import type { Query } from '../../types/jupiterone.js';
import type { J1QLValidator } from '../../utils/j1ql-validator.js';
import type { ToolResult } from './types.js';
/**
 * The HTTP status of an upstream authentication/authorization rejection, or `null` for any other
 * error. An account can stay in `list-accounts` (membership) yet fail live authorization — revoked,
 * disabled, or gated behind SSO — so these need their own message, not a raw envelope. Rejections
 * arrive three ways: a real 401/403, a GraphQL `extensions.code` (FORBIDDEN/UNAUTHENTICATED) inside
 * an HTTP 200, or, failing both, an authz-shaped message. Code/message hits map to the equivalent
 * status so callers get a consistent access-denied frame.
 */
export declare function accessDeniedStatus(error: unknown): number | null;
/**
 * Agent-facing message for an access-denied upstream response. The guidance is tenancy-aware:
 * `list-accounts` and "try another accountId" only make sense when the host supplies an account
 * resolver (multi-tenant). With a fixed account (single-tenant subdomain / env account) there is
 * no discovery tool and no account to switch to, so steer the caller to re-authenticate instead.
 */
export declare function accessDeniedMessage(statusCode: number, hasAccountDiscovery: boolean): string;
export declare function accessDeniedResult(statusCode: number, hasAccountDiscovery: boolean): ToolResult;
/**
 * Generic error envelope for a thrown handler. Upstream GraphQL errors are already sanitized at
 * the shared client (S9), so `error.message` is safe to surface here. Access-denied (401/403)
 * errors are framed by the registration chokepoint before this is reached.
 */
export declare function toErrorResponse(error: unknown, context: string): ToolResult;
/** Validate each J1QL query in a rule/widget definition before the create/update call. */
export declare function validateQueries(queries: Query[] | undefined, validator: J1QLValidator, options?: {
    maxPollAttempts?: number;
}): Promise<Array<{
    queryName: string;
    error: string;
    suggestion: string;
}>>;
/** Tool result returned (as a non-throwing outcome) when pre-create query validation fails. */
export declare function createValidationErrorResponse(validationResults: Array<{
    queryName: string;
    error: string;
    suggestion: string;
}>): ToolResult;
/** Validator-aware error for execute-j1ql-query: maps execution errors to actionable suggestions. */
export declare function createQueryErrorResponse(error: unknown, query: string, validator: J1QLValidator): ToolResult;
//# sourceMappingURL=errors.d.ts.map