import { PolicyDecision, type PolicyEngineConfig, type PolicyRule } from './types.js'; /** * PolicyEngine evaluates tool execution requests against configured rules. * Rules are matched in priority order, with the highest priority rule winning. */ export declare class PolicyEngine { private readonly rules; private readonly defaultDecision; private readonly nonInteractive; constructor(config?: PolicyEngineConfig); /** * Evaluates a tool execution request and returns a policy decision. * * @param toolName - The name of the tool being executed * @param args - The arguments passed to the tool * @param serverName - Optional MCP server name (for spoofing prevention) * @returns PolicyDecision (ALLOW, DENY, or ASK_USER) */ evaluate(toolName: string, args: Record, serverName?: string): PolicyDecision; /** * Finds the highest priority rule matching the tool and args. * * @param toolName - The name of the tool * @param args - The tool arguments * @returns The matching rule, or undefined if none match */ private findMatchingRule; /** * Validates that a tool name matches its claimed server name. * Returns null if spoofing is detected, otherwise returns the tool name. * * @param toolName - The tool name (may include server prefix) * @param serverName - The claimed server name * @returns The validated tool name, or null if spoofing detected */ private validateServerName; /** * Returns all configured rules (for debugging/inspection). * * @returns Array of policy rules */ getRules(): readonly PolicyRule[]; /** * Returns the default decision used when no rules match. * * @returns PolicyDecision */ getDefaultDecision(): PolicyDecision; /** * Returns whether the engine is in non-interactive mode. * * @returns boolean */ isNonInteractive(): boolean; /** * Adds a new rule to the policy engine at runtime. * The rule is inserted into the sorted rules list based on its priority. * * @param rule - The policy rule to add */ addRule(rule: PolicyRule): void; }