/**
 * Generates a stable random ID using crypto.randomUUID().
 */
export declare function randomId(): string;
/**
 * Atomic JSON write: write to .tmp then rename.
 * Ensures the target file is never in a partially-written state.
 * Creates parent directories if they don't exist.
 */
export declare function atomicWriteJSON(filePath: string, data: unknown): void;
/**
 * Read and parse a JSON file. Returns null if file does not exist.
 */
export declare function readJSON<T>(filePath: string): T | null;
/**
 * File-based lock using atomic exclusive-create (O_CREAT | O_EXCL via 'wx' flag).
 * Two concurrent callers cannot both succeed — the OS guarantees only one
 * `open(..., O_EXCL)` wins on the same path.
 *
 * Stale lock detection uses file mtime: if the lock file is older than
 * `staleLockMs`, it is assumed to be from a crashed process and removed.
 */
export declare function withFileLock<T>(lockPath: string, fn: () => Promise<T>, staleLockMs?: number): Promise<T>;
/**
 * Execute a git command safely using execFileSync with argument arrays.
 * Never passes through a shell — immune to shell injection.
 *
 * Returns stdout on success, null only if git binary is not found (ENOENT).
 * Throws on all other failures (bad args, git errors) so callers can
 * distinguish "git not installed" from "git command failed".
 */
export declare function execGit(args: string[], cwd: string): string | null;
/**
 * Check if git is available in the current environment.
 */
export declare function isGitAvailable(): boolean;
/**
 * Ensure a directory exists, creating it recursively if needed.
 */
export declare function ensureDir(dirPath: string): void;
/**
 * Sanitize text before injecting into agent prompts.
 * Strips patterns that could manipulate agent behavior when
 * reinjected from untrusted stored artifacts.
 */
export declare function sanitizeForPrompt(text: string): string;
//# sourceMappingURL=utils.d.ts.map