import type { ExecAllowlistEntry, ExecAllowlistAnalysis, ExecAllowlistEvaluation, ExecApprovalDecision, ExecApprovalsFile, ExecAsk, ExecCommandAnalysis, ExecSecurity } from "./exec-approvals-types.js";
/**
 * Evaluates whether all segments of a parsed command are covered by the
 * allowlist, safe bins, or skill bins. Returns match details.
 */
export declare function evaluateExecAllowlist(params: {
    analysis: ExecCommandAnalysis;
    allowlist: ExecAllowlistEntry[];
    safeBins: Set<string>;
    cwd?: string;
    skillBins?: Set<string>;
    autoAllowSkills?: boolean;
}): ExecAllowlistEvaluation;
/**
 * Evaluates allowlist for shell commands (including &&, ||, ;) and returns analysis metadata.
 */
export declare function evaluateShellAllowlist(params: {
    command: string;
    allowlist: ExecAllowlistEntry[];
    safeBins: Set<string>;
    cwd?: string;
    env?: NodeJS.ProcessEnv;
    skillBins?: Set<string>;
    autoAllowSkills?: boolean;
    platform?: string | null;
}): ExecAllowlistAnalysis;
/**
 * Determines whether a command requires interactive approval based on
 * the ask mode, security level, and allowlist analysis result.
 */
export declare function requiresExecApproval(params: {
    ask: ExecAsk;
    security: ExecSecurity;
    analysisOk: boolean;
    allowlistSatisfied: boolean;
}): boolean;
/** Updates the last-used timestamp and command for an allowlist entry after execution. */
export declare function recordAllowlistUse(approvals: ExecApprovalsFile, koiId: string | undefined, entry: ExecAllowlistEntry, command: string, resolvedPath?: string): void;
/** Adds a new pattern to a koi's allowlist if not already present. */
export declare function addAllowlistEntry(approvals: ExecApprovalsFile, koiId: string | undefined, pattern: string): void;
/** Returns the more restrictive of two security levels (deny < allowlist < full). */
export declare function minSecurity(a: ExecSecurity, b: ExecSecurity): ExecSecurity;
/** Returns the more aggressive of two ask modes (off < on-miss < always). */
export declare function maxAsk(a: ExecAsk, b: ExecAsk): ExecAsk;
/**
 * Sends an exec-approval request to the gateway via Unix socket and waits
 * for a human decision (allow-once / allow-always / deny).
 * @returns The decision, or null on timeout/error.
 */
export declare function requestExecApprovalViaSocket(params: {
    socketPath: string;
    token: string;
    request: Record<string, unknown>;
    timeoutMs?: number;
}): Promise<ExecApprovalDecision | null>;