import type { JsonObject, RuntimeRequestContext, ToolCallRequest, ToolSource } from '@amaster.ai/pi-shared';
export type SecurityDecision = {
    kind: 'allow';
    reason?: string;
} | {
    kind: 'deny';
    reason: string;
} | {
    kind: 'ask';
    reason: string;
    prompt?: string;
};
export type CapabilityPolicy = {
    allow?: string[];
    deny?: string[];
};
export type SandboxMode = 'read-only' | 'workspace-write' | 'full-access';
export type ApprovalMode = 'never' | 'on-failure' | 'on-request' | 'untrusted';
export type SecurityResourceKind = 'file' | 'shell' | 'network';
export type SecurityOperation = 'read' | 'write' | 'execute' | 'delete' | 'connect' | 'search';
export type SecurityScope = 'workspace' | 'home' | 'system' | 'external' | 'unknown';
export type SecuritySensitivity = 'normal' | 'source' | 'config' | 'secret' | 'credential';
export type RiskLevel = 'low' | 'medium' | 'high' | 'critical';
export type SecurityResource = {
    kind: SecurityResourceKind;
    operation: SecurityOperation;
    target?: string;
    scope: SecurityScope;
    sensitivity: SecuritySensitivity;
};
export type RiskAssessment = {
    level: RiskLevel;
    reasons: string[];
};
export type SecurityRule = {
    id: string;
    priority?: number;
    tools?: string[];
    sources?: ToolSource[];
    triggers?: Array<RuntimeRequestContext['trigger']>;
    senderTrusts?: Array<RuntimeRequestContext['senderTrust']>;
    args?: Record<string, string>;
    argsRegex?: Record<string, string>;
    resources?: SecurityResourceKind[];
    operations?: SecurityOperation[];
    scopes?: SecurityScope[];
    sensitivity?: SecuritySensitivity[];
    risk?: RiskLevel[];
    decision: SecurityDecision;
};
export type SecurityPolicyEngineOptions = {
    rules?: SecurityRule[];
    defaultDecision?: SecurityDecision;
};
export type SecurityProfileConfig = {
    extends?: string;
    sandbox?: SandboxMode;
    approval?: ApprovalMode;
    rules?: SecurityRule[];
    defaultDecision?: SecurityDecision;
};
export type SecurityConfig = {
    defaultProfile?: string;
    profiles?: Record<string, SecurityProfileConfig>;
};
export type SecurityEvaluationContext = {
    request: RuntimeRequestContext;
    toolCall: ToolCallRequest;
    workspaceDir?: string;
    resources: SecurityResource[];
    risk: RiskAssessment;
};
export type SecurityEvaluationResult = {
    evaluationId: string;
    decision: SecurityDecision;
    resources: SecurityResource[];
    risk: RiskAssessment;
    matchedRuleIds: string[];
};
export type SecurityAuditEvent = SecurityEvaluationResult & {
    sessionId: string;
    conversationId: string;
    traceId?: string;
    toolCallId: string;
    toolName: string;
    createdAt: string;
    approvalId?: string;
};
export type SecurityApprovalRequest = {
    request: RuntimeRequestContext;
    toolCall: ToolCallRequest;
    decision: Extract<SecurityDecision, {
        kind: 'ask';
    }>;
    evaluation: SecurityEvaluationResult;
};
export type SecurityApprovalHandler = (input: SecurityApprovalRequest) => Promise<SecurityDecision>;
export type SecurityAuditSink = (event: SecurityAuditEvent) => void | Promise<void>;
export type SecurityGateAuthorizeInput = {
    request: RuntimeRequestContext;
    toolCall: ToolCallRequest;
    workspaceDir?: string;
};
export type SecurityGateOptions = {
    profile: string;
    config?: SecurityConfig;
    filePolicies?: Record<string, SecurityProfileConfig>;
    engine?: SecurityPolicyEngine;
    approvalHandler?: SecurityApprovalHandler;
    auditSink?: SecurityAuditSink;
};
export declare class SecurityPolicyEngine {
    private readonly entries;
    private readonly defaultDecision;
    constructor(options?: SecurityPolicyEngineOptions);
    decide(input: {
        request: RuntimeRequestContext;
        toolCall: ToolCallRequest;
        workspaceDir?: string;
    }): SecurityDecision;
    evaluate(input: {
        request: RuntimeRequestContext;
        toolCall: ToolCallRequest;
        workspaceDir?: string;
    }): SecurityEvaluationResult;
}
export declare class SecurityGate {
    private readonly engine;
    private readonly approvalHandler;
    private readonly auditSink;
    constructor(options: SecurityGateOptions);
    authorize(input: SecurityGateAuthorizeInput): Promise<SecurityEvaluationResult>;
    private resolveDecision;
    private audit;
}
export declare function createSecurityGate(options: SecurityGateOptions): SecurityGate;
export declare function assertSecurityAllowed(input: {
    request: RuntimeRequestContext;
    securityGate: SecurityGate;
    toolCall: ToolCallRequest;
    workspaceDir?: string;
}): Promise<SecurityEvaluationResult>;
export declare function assertSecurityDecisionAllowed(decision: SecurityDecision): void;
export declare function resolveCapabilityPolicy(profile: string, config?: SecurityConfig, filePolicies?: Record<string, SecurityProfileConfig>): CapabilityPolicy;
export declare function isCapabilityExposed(toolName: string, policy: CapabilityPolicy): boolean;
export declare function createSecurityPolicyEngineForProfile(profile: string, config?: SecurityConfig, filePolicies?: Record<string, SecurityProfileConfig>): SecurityPolicyEngine;
export declare function classifySecurityResources(input: {
    request: RuntimeRequestContext;
    toolCall: ToolCallRequest;
    workspaceDir?: string;
}): SecurityResource[];
export declare function assessRisk(input: {
    toolCall: ToolCallRequest;
    resources: SecurityResource[];
}): RiskAssessment;
export declare function securityEvaluationDetails(evaluation: SecurityEvaluationResult): JsonObject;
export { default } from './extension.js';
//# sourceMappingURL=index.d.ts.map