import { Effect } from 'effect';
import { ProcessError } from '../types/errors.js';
import { AutoApprovalResponse } from '../types/index.js';
/**
 * Hardcoded blocklist of dangerous command patterns.
 * These are checked deterministically BEFORE sending to the LLM,
 * providing a defense-in-depth layer that cannot be bypassed by prompt injection.
 *
 * Each entry has a regex pattern and a human-readable reason.
 */
export declare const DANGEROUS_COMMAND_PATTERNS: ReadonlyArray<{
    pattern: RegExp;
    reason: string;
    pathSensitive?: boolean;
    localhostExempt?: boolean;
}>;
/**
 * Check whether all network targets in the terminal output are localhost addresses.
 * Returns true only if at least one host was found AND all of them are localhost.
 */
export declare const isLocalhostOnlyTarget: (terminalOutput: string) => boolean;
/**
 * Resolve a path that may start with ~ to an absolute path.
 */
export declare const resolveTildePath: (p: string) => string;
/**
 * Check whether every absolute/tilde path found in the terminal output
 * is located within the given cwd. Returns true only if at least one path
 * was found AND all of them are under cwd.
 * Paths are resolved via path.resolve to normalize traversals like "..".
 */
export declare const allAbsolutePathsUnderCwd: (terminalOutput: string, cwd: string) => boolean;
/**
 * Check terminal output against the hardcoded dangerous command blocklist.
 * Returns a matching result if a dangerous pattern is found, or null if safe.
 *
 * @param terminalOutput - Terminal output to analyze
 * @param cwd - Optional working directory. If provided, path-sensitive patterns
 *              will allow commands whose target paths are all within cwd.
 */
export declare const checkDangerousPatterns: (terminalOutput: string, cwd?: string) => AutoApprovalResponse | null;
/**
 * Service to verify if auto-approval should be granted for pending states
 * Uses Claude Haiku model to analyze terminal output and determine if
 * user permission is required before proceeding
 */
export declare class AutoApprovalVerifier {
    private readonly model;
    private createExecOptions;
    private runClaudePrompt;
    private runCustomCommand;
    /**
     * Verify if the current terminal output requires user permission
     * before proceeding with auto-approval
     *
     * @param terminalOutput - Current terminal output to analyze
     * @returns Effect that resolves to true if permission needed, false if can auto-approve
     */
    verifyNeedsPermission(terminalOutput: string, options?: {
        signal?: AbortSignal;
        cwd?: string;
    }): Effect.Effect<AutoApprovalResponse, ProcessError, never>;
}
export declare const autoApprovalVerifier: AutoApprovalVerifier;