/**
 * `peac record command` subcommand.
 *
 * Wraps a child process and emits a Wire 0.2 compact JWS containing
 * the same `org.peacprotocol/cli-execution` observation as
 * `observe command`, signed by the supplied issuer key. Reuses the
 * shared capture / build / validate pipeline from
 * `lib/observation-pipeline.ts` so a record produced by record command
 * is identical to one from observe command (modulo the outer signing
 * envelope).
 *
 * Signing UX uses the existing PEAC issuer-key reference convention:
 *
 *   --issuer-key <env:VAR | file:/path>
 *   --issuer-id  <url>
 *   --unsafe-ephemeral-key
 *
 * The wrapper is an OBSERVER, not a sandbox / permission system /
 * shell orchestrator / process supervisor / job scheduler. PEAC does
 * NOT publish or distribute the issuer key; --unsafe-ephemeral-key
 * produces a structurally valid record whose public key is not
 * published through normal issuer-key discovery (use only for local
 * development and tests).
 */
import { Command } from 'commander';
import { type ObserveCommandOptions } from './observe-command.js';
import { type ValidationFailure } from '../lib/command-option-validation.js';
/**
 * Stable error codes surfaced before the child runs OR after signing
 * fails. Inherits the shared option-validation set so observe command
 * and record command never disagree on validation-layer codes.
 */
export declare const RECORD_COMMAND_ERROR_CODES: {
    readonly outputWriteFailed: "cli.output_write_failed";
    readonly issuerKeyLoadFailed: "cli.issuer_key_load_failed";
    readonly issuerKeyInvalid: "cli.issuer_key_invalid";
    readonly signingFailed: "cli.signing_failed";
    readonly programRequired: "cli.program_required";
    readonly unsafeFlagRequired: "cli.unsafe_flag_required";
    readonly secretScanDisableRequiresUnsafeFlag: "cli.secret_scan_disable_requires_unsafe_flag";
    readonly shellModeRequired: "cli.shell_mode_required";
    readonly argvTokenTooLong: "cli.argv_token_too_long";
    readonly outOfRange: "cli.out_of_range";
    readonly invalidPolicyDigest: "cli.invalid_policy_digest";
    readonly invalidConfigDigest: "cli.invalid_config_digest";
    readonly invalidApprovalRef: "cli.invalid_approval_ref";
    readonly invalidEnvKey: "cli.invalid_env_key";
    readonly signingInputRequired: "cli.signing_input_required";
    readonly signingInputConflict: "cli.signing_input_conflict";
    readonly issuerIdRequired: "cli.issuer_id_required";
    readonly issuerIdInvalid: "cli.issuer_id_invalid";
};
/** Record-command options = observe command options + signing inputs. */
export interface RecordCommandOptions extends ObserveCommandOptions {
    issuerKey?: string;
    issuerId?: string;
    unsafeEphemeralKey: boolean;
}
export interface RecordCommandIO {
    writeStdout: (chunk: string) => void;
    writeStderr: (chunk: string) => void;
    childEnv: NodeJS.ProcessEnv;
    captureEnv: NodeJS.ProcessEnv;
    /**
     * Environment used to resolve `env:VAR` issuer-key references.
     * Defaults to `process.env`. Distinct from `childEnv` and `captureEnv`
     * because issuer-key access policy is independent of capture policy.
     */
    issuerKeyEnv: NodeJS.ProcessEnv;
    cwd: string;
    peacCliVersion: string;
}
export interface RecordCommandResult {
    exitCode: number;
}
/**
 * Validate flag combinations (observe + signing) BEFORE spawning the
 * child or loading the issuer key. Delegates to the shared
 * `validateCoreCommandOptions` for observe-style checks and
 * `validateSigningOptions` for the signing-input mutex and canonical
 * issuer URL preflight.
 */
export declare function validateRecordOptions(opts: RecordCommandOptions, childArgv: string[]): ValidationFailure[];
/**
 * Pure handler: validates flags, preflights output and key, runs the
 * child, builds the observation, signs as Wire 0.2 JWS, emits.
 */
export declare function runRecordCommand(options: Partial<RecordCommandOptions>, childArgv: string[], io?: Partial<RecordCommandIO>): Promise<RecordCommandResult>;
/**
 * Commander factory for the `command` subcommand under the `record`
 * parent group. Mirrors `observeCommandSubcommand()` flag set + adds
 * the three signing inputs.
 */
export declare function recordCommandSubcommand(): Command;
/**
 * Commander factory for the public `peac record` parent group. Adds
 * the `command` subcommand. Future signed-record surfaces (e.g.,
 * `peac record mcp`, `peac record http`) attach here without widening
 * the verb namespace.
 */
export declare function recordCommand(): Command;
//# sourceMappingURL=record-command.d.ts.map