/**
 * Security Utilities for AGI Core
 * Comprehensive security validation, sanitization, and safe execution utilities
 */
import { SpawnSyncOptions } from 'node:child_process';
/**
 * Validate target hostname, IP address, or domain
 * Prevents command injection and path traversal
 */
export declare function validateTarget(target: string): {
    valid: boolean;
    reason?: string;
};
/**
 * Validate port numbers and ranges
 */
export declare function validatePorts(ports: string): {
    valid: boolean;
    reason?: string;
};
/**
 * Validate and sanitize URL
 */
export declare function validateUrl(url: string): {
    valid: boolean;
    reason?: string;
    sanitized?: string;
};
/**
 * Safe command execution wrapper
 * Uses spawnSync with array arguments, never shell mode
 */
export declare function safeExecSync(command: string, args?: string[], options?: SpawnSyncOptions): {
    success: boolean;
    stdout: string;
    stderr: string;
    error?: string;
};
/**
 * Sanitize user input for shell commands
 * Escapes shell metacharacters
 */
export declare function sanitizeShellInput(input: string): string;
/**
 * Validate and sanitize file path
 * Prevents directory traversal attacks
 */
export declare function sanitizeFilePath(path: string): {
    valid: boolean;
    sanitized?: string;
    reason?: string;
};
/**
 * Rate limiting and request throttling
 */
export declare class RateLimiter {
    private maxRequests;
    private timeWindowMs;
    private requests;
    constructor(maxRequests?: number, timeWindowMs?: number);
    /**
     * Check if request is allowed
     */
    isAllowed(key: string): boolean;
    /**
     * Clean up old request records
     */
    private cleanup;
    /**
     * Get wait time if rate limited
     */
    getWaitTime(key: string): number;
}
/**
 * Secure HTTP request utilities
 */
export declare class SecureHttpClient {
    private rateLimiter;
    get(url: string, options?: {
        timeout?: number;
        headers?: Record<string, string>;
    }): Promise<{
        success: boolean;
        statusCode?: number;
        data?: string;
        error?: string;
    }>;
}
/**
 * Security context for tool execution
 */
export interface SecurityContext {
    userId?: string;
    permissions: string[];
    maxExecutionTime: number;
    allowedCommands: string[];
    allowedHosts: string[];
}
/**
 * Security policy validator
 */
export declare class SecurityPolicyValidator {
    private defaultContext;
    validateCommand(command: string, args: string[], context?: Partial<SecurityContext>): {
        allowed: boolean;
        reason?: string;
    };
    private validateNmapArgs;
    private validateCurlArgs;
}
/**
 * Security logger for audit trail
 */
export declare class SecurityLogger {
    private logFile?;
    constructor(logFile?: string);
    logSecurityEvent(event: {
        type: string;
        userId?: string;
        command?: string;
        args?: string[];
        target?: string;
        success: boolean;
        timestamp: Date;
        details?: Record<string, any>;
    }): void;
    private getClientIp;
}
export declare const securityValidator: SecurityPolicyValidator;
export declare const securityLogger: SecurityLogger;
export declare const globalRateLimiter: RateLimiter;
//# sourceMappingURL=securityUtils.d.ts.map