export type PolicyVerdict = 'permit' | 'deny'; /** A single policy rule: if conditions match, produce verdict for action */ export interface PolicyRule { ruleId: string; /** What action scope this rule governs */ actionScope: string; /** Verdict when this rule fires */ verdict: PolicyVerdict; /** Priority (higher = evaluated first) */ priority: number; /** Other rule IDs that must be evaluated before this one (dependencies) */ dependsOn: string[]; /** Conditions as key-value (simplified — real impl would use predicate logic) */ conditions: Record; } /** Result of analyzing a policy rule set */ export interface PolicyConflictReport { /** Circular dependencies found (each array is a cycle path) */ cycles: string[][]; /** Rules that can never fire because a higher-priority rule always shadows them */ shadowedRules: ShadowedRule[]; /** Rules that produce opposite verdicts for the same action scope */ contradictions: PolicyContradiction[]; /** Actions that no rule covers */ unreachableActions: string[]; /** Overall health: clean if no cycles, contradictions */ healthy: boolean; } export interface ShadowedRule { shadowedRuleId: string; shadowedByRuleId: string; reason: string; } export interface PolicyContradiction { action: string; permitRuleId: string; denyRuleId: string; } /** * Detect cycles in the policy dependency graph using DFS. * Each rule's dependsOn forms edges: rule → dependency. * A cycle means deadlock — rule A needs B which needs A. */ export declare function detectCycles(rules: PolicyRule[]): string[][]; /** * A rule is "shadowed" if another rule with higher priority * covers the same action scope with identical or superset conditions. * The shadowed rule can never fire. */ export declare function detectShadowedRules(rules: PolicyRule[]): ShadowedRule[]; /** * Find pairs of rules that produce opposite verdicts for overlapping scopes * at the same priority level (true conflict — no priority tiebreak). */ export declare function detectContradictions(rules: PolicyRule[]): PolicyContradiction[]; /** * Given a set of known action scopes, find which ones no rule covers. */ export declare function detectUnreachableActions(rules: PolicyRule[], knownActions: string[]): string[]; /** * Run all conflict detection analyses on a set of policy rules. */ export declare function analyzePolicyRules(rules: PolicyRule[], knownActions?: string[]): PolicyConflictReport; //# sourceMappingURL=policy-conflict.d.ts.map