import type { CommandResolution, ExecCommandAnalysis } from "./exec-approvals-types.js";
export declare const DEFAULT_SAFE_BINS: string[];
export declare function isWindowsPlatform(platform?: string | null): boolean;
/**
 * Splits a command string by chain operators (&&, ||, ;) while respecting quotes.
 * Returns null when no chain is present or when the chain is malformed.
 */
export declare function splitCommandChain(command: string): string[] | null;
/**
 * Parses a shell command string into segments (handling pipes, chains, quoting)
 * and resolves each segment's executable. Cross-platform (Unix + Windows).
 */
export declare function analyzeShellCommand(params: {
    command: string;
    cwd?: string;
    env?: NodeJS.ProcessEnv;
    platform?: string | null;
}): ExecCommandAnalysis;
/** Analyzes a pre-split argv array (no shell parsing needed). */
export declare function analyzeArgvCommand(params: {
    argv: string[];
    cwd?: string;
    env?: NodeJS.ProcessEnv;
}): ExecCommandAnalysis;
/** Normalizes a list of safe binary names to a lowercase Set. */
export declare function normalizeSafeBins(entries?: string[]): Set<string>;
/** Resolves safe bins from config, falling back to DEFAULT_SAFE_BINS when undefined. */
export declare function resolveSafeBins(entries?: string[] | null): Set<string>;
/**
 * Checks whether a command invokes a "safe" binary (e.g. grep, jq) without
 * file path arguments that could leak data. Safe bins are auto-allowed.
 */
export declare function isSafeBinUsage(params: {
    argv: string[];
    resolution: CommandResolution | null;
    safeBins: Set<string>;
    cwd?: string;
    fileExists?: (filePath: string) => boolean;
}): boolean;