/**
 * Result returned by a boundary predicate when an operation must be blocked.
 *
 * Stable shape so callers can render consistent error envelopes.
 *
 * @task T1591
 */
export interface BoundaryViolation {
    /**
     * CLEO error code.
     *
     * `E_GIT_BOUNDARY_*` codes are emitted by the T1591 L2 fence predicates and
     * the T1761 cwd-isolation check. `E_BOUNDARY_VIOLATION` is emitted by the
     * T1852 absolute-path enforcement layer that closes the T1763 bypass vector
     * (Edit/Write SDK tool calls with absolute paths outside the worktree).
     */
    code: 'E_GIT_BOUNDARY_WORKTREE_PATH' | 'E_GIT_BOUNDARY_COMMIT_TASK_ID' | 'E_GIT_BOUNDARY_MERGE_FORBIDDEN' | 'E_GIT_BOUNDARY_CHERRY_PICK_TASK_BRANCH' | 'E_GIT_BOUNDARY_CWD_OUTSIDE_WORKTREE' | 'E_BOUNDARY_VIOLATION';
    /**
     * Which boundary fired — kept in audit log for grouping.
     * Letters a-d are T1591 fence predicates; "isolation" is the T1761
     * cwd-outside-worktree check that fires before all others; "absolute-path"
     * is the T1852 Edit/Write absolute-path check.
     */
    boundary: 'a' | 'b' | 'c' | 'd' | 'isolation' | 'absolute-path';
    /** Short human-readable summary of the violation. */
    message: string;
    /** Suggested operator action (always includes the override path). */
    remediation: string;
    /** Free-form context attached to the audit record. */
    context: Record<string, string>;
}
/**
 * Boundary (a) — Worktree-path enforcement.
 *
 * Rejects `git add` of a path outside the active worktree. The shim runs
 * with `cwd === process.cwd()`, so any relative path is rooted there.
 * Absolute paths are checked verbatim.
 *
 * `git add` flags that don't take paths (`-A`, `--all`, `-u`, `--update`,
 * `-i`, `--interactive`, `-p`, `--patch`) are allowed as-is — git itself
 * scopes them to the current repo, which is the worktree.
 *
 * @param args - argv slice after the `add` subcommand.
 * @param cwd - Current working directory at invocation time.
 * @param worktreePath - Active worktree root.
 * @returns Violation when an explicit path escapes the worktree, else null.
 *
 * @task T1591
 */
export declare function validateAddPaths(args: ReadonlyArray<string>, cwd: string, worktreePath: string): BoundaryViolation | null;
/**
 * Extract every commit-message subject from a `git commit` invocation.
 *
 * Handles `-m <msg>`, `--message <msg>`, `-m=<msg>`, `--message=<msg>`. Each
 * occurrence contributes to a multi-paragraph commit; the **first** message is
 * the subject. We validate every `-m` since git concatenates them with blank
 * lines.
 *
 * @param args - argv slice after the `commit` subcommand.
 * @returns The list of message values present, in order.
 *
 * @task T1591
 */
export declare function extractCommitMessages(args: ReadonlyArray<string>): string[];
/**
 * Determine whether the given commit invocation will produce a new commit.
 *
 * Read-only flags like `--dry-run`, `--allow-empty-message`, the absence of
 * `-m` (which opens an editor — caught by the editor-side hook in T1588), and
 * `--amend` without `-m` all pass through. The shim only enforces when a
 * subject is supplied inline.
 *
 * @param args - argv slice after the `commit` subcommand.
 * @returns true when at least one inline `-m` message was supplied.
 *
 * @task T1591
 */
export declare function commitHasInlineMessage(args: ReadonlyArray<string>): boolean;
/**
 * Boundary (b) — Commit T-ID gate.
 *
 * Rejects `git commit -m "<msg>"` when the subject lacks a CLEO task ID
 * (`T<NUM>`). Multi-`-m` invocations validate the FIRST message (the
 * subject — git concatenates subsequent `-m` values as paragraphs).
 *
 * @param args - argv slice after the `commit` subcommand.
 * @param expectedTaskId - Optional hard-anchor: when provided, the subject
 *   must contain this exact ID, not just any `T<NUM>`.
 * @returns Violation when the inline subject lacks a task ID, else null.
 *
 * @task T1591
 */
export declare function validateCommitSubject(args: ReadonlyArray<string>, expectedTaskId: string | null): BoundaryViolation | null;
/**
 * Boundary (c) — Merge restriction.
 *
 * Rejects `git merge` invocations from agent worktrees unless the
 * `CLEO_ORCHESTRATE_MERGE` env var is set. That env var is supplied
 * exclusively by `completeAgentWorktreeViaMerge` (ADR-062 / T1587), so a
 * direct `git merge` from an agent will always fail.
 *
 * Merge subcommand variants that DON'T merge (`--abort`, `--continue`,
 * `--quit`) pass through.
 *
 * @param args - argv slice after the `merge` subcommand.
 * @param env - Snapshot of relevant env vars.
 * @returns Violation when merge is blocked, else null.
 *
 * @task T1591
 * @adr ADR-062
 */
export declare function validateMergeAllowed(args: ReadonlyArray<string>, env: {
    CLEO_ORCHESTRATE_MERGE?: string;
}): BoundaryViolation | null;
/**
 * Boundary (d) — Cherry-pick refusal from worktree branches.
 *
 * Rejects `git cherry-pick <ref>` when `<ref>` is a `task/T<NUM>` branch.
 * Cherry-pick from those branches is the deprecated integration path
 * (ADR-062 supersedes it with `git merge --no-ff`).
 *
 * Also catches `git cherry-pick task/T<NUM>..HEAD` and similar range syntax.
 *
 * @param args - argv slice after the `cherry-pick` subcommand.
 * @returns Violation when a task-branch ref is referenced, else null.
 *
 * @task T1591
 * @adr ADR-062
 */
export declare function validateCherryPickSource(args: ReadonlyArray<string>): BoundaryViolation | null;
//# sourceMappingURL=boundary.d.ts.map