import { CSPKeys, type CSPPolicy, type DefinedPolicy } from "csp-toolkit";
import type { Rolldown } from "vite";
export type HashAlgorithms = "sha256" | "sha384" | "sha512";
export type DevOutlier = "tailwind" | "sass" | "scss" | "less" | "stylus" | "vue";
export type BuildOutlier = "vue-router";
export type DevOptions = {
    /**
     * Allows this plugin to run in dev mode. The trade-off is that developers can see the CSP policy in action in dev mode, at the cost of performance.
     * @default false
     */
    run?: boolean;
    /**
     * This is a list of outliers that require special treatment during dev mode.
     * @example ["tailwind", "sass"]
     */
    outlierSupport?: Array<DevOutlier>;
    /**
     * Override the default dev policy. When true, only your policy will be used in dev mode. When false or undefined, your policy will be merged with the default dev policy.
     * Falls back to the top-level `override` option if not specified.
     * @default undefined (uses top-level override setting)
     */
    override?: boolean;
};
/**
 * Enhanced SRI configuration options for comprehensive integrity protection.
 */
export type SriOptions = {
    /**
     * Inject runtime that patches DOM to add integrity to dynamic elements.
     * When enabled, a small runtime is injected into entry chunks that automatically
     * adds integrity attributes to dynamically created script and link elements.
     * @default true
     */
    runtimePatchDynamicLinks?: boolean;
    /**
     * Add rel="modulepreload" with integrity for lazy-loaded chunks.
     * Improves performance by preloading dynamic imports with integrity protection.
     * @default true
     */
    preloadDynamicChunks?: boolean;
    /**
     * Skip SRI for resources matching these patterns. Supports exact matches and glob patterns with '*'.
     * Useful for third-party scripts that change frequently.
     * @example ["analytics-script", "https://www.googletagmanager.com/*", "*.googleapis.com/*"]
     * @default []
     */
    skipResources?: string[];
    /**
     * CORS setting for integrity-enabled resources.
     * @default undefined
     */
    crossorigin?: "anonymous" | "use-credentials";
};
export type BuildOptions = {
    /**
     * Indicates whether to use [SRI](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) at build time.
     * Can be a boolean for simple enable/disable, or an object for advanced configuration.
     *
     * When enabled, the plugin will:
     * - Generate integrity hashes for all scripts and stylesheets (including lazy-loaded chunks)
     * - Inject modulepreload links with integrity for dynamic imports
     * - Add a runtime that patches DOM methods to add integrity to dynamically created elements
     *
     * @default false
     */
    sri?: boolean | SriOptions;
    /**
     * A list of outliers that require special treatment when doing a build
     * @default []
     */
    outlierSupport?: Array<BuildOutlier>;
    /**
     * Override the default build policy. When true, only your policy will be used in production builds. When false or undefined, your policy will be merged with the default policy.
     * Falls back to the top-level `override` option if not specified.
     * @default undefined (uses top-level override setting)
     */
    override?: boolean;
};
/**
 * Passed as the second argument to {@link MyPluginOptions.transformPolicy}.
 */
export type TransformPolicyMeta = {
    /** `"build"` during `vite build`, `"serve"` during `vite dev` */
    command: "build" | "serve";
    /** Hash algorithm used (sha256 / sha384 / sha512) */
    algorithm: HashAlgorithms;
};
export type MyPluginOptions = {
    /**
     * What hashing algorithm to use. Default is sha-256.
     * @default "sha256"
     * @example "sha512"
     */
    algorithm?: HashAlgorithms;
    /**
     * This is your CSP policy. Learn more about CSP [here](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP)
     * Enter as a key-value pair. The key is the directive and the value is an array of sources.
     */
    policy?: CSPPolicy | DefinedPolicy;
    /**
     * This is a flag for the plugin to know what type of app you are building. Default is SPA. This is the only option available for now.
     * @default "SPA"
     */
    type?: "SPA";
    /**
     * Ignore this feature completely unless you are a contributor. This is for testing and developing new features.
     * @default "undefined"
     */
    features?: {
        /**
         * This is a flag to enable Multi-Page Application support. This is still in development.
         * @default false
         */
        mpa?: boolean;
        /**
         * This is a flag to enable CSS in JS support. This is still in development.
         * @default false
         */
        cssInJs?: boolean;
    };
    /**
     * This is a flag to override the default policy. When set to false, the plugin will merge the default policy (provided by the plugin) with your policy. When set to true, the plugin will **only** use your policy.
     *
     * This serves as the default override behavior for both dev and build modes. You can override this on a per-environment basis using `dev.override` or `build.override`.
     * @default false
     */
    override?: boolean;
    /**
     * Options that apply only when running `vite dev`.
     */
    dev?: DevOptions;
    /**
     * Options that apply only when running `vite build`.
     */
    build?: BuildOptions;
    /**
     * Debug is meant for plugin developers only
     */
    debug?: boolean;
    /**
     * Called after the final CSP string is computed (including all generated hashes).
     * Use the string to write provider-specific config, then return `null` to skip
     * injecting a `<meta http-equiv="Content-Security-Policy">` (e.g. when serving CSP via headers).
     *
     * - Return `undefined` to keep the default: inject a meta tag with the original policy string.
     * - Return a `string` to use that value as the meta tag `content` (replacing the default).
     * - Return `null` to skip meta tag injection entirely.
     */
    transformPolicy?: (cspString: string, meta: TransformPolicyMeta) => string | null | undefined | void;
};
export type HashCache = {
    fileType: "script" | "style";
    contents: string;
};
export type CryptoSources = `sha256-${string}`;
export declare const validCrypto: string[];
export type HashDataCollection = {
    algorithm: HashAlgorithms;
    content: string;
};
export type HashCollection = {
    "style-src": Map<string, HashDataCollection>;
    "style-src-elem": Map<string, HashDataCollection>;
    "style-src-attr": Map<string, HashDataCollection>;
    "script-src": Map<string, HashDataCollection>;
    "script-src-attr": Map<string, HashDataCollection>;
    "script-src-elem": Map<string, HashDataCollection>;
};
export type HashCollectionKey = keyof HashCollection;
export type WarnMissingPolicyProps = {
    source: string;
    currentPolicy: string[];
    sourceType?: CSPKeys;
    context?: Rolldown.PluginContext;
};
export type OverrideCheckerProps = {
    userPolicy: CSPPolicy | DefinedPolicy | undefined;
    override: boolean;
};
export type TransformationStatus = Map<string, boolean>;
export type ShouldSkip = {
    "style-src": boolean;
    "style-src-elem": boolean;
    "style-src-attr": boolean;
    "script-src": boolean;
    "script-src-attr": boolean;
    "script-src-elem": boolean;
};
export type BundleContext = Record<string, {
    type: "chunk" | "asset";
    hash: string;
}>;
export type CSPPluginContext = {
    options: MyPluginOptions;
    algorithm: HashAlgorithms;
    collection: HashCollection;
    policy: CSPPolicy | DefinedPolicy;
    requirements: {
        postTransform: boolean;
        strongLazyLoading: boolean;
    };
    debug: boolean;
    isDevMode: boolean;
    viteVersion?: string;
    shouldSkip: ShouldSkip;
};
//# sourceMappingURL=types.d.ts.map