/**
 * Shared environment sanitization for child processes.
 *
 * Used by both the Bash tool (safety.ts) and MCP client (mcp-client.ts)
 * to strip dangerous environment variables before spawning subprocesses.
 */
/**
 * Build a safe environment for child processes by stripping dangerous variables.
 *
 * @param parentEnv - The source environment (typically process.env or a consumer-supplied map)
 * @param marker - Optional context marker added as CORTEX_SHELL. Pass undefined to skip.
 * @param overrides - Optional key-value pairs merged ON TOP of the sanitized env, bypassing
 *   the blocklist. Used for consumer-set variables that must propagate (e.g., macOS dock
 *   icon suppression vars like DYLD_INSERT_LIBRARIES).
 * @returns A new object with dangerous variables removed and overrides applied
 */
export declare function buildSafeEnv(parentEnv: NodeJS.ProcessEnv | Record<string, string>, marker?: string | undefined, overrides?: Record<string, string> | undefined): Record<string, string>;
//# sourceMappingURL=safe-env.d.ts.map