/** * Role Manager for Agent Permission Control * * Manages role-based permissions for different message sources (viewer, discord, etc.) * Determines which tools and paths are accessible based on the agent's role. */ import { RoleConfig, RolesConfig } from '../cli/config/types.js'; /** * Options for RoleManager initialization */ export interface RoleManagerOptions { /** Custom roles configuration (defaults to DEFAULT_ROLES) */ rolesConfig?: RolesConfig; } /** * RoleManager handles role-based permission checks */ export declare class RoleManager { private rolesConfig; constructor(options?: RoleManagerOptions); /** * Get the role configuration for a given source * @param source - Message source (e.g., "viewer", "discord", "telegram") * @returns Role configuration for the source */ getRoleForSource(source: string): { roleName: string; role: RoleConfig; }; /** * Check if a tool is allowed for the given role * @param role - Role configuration * @param toolName - Name of the tool to check * @returns true if tool is allowed, false otherwise */ isToolAllowed(role: RoleConfig, toolName: string): boolean; /** * Check if a path is allowed for the given role * @param role - Role configuration * @param path - File path to check * @returns true if path is allowed, false otherwise */ isPathAllowed(role: RoleConfig, path: string): boolean; /** * Check if the role can perform system control operations * @param role - Role configuration * @returns true if system control is allowed */ canSystemControl(role: RoleConfig): boolean; /** * Check if the role can access sensitive data * @param role - Role configuration * @returns true if sensitive access is allowed */ canAccessSensitive(role: RoleConfig): boolean; /** * Get human-readable capabilities list for a role * @param role - Role configuration * @returns Array of capability descriptions */ getCapabilities(role: RoleConfig): string[]; /** * Get human-readable limitations list for a role * @param role - Role configuration * @returns Array of limitation descriptions */ getLimitations(role: RoleConfig): string[]; /** * Update roles configuration * @param newConfig - New roles configuration */ updateRolesConfig(newConfig: RolesConfig): void; /** * Get current roles configuration * @returns Current roles configuration */ getRolesConfig(): RolesConfig; /** * Match a string against a wildcard pattern * Supports glob patterns: "mama_*" matches "mama_search", "mama_save" * Uses minimatch for consistent pattern matching with isPathAllowed */ private matchesPattern; /** * Expand ~ to home directory in path */ private expandPath; } /** * Get or create the global RoleManager instance * @param options - Options for initialization (only used on first call) * @returns Global RoleManager instance */ export declare function getRoleManager(options?: RoleManagerOptions): RoleManager; /** * Reset the global RoleManager instance (for testing) */ export declare function resetRoleManager(): void; //# sourceMappingURL=role-manager.d.ts.map