/**
 * Path Validator - Path Traversal Protection
 *
 * Validates and sanitizes file paths to prevent directory traversal attacks.
 * Ensures all file operations stay within allowed directories.
 *
 * Security Features:
 * - Blocks absolute paths (unless explicitly allowed)
 * - Detects and blocks ../ traversal sequences
 * - Validates symlink targets
 * - Checks for null bytes
 * - Windows-specific protections (UNC paths, reserved names)
 */
export interface PathValidationOptions {
    /**
     * Base directory to restrict paths to (default: process.cwd())
     * All paths must resolve within this directory
     */
    allowedDirectory?: string;
    /**
     * Allow absolute paths (default: false)
     * If false, absolute paths will be rejected
     */
    allowAbsolutePaths?: boolean;
    /**
     * Follow symlinks and validate their targets (default: false)
     * If false, symlinks will be rejected immediately
     */
    followSymlinks?: boolean;
    /**
     * Require that the file/directory exists (default: false)
     * Useful for read operations; set false for write operations
     */
    requireExists?: boolean;
}
/**
 * Path validator with security checks
 */
export declare class PathValidator {
    /**
     * Validate and sanitize a file path
     *
     * @param userPath - User-supplied path (untrusted input)
     * @param options - Validation options
     * @returns Sanitized absolute path (safe to use)
     * @throws {SecurityError} if path is unsafe
     */
    static validate(userPath: string, options?: PathValidationOptions): string;
    /**
     * Validate path for reading (requires existence)
     */
    static validateRead(userPath: string, allowedDir?: string): string;
    /**
     * Validate path for writing (doesn't require existence)
     */
    static validateWrite(userPath: string, allowedDir?: string): string;
}
//# sourceMappingURL=path-validator.d.ts.map