 *
 * @returns An object containing the default sections and variables.
 */
export declare function createBusinessPolicyTemplate(): {
    sections: PolicySection[];
    variables: PolicyVariable[];
};

/**
 * Creates a default TemplateContext with sensible empty/initial values.
 * Useful for initialising the wizard state before the user begins editing.
 */
export declare function createDefaultContext(): TemplateContext;

/**
 * Summary of cross-border transfer compliance
 */
export declare interface CrossBorderSummary {
    /** Total number of active transfers */
    totalActiveTransfers: number;
    /** Breakdown by transfer mechanism */
    byMechanism: Record<TransferMechanism, number>;
    /** Breakdown by adequacy status */
    byAdequacy: Record<AdequacyStatus, number>;
    /** Transfers pending NDPC approval */
    pendingApproval: CrossBorderTransfer[];
    /** Transfers due for review */
    dueForReview: CrossBorderTransfer[];
    /** Transfers missing TIA */
    missingTIA: CrossBorderTransfer[];
    /** High-risk transfers */
    highRiskTransfers: CrossBorderTransfer[];
    /** Last updated timestamp */
    lastUpdated: number;
}

/**
 * Represents a cross-border data transfer record
 */
export declare interface CrossBorderTransfer {
    /** Unique identifier */
    id: string;
    /** Destination country or territory */
    destinationCountry: string;
    /** ISO country code */
    destinationCountryCode?: string;
    /** Adequacy status of the destination */
    adequacyStatus: AdequacyStatus;
    /** The transfer mechanism being relied upon */
    transferMechanism: TransferMechanism;
    /** Categories of personal data being transferred */
    dataCategories: string[];
    /** Whether sensitive personal data is included */
    includesSensitiveData: boolean;
    /** Estimated number of data subjects whose data is transferred */
    estimatedDataSubjects?: number;
    /** Name of the recipient organization */
    recipientOrganization: string;
    /** Contact details of the recipient */
    recipientContact: {
        name: string;
        email: string;
        phone?: string;
        address?: string;
    };
    /** Purpose of the data transfer */
    purpose: string;
    /** Safeguards in place to protect the data */
    safeguards: string[];
    /** Risk assessment summary */
    riskAssessment: string;
    /** Risk level of the transfer */
    riskLevel: 'low' | 'medium' | 'high';
    /** NDPC approval details (required for some transfer mechanisms) */
    ndpcApproval?: {
        required: boolean;
        applied: boolean;
        approved?: boolean;
        referenceNumber?: string;
        appliedAt?: number;
        approvedAt?: number;
    };
    /** Whether a Transfer Impact Assessment has been conducted */
    tiaCompleted: boolean;
    /** Reference to the TIA document */
    tiaReference?: string;
    /** Frequency of the transfer */
    frequency: 'one_time' | 'periodic' | 'continuous';
    /** Start date of the transfer */
    startDate: number;
    /** End date of the transfer (if applicable) */
    endDate?: number;
    /** Status of the transfer */
    status: 'active' | 'suspended' | 'terminated' | 'pending_approval';
    /** Timestamp when the record was created */
    createdAt: number;
    /** Timestamp when the record was last updated */
    updatedAt: number;
    /** Next review date */
    reviewDate?: number;
}

/** A user-defined section added to the policy outside the generated ones. */
export declare interface CustomSection {
    id: string;
    title: string;
    content: string;
    order: number;
    required: false;
}

/** A logical category of personal data the organisation may collect. */
export declare interface DataCategory {
    /** Machine-readable identifier. */
    id: string;
    /** Human-readable label shown in the wizard. */
    label: string;
    /** Grouping for display and compliance checks. */
    group: 'identity' | 'financial' | 'behavioral' | 'sensitive' | 'children';
    /** Specific data points within this category. */
    dataPoints: string[];
    /** Whether this category is currently selected by the user. */
    selected: boolean;
}

export declare interface DCPMIClassification {
    /** Registration tier (or `'none'` when not a DCPMI). */
    tier: DCPMITier;
    /** Whether the organisation is a Data Controller/Processor of Major Importance. */
    isDCPMI: boolean;
    /** Annual registration fee in Nigerian Naira (0 when not a volume-tiered DCPMI). */
    annualFeeNGN: number;
    registration: {
        /** Whether NDPC registration is required. */
        required: boolean;
        /** OHL renews registration annually; UHL/EHL register once and file CAR annually. */
        renewsAnnually: boolean;
    };
    compliance: {
        /** Whether the organisation must file annual Compliance Audit Returns (CAR). */
        auditReturnsAnnual: boolean;
        /** Initial compliance audit is due within this many months of commencing processing. */
        initialAuditWithinMonths: number;
    };
    /** Human-readable caveats and next steps. */
    notes: string[];
    /** The count actually used for classification, after defensive normalisation. */
    dataSubjectsConsidered: number;
}

export declare interface DCPMIClassificationOptions {
    thresholds?: Partial<DCPMIThresholds>;
    fees?: Partial<DCPMIFees>;
}

declare interface DCPMIFees {
    UHL: number;
    EHL: number;
    OHL: number;
}

export declare interface DCPMIInput {
    /** Distinct data subjects whose data was processed in the relevant six-month window. */
    dataSubjectsInSixMonths?: number;
    /** True if the Commission has separately designated/listed the organisation as a DCPMI. */
    isDesignated?: boolean;
}

declare interface DCPMIThresholds {
    /** Lower bound (inclusive) for OHL. */
    ohl: number;
    /** Lower bound (inclusive) for EHL. */
    ehl: number;
    /** A count strictly greater than this is UHL. */
    uhl: number;
}

/**
 * Data Controller/Processor of Major Importance (DCPMI) classification under the
 * NDPC General Application and Implementation Directive (GAID) 2025.
 *
 * Volume-based tiers — data subjects processed within a six-month window:
 *   - UHL (Ultra High Level):    more than 5,000  → ₦250,000 / year
 *   - EHL (Extra High Level):    1,000 – 5,000    → ₦100,000 / year
 *   - OHL (Ordinary High Level): 200 – 999        → ₦10,000  / year
 *   - below 200:                 not a DCPMI by volume
 *
 * Boundaries: the 1,000 mark resolves to EHL (so OHL is 200–999); UHL is
 * strictly greater than 5,000 (so 5,000 itself is EHL). The NDPC has revised
 * classification metrics before and shifts filing deadlines, so thresholds and
 * fees are configurable — treat the defaults as the September 2025 GAID
 * baseline, not a constant.
 *
 * `isDesignated` marks an organisation the Commission has otherwise listed as a
 * DCPMI; it is then a DCPMI regardless of volume. Below the volume tiers such an
 * organisation is reported as `'listed'` with the fee left at 0 and a note to
 * confirm the applicable tier/fee with the NDPC.
 *
 * @see NDPC General Application and Implementation Directive (GAID) 2025
 * @see NDPC Guidance Notice on the Registration of Data Controllers and Processors of Major Importance
 */
export declare type DCPMITier = 'UHL' | 'EHL' | 'OHL' | 'listed' | 'none';

/**
 * Cookie scanner — audits the cookies actually present in the browser against
 * the cookies you have declared, surfacing undeclared cookies that put you out
 * of step with your cookie notice (NDPA 2023 S.25-26 / NDPC GAID 2025 on
 * specific, informed consent).
 *
 * Pure and DOM-optional: pass `cookieString` to scan an arbitrary value (a
 * `Cookie:` header on the server, a test fixture), or call it in the browser
 * and it reads `document.cookie`. Safe to import from a server bundle.
 */
/** A cookie you declare against a consent category. */
export declare interface DeclaredCookie {
    /** Exact cookie name, a prefix (with `prefix: true`), or a RegExp matched against the name. */
    name: string | RegExp;
    /** Consent category this cookie belongs to (e.g. 'necessary', 'analytics', 'marketing'). */
    category: string;
    /** Who sets the cookie (e.g. 'Google Analytics'). */
    provider?: string;
    /** What the cookie is used for — surfaced in your cookie policy. */
    purpose?: string;
    /** Treat a string `name` as a prefix match instead of an exact match. Ignored for RegExp names. */
    prefix?: boolean;
}

/**
 * Comprehensive set of 16 data categories spanning identity, financial,
 * behavioral, sensitive, and children groups. Used to populate the wizard
 * and drive adaptive section generation.
 */
export declare const DEFAULT_DATA_CATEGORIES: DataCategory[];

/**
 * Default NDPA-compliant privacy policy sections.
 * Each section uses {{variable}} placeholders that are resolved at generation time.
 */
export declare const DEFAULT_POLICY_SECTIONS: PolicySection[];

/**
 * Default policy variables for NDPA-compliant privacy policies.
 * These map to the {{variable}} placeholders used in DEFAULT_POLICY_SECTIONS.
 */
export declare const DEFAULT_POLICY_VARIABLES: PolicyVariable[];

export declare const defaultLocale: Required<{
    [K in keyof NDPRLocale]: Required<NonNullable<NDPRLocale[K]>>;
}>;

/** Options for DOCX export of the finalised policy. */
export declare interface DOCXExportOptions {
    includeTOC?: boolean;
    filename?: string;
}

/**
 * Data Protection Impact Assessment types aligned with NDPA 2023 Section 28
 * A DPIA is required when processing is likely to result in high risk to data subjects
 */
/**
 * Represents a question in the DPIA questionnaire
 */
export declare interface DPIAQuestion {
    /** Unique identifier for the question */
    id: string;
    /** The text of the question */
    text: string;
    /** Additional guidance for answering the question */
    guidance?: string;
    /** Type of input required for the answer */
    type: 'text' | 'textarea' | 'select' | 'radio' | 'checkbox' | 'scale';
    /** Options for select, radio, or checkbox questions */
    options?: Array<{
        value: string;
        label: string;
        riskLevel?: 'low' | 'medium' | 'high';
    }>;
    /** For scale questions, the minimum value */
    minValue?: number;
    /** For scale questions, the maximum value */
    maxValue?: number;
    /** For scale questions, labels for the scale points */
    scaleLabels?: Record<number, string>;
    /** Whether the question is required */
    required: boolean;
    /** Risk level associated with this question */
    riskLevel?: 'low' | 'medium' | 'high';
    /** Whether this question triggers additional questions based on the answer */
    hasDependentQuestions?: boolean;
    /** Conditions that determine when this question should be shown */
    showWhen?: Array<{
        questionId: string;
        operator: 'equals' | 'contains' | 'greaterThan' | 'lessThan';
        value: string | number | boolean;
    }>;
}

/**
 * Represents the result of a completed DPIA
 */
export declare interface DPIAResult {
    /** Unique identifier for the DPIA */
    id: string;
    /** Title of the DPIA */
    title: string;
    /** Description of the processing activity being assessed */
    processingDescription: string;
    /** Timestamp when the DPIA was started */
    startedAt: number;
    /** Timestamp when the DPIA was completed */
    completedAt?: number;
    /** Person responsible for conducting the DPIA */
    assessor: {
        name: string;
        role: string;
        email: string;
    };
    /** Answers to all questions in the DPIA */
    answers: Record<string, string | number | boolean | string[]>;
    /** Risks identified in the DPIA */
    risks: DPIARisk[];
    /** Overall risk level of the processing activity */
    overallRiskLevel: 'low' | 'medium' | 'high' | 'critical';
    /** Whether the DPIA concluded that the processing can proceed */
    canProceed: boolean;
    /** Reasons why the processing can or cannot proceed */
    conclusion: string;
    /** Recommendations for the processing activity */
    recommendations?: string[];
    /** Next review date for the DPIA */
    reviewDate?: number;
    /** Version of the DPIA questionnaire used */
    version: string;
    /**
     * Whether prior consultation with NDPC is required
     * Per NDPA Section 28(2), consultation is required when DPIA indicates high residual risk
     */
    ndpcConsultationRequired?: boolean;
    /** Date when NDPC consultation was initiated */
    ndpcConsultationDate?: number;
    /** Reference number from NDPC consultation */
    ndpcConsultationReference?: string;
    /**
     * The lawful basis for the processing activity being assessed
     */
    lawfulBasis?: string;
    /**
     * Whether this DPIA involves cross-border data transfers
     */
    involvesCrossBorderTransfer?: boolean;
}

/**
 * Represents a risk identified in the DPIA
 */
export declare interface DPIARisk {
    /** Unique identifier for the risk */
    id: string;
    /** Description of the risk */
    description: string;
    /** Likelihood of the risk occurring (1-5) */
    likelihood: number;
    /** Impact if the risk occurs (1-5) */
    impact: number;
    /** Overall risk score (likelihood * impact) */
    score: number;
    /** Risk level based on the score */
    level: 'low' | 'medium' | 'high' | 'critical';
    /** Measures to mitigate the risk */
    mitigationMeasures?: string[];
    /** Whether the risk has been mitigated */
    mitigated: boolean;
    /** Residual risk score after mitigation */
    residualScore?: number;
    /** Questions that identified this risk */
    relatedQuestionIds: string[];
}

/**
 * Represents a section in the DPIA questionnaire
 */
export declare interface DPIASection {
    /** Unique identifier for the section */
    id: string;
    /** Title of the section */
    title: string;
    /** Description of the section */
    description?: string;
    /** Questions in this section */
    questions: DPIAQuestion[];
    /** Order of the section in the questionnaire */
    order: number;
}

/**
 * Represents a data subject request
 */
export declare interface DSRRequest {
    /** Unique identifier for the request */
    id: string;
    /** Type of request */
    type: DSRType;
    /** Current status of the request */
    status: DSRStatus;
    /** Timestamp when the request was submitted */
    createdAt: number;
    /** Timestamp when the request was last updated */
    updatedAt: number;
    /** Timestamp when the request was completed (if applicable) */
    completedAt?: number;
    /** Timestamp when the identity was verified (if applicable) */
    verifiedAt?: number;
    /**
     * Due date for responding to the request (timestamp)
     * NDPA requires response within 30 days of receipt
     */
    dueDate?: number;
    /** Description or details of the request */
    description?: string;
    /**
     * The lawful basis under which the data was originally processed
     * Relevant for evaluating objection and erasure requests
     */
    lawfulBasis?: string;
    /** Data subject information */
    subject: {
        name: string;
        email: string;
        phone?: string;
        identifierValue?: string;
        identifierType?: string;
    };
    /** Additional information provided by the data subject */
    additionalInfo?: Record<string, string | number | boolean | null>;
    /** Notes added by staff processing the request */
    internalNotes?: Array<{
        timestamp: number;
        author: string;
        note: string;
    }>;
    /** Verification status */
    verification?: {
        verified: boolean;
        method?: string;
        verifiedAt?: number;
        verifiedBy?: string;
    };
    /** Reason for rejection (if status is 'rejected') */
    rejectionReason?: string;
    /** Files attached to the request */
    attachments?: Array<{
        id: string;
        name: string;
        type: string;
        url: string;
        addedAt: number;
    }>;
    /**
     * Whether an extension was requested for this DSR
     * NDPA allows a one-time extension of 30 days with justification
     */
    extensionRequested?: boolean;
    /** Reason for the extension, if requested */
    extensionReason?: string;
}

/**
 * Status of a data subject request
 */
export declare type DSRStatus = 'pending' | 'awaitingVerification' | 'inProgress' | 'completed' | 'rejected';

/**
 * Validated DSR submission shape — matches what `<DSRRequestForm onSubmit>`
 * emits client-side. Use this as the typed parameter for your server-side
 * handler after `validateDsrSubmissionStructured` returns `valid: true`.
 */
export declare interface DsrSubmissionPayload {
    requestType: string;
    dataSubject: {
        fullName: string;
        email: string;
        phone?: string;
        identifierType: string;
        identifierValue: string;
    };
    additionalInfo?: Record<string, string | number | boolean | null>;
    submittedAt: number;
}

/**
 * Data Subject Rights types aligned with NDPA 2023 Part VI (Sections 34-38)
 * and the related provisions in Part V (Section 27 — information to the data subject)
 * and Part X (Section 46 — complaint to the Commission).
 *
 * Note: These are guidance labels — not legal advice. Verify with your DPO or counsel.
 */
/**
 * Types of data subject requests per NDPA Part VI
 * - 'information': Right to be informed (Section 27 — provision of information; Section 34(1)(a))
 * - 'access': Right of access / confirmation + data copy (Section 34(1)(a)–(b))
 * - 'rectification': Right to rectification (Section 34(1)(c))
 * - 'erasure': Right to erasure (Section 34(1)(d), Section 34(2))
 * - 'restriction': Right to restrict processing (Section 34(1)(e))
 * - 'portability': Right to data portability (Section 38)
 * - 'objection': Right to object (Section 36)
 * - 'automated_decision_making': Rights re. automated decisions / profiling (Section 37)
 * - 'withdraw_consent': Right to withdraw consent (Section 35)
 */
export declare type DSRType = 'information' | 'access' | 'rectification' | 'erasure' | 'restriction' | 'portability' | 'objection' | 'automated_decision_making' | 'withdraw_consent';

export declare type EffortLevel = 'low' | 'medium' | 'high';

/**
 * NDPA policy compliance checker.
 *
 * Evaluates a {@link PrivacyPolicy} against 15 requirements drawn from
 * the Nigeria Data Protection Act (NDPA) 2023, producing a scored
 * {@link ComplianceResult} with actionable gaps.
 *
 * Scoring:
 *   6 critical  @ 10 pts = 60
 *   5 important @  7 pts = 35
 *   4 recommended @ 5 pts = 20
 *   Total max = 115
 *
 * Rating thresholds:
 *   >= 100 → compliant
 *   >=  80 → nearly_compliant
 *   <   80 → not_compliant
 */

/**
 * Evaluates a privacy policy against 15 NDPA 2023 requirements and
 * returns a scored compliance result with actionable gap information.
 *
 * @param policy  - The privacy policy to evaluate.
 * @param context - The template context that was used to generate the policy.
 * @returns A {@link ComplianceResult} with score, rating, gaps, and passed ids.
 */
export declare function evaluatePolicyCompliance(policy: PrivacyPolicy, context: TemplateContext): ComplianceResult;

/**
 * Export a PrivacyPolicy as a Word (.docx) Blob using the `docx` library
 * (optional peer dependency).
 *
 * Features:
 * - Title paragraph with large bold text
 * - Organisation name + version subtitle
 * - Optional table of contents placeholder heading
 * - All included policy sections as Heading 1 + body paragraphs / bullet lists
 * - Running header (org name) and page-number footer on every page
 *
 * @throws {Error} if the `docx` package is not installed
 */
export declare function exportDOCX(policy: PrivacyPolicy, options?: DOCXExportOptions): Promise<Blob>;

/**
 * Export a PrivacyPolicy as a self-contained HTML string.
 *
 * The returned string includes:
 * - An embedded `<style>` block (responsive, dark/light, print-friendly)
 * - An `<article>` wrapper with semantic markup
 * - A `<nav>` table of contents with anchor links
 * - A `<section>` for every included policy section
 * - A metadata footer (org name, effective date, version, generator credit)
 * - Optional custom CSS injection via `options.customCSS`
 */
export declare function exportHTML(policy: PrivacyPolicy, options?: HTMLExportOptions): string;

/**
 * Export a PrivacyPolicy as a clean Markdown string.
 *
 * Structure:
 * ```
 * # Policy Title
 * _Effective: date | Version: X | Org Name_
 *
 * ## Table of Contents
 * - [Section Title](#anchor)
 *
 * ## 1. Section Title
 * Section content...
 * ```
 */
export declare function exportMarkdown(policy: PrivacyPolicy): string;

/**
 * Export a PrivacyPolicy to a PDF Blob using jspdf (optional peer dependency).
 *
 * Requires jspdf >= 4.2.1 (earlier versions carry GHSA-67pg-wm7f-q7fj and
 * GHSA-cjw8-79x6-5cj4). This function uses only core jsPDF text/vector APIs —
 * never `addImage`, `addJS`, or `.html()` — so jspdf's optional deps
 * (canvg, core-js, dompurify, html2canvas) can be omitted (`--omit=optional`).
 *
 * Features:
 * - Optional cover page with title, organisation, date, version and compliance badge
 * - Optional table of contents page
 * - One section per heading, content reflowed to fit the page
 * - Automatic page breaks
 * - Page header (org name) and footer (page X of Y) on every page
 * - PDF metadata (title, author, subject, keywords)
 *
 * @throws {Error} if the `jspdf` package is not installed
 */
export declare function exportPDF(policy: PrivacyPolicy, options?: PDFExportOptions): Promise<Blob>;

/**
 * Exports the Record of Processing Activities to a CSV string.
 * The CSV includes all key fields from each processing record.
 *
 * @param ropa - The full Record of Processing Activities
 * @returns CSV-formatted string
 */
export declare function exportROPAToCSV(ropa: RecordOfProcessingActivities): string;

/**
 * Scan rendered policy text for unfilled placeholder tokens.
 *
 * Detects two token forms:
 * - `«TODO: fieldName»` — sentinel emitted by {@link assemblePolicy} when
 *   a required org-info field is missing from the context.
 * - `{{fieldName}}` — mustache token that escaped substitution (either
 *   because the variable wasn't declared or its value was empty).
 *
 * Returns a deduplicated list of the field names found. An empty array
 * means the rendered text is fully populated.
 *
 * Two recommended uses:
 *
 * 1. **CI guard** — assert your canonical org-info fixture renders without
 *    leaving any tokens behind:
 *    ```ts
 *    const html = exportHTML(policy);
 *    expect(findUnfilledTokens(html)).toEqual([]);
 *    ```
 *
 * 2. **Runtime guard** — surface a clear error to compliance officers
 *    before they publish a policy with `{{orgName}}` visible to visitors:
 *    ```ts
 *    const missing = findUnfilledTokens(getPolicyText().fullText);
 *    if (missing.length) throw new Error(`Policy is missing: ${missing.join(', ')}`);
 *    ```
 *
 * @param rendered - The substituted policy text (from `exportHTML`,
 *                   `exportMarkdown`, or `usePrivacyPolicy().getPolicyText().fullText`).
 * @returns Deduplicated array of unfilled field names; `[]` if fully filled.
 */
export declare function findUnfilledTokens(rendered: string): string[];

export declare interface FormatAuditReportOptions {
    /** Wrap status symbols in ANSI colour codes. Default false. */
    color?: boolean;
}

/**
 * Format a DSR request for display or submission. Returns the formatted
 * payload plus a typed `errors` array of `{ field, code, message }` for any
 * required fields missing from the source request.
 *
 * Codes emitted:
 * - `request_id_required`
 * - `request_type_required`
 * - `request_status_required`
 * - `created_at_required`
 * - `subject_name_required`
 * - `subject_email_required`
 */
export declare function formatDSRRequestStructured(request: DSRRequest): FormatDSRRequestStructuredResult;

/** Result of {@link formatDSRRequestStructured}. */
export declare interface FormatDSRRequestStructuredResult {
    valid: boolean;
    errors: StructuredValidationError[];
    /** Formatted request payload — always populated regardless of `valid`. */
    formattedRequest: Record<string, unknown>;
    /** Narrowed input — populated only on `valid: true`. */
    data?: DSRRequest;
}

/**
 * Render an `NdprAuditResult` as a plain-text report.
 */
export declare function formatNdprAuditReport(result: NdprAuditResult, options?: FormatAuditReportOptions): string;

export declare const frenchLocale: Required<{
    [K in keyof NDPRLocale]: Required<NonNullable<NDPRLocale[K]>>;
}>;

/**
 * Derive the CAR schedule and status for a DCPMI under NDPC GAID 2025.
 */
export declare function generateComplianceAuditReturn(input: CARInput, options?: CAROptions): ComplianceAuditReturn;

/**
 * Generates a summary of all lawful basis documentation across processing activities.
 *
 * @param activities Array of processing activities to summarize
 * @returns LawfulBasisSummary with counts, breakdowns, and flagged activities
 */
export declare function generateLawfulBasisSummary(activities: ProcessingActivity[]): LawfulBasisSummary;

/**
 * Generates policy text by replacing variables in a template with organization-specific values
 * @param sectionsOrTemplate The policy sections or template string to generate text for
 * @param organizationInfoOrVariables The organization information or variable map to use for replacement
 * @returns The generated policy text or an object with the generated text and metadata
 */
export declare function generatePolicyText(sectionsOrTemplate: PolicySection[] | string, organizationInfoOrVariables: OrganizationInfo | Record<string, string>): string | {
    fullText: string;
    sectionTexts: Record<string, string>;
    missingVariables: string[];
};

/**
 * Generates a summary of the Record of Processing Activities.
 * Provides statistics and identifies records that are due for review.
 *
 * @param ropa - The full Record of Processing Activities
 * @returns Summary statistics for the ROPA
 */
export declare function generateROPASummary(ropa: RecordOfProcessingActivities): ROPASummary;

/**
 * Retrieves the full consent audit log from localStorage.
 * Returns an empty array if no log exists or parsing fails.
 *
 * @param storageKey - Base storage key (the audit key is derived as `${storageKey}_audit`)
 */
export declare function getAuditLog(storageKey?: string): ConsentAuditEntry[];

/**
 * Evaluate an organisation's NDPA compliance across all modules.
 *
 * @param input - Compliance input object
 * @returns ComplianceReport with overall score, per-module breakdown, and sorted recommendations
 */
export declare function getComplianceScore(input: ComplianceInput): ComplianceReport;

/**
 * Returns a human-readable description of a lawful basis with the relevant
 * NDPA section reference.
 *
 * @param basis The lawful basis to describe
 * @returns Description string including NDPA section reference
 */
export declare function getLawfulBasisDescription(basis: LawfulBasis): string;

/**
 * Returns a human-readable description of a transfer mechanism with its NDPA section reference.
 *
 * @param mechanism The transfer mechanism
 * @returns Description including the relevant NDPA section
 */
export declare function getTransferMechanismDescription(mechanism: TransferMechanism): string;

export declare const hausaLocale: Required<{
    [K in keyof NDPRLocale]: Required<NonNullable<NDPRLocale[K]>>;
}>;

/** Options for HTML export of the finalised policy. */
export declare interface HTMLExportOptions {
    includeStyles?: boolean;
    includePrintCSS?: boolean;
    customCSS?: string;
    /**
     * Theme controlling the embedded design tokens.
     *
     * - `'light'` (default): emits the light token palette only. No
     *   `prefers-color-scheme: dark` block is included, so a visitor's OS
     *   dark-mode setting will NOT recolour the policy. This is the right
     *   default for an embedded compliance widget — most consumer host sites
     *   are single-theme and Shadow DOM does not isolate `prefers-color-scheme`.
     * - `'dark'`: emits the dark token palette as the primary style.
     * - `'auto'`: emits light tokens plus a `@media (prefers-color-scheme: dark)`
     *   block that swaps to dark on the user's OS preference. Use this when
     *   your host site genuinely follows OS dark mode and you want the policy
     *   to match.
     *
     * Pre-3.4.1 the export effectively behaved like `'auto'` unconditionally,
     * which leaked dark colours into light-only host sites via Shadow DOM.
     *
     * @default 'light'
     */
    theme?: 'light' | 'dark' | 'auto';
}

/**
 * Identifies compliance gaps in the Record of Processing Activities.
 * Finds records that are missing required information per NDPA 2023.
 *
 * @param ropa - The full Record of Processing Activities
 * @returns Array of compliance gaps grouped by record
 */
export declare function identifyComplianceGaps(ropa: RecordOfProcessingActivities): ROPAComplianceGap[];

export declare const igboLocale: Required<{
    [K in keyof NDPRLocale]: Required<NonNullable<NDPRLocale[K]>>;
}>;

/**
 * Policy engine types for the adaptive privacy policy generator.
 * These types power the wizard-driven policy builder, compliance checker,
 * and export functionality — all aligned with the NDPA 2023.
 */

/** Industry verticals with sector-specific compliance requirements. */
export declare type Industry = 'fintech' | 'healthcare' | 'ecommerce' | 'saas' | 'education' | 'government' | 'other';

/**
 * Returns whether NDPC approval is required for a given transfer mechanism.
 * Under NDPA Section 42(5), the Commission may approve binding corporate rules,
 * codes of conduct, certification mechanisms, or similar instruments. Standard
 * contractual clauses are one of the appropriate safeguards under Section 41(1)(a)
 * and the Commission may approve them per Section 42(4).
 *
 * @param mechanism The transfer mechanism
 * @returns Whether NDPC approval is typically required
 */
export declare function isNDPCApprovalRequired(mechanism: TransferMechanism): boolean;

/**
 * Built-in registry of widely deployed third-party cookies, so an undeclared
 * cookie can often still be identified (provider + likely category). Override
 * or extend via {@link CookieScanOptions.knownCookies}; categories follow the
 * common necessary / functional / analytics / marketing taxonomy.
 */
export declare const KNOWN_COOKIES: DeclaredCookie[];

/**
 * Lawful Basis types aligned with NDPA 2023 Part III (Sections 24-28)
 * Every processing activity must have a documented lawful basis
 */
/**
 * The six lawful bases for processing personal data per NDPA Section 25(1)
 */
export declare type LawfulBasis = 'consent' | 'contract' | 'legal_obligation' | 'vital_interests' | 'public_interest' | 'legitimate_interests';

/**
 * Compliance gap identified across processing activities
 */
export declare interface LawfulBasisComplianceGap {
    activityId: string;
    activityName: string;
    type: 'missing_approval' | 'overdue_review' | 'missing_justification' | 'missing_lia' | 'missing_sensitive_condition' | 'missing_retention' | 'missing_data_categories' | 'missing_purposes';
    severity: 'high' | 'medium' | 'low';
    description: string;
}

/**
 * Summary of all lawful basis documentation for compliance reporting
 */
export declare interface LawfulBasisSummary {
    /** Total number of processing activities */
    totalActivities: number;
    /** Breakdown by lawful basis */
    byBasis: Record<LawfulBasis, number>;
    /** Number of activities involving sensitive data */
    sensitiveDataActivities: number;
    /** Number of activities involving cross-border transfers */
    crossBorderActivities: number;
    /** Activities due for review */
    activitiesDueForReview: ProcessingActivity[];
    /** Activities without DPO approval */
    activitiesWithoutApproval: ProcessingActivity[];
    /** Last updated timestamp */
    lastUpdated: number;
}

/**
 * Lawful basis for processing personal data per NDPA Section 25(1)
 */
export declare type LawfulBasisType = 'consent' | 'contract' | 'legal_obligation' | 'vital_interests' | 'public_interest' | 'legitimate_interests';

/**
 * Validation result for a processing activity
 */
export declare interface LawfulBasisValidationResult {
    isValid: boolean;
    errors: string[];
    warnings: string[];
}

/**
 * Full disclaimer suitable for PDF/DOCX footers and exported artifacts.
 */
export declare const LEGAL_DISCLAIMER_LONG: string;

/**
 * Short disclaimer suitable for component captions and dashboard footers.
 * One line, no markdown.
 */
export declare const LEGAL_DISCLAIMER_SHORT = "Generated for guidance only. Not legal advice \u2014 verify with your DPO or counsel.";

/**
 * Returns the long disclaimer wrapped with a leading heading suitable for
 * embedding at the foot of an exported document.
 */
export declare function legalDisclaimerBlock(heading?: string): string;

/**
 * Represents a Legitimate Interest Assessment (LIA)
 * Required when the lawful basis is 'legitimate_interests'
 */
export declare interface LegitimateInterestAssessment {
    /** Unique identifier */
    id: string;
    /** ID of the associated processing activity */
    processingActivityId: string;
    /** Date the assessment was conducted */
    assessmentDate: number;
    /** Person who conducted the assessment */
    assessor: {
        name: string;
        role: string;
        email: string;
    };
    /** Description of the legitimate interest being pursued */
    purposeTest: string;
    /** Why the processing is necessary for this purpose */
    necessityTest: string;
    /** Balancing test: rights of data subject vs. legitimate interest */
    balancingTest: string;
    /** Safeguards applied to protect data subject rights */
    safeguards: string[];
    /** Overall conclusion */
    conclusion: string;
    /** Whether the assessment concluded the processing is justified */
    approved: boolean;
}

/**
 * Storage adapter backed by `window.localStorage`. The default adapter used
 * by every hook in the toolkit when no `adapter` prop is supplied.
 *
 * Safe to import server-side — every method short-circuits when
 * `window` is undefined, so calling `load()` on the server returns `null`.
 *
 * @example
 * ```ts
 * import { localStorageAdapter } from '@tantainnovative/ndpr-toolkit/adapters';
 * import { useConsent } from '@tantainnovative/ndpr-toolkit/hooks';
 *
 * const adapter = localStorageAdapter('ndpr_consent');
 * useConsent({ options, adapter });
 * ```
 */
export declare function localStorageAdapter<T = unknown>(key: string): StorageAdapter<T>;

/**
 * Storage adapter backed by an in-memory value. Useful in tests, Storybook,
 * SSR previews, or anywhere persistence across reloads is undesirable.
 *
 * @example
 * ```ts
 * import { memoryAdapter } from '@tantainnovative/ndpr-toolkit/adapters';
 * import { useConsent } from '@tantainnovative/ndpr-toolkit/hooks';
 *
 * const adapter = memoryAdapter({ consents: {}, version: '1.0' });
 * useConsent({ options, adapter });
 * ```
 */
export declare function memoryAdapter<T = unknown>(initialData?: T): StorageAdapter<T>;

/**
 * Deep merges a partial locale with the default English locale.
 * Any missing keys fall back to English.
 */
export declare function mergeLocale(partial?: NDPRLocale): typeof defaultLocale;

export declare interface ModuleScore {
    /** Module name (e.g. "consent") */
    name: string;
    /** Raw module score 0-100 */
    score: number;
    /** Maximum possible score for this module (always 100) */
    maxScore: number;
    /** Weighted contribution to the overall score */
    weightedScore: number;
    /** NDPA sections this module maps to */
    ndpaSections: string[];
    /** Gaps found — list of human-readable gap descriptions */
    gaps: string[];
}

/**
 * Aggregate NDPA 2023 compliance audit — combines the compliance-score engine
 * with the GAID 2025 DCPMI classifier, Compliance Audit Returns scheduler, and
 * breach-notification checker into a single pass/fail result suitable for CI.
 *
 * Pure and React-free: drive it from a config file via the `ndpr audit` CLI, a
 * CI job, or a server route. Not legal advice — verify against current NDPC
 * guidance.
 */

export declare interface NdprAuditInput {
    /** Compliance posture across the 8 NDPA modules. */
    compliance: ComplianceInput;
    /** Optional DCPMI classification input (GAID 2025 registration). */
    dcpmi?: DCPMIInput;
    /** Optional Compliance Audit Returns scheduling input. */
    car?: CARInput;
    /** Optional breach reports to check against the S. 40 / Article 33 duty. */
    breaches?: BreachReport[];
}

export declare interface NdprAuditOptions {
    /** Minimum overall compliance score required to pass. Default 70. */
    minScore?: number;
    dcpmiOptions?: DCPMIClassificationOptions;
    carOptions?: CAROptions;
    breachOptions?: BreachNotificationOptions;
}

export declare interface NdprAuditResult {
    /** True when the score meets `minScore` and no check is a hard failure. */
    passed: boolean;
    score: number;
    rating: ComplianceRating;
    minScore: number;
    checks: AuditCheck[];
    compliance: ComplianceReport;
    dcpmi?: DCPMIClassification;
    car?: ComplianceAuditReturn;
    breaches: Array<{
        id: string;
        title: string;
        assessment: BreachNotificationAssessment;
    }>;
    summary: {
        pass: number;
        warn: number;
        fail: number;
    };
    generatedAt: string;
}

/**
 * Locale strings for all toolkit components.
 * Pass partial overrides — missing keys fall back to English defaults.
 */
export declare interface NDPRLocale {
    consent?: {
        title?: string;
        description?: string;
        acceptAll?: string;
        rejectAll?: string;
        customize?: string;
        savePreferences?: string;
        selectAll?: string;
        deselectAll?: string;
        required?: string;
        cookieNotice?: string;
        /** ConsentManager component title */
        managerTitle?: string;
        /** ConsentManager component description */
        managerDescription?: string;
        /** ConsentManager reset button */
        resetToDefaults?: string;
    };
    dsr?: {
        title?: string;
        description?: string;
        submitRequest?: string;
        reset?: string;
        fullName?: string;
        email?: string;
        phone?: string;
        requestType?: string;
        additionalInfo?: string;
        identityVerification?: string;
        identifierType?: string;
        identifierValue?: string;
        privacyNotice?: string;
        successMessage?: string;
        /** DSRDashboard component title */
        dashboardTitle?: string;
        /** DSRDashboard component description */
        dashboardDescription?: string;
        /** DSRTracker component title */
        trackerTitle?: string;
        /** DSRTracker component description */
        trackerDescription?: string;
    };
    breach?: {
        title?: string;
        description?: string;
        submitReport?: string;
        breachTitle?: string;
        category?: string;
        discoveredAt?: string;
        detailedDescription?: string;
        /** BreachRiskAssessment component title */
        riskAssessmentTitle?: string;
        /** BreachRiskAssessment component description */
        riskAssessmentDescription?: string;
        /** BreachNotificationManager component title */
        notificationManagerTitle?: string;
        /** BreachNotificationManager component description */
        notificationManagerDescription?: string;
        /** RegulatoryReportGenerator component title */
        regulatoryReportTitle?: string;
        /** RegulatoryReportGenerator component description */
        regulatoryReportDescription?: string;
    };
    dpia?: {
        title?: string;
        next?: string;
        previous?: string;
        complete?: string;
        progress?: string;
        /** DPIAQuestionnaire submit button (last section) */
        submit?: string;
        /** DPIAReport main report title */
        reportTitle?: string;
    };
    policy?: {
        title?: string;
        generate?: string;
        preview?: string;
        export?: string;
        sections?: string;
        variables?: string;
        /** PolicyGenerator component title */
        generatorTitle?: string;
        /** PolicyGenerator component description */
        generatorDescription?: string;
        /** PolicyPreview component title */
        previewTitle?: string;
        /** PolicyPreview component description */
        previewDescription?: string;
        /** PolicyExporter component title */
        exporterTitle?: string;
        /** PolicyExporter component description */
        exporterDescription?: string;
        /** AdaptivePolicyWizard heading */
        wizardTitle?: string;
    };
    lawfulBasis?: {
        /** LawfulBasisTracker title */
        title?: string;
        /** LawfulBasisTracker description */
        description?: string;
    };
    crossBorder?: {
        /** CrossBorderTransferManager title */
        title?: string;
        /** CrossBorderTransferManager description */
        description?: string;
    };
    ropa?: {
        /** ROPAManager title */
        title?: string;
        /** ROPAManager description */
        description?: string;
    };
    compliance?: {
        score?: string;
        excellent?: string;
        good?: string;
        needsWork?: string;
        critical?: string;
        recommendations?: string;
        passed?: string;
        gaps?: string;
    };
    common?: {
        loading?: string;
        error?: string;
        save?: string;
        cancel?: string;
        delete?: string;
        edit?: string;
        add?: string;
        back?: string;
        next?: string;
        search?: string;
        noResults?: string;
    };
}

/**
 * Represents notification requirements for a data breach per NDPA Section 40
 */
export declare interface NotificationRequirement {
    /**
     * Whether NDPC notification is required
     * Per NDPA Section 40, notification to NDPC is required for all breaches
     * that pose a risk to data subjects' rights and freedoms
     */
    ndpcNotificationRequired: boolean;
    /**
     * Deadline for NDPC notification (72 hours from discovery)
     * NDPA Section 40(1)
     */
    ndpcNotificationDeadline: number;
    /**
     * Whether data subject notification is required
     * Per NDPA Section 40(4), required when breach is likely to result in
     * high risk to rights and freedoms of data subjects
     */
    dataSubjectNotificationRequired: boolean;
    /** Justification for the notification decision */
    justification: string;
    /**
     * @deprecated Use ndpcNotificationRequired instead. Kept for backward compatibility.
     */
    nitdaNotificationRequired?: boolean;
    /**
     * @deprecated Use ndpcNotificationDeadline instead. Kept for backward compatibility.
     */
    nitdaNotificationDeadline?: number;
}

/**
 * Static metadata for every template — useful for picker UIs that need
 * to list available templates with a one-line description.
 */
export declare const ORG_POLICY_TEMPLATE_REGISTRY: Record<OrgPolicyTemplateId, {
    id: OrgPolicyTemplateId;
    label: string;
    description: string;
    /** Best-fit org examples to show in the picker. */
    examples: readonly string[];
}>;

/**
 * Represents organization information for a privacy policy
 */
export declare interface OrganizationInfo {
    /** Name of the organization */
    name: string;
    /** Website URL of the organization */
    website: string;
    /** Contact email for privacy inquiries */
    privacyEmail: string;
    /** Physical address of the organization */
    address?: string;
    /** Phone number for privacy inquiries */
    privacyPhone?: string;
    /** Name of the Data Protection Officer */
    dpoName?: string;
    /** Email of the Data Protection Officer */
    dpoEmail?: string;
    /** Industry or sector of the organization */
    industry?: string;
    /** NDPC registration number (if registered) */
    ndpcRegistrationNumber?: string;
}

/**
 * Org-specific privacy-policy templates — pre-filled `TemplateContext`
 * factories for the most common Nigerian app shapes.
 *
 * Each template returns a fully-populated `TemplateContext` with:
 * - industry set to the matching `Industry` value
 * - the data categories the sector typically collects (selected: true)
 * - the processing purposes that match the business model
 * - sensitive-data / children / cross-border / automated-decisions flags
 *   set to the defaults that org type usually needs (a school will have
 *   children data, a hospital will have sensitive data, etc.)
 *
 * Templates are guidance starters. The wizard still walks the user through
 * every step — they can flip any flag, add/remove categories, or rewrite
 * any section before the policy is finalised. The legal-notice footer the
 * toolkit ships everywhere applies to the generated output.
 *
 * @example
 *   import { templateContextFor } from '@tantainnovative/ndpr-toolkit/server';
 *   const ctx = templateContextFor('ecommerce', { orgName: 'Acme NG' });
 *   const draft = assemblePolicy(ctx);
 */

/** Identifiers for the bundled org templates. */
export declare type OrgPolicyTemplateId = 'saas' | 'ecommerce' | 'school' | 'healthcare' | 'procurement';

/** Optional overrides applied on top of a template's defaults. */
export declare interface OrgPolicyTemplateOverrides {
    /** Organisation name (e.g. "Acme Nigeria Ltd"). Default: empty. */
    orgName?: string;
    /** Public website URL. */
    website?: string;
    /** Privacy contact email. */
    privacyEmail?: string;
    /** Postal address. */
    address?: string;
    /** DPO name. Required for DCPMI under NDPA Section 32. */
    dpoName?: string;
    /** DPO email. Required for the NDPC breach-notification contact. */
    dpoEmail?: string;
}

/** Organisation size tiers — affects complexity of generated language. */
export declare type OrgSize = 'startup' | 'midsize' | 'enterprise';

/** Options for PDF export of the finalised policy. */
export declare interface PDFExportOptions {
    includeCoverPage?: boolean;
    includeTOC?: boolean;
    includeComplianceBadge?: boolean;
    logoUrl?: string;
    filename?: string;
}

export declare const pidginLocale: Required<{
    [K in keyof NDPRLocale]: Required<NonNullable<NDPRLocale[K]>>;
}>;

/** Represents an in-progress policy being built in the wizard. */
export declare interface PolicyDraft {
    /** Unique identifier for the draft. */
    id: string;
    /** The template context driving section generation. */
    templateContext: TemplateContext;
    /** Custom sections added by the user. */
    customSections: CustomSection[];
    /** Per-section content overrides keyed by section id. */
    sectionOverrides: Record<string, string>;
    /** Ordered list of section ids defining the final order. */
    sectionOrder: string[];
    /** Current wizard step (0-indexed). */
    currentStep: number;
    /** Timestamp of the last save. */
    lastSavedAt: number;
    /** The draft is always in "draft" status until finalised. */
    status: 'draft';
}

/**
 * Privacy policy types aligned with NDPA 2023
 * Privacy policies must clearly inform data subjects of their rights under the NDPA
 */
/**
 * Represents a section in a privacy policy
 */
export declare interface PolicySection {
    /** Unique identifier for the section */
    id: string;
    /** Title of the section */
    title: string;
    /** Description of the section */
    description?: string;
    /** Order of the section in the policy */
    order?: number;
    /** Whether the section is required by NDPA */
    required: boolean;
    /** Template text for the section */
    template: string;
    /**
     * Default content for the section (legacy field)
     * @deprecated Use template instead
     */
    defaultContent?: string;
    /**
     * Custom content for the section (overrides default content)
     * @deprecated Use template instead
     */
    customContent?: string;
    /** Whether the section is included in the policy */
    included: boolean;
    /** Variables that can be used in the section content */
    variables?: string[];
}

/**
 * Represents a privacy policy template
 */
export declare interface PolicyTemplate {
    /** Unique identifier for the template */
    id: string;
    /** Name of the template */
    name: string;
    /** Description of the template */
    description: string;
    /** Type of organization the template is designed for */
    organizationType: 'business' | 'nonprofit' | 'government' | 'educational';
    /** Sections included in the template */
    sections: PolicySection[];
    /** Variables used across the template */
    variables: Record<string, {
        name: string;
        description: string;
        required: boolean;
        defaultValue?: string;
    }>;
    /** Version of the template */
    version: string;
    /** Last updated date of the template */
    lastUpdated: number;
    /**
     * Whether this template is NDPA 2023 compliant
     */
    ndpaCompliant: boolean;
}

/**
 * Represents a variable in a privacy policy
 */
export declare interface PolicyVariable {
    /** Unique identifier for the variable */
    id: string;
    /** Name of the variable as it appears in the template */
    name: string;
    /** Description of the variable */
    description: string;
    /** Default value for the variable */
    defaultValue?: string;
    /** Current value of the variable */
    value: string;
    /** Type of input for the variable */
    inputType: 'text' | 'textarea' | 'email' | 'url' | 'date' | 'select';
    /** Options for select inputs */
    options?: string[];
    /** Whether the variable is required */
    required: boolean;
}

/**
 * Represents a generated privacy policy
 */
export declare interface PrivacyPolicy {
    /** Unique identifier for the policy */
    id: string;
    /** Title of the policy */
    title: string;
    /** Template used to generate the policy */
    templateId: string;
    /** Organization information */
    organizationInfo: OrganizationInfo;
    /** Sections of the policy */
    sections: PolicySection[];
    /** Values for the variables used in the policy */
    variableValues: Record<string, string>;
    /** Effective date of the policy */
    effectiveDate: number;
    /** Last updated date of the policy */
    lastUpdated: number;
    /** Version of the policy */
    version: string;
    /**
     * Applicable legal frameworks
     */
    applicableFrameworks?: ('ndpa' | 'ndpr' | 'gdpr' | 'ccpa')[];
}

/**
 * Represents a processing activity and its lawful basis
 */
export declare interface ProcessingActivity {
    /** Unique identifier */
    id: string;
    /** Name of the processing activity */
    name: string;
    /** Description of what processing is performed */
    description: string;
    /** The lawful basis for this processing activity */
    lawfulBasis: LawfulBasis;
    /** Justification for why this lawful basis applies */
    lawfulBasisJustification: string;
    /** Categories of personal data being processed */
    dataCategories: string[];
    /** Whether sensitive personal data is involved */
    involvesSensitiveData: boolean;
    /** Condition for processing sensitive data (required if involvesSensitiveData is true) */
    sensitiveDataCondition?: SensitiveDataCondition;
    /** Categories of data subjects */
    dataSubjectCategories: string[];
    /** Purposes of the processing */
    purposes: string[];
    /** Data retention period */
    retentionPeriod: string;
    /** Justification for the retention period */
    retentionJustification?: string;
    /** Recipients or categories of recipients */
    recipients?: string[];
    /** Whether data is transferred outside Nigeria */
    crossBorderTransfer: boolean;
    /** Timestamp when the record was created */
    createdAt: number;
    /** Timestamp when the record was last updated */
    updatedAt: number;
    /** Next review date */
    reviewDate?: number;
    /** Status of the processing activity */
    status: 'active' | 'inactive' | 'under_review' | 'archived';
    /** DPO approval details */
    dpoApproval?: {
        approved: boolean;
        approvedBy: string;
        approvedAt: number;
        notes?: string;
    };
}

/** Lawful processing purposes recognised under the NDPA. */
export declare type ProcessingPurpose = 'service_delivery' | 'marketing' | 'analytics' | 'research' | 'legal_compliance' | 'fraud_prevention';

/**
 * Record of Processing Activities (ROPA) types aligned with NDPA 2023
 * Data controllers must maintain comprehensive records of all processing activities
 */

/**
 * Represents a single processing record in the ROPA
 */
export declare interface ProcessingRecord {
    /** Unique identifier */
    id: string;
    /** Name of the processing activity */
    name: string;
    /** Detailed description of the processing */
    description: string;
    /** Data controller details */
    controllerDetails: {
        name: string;
        contact: string;
        address: string;
        registrationNumber?: string;
        dpoContact?: string;
    };
    /** Joint controller details (if applicable) */
    jointControllerDetails?: {
        name: string;
        contact: string;
        address: string;
        responsibilities: string;
    };
    /** Data processor details (if processing is outsourced) */
    processorDetails?: {
        name: string;
        contact: string;
        address: string;
        contractReference?: string;
    };
    /** Lawful basis for the processing */
    lawfulBasis: LawfulBasis;
    /** Justification for the chosen lawful basis */
    lawfulBasisJustification: string;
    /** Purposes of the processing */
    purposes: string[];
    /** Categories of personal data processed */
    dataCategories: string[];
    /** Categories of sensitive personal data (if any) */
    sensitiveDataCategories?: string[];
    /** Categories of data subjects */
    dataSubjectCategories: string[];
    /** Recipients or categories of recipients */
    recipients: string[];
    /** Cross-border transfer details */
    crossBorderTransfers?: Array<{
        destinationCountry: string;
        countryCode?: string;
        safeguards: string;
        transferMechanism: string;
    }>;
    /** Data retention period */
    retentionPeriod: string;
    /** Justification for the retention period */
    retentionJustification?: string;
    /** Technical and organizational security measures */
    securityMeasures: string[];
    /** Data source (directly from data subject or from third party) */
    dataSource: 'data_subject' | 'third_party' | 'public_source' | 'other';
    /** Third-party source details (if dataSource is 'third_party') */
    thirdPartySourceDetails?: string;
    /** Whether a DPIA is required for this processing */
    dpiaRequired: boolean;
    /** Reference to the DPIA (if conducted) */
    dpiaReference?: string;
    /** Whether automated decision-making is involved */
    automatedDecisionMaking: boolean;
    /** Details of automated decision-making (if applicable) */
    automatedDecisionMakingDetails?: string;
    /** Status of the processing record */
    status: 'active' | 'inactive' | 'archived';
    /** Department or business unit responsible */
    department?: string;
    /** System or application used for processing */
    systemsUsed?: string[];
    /** Timestamp when the record was created */
    createdAt: number;
    /** Timestamp when the record was last updated */
    updatedAt: number;
    /** Timestamp when the record was last reviewed */
    lastReviewedAt?: number;
    /** Next review date */
    nextReviewDate?: number;
}

export declare interface Recommendation {
    module: string;
    key: string;
    label: string;
    priority: RecommendationPriority;
    effort: EffortLevel;
    recommendation: string;
    ndpaSection: string;
}

export declare type RecommendationPriority = 'critical' | 'high' | 'medium' | 'low';

/**
 * Represents a complete Record of Processing Activities
 */
export declare interface RecordOfProcessingActivities {
    /** Unique identifier */
    id: string;
    /** Organization name */
    organizationName: string;
    /** Organization contact information */
    organizationContact: string;
    /** Organization address */
    organizationAddress: string;
    /** Data Protection Officer details */
    dpoDetails?: {
        name: string;
        email: string;
        phone?: string;
    };
    /** NDPC registration number */
    ndpcRegistrationNumber?: string;
    /** All processing records */
    records: ProcessingRecord[];
    /** Timestamp when the ROPA was last updated */
    lastUpdated: number;
    /** Version of the ROPA */
    version: string;
    /** Export format options */
    exportFormats?: ('pdf' | 'csv' | 'json' | 'xlsx')[];
}

/**
 * Represents a notification sent to the NDPC (Nigeria Data Protection Commission)
 */
export declare interface RegulatoryNotification {
    /** Unique identifier for the notification */
    id: string;
    /** ID of the breach this notification is for */
    breachId: string;
    /** Timestamp when the notification was sent */
    sentAt: number;
    /** Method used to send the notification */
    method: 'email' | 'portal' | 'letter' | 'other';
    /** Reference number assigned by the NDPC (if available) */
    referenceNumber?: string;
    /** Contact person at the NDPC */
    ndpcContact?: {
        name: string;
        email: string;
        phone?: string;
    };
    /** Content of the notification */
    content: string;
    /** Attachments included with the notification */
    attachments?: Array<{
        id: string;
        name: string;
        type: string;
        url: string;
    }>;
    /** Follow-up communications with the NDPC */
    followUps?: Array<{
        timestamp: number;
        direction: 'sent' | 'received';
        content: string;
        attachments?: Array<{
            id: string;
            name: string;
            type: string;
            url: string;
        }>;
    }>;
    /**
     * @deprecated Use ndpcContact instead. Kept for backward compatibility.
     */
    nitdaContact?: {
        name: string;
        email: string;
        phone?: string;
    };
}

export declare interface RegulatoryReference {
    section: string;
    title: string;
    url?: string;
}

/**
 * Legacy status of a data subject request
 * @deprecated Use DSRStatus instead
 */
export declare type RequestStatus = 'pending' | 'verifying' | 'processing' | 'completed' | 'rejected';

/**
 * Represents a type of data subject request (detailed configuration)
 */
export declare interface RequestType {
    /** Unique identifier for the request type */
    id: string;
    /** Display name for the request type */
    name: string;
    /** Description of what this request type entails */
    description: string;
    /**
     * NDPA 2023 section reference for this right
     * (e.g., "Section 34(1)(a)" for access, "Section 38" for portability).
     * Used for display purposes only — verify the exact subsection with counsel.
     */
    ndpaSection?: string;
    /**
     * Estimated time to fulfill this type of request (in days)
     * NDPA requires response within 30 days
     */
    estimatedCompletionTime: number;
    /** Whether additional information is required for this request type */
    requiresAdditionalInfo: boolean;
    /** Custom fields required for this request type */
    additionalFields?: Array<{
        id: string;
        label: string;
        type: 'text' | 'textarea' | 'select' | 'checkbox' | 'file';
        options?: string[];
        required: boolean;
        placeholder?: string;
    }>;
}

/**
 * Represents a risk assessment for a data breach
 */
export declare interface RiskAssessment {
    /** Unique identifier for the risk assessment */
    id: string;
    /** ID of the breach this assessment is for */
    breachId: string;
    /** Timestamp when the assessment was conducted */
    assessedAt: number;
    /** Person who conducted the assessment */
    assessor: {
        name: string;
        role: string;
        email: string;
    };
    /** Confidentiality impact (1-5) */
    confidentialityImpact: number;
    /** Integrity impact (1-5) */
    integrityImpact: number;
    /** Availability impact (1-5) */
    availabilityImpact: number;
    /** Likelihood of harm to data subjects (1-5) */
    harmLikelihood: number;
    /** Severity of potential harm to data subjects (1-5) */
    harmSeverity: number;
    /** Overall risk score */
    overallRiskScore: number;
    /** Risk level based on the overall score */
    riskLevel: 'low' | 'medium' | 'high' | 'critical';
    /** Whether the breach is likely to result in a risk to rights and freedoms */
    risksToRightsAndFreedoms: boolean;
    /** Whether the breach is likely to result in a high risk to rights and freedoms */
    highRisksToRightsAndFreedoms: boolean;
    /** Justification for the risk assessment */
    justification: string;
}

/**
 * Compliance gap found in a processing record
 */
export declare interface ROPAComplianceGap {
    recordId: string;
    recordName: string;
    gaps: string[];
}

/**
 * Summary statistics for the ROPA
 */
export declare interface ROPASummary {
    /** Total number of processing records */
    totalRecords: number;
    /** Active processing records */
    activeRecords: number;
    /** Records by lawful basis */
    byLawfulBasis: Record<LawfulBasis, number>;
    /** Records involving sensitive data */
    sensitiveDataRecords: number;
    /** Records involving cross-border transfers */
    crossBorderRecords: number;
    /** Records requiring DPIA */
    dpiaRequiredRecords: number;
    /** Records involving automated decision-making */
    automatedDecisionRecords: number;
    /** Records due for review */
    recordsDueForReview: ProcessingRecord[];
    /** Departments with most processing activities */
    topDepartments: Array<{
        department: string;
        count: number;
    }>;
    /** Last updated timestamp */
    lastUpdated: number;
}

/**
 * Validation result for a processing record
 */
export declare interface ROPAValidationResult {
    valid: boolean;
    errors: string[];
}

/**
 * Run the aggregate NDPA compliance audit.
 */
export declare function runNdprAudit(input: NdprAuditInput, options?: NdprAuditOptions): NdprAuditResult;

/**
 * Sanitizes user input to prevent XSS attacks.
 * Escapes HTML special characters so that data rendered in dashboards
 * or other consumer UIs cannot execute embedded scripts.
 */
export declare function sanitizeInput(input: string): string;

/**
 * Scan the cookies present against your declared cookies and a registry of
 * well-known third-party cookies. Returns which cookies are declared, which are
 * undeclared (and whether they can still be identified), and a per-category view.
 */
export declare function scanCookies(declared?: DeclaredCookie[], options?: CookieScanOptions): CookieScanResult;

export declare interface ScannedCookie {
    /** The cookie name as found in the cookie string. */
    name: string;
    /** Resolved consent category, or `null` when it could not be classified. */
    category: string | null;
    /** Whether it matched your declaration, only the known registry, or nothing. */
    matchedBy: CookieMatchSource;
    provider?: string;
    purpose?: string;
}

/**
 * Additional conditions required for processing sensitive personal data
 * per NDPA Section 30
 */
export declare type SensitiveDataCondition = 'explicit_consent' | 'employment_law' | 'vital_interests_incapable' | 'nonprofit_legitimate' | 'publicly_available' | 'legal_claims' | 'substantial_public_interest' | 'health_purposes' | 'public_health' | 'archiving_research';

/**
 * Storage adapter backed by `window.sessionStorage`. Data is scoped to the
 * current tab and discarded when the tab closes — useful for consent
 * choices that should not survive a fresh session.
 *
 * @example
 * ```ts
 * import { sessionStorageAdapter } from '@tantainnovative/ndpr-toolkit/adapters';
 * import { useConsent } from '@tantainnovative/ndpr-toolkit/hooks';
 *
 * const adapter = sessionStorageAdapter('ndpr_consent');
 * useConsent({ options, adapter });
 * ```
 */
export declare function sessionStorageAdapter<T = unknown>(key: string): StorageAdapter<T>;

export declare interface StorageAdapter<T = unknown> {
    /** Load persisted data. Called once on hook mount. */
    load(): T | null | Promise<T | null>;
    /** Persist data. Called on every state change. */
    save(data: T): void | Promise<void>;
    /** Clear persisted data. Called on reset. */
    remove(): void | Promise<void>;
}

/**
 * Single structured validation error with a stable, locale-independent
 * `code` consumers can switch on programmatically.
 */
export declare interface StructuredValidationError {
    /** Dot-path of the offending field (e.g. `'timestamp'`, `'dataSubject.email'`, `'options[0].purpose'`). */
    field: string;
    /** Stable, snake_case error code — safe to switch on across locales. */
    code: string;
    /** Human-readable English message — informational only; do not regex-match. */
    message: string;
}

/**
 * Result of a structured validator. `errors` is an array (one entry per
 * failed rule). `data` is the narrowed, typed payload, only populated on
 * `valid: true`.
 */
export declare interface StructuredValidationResult<T> {
    valid: boolean;
    errors: StructuredValidationError[];
    data?: T;
}

/** Full context used to generate an adaptive privacy policy. */
export declare interface TemplateContext {
    /** Organisation details, extended with industry and size. */
    org: OrganizationInfo & {
        industry: Industry;
        orgSize: OrgSize;
        country: string;
    };
    /** Data categories the organisation collects. */
    dataCategories: DataCategory[];
    /** Processing purposes relevant to the organisation. */
    purposes: ProcessingPurpose[];
    /** Whether the organisation processes children's data. */
    hasChildrenData: boolean;
    /** Whether the organisation processes sensitive/special-category data. */
    hasSensitiveData: boolean;
    /** Whether the organisation processes financial data. */
    hasFinancialData: boolean;
    /** Whether data is transferred outside Nigeria. */
    hasCrossBorderTransfer: boolean;
    /** Whether automated decision-making or profiling is used. */
    hasAutomatedDecisions: boolean;
    /** Third-party processors that receive personal data. */
    thirdPartyProcessors: ThirdPartyProcessor[];
}

/**
 * Returns a fresh `TemplateContext` pre-filled for the given org type.
 * Pass `overrides` to set organisation details (name, DPO, etc.) inline.
 *
 * Calling without arguments throws — pass a known template id.
 *
 * @example
 *   const ctx = templateContextFor('healthcare', {
 *     orgName: 'Lagos Heart Centre',
 *     dpoEmail: 'dpo@lhc.ng',
 *   });
 */
declare function templateContextFor(id: OrgPolicyTemplateId, overrides?: OrgPolicyTemplateOverrides): TemplateContext;
export { templateContextFor as createOrgTemplate }
export { templateContextFor }

/** A third-party entity that processes data on behalf of the organisation. */
export declare interface ThirdPartyProcessor {
    /** Name of the third party. */
    name: string;
    /** Purpose of sharing data with this processor. */
    purpose: string;
    /** Country where the processor is located. */
    country: string;
}

/**
 * Transfer Impact Assessment (TIA) for cross-border transfers
 */
export declare interface TransferImpactAssessment {
    /** Unique identifier */
    id: string;
    /** ID of the associated cross-border transfer */
    transferId: string;
    /** Date the assessment was conducted */
    assessmentDate: number;
    /** Person who conducted the assessment */
    assessor: {
        name: string;
        role: string;
        email: string;
    };
    /** Analysis of the destination country's legal framework */
    destinationLegalFramework: string;
    /** Whether the destination has data protection legislation */
    hasDataProtectionLaw: boolean;
    /** Whether the destination has an independent supervisory authority */
    hasIndependentAuthority: boolean;
    /** Risk of government access to the data */
    governmentAccessRisk: 'low' | 'medium' | 'high';
    /** Overall assessment of data protection level */
    dataProtectionLevel: 'adequate' | 'partially_adequate' | 'inadequate';
    /** Supplementary measures to address gaps */
    supplementaryMeasures: string[];
    /** Technical measures (encryption, pseudonymization, etc.) */
    technicalMeasures: string[];
    /** Contractual measures */
    contractualMeasures: string[];
    /** Organizational measures */
    organizationalMeasures: string[];
    /** Overall conclusion */
    conclusion: string;
    /** Whether the transfer can proceed based on the assessment */
    approved: boolean;
    /** Conditions for the transfer (if approved with conditions) */
    conditions?: string[];
}

/**
 * Cross-Border Data Transfer types aligned with NDPA 2023 Part VIII (Sections 41-43).
 * Personal data may only be transferred outside Nigeria under the bases listed in
 * Section 41(1), where Section 42 defines adequacy and Section 43 lists derogations.
 *
 * Note: These are guidance labels — not legal advice. Verify with your DPO or counsel.
 */
/**
 * Transfer mechanisms recognized under the NDPA
 */
export declare type TransferMechanism = 'adequacy_decision' | 'standard_clauses' | 'binding_corporate_rules' | 'ndpc_authorization' | 'explicit_consent' | 'contract_performance' | 'public_interest' | 'legal_claims' | 'vital_interests';

/**
 * Risk assessment result for a cross-border transfer
 */
export declare interface TransferRiskResult {
    riskLevel: 'low' | 'medium' | 'high';
    riskScore: number;
    factors: string[];
    recommendations: string[];
}

/**
 * Validation result for a cross-border transfer
 */
export declare interface TransferValidationResult {
    isValid: boolean;
    errors: string[];
    warnings: string[];
}

/**
 * Adaptive privacy policy section generators.
 *
 * Builds NDPA 2023-compliant policy sections based on the organisation's
 * template context (industry, data categories, purposes, flags, etc.).
 *
 * Every section produces a {@link PolicySection} matching the existing
 * interface from `types/privacy.ts`.
 */
export declare const UNFILLED_PREFIX = "\u00ABTODO: ";

export declare const UNFILLED_SUFFIX = "\u00BB";

/**
 * Validates consent options against NDPA Section 26 requirements. Each option
 * is checked for a non-empty `purpose`. Failing options are reported with
 * `field: 'options[i].purpose'` so consumers can map errors back to the
 * originating option index.
 *
 * Codes emitted:
 * - `options_required` — empty / missing options array
 * - `purpose_required` — single option missing a purpose
 */
export declare function validateConsentOptionsStructured(options: ConsentOption[]): StructuredValidationResult<ConsentOption[]>;

/**
 * Validates consent settings against NDPA requirements. Returns structured
 * `{ field, code, message }[]` errors so consumers can switch on `code`
 * across locales without regex-matching English strings.
 *
 * Codes emitted:
 * - `consents_required`
 * - `timestamp_required`
 * - `timestamp_invalid`
 * - `version_required`
 * - `method_required`
 * - `has_interacted_required`
 * - `consent_stale`
 *
 * @example
 * ```ts
 * const { valid, errors, data } = validateConsentStructured(settings);
 * if (!valid) {
 *   const stale = errors.find((e) => e.code === 'consent_stale');
 *   if (stale) showRefreshBanner();
 * }
 * ```
 */
export declare function validateConsentStructured(settings: ConsentSettings): StructuredValidationResult<ConsentSettings>;

/** Options for {@link validateDsrSubmissionStructured}. */
export declare interface ValidateDsrSubmissionOptions {
    /**
     * Whether the data subject is required to provide an identifier
     * (NDPC's recommended verification step). Mirror whatever you set on
     * the client-side `<DSRRequestForm requireIdentityVerification>`.
     * @default true
     */
    requireIdentityVerification?: boolean;
    /**
     * Allowed request types. When provided, the payload's `requestType`
     * must be one of these — useful for locking the server to a specific
     * set of supported NDPA Part VI §34-38 (plus §35, §36, §37) data-subject rights.
     */
    allowedRequestTypes?: string[];
}

/**
 * Validate a raw DSR submission payload against the same rules
 * `<DSRRequestForm />` enforces client-side. Designed to be called from a
 * server-side handler (Next.js Route Handler, NestJS controller, Express
 * middleware, Cloudflare Worker) so client and server stay in sync without
 * the consumer hand-rolling zod / class-validator schemas.
 *
 * Defensive — accepts `unknown` and narrows. Safe to call directly on
 * `await request.json()`. Returns `{ field, code, message }[]` errors so
 * callers can switch on `code` programmatically across locales.
 *
 * Codes emitted:
 * - `payload_not_object`
 * - `request_type_required`
 * - `request_type_not_allowed`
 * - `data_subject_required`
 * - `full_name_required`
 * - `email_required`
 * - `email_invalid_format`
 * - `phone_invalid_type`
 * - `identifier_type_required`
 * - `identifier_value_required`
 * - `submitted_at_invalid`
 * - `additional_info_invalid_type`
 * - `payload_final_narrowing_failed`
 *
 * @example **Next.js Route Handler**
 * ```ts
 * import { validateDsrSubmissionStructured } from '@tantainnovative/ndpr-toolkit/server';
 *
 * export async function POST(req: Request) {
 *   const { valid, errors, data } = validateDsrSubmissionStructured(await req.json());
 *   if (!valid) {
 *     return Response.json({ errors }, { status: 422 });
 *   }
 *   await dsrStore.create(data);
 *   return Response.json({ ok: true }, { status: 201 });
 * }
 * ```
 */
export declare function validateDsrSubmissionStructured(payload: unknown, options?: ValidateDsrSubmissionOptions): StructuredValidationResult<DsrSubmissionPayload>;

/**
 * Validates that all required fields are present on a processing activity
 * and that the lawful basis is properly documented.
 *
 * If lawfulBasis is 'legitimate_interests', ensures a LIA justification exists.
 * If involvesSensitiveData is true, ensures sensitiveDataCondition is set.
 *
 * @param activity The processing activity to validate
 * @returns Validation result with errors and warnings
 */
export declare function validateProcessingActivity(activity: ProcessingActivity): LawfulBasisValidationResult;

/**
 * Validates a processing record to ensure all required fields are present
 * and properly filled per NDPA 2023 requirements.
 *
 * @param record - The processing record to validate
 * @returns Validation result with any errors found
 */
export declare function validateProcessingRecord(record: ProcessingRecord): ROPAValidationResult;

/**
 * Validates a cross-border transfer record for completeness and compliance.
 * Checks required fields, verifies that NDPC approval is documented when required,
 * and ensures safeguards are in place.
 *
 * @param transfer The cross-border transfer to validate
 * @returns Validation result with errors and warnings
 */
export declare function validateTransfer(transfer: CrossBorderTransfer): TransferValidationResult;

export declare const yorubaLocale: Required<{
    [K in keyof NDPRLocale]: Required<NonNullable<NDPRLocale[K]>>;
}>;

export { }