/**
 * `peac observe command` subcommand.
 *
 * Wraps a child process and emits an unsigned CLI execution observation
 * record to stdout (or `--output <file>`). Hard security defaults:
 *   - argv hashed
 *   - stdout/stderr length + sha256 + truncated only (no sample without
 *     double-opt-in raw mode)
 *   - stdin closed (none)
 *   - env capture deny-by-default
 *   - cwd hashed; binary path hashed
 *   - secret-scan on
 *   - shell binary detected without --shell-mode hard-fails
 *
 * The wrapper is an OBSERVER, not a sandbox / permission system / shell
 * orchestrator / process supervisor / job scheduler. It does not
 * synthesize shell syntax; the command after `--` is spawned exactly as
 * supplied with `shell: false`.
 */
import { Command } from 'commander';
import { preflightOutputWritable, resolveProgramPath, runObservationCore, type CoreObservationOptions, type CoreObservationIO } from '../lib/observation-pipeline.js';
import { type ValidationFailure } from '../lib/command-option-validation.js';
import type { ArgvMode, CwdMode, BinaryPathMode, EnvMode, StdinMode, ExitCodeMode, ExecutionMode } from '../lib/observation-builder.js';
export { preflightOutputWritable, resolveProgramPath, runObservationCore };
export type { CoreObservationOptions, CoreObservationIO };
/**
 * Stable error codes surfaced to the user via stderr + non-zero exit.
 * Mirrors the shared `COMMAND_OPTION_ERROR_CODES` set plus a few
 * subcommand-specific codes (spawn-failed, schema-rejection,
 * output-write-failed) that originate inside `runObservationCore` or
 * the emit step rather than the option-validation layer.
 */
export declare const OBSERVE_COMMAND_ERROR_CODES: {
    readonly envModeInconsistent: "cli.env_mode_inconsistent";
    readonly schemaRejection: "cli.schema_rejection";
    readonly unsupportedFlag: "cli.unsupported_flag";
    readonly spawnFailed: "cli.spawn_failed";
    readonly outputWriteFailed: "cli.output_write_failed";
    readonly programRequired: "cli.program_required";
    readonly unsafeFlagRequired: "cli.unsafe_flag_required";
    readonly secretScanDisableRequiresUnsafeFlag: "cli.secret_scan_disable_requires_unsafe_flag";
    readonly shellModeRequired: "cli.shell_mode_required";
    readonly argvTokenTooLong: "cli.argv_token_too_long";
    readonly outOfRange: "cli.out_of_range";
    readonly invalidPolicyDigest: "cli.invalid_policy_digest";
    readonly invalidConfigDigest: "cli.invalid_config_digest";
    readonly invalidApprovalRef: "cli.invalid_approval_ref";
    readonly invalidEnvKey: "cli.invalid_env_key";
    readonly signingInputRequired: "cli.signing_input_required";
    readonly signingInputConflict: "cli.signing_input_conflict";
    readonly issuerIdRequired: "cli.issuer_id_required";
    readonly issuerIdInvalid: "cli.issuer_id_invalid";
};
export interface ObserveCommandOptions {
    /** Resolved CLI flag values; tests construct this directly. */
    captureMode: ArgvMode;
    unsafeAllowRawCapture: boolean;
    captureStdinMode: StdinMode;
    captureStdoutBytes: number;
    captureStderrBytes: number;
    captureArgvBytes: number;
    envAllow: string[];
    envMode: EnvMode;
    unsafeAllowRawEnv: boolean;
    captureCwdMode: CwdMode;
    captureBinaryPath: BinaryPathMode;
    secretScan: boolean;
    unsafeDisableSecretScan: boolean;
    policyDigest?: string;
    configDigest?: string;
    approvalRef?: string;
    executionMode: ExecutionMode;
    shellMode: boolean;
    output: string;
    timeoutMs: number;
    killGraceMs: number;
    exitCodeMode: ExitCodeMode;
}
export interface ObserveCommandIO {
    /** Defaults to process.stdout.write. */
    writeStdout: (chunk: string) => void;
    /** Defaults to process.stderr.write. */
    writeStderr: (chunk: string) => void;
    /**
     * Environment passed to the child process. Defaults to process.env.
     * Distinct from `captureEnv` so env-capture policy (what PEAC RECORDS)
     * stays decoupled from execution env (what the child RECEIVES).
     */
    childEnv: NodeJS.ProcessEnv;
    /**
     * Environment inspected by --env-allow for record entries. Defaults
     * to process.env. Tests override either side independently.
     */
    captureEnv: NodeJS.ProcessEnv;
    /** Defaults to process.cwd(). */
    cwd: string;
    /** Defaults to a tiny version constant. */
    peacCliVersion: string;
}
export interface ObserveCommandResult {
    exitCode: number;
}
/**
 * Commander integer flag parser that surfaces NaN / non-integer input
 * as `Number.NaN` instead of silently coercing. The shared option
 * validator rejects NaN via `isValidIntInRange` and emits
 * `cli.out_of_range`.
 */
export declare function parseIntegerFlag(raw: string): number;
/**
 * Validate flag combinations BEFORE spawning the child. Delegates to
 * `validateCoreCommandOptions` so observe command and record command
 * share one source of truth for option validation.
 */
export declare function validateObserveOptions(opts: ObserveCommandOptions, childArgv: string[]): ValidationFailure[];
/**
 * Pure handler: validates flags, runs the child, builds the
 * observation, validates against the schema, emits JSON. Tests drive
 * this directly without going through commander.
 */
export declare function runObserveCommand(options: Partial<ObserveCommandOptions>, childArgv: string[], io?: Partial<ObserveCommandIO>): Promise<ObserveCommandResult>;
/**
 * Commander factory for the inner `command` subcommand of the
 * `peac observe` group. Wires --flag parsing and delegates to the pure
 * handler. Public invocation: `peac observe command -- <program> [args...]`.
 */
export declare function observeCommandSubcommand(): Command;
/**
 * Commander factory for the public `peac observe` parent group. Adds
 * the `command` subcommand. Future observation surfaces (e.g.,
 * `peac observe mcp`, `peac observe http`) attach here without
 * widening the verb namespace.
 */
export declare function observeCommand(): Command;
//# sourceMappingURL=observe-command.d.ts.map