/**
 * Permission Guard
 *
 * Layer 3 (actual security enforcement) in the defense-in-depth model:
 * - Layer 1: MCP tool annotations (UX hints to clients)
 * - Layer 2: CRUD endpoint naming (signals intent)
 * - Layer 3: This guard (actual enforcement)
 *
 * Validates that operations are called via the correct CRUD endpoint
 * based on their permission requirements.
 */
import { CRUDEndpoint } from './OperationRouter.js';
export interface EndpointPermissions {
    readOnly: boolean;
    destructive: boolean;
}
export declare class PermissionGuard {
    /**
     * Permission flags for each CRUDE endpoint.
     * These define the security characteristics of each endpoint.
     */
    private static readonly ENDPOINT_PERMISSIONS;
    /**
     * Validates that an operation is being called via the correct endpoint.
     * Throws an error if the operation doesn't exist or is called via wrong endpoint.
     *
     * @param operation - The operation being called (e.g., 'create_element')
     * @param calledEndpoint - The endpoint it was called through (e.g., 'CREATE')
     * @throws Error if operation unknown or endpoint mismatch
     *
     * @example
     * ```typescript
     * // Valid call - operation matches endpoint
     * PermissionGuard.validate('create_element', 'CREATE'); // OK
     *
     * // Invalid call - operation called via wrong endpoint
     * PermissionGuard.validate('create_element', 'READ'); // Throws: Security violation
     *
     * // Unknown operation
     * PermissionGuard.validate('unknown_op', 'READ'); // Throws: Unknown operation
     * ```
     */
    static validate(operation: string, calledEndpoint: CRUDEndpoint): void;
    /**
     * Gets the permission flags for an endpoint.
     *
     * @param endpoint - The CRUD endpoint to get permissions for
     * @returns The permission flags for the endpoint
     *
     * @example
     * ```typescript
     * const perms = PermissionGuard.getPermissions('READ');
     * // { readOnly: true, destructive: false }
     *
     * const deletePerms = PermissionGuard.getPermissions('DELETE');
     * // { readOnly: false, destructive: true }
     * ```
     */
    static getPermissions(endpoint: CRUDEndpoint): EndpointPermissions;
    /**
     * Returns a human-readable reason for the permission classification.
     * Uses exhaustive switch to ensure all endpoints are handled at compile time.
     *
     * @param endpoint - The CRUD endpoint to get the reason for
     * @returns A description of why the endpoint has its permission classification
     */
    private static getPermissionReason;
}
//# sourceMappingURL=PermissionGuard.d.ts.map