import type { ComponentID } from '@teambit/component-id';
import type { Logger } from '@teambit/logger';
import type { Workspace } from '../workspace';
export type TrustedScopesGroups = {
    /** patterns built into Bit (e.g. `teambit.*`, `bitdev.*`) */
    builtin: string[];
    /** owner wildcard inferred from `defaultScope` (e.g. `acme.frontend` → `acme.*`) */
    owner: string[];
    /** patterns explicitly configured in `workspace.jsonc` under `trustedScopes` */
    configured: string[];
};
/**
 * Workspace-level scope-trust policy. Opt-in: when the `trustedScopes` key is
 * present in workspace.jsonc (even as an empty array), the aspect-load gate
 * is active. When the key is absent, no gate runs and any aspect loads.
 *
 * Once opted in, a scope is trusted if it matches any pattern in:
 * - the builtin set (e.g. `teambit.*`, `bitdev.*`; see `BUILTIN_TRUSTED_PATTERNS`),
 * - the pattern derived from the workspace's `defaultScope`
 *   (e.g. `acme.frontend` → `acme.*`; legacy dotless `my-scope` → `my-scope`),
 * - the `trustedScopes` array configured in workspace.jsonc.
 *
 * Patterns are exact (`acme.frontend`) or owner wildcard (`acme.*`).
 *
 * Wired into `ScopeMain` via `setAspectLoadGuard`; the guard runs in the
 * aspect-loader path so untrusted aspects never reach `require()`.
 */
export declare class ScopeTrust {
    private workspace;
    private logger;
    private deniedThisRun;
    constructor(workspace: Workspace, logger: Logger);
    /**
     * `true` when the workspace has opted in (the `trustedScopes` key is present
     * in workspace.jsonc, even as an empty array). When `false`, the aspect-load
     * gate is a no-op.
     */
    isOptedIn(): boolean;
    /**
     * Effective trust list, broken down by source. Useful for both internal
     * checks and the `bit scope trust list` UX.
     */
    getEffectiveTrustedPatterns(): TrustedScopesGroups;
    /**
     * True iff `scopeName` matches any pattern in the effective trust list.
     * `scopeName` is expected to be the bare scope (e.g. `acme.frontend`).
     */
    isScopeTrusted(scopeName: string): boolean;
    /**
     * Pattern matcher. Two forms:
     * - exact: `acme.frontend` matches only `acme.frontend`.
     * - owner wildcard: `acme.*` matches `acme.<anything>`.
     */
    static matchesPattern(scopeName: string, pattern: string): boolean;
    /** Opt the workspace in by writing `trustedScopes: []` (idempotent). */
    enable(): Promise<void>;
    /**
     * Opt the workspace out by removing the `trustedScopes` key (idempotent).
     * Uses `overrideExisting` because key deletion isn't expressible via
     * `mergeIntoExisting`; comments on other keys may be reformatted as a result.
     */
    disable(): Promise<void>;
    /** Add `pattern` to `trustedScopes` (auto-enables if not yet). */
    addTrustedScope(pattern: string): Promise<void>;
    /**
     * Remove `pattern` from `trustedScopes`. Leaves the key in place even if
     * the list becomes empty — use `disable()` to fully turn the gate off.
     */
    removeTrustedScope(pattern: string): Promise<void>;
    /**
     * Build the aspect-load guard. No-op when not opted in. When opted in:
     * untrusted scopes get a TTY prompt to extend the trust list, or in
     * non-TTY contexts an instructional error.
     */
    createGuard(): (componentId: ComponentID) => Promise<void>;
    private readExt;
    /**
     * Apply `mutator` to the current `trustedScopes` list. If the mutator
     * returns `null`, treat the call as a no-op (idempotent fast path).
     * Uses `mergeIntoExisting` so other keys' comments are preserved.
     */
    private mutateConfiguredList;
    private writeExtPatch;
    /**
     * Returns the trust pattern derived from the workspace's `defaultScope`:
     * - `acme.frontend` → `acme.*` (owner wildcard)
     * - `my-scope` (legacy dotless) → `my-scope` (exact match)
     * - empty / unset → undefined
     */
    private getInferredOwnerPattern;
    private promptForTrust;
    static isValidPattern(pattern: string): boolean;
}