import { type ExecCommandAnalysis, type CommandResolution, type ExecCommandSegment } from "./exec-approvals-analysis.js"; import type { ExecAllowlistEntry } from "./exec-approvals.js"; import { type SafeBinProfile } from "./exec-safe-bin-policy.js"; import { isTrustedSafeBinPath } from "./exec-safe-bin-trust.js"; export declare function normalizeSafeBins(entries?: string[]): Set; export declare function resolveSafeBins(entries?: string[] | null): Set; export declare function isSafeBinUsage(params: { argv: string[]; resolution: CommandResolution | null; safeBins: Set; platform?: string | null; trustedSafeBinDirs?: ReadonlySet; safeBinProfiles?: Readonly>; safeBinGenericProfile?: SafeBinProfile; isTrustedSafeBinPathFn?: typeof isTrustedSafeBinPath; }): boolean; export type ExecAllowlistEvaluation = { allowlistSatisfied: boolean; allowlistMatches: ExecAllowlistEntry[]; segmentSatisfiedBy: ExecSegmentSatisfiedBy[]; }; export type ExecSegmentSatisfiedBy = "allowlist" | "safeBins" | "skills" | null; export declare function evaluateExecAllowlist(params: { analysis: ExecCommandAnalysis; allowlist: ExecAllowlistEntry[]; safeBins: Set; cwd?: string; platform?: string | null; trustedSafeBinDirs?: ReadonlySet; skillBins?: Set; autoAllowSkills?: boolean; }): ExecAllowlistEvaluation; export type ExecAllowlistAnalysis = { analysisOk: boolean; allowlistSatisfied: boolean; allowlistMatches: ExecAllowlistEntry[]; segments: ExecCommandSegment[]; segmentSatisfiedBy: ExecSegmentSatisfiedBy[]; }; /** * Evaluates allowlist for shell commands (including &&, ||, ;) and returns analysis metadata. */ export declare function evaluateShellAllowlist(params: { command: string; allowlist: ExecAllowlistEntry[]; safeBins: Set; cwd?: string; env?: NodeJS.ProcessEnv; trustedSafeBinDirs?: ReadonlySet; skillBins?: Set; autoAllowSkills?: boolean; platform?: string | null; }): ExecAllowlistAnalysis;