//#region src/security/external-content-source.d.ts
/** Hook session sources that carry untrusted external content into agent prompts. */
type HookExternalContentSource = "gmail" | "webhook";
/**
 * Resolve a hook session key into its external content source.
 * Unknown `hook:*` sessions are treated as webhooks so legacy/custom hooks stay wrapped.
 */
declare function resolveHookExternalContentSource(sessionKey: string): HookExternalContentSource | undefined;
/** Map hook session provenance to the prompt-facing external content source label. */
declare function mapHookExternalContentSource(source: HookExternalContentSource): "email" | "webhook";
/** Return true when a session key should receive external-content prompt wrapping. */
declare function isExternalHookSession(sessionKey: string): boolean;
//#endregion
//#region src/security/external-content.d.ts
/**
 * Check if content contains suspicious patterns that may indicate injection.
 */
declare function detectSuspiciousPatterns(content: string): string[];
type ExternalContentSource = "email" | "webhook" | "api" | "browser" | "channel_metadata" | "web_search" | "web_fetch" | "unknown";
type WrapExternalContentOptions = {
  /** Source of the external content */source: ExternalContentSource; /** Original sender information (e.g., email address) */
  sender?: string; /** Subject line (for emails) */
  subject?: string; /** Whether to include detailed security warning */
  includeWarning?: boolean;
};
/**
 * Wraps external untrusted content with security boundaries and warnings.
 *
 * This function should be used whenever processing content from external sources
 * (emails, webhooks, API calls from untrusted clients) before passing to LLM.
 *
 * @example
 * ```ts
 * const safeContent = wrapExternalContent(emailBody, {
 *   source: "email",
 *   sender: "user@example.com",
 *   subject: "Help request"
 * });
 * // Pass safeContent to LLM instead of raw emailBody
 * ```
 */
declare function wrapExternalContent(content: string, options: WrapExternalContentOptions): string;
/**
 * Builds a safe prompt for handling external content.
 * Combines the security-wrapped content with contextual information.
 */
declare function buildSafeExternalPrompt(params: {
  content: string;
  source: ExternalContentSource;
  sender?: string;
  subject?: string;
  jobName?: string;
  jobId?: string;
  timestamp?: string;
}): string;
/**
 * Extracts the hook type from a session key.
 */
declare function getHookType(sessionKey: string): ExternalContentSource;
/**
 * Wraps web search/fetch content with security markers.
 * This is a simpler wrapper for web tools that just need content wrapped.
 */
declare function wrapWebContent(content: string, source?: "web_search" | "web_fetch"): string;
//#endregion
export { getHookType as a, HookExternalContentSource as c, resolveHookExternalContentSource as d, detectSuspiciousPatterns as i, isExternalHookSession as l, WrapExternalContentOptions as n, wrapExternalContent as o, buildSafeExternalPrompt as r, wrapWebContent as s, ExternalContentSource as t, mapHookExternalContentSource as u };