/**
 * @license
 * Copyright 2025-2026 Open Home Foundation
 * SPDX-License-Identifier: Apache-2.0
 */
import type { MatterNode } from "@matter-server/ws-client";
import { type AccessControlEntryStruct } from "../components/dialogs/acl/model.js";
export declare enum Privilege {
    View = 1,
    ProxyView = 2,
    Operate = 3,
    Manage = 4,
    Administer = 5
}
export declare enum AuthMode {
    Pase = 1,
    Case = 2,
    Group = 3
}
export declare const PRIVILEGE_NAMES: Record<number, string>;
export declare const AUTH_MODE_NAMES: Record<number, string>;
export declare function nodeIdKey(id: number | bigint): string;
/** Normalize a raw attribute value (array or index-keyed object, or absent) into an element array. */
export declare function attributeArray(value: unknown): unknown[];
export declare function readAclEntries(node: MatterNode): AccessControlEntryStruct[];
export declare function entriesForFabric(entries: AccessControlEntryStruct[], fabricIndex: number | undefined): AccessControlEntryStruct[];
/**
 * The device-side fabric index for our controller's fabric, read from CurrentFabricIndex (0/62/5).
 * ACL/Binding entries carry this index in their fabricIndex field — NOT the controller's own
 * fabric-table index (serverInfo.fabric_index), which lives in a different numbering space.
 */
export declare function nodeFabricIndex(node: MatterNode): number | undefined;
export declare function isWholeNode(entry: AccessControlEntryStruct): boolean;
/**
 * Whether the entry grants access to (endpoint, cluster). A null target endpoint/cluster is an ACL
 * wildcard (grants all). Cluster matching is directional: a wildcard *request* (cluster undefined,
 * i.e. an all-clusters binding) is only covered by a wildcard ACL target — a cluster-specific grant
 * does not cover "all clusters".
 */
export declare function entryMatchesTarget(entry: AccessControlEntryStruct, endpoint: number, cluster: number | undefined): boolean;
export interface AclCapacity {
    max: number;
    subjectsMax: number;
    targetsMax: number;
}
export declare function aclCapacity(node: MatterNode): AclCapacity;
/**
 * Stable structural identity for an ACL entry, used to re-locate it in a freshly-read list before a
 * write (the cache copy and the fresh copy are different objects).
 */
export declare function aclEntryKey(entry: AccessControlEntryStruct): string;
export declare function subjectsInclude(entry: AccessControlEntryStruct, nodeId: number | bigint): boolean;
export declare function isProtectedAdmin(entry: AccessControlEntryStruct, controllerNodeId: number | bigint | undefined): boolean;
//# sourceMappingURL=access-control.d.ts.map