import type { ToolsInput } from '../../agent/types.js';
import type { PermissionPolicy } from './permissions.types.js';
import type { Session } from './session.js';
type AnySession = Session<any>;
export interface PermissionRules {
    /**
     * Per-tool override map. `'allow'` exposes the tool unconditionally,
     * `'deny'` strips it from the toolset, `'ask'` defers to the runtime gate.
     */
    tools?: Record<string, PermissionPolicy>;
}
export interface BuildSessionToolsetsOptions {
    /** Tools declared by the backing agent (already resolved for this request). */
    agentTools?: ToolsInput;
    /** Mode-level overrides. `tools` replaces; `additionalTools` augments. */
    modeOverrides?: {
        tools?: ToolsInput;
        additionalTools?: ToolsInput;
    };
    /** Harness built-in tools (ask_user, submit_plan, task_*, subagent, etc). */
    builtInTools?: ToolsInput;
    /** Optional per-tool permission policy. `deny` filters the tool out. */
    permissionRules?: PermissionRules;
    /** Tool ids the caller has explicitly disabled. */
    disabledTools?: readonly string[];
}
export declare function buildHarnessBuiltInTools(session: AnySession): ToolsInput;
/**
 * Produce the final toolset visible to the agent on this request. Pure
 * function — no IO, no side effects.
 *
 * Layering order:
 *  1. Agent tools (or mode `tools` replacement)
 *  2. Mode `additionalTools` (when not in replacement mode)
 *  3. Built-in harness tools (last so they cannot be shadowed)
 *  4. Apply `permissionRules.deny` + `disabledTools` filters
 */
export declare function buildSessionToolsets(opts?: BuildSessionToolsetsOptions): ToolsInput;
export {};
//# sourceMappingURL=tools.d.ts.map