/**
 * Repository policy enforcement for autoresearch.
 *
 * Controls which files can be read/written and validates
 * git operations against the research branch.
 */
import type { ResearchConfig } from "../types/index.js";
export declare class RepoPolicy {
    private config;
    private resolvedMutablePaths;
    private resolvedImmutablePaths;
    constructor(config: ResearchConfig);
    /** Returns true if resolved path is inside repoPath (handles prefix collision) */
    private isInsideRepo;
    /** Returns true if path is within mutablePaths and NOT in immutablePaths */
    isWriteAllowed(filePath: string): boolean;
    /** Returns true if path is in immutablePaths */
    isProtected(filePath: string): boolean;
    /** Returns true if path is readable (mutable, immutable, or program path) */
    isReadAllowed(filePath: string): boolean;
    /** Validates staged files are all in mutablePaths and on the right branch */
    validateCommit(expectedBranch: string): Promise<{
        valid: boolean;
        violations: string[];
    }>;
    /** Returns list of staged file paths. Throws on git failure. */
    getStagedFiles(): Promise<string[]>;
    /** Returns current git branch */
    getCurrentBranch(): string;
    /** Returns short commit hash */
    getHeadCommit(): string;
}