/**
 * Advisory per-agent enforcement capability matrix.
 *
 * This summarizes what goat-flow can prove from local facts. It must not turn
 * structural setup checks into broader runtime-enforcement claims.
 */
import type { AgentFacts } from "../types.js";
import type { AuditScope } from "./types.js";
/** Non-gating strength labels for evidence the local audit can observe about an agent. */
export type EnforcementCapabilityStatus = "hard" | "limited" | "soft" | "missing" | "unknown";
type EnforcementCapabilitySource = "local-settings" | "local-hook" | "runtime-self-test" | "manifest" | "provider-docs" | "not-observed";
type EnforcementCapabilityId = "shell-dangerous" | "shell-pipe-to-shell" | "secret-file-read" | "secret-shell-read" | "hook-registration" | "hook-self-test" | "file-read-restrictions" | "file-write-restrictions" | "provider-native-enforcement";
/** One advisory row describing a single enforcement surface and the evidence behind it. */
interface EnforcementCapability {
    id: EnforcementCapabilityId;
    label: string;
    status: EnforcementCapabilityStatus;
    sources: EnforcementCapabilitySource[];
    summary: string;
    evidence: string[];
}
/** Per-agent enforcement summary attached to audit output without affecting pass/fail status. */
export interface AgentEnforcementCapability {
    agent: string;
    name: string;
    advisory: true;
    capabilities: EnforcementCapability[];
    summary: Record<EnforcementCapabilityStatus, number>;
}
type DenyMechanismEvidenceLevel = "full" | "static" | "present-only";
/** Evidence-mode switches from the audit runner that affect how strongly hook checks can be claimed. */
interface BuildOptions {
    agentScope?: AuditScope;
    denyMechanismEvidenceLevel?: DenyMechanismEvidenceLevel | undefined;
}
/**
 * Build the advisory enforcement matrix for one agent.
 *
 * @param agentFacts Extracted local facts for the audited agent.
 * @param options Evidence-mode switches from the current audit run.
 * @returns Non-gating enforcement capability report for audit and dashboard output.
 */
export declare function buildAgentEnforcementCapability(agentFacts: AgentFacts, options?: BuildOptions): AgentEnforcementCapability;
/**
 * Build the advisory enforcement matrix for every audited agent.
 *
 * @param agents Extracted local facts for all agents included in the audit.
 * @param options Evidence-mode switches from the current audit run.
 * @returns Non-gating enforcement reports in the same order as the input agents.
 */
export declare function buildEnforcementMatrix(agents: AgentFacts[], options?: BuildOptions): AgentEnforcementCapability[];
export {};
//# sourceMappingURL=enforcement.d.ts.map