import Logger from '../../infrastructure/logging/Logger.js';
import type { Constitution } from '../constitution/Constitution.js';
export interface PermissionCheckResult {
    allowed: boolean;
    reason: string;
}
export interface PermissionCheck {
    actor: string;
    action: string;
    resource: string;
}
/**
 * PermissionManager - 权限管理器
 * 基于 3-tuple 模型：(actor, action, resource)
 */
export declare class PermissionManager {
    constitution: Constitution;
    logger: ReturnType<typeof Logger.getInstance>;
    constructor(constitution: Constitution);
    /** 检查权限（3-tuple: actor, action, resource） */
    check(actor: string, action: string, resource: string | undefined): PermissionCheckResult;
    /**
     * 规范化 action 名称
     * 处理多种格式：
     * - read_recipes -> read:recipes
     * - read:recipes -> read:recipes（已规范化）
     * - perm_external_agent_read_recipes -> read:recipes（测试使用的格式）
     */
    _normalizeAction(action: string): string;
    /** 检查特殊权限 */
    checkSpecialPermissions(actor: string, action: string, resource: string | undefined, permissions: string[]): boolean;
    /**
     * 从资源路径提取资源类型
     * 例如：/recipes/123 → recipes
     *      /candidates/456 → candidates
     *      { type: 'recipes', id: '123' } → recipes
     */
    getResourceType(resource: string | Record<string, unknown> | undefined): string;
    /** 强制权限检查（失败时抛异常） */
    enforce(actor: string, action: string, resource: string | undefined): boolean;
    /** 批量检查权限 */
    checkMultiple(checks: PermissionCheck[]): Array<PermissionCheck & {
        result: PermissionCheckResult;
    }>;
    /** 获取角色的所有权限 */
    getRolePermissions(actor: string): string[];
    /** 获取角色的约束条件 */
    getRoleConstraints(actor: string): string[];
}
export default PermissionManager;