//#region src/security-schema.d.ts
/**
 * Security telemetry wire schema — the single source of truth for the
 * `security.*` span-attribute contract emitted by `autotel-audit`
 * (`securityEvent()`, `withSecurity()`, `createSecuritySignalProcessor()`)
 * and consumed by `autotel-subscribers`, `autotel-devtools`, and the
 * `autotel security` CLI commands.
 *
 * Dependency-free and side-effect-free by design: safe to import from
 * browser bundles (devtools widget) and anything else that only needs
 * the constants, without pulling in the OpenTelemetry SDK.
 */
type SecuritySeverity = 'info' | 'warning' | 'error' | 'critical';
/** All severities, lowest first. */
declare const SECURITY_SEVERITIES: readonly SecuritySeverity[];
/** Numeric rank per severity for threshold comparisons. */
declare const SECURITY_SEVERITY_RANK: Record<SecuritySeverity, number>;
/**
 * Parse an untrusted value (span attribute, event payload field) into a
 * severity, falling back when it is missing or malformed.
 */
declare function parseSecuritySeverity(value: unknown, fallback?: SecuritySeverity): SecuritySeverity;
/** `true` when `severity` meets or exceeds `min`. */
declare function securitySeverityAtLeast(severity: SecuritySeverity, min: SecuritySeverity): boolean;
/** The higher-ranked of two severities (e.g. escalate failures to ≥ error). */
declare function escalateSecuritySeverity(severity: SecuritySeverity, floor: SecuritySeverity): SecuritySeverity;
/**
 * Span attribute keys of the security schema. Emitters and consumers must
 * reference these instead of re-typing the strings.
 */
declare const SECURITY_ATTR: {
  /** Marker set on every span carrying a security event. */readonly marker: "autotel.security"; /** Set when the event was force-kept through tail sampling. */
  readonly forceKeep: "autotel.security.force_keep";
  readonly event: "security.event";
  readonly category: "security.category";
  readonly outcome: "security.outcome";
  readonly severity: "security.severity";
  readonly actorId: "security.actor_id";
  readonly targetType: "security.target_type";
  readonly targetId: "security.target_id";
  readonly tenantId: "security.tenant_id";
  readonly reason: "security.reason"; /** Custom metadata keys dropped because they looked credential-shaped. */
  readonly droppedKeys: "security.dropped_keys"; /** Set by the signal processor on suspicious request paths. */
  readonly suspiciousRequest: "security.suspicious_request"; /** Pattern name that flagged a suspicious request, e.g. `path_traversal`. */
  readonly signal: "security.signal";
};
/** Metric names emitted by the security instrumentation. */
declare const SECURITY_METRICS: {
  readonly events: "autotel.security.events";
  readonly httpSuspicious: "autotel.security.http.suspicious";
  readonly httpDenied: "autotel.security.http.denied";
  readonly anomaly: "autotel.security.anomaly";
  readonly heartbeat: "autotel.security.heartbeat";
};
/** HTTP statuses counted as denied responses by default. */
declare const SECURITY_DENIED_STATUSES: readonly number[];
/**
 * Span attributes carrying the HTTP response status, current semconv
 * first, legacy fallback second.
 */
declare const HTTP_STATUS_ATTRIBUTES: readonly string[];
//#endregion
export { HTTP_STATUS_ATTRIBUTES, SECURITY_ATTR, SECURITY_DENIED_STATUSES, SECURITY_METRICS, SECURITY_SEVERITIES, SECURITY_SEVERITY_RANK, SecuritySeverity, escalateSecuritySeverity, parseSecuritySeverity, securitySeverityAtLeast };
//# sourceMappingURL=security-schema.d.cts.map