npm - @objectstack/spec - Versions diffs - 0.3.0 → 0.3.1 - Mend

@objectstack/spec 0.3.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (386) hide show

package/dist/system/audit.zod.d.ts ADDED Viewed

@@ -0,0 +1,1172 @@
+import { z } from 'zod';
+/**
+ * Audit Log Architecture
+ *
+ * Comprehensive audit logging system for compliance and security.
+ * Supports SOX, HIPAA, GDPR, and other regulatory requirements.
+ *
+ * Features:
+ * - Records all CRUD operations on data
+ * - Tracks authentication events (login, logout, password reset)
+ * - Monitors authorization changes (permissions, roles)
+ * - Configurable retention policies (180-day GDPR requirement)
+ * - Suspicious activity detection and alerting
+ */
+/**
+ * Audit Event Type Enum
+ * Categorizes different types of auditable events in the system
+ */
+export declare const AuditEventType: z.ZodEnum<["data.create", "data.read", "data.update", "data.delete", "data.export", "data.import", "data.bulk_update", "data.bulk_delete", "auth.login", "auth.login_failed", "auth.logout", "auth.session_created", "auth.session_expired", "auth.password_reset", "auth.password_changed", "auth.email_verified", "auth.mfa_enabled", "auth.mfa_disabled", "auth.account_locked", "auth.account_unlocked", "authz.permission_granted", "authz.permission_revoked", "authz.role_assigned", "authz.role_removed", "authz.role_created", "authz.role_updated", "authz.role_deleted", "authz.policy_created", "authz.policy_updated", "authz.policy_deleted", "system.config_changed", "system.plugin_installed", "system.plugin_uninstalled", "system.backup_created", "system.backup_restored", "system.integration_added", "system.integration_removed", "security.access_denied", "security.suspicious_activity", "security.data_breach", "security.api_key_created", "security.api_key_revoked"]>;
+export type AuditEventType = z.infer<typeof AuditEventType>;
+/**
+ * Audit Event Severity Level
+ * Indicates the importance/criticality of an audit event
+ */
+export declare const AuditEventSeverity: z.ZodEnum<["debug", "info", "notice", "warning", "error", "critical", "alert", "emergency"]>;
+export type AuditEventSeverity = z.infer<typeof AuditEventSeverity>;
+/**
+ * Audit Event Actor Schema
+ * Identifies who/what performed the action
+ */
+export declare const AuditEventActorSchema: z.ZodObject<{
+    /**
+     * Actor type (user, system, service, api_client, etc.)
+     */
+    type: z.ZodEnum<["user", "system", "service", "api_client", "integration"]>;
+    /**
+     * Unique identifier for the actor
+     */
+    id: z.ZodString;
+    /**
+     * Display name of the actor
+     */
+    name: z.ZodOptional<z.ZodString>;
+    /**
+     * Email address (for user actors)
+     */
+    email: z.ZodOptional<z.ZodString>;
+    /**
+     * IP address of the actor
+     */
+    ipAddress: z.ZodOptional<z.ZodString>;
+    /**
+     * User agent string (for web/API requests)
+     */
+    userAgent: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    type: "system" | "user" | "service" | "api_client" | "integration";
+    id: string;
+    email?: string | undefined;
+    name?: string | undefined;
+    ipAddress?: string | undefined;
+    userAgent?: string | undefined;
+}, {
+    type: "system" | "user" | "service" | "api_client" | "integration";
+    id: string;
+    email?: string | undefined;
+    name?: string | undefined;
+    ipAddress?: string | undefined;
+    userAgent?: string | undefined;
+}>;
+export type AuditEventActor = z.infer<typeof AuditEventActorSchema>;
+/**
+ * Audit Event Target Schema
+ * Identifies what was acted upon
+ */
+export declare const AuditEventTargetSchema: z.ZodObject<{
+    /**
+     * Target type (e.g., 'object', 'record', 'user', 'role', 'config')
+     */
+    type: z.ZodString;
+    /**
+     * Unique identifier for the target
+     */
+    id: z.ZodString;
+    /**
+     * Display name of the target
+     */
+    name: z.ZodOptional<z.ZodString>;
+    /**
+     * Additional metadata about the target
+     */
+    metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+}, "strip", z.ZodTypeAny, {
+    type: string;
+    id: string;
+    name?: string | undefined;
+    metadata?: Record<string, any> | undefined;
+}, {
+    type: string;
+    id: string;
+    name?: string | undefined;
+    metadata?: Record<string, any> | undefined;
+}>;
+export type AuditEventTarget = z.infer<typeof AuditEventTargetSchema>;
+/**
+ * Audit Event Change Schema
+ * Describes what changed (for update operations)
+ */
+export declare const AuditEventChangeSchema: z.ZodObject<{
+    /**
+     * Field/property that changed
+     */
+    field: z.ZodString;
+    /**
+     * Value before the change
+     */
+    oldValue: z.ZodOptional<z.ZodAny>;
+    /**
+     * Value after the change
+     */
+    newValue: z.ZodOptional<z.ZodAny>;
+}, "strip", z.ZodTypeAny, {
+    field: string;
+    oldValue?: any;
+    newValue?: any;
+}, {
+    field: string;
+    oldValue?: any;
+    newValue?: any;
+}>;
+export type AuditEventChange = z.infer<typeof AuditEventChangeSchema>;
+/**
+ * Audit Event Schema
+ * Complete audit event record
+ */
+export declare const AuditEventSchema: z.ZodObject<{
+    /**
+     * Unique identifier for this audit event
+     */
+    id: z.ZodString;
+    /**
+     * Type of event being audited
+     */
+    eventType: z.ZodEnum<["data.create", "data.read", "data.update", "data.delete", "data.export", "data.import", "data.bulk_update", "data.bulk_delete", "auth.login", "auth.login_failed", "auth.logout", "auth.session_created", "auth.session_expired", "auth.password_reset", "auth.password_changed", "auth.email_verified", "auth.mfa_enabled", "auth.mfa_disabled", "auth.account_locked", "auth.account_unlocked", "authz.permission_granted", "authz.permission_revoked", "authz.role_assigned", "authz.role_removed", "authz.role_created", "authz.role_updated", "authz.role_deleted", "authz.policy_created", "authz.policy_updated", "authz.policy_deleted", "system.config_changed", "system.plugin_installed", "system.plugin_uninstalled", "system.backup_created", "system.backup_restored", "system.integration_added", "system.integration_removed", "security.access_denied", "security.suspicious_activity", "security.data_breach", "security.api_key_created", "security.api_key_revoked"]>;
+    /**
+     * Severity level of the event
+     */
+    severity: z.ZodDefault<z.ZodEnum<["debug", "info", "notice", "warning", "error", "critical", "alert", "emergency"]>>;
+    /**
+     * Timestamp when the event occurred (ISO 8601)
+     */
+    timestamp: z.ZodString;
+    /**
+     * Who/what performed the action
+     */
+    actor: z.ZodObject<{
+        /**
+         * Actor type (user, system, service, api_client, etc.)
+         */
+        type: z.ZodEnum<["user", "system", "service", "api_client", "integration"]>;
+        /**
+         * Unique identifier for the actor
+         */
+        id: z.ZodString;
+        /**
+         * Display name of the actor
+         */
+        name: z.ZodOptional<z.ZodString>;
+        /**
+         * Email address (for user actors)
+         */
+        email: z.ZodOptional<z.ZodString>;
+        /**
+         * IP address of the actor
+         */
+        ipAddress: z.ZodOptional<z.ZodString>;
+        /**
+         * User agent string (for web/API requests)
+         */
+        userAgent: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        type: "system" | "user" | "service" | "api_client" | "integration";
+        id: string;
+        email?: string | undefined;
+        name?: string | undefined;
+        ipAddress?: string | undefined;
+        userAgent?: string | undefined;
+    }, {
+        type: "system" | "user" | "service" | "api_client" | "integration";
+        id: string;
+        email?: string | undefined;
+        name?: string | undefined;
+        ipAddress?: string | undefined;
+        userAgent?: string | undefined;
+    }>;
+    /**
+     * What was acted upon
+     */
+    target: z.ZodOptional<z.ZodObject<{
+        /**
+         * Target type (e.g., 'object', 'record', 'user', 'role', 'config')
+         */
+        type: z.ZodString;
+        /**
+         * Unique identifier for the target
+         */
+        id: z.ZodString;
+        /**
+         * Display name of the target
+         */
+        name: z.ZodOptional<z.ZodString>;
+        /**
+         * Additional metadata about the target
+         */
+        metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+    }, "strip", z.ZodTypeAny, {
+        type: string;
+        id: string;
+        name?: string | undefined;
+        metadata?: Record<string, any> | undefined;
+    }, {
+        type: string;
+        id: string;
+        name?: string | undefined;
+        metadata?: Record<string, any> | undefined;
+    }>>;
+    /**
+     * Human-readable description of the action
+     */
+    description: z.ZodString;
+    /**
+     * Detailed changes (for update operations)
+     */
+    changes: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        /**
+         * Field/property that changed
+         */
+        field: z.ZodString;
+        /**
+         * Value before the change
+         */
+        oldValue: z.ZodOptional<z.ZodAny>;
+        /**
+         * Value after the change
+         */
+        newValue: z.ZodOptional<z.ZodAny>;
+    }, "strip", z.ZodTypeAny, {
+        field: string;
+        oldValue?: any;
+        newValue?: any;
+    }, {
+        field: string;
+        oldValue?: any;
+        newValue?: any;
+    }>, "many">>;
+    /**
+     * Result of the action (success, failure, partial)
+     */
+    result: z.ZodDefault<z.ZodEnum<["success", "failure", "partial"]>>;
+    /**
+     * Error message (if result is failure)
+     */
+    errorMessage: z.ZodOptional<z.ZodString>;
+    /**
+     * Tenant identifier (for multi-tenant systems)
+     */
+    tenantId: z.ZodOptional<z.ZodString>;
+    /**
+     * Request/trace ID for correlation
+     */
+    requestId: z.ZodOptional<z.ZodString>;
+    /**
+     * Additional context and metadata
+     */
+    metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+    /**
+     * Geographic location (if available)
+     */
+    location: z.ZodOptional<z.ZodObject<{
+        country: z.ZodOptional<z.ZodString>;
+        region: z.ZodOptional<z.ZodString>;
+        city: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        city?: string | undefined;
+        country?: string | undefined;
+        region?: string | undefined;
+    }, {
+        city?: string | undefined;
+        country?: string | undefined;
+        region?: string | undefined;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    description: string;
+    severity: "error" | "warning" | "info" | "debug" | "notice" | "critical" | "alert" | "emergency";
+    id: string;
+    eventType: "data.create" | "data.read" | "data.update" | "data.delete" | "data.export" | "data.import" | "data.bulk_update" | "data.bulk_delete" | "auth.login" | "auth.login_failed" | "auth.logout" | "auth.session_created" | "auth.session_expired" | "auth.password_reset" | "auth.password_changed" | "auth.email_verified" | "auth.mfa_enabled" | "auth.mfa_disabled" | "auth.account_locked" | "auth.account_unlocked" | "authz.permission_granted" | "authz.permission_revoked" | "authz.role_assigned" | "authz.role_removed" | "authz.role_created" | "authz.role_updated" | "authz.role_deleted" | "authz.policy_created" | "authz.policy_updated" | "authz.policy_deleted" | "system.config_changed" | "system.plugin_installed" | "system.plugin_uninstalled" | "system.backup_created" | "system.backup_restored" | "system.integration_added" | "system.integration_removed" | "security.access_denied" | "security.suspicious_activity" | "security.data_breach" | "security.api_key_created" | "security.api_key_revoked";
+    timestamp: string;
+    actor: {
+        type: "system" | "user" | "service" | "api_client" | "integration";
+        id: string;
+        email?: string | undefined;
+        name?: string | undefined;
+        ipAddress?: string | undefined;
+        userAgent?: string | undefined;
+    };
+    result: "partial" | "success" | "failure";
+    location?: {
+        city?: string | undefined;
+        country?: string | undefined;
+        region?: string | undefined;
+    } | undefined;
+    target?: {
+        type: string;
+        id: string;
+        name?: string | undefined;
+        metadata?: Record<string, any> | undefined;
+    } | undefined;
+    metadata?: Record<string, any> | undefined;
+    changes?: {
+        field: string;
+        oldValue?: any;
+        newValue?: any;
+    }[] | undefined;
+    errorMessage?: string | undefined;
+    tenantId?: string | undefined;
+    requestId?: string | undefined;
+}, {
+    description: string;
+    id: string;
+    eventType: "data.create" | "data.read" | "data.update" | "data.delete" | "data.export" | "data.import" | "data.bulk_update" | "data.bulk_delete" | "auth.login" | "auth.login_failed" | "auth.logout" | "auth.session_created" | "auth.session_expired" | "auth.password_reset" | "auth.password_changed" | "auth.email_verified" | "auth.mfa_enabled" | "auth.mfa_disabled" | "auth.account_locked" | "auth.account_unlocked" | "authz.permission_granted" | "authz.permission_revoked" | "authz.role_assigned" | "authz.role_removed" | "authz.role_created" | "authz.role_updated" | "authz.role_deleted" | "authz.policy_created" | "authz.policy_updated" | "authz.policy_deleted" | "system.config_changed" | "system.plugin_installed" | "system.plugin_uninstalled" | "system.backup_created" | "system.backup_restored" | "system.integration_added" | "system.integration_removed" | "security.access_denied" | "security.suspicious_activity" | "security.data_breach" | "security.api_key_created" | "security.api_key_revoked";
+    timestamp: string;
+    actor: {
+        type: "system" | "user" | "service" | "api_client" | "integration";
+        id: string;
+        email?: string | undefined;
+        name?: string | undefined;
+        ipAddress?: string | undefined;
+        userAgent?: string | undefined;
+    };
+    location?: {
+        city?: string | undefined;
+        country?: string | undefined;
+        region?: string | undefined;
+    } | undefined;
+    severity?: "error" | "warning" | "info" | "debug" | "notice" | "critical" | "alert" | "emergency" | undefined;
+    target?: {
+        type: string;
+        id: string;
+        name?: string | undefined;
+        metadata?: Record<string, any> | undefined;
+    } | undefined;
+    metadata?: Record<string, any> | undefined;
+    changes?: {
+        field: string;
+        oldValue?: any;
+        newValue?: any;
+    }[] | undefined;
+    result?: "partial" | "success" | "failure" | undefined;
+    errorMessage?: string | undefined;
+    tenantId?: string | undefined;
+    requestId?: string | undefined;
+}>;
+export type AuditEvent = z.infer<typeof AuditEventSchema>;
+/**
+ * Audit Retention Policy Schema
+ * Defines how long audit logs are retained
+ */
+export declare const AuditRetentionPolicySchema: z.ZodObject<{
+    /**
+     * Retention period in days
+     * Default: 180 days (GDPR 6-month requirement)
+     */
+    retentionDays: z.ZodDefault<z.ZodNumber>;
+    /**
+     * Whether to archive logs after retention period
+     * If true, logs are moved to cold storage; if false, they are deleted
+     */
+    archiveAfterRetention: z.ZodDefault<z.ZodBoolean>;
+    /**
+     * Archive storage configuration
+     */
+    archiveStorage: z.ZodOptional<z.ZodObject<{
+        type: z.ZodEnum<["s3", "gcs", "azure_blob", "filesystem"]>;
+        endpoint: z.ZodOptional<z.ZodString>;
+        bucket: z.ZodOptional<z.ZodString>;
+        path: z.ZodOptional<z.ZodString>;
+        credentials: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+    }, "strip", z.ZodTypeAny, {
+        type: "s3" | "gcs" | "azure_blob" | "filesystem";
+        path?: string | undefined;
+        credentials?: Record<string, any> | undefined;
+        endpoint?: string | undefined;
+        bucket?: string | undefined;
+    }, {
+        type: "s3" | "gcs" | "azure_blob" | "filesystem";
+        path?: string | undefined;
+        credentials?: Record<string, any> | undefined;
+        endpoint?: string | undefined;
+        bucket?: string | undefined;
+    }>>;
+    /**
+     * Event types that have different retention periods
+     * Overrides the default retentionDays for specific event types
+     */
+    customRetention: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodNumber>>;
+    /**
+     * Minimum retention period for compliance
+     * Prevents accidental deletion below compliance requirements
+     */
+    minimumRetentionDays: z.ZodOptional<z.ZodNumber>;
+}, "strip", z.ZodTypeAny, {
+    retentionDays: number;
+    archiveAfterRetention: boolean;
+    archiveStorage?: {
+        type: "s3" | "gcs" | "azure_blob" | "filesystem";
+        path?: string | undefined;
+        credentials?: Record<string, any> | undefined;
+        endpoint?: string | undefined;
+        bucket?: string | undefined;
+    } | undefined;
+    customRetention?: Record<string, number> | undefined;
+    minimumRetentionDays?: number | undefined;
+}, {
+    retentionDays?: number | undefined;
+    archiveAfterRetention?: boolean | undefined;
+    archiveStorage?: {
+        type: "s3" | "gcs" | "azure_blob" | "filesystem";
+        path?: string | undefined;
+        credentials?: Record<string, any> | undefined;
+        endpoint?: string | undefined;
+        bucket?: string | undefined;
+    } | undefined;
+    customRetention?: Record<string, number> | undefined;
+    minimumRetentionDays?: number | undefined;
+}>;
+export type AuditRetentionPolicy = z.infer<typeof AuditRetentionPolicySchema>;
+/**
+ * Suspicious Activity Rule Schema
+ * Defines rules for detecting suspicious activities
+ */
+export declare const SuspiciousActivityRuleSchema: z.ZodObject<{
+    /**
+     * Unique identifier for the rule
+     */
+    id: z.ZodString;
+    /**
+     * Rule name
+     */
+    name: z.ZodString;
+    /**
+     * Rule description
+     */
+    description: z.ZodOptional<z.ZodString>;
+    /**
+     * Whether the rule is enabled
+     */
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    /**
+     * Event types to monitor
+     */
+    eventTypes: z.ZodArray<z.ZodEnum<["data.create", "data.read", "data.update", "data.delete", "data.export", "data.import", "data.bulk_update", "data.bulk_delete", "auth.login", "auth.login_failed", "auth.logout", "auth.session_created", "auth.session_expired", "auth.password_reset", "auth.password_changed", "auth.email_verified", "auth.mfa_enabled", "auth.mfa_disabled", "auth.account_locked", "auth.account_unlocked", "authz.permission_granted", "authz.permission_revoked", "authz.role_assigned", "authz.role_removed", "authz.role_created", "authz.role_updated", "authz.role_deleted", "authz.policy_created", "authz.policy_updated", "authz.policy_deleted", "system.config_changed", "system.plugin_installed", "system.plugin_uninstalled", "system.backup_created", "system.backup_restored", "system.integration_added", "system.integration_removed", "security.access_denied", "security.suspicious_activity", "security.data_breach", "security.api_key_created", "security.api_key_revoked"]>, "many">;
+    /**
+     * Detection condition
+     */
+    condition: z.ZodObject<{
+        /**
+         * Number of events that trigger the rule
+         */
+        threshold: z.ZodNumber;
+        /**
+         * Time window in seconds
+         */
+        windowSeconds: z.ZodNumber;
+        /**
+         * Grouping criteria (e.g., by actor.id, by ipAddress)
+         */
+        groupBy: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        /**
+         * Additional filters
+         */
+        filters: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+    }, "strip", z.ZodTypeAny, {
+        threshold: number;
+        windowSeconds: number;
+        filters?: Record<string, any> | undefined;
+        groupBy?: string[] | undefined;
+    }, {
+        threshold: number;
+        windowSeconds: number;
+        filters?: Record<string, any> | undefined;
+        groupBy?: string[] | undefined;
+    }>;
+    /**
+     * Actions to take when rule is triggered
+     */
+    actions: z.ZodArray<z.ZodEnum<["alert", "lock_account", "block_ip", "require_mfa", "log_critical", "webhook"]>, "many">;
+    /**
+     * Severity level for triggered alerts
+     */
+    alertSeverity: z.ZodDefault<z.ZodEnum<["debug", "info", "notice", "warning", "error", "critical", "alert", "emergency"]>>;
+    /**
+     * Notification configuration
+     */
+    notifications: z.ZodOptional<z.ZodObject<{
+        /**
+         * Email addresses to notify
+         */
+        email: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        /**
+         * Slack webhook URL
+         */
+        slack: z.ZodOptional<z.ZodString>;
+        /**
+         * Custom webhook URL
+         */
+        webhook: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        email?: string[] | undefined;
+        webhook?: string | undefined;
+        slack?: string | undefined;
+    }, {
+        email?: string[] | undefined;
+        webhook?: string | undefined;
+        slack?: string | undefined;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    name: string;
+    condition: {
+        threshold: number;
+        windowSeconds: number;
+        filters?: Record<string, any> | undefined;
+        groupBy?: string[] | undefined;
+    };
+    actions: ("alert" | "lock_account" | "block_ip" | "require_mfa" | "log_critical" | "webhook")[];
+    id: string;
+    enabled: boolean;
+    eventTypes: ("data.create" | "data.read" | "data.update" | "data.delete" | "data.export" | "data.import" | "data.bulk_update" | "data.bulk_delete" | "auth.login" | "auth.login_failed" | "auth.logout" | "auth.session_created" | "auth.session_expired" | "auth.password_reset" | "auth.password_changed" | "auth.email_verified" | "auth.mfa_enabled" | "auth.mfa_disabled" | "auth.account_locked" | "auth.account_unlocked" | "authz.permission_granted" | "authz.permission_revoked" | "authz.role_assigned" | "authz.role_removed" | "authz.role_created" | "authz.role_updated" | "authz.role_deleted" | "authz.policy_created" | "authz.policy_updated" | "authz.policy_deleted" | "system.config_changed" | "system.plugin_installed" | "system.plugin_uninstalled" | "system.backup_created" | "system.backup_restored" | "system.integration_added" | "system.integration_removed" | "security.access_denied" | "security.suspicious_activity" | "security.data_breach" | "security.api_key_created" | "security.api_key_revoked")[];
+    alertSeverity: "error" | "warning" | "info" | "debug" | "notice" | "critical" | "alert" | "emergency";
+    description?: string | undefined;
+    notifications?: {
+        email?: string[] | undefined;
+        webhook?: string | undefined;
+        slack?: string | undefined;
+    } | undefined;
+}, {
+    name: string;
+    condition: {
+        threshold: number;
+        windowSeconds: number;
+        filters?: Record<string, any> | undefined;
+        groupBy?: string[] | undefined;
+    };
+    actions: ("alert" | "lock_account" | "block_ip" | "require_mfa" | "log_critical" | "webhook")[];
+    id: string;
+    eventTypes: ("data.create" | "data.read" | "data.update" | "data.delete" | "data.export" | "data.import" | "data.bulk_update" | "data.bulk_delete" | "auth.login" | "auth.login_failed" | "auth.logout" | "auth.session_created" | "auth.session_expired" | "auth.password_reset" | "auth.password_changed" | "auth.email_verified" | "auth.mfa_enabled" | "auth.mfa_disabled" | "auth.account_locked" | "auth.account_unlocked" | "authz.permission_granted" | "authz.permission_revoked" | "authz.role_assigned" | "authz.role_removed" | "authz.role_created" | "authz.role_updated" | "authz.role_deleted" | "authz.policy_created" | "authz.policy_updated" | "authz.policy_deleted" | "system.config_changed" | "system.plugin_installed" | "system.plugin_uninstalled" | "system.backup_created" | "system.backup_restored" | "system.integration_added" | "system.integration_removed" | "security.access_denied" | "security.suspicious_activity" | "security.data_breach" | "security.api_key_created" | "security.api_key_revoked")[];
+    description?: string | undefined;
+    enabled?: boolean | undefined;
+    alertSeverity?: "error" | "warning" | "info" | "debug" | "notice" | "critical" | "alert" | "emergency" | undefined;
+    notifications?: {
+        email?: string[] | undefined;
+        webhook?: string | undefined;
+        slack?: string | undefined;
+    } | undefined;
+}>;
+export type SuspiciousActivityRule = z.infer<typeof SuspiciousActivityRuleSchema>;
+/**
+ * Audit Log Storage Configuration
+ * Defines where and how audit logs are stored
+ */
+export declare const AuditStorageConfigSchema: z.ZodObject<{
+    /**
+     * Storage backend type
+     */
+    type: z.ZodEnum<["database", "elasticsearch", "mongodb", "clickhouse", "s3", "gcs", "azure_blob", "custom"]>;
+    /**
+     * Connection string or configuration
+     */
+    connectionString: z.ZodOptional<z.ZodString>;
+    /**
+     * Storage configuration
+     */
+    config: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+    /**
+     * Whether to enable buffering/batching
+     */
+    bufferEnabled: z.ZodDefault<z.ZodBoolean>;
+    /**
+     * Buffer size (number of events before flush)
+     */
+    bufferSize: z.ZodDefault<z.ZodNumber>;
+    /**
+     * Buffer flush interval in seconds
+     */
+    flushIntervalSeconds: z.ZodDefault<z.ZodNumber>;
+    /**
+     * Whether to compress stored data
+     */
+    compression: z.ZodDefault<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+    type: "custom" | "database" | "s3" | "gcs" | "azure_blob" | "elasticsearch" | "mongodb" | "clickhouse";
+    bufferEnabled: boolean;
+    bufferSize: number;
+    flushIntervalSeconds: number;
+    compression: boolean;
+    config?: Record<string, any> | undefined;
+    connectionString?: string | undefined;
+}, {
+    type: "custom" | "database" | "s3" | "gcs" | "azure_blob" | "elasticsearch" | "mongodb" | "clickhouse";
+    config?: Record<string, any> | undefined;
+    connectionString?: string | undefined;
+    bufferEnabled?: boolean | undefined;
+    bufferSize?: number | undefined;
+    flushIntervalSeconds?: number | undefined;
+    compression?: boolean | undefined;
+}>;
+export type AuditStorageConfig = z.infer<typeof AuditStorageConfigSchema>;
+/**
+ * Audit Event Filter Schema
+ * Defines filters for querying audit events
+ */
+export declare const AuditEventFilterSchema: z.ZodObject<{
+    /**
+     * Filter by event types
+     */
+    eventTypes: z.ZodOptional<z.ZodArray<z.ZodEnum<["data.create", "data.read", "data.update", "data.delete", "data.export", "data.import", "data.bulk_update", "data.bulk_delete", "auth.login", "auth.login_failed", "auth.logout", "auth.session_created", "auth.session_expired", "auth.password_reset", "auth.password_changed", "auth.email_verified", "auth.mfa_enabled", "auth.mfa_disabled", "auth.account_locked", "auth.account_unlocked", "authz.permission_granted", "authz.permission_revoked", "authz.role_assigned", "authz.role_removed", "authz.role_created", "authz.role_updated", "authz.role_deleted", "authz.policy_created", "authz.policy_updated", "authz.policy_deleted", "system.config_changed", "system.plugin_installed", "system.plugin_uninstalled", "system.backup_created", "system.backup_restored", "system.integration_added", "system.integration_removed", "security.access_denied", "security.suspicious_activity", "security.data_breach", "security.api_key_created", "security.api_key_revoked"]>, "many">>;
+    /**
+     * Filter by severity levels
+     */
+    severities: z.ZodOptional<z.ZodArray<z.ZodEnum<["debug", "info", "notice", "warning", "error", "critical", "alert", "emergency"]>, "many">>;
+    /**
+     * Filter by actor ID
+     */
+    actorId: z.ZodOptional<z.ZodString>;
+    /**
+     * Filter by tenant ID
+     */
+    tenantId: z.ZodOptional<z.ZodString>;
+    /**
+     * Filter by time range
+     */
+    timeRange: z.ZodOptional<z.ZodObject<{
+        from: z.ZodString;
+        to: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        to: string;
+        from: string;
+    }, {
+        to: string;
+        from: string;
+    }>>;
+    /**
+     * Filter by result status
+     */
+    result: z.ZodOptional<z.ZodEnum<["success", "failure", "partial"]>>;
+    /**
+     * Search query (full-text search)
+     */
+    searchQuery: z.ZodOptional<z.ZodString>;
+    /**
+     * Custom filters
+     */
+    customFilters: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+}, "strip", z.ZodTypeAny, {
+    result?: "partial" | "success" | "failure" | undefined;
+    tenantId?: string | undefined;
+    eventTypes?: ("data.create" | "data.read" | "data.update" | "data.delete" | "data.export" | "data.import" | "data.bulk_update" | "data.bulk_delete" | "auth.login" | "auth.login_failed" | "auth.logout" | "auth.session_created" | "auth.session_expired" | "auth.password_reset" | "auth.password_changed" | "auth.email_verified" | "auth.mfa_enabled" | "auth.mfa_disabled" | "auth.account_locked" | "auth.account_unlocked" | "authz.permission_granted" | "authz.permission_revoked" | "authz.role_assigned" | "authz.role_removed" | "authz.role_created" | "authz.role_updated" | "authz.role_deleted" | "authz.policy_created" | "authz.policy_updated" | "authz.policy_deleted" | "system.config_changed" | "system.plugin_installed" | "system.plugin_uninstalled" | "system.backup_created" | "system.backup_restored" | "system.integration_added" | "system.integration_removed" | "security.access_denied" | "security.suspicious_activity" | "security.data_breach" | "security.api_key_created" | "security.api_key_revoked")[] | undefined;
+    severities?: ("error" | "warning" | "info" | "debug" | "notice" | "critical" | "alert" | "emergency")[] | undefined;
+    actorId?: string | undefined;
+    timeRange?: {
+        to: string;
+        from: string;
+    } | undefined;
+    searchQuery?: string | undefined;
+    customFilters?: Record<string, any> | undefined;
+}, {
+    result?: "partial" | "success" | "failure" | undefined;
+    tenantId?: string | undefined;
+    eventTypes?: ("data.create" | "data.read" | "data.update" | "data.delete" | "data.export" | "data.import" | "data.bulk_update" | "data.bulk_delete" | "auth.login" | "auth.login_failed" | "auth.logout" | "auth.session_created" | "auth.session_expired" | "auth.password_reset" | "auth.password_changed" | "auth.email_verified" | "auth.mfa_enabled" | "auth.mfa_disabled" | "auth.account_locked" | "auth.account_unlocked" | "authz.permission_granted" | "authz.permission_revoked" | "authz.role_assigned" | "authz.role_removed" | "authz.role_created" | "authz.role_updated" | "authz.role_deleted" | "authz.policy_created" | "authz.policy_updated" | "authz.policy_deleted" | "system.config_changed" | "system.plugin_installed" | "system.plugin_uninstalled" | "system.backup_created" | "system.backup_restored" | "system.integration_added" | "system.integration_removed" | "security.access_denied" | "security.suspicious_activity" | "security.data_breach" | "security.api_key_created" | "security.api_key_revoked")[] | undefined;
+    severities?: ("error" | "warning" | "info" | "debug" | "notice" | "critical" | "alert" | "emergency")[] | undefined;
+    actorId?: string | undefined;
+    timeRange?: {
+        to: string;
+        from: string;
+    } | undefined;
+    searchQuery?: string | undefined;
+    customFilters?: Record<string, any> | undefined;
+}>;
+export type AuditEventFilter = z.infer<typeof AuditEventFilterSchema>;
+/**
+ * Complete Audit Configuration Schema
+ * Main configuration for the audit system
+ */
+export declare const AuditConfigSchema: z.ZodObject<{
+    /**
+     * Unique identifier for this audit configuration
+     * Must be in snake_case following ObjectStack conventions
+     * Maximum length: 64 characters
+     */
+    name: z.ZodString;
+    /**
+     * Human-readable label
+     */
+    label: z.ZodString;
+    /**
+     * Whether audit logging is enabled
+     */
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    /**
+     * Event types to audit
+     * If not specified, all event types are audited
+     */
+    eventTypes: z.ZodOptional<z.ZodArray<z.ZodEnum<["data.create", "data.read", "data.update", "data.delete", "data.export", "data.import", "data.bulk_update", "data.bulk_delete", "auth.login", "auth.login_failed", "auth.logout", "auth.session_created", "auth.session_expired", "auth.password_reset", "auth.password_changed", "auth.email_verified", "auth.mfa_enabled", "auth.mfa_disabled", "auth.account_locked", "auth.account_unlocked", "authz.permission_granted", "authz.permission_revoked", "authz.role_assigned", "authz.role_removed", "authz.role_created", "authz.role_updated", "authz.role_deleted", "authz.policy_created", "authz.policy_updated", "authz.policy_deleted", "system.config_changed", "system.plugin_installed", "system.plugin_uninstalled", "system.backup_created", "system.backup_restored", "system.integration_added", "system.integration_removed", "security.access_denied", "security.suspicious_activity", "security.data_breach", "security.api_key_created", "security.api_key_revoked"]>, "many">>;
+    /**
+     * Event types to exclude from auditing
+     */
+    excludeEventTypes: z.ZodOptional<z.ZodArray<z.ZodEnum<["data.create", "data.read", "data.update", "data.delete", "data.export", "data.import", "data.bulk_update", "data.bulk_delete", "auth.login", "auth.login_failed", "auth.logout", "auth.session_created", "auth.session_expired", "auth.password_reset", "auth.password_changed", "auth.email_verified", "auth.mfa_enabled", "auth.mfa_disabled", "auth.account_locked", "auth.account_unlocked", "authz.permission_granted", "authz.permission_revoked", "authz.role_assigned", "authz.role_removed", "authz.role_created", "authz.role_updated", "authz.role_deleted", "authz.policy_created", "authz.policy_updated", "authz.policy_deleted", "system.config_changed", "system.plugin_installed", "system.plugin_uninstalled", "system.backup_created", "system.backup_restored", "system.integration_added", "system.integration_removed", "security.access_denied", "security.suspicious_activity", "security.data_breach", "security.api_key_created", "security.api_key_revoked"]>, "many">>;
+    /**
+     * Minimum severity level to log
+     * Events below this level are not logged
+     */
+    minimumSeverity: z.ZodDefault<z.ZodEnum<["debug", "info", "notice", "warning", "error", "critical", "alert", "emergency"]>>;
+    /**
+     * Storage configuration
+     */
+    storage: z.ZodObject<{
+        /**
+         * Storage backend type
+         */
+        type: z.ZodEnum<["database", "elasticsearch", "mongodb", "clickhouse", "s3", "gcs", "azure_blob", "custom"]>;
+        /**
+         * Connection string or configuration
+         */
+        connectionString: z.ZodOptional<z.ZodString>;
+        /**
+         * Storage configuration
+         */
+        config: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+        /**
+         * Whether to enable buffering/batching
+         */
+        bufferEnabled: z.ZodDefault<z.ZodBoolean>;
+        /**
+         * Buffer size (number of events before flush)
+         */
+        bufferSize: z.ZodDefault<z.ZodNumber>;
+        /**
+         * Buffer flush interval in seconds
+         */
+        flushIntervalSeconds: z.ZodDefault<z.ZodNumber>;
+        /**
+         * Whether to compress stored data
+         */
+        compression: z.ZodDefault<z.ZodBoolean>;
+    }, "strip", z.ZodTypeAny, {
+        type: "custom" | "database" | "s3" | "gcs" | "azure_blob" | "elasticsearch" | "mongodb" | "clickhouse";
+        bufferEnabled: boolean;
+        bufferSize: number;
+        flushIntervalSeconds: number;
+        compression: boolean;
+        config?: Record<string, any> | undefined;
+        connectionString?: string | undefined;
+    }, {
+        type: "custom" | "database" | "s3" | "gcs" | "azure_blob" | "elasticsearch" | "mongodb" | "clickhouse";
+        config?: Record<string, any> | undefined;
+        connectionString?: string | undefined;
+        bufferEnabled?: boolean | undefined;
+        bufferSize?: number | undefined;
+        flushIntervalSeconds?: number | undefined;
+        compression?: boolean | undefined;
+    }>;
+    /**
+     * Retention policy
+     */
+    retentionPolicy: z.ZodDefault<z.ZodObject<{
+        /**
+         * Retention period in days
+         * Default: 180 days (GDPR 6-month requirement)
+         */
+        retentionDays: z.ZodDefault<z.ZodNumber>;
+        /**
+         * Whether to archive logs after retention period
+         * If true, logs are moved to cold storage; if false, they are deleted
+         */
+        archiveAfterRetention: z.ZodDefault<z.ZodBoolean>;
+        /**
+         * Archive storage configuration
+         */
+        archiveStorage: z.ZodOptional<z.ZodObject<{
+            type: z.ZodEnum<["s3", "gcs", "azure_blob", "filesystem"]>;
+            endpoint: z.ZodOptional<z.ZodString>;
+            bucket: z.ZodOptional<z.ZodString>;
+            path: z.ZodOptional<z.ZodString>;
+            credentials: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+        }, "strip", z.ZodTypeAny, {
+            type: "s3" | "gcs" | "azure_blob" | "filesystem";
+            path?: string | undefined;
+            credentials?: Record<string, any> | undefined;
+            endpoint?: string | undefined;
+            bucket?: string | undefined;
+        }, {
+            type: "s3" | "gcs" | "azure_blob" | "filesystem";
+            path?: string | undefined;
+            credentials?: Record<string, any> | undefined;
+            endpoint?: string | undefined;
+            bucket?: string | undefined;
+        }>>;
+        /**
+         * Event types that have different retention periods
+         * Overrides the default retentionDays for specific event types
+         */
+        customRetention: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodNumber>>;
+        /**
+         * Minimum retention period for compliance
+         * Prevents accidental deletion below compliance requirements
+         */
+        minimumRetentionDays: z.ZodOptional<z.ZodNumber>;
+    }, "strip", z.ZodTypeAny, {
+        retentionDays: number;
+        archiveAfterRetention: boolean;
+        archiveStorage?: {
+            type: "s3" | "gcs" | "azure_blob" | "filesystem";
+            path?: string | undefined;
+            credentials?: Record<string, any> | undefined;
+            endpoint?: string | undefined;
+            bucket?: string | undefined;
+        } | undefined;
+        customRetention?: Record<string, number> | undefined;
+        minimumRetentionDays?: number | undefined;
+    }, {
+        retentionDays?: number | undefined;
+        archiveAfterRetention?: boolean | undefined;
+        archiveStorage?: {
+            type: "s3" | "gcs" | "azure_blob" | "filesystem";
+            path?: string | undefined;
+            credentials?: Record<string, any> | undefined;
+            endpoint?: string | undefined;
+            bucket?: string | undefined;
+        } | undefined;
+        customRetention?: Record<string, number> | undefined;
+        minimumRetentionDays?: number | undefined;
+    }>>;
+    /**
+     * Suspicious activity detection rules
+     */
+    suspiciousActivityRules: z.ZodDefault<z.ZodArray<z.ZodObject<{
+        /**
+         * Unique identifier for the rule
+         */
+        id: z.ZodString;
+        /**
+         * Rule name
+         */
+        name: z.ZodString;
+        /**
+         * Rule description
+         */
+        description: z.ZodOptional<z.ZodString>;
+        /**
+         * Whether the rule is enabled
+         */
+        enabled: z.ZodDefault<z.ZodBoolean>;
+        /**
+         * Event types to monitor
+         */
+        eventTypes: z.ZodArray<z.ZodEnum<["data.create", "data.read", "data.update", "data.delete", "data.export", "data.import", "data.bulk_update", "data.bulk_delete", "auth.login", "auth.login_failed", "auth.logout", "auth.session_created", "auth.session_expired", "auth.password_reset", "auth.password_changed", "auth.email_verified", "auth.mfa_enabled", "auth.mfa_disabled", "auth.account_locked", "auth.account_unlocked", "authz.permission_granted", "authz.permission_revoked", "authz.role_assigned", "authz.role_removed", "authz.role_created", "authz.role_updated", "authz.role_deleted", "authz.policy_created", "authz.policy_updated", "authz.policy_deleted", "system.config_changed", "system.plugin_installed", "system.plugin_uninstalled", "system.backup_created", "system.backup_restored", "system.integration_added", "system.integration_removed", "security.access_denied", "security.suspicious_activity", "security.data_breach", "security.api_key_created", "security.api_key_revoked"]>, "many">;
+        /**
+         * Detection condition
+         */
+        condition: z.ZodObject<{
+            /**
+             * Number of events that trigger the rule
+             */
+            threshold: z.ZodNumber;
+            /**
+             * Time window in seconds
+             */
+            windowSeconds: z.ZodNumber;
+            /**
+             * Grouping criteria (e.g., by actor.id, by ipAddress)
+             */
+            groupBy: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+            /**
+             * Additional filters
+             */
+            filters: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+        }, "strip", z.ZodTypeAny, {
+            threshold: number;
+            windowSeconds: number;
+            filters?: Record<string, any> | undefined;
+            groupBy?: string[] | undefined;
+        }, {
+            threshold: number;
+            windowSeconds: number;
+            filters?: Record<string, any> | undefined;
+            groupBy?: string[] | undefined;
+        }>;
+        /**
+         * Actions to take when rule is triggered
+         */
+        actions: z.ZodArray<z.ZodEnum<["alert", "lock_account", "block_ip", "require_mfa", "log_critical", "webhook"]>, "many">;
+        /**
+         * Severity level for triggered alerts
+         */
+        alertSeverity: z.ZodDefault<z.ZodEnum<["debug", "info", "notice", "warning", "error", "critical", "alert", "emergency"]>>;
+        /**
+         * Notification configuration
+         */
+        notifications: z.ZodOptional<z.ZodObject<{
+            /**
+             * Email addresses to notify
+             */
+            email: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+            /**
+             * Slack webhook URL
+             */
+            slack: z.ZodOptional<z.ZodString>;
+            /**
+             * Custom webhook URL
+             */
+            webhook: z.ZodOptional<z.ZodString>;
+        }, "strip", z.ZodTypeAny, {
+            email?: string[] | undefined;
+            webhook?: string | undefined;
+            slack?: string | undefined;
+        }, {
+            email?: string[] | undefined;
+            webhook?: string | undefined;
+            slack?: string | undefined;
+        }>>;
+    }, "strip", z.ZodTypeAny, {
+        name: string;
+        condition: {
+            threshold: number;
+            windowSeconds: number;
+            filters?: Record<string, any> | undefined;
+            groupBy?: string[] | undefined;
+        };
+        actions: ("alert" | "lock_account" | "block_ip" | "require_mfa" | "log_critical" | "webhook")[];
+        id: string;
+        enabled: boolean;
+        eventTypes: ("data.create" | "data.read" | "data.update" | "data.delete" | "data.export" | "data.import" | "data.bulk_update" | "data.bulk_delete" | "auth.login" | "auth.login_failed" | "auth.logout" | "auth.session_created" | "auth.session_expired" | "auth.password_reset" | "auth.password_changed" | "auth.email_verified" | "auth.mfa_enabled" | "auth.mfa_disabled" | "auth.account_locked" | "auth.account_unlocked" | "authz.permission_granted" | "authz.permission_revoked" | "authz.role_assigned" | "authz.role_removed" | "authz.role_created" | "authz.role_updated" | "authz.role_deleted" | "authz.policy_created" | "authz.policy_updated" | "authz.policy_deleted" | "system.config_changed" | "system.plugin_installed" | "system.plugin_uninstalled" | "system.backup_created" | "system.backup_restored" | "system.integration_added" | "system.integration_removed" | "security.access_denied" | "security.suspicious_activity" | "security.data_breach" | "security.api_key_created" | "security.api_key_revoked")[];
+        alertSeverity: "error" | "warning" | "info" | "debug" | "notice" | "critical" | "alert" | "emergency";
+        description?: string | undefined;
+        notifications?: {
+            email?: string[] | undefined;
+            webhook?: string | undefined;
+            slack?: string | undefined;
+        } | undefined;
+    }, {
+        name: string;
+        condition: {
+            threshold: number;
+            windowSeconds: number;
+            filters?: Record<string, any> | undefined;
+            groupBy?: string[] | undefined;
+        };
+        actions: ("alert" | "lock_account" | "block_ip" | "require_mfa" | "log_critical" | "webhook")[];
+        id: string;
+        eventTypes: ("data.create" | "data.read" | "data.update" | "data.delete" | "data.export" | "data.import" | "data.bulk_update" | "data.bulk_delete" | "auth.login" | "auth.login_failed" | "auth.logout" | "auth.session_created" | "auth.session_expired" | "auth.password_reset" | "auth.password_changed" | "auth.email_verified" | "auth.mfa_enabled" | "auth.mfa_disabled" | "auth.account_locked" | "auth.account_unlocked" | "authz.permission_granted" | "authz.permission_revoked" | "authz.role_assigned" | "authz.role_removed" | "authz.role_created" | "authz.role_updated" | "authz.role_deleted" | "authz.policy_created" | "authz.policy_updated" | "authz.policy_deleted" | "system.config_changed" | "system.plugin_installed" | "system.plugin_uninstalled" | "system.backup_created" | "system.backup_restored" | "system.integration_added" | "system.integration_removed" | "security.access_denied" | "security.suspicious_activity" | "security.data_breach" | "security.api_key_created" | "security.api_key_revoked")[];
+        description?: string | undefined;
+        enabled?: boolean | undefined;
+        alertSeverity?: "error" | "warning" | "info" | "debug" | "notice" | "critical" | "alert" | "emergency" | undefined;
+        notifications?: {
+            email?: string[] | undefined;
+            webhook?: string | undefined;
+            slack?: string | undefined;
+        } | undefined;
+    }>, "many">>;
+    /**
+     * Whether to include sensitive data in audit logs
+     * If false, sensitive fields are redacted/masked
+     */
+    includeSensitiveData: z.ZodDefault<z.ZodBoolean>;
+    /**
+     * Fields to redact from audit logs
+     */
+    redactFields: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+    /**
+     * Whether to log successful read operations
+     * Can be disabled to reduce log volume
+     */
+    logReads: z.ZodDefault<z.ZodBoolean>;
+    /**
+     * Sampling rate for read operations (0.0 to 1.0)
+     * Only applies if logReads is true
+     */
+    readSamplingRate: z.ZodDefault<z.ZodNumber>;
+    /**
+     * Whether to log system/internal operations
+     */
+    logSystemEvents: z.ZodDefault<z.ZodBoolean>;
+    /**
+     * Custom audit event handlers
+     * Note: Function handlers are for runtime configuration only and will not be serialized to JSON Schema
+     */
+    customHandlers: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        eventType: z.ZodEnum<["data.create", "data.read", "data.update", "data.delete", "data.export", "data.import", "data.bulk_update", "data.bulk_delete", "auth.login", "auth.login_failed", "auth.logout", "auth.session_created", "auth.session_expired", "auth.password_reset", "auth.password_changed", "auth.email_verified", "auth.mfa_enabled", "auth.mfa_disabled", "auth.account_locked", "auth.account_unlocked", "authz.permission_granted", "authz.permission_revoked", "authz.role_assigned", "authz.role_removed", "authz.role_created", "authz.role_updated", "authz.role_deleted", "authz.policy_created", "authz.policy_updated", "authz.policy_deleted", "system.config_changed", "system.plugin_installed", "system.plugin_uninstalled", "system.backup_created", "system.backup_restored", "system.integration_added", "system.integration_removed", "security.access_denied", "security.suspicious_activity", "security.data_breach", "security.api_key_created", "security.api_key_revoked"]>;
+        handlerId: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        eventType: "data.create" | "data.read" | "data.update" | "data.delete" | "data.export" | "data.import" | "data.bulk_update" | "data.bulk_delete" | "auth.login" | "auth.login_failed" | "auth.logout" | "auth.session_created" | "auth.session_expired" | "auth.password_reset" | "auth.password_changed" | "auth.email_verified" | "auth.mfa_enabled" | "auth.mfa_disabled" | "auth.account_locked" | "auth.account_unlocked" | "authz.permission_granted" | "authz.permission_revoked" | "authz.role_assigned" | "authz.role_removed" | "authz.role_created" | "authz.role_updated" | "authz.role_deleted" | "authz.policy_created" | "authz.policy_updated" | "authz.policy_deleted" | "system.config_changed" | "system.plugin_installed" | "system.plugin_uninstalled" | "system.backup_created" | "system.backup_restored" | "system.integration_added" | "system.integration_removed" | "security.access_denied" | "security.suspicious_activity" | "security.data_breach" | "security.api_key_created" | "security.api_key_revoked";
+        handlerId: string;
+    }, {
+        eventType: "data.create" | "data.read" | "data.update" | "data.delete" | "data.export" | "data.import" | "data.bulk_update" | "data.bulk_delete" | "auth.login" | "auth.login_failed" | "auth.logout" | "auth.session_created" | "auth.session_expired" | "auth.password_reset" | "auth.password_changed" | "auth.email_verified" | "auth.mfa_enabled" | "auth.mfa_disabled" | "auth.account_locked" | "auth.account_unlocked" | "authz.permission_granted" | "authz.permission_revoked" | "authz.role_assigned" | "authz.role_removed" | "authz.role_created" | "authz.role_updated" | "authz.role_deleted" | "authz.policy_created" | "authz.policy_updated" | "authz.policy_deleted" | "system.config_changed" | "system.plugin_installed" | "system.plugin_uninstalled" | "system.backup_created" | "system.backup_restored" | "system.integration_added" | "system.integration_removed" | "security.access_denied" | "security.suspicious_activity" | "security.data_breach" | "security.api_key_created" | "security.api_key_revoked";
+        handlerId: string;
+    }>, "many">>;
+    /**
+     * Compliance mode configuration
+     */
+    compliance: z.ZodOptional<z.ZodObject<{
+        /**
+         * Compliance standards to enforce
+         */
+        standards: z.ZodOptional<z.ZodArray<z.ZodEnum<["sox", "hipaa", "gdpr", "pci_dss", "iso_27001", "fedramp"]>, "many">>;
+        /**
+         * Whether to enforce immutable audit logs
+         */
+        immutableLogs: z.ZodDefault<z.ZodBoolean>;
+        /**
+         * Whether to require cryptographic signing
+         */
+        requireSigning: z.ZodDefault<z.ZodBoolean>;
+        /**
+         * Signing key configuration
+         */
+        signingKey: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        immutableLogs: boolean;
+        requireSigning: boolean;
+        standards?: ("sox" | "hipaa" | "gdpr" | "pci_dss" | "iso_27001" | "fedramp")[] | undefined;
+        signingKey?: string | undefined;
+    }, {
+        standards?: ("sox" | "hipaa" | "gdpr" | "pci_dss" | "iso_27001" | "fedramp")[] | undefined;
+        immutableLogs?: boolean | undefined;
+        requireSigning?: boolean | undefined;
+        signingKey?: string | undefined;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    label: string;
+    name: string;
+    enabled: boolean;
+    minimumSeverity: "error" | "warning" | "info" | "debug" | "notice" | "critical" | "alert" | "emergency";
+    storage: {
+        type: "custom" | "database" | "s3" | "gcs" | "azure_blob" | "elasticsearch" | "mongodb" | "clickhouse";
+        bufferEnabled: boolean;
+        bufferSize: number;
+        flushIntervalSeconds: number;
+        compression: boolean;
+        config?: Record<string, any> | undefined;
+        connectionString?: string | undefined;
+    };
+    retentionPolicy: {
+        retentionDays: number;
+        archiveAfterRetention: boolean;
+        archiveStorage?: {
+            type: "s3" | "gcs" | "azure_blob" | "filesystem";
+            path?: string | undefined;
+            credentials?: Record<string, any> | undefined;
+            endpoint?: string | undefined;
+            bucket?: string | undefined;
+        } | undefined;
+        customRetention?: Record<string, number> | undefined;
+        minimumRetentionDays?: number | undefined;
+    };
+    suspiciousActivityRules: {
+        name: string;
+        condition: {
+            threshold: number;
+            windowSeconds: number;
+            filters?: Record<string, any> | undefined;
+            groupBy?: string[] | undefined;
+        };
+        actions: ("alert" | "lock_account" | "block_ip" | "require_mfa" | "log_critical" | "webhook")[];
+        id: string;
+        enabled: boolean;
+        eventTypes: ("data.create" | "data.read" | "data.update" | "data.delete" | "data.export" | "data.import" | "data.bulk_update" | "data.bulk_delete" | "auth.login" | "auth.login_failed" | "auth.logout" | "auth.session_created" | "auth.session_expired" | "auth.password_reset" | "auth.password_changed" | "auth.email_verified" | "auth.mfa_enabled" | "auth.mfa_disabled" | "auth.account_locked" | "auth.account_unlocked" | "authz.permission_granted" | "authz.permission_revoked" | "authz.role_assigned" | "authz.role_removed" | "authz.role_created" | "authz.role_updated" | "authz.role_deleted" | "authz.policy_created" | "authz.policy_updated" | "authz.policy_deleted" | "system.config_changed" | "system.plugin_installed" | "system.plugin_uninstalled" | "system.backup_created" | "system.backup_restored" | "system.integration_added" | "system.integration_removed" | "security.access_denied" | "security.suspicious_activity" | "security.data_breach" | "security.api_key_created" | "security.api_key_revoked")[];
+        alertSeverity: "error" | "warning" | "info" | "debug" | "notice" | "critical" | "alert" | "emergency";
+        description?: string | undefined;
+        notifications?: {
+            email?: string[] | undefined;
+            webhook?: string | undefined;
+            slack?: string | undefined;
+        } | undefined;
+    }[];
+    includeSensitiveData: boolean;
+    redactFields: string[];
+    logReads: boolean;
+    readSamplingRate: number;
+    logSystemEvents: boolean;
+    compliance?: {
+        immutableLogs: boolean;
+        requireSigning: boolean;
+        standards?: ("sox" | "hipaa" | "gdpr" | "pci_dss" | "iso_27001" | "fedramp")[] | undefined;
+        signingKey?: string | undefined;
+    } | undefined;
+    eventTypes?: ("data.create" | "data.read" | "data.update" | "data.delete" | "data.export" | "data.import" | "data.bulk_update" | "data.bulk_delete" | "auth.login" | "auth.login_failed" | "auth.logout" | "auth.session_created" | "auth.session_expired" | "auth.password_reset" | "auth.password_changed" | "auth.email_verified" | "auth.mfa_enabled" | "auth.mfa_disabled" | "auth.account_locked" | "auth.account_unlocked" | "authz.permission_granted" | "authz.permission_revoked" | "authz.role_assigned" | "authz.role_removed" | "authz.role_created" | "authz.role_updated" | "authz.role_deleted" | "authz.policy_created" | "authz.policy_updated" | "authz.policy_deleted" | "system.config_changed" | "system.plugin_installed" | "system.plugin_uninstalled" | "system.backup_created" | "system.backup_restored" | "system.integration_added" | "system.integration_removed" | "security.access_denied" | "security.suspicious_activity" | "security.data_breach" | "security.api_key_created" | "security.api_key_revoked")[] | undefined;
+    excludeEventTypes?: ("data.create" | "data.read" | "data.update" | "data.delete" | "data.export" | "data.import" | "data.bulk_update" | "data.bulk_delete" | "auth.login" | "auth.login_failed" | "auth.logout" | "auth.session_created" | "auth.session_expired" | "auth.password_reset" | "auth.password_changed" | "auth.email_verified" | "auth.mfa_enabled" | "auth.mfa_disabled" | "auth.account_locked" | "auth.account_unlocked" | "authz.permission_granted" | "authz.permission_revoked" | "authz.role_assigned" | "authz.role_removed" | "authz.role_created" | "authz.role_updated" | "authz.role_deleted" | "authz.policy_created" | "authz.policy_updated" | "authz.policy_deleted" | "system.config_changed" | "system.plugin_installed" | "system.plugin_uninstalled" | "system.backup_created" | "system.backup_restored" | "system.integration_added" | "system.integration_removed" | "security.access_denied" | "security.suspicious_activity" | "security.data_breach" | "security.api_key_created" | "security.api_key_revoked")[] | undefined;
+    customHandlers?: {
+        eventType: "data.create" | "data.read" | "data.update" | "data.delete" | "data.export" | "data.import" | "data.bulk_update" | "data.bulk_delete" | "auth.login" | "auth.login_failed" | "auth.logout" | "auth.session_created" | "auth.session_expired" | "auth.password_reset" | "auth.password_changed" | "auth.email_verified" | "auth.mfa_enabled" | "auth.mfa_disabled" | "auth.account_locked" | "auth.account_unlocked" | "authz.permission_granted" | "authz.permission_revoked" | "authz.role_assigned" | "authz.role_removed" | "authz.role_created" | "authz.role_updated" | "authz.role_deleted" | "authz.policy_created" | "authz.policy_updated" | "authz.policy_deleted" | "system.config_changed" | "system.plugin_installed" | "system.plugin_uninstalled" | "system.backup_created" | "system.backup_restored" | "system.integration_added" | "system.integration_removed" | "security.access_denied" | "security.suspicious_activity" | "security.data_breach" | "security.api_key_created" | "security.api_key_revoked";
+        handlerId: string;
+    }[] | undefined;
+}, {
+    label: string;
+    name: string;
+    storage: {
+        type: "custom" | "database" | "s3" | "gcs" | "azure_blob" | "elasticsearch" | "mongodb" | "clickhouse";
+        config?: Record<string, any> | undefined;
+        connectionString?: string | undefined;
+        bufferEnabled?: boolean | undefined;
+        bufferSize?: number | undefined;
+        flushIntervalSeconds?: number | undefined;
+        compression?: boolean | undefined;
+    };
+    enabled?: boolean | undefined;
+    compliance?: {
+        standards?: ("sox" | "hipaa" | "gdpr" | "pci_dss" | "iso_27001" | "fedramp")[] | undefined;
+        immutableLogs?: boolean | undefined;
+        requireSigning?: boolean | undefined;
+        signingKey?: string | undefined;
+    } | undefined;
+    eventTypes?: ("data.create" | "data.read" | "data.update" | "data.delete" | "data.export" | "data.import" | "data.bulk_update" | "data.bulk_delete" | "auth.login" | "auth.login_failed" | "auth.logout" | "auth.session_created" | "auth.session_expired" | "auth.password_reset" | "auth.password_changed" | "auth.email_verified" | "auth.mfa_enabled" | "auth.mfa_disabled" | "auth.account_locked" | "auth.account_unlocked" | "authz.permission_granted" | "authz.permission_revoked" | "authz.role_assigned" | "authz.role_removed" | "authz.role_created" | "authz.role_updated" | "authz.role_deleted" | "authz.policy_created" | "authz.policy_updated" | "authz.policy_deleted" | "system.config_changed" | "system.plugin_installed" | "system.plugin_uninstalled" | "system.backup_created" | "system.backup_restored" | "system.integration_added" | "system.integration_removed" | "security.access_denied" | "security.suspicious_activity" | "security.data_breach" | "security.api_key_created" | "security.api_key_revoked")[] | undefined;
+    excludeEventTypes?: ("data.create" | "data.read" | "data.update" | "data.delete" | "data.export" | "data.import" | "data.bulk_update" | "data.bulk_delete" | "auth.login" | "auth.login_failed" | "auth.logout" | "auth.session_created" | "auth.session_expired" | "auth.password_reset" | "auth.password_changed" | "auth.email_verified" | "auth.mfa_enabled" | "auth.mfa_disabled" | "auth.account_locked" | "auth.account_unlocked" | "authz.permission_granted" | "authz.permission_revoked" | "authz.role_assigned" | "authz.role_removed" | "authz.role_created" | "authz.role_updated" | "authz.role_deleted" | "authz.policy_created" | "authz.policy_updated" | "authz.policy_deleted" | "system.config_changed" | "system.plugin_installed" | "system.plugin_uninstalled" | "system.backup_created" | "system.backup_restored" | "system.integration_added" | "system.integration_removed" | "security.access_denied" | "security.suspicious_activity" | "security.data_breach" | "security.api_key_created" | "security.api_key_revoked")[] | undefined;
+    minimumSeverity?: "error" | "warning" | "info" | "debug" | "notice" | "critical" | "alert" | "emergency" | undefined;
+    retentionPolicy?: {
+        retentionDays?: number | undefined;
+        archiveAfterRetention?: boolean | undefined;
+        archiveStorage?: {
+            type: "s3" | "gcs" | "azure_blob" | "filesystem";
+            path?: string | undefined;
+            credentials?: Record<string, any> | undefined;
+            endpoint?: string | undefined;
+            bucket?: string | undefined;
+        } | undefined;
+        customRetention?: Record<string, number> | undefined;
+        minimumRetentionDays?: number | undefined;
+    } | undefined;
+    suspiciousActivityRules?: {
+        name: string;
+        condition: {
+            threshold: number;
+            windowSeconds: number;
+            filters?: Record<string, any> | undefined;
+            groupBy?: string[] | undefined;
+        };
+        actions: ("alert" | "lock_account" | "block_ip" | "require_mfa" | "log_critical" | "webhook")[];
+        id: string;
+        eventTypes: ("data.create" | "data.read" | "data.update" | "data.delete" | "data.export" | "data.import" | "data.bulk_update" | "data.bulk_delete" | "auth.login" | "auth.login_failed" | "auth.logout" | "auth.session_created" | "auth.session_expired" | "auth.password_reset" | "auth.password_changed" | "auth.email_verified" | "auth.mfa_enabled" | "auth.mfa_disabled" | "auth.account_locked" | "auth.account_unlocked" | "authz.permission_granted" | "authz.permission_revoked" | "authz.role_assigned" | "authz.role_removed" | "authz.role_created" | "authz.role_updated" | "authz.role_deleted" | "authz.policy_created" | "authz.policy_updated" | "authz.policy_deleted" | "system.config_changed" | "system.plugin_installed" | "system.plugin_uninstalled" | "system.backup_created" | "system.backup_restored" | "system.integration_added" | "system.integration_removed" | "security.access_denied" | "security.suspicious_activity" | "security.data_breach" | "security.api_key_created" | "security.api_key_revoked")[];
+        description?: string | undefined;
+        enabled?: boolean | undefined;
+        alertSeverity?: "error" | "warning" | "info" | "debug" | "notice" | "critical" | "alert" | "emergency" | undefined;
+        notifications?: {
+            email?: string[] | undefined;
+            webhook?: string | undefined;
+            slack?: string | undefined;
+        } | undefined;
+    }[] | undefined;
+    includeSensitiveData?: boolean | undefined;
+    redactFields?: string[] | undefined;
+    logReads?: boolean | undefined;
+    readSamplingRate?: number | undefined;
+    logSystemEvents?: boolean | undefined;
+    customHandlers?: {
+        eventType: "data.create" | "data.read" | "data.update" | "data.delete" | "data.export" | "data.import" | "data.bulk_update" | "data.bulk_delete" | "auth.login" | "auth.login_failed" | "auth.logout" | "auth.session_created" | "auth.session_expired" | "auth.password_reset" | "auth.password_changed" | "auth.email_verified" | "auth.mfa_enabled" | "auth.mfa_disabled" | "auth.account_locked" | "auth.account_unlocked" | "authz.permission_granted" | "authz.permission_revoked" | "authz.role_assigned" | "authz.role_removed" | "authz.role_created" | "authz.role_updated" | "authz.role_deleted" | "authz.policy_created" | "authz.policy_updated" | "authz.policy_deleted" | "system.config_changed" | "system.plugin_installed" | "system.plugin_uninstalled" | "system.backup_created" | "system.backup_restored" | "system.integration_added" | "system.integration_removed" | "security.access_denied" | "security.suspicious_activity" | "security.data_breach" | "security.api_key_created" | "security.api_key_revoked";
+        handlerId: string;
+    }[] | undefined;
+}>;
+export type AuditConfig = z.infer<typeof AuditConfigSchema>;
+/**
+ * Default suspicious activity rules
+ * Common security patterns to detect
+ */
+export declare const DEFAULT_SUSPICIOUS_ACTIVITY_RULES: SuspiciousActivityRule[];
+//# sourceMappingURL=audit.zod.d.ts.map