/** * Shared command-option validation for `observe command` and * `record command`. Single source of truth for: * * - numeric flag range / NaN-safe checks * - env-allowlist key grammar + byte cap * - record-only digest / opaque-ref preflights * - raw capture / raw env / secret-scan unsafe-flag pairing * - shell-binary detection acknowledgement * - raw argv per-token cap * * Both commands consume `validateCoreCommandOptions` so their * preflight semantics never drift. Record-command additionally calls * `validateSigningOptions` for the signing-input mutex and canonical * issuer URL check. */ import type { ArgvMode, CwdMode, BinaryPathMode, EnvMode, StdinMode, ExitCodeMode, ExecutionMode } from './observation-builder.js'; /** * Stable error codes shared by observe command and record command. The * subcommands re-export the relevant subset under their own * `OBSERVE_COMMAND_ERROR_CODES` / `RECORD_COMMAND_ERROR_CODES` for * call-site clarity; both names point at these strings. */ export declare const COMMAND_OPTION_ERROR_CODES: { readonly programRequired: "cli.program_required"; readonly unsafeFlagRequired: "cli.unsafe_flag_required"; readonly secretScanDisableRequiresUnsafeFlag: "cli.secret_scan_disable_requires_unsafe_flag"; readonly shellModeRequired: "cli.shell_mode_required"; readonly argvTokenTooLong: "cli.argv_token_too_long"; readonly outOfRange: "cli.out_of_range"; readonly invalidPolicyDigest: "cli.invalid_policy_digest"; readonly invalidConfigDigest: "cli.invalid_config_digest"; readonly invalidApprovalRef: "cli.invalid_approval_ref"; readonly invalidEnvKey: "cli.invalid_env_key"; readonly signingInputRequired: "cli.signing_input_required"; readonly signingInputConflict: "cli.signing_input_conflict"; readonly issuerIdRequired: "cli.issuer_id_required"; readonly issuerIdInvalid: "cli.issuer_id_invalid"; }; export interface ValidationFailure { code: string; message: string; } /** Common option shape both subcommands share (no signing fields). */ export interface CoreCommandOptions { captureMode: ArgvMode; unsafeAllowRawCapture: boolean; captureStdinMode: StdinMode; captureStdoutBytes: number; captureStderrBytes: number; captureArgvBytes: number; envAllow: string[]; envMode: EnvMode; unsafeAllowRawEnv: boolean; captureCwdMode: CwdMode; captureBinaryPath: BinaryPathMode; secretScan: boolean; unsafeDisableSecretScan: boolean; policyDigest?: string; configDigest?: string; approvalRef?: string; executionMode: ExecutionMode; shellMode: boolean; timeoutMs: number; killGraceMs: number; exitCodeMode: ExitCodeMode; } /** Signing-input shape consumed by record command. */ export interface SigningOptions { issuerKey?: string; issuerId?: string; unsafeEphemeralKey: boolean; } /** True iff `n` is a finite, in-range integer (rejects NaN, Infinity, floats). */ export declare function isValidIntInRange(n: unknown, min: number, max: number): boolean; /** UTF-8 byte length of a string. */ export declare function utf8Bytes(s: string): number; /** Platform-agnostic basename -- strips both `/` and `\`. */ export declare function basenameAny(p: string): string; /** * Validate flags shared by observe command and record command. Returns * an array of failures; empty when the options + child argv are * acceptable. Caller surfaces failures to stderr and exits 2 BEFORE * spawning the child. */ export declare function validateCoreCommandOptions(opts: CoreCommandOptions, childArgv: string[]): ValidationFailure[]; /** * Validate signing-input flags consumed by record command. Enforces * mutex (--issuer-key XOR --unsafe-ephemeral-key), required * --issuer-id, and canonical-issuer-URL form. Caller appends these * failures to the core failures and exits 2 BEFORE running the child. */ export declare function validateSigningOptions(opts: SigningOptions): ValidationFailure[]; //# sourceMappingURL=command-option-validation.d.ts.map