@vorionsys/security 1.0.0

package/dist/security/alerting/types.d.ts

@@ -0,0 +1,2165 @@
+/**
+ * Security Alerting System - Type Definitions
+ *
+ * Comprehensive type definitions for security alerting including:
+ * - Alert severity and channel enums
+ * - Security alert structures
+ * - Alert rules and conditions
+ * - Configuration interfaces
+ *
+ * @packageDocumentation
+ * @module security/alerting/types
+ */
+import { z } from 'zod';
+/**
+ * Alert severity levels
+ */
+export declare const AlertSeverity: {
+    readonly CRITICAL: "critical";
+    readonly HIGH: "high";
+    readonly MEDIUM: "medium";
+    readonly LOW: "low";
+    readonly INFO: "info";
+};
+export type AlertSeverity = (typeof AlertSeverity)[keyof typeof AlertSeverity];
+export declare const alertSeveritySchema: z.ZodNativeEnum<{
+    readonly CRITICAL: "critical";
+    readonly HIGH: "high";
+    readonly MEDIUM: "medium";
+    readonly LOW: "low";
+    readonly INFO: "info";
+}>;
+/**
+ * Alert delivery channels
+ */
+export declare const AlertChannel: {
+    readonly SLACK: "slack";
+    readonly PAGERDUTY: "pagerduty";
+    readonly EMAIL: "email";
+    readonly WEBHOOK: "webhook";
+    readonly SNS: "sns";
+};
+export type AlertChannel = (typeof AlertChannel)[keyof typeof AlertChannel];
+export declare const alertChannelSchema: z.ZodNativeEnum<{
+    readonly SLACK: "slack";
+    readonly PAGERDUTY: "pagerduty";
+    readonly EMAIL: "email";
+    readonly WEBHOOK: "webhook";
+    readonly SNS: "sns";
+}>;
+/**
+ * Types of security events that can trigger alerts
+ */
+export declare const SecurityEventType: {
+    readonly BRUTE_FORCE: "brute_force";
+    readonly CREDENTIAL_STUFFING: "credential_stuffing";
+    readonly ACCOUNT_LOCKOUT: "account_lockout";
+    readonly SUSPICIOUS_LOGIN: "suspicious_login";
+    readonly SESSION_HIJACK: "session_hijack";
+    readonly MFA_BYPASS_ATTEMPT: "mfa_bypass_attempt";
+    readonly PRIVILEGE_ESCALATION: "privilege_escalation";
+    readonly UNAUTHORIZED_ACCESS: "unauthorized_access";
+    readonly PERMISSION_DENIED_SPIKE: "permission_denied_spike";
+    readonly API_KEY_ABUSE: "api_key_abuse";
+    readonly RATE_LIMIT_EXCEEDED: "rate_limit_exceeded";
+    readonly INVALID_TOKEN: "invalid_token";
+    readonly TOKEN_REVOKED: "token_revoked";
+    readonly UNUSUAL_ACCESS_PATTERN: "unusual_access_pattern";
+    readonly IMPOSSIBLE_TRAVEL: "impossible_travel";
+    readonly NEW_DEVICE_LOGIN: "new_device_login";
+    readonly UNUSUAL_TIME_ACCESS: "unusual_time_access";
+    readonly SECURITY_CONFIG_CHANGE: "security_config_change";
+    readonly ADMIN_ACTION: "admin_action";
+    readonly KEY_ROTATION: "key_rotation";
+    readonly POLICY_VIOLATION: "policy_violation";
+    readonly DATA_EXFILTRATION: "data_exfiltration";
+    readonly INJECTION_ATTEMPT: "injection_attempt";
+    readonly XSS_ATTEMPT: "xss_attempt";
+    readonly CERTIFICATE_EXPIRY: "certificate_expiry";
+    readonly SECRET_EXPOSED: "secret_exposed";
+    readonly VULNERABILITY_DETECTED: "vulnerability_detected";
+    readonly INCIDENT_CREATED: "incident_created";
+    readonly INCIDENT_ESCALATED: "incident_escalated";
+    readonly CUSTOM: "custom";
+};
+export type SecurityEventType = (typeof SecurityEventType)[keyof typeof SecurityEventType];
+export declare const securityEventTypeSchema: z.ZodNativeEnum<{
+    readonly BRUTE_FORCE: "brute_force";
+    readonly CREDENTIAL_STUFFING: "credential_stuffing";
+    readonly ACCOUNT_LOCKOUT: "account_lockout";
+    readonly SUSPICIOUS_LOGIN: "suspicious_login";
+    readonly SESSION_HIJACK: "session_hijack";
+    readonly MFA_BYPASS_ATTEMPT: "mfa_bypass_attempt";
+    readonly PRIVILEGE_ESCALATION: "privilege_escalation";
+    readonly UNAUTHORIZED_ACCESS: "unauthorized_access";
+    readonly PERMISSION_DENIED_SPIKE: "permission_denied_spike";
+    readonly API_KEY_ABUSE: "api_key_abuse";
+    readonly RATE_LIMIT_EXCEEDED: "rate_limit_exceeded";
+    readonly INVALID_TOKEN: "invalid_token";
+    readonly TOKEN_REVOKED: "token_revoked";
+    readonly UNUSUAL_ACCESS_PATTERN: "unusual_access_pattern";
+    readonly IMPOSSIBLE_TRAVEL: "impossible_travel";
+    readonly NEW_DEVICE_LOGIN: "new_device_login";
+    readonly UNUSUAL_TIME_ACCESS: "unusual_time_access";
+    readonly SECURITY_CONFIG_CHANGE: "security_config_change";
+    readonly ADMIN_ACTION: "admin_action";
+    readonly KEY_ROTATION: "key_rotation";
+    readonly POLICY_VIOLATION: "policy_violation";
+    readonly DATA_EXFILTRATION: "data_exfiltration";
+    readonly INJECTION_ATTEMPT: "injection_attempt";
+    readonly XSS_ATTEMPT: "xss_attempt";
+    readonly CERTIFICATE_EXPIRY: "certificate_expiry";
+    readonly SECRET_EXPOSED: "secret_exposed";
+    readonly VULNERABILITY_DETECTED: "vulnerability_detected";
+    readonly INCIDENT_CREATED: "incident_created";
+    readonly INCIDENT_ESCALATED: "incident_escalated";
+    readonly CUSTOM: "custom";
+}>;
+/**
+ * Context information for a security alert
+ */
+export interface AlertContext {
+    /** User ID if associated with a user */
+    userId?: string;
+    /** Tenant ID for multi-tenant systems */
+    tenantId?: string;
+    /** IP address of the request */
+    ipAddress?: string;
+    /** User agent string */
+    userAgent?: string;
+    /** Geographic location */
+    location?: {
+        country?: string;
+        city?: string;
+        latitude?: number;
+        longitude?: number;
+    };
+    /** Affected resource/endpoint */
+    resource?: string;
+    /** Request ID for correlation */
+    requestId?: string;
+    /** Session ID if applicable */
+    sessionId?: string;
+    /** Additional custom fields */
+    metadata?: Record<string, unknown>;
+}
+export declare const alertContextSchema: z.ZodObject<{
+    userId: z.ZodOptional<z.ZodString>;
+    tenantId: z.ZodOptional<z.ZodString>;
+    ipAddress: z.ZodOptional<z.ZodString>;
+    userAgent: z.ZodOptional<z.ZodString>;
+    location: z.ZodOptional<z.ZodObject<{
+        country: z.ZodOptional<z.ZodString>;
+        city: z.ZodOptional<z.ZodString>;
+        latitude: z.ZodOptional<z.ZodNumber>;
+        longitude: z.ZodOptional<z.ZodNumber>;
+    }, "strip", z.ZodTypeAny, {
+        country?: string;
+        city?: string;
+        latitude?: number;
+        longitude?: number;
+    }, {
+        country?: string;
+        city?: string;
+        latitude?: number;
+        longitude?: number;
+    }>>;
+    resource: z.ZodOptional<z.ZodString>;
+    requestId: z.ZodOptional<z.ZodString>;
+    sessionId: z.ZodOptional<z.ZodString>;
+    metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+}, "strip", z.ZodTypeAny, {
+    userId?: string;
+    location?: {
+        country?: string;
+        city?: string;
+        latitude?: number;
+        longitude?: number;
+    };
+    requestId?: string;
+    tenantId?: string;
+    sessionId?: string;
+    userAgent?: string;
+    metadata?: Record<string, unknown>;
+    ipAddress?: string;
+    resource?: string;
+}, {
+    userId?: string;
+    location?: {
+        country?: string;
+        city?: string;
+        latitude?: number;
+        longitude?: number;
+    };
+    requestId?: string;
+    tenantId?: string;
+    sessionId?: string;
+    userAgent?: string;
+    metadata?: Record<string, unknown>;
+    ipAddress?: string;
+    resource?: string;
+}>;
+/**
+ * A security alert
+ */
+export interface SecurityAlert {
+    /** Unique alert ID */
+    id: string;
+    /** Alert severity */
+    severity: AlertSeverity;
+    /** Type of security event */
+    type: SecurityEventType;
+    /** Human-readable alert message */
+    message: string;
+    /** Alert title for display */
+    title: string;
+    /** Detailed context information */
+    context: AlertContext;
+    /** When the alert was created */
+    timestamp: Date;
+    /** Fingerprint for deduplication */
+    fingerprint: string;
+    /** Source system/component */
+    source: string;
+    /** Suggested remediation actions */
+    suggestedActions?: string[];
+    /** Related alert IDs */
+    relatedAlerts?: string[];
+    /** Whether alert has been acknowledged */
+    acknowledged: boolean;
+    /** Who acknowledged the alert */
+    acknowledgedBy?: string;
+    /** When the alert was acknowledged */
+    acknowledgedAt?: Date;
+    /** Whether alert has been resolved */
+    resolved: boolean;
+    /** Resolution notes */
+    resolutionNotes?: string;
+    /** Tags for categorization */
+    tags?: string[];
+}
+export declare const securityAlertSchema: z.ZodObject<{
+    id: z.ZodString;
+    severity: z.ZodNativeEnum<{
+        readonly CRITICAL: "critical";
+        readonly HIGH: "high";
+        readonly MEDIUM: "medium";
+        readonly LOW: "low";
+        readonly INFO: "info";
+    }>;
+    type: z.ZodNativeEnum<{
+        readonly BRUTE_FORCE: "brute_force";
+        readonly CREDENTIAL_STUFFING: "credential_stuffing";
+        readonly ACCOUNT_LOCKOUT: "account_lockout";
+        readonly SUSPICIOUS_LOGIN: "suspicious_login";
+        readonly SESSION_HIJACK: "session_hijack";
+        readonly MFA_BYPASS_ATTEMPT: "mfa_bypass_attempt";
+        readonly PRIVILEGE_ESCALATION: "privilege_escalation";
+        readonly UNAUTHORIZED_ACCESS: "unauthorized_access";
+        readonly PERMISSION_DENIED_SPIKE: "permission_denied_spike";
+        readonly API_KEY_ABUSE: "api_key_abuse";
+        readonly RATE_LIMIT_EXCEEDED: "rate_limit_exceeded";
+        readonly INVALID_TOKEN: "invalid_token";
+        readonly TOKEN_REVOKED: "token_revoked";
+        readonly UNUSUAL_ACCESS_PATTERN: "unusual_access_pattern";
+        readonly IMPOSSIBLE_TRAVEL: "impossible_travel";
+        readonly NEW_DEVICE_LOGIN: "new_device_login";
+        readonly UNUSUAL_TIME_ACCESS: "unusual_time_access";
+        readonly SECURITY_CONFIG_CHANGE: "security_config_change";
+        readonly ADMIN_ACTION: "admin_action";
+        readonly KEY_ROTATION: "key_rotation";
+        readonly POLICY_VIOLATION: "policy_violation";
+        readonly DATA_EXFILTRATION: "data_exfiltration";
+        readonly INJECTION_ATTEMPT: "injection_attempt";
+        readonly XSS_ATTEMPT: "xss_attempt";
+        readonly CERTIFICATE_EXPIRY: "certificate_expiry";
+        readonly SECRET_EXPOSED: "secret_exposed";
+        readonly VULNERABILITY_DETECTED: "vulnerability_detected";
+        readonly INCIDENT_CREATED: "incident_created";
+        readonly INCIDENT_ESCALATED: "incident_escalated";
+        readonly CUSTOM: "custom";
+    }>;
+    message: z.ZodString;
+    title: z.ZodString;
+    context: z.ZodObject<{
+        userId: z.ZodOptional<z.ZodString>;
+        tenantId: z.ZodOptional<z.ZodString>;
+        ipAddress: z.ZodOptional<z.ZodString>;
+        userAgent: z.ZodOptional<z.ZodString>;
+        location: z.ZodOptional<z.ZodObject<{
+            country: z.ZodOptional<z.ZodString>;
+            city: z.ZodOptional<z.ZodString>;
+            latitude: z.ZodOptional<z.ZodNumber>;
+            longitude: z.ZodOptional<z.ZodNumber>;
+        }, "strip", z.ZodTypeAny, {
+            country?: string;
+            city?: string;
+            latitude?: number;
+            longitude?: number;
+        }, {
+            country?: string;
+            city?: string;
+            latitude?: number;
+            longitude?: number;
+        }>>;
+        resource: z.ZodOptional<z.ZodString>;
+        requestId: z.ZodOptional<z.ZodString>;
+        sessionId: z.ZodOptional<z.ZodString>;
+        metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    }, "strip", z.ZodTypeAny, {
+        userId?: string;
+        location?: {
+            country?: string;
+            city?: string;
+            latitude?: number;
+            longitude?: number;
+        };
+        requestId?: string;
+        tenantId?: string;
+        sessionId?: string;
+        userAgent?: string;
+        metadata?: Record<string, unknown>;
+        ipAddress?: string;
+        resource?: string;
+    }, {
+        userId?: string;
+        location?: {
+            country?: string;
+            city?: string;
+            latitude?: number;
+            longitude?: number;
+        };
+        requestId?: string;
+        tenantId?: string;
+        sessionId?: string;
+        userAgent?: string;
+        metadata?: Record<string, unknown>;
+        ipAddress?: string;
+        resource?: string;
+    }>;
+    timestamp: z.ZodDate;
+    fingerprint: z.ZodString;
+    source: z.ZodString;
+    suggestedActions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    relatedAlerts: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    acknowledged: z.ZodDefault<z.ZodBoolean>;
+    acknowledgedBy: z.ZodOptional<z.ZodString>;
+    acknowledgedAt: z.ZodOptional<z.ZodDate>;
+    resolved: z.ZodDefault<z.ZodBoolean>;
+    resolutionNotes: z.ZodOptional<z.ZodString>;
+    tags: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+}, "strip", z.ZodTypeAny, {
+    id?: string;
+    message?: string;
+    type?: "custom" | "policy_violation" | "rate_limit_exceeded" | "brute_force" | "credential_stuffing" | "account_lockout" | "suspicious_login" | "session_hijack" | "mfa_bypass_attempt" | "privilege_escalation" | "unauthorized_access" | "permission_denied_spike" | "api_key_abuse" | "invalid_token" | "token_revoked" | "unusual_access_pattern" | "impossible_travel" | "new_device_login" | "unusual_time_access" | "security_config_change" | "admin_action" | "key_rotation" | "data_exfiltration" | "injection_attempt" | "xss_attempt" | "certificate_expiry" | "secret_exposed" | "vulnerability_detected" | "incident_created" | "incident_escalated";
+    timestamp?: Date;
+    tags?: string[];
+    title?: string;
+    source?: string;
+    context?: {
+        userId?: string;
+        location?: {
+            country?: string;
+            city?: string;
+            latitude?: number;
+            longitude?: number;
+        };
+        requestId?: string;
+        tenantId?: string;
+        sessionId?: string;
+        userAgent?: string;
+        metadata?: Record<string, unknown>;
+        ipAddress?: string;
+        resource?: string;
+    };
+    acknowledged?: boolean;
+    resolutionNotes?: string;
+    acknowledgedAt?: Date;
+    severity?: "info" | "low" | "medium" | "high" | "critical";
+    fingerprint?: string;
+    suggestedActions?: string[];
+    relatedAlerts?: string[];
+    acknowledgedBy?: string;
+    resolved?: boolean;
+}, {
+    id?: string;
+    message?: string;
+    type?: "custom" | "policy_violation" | "rate_limit_exceeded" | "brute_force" | "credential_stuffing" | "account_lockout" | "suspicious_login" | "session_hijack" | "mfa_bypass_attempt" | "privilege_escalation" | "unauthorized_access" | "permission_denied_spike" | "api_key_abuse" | "invalid_token" | "token_revoked" | "unusual_access_pattern" | "impossible_travel" | "new_device_login" | "unusual_time_access" | "security_config_change" | "admin_action" | "key_rotation" | "data_exfiltration" | "injection_attempt" | "xss_attempt" | "certificate_expiry" | "secret_exposed" | "vulnerability_detected" | "incident_created" | "incident_escalated";
+    timestamp?: Date;
+    tags?: string[];
+    title?: string;
+    source?: string;
+    context?: {
+        userId?: string;
+        location?: {
+            country?: string;
+            city?: string;
+            latitude?: number;
+            longitude?: number;
+        };
+        requestId?: string;
+        tenantId?: string;
+        sessionId?: string;
+        userAgent?: string;
+        metadata?: Record<string, unknown>;
+        ipAddress?: string;
+        resource?: string;
+    };
+    acknowledged?: boolean;
+    resolutionNotes?: string;
+    acknowledgedAt?: Date;
+    severity?: "info" | "low" | "medium" | "high" | "critical";
+    fingerprint?: string;
+    suggestedActions?: string[];
+    relatedAlerts?: string[];
+    acknowledgedBy?: string;
+    resolved?: boolean;
+}>;
+/**
+ * Input for creating a security alert
+ */
+export interface CreateAlertInput {
+    severity: AlertSeverity;
+    type: SecurityEventType;
+    message: string;
+    title: string;
+    context: AlertContext;
+    source: string;
+    suggestedActions?: string[];
+    tags?: string[];
+}
+export declare const createAlertInputSchema: z.ZodObject<{
+    severity: z.ZodNativeEnum<{
+        readonly CRITICAL: "critical";
+        readonly HIGH: "high";
+        readonly MEDIUM: "medium";
+        readonly LOW: "low";
+        readonly INFO: "info";
+    }>;
+    type: z.ZodNativeEnum<{
+        readonly BRUTE_FORCE: "brute_force";
+        readonly CREDENTIAL_STUFFING: "credential_stuffing";
+        readonly ACCOUNT_LOCKOUT: "account_lockout";
+        readonly SUSPICIOUS_LOGIN: "suspicious_login";
+        readonly SESSION_HIJACK: "session_hijack";
+        readonly MFA_BYPASS_ATTEMPT: "mfa_bypass_attempt";
+        readonly PRIVILEGE_ESCALATION: "privilege_escalation";
+        readonly UNAUTHORIZED_ACCESS: "unauthorized_access";
+        readonly PERMISSION_DENIED_SPIKE: "permission_denied_spike";
+        readonly API_KEY_ABUSE: "api_key_abuse";
+        readonly RATE_LIMIT_EXCEEDED: "rate_limit_exceeded";
+        readonly INVALID_TOKEN: "invalid_token";
+        readonly TOKEN_REVOKED: "token_revoked";
+        readonly UNUSUAL_ACCESS_PATTERN: "unusual_access_pattern";
+        readonly IMPOSSIBLE_TRAVEL: "impossible_travel";
+        readonly NEW_DEVICE_LOGIN: "new_device_login";
+        readonly UNUSUAL_TIME_ACCESS: "unusual_time_access";
+        readonly SECURITY_CONFIG_CHANGE: "security_config_change";
+        readonly ADMIN_ACTION: "admin_action";
+        readonly KEY_ROTATION: "key_rotation";
+        readonly POLICY_VIOLATION: "policy_violation";
+        readonly DATA_EXFILTRATION: "data_exfiltration";
+        readonly INJECTION_ATTEMPT: "injection_attempt";
+        readonly XSS_ATTEMPT: "xss_attempt";
+        readonly CERTIFICATE_EXPIRY: "certificate_expiry";
+        readonly SECRET_EXPOSED: "secret_exposed";
+        readonly VULNERABILITY_DETECTED: "vulnerability_detected";
+        readonly INCIDENT_CREATED: "incident_created";
+        readonly INCIDENT_ESCALATED: "incident_escalated";
+        readonly CUSTOM: "custom";
+    }>;
+    message: z.ZodString;
+    title: z.ZodString;
+    context: z.ZodObject<{
+        userId: z.ZodOptional<z.ZodString>;
+        tenantId: z.ZodOptional<z.ZodString>;
+        ipAddress: z.ZodOptional<z.ZodString>;
+        userAgent: z.ZodOptional<z.ZodString>;
+        location: z.ZodOptional<z.ZodObject<{
+            country: z.ZodOptional<z.ZodString>;
+            city: z.ZodOptional<z.ZodString>;
+            latitude: z.ZodOptional<z.ZodNumber>;
+            longitude: z.ZodOptional<z.ZodNumber>;
+        }, "strip", z.ZodTypeAny, {
+            country?: string;
+            city?: string;
+            latitude?: number;
+            longitude?: number;
+        }, {
+            country?: string;
+            city?: string;
+            latitude?: number;
+            longitude?: number;
+        }>>;
+        resource: z.ZodOptional<z.ZodString>;
+        requestId: z.ZodOptional<z.ZodString>;
+        sessionId: z.ZodOptional<z.ZodString>;
+        metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    }, "strip", z.ZodTypeAny, {
+        userId?: string;
+        location?: {
+            country?: string;
+            city?: string;
+            latitude?: number;
+            longitude?: number;
+        };
+        requestId?: string;
+        tenantId?: string;
+        sessionId?: string;
+        userAgent?: string;
+        metadata?: Record<string, unknown>;
+        ipAddress?: string;
+        resource?: string;
+    }, {
+        userId?: string;
+        location?: {
+            country?: string;
+            city?: string;
+            latitude?: number;
+            longitude?: number;
+        };
+        requestId?: string;
+        tenantId?: string;
+        sessionId?: string;
+        userAgent?: string;
+        metadata?: Record<string, unknown>;
+        ipAddress?: string;
+        resource?: string;
+    }>;
+    source: z.ZodString;
+    suggestedActions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    tags: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+}, "strip", z.ZodTypeAny, {
+    message?: string;
+    type?: "custom" | "policy_violation" | "rate_limit_exceeded" | "brute_force" | "credential_stuffing" | "account_lockout" | "suspicious_login" | "session_hijack" | "mfa_bypass_attempt" | "privilege_escalation" | "unauthorized_access" | "permission_denied_spike" | "api_key_abuse" | "invalid_token" | "token_revoked" | "unusual_access_pattern" | "impossible_travel" | "new_device_login" | "unusual_time_access" | "security_config_change" | "admin_action" | "key_rotation" | "data_exfiltration" | "injection_attempt" | "xss_attempt" | "certificate_expiry" | "secret_exposed" | "vulnerability_detected" | "incident_created" | "incident_escalated";
+    tags?: string[];
+    title?: string;
+    source?: string;
+    context?: {
+        userId?: string;
+        location?: {
+            country?: string;
+            city?: string;
+            latitude?: number;
+            longitude?: number;
+        };
+        requestId?: string;
+        tenantId?: string;
+        sessionId?: string;
+        userAgent?: string;
+        metadata?: Record<string, unknown>;
+        ipAddress?: string;
+        resource?: string;
+    };
+    severity?: "info" | "low" | "medium" | "high" | "critical";
+    suggestedActions?: string[];
+}, {
+    message?: string;
+    type?: "custom" | "policy_violation" | "rate_limit_exceeded" | "brute_force" | "credential_stuffing" | "account_lockout" | "suspicious_login" | "session_hijack" | "mfa_bypass_attempt" | "privilege_escalation" | "unauthorized_access" | "permission_denied_spike" | "api_key_abuse" | "invalid_token" | "token_revoked" | "unusual_access_pattern" | "impossible_travel" | "new_device_login" | "unusual_time_access" | "security_config_change" | "admin_action" | "key_rotation" | "data_exfiltration" | "injection_attempt" | "xss_attempt" | "certificate_expiry" | "secret_exposed" | "vulnerability_detected" | "incident_created" | "incident_escalated";
+    tags?: string[];
+    title?: string;
+    source?: string;
+    context?: {
+        userId?: string;
+        location?: {
+            country?: string;
+            city?: string;
+            latitude?: number;
+            longitude?: number;
+        };
+        requestId?: string;
+        tenantId?: string;
+        sessionId?: string;
+        userAgent?: string;
+        metadata?: Record<string, unknown>;
+        ipAddress?: string;
+        resource?: string;
+    };
+    severity?: "info" | "low" | "medium" | "high" | "critical";
+    suggestedActions?: string[];
+}>;
+/**
+ * Condition operators for alert rules
+ */
+export declare const ConditionOperator: {
+    readonly EQUALS: "equals";
+    readonly NOT_EQUALS: "not_equals";
+    readonly GREATER_THAN: "greater_than";
+    readonly LESS_THAN: "less_than";
+    readonly GREATER_THAN_OR_EQUALS: "greater_than_or_equals";
+    readonly LESS_THAN_OR_EQUALS: "less_than_or_equals";
+    readonly CONTAINS: "contains";
+    readonly NOT_CONTAINS: "not_contains";
+    readonly MATCHES: "matches";
+    readonly IN: "in";
+    readonly NOT_IN: "not_in";
+};
+export type ConditionOperator = (typeof ConditionOperator)[keyof typeof ConditionOperator];
+export declare const conditionOperatorSchema: z.ZodNativeEnum<{
+    readonly EQUALS: "equals";
+    readonly NOT_EQUALS: "not_equals";
+    readonly GREATER_THAN: "greater_than";
+    readonly LESS_THAN: "less_than";
+    readonly GREATER_THAN_OR_EQUALS: "greater_than_or_equals";
+    readonly LESS_THAN_OR_EQUALS: "less_than_or_equals";
+    readonly CONTAINS: "contains";
+    readonly NOT_CONTAINS: "not_contains";
+    readonly MATCHES: "matches";
+    readonly IN: "in";
+    readonly NOT_IN: "not_in";
+}>;
+/**
+ * A single condition in an alert rule
+ */
+export interface AlertCondition {
+    /** Field to evaluate */
+    field: string;
+    /** Comparison operator */
+    operator: ConditionOperator;
+    /** Value to compare against */
+    value: unknown;
+}
+export declare const alertConditionSchema: z.ZodObject<{
+    field: z.ZodString;
+    operator: z.ZodNativeEnum<{
+        readonly EQUALS: "equals";
+        readonly NOT_EQUALS: "not_equals";
+        readonly GREATER_THAN: "greater_than";
+        readonly LESS_THAN: "less_than";
+        readonly GREATER_THAN_OR_EQUALS: "greater_than_or_equals";
+        readonly LESS_THAN_OR_EQUALS: "less_than_or_equals";
+        readonly CONTAINS: "contains";
+        readonly NOT_CONTAINS: "not_contains";
+        readonly MATCHES: "matches";
+        readonly IN: "in";
+        readonly NOT_IN: "not_in";
+    }>;
+    value: z.ZodUnknown;
+}, "strip", z.ZodTypeAny, {
+    value?: unknown;
+    field?: string;
+    operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equals" | "less_than_or_equals" | "contains" | "not_contains" | "matches" | "in" | "not_in";
+}, {
+    value?: unknown;
+    field?: string;
+    operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equals" | "less_than_or_equals" | "contains" | "not_contains" | "matches" | "in" | "not_in";
+}>;
+/**
+ * Threshold configuration for rate-based alerts
+ */
+export interface AlertThreshold {
+    /** Number of events to trigger */
+    count: number;
+    /** Time window in seconds */
+    windowSeconds: number;
+    /** Field to group by (e.g., 'userId', 'ipAddress') */
+    groupBy?: string;
+}
+export declare const alertThresholdSchema: z.ZodObject<{
+    count: z.ZodNumber;
+    windowSeconds: z.ZodNumber;
+    groupBy: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    count?: number;
+    windowSeconds?: number;
+    groupBy?: string;
+}, {
+    count?: number;
+    windowSeconds?: number;
+    groupBy?: string;
+}>;
+/**
+ * Channel-specific configuration
+ */
+export interface ChannelConfig {
+    /** Channel type */
+    channel: AlertChannel;
+    /** Channel-specific settings */
+    config: Record<string, unknown>;
+    /** Only send alerts of these severities */
+    severityFilter?: AlertSeverity[];
+    /** Only send alerts during these hours (0-23) */
+    activeHours?: {
+        start: number;
+        end: number;
+    };
+    /** Rate limit for this channel (alerts per minute) */
+    rateLimit?: number;
+}
+export declare const channelConfigSchema: z.ZodObject<{
+    channel: z.ZodNativeEnum<{
+        readonly SLACK: "slack";
+        readonly PAGERDUTY: "pagerduty";
+        readonly EMAIL: "email";
+        readonly WEBHOOK: "webhook";
+        readonly SNS: "sns";
+    }>;
+    config: z.ZodRecord<z.ZodString, z.ZodUnknown>;
+    severityFilter: z.ZodOptional<z.ZodArray<z.ZodNativeEnum<{
+        readonly CRITICAL: "critical";
+        readonly HIGH: "high";
+        readonly MEDIUM: "medium";
+        readonly LOW: "low";
+        readonly INFO: "info";
+    }>, "many">>;
+    activeHours: z.ZodOptional<z.ZodObject<{
+        start: z.ZodNumber;
+        end: z.ZodNumber;
+    }, "strip", z.ZodTypeAny, {
+        end?: number;
+        start?: number;
+    }, {
+        end?: number;
+        start?: number;
+    }>>;
+    rateLimit: z.ZodOptional<z.ZodNumber>;
+}, "strip", z.ZodTypeAny, {
+    channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+    config?: Record<string, unknown>;
+    rateLimit?: number;
+    severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+    activeHours?: {
+        end?: number;
+        start?: number;
+    };
+}, {
+    channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+    config?: Record<string, unknown>;
+    rateLimit?: number;
+    severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+    activeHours?: {
+        end?: number;
+        start?: number;
+    };
+}>;
+/**
+ * An alert rule definition
+ */
+export interface AlertRule {
+    /** Unique rule ID */
+    id: string;
+    /** Rule name */
+    name: string;
+    /** Rule description */
+    description?: string;
+    /** Whether rule is enabled */
+    enabled: boolean;
+    /** Event types this rule applies to */
+    eventTypes: SecurityEventType[];
+    /** Conditions that must be met */
+    conditions?: AlertCondition[];
+    /** Threshold for rate-based rules */
+    threshold?: AlertThreshold;
+    /** Channels to send alerts to */
+    channels: ChannelConfig[];
+    /** Cooldown period in seconds (prevent duplicate alerts) */
+    cooldownSeconds: number;
+    /** Alert severity to assign */
+    severity: AlertSeverity;
+    /** Tags to add to alerts */
+    tags?: string[];
+    /** Priority for rule evaluation (higher = first) */
+    priority: number;
+    /** Whether to stop processing other rules on match */
+    stopOnMatch: boolean;
+    /** Custom message template */
+    messageTemplate?: string;
+    /** Custom title template */
+    titleTemplate?: string;
+}
+export declare const alertRuleSchema: z.ZodObject<{
+    id: z.ZodString;
+    name: z.ZodString;
+    description: z.ZodOptional<z.ZodString>;
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    eventTypes: z.ZodArray<z.ZodNativeEnum<{
+        readonly BRUTE_FORCE: "brute_force";
+        readonly CREDENTIAL_STUFFING: "credential_stuffing";
+        readonly ACCOUNT_LOCKOUT: "account_lockout";
+        readonly SUSPICIOUS_LOGIN: "suspicious_login";
+        readonly SESSION_HIJACK: "session_hijack";
+        readonly MFA_BYPASS_ATTEMPT: "mfa_bypass_attempt";
+        readonly PRIVILEGE_ESCALATION: "privilege_escalation";
+        readonly UNAUTHORIZED_ACCESS: "unauthorized_access";
+        readonly PERMISSION_DENIED_SPIKE: "permission_denied_spike";
+        readonly API_KEY_ABUSE: "api_key_abuse";
+        readonly RATE_LIMIT_EXCEEDED: "rate_limit_exceeded";
+        readonly INVALID_TOKEN: "invalid_token";
+        readonly TOKEN_REVOKED: "token_revoked";
+        readonly UNUSUAL_ACCESS_PATTERN: "unusual_access_pattern";
+        readonly IMPOSSIBLE_TRAVEL: "impossible_travel";
+        readonly NEW_DEVICE_LOGIN: "new_device_login";
+        readonly UNUSUAL_TIME_ACCESS: "unusual_time_access";
+        readonly SECURITY_CONFIG_CHANGE: "security_config_change";
+        readonly ADMIN_ACTION: "admin_action";
+        readonly KEY_ROTATION: "key_rotation";
+        readonly POLICY_VIOLATION: "policy_violation";
+        readonly DATA_EXFILTRATION: "data_exfiltration";
+        readonly INJECTION_ATTEMPT: "injection_attempt";
+        readonly XSS_ATTEMPT: "xss_attempt";
+        readonly CERTIFICATE_EXPIRY: "certificate_expiry";
+        readonly SECRET_EXPOSED: "secret_exposed";
+        readonly VULNERABILITY_DETECTED: "vulnerability_detected";
+        readonly INCIDENT_CREATED: "incident_created";
+        readonly INCIDENT_ESCALATED: "incident_escalated";
+        readonly CUSTOM: "custom";
+    }>, "many">;
+    conditions: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        field: z.ZodString;
+        operator: z.ZodNativeEnum<{
+            readonly EQUALS: "equals";
+            readonly NOT_EQUALS: "not_equals";
+            readonly GREATER_THAN: "greater_than";
+            readonly LESS_THAN: "less_than";
+            readonly GREATER_THAN_OR_EQUALS: "greater_than_or_equals";
+            readonly LESS_THAN_OR_EQUALS: "less_than_or_equals";
+            readonly CONTAINS: "contains";
+            readonly NOT_CONTAINS: "not_contains";
+            readonly MATCHES: "matches";
+            readonly IN: "in";
+            readonly NOT_IN: "not_in";
+        }>;
+        value: z.ZodUnknown;
+    }, "strip", z.ZodTypeAny, {
+        value?: unknown;
+        field?: string;
+        operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equals" | "less_than_or_equals" | "contains" | "not_contains" | "matches" | "in" | "not_in";
+    }, {
+        value?: unknown;
+        field?: string;
+        operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equals" | "less_than_or_equals" | "contains" | "not_contains" | "matches" | "in" | "not_in";
+    }>, "many">>;
+    threshold: z.ZodOptional<z.ZodObject<{
+        count: z.ZodNumber;
+        windowSeconds: z.ZodNumber;
+        groupBy: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        count?: number;
+        windowSeconds?: number;
+        groupBy?: string;
+    }, {
+        count?: number;
+        windowSeconds?: number;
+        groupBy?: string;
+    }>>;
+    channels: z.ZodArray<z.ZodObject<{
+        channel: z.ZodNativeEnum<{
+            readonly SLACK: "slack";
+            readonly PAGERDUTY: "pagerduty";
+            readonly EMAIL: "email";
+            readonly WEBHOOK: "webhook";
+            readonly SNS: "sns";
+        }>;
+        config: z.ZodRecord<z.ZodString, z.ZodUnknown>;
+        severityFilter: z.ZodOptional<z.ZodArray<z.ZodNativeEnum<{
+            readonly CRITICAL: "critical";
+            readonly HIGH: "high";
+            readonly MEDIUM: "medium";
+            readonly LOW: "low";
+            readonly INFO: "info";
+        }>, "many">>;
+        activeHours: z.ZodOptional<z.ZodObject<{
+            start: z.ZodNumber;
+            end: z.ZodNumber;
+        }, "strip", z.ZodTypeAny, {
+            end?: number;
+            start?: number;
+        }, {
+            end?: number;
+            start?: number;
+        }>>;
+        rateLimit: z.ZodOptional<z.ZodNumber>;
+    }, "strip", z.ZodTypeAny, {
+        channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+        config?: Record<string, unknown>;
+        rateLimit?: number;
+        severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+        activeHours?: {
+            end?: number;
+            start?: number;
+        };
+    }, {
+        channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+        config?: Record<string, unknown>;
+        rateLimit?: number;
+        severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+        activeHours?: {
+            end?: number;
+            start?: number;
+        };
+    }>, "many">;
+    cooldownSeconds: z.ZodDefault<z.ZodNumber>;
+    severity: z.ZodNativeEnum<{
+        readonly CRITICAL: "critical";
+        readonly HIGH: "high";
+        readonly MEDIUM: "medium";
+        readonly LOW: "low";
+        readonly INFO: "info";
+    }>;
+    tags: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    priority: z.ZodDefault<z.ZodNumber>;
+    stopOnMatch: z.ZodDefault<z.ZodBoolean>;
+    messageTemplate: z.ZodOptional<z.ZodString>;
+    titleTemplate: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    id?: string;
+    name?: string;
+    tags?: string[];
+    description?: string;
+    enabled?: boolean;
+    priority?: number;
+    severity?: "info" | "low" | "medium" | "high" | "critical";
+    eventTypes?: ("custom" | "policy_violation" | "rate_limit_exceeded" | "brute_force" | "credential_stuffing" | "account_lockout" | "suspicious_login" | "session_hijack" | "mfa_bypass_attempt" | "privilege_escalation" | "unauthorized_access" | "permission_denied_spike" | "api_key_abuse" | "invalid_token" | "token_revoked" | "unusual_access_pattern" | "impossible_travel" | "new_device_login" | "unusual_time_access" | "security_config_change" | "admin_action" | "key_rotation" | "data_exfiltration" | "injection_attempt" | "xss_attempt" | "certificate_expiry" | "secret_exposed" | "vulnerability_detected" | "incident_created" | "incident_escalated")[];
+    conditions?: {
+        value?: unknown;
+        field?: string;
+        operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equals" | "less_than_or_equals" | "contains" | "not_contains" | "matches" | "in" | "not_in";
+    }[];
+    threshold?: {
+        count?: number;
+        windowSeconds?: number;
+        groupBy?: string;
+    };
+    channels?: {
+        channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+        config?: Record<string, unknown>;
+        rateLimit?: number;
+        severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+        activeHours?: {
+            end?: number;
+            start?: number;
+        };
+    }[];
+    cooldownSeconds?: number;
+    stopOnMatch?: boolean;
+    messageTemplate?: string;
+    titleTemplate?: string;
+}, {
+    id?: string;
+    name?: string;
+    tags?: string[];
+    description?: string;
+    enabled?: boolean;
+    priority?: number;
+    severity?: "info" | "low" | "medium" | "high" | "critical";
+    eventTypes?: ("custom" | "policy_violation" | "rate_limit_exceeded" | "brute_force" | "credential_stuffing" | "account_lockout" | "suspicious_login" | "session_hijack" | "mfa_bypass_attempt" | "privilege_escalation" | "unauthorized_access" | "permission_denied_spike" | "api_key_abuse" | "invalid_token" | "token_revoked" | "unusual_access_pattern" | "impossible_travel" | "new_device_login" | "unusual_time_access" | "security_config_change" | "admin_action" | "key_rotation" | "data_exfiltration" | "injection_attempt" | "xss_attempt" | "certificate_expiry" | "secret_exposed" | "vulnerability_detected" | "incident_created" | "incident_escalated")[];
+    conditions?: {
+        value?: unknown;
+        field?: string;
+        operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equals" | "less_than_or_equals" | "contains" | "not_contains" | "matches" | "in" | "not_in";
+    }[];
+    threshold?: {
+        count?: number;
+        windowSeconds?: number;
+        groupBy?: string;
+    };
+    channels?: {
+        channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+        config?: Record<string, unknown>;
+        rateLimit?: number;
+        severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+        activeHours?: {
+            end?: number;
+            start?: number;
+        };
+    }[];
+    cooldownSeconds?: number;
+    stopOnMatch?: boolean;
+    messageTemplate?: string;
+    titleTemplate?: string;
+}>;
+/**
+ * Maintenance window configuration
+ */
+export interface MaintenanceWindow {
+    /** Unique window ID */
+    id: string;
+    /** Window name */
+    name: string;
+    /** Start time (ISO 8601) */
+    startTime: Date;
+    /** End time (ISO 8601) */
+    endTime: Date;
+    /** Event types to suppress */
+    suppressedEventTypes?: SecurityEventType[];
+    /** Severities to suppress */
+    suppressedSeverities?: AlertSeverity[];
+    /** Whether to suppress all alerts */
+    suppressAll: boolean;
+    /** Reason for maintenance */
+    reason?: string;
+    /** Who created the window */
+    createdBy: string;
+}
+export declare const maintenanceWindowSchema: z.ZodObject<{
+    id: z.ZodString;
+    name: z.ZodString;
+    startTime: z.ZodDate;
+    endTime: z.ZodDate;
+    suppressedEventTypes: z.ZodOptional<z.ZodArray<z.ZodNativeEnum<{
+        readonly BRUTE_FORCE: "brute_force";
+        readonly CREDENTIAL_STUFFING: "credential_stuffing";
+        readonly ACCOUNT_LOCKOUT: "account_lockout";
+        readonly SUSPICIOUS_LOGIN: "suspicious_login";
+        readonly SESSION_HIJACK: "session_hijack";
+        readonly MFA_BYPASS_ATTEMPT: "mfa_bypass_attempt";
+        readonly PRIVILEGE_ESCALATION: "privilege_escalation";
+        readonly UNAUTHORIZED_ACCESS: "unauthorized_access";
+        readonly PERMISSION_DENIED_SPIKE: "permission_denied_spike";
+        readonly API_KEY_ABUSE: "api_key_abuse";
+        readonly RATE_LIMIT_EXCEEDED: "rate_limit_exceeded";
+        readonly INVALID_TOKEN: "invalid_token";
+        readonly TOKEN_REVOKED: "token_revoked";
+        readonly UNUSUAL_ACCESS_PATTERN: "unusual_access_pattern";
+        readonly IMPOSSIBLE_TRAVEL: "impossible_travel";
+        readonly NEW_DEVICE_LOGIN: "new_device_login";
+        readonly UNUSUAL_TIME_ACCESS: "unusual_time_access";
+        readonly SECURITY_CONFIG_CHANGE: "security_config_change";
+        readonly ADMIN_ACTION: "admin_action";
+        readonly KEY_ROTATION: "key_rotation";
+        readonly POLICY_VIOLATION: "policy_violation";
+        readonly DATA_EXFILTRATION: "data_exfiltration";
+        readonly INJECTION_ATTEMPT: "injection_attempt";
+        readonly XSS_ATTEMPT: "xss_attempt";
+        readonly CERTIFICATE_EXPIRY: "certificate_expiry";
+        readonly SECRET_EXPOSED: "secret_exposed";
+        readonly VULNERABILITY_DETECTED: "vulnerability_detected";
+        readonly INCIDENT_CREATED: "incident_created";
+        readonly INCIDENT_ESCALATED: "incident_escalated";
+        readonly CUSTOM: "custom";
+    }>, "many">>;
+    suppressedSeverities: z.ZodOptional<z.ZodArray<z.ZodNativeEnum<{
+        readonly CRITICAL: "critical";
+        readonly HIGH: "high";
+        readonly MEDIUM: "medium";
+        readonly LOW: "low";
+        readonly INFO: "info";
+    }>, "many">>;
+    suppressAll: z.ZodDefault<z.ZodBoolean>;
+    reason: z.ZodOptional<z.ZodString>;
+    createdBy: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    id?: string;
+    name?: string;
+    reason?: string;
+    createdBy?: string;
+    startTime?: Date;
+    endTime?: Date;
+    suppressedEventTypes?: ("custom" | "policy_violation" | "rate_limit_exceeded" | "brute_force" | "credential_stuffing" | "account_lockout" | "suspicious_login" | "session_hijack" | "mfa_bypass_attempt" | "privilege_escalation" | "unauthorized_access" | "permission_denied_spike" | "api_key_abuse" | "invalid_token" | "token_revoked" | "unusual_access_pattern" | "impossible_travel" | "new_device_login" | "unusual_time_access" | "security_config_change" | "admin_action" | "key_rotation" | "data_exfiltration" | "injection_attempt" | "xss_attempt" | "certificate_expiry" | "secret_exposed" | "vulnerability_detected" | "incident_created" | "incident_escalated")[];
+    suppressedSeverities?: ("info" | "low" | "medium" | "high" | "critical")[];
+    suppressAll?: boolean;
+}, {
+    id?: string;
+    name?: string;
+    reason?: string;
+    createdBy?: string;
+    startTime?: Date;
+    endTime?: Date;
+    suppressedEventTypes?: ("custom" | "policy_violation" | "rate_limit_exceeded" | "brute_force" | "credential_stuffing" | "account_lockout" | "suspicious_login" | "session_hijack" | "mfa_bypass_attempt" | "privilege_escalation" | "unauthorized_access" | "permission_denied_spike" | "api_key_abuse" | "invalid_token" | "token_revoked" | "unusual_access_pattern" | "impossible_travel" | "new_device_login" | "unusual_time_access" | "security_config_change" | "admin_action" | "key_rotation" | "data_exfiltration" | "injection_attempt" | "xss_attempt" | "certificate_expiry" | "secret_exposed" | "vulnerability_detected" | "incident_created" | "incident_escalated")[];
+    suppressedSeverities?: ("info" | "low" | "medium" | "high" | "critical")[];
+    suppressAll?: boolean;
+}>;
+/**
+ * Escalation policy configuration
+ */
+export interface EscalationPolicy {
+    /** Policy ID */
+    id: string;
+    /** Policy name */
+    name: string;
+    /** Severities this policy applies to */
+    severities: AlertSeverity[];
+    /** Escalation levels */
+    levels: Array<{
+        /** Minutes after alert to escalate */
+        afterMinutes: number;
+        /** Channels to notify at this level */
+        channels: ChannelConfig[];
+        /** Message to include */
+        message?: string;
+    }>;
+    /** Whether to escalate if not acknowledged */
+    escalateOnNoAcknowledge: boolean;
+    /** Whether to escalate if not resolved */
+    escalateOnNoResolve: boolean;
+}
+export declare const escalationPolicySchema: z.ZodObject<{
+    id: z.ZodString;
+    name: z.ZodString;
+    severities: z.ZodArray<z.ZodNativeEnum<{
+        readonly CRITICAL: "critical";
+        readonly HIGH: "high";
+        readonly MEDIUM: "medium";
+        readonly LOW: "low";
+        readonly INFO: "info";
+    }>, "many">;
+    levels: z.ZodArray<z.ZodObject<{
+        afterMinutes: z.ZodNumber;
+        channels: z.ZodArray<z.ZodObject<{
+            channel: z.ZodNativeEnum<{
+                readonly SLACK: "slack";
+                readonly PAGERDUTY: "pagerduty";
+                readonly EMAIL: "email";
+                readonly WEBHOOK: "webhook";
+                readonly SNS: "sns";
+            }>;
+            config: z.ZodRecord<z.ZodString, z.ZodUnknown>;
+            severityFilter: z.ZodOptional<z.ZodArray<z.ZodNativeEnum<{
+                readonly CRITICAL: "critical";
+                readonly HIGH: "high";
+                readonly MEDIUM: "medium";
+                readonly LOW: "low";
+                readonly INFO: "info";
+            }>, "many">>;
+            activeHours: z.ZodOptional<z.ZodObject<{
+                start: z.ZodNumber;
+                end: z.ZodNumber;
+            }, "strip", z.ZodTypeAny, {
+                end?: number;
+                start?: number;
+            }, {
+                end?: number;
+                start?: number;
+            }>>;
+            rateLimit: z.ZodOptional<z.ZodNumber>;
+        }, "strip", z.ZodTypeAny, {
+            channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+            config?: Record<string, unknown>;
+            rateLimit?: number;
+            severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+            activeHours?: {
+                end?: number;
+                start?: number;
+            };
+        }, {
+            channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+            config?: Record<string, unknown>;
+            rateLimit?: number;
+            severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+            activeHours?: {
+                end?: number;
+                start?: number;
+            };
+        }>, "many">;
+        message: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        message?: string;
+        channels?: {
+            channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+            config?: Record<string, unknown>;
+            rateLimit?: number;
+            severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+            activeHours?: {
+                end?: number;
+                start?: number;
+            };
+        }[];
+        afterMinutes?: number;
+    }, {
+        message?: string;
+        channels?: {
+            channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+            config?: Record<string, unknown>;
+            rateLimit?: number;
+            severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+            activeHours?: {
+                end?: number;
+                start?: number;
+            };
+        }[];
+        afterMinutes?: number;
+    }>, "many">;
+    escalateOnNoAcknowledge: z.ZodDefault<z.ZodBoolean>;
+    escalateOnNoResolve: z.ZodDefault<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+    id?: string;
+    name?: string;
+    levels?: {
+        message?: string;
+        channels?: {
+            channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+            config?: Record<string, unknown>;
+            rateLimit?: number;
+            severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+            activeHours?: {
+                end?: number;
+                start?: number;
+            };
+        }[];
+        afterMinutes?: number;
+    }[];
+    severities?: ("info" | "low" | "medium" | "high" | "critical")[];
+    escalateOnNoAcknowledge?: boolean;
+    escalateOnNoResolve?: boolean;
+}, {
+    id?: string;
+    name?: string;
+    levels?: {
+        message?: string;
+        channels?: {
+            channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+            config?: Record<string, unknown>;
+            rateLimit?: number;
+            severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+            activeHours?: {
+                end?: number;
+                start?: number;
+            };
+        }[];
+        afterMinutes?: number;
+    }[];
+    severities?: ("info" | "low" | "medium" | "high" | "critical")[];
+    escalateOnNoAcknowledge?: boolean;
+    escalateOnNoResolve?: boolean;
+}>;
+/**
+ * Complete alerting system configuration
+ */
+export interface AlertConfig {
+    /** Whether alerting is enabled */
+    enabled: boolean;
+    /** Alert rules */
+    rules: AlertRule[];
+    /** Default channels for alerts without specific rules */
+    defaultChannels: ChannelConfig[];
+    /** Escalation policies */
+    escalationPolicies: EscalationPolicy[];
+    /** Active maintenance windows */
+    maintenanceWindows: MaintenanceWindow[];
+    /** Deduplication window in seconds */
+    deduplicationWindowSeconds: number;
+    /** Redis key prefix for state storage */
+    redisKeyPrefix: string;
+    /** Default cooldown for rules without explicit cooldown */
+    defaultCooldownSeconds: number;
+    /** Channel-specific configurations */
+    channelSettings: {
+        slack?: {
+            webhookUrl: string;
+            defaultChannel?: string;
+            username?: string;
+            iconEmoji?: string;
+        };
+        pagerduty?: {
+            routingKey: string;
+            apiUrl?: string;
+        };
+        email?: {
+            from: string;
+            host: string;
+            port: number;
+            secure: boolean;
+            auth?: {
+                user: string;
+                pass: string;
+            };
+            defaultRecipients?: string[];
+        };
+        webhook?: {
+            defaultUrl?: string;
+            headers?: Record<string, string>;
+            timeout?: number;
+        };
+        sns?: {
+            region: string;
+            topicArn?: string;
+            accessKeyId?: string;
+            secretAccessKey?: string;
+        };
+    };
+}
+export declare const alertConfigSchema: z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    rules: z.ZodDefault<z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        name: z.ZodString;
+        description: z.ZodOptional<z.ZodString>;
+        enabled: z.ZodDefault<z.ZodBoolean>;
+        eventTypes: z.ZodArray<z.ZodNativeEnum<{
+            readonly BRUTE_FORCE: "brute_force";
+            readonly CREDENTIAL_STUFFING: "credential_stuffing";
+            readonly ACCOUNT_LOCKOUT: "account_lockout";
+            readonly SUSPICIOUS_LOGIN: "suspicious_login";
+            readonly SESSION_HIJACK: "session_hijack";
+            readonly MFA_BYPASS_ATTEMPT: "mfa_bypass_attempt";
+            readonly PRIVILEGE_ESCALATION: "privilege_escalation";
+            readonly UNAUTHORIZED_ACCESS: "unauthorized_access";
+            readonly PERMISSION_DENIED_SPIKE: "permission_denied_spike";
+            readonly API_KEY_ABUSE: "api_key_abuse";
+            readonly RATE_LIMIT_EXCEEDED: "rate_limit_exceeded";
+            readonly INVALID_TOKEN: "invalid_token";
+            readonly TOKEN_REVOKED: "token_revoked";
+            readonly UNUSUAL_ACCESS_PATTERN: "unusual_access_pattern";
+            readonly IMPOSSIBLE_TRAVEL: "impossible_travel";
+            readonly NEW_DEVICE_LOGIN: "new_device_login";
+            readonly UNUSUAL_TIME_ACCESS: "unusual_time_access";
+            readonly SECURITY_CONFIG_CHANGE: "security_config_change";
+            readonly ADMIN_ACTION: "admin_action";
+            readonly KEY_ROTATION: "key_rotation";
+            readonly POLICY_VIOLATION: "policy_violation";
+            readonly DATA_EXFILTRATION: "data_exfiltration";
+            readonly INJECTION_ATTEMPT: "injection_attempt";
+            readonly XSS_ATTEMPT: "xss_attempt";
+            readonly CERTIFICATE_EXPIRY: "certificate_expiry";
+            readonly SECRET_EXPOSED: "secret_exposed";
+            readonly VULNERABILITY_DETECTED: "vulnerability_detected";
+            readonly INCIDENT_CREATED: "incident_created";
+            readonly INCIDENT_ESCALATED: "incident_escalated";
+            readonly CUSTOM: "custom";
+        }>, "many">;
+        conditions: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            field: z.ZodString;
+            operator: z.ZodNativeEnum<{
+                readonly EQUALS: "equals";
+                readonly NOT_EQUALS: "not_equals";
+                readonly GREATER_THAN: "greater_than";
+                readonly LESS_THAN: "less_than";
+                readonly GREATER_THAN_OR_EQUALS: "greater_than_or_equals";
+                readonly LESS_THAN_OR_EQUALS: "less_than_or_equals";
+                readonly CONTAINS: "contains";
+                readonly NOT_CONTAINS: "not_contains";
+                readonly MATCHES: "matches";
+                readonly IN: "in";
+                readonly NOT_IN: "not_in";
+            }>;
+            value: z.ZodUnknown;
+        }, "strip", z.ZodTypeAny, {
+            value?: unknown;
+            field?: string;
+            operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equals" | "less_than_or_equals" | "contains" | "not_contains" | "matches" | "in" | "not_in";
+        }, {
+            value?: unknown;
+            field?: string;
+            operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equals" | "less_than_or_equals" | "contains" | "not_contains" | "matches" | "in" | "not_in";
+        }>, "many">>;
+        threshold: z.ZodOptional<z.ZodObject<{
+            count: z.ZodNumber;
+            windowSeconds: z.ZodNumber;
+            groupBy: z.ZodOptional<z.ZodString>;
+        }, "strip", z.ZodTypeAny, {
+            count?: number;
+            windowSeconds?: number;
+            groupBy?: string;
+        }, {
+            count?: number;
+            windowSeconds?: number;
+            groupBy?: string;
+        }>>;
+        channels: z.ZodArray<z.ZodObject<{
+            channel: z.ZodNativeEnum<{
+                readonly SLACK: "slack";
+                readonly PAGERDUTY: "pagerduty";
+                readonly EMAIL: "email";
+                readonly WEBHOOK: "webhook";
+                readonly SNS: "sns";
+            }>;
+            config: z.ZodRecord<z.ZodString, z.ZodUnknown>;
+            severityFilter: z.ZodOptional<z.ZodArray<z.ZodNativeEnum<{
+                readonly CRITICAL: "critical";
+                readonly HIGH: "high";
+                readonly MEDIUM: "medium";
+                readonly LOW: "low";
+                readonly INFO: "info";
+            }>, "many">>;
+            activeHours: z.ZodOptional<z.ZodObject<{
+                start: z.ZodNumber;
+                end: z.ZodNumber;
+            }, "strip", z.ZodTypeAny, {
+                end?: number;
+                start?: number;
+            }, {
+                end?: number;
+                start?: number;
+            }>>;
+            rateLimit: z.ZodOptional<z.ZodNumber>;
+        }, "strip", z.ZodTypeAny, {
+            channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+            config?: Record<string, unknown>;
+            rateLimit?: number;
+            severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+            activeHours?: {
+                end?: number;
+                start?: number;
+            };
+        }, {
+            channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+            config?: Record<string, unknown>;
+            rateLimit?: number;
+            severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+            activeHours?: {
+                end?: number;
+                start?: number;
+            };
+        }>, "many">;
+        cooldownSeconds: z.ZodDefault<z.ZodNumber>;
+        severity: z.ZodNativeEnum<{
+            readonly CRITICAL: "critical";
+            readonly HIGH: "high";
+            readonly MEDIUM: "medium";
+            readonly LOW: "low";
+            readonly INFO: "info";
+        }>;
+        tags: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        priority: z.ZodDefault<z.ZodNumber>;
+        stopOnMatch: z.ZodDefault<z.ZodBoolean>;
+        messageTemplate: z.ZodOptional<z.ZodString>;
+        titleTemplate: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        id?: string;
+        name?: string;
+        tags?: string[];
+        description?: string;
+        enabled?: boolean;
+        priority?: number;
+        severity?: "info" | "low" | "medium" | "high" | "critical";
+        eventTypes?: ("custom" | "policy_violation" | "rate_limit_exceeded" | "brute_force" | "credential_stuffing" | "account_lockout" | "suspicious_login" | "session_hijack" | "mfa_bypass_attempt" | "privilege_escalation" | "unauthorized_access" | "permission_denied_spike" | "api_key_abuse" | "invalid_token" | "token_revoked" | "unusual_access_pattern" | "impossible_travel" | "new_device_login" | "unusual_time_access" | "security_config_change" | "admin_action" | "key_rotation" | "data_exfiltration" | "injection_attempt" | "xss_attempt" | "certificate_expiry" | "secret_exposed" | "vulnerability_detected" | "incident_created" | "incident_escalated")[];
+        conditions?: {
+            value?: unknown;
+            field?: string;
+            operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equals" | "less_than_or_equals" | "contains" | "not_contains" | "matches" | "in" | "not_in";
+        }[];
+        threshold?: {
+            count?: number;
+            windowSeconds?: number;
+            groupBy?: string;
+        };
+        channels?: {
+            channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+            config?: Record<string, unknown>;
+            rateLimit?: number;
+            severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+            activeHours?: {
+                end?: number;
+                start?: number;
+            };
+        }[];
+        cooldownSeconds?: number;
+        stopOnMatch?: boolean;
+        messageTemplate?: string;
+        titleTemplate?: string;
+    }, {
+        id?: string;
+        name?: string;
+        tags?: string[];
+        description?: string;
+        enabled?: boolean;
+        priority?: number;
+        severity?: "info" | "low" | "medium" | "high" | "critical";
+        eventTypes?: ("custom" | "policy_violation" | "rate_limit_exceeded" | "brute_force" | "credential_stuffing" | "account_lockout" | "suspicious_login" | "session_hijack" | "mfa_bypass_attempt" | "privilege_escalation" | "unauthorized_access" | "permission_denied_spike" | "api_key_abuse" | "invalid_token" | "token_revoked" | "unusual_access_pattern" | "impossible_travel" | "new_device_login" | "unusual_time_access" | "security_config_change" | "admin_action" | "key_rotation" | "data_exfiltration" | "injection_attempt" | "xss_attempt" | "certificate_expiry" | "secret_exposed" | "vulnerability_detected" | "incident_created" | "incident_escalated")[];
+        conditions?: {
+            value?: unknown;
+            field?: string;
+            operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equals" | "less_than_or_equals" | "contains" | "not_contains" | "matches" | "in" | "not_in";
+        }[];
+        threshold?: {
+            count?: number;
+            windowSeconds?: number;
+            groupBy?: string;
+        };
+        channels?: {
+            channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+            config?: Record<string, unknown>;
+            rateLimit?: number;
+            severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+            activeHours?: {
+                end?: number;
+                start?: number;
+            };
+        }[];
+        cooldownSeconds?: number;
+        stopOnMatch?: boolean;
+        messageTemplate?: string;
+        titleTemplate?: string;
+    }>, "many">>;
+    defaultChannels: z.ZodDefault<z.ZodArray<z.ZodObject<{
+        channel: z.ZodNativeEnum<{
+            readonly SLACK: "slack";
+            readonly PAGERDUTY: "pagerduty";
+            readonly EMAIL: "email";
+            readonly WEBHOOK: "webhook";
+            readonly SNS: "sns";
+        }>;
+        config: z.ZodRecord<z.ZodString, z.ZodUnknown>;
+        severityFilter: z.ZodOptional<z.ZodArray<z.ZodNativeEnum<{
+            readonly CRITICAL: "critical";
+            readonly HIGH: "high";
+            readonly MEDIUM: "medium";
+            readonly LOW: "low";
+            readonly INFO: "info";
+        }>, "many">>;
+        activeHours: z.ZodOptional<z.ZodObject<{
+            start: z.ZodNumber;
+            end: z.ZodNumber;
+        }, "strip", z.ZodTypeAny, {
+            end?: number;
+            start?: number;
+        }, {
+            end?: number;
+            start?: number;
+        }>>;
+        rateLimit: z.ZodOptional<z.ZodNumber>;
+    }, "strip", z.ZodTypeAny, {
+        channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+        config?: Record<string, unknown>;
+        rateLimit?: number;
+        severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+        activeHours?: {
+            end?: number;
+            start?: number;
+        };
+    }, {
+        channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+        config?: Record<string, unknown>;
+        rateLimit?: number;
+        severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+        activeHours?: {
+            end?: number;
+            start?: number;
+        };
+    }>, "many">>;
+    escalationPolicies: z.ZodDefault<z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        name: z.ZodString;
+        severities: z.ZodArray<z.ZodNativeEnum<{
+            readonly CRITICAL: "critical";
+            readonly HIGH: "high";
+            readonly MEDIUM: "medium";
+            readonly LOW: "low";
+            readonly INFO: "info";
+        }>, "many">;
+        levels: z.ZodArray<z.ZodObject<{
+            afterMinutes: z.ZodNumber;
+            channels: z.ZodArray<z.ZodObject<{
+                channel: z.ZodNativeEnum<{
+                    readonly SLACK: "slack";
+                    readonly PAGERDUTY: "pagerduty";
+                    readonly EMAIL: "email";
+                    readonly WEBHOOK: "webhook";
+                    readonly SNS: "sns";
+                }>;
+                config: z.ZodRecord<z.ZodString, z.ZodUnknown>;
+                severityFilter: z.ZodOptional<z.ZodArray<z.ZodNativeEnum<{
+                    readonly CRITICAL: "critical";
+                    readonly HIGH: "high";
+                    readonly MEDIUM: "medium";
+                    readonly LOW: "low";
+                    readonly INFO: "info";
+                }>, "many">>;
+                activeHours: z.ZodOptional<z.ZodObject<{
+                    start: z.ZodNumber;
+                    end: z.ZodNumber;
+                }, "strip", z.ZodTypeAny, {
+                    end?: number;
+                    start?: number;
+                }, {
+                    end?: number;
+                    start?: number;
+                }>>;
+                rateLimit: z.ZodOptional<z.ZodNumber>;
+            }, "strip", z.ZodTypeAny, {
+                channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+                config?: Record<string, unknown>;
+                rateLimit?: number;
+                severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+                activeHours?: {
+                    end?: number;
+                    start?: number;
+                };
+            }, {
+                channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+                config?: Record<string, unknown>;
+                rateLimit?: number;
+                severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+                activeHours?: {
+                    end?: number;
+                    start?: number;
+                };
+            }>, "many">;
+            message: z.ZodOptional<z.ZodString>;
+        }, "strip", z.ZodTypeAny, {
+            message?: string;
+            channels?: {
+                channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+                config?: Record<string, unknown>;
+                rateLimit?: number;
+                severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+                activeHours?: {
+                    end?: number;
+                    start?: number;
+                };
+            }[];
+            afterMinutes?: number;
+        }, {
+            message?: string;
+            channels?: {
+                channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+                config?: Record<string, unknown>;
+                rateLimit?: number;
+                severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+                activeHours?: {
+                    end?: number;
+                    start?: number;
+                };
+            }[];
+            afterMinutes?: number;
+        }>, "many">;
+        escalateOnNoAcknowledge: z.ZodDefault<z.ZodBoolean>;
+        escalateOnNoResolve: z.ZodDefault<z.ZodBoolean>;
+    }, "strip", z.ZodTypeAny, {
+        id?: string;
+        name?: string;
+        levels?: {
+            message?: string;
+            channels?: {
+                channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+                config?: Record<string, unknown>;
+                rateLimit?: number;
+                severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+                activeHours?: {
+                    end?: number;
+                    start?: number;
+                };
+            }[];
+            afterMinutes?: number;
+        }[];
+        severities?: ("info" | "low" | "medium" | "high" | "critical")[];
+        escalateOnNoAcknowledge?: boolean;
+        escalateOnNoResolve?: boolean;
+    }, {
+        id?: string;
+        name?: string;
+        levels?: {
+            message?: string;
+            channels?: {
+                channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+                config?: Record<string, unknown>;
+                rateLimit?: number;
+                severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+                activeHours?: {
+                    end?: number;
+                    start?: number;
+                };
+            }[];
+            afterMinutes?: number;
+        }[];
+        severities?: ("info" | "low" | "medium" | "high" | "critical")[];
+        escalateOnNoAcknowledge?: boolean;
+        escalateOnNoResolve?: boolean;
+    }>, "many">>;
+    maintenanceWindows: z.ZodDefault<z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        name: z.ZodString;
+        startTime: z.ZodDate;
+        endTime: z.ZodDate;
+        suppressedEventTypes: z.ZodOptional<z.ZodArray<z.ZodNativeEnum<{
+            readonly BRUTE_FORCE: "brute_force";
+            readonly CREDENTIAL_STUFFING: "credential_stuffing";
+            readonly ACCOUNT_LOCKOUT: "account_lockout";
+            readonly SUSPICIOUS_LOGIN: "suspicious_login";
+            readonly SESSION_HIJACK: "session_hijack";
+            readonly MFA_BYPASS_ATTEMPT: "mfa_bypass_attempt";
+            readonly PRIVILEGE_ESCALATION: "privilege_escalation";
+            readonly UNAUTHORIZED_ACCESS: "unauthorized_access";
+            readonly PERMISSION_DENIED_SPIKE: "permission_denied_spike";
+            readonly API_KEY_ABUSE: "api_key_abuse";
+            readonly RATE_LIMIT_EXCEEDED: "rate_limit_exceeded";
+            readonly INVALID_TOKEN: "invalid_token";
+            readonly TOKEN_REVOKED: "token_revoked";
+            readonly UNUSUAL_ACCESS_PATTERN: "unusual_access_pattern";
+            readonly IMPOSSIBLE_TRAVEL: "impossible_travel";
+            readonly NEW_DEVICE_LOGIN: "new_device_login";
+            readonly UNUSUAL_TIME_ACCESS: "unusual_time_access";
+            readonly SECURITY_CONFIG_CHANGE: "security_config_change";
+            readonly ADMIN_ACTION: "admin_action";
+            readonly KEY_ROTATION: "key_rotation";
+            readonly POLICY_VIOLATION: "policy_violation";
+            readonly DATA_EXFILTRATION: "data_exfiltration";
+            readonly INJECTION_ATTEMPT: "injection_attempt";
+            readonly XSS_ATTEMPT: "xss_attempt";
+            readonly CERTIFICATE_EXPIRY: "certificate_expiry";
+            readonly SECRET_EXPOSED: "secret_exposed";
+            readonly VULNERABILITY_DETECTED: "vulnerability_detected";
+            readonly INCIDENT_CREATED: "incident_created";
+            readonly INCIDENT_ESCALATED: "incident_escalated";
+            readonly CUSTOM: "custom";
+        }>, "many">>;
+        suppressedSeverities: z.ZodOptional<z.ZodArray<z.ZodNativeEnum<{
+            readonly CRITICAL: "critical";
+            readonly HIGH: "high";
+            readonly MEDIUM: "medium";
+            readonly LOW: "low";
+            readonly INFO: "info";
+        }>, "many">>;
+        suppressAll: z.ZodDefault<z.ZodBoolean>;
+        reason: z.ZodOptional<z.ZodString>;
+        createdBy: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        id?: string;
+        name?: string;
+        reason?: string;
+        createdBy?: string;
+        startTime?: Date;
+        endTime?: Date;
+        suppressedEventTypes?: ("custom" | "policy_violation" | "rate_limit_exceeded" | "brute_force" | "credential_stuffing" | "account_lockout" | "suspicious_login" | "session_hijack" | "mfa_bypass_attempt" | "privilege_escalation" | "unauthorized_access" | "permission_denied_spike" | "api_key_abuse" | "invalid_token" | "token_revoked" | "unusual_access_pattern" | "impossible_travel" | "new_device_login" | "unusual_time_access" | "security_config_change" | "admin_action" | "key_rotation" | "data_exfiltration" | "injection_attempt" | "xss_attempt" | "certificate_expiry" | "secret_exposed" | "vulnerability_detected" | "incident_created" | "incident_escalated")[];
+        suppressedSeverities?: ("info" | "low" | "medium" | "high" | "critical")[];
+        suppressAll?: boolean;
+    }, {
+        id?: string;
+        name?: string;
+        reason?: string;
+        createdBy?: string;
+        startTime?: Date;
+        endTime?: Date;
+        suppressedEventTypes?: ("custom" | "policy_violation" | "rate_limit_exceeded" | "brute_force" | "credential_stuffing" | "account_lockout" | "suspicious_login" | "session_hijack" | "mfa_bypass_attempt" | "privilege_escalation" | "unauthorized_access" | "permission_denied_spike" | "api_key_abuse" | "invalid_token" | "token_revoked" | "unusual_access_pattern" | "impossible_travel" | "new_device_login" | "unusual_time_access" | "security_config_change" | "admin_action" | "key_rotation" | "data_exfiltration" | "injection_attempt" | "xss_attempt" | "certificate_expiry" | "secret_exposed" | "vulnerability_detected" | "incident_created" | "incident_escalated")[];
+        suppressedSeverities?: ("info" | "low" | "medium" | "high" | "critical")[];
+        suppressAll?: boolean;
+    }>, "many">>;
+    deduplicationWindowSeconds: z.ZodDefault<z.ZodNumber>;
+    redisKeyPrefix: z.ZodDefault<z.ZodString>;
+    defaultCooldownSeconds: z.ZodDefault<z.ZodNumber>;
+    channelSettings: z.ZodDefault<z.ZodObject<{
+        slack: z.ZodOptional<z.ZodObject<{
+            webhookUrl: z.ZodString;
+            defaultChannel: z.ZodOptional<z.ZodString>;
+            username: z.ZodOptional<z.ZodString>;
+            iconEmoji: z.ZodOptional<z.ZodString>;
+        }, "strip", z.ZodTypeAny, {
+            webhookUrl?: string;
+            defaultChannel?: string;
+            username?: string;
+            iconEmoji?: string;
+        }, {
+            webhookUrl?: string;
+            defaultChannel?: string;
+            username?: string;
+            iconEmoji?: string;
+        }>>;
+        pagerduty: z.ZodOptional<z.ZodObject<{
+            routingKey: z.ZodString;
+            apiUrl: z.ZodOptional<z.ZodString>;
+        }, "strip", z.ZodTypeAny, {
+            routingKey?: string;
+            apiUrl?: string;
+        }, {
+            routingKey?: string;
+            apiUrl?: string;
+        }>>;
+        email: z.ZodOptional<z.ZodObject<{
+            from: z.ZodString;
+            host: z.ZodString;
+            port: z.ZodNumber;
+            secure: z.ZodBoolean;
+            auth: z.ZodOptional<z.ZodObject<{
+                user: z.ZodString;
+                pass: z.ZodString;
+            }, "strip", z.ZodTypeAny, {
+                user?: string;
+                pass?: string;
+            }, {
+                user?: string;
+                pass?: string;
+            }>>;
+            defaultRecipients: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        }, "strip", z.ZodTypeAny, {
+            host?: string;
+            port?: number;
+            from?: string;
+            secure?: boolean;
+            auth?: {
+                user?: string;
+                pass?: string;
+            };
+            defaultRecipients?: string[];
+        }, {
+            host?: string;
+            port?: number;
+            from?: string;
+            secure?: boolean;
+            auth?: {
+                user?: string;
+                pass?: string;
+            };
+            defaultRecipients?: string[];
+        }>>;
+        webhook: z.ZodOptional<z.ZodObject<{
+            defaultUrl: z.ZodOptional<z.ZodString>;
+            headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+            timeout: z.ZodOptional<z.ZodNumber>;
+        }, "strip", z.ZodTypeAny, {
+            timeout?: number;
+            headers?: Record<string, string>;
+            defaultUrl?: string;
+        }, {
+            timeout?: number;
+            headers?: Record<string, string>;
+            defaultUrl?: string;
+        }>>;
+        sns: z.ZodOptional<z.ZodObject<{
+            region: z.ZodString;
+            topicArn: z.ZodOptional<z.ZodString>;
+            accessKeyId: z.ZodOptional<z.ZodString>;
+            secretAccessKey: z.ZodOptional<z.ZodString>;
+        }, "strip", z.ZodTypeAny, {
+            region?: string;
+            topicArn?: string;
+            accessKeyId?: string;
+            secretAccessKey?: string;
+        }, {
+            region?: string;
+            topicArn?: string;
+            accessKeyId?: string;
+            secretAccessKey?: string;
+        }>>;
+    }, "strip", z.ZodTypeAny, {
+        email?: {
+            host?: string;
+            port?: number;
+            from?: string;
+            secure?: boolean;
+            auth?: {
+                user?: string;
+                pass?: string;
+            };
+            defaultRecipients?: string[];
+        };
+        webhook?: {
+            timeout?: number;
+            headers?: Record<string, string>;
+            defaultUrl?: string;
+        };
+        slack?: {
+            webhookUrl?: string;
+            defaultChannel?: string;
+            username?: string;
+            iconEmoji?: string;
+        };
+        pagerduty?: {
+            routingKey?: string;
+            apiUrl?: string;
+        };
+        sns?: {
+            region?: string;
+            topicArn?: string;
+            accessKeyId?: string;
+            secretAccessKey?: string;
+        };
+    }, {
+        email?: {
+            host?: string;
+            port?: number;
+            from?: string;
+            secure?: boolean;
+            auth?: {
+                user?: string;
+                pass?: string;
+            };
+            defaultRecipients?: string[];
+        };
+        webhook?: {
+            timeout?: number;
+            headers?: Record<string, string>;
+            defaultUrl?: string;
+        };
+        slack?: {
+            webhookUrl?: string;
+            defaultChannel?: string;
+            username?: string;
+            iconEmoji?: string;
+        };
+        pagerduty?: {
+            routingKey?: string;
+            apiUrl?: string;
+        };
+        sns?: {
+            region?: string;
+            topicArn?: string;
+            accessKeyId?: string;
+            secretAccessKey?: string;
+        };
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    enabled?: boolean;
+    rules?: {
+        id?: string;
+        name?: string;
+        tags?: string[];
+        description?: string;
+        enabled?: boolean;
+        priority?: number;
+        severity?: "info" | "low" | "medium" | "high" | "critical";
+        eventTypes?: ("custom" | "policy_violation" | "rate_limit_exceeded" | "brute_force" | "credential_stuffing" | "account_lockout" | "suspicious_login" | "session_hijack" | "mfa_bypass_attempt" | "privilege_escalation" | "unauthorized_access" | "permission_denied_spike" | "api_key_abuse" | "invalid_token" | "token_revoked" | "unusual_access_pattern" | "impossible_travel" | "new_device_login" | "unusual_time_access" | "security_config_change" | "admin_action" | "key_rotation" | "data_exfiltration" | "injection_attempt" | "xss_attempt" | "certificate_expiry" | "secret_exposed" | "vulnerability_detected" | "incident_created" | "incident_escalated")[];
+        conditions?: {
+            value?: unknown;
+            field?: string;
+            operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equals" | "less_than_or_equals" | "contains" | "not_contains" | "matches" | "in" | "not_in";
+        }[];
+        threshold?: {
+            count?: number;
+            windowSeconds?: number;
+            groupBy?: string;
+        };
+        channels?: {
+            channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+            config?: Record<string, unknown>;
+            rateLimit?: number;
+            severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+            activeHours?: {
+                end?: number;
+                start?: number;
+            };
+        }[];
+        cooldownSeconds?: number;
+        stopOnMatch?: boolean;
+        messageTemplate?: string;
+        titleTemplate?: string;
+    }[];
+    defaultChannels?: {
+        channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+        config?: Record<string, unknown>;
+        rateLimit?: number;
+        severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+        activeHours?: {
+            end?: number;
+            start?: number;
+        };
+    }[];
+    escalationPolicies?: {
+        id?: string;
+        name?: string;
+        levels?: {
+            message?: string;
+            channels?: {
+                channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+                config?: Record<string, unknown>;
+                rateLimit?: number;
+                severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+                activeHours?: {
+                    end?: number;
+                    start?: number;
+                };
+            }[];
+            afterMinutes?: number;
+        }[];
+        severities?: ("info" | "low" | "medium" | "high" | "critical")[];
+        escalateOnNoAcknowledge?: boolean;
+        escalateOnNoResolve?: boolean;
+    }[];
+    maintenanceWindows?: {
+        id?: string;
+        name?: string;
+        reason?: string;
+        createdBy?: string;
+        startTime?: Date;
+        endTime?: Date;
+        suppressedEventTypes?: ("custom" | "policy_violation" | "rate_limit_exceeded" | "brute_force" | "credential_stuffing" | "account_lockout" | "suspicious_login" | "session_hijack" | "mfa_bypass_attempt" | "privilege_escalation" | "unauthorized_access" | "permission_denied_spike" | "api_key_abuse" | "invalid_token" | "token_revoked" | "unusual_access_pattern" | "impossible_travel" | "new_device_login" | "unusual_time_access" | "security_config_change" | "admin_action" | "key_rotation" | "data_exfiltration" | "injection_attempt" | "xss_attempt" | "certificate_expiry" | "secret_exposed" | "vulnerability_detected" | "incident_created" | "incident_escalated")[];
+        suppressedSeverities?: ("info" | "low" | "medium" | "high" | "critical")[];
+        suppressAll?: boolean;
+    }[];
+    deduplicationWindowSeconds?: number;
+    redisKeyPrefix?: string;
+    defaultCooldownSeconds?: number;
+    channelSettings?: {
+        email?: {
+            host?: string;
+            port?: number;
+            from?: string;
+            secure?: boolean;
+            auth?: {
+                user?: string;
+                pass?: string;
+            };
+            defaultRecipients?: string[];
+        };
+        webhook?: {
+            timeout?: number;
+            headers?: Record<string, string>;
+            defaultUrl?: string;
+        };
+        slack?: {
+            webhookUrl?: string;
+            defaultChannel?: string;
+            username?: string;
+            iconEmoji?: string;
+        };
+        pagerduty?: {
+            routingKey?: string;
+            apiUrl?: string;
+        };
+        sns?: {
+            region?: string;
+            topicArn?: string;
+            accessKeyId?: string;
+            secretAccessKey?: string;
+        };
+    };
+}, {
+    enabled?: boolean;
+    rules?: {
+        id?: string;
+        name?: string;
+        tags?: string[];
+        description?: string;
+        enabled?: boolean;
+        priority?: number;
+        severity?: "info" | "low" | "medium" | "high" | "critical";
+        eventTypes?: ("custom" | "policy_violation" | "rate_limit_exceeded" | "brute_force" | "credential_stuffing" | "account_lockout" | "suspicious_login" | "session_hijack" | "mfa_bypass_attempt" | "privilege_escalation" | "unauthorized_access" | "permission_denied_spike" | "api_key_abuse" | "invalid_token" | "token_revoked" | "unusual_access_pattern" | "impossible_travel" | "new_device_login" | "unusual_time_access" | "security_config_change" | "admin_action" | "key_rotation" | "data_exfiltration" | "injection_attempt" | "xss_attempt" | "certificate_expiry" | "secret_exposed" | "vulnerability_detected" | "incident_created" | "incident_escalated")[];
+        conditions?: {
+            value?: unknown;
+            field?: string;
+            operator?: "equals" | "not_equals" | "greater_than" | "less_than" | "greater_than_or_equals" | "less_than_or_equals" | "contains" | "not_contains" | "matches" | "in" | "not_in";
+        }[];
+        threshold?: {
+            count?: number;
+            windowSeconds?: number;
+            groupBy?: string;
+        };
+        channels?: {
+            channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+            config?: Record<string, unknown>;
+            rateLimit?: number;
+            severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+            activeHours?: {
+                end?: number;
+                start?: number;
+            };
+        }[];
+        cooldownSeconds?: number;
+        stopOnMatch?: boolean;
+        messageTemplate?: string;
+        titleTemplate?: string;
+    }[];
+    defaultChannels?: {
+        channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+        config?: Record<string, unknown>;
+        rateLimit?: number;
+        severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+        activeHours?: {
+            end?: number;
+            start?: number;
+        };
+    }[];
+    escalationPolicies?: {
+        id?: string;
+        name?: string;
+        levels?: {
+            message?: string;
+            channels?: {
+                channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+                config?: Record<string, unknown>;
+                rateLimit?: number;
+                severityFilter?: ("info" | "low" | "medium" | "high" | "critical")[];
+                activeHours?: {
+                    end?: number;
+                    start?: number;
+                };
+            }[];
+            afterMinutes?: number;
+        }[];
+        severities?: ("info" | "low" | "medium" | "high" | "critical")[];
+        escalateOnNoAcknowledge?: boolean;
+        escalateOnNoResolve?: boolean;
+    }[];
+    maintenanceWindows?: {
+        id?: string;
+        name?: string;
+        reason?: string;
+        createdBy?: string;
+        startTime?: Date;
+        endTime?: Date;
+        suppressedEventTypes?: ("custom" | "policy_violation" | "rate_limit_exceeded" | "brute_force" | "credential_stuffing" | "account_lockout" | "suspicious_login" | "session_hijack" | "mfa_bypass_attempt" | "privilege_escalation" | "unauthorized_access" | "permission_denied_spike" | "api_key_abuse" | "invalid_token" | "token_revoked" | "unusual_access_pattern" | "impossible_travel" | "new_device_login" | "unusual_time_access" | "security_config_change" | "admin_action" | "key_rotation" | "data_exfiltration" | "injection_attempt" | "xss_attempt" | "certificate_expiry" | "secret_exposed" | "vulnerability_detected" | "incident_created" | "incident_escalated")[];
+        suppressedSeverities?: ("info" | "low" | "medium" | "high" | "critical")[];
+        suppressAll?: boolean;
+    }[];
+    deduplicationWindowSeconds?: number;
+    redisKeyPrefix?: string;
+    defaultCooldownSeconds?: number;
+    channelSettings?: {
+        email?: {
+            host?: string;
+            port?: number;
+            from?: string;
+            secure?: boolean;
+            auth?: {
+                user?: string;
+                pass?: string;
+            };
+            defaultRecipients?: string[];
+        };
+        webhook?: {
+            timeout?: number;
+            headers?: Record<string, string>;
+            defaultUrl?: string;
+        };
+        slack?: {
+            webhookUrl?: string;
+            defaultChannel?: string;
+            username?: string;
+            iconEmoji?: string;
+        };
+        pagerduty?: {
+            routingKey?: string;
+            apiUrl?: string;
+        };
+        sns?: {
+            region?: string;
+            topicArn?: string;
+            accessKeyId?: string;
+            secretAccessKey?: string;
+        };
+    };
+}>;
+/**
+ * Default alerting configuration
+ */
+export declare const DEFAULT_ALERT_CONFIG: Partial<AlertConfig>;
+/**
+ * Alert lifecycle events
+ */
+export interface AlertEvent {
+    type: 'created' | 'sent' | 'acknowledged' | 'resolved' | 'escalated' | 'suppressed' | 'deduplicated';
+    alert: SecurityAlert;
+    timestamp: Date;
+    channel?: AlertChannel;
+    metadata?: Record<string, unknown>;
+}
+export type AlertEventCallback = (event: AlertEvent) => void | Promise<void>;
+/**
+ * Alert delivery result
+ */
+export interface AlertDeliveryResult {
+    channel: AlertChannel;
+    success: boolean;
+    messageId?: string;
+    error?: string;
+    timestamp: Date;
+    retryCount: number;
+}
+export declare const alertDeliveryResultSchema: z.ZodObject<{
+    channel: z.ZodNativeEnum<{
+        readonly SLACK: "slack";
+        readonly PAGERDUTY: "pagerduty";
+        readonly EMAIL: "email";
+        readonly WEBHOOK: "webhook";
+        readonly SNS: "sns";
+    }>;
+    success: z.ZodBoolean;
+    messageId: z.ZodOptional<z.ZodString>;
+    error: z.ZodOptional<z.ZodString>;
+    timestamp: z.ZodDate;
+    retryCount: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
+    error?: string;
+    channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+    timestamp?: Date;
+    retryCount?: number;
+    success?: boolean;
+    messageId?: string;
+}, {
+    error?: string;
+    channel?: "email" | "webhook" | "slack" | "pagerduty" | "sns";
+    timestamp?: Date;
+    retryCount?: number;
+    success?: boolean;
+    messageId?: string;
+}>;
+//# sourceMappingURL=types.d.ts.map