/**
 * Granular tool permission system.
 *
 * Tools are classified into categories by risk level.
 * Each category has a configurable policy: "allow", "ask", or "deny".
 * Session-scoped grants let the user approve a category once per session.
 */
export type ToolCategory = 'read' | 'edit' | 'execute' | 'mcp';
export declare const TOOL_CATEGORIES: Record<ToolCategory, {
    label: string;
    description: string;
}>;
/**
 * Get the category for a tool, or null if the tool is always-allowed.
 */
export declare function getToolCategory(toolName: string): ToolCategory | null;
/**
 * Get the list of known tools for a given category.
 */
export declare function getToolsForCategory(category: ToolCategory): string[];
export type PermissionPolicy = 'allow' | 'ask' | 'deny';
export interface PermissionRules {
    /** Policy per category. Missing categories default to their DEFAULT_POLICIES value. */
    categories: Partial<Record<ToolCategory, PermissionPolicy>>;
    /** Per-tool overrides. Tool name → policy. Takes precedence over category. */
    tools: Record<string, PermissionPolicy>;
}
/** Default policies when no rules are configured (YOLO=false equivalent). */
export declare const DEFAULT_POLICIES: Record<ToolCategory, PermissionPolicy>;
/** YOLO-mode policies — everything auto-allowed. */
export declare const YOLO_POLICIES: Record<ToolCategory, PermissionPolicy>;
export declare function createDefaultRules(): PermissionRules;
export declare class SessionGrants {
    private grantedCategories;
    private grantedTools;
    allowCategory(category: ToolCategory): void;
    allowTool(toolName: string): void;
    isGranted(toolName: string, category: ToolCategory): boolean;
    reset(): void;
    getGrantedCategories(): ToolCategory[];
    getGrantedTools(): string[];
}
export type ApprovalDecision = 'allow' | 'ask' | 'deny';
/**
 * Determine whether a tool call should be allowed, prompted, or denied.
 *
 * Priority order:
 *  1. Always-allowed tools (ask_user, task_write, etc.) → allow
 *  2. Per-tool policy override → use that policy
 *  3. Session grants (user said "always allow" during this session) → allow
 *  4. Category policy → use that policy
 *  5. Fallback → "ask"
 */
export declare function resolveApproval(toolName: string, rules: PermissionRules, sessionGrants: SessionGrants): ApprovalDecision;
//# sourceMappingURL=permissions.d.ts.map