/**
 * Interactive command detection for Bash.
 *
 * Catches commands that would block waiting for TTY input (editors,
 * pagers, REPLs, interactive DB clients) and rejects them with a
 * concrete non-interactive suggestion. Prevents the agent from burning
 * its entire timeout budget on a hung `vim` or `psql` invocation.
 *
 * This is a UX gate, not a security gate: it sits at the end of the
 * safety cascade after all security layers have passed. Security checks
 * always come first.
 *
 * The module is pure — no I/O, no global state — so the rule set can be
 * exhaustively unit-tested without a shell.
 */
import { type SafetyCheckResult } from './safety.js';
/**
 * Check a full shell command for interactive invocations. Splits on
 * shell operators (`;`, `&&`, `||`, `|`) and inspects each sub-command
 * independently — `cat file | less` is rejected because the `less`
 * sub-command is interactive, even though `cat` is not.
 *
 * Returns the first interactive sub-command's rejection; if all
 * sub-commands are non-interactive, returns `{ allowed: true }`.
 */
export declare function checkInteractive(command: string): SafetyCheckResult;
/**
 * Minimal shell-aware tokenizer: splits on unquoted whitespace, keeps
 * single/double-quoted regions intact (quotes themselves are stripped),
 * and honors backslash escapes. Sufficient for identifying the program
 * token and distinguishing flags from positional args; not a complete
 * POSIX shell parser.
 */
export declare function tokenize(command: string): string[];
/**
 * Find the effective program name and argument list, accounting for:
 *   1. Leading `KEY=VALUE` env var prefixes (`FOO=bar vim file`)
 *   2. The `env` wrapper (`env FOO=bar vim file` or `env -u BAR vim`)
 *
 * Returns the program's basename (last path segment) and the remaining
 * arg tokens, or `null` if no program token is present.
 */
export declare function findProgram(tokens: string[]): {
    name: string;
    args: string[];
} | null;
//# sourceMappingURL=interactive.d.ts.map