/**
 * Core types for the Permission Engine
 */
/**
 * Represents a permission with resource, action, and optional conditions
 */
export interface Permission {
    /** The resource being accessed (e.g., 'user', 'post', 'comment') */
    resource: string;
    /** The action being performed (e.g., 'create', 'read', 'update', 'delete') */
    action: string;
    /** Optional conditions for the permission (legacy - simple AND) */
    conditions?: PermissionCondition[];
    /** Optional grouped conditions with AND/OR logic */
    conditionGroup?: ConditionGroup;
    /** Optional async conditions */
    asyncConditions?: AsyncCondition[];
}
/**
 * Context information for permission checks
 */
export interface PermissionContext {
    /** The user requesting access */
    userId?: string;
    /** Additional context data for condition evaluation */
    [key: string]: any;
}
/**
 * A condition that must be satisfied for a permission to be granted
 */
export interface PermissionCondition {
    /** The field to check */
    field: string;
    /** The operator to use */
    operator: ConditionOperator;
    /** The value to compare against */
    value: any;
}
/**
 * Logical operators for combining conditions
 */
export declare enum LogicalOperator {
    AND = "and",
    OR = "or"
}
/**
 * A group of conditions combined with a logical operator
 */
export interface ConditionGroup {
    /** The logical operator to use (AND/OR) */
    operator: LogicalOperator;
    /** Array of conditions or nested groups */
    conditions: (PermissionCondition | ConditionGroup)[];
}
/**
 * Async condition that can perform I/O operations
 */
export interface AsyncCondition {
    /** Async evaluation function */
    evaluate: (context: PermissionContext) => Promise<boolean>;
    /** Description of the condition */
    description?: string;
}
/**
 * Supported condition operators
 */
export declare enum ConditionOperator {
    EQUALS = "equals",
    NOT_EQUALS = "not_equals",
    IN = "in",
    NOT_IN = "not_in",
    GREATER_THAN = "greater_than",
    LESS_THAN = "less_than",
    GREATER_THAN_OR_EQUAL = "greater_than_or_equal",
    LESS_THAN_OR_EQUAL = "less_than_or_equal",
    CONTAINS = "contains",
    NOT_CONTAINS = "not_contains",
    STARTS_WITH = "starts_with",
    ENDS_WITH = "ends_with",
    MATCHES = "matches",// regex
    IS_NULL = "is_null",
    IS_NOT_NULL = "is_not_null",
    IS_UNDEFINED = "is_undefined",
    IS_NOT_UNDEFINED = "is_not_undefined",
    IS_NULL_OR_UNDEFINED = "is_null_or_undefined",
    IS_NOT_NULL_OR_UNDEFINED = "is_not_null_or_undefined",
    IS_EMPTY = "is_empty",
    IS_NOT_EMPTY = "is_not_empty",
    IS_EMPTY_OR_UNDEFINED = "is_empty_or_undefined",
    IS_NOT_EMPTY_OR_UNDEFINED = "is_not_empty_or_undefined",
    IS_EMPTY_OR_NULL = "is_empty_or_null",
    IS_NOT_EMPTY_OR_NULL = "is_not_empty_or_null",
    IS_EMPTY_OR_NULL_OR_UNDEFINED = "is_empty_or_null_or_undefined",
    IS_NOT_EMPTY_OR_NULL_OR_UNDEFINED = "is_not_empty_or_null_or_undefined"
}
/**
 * Represents a role with associated permissions
 */
export interface Role {
    /** Unique identifier for the role */
    id: string;
    /** Human-readable name */
    name: string;
    /** Description of the role */
    description?: string;
    /** Permissions granted to this role */
    permissions: Permission[];
    /** Other roles this role inherits from */
    inherits?: string[];
}
/**
 * Represents a user with assigned roles
 */
export interface User {
    /** Unique identifier for the user */
    id: string;
    /** Roles assigned to the user */
    roles: string[];
    /** Direct permissions granted to the user (overriding roles) */
    permissions?: Permission[];
    /** Additional user attributes for condition evaluation */
    attributes?: Record<string, any>;
}
/**
 * A policy that defines complex permission rules
 */
export interface Policy {
    /** Unique identifier for the policy */
    id: string;
    /** Policy name */
    name: string;
    /** Description of the policy */
    description?: string;
    /** The effect of the policy (allow or deny) */
    effect: PolicyEffect;
    /** Resources this policy applies to */
    resources: string[];
    /** Actions this policy applies to */
    actions: string[];
    /** Conditions that must be met for the policy to apply */
    conditions?: PolicyCondition[];
}
/**
 * Policy effect - whether to allow or deny access
 */
export declare enum PolicyEffect {
    ALLOW = "allow",
    DENY = "deny"
}
/**
 * Policy condition - more complex than permission conditions
 */
export interface PolicyCondition {
    /** Custom condition function (sync or async) */
    evaluate: (context: PermissionContext) => boolean | Promise<boolean>;
    /** Description of the condition */
    description?: string;
}
/**
 * Result of a permission check
 */
export interface PermissionCheckResult {
    /** Whether permission is granted */
    granted: boolean;
    /** Reason for the decision */
    reason?: string;
    /** Matched policies (if any) */
    matchedPolicies?: string[];
}
/**
 * Options for permission checking
 */
export interface CheckOptions {
    /** Whether to use strict mode (all conditions must pass) */
    strict?: boolean;
    /** Whether to check policies in addition to roles/permissions */
    checkPolicies?: boolean;
    /** Additional context for the check */
    context?: PermissionContext;
}
//# sourceMappingURL=types.d.ts.map