/**
 * RBAC Audit Logger (PRD #392 Milestone 5)
 *
 * Logs all authorization decisions and user management operations
 * for traceability. Uses a dedicated "RBAC-Audit" component name
 * so entries can be filtered with grep/jq in pod logs.
 */
import type { UserIdentity } from '../../interfaces/oauth/types';
import type { RbacCheckParams, RbacCheckResult } from './check-access';
/**
 * Log a tool access authorization decision (allowed or denied).
 *
 * Called automatically from checkToolAccess() for every RBAC evaluation.
 * Token user access is logged at DEBUG level to reduce noise.
 */
export declare function logToolAccessDecision(identity: UserIdentity | undefined, params: RbacCheckParams, result: RbacCheckResult): void;
/**
 * Log a successful user management operation (create or delete).
 *
 * Called from REST API handlers after the operation completes successfully.
 */
export declare function logUserManagementOperation(identity: UserIdentity | undefined, operation: 'created' | 'deleted', targetEmail: string): void;
//# sourceMappingURL=audit-logger.d.ts.map