@dexto/tools-filesystem 1.5.0

package/dist/glob-files-tool.js

@@ -0,0 +1,46 @@
+import { z } from "zod";
+const GlobFilesInputSchema = z.object({
+  pattern: z.string().describe('Glob pattern to match files (e.g., "**/*.ts", "src/**/*.js")'),
+  path: z.string().optional().describe("Base directory to search from (defaults to working directory)"),
+  max_results: z.number().int().positive().optional().default(1e3).describe("Maximum number of results to return (default: 1000)")
+}).strict();
+function createGlobFilesTool(fileSystemService) {
+  return {
+    id: "glob_files",
+    description: "Find files matching a glob pattern. Supports standard glob syntax like **/*.js for recursive matches, *.ts for files in current directory, and src/**/*.tsx for nested paths. Returns array of file paths with metadata (size, modified date). Results are limited to allowed paths only.",
+    inputSchema: GlobFilesInputSchema,
+    execute: async (input, _context) => {
+      const { pattern, path, max_results } = input;
+      const result = await fileSystemService.globFiles(pattern, {
+        cwd: path,
+        maxResults: max_results,
+        includeMetadata: true
+      });
+      const _display = {
+        type: "search",
+        pattern,
+        matches: result.files.map((file) => ({
+          file: file.path,
+          line: 0,
+          // No line number for glob
+          content: file.path
+        })),
+        totalMatches: result.totalFound,
+        truncated: result.truncated
+      };
+      return {
+        files: result.files.map((file) => ({
+          path: file.path,
+          size: file.size,
+          modified: file.modified.toISOString()
+        })),
+        total_found: result.totalFound,
+        truncated: result.truncated,
+        _display
+      };
+    }
+  };
+}
+export {
+  createGlobFilesTool
+};

package/dist/grep-content-tool.cjs

@@ -0,0 +1,86 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var grep_content_tool_exports = {};
+__export(grep_content_tool_exports, {
+  createGrepContentTool: () => createGrepContentTool
+});
+module.exports = __toCommonJS(grep_content_tool_exports);
+var import_zod = require("zod");
+const GrepContentInputSchema = import_zod.z.object({
+  pattern: import_zod.z.string().describe("Regular expression pattern to search for"),
+  path: import_zod.z.string().optional().describe("Directory to search in (defaults to working directory)"),
+  glob: import_zod.z.string().optional().describe('Glob pattern to filter files (e.g., "*.ts", "**/*.js")'),
+  context_lines: import_zod.z.number().int().min(0).optional().default(0).describe(
+    "Number of context lines to include before and after each match (default: 0)"
+  ),
+  case_insensitive: import_zod.z.boolean().optional().default(false).describe("Perform case-insensitive search (default: false)"),
+  max_results: import_zod.z.number().int().positive().optional().default(100).describe("Maximum number of results to return (default: 100)")
+}).strict();
+function createGrepContentTool(fileSystemService) {
+  return {
+    id: "grep_content",
+    description: 'Search for text patterns in files using regular expressions. Returns matching lines with file path, line number, and optional context lines. Use glob parameter to filter specific file types (e.g., "*.ts"). Supports case-insensitive search. Great for finding code patterns, function definitions, or specific text across multiple files.',
+    inputSchema: GrepContentInputSchema,
+    execute: async (input, _context) => {
+      const { pattern, path, glob, context_lines, case_insensitive, max_results } = input;
+      const result = await fileSystemService.searchContent(pattern, {
+        path,
+        glob,
+        contextLines: context_lines,
+        caseInsensitive: case_insensitive,
+        maxResults: max_results
+      });
+      const _display = {
+        type: "search",
+        pattern,
+        matches: result.matches.map((match) => ({
+          file: match.file,
+          line: match.lineNumber,
+          content: match.line,
+          ...match.context && {
+            context: [...match.context.before, ...match.context.after]
+          }
+        })),
+        totalMatches: result.totalMatches,
+        truncated: result.truncated
+      };
+      return {
+        matches: result.matches.map((match) => ({
+          file: match.file,
+          line_number: match.lineNumber,
+          line: match.line,
+          ...match.context && {
+            context: {
+              before: match.context.before,
+              after: match.context.after
+            }
+          }
+        })),
+        total_matches: result.totalMatches,
+        files_searched: result.filesSearched,
+        truncated: result.truncated,
+        _display
+      };
+    }
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createGrepContentTool
+});

package/dist/grep-content-tool.d.cts

@@ -0,0 +1,16 @@
+import { InternalTool } from '@dexto/core';
+import { FileSystemService } from './filesystem-service.cjs';
+import './types.cjs';
+
+/**
+ * Grep Content Tool
+ *
+ * Internal tool for searching file contents using regex patterns
+ */
+
+/**
+ * Create the grep_content internal tool
+ */
+declare function createGrepContentTool(fileSystemService: FileSystemService): InternalTool;
+
+export { createGrepContentTool };

package/dist/grep-content-tool.d.ts

@@ -0,0 +1,16 @@
+import { InternalTool } from '@dexto/core';
+import { FileSystemService } from './filesystem-service.js';
+import './types.js';
+
+/**
+ * Grep Content Tool
+ *
+ * Internal tool for searching file contents using regex patterns
+ */
+
+/**
+ * Create the grep_content internal tool
+ */
+declare function createGrepContentTool(fileSystemService: FileSystemService): InternalTool;
+
+export { createGrepContentTool };

package/dist/grep-content-tool.js

@@ -0,0 +1,62 @@
+import { z } from "zod";
+const GrepContentInputSchema = z.object({
+  pattern: z.string().describe("Regular expression pattern to search for"),
+  path: z.string().optional().describe("Directory to search in (defaults to working directory)"),
+  glob: z.string().optional().describe('Glob pattern to filter files (e.g., "*.ts", "**/*.js")'),
+  context_lines: z.number().int().min(0).optional().default(0).describe(
+    "Number of context lines to include before and after each match (default: 0)"
+  ),
+  case_insensitive: z.boolean().optional().default(false).describe("Perform case-insensitive search (default: false)"),
+  max_results: z.number().int().positive().optional().default(100).describe("Maximum number of results to return (default: 100)")
+}).strict();
+function createGrepContentTool(fileSystemService) {
+  return {
+    id: "grep_content",
+    description: 'Search for text patterns in files using regular expressions. Returns matching lines with file path, line number, and optional context lines. Use glob parameter to filter specific file types (e.g., "*.ts"). Supports case-insensitive search. Great for finding code patterns, function definitions, or specific text across multiple files.',
+    inputSchema: GrepContentInputSchema,
+    execute: async (input, _context) => {
+      const { pattern, path, glob, context_lines, case_insensitive, max_results } = input;
+      const result = await fileSystemService.searchContent(pattern, {
+        path,
+        glob,
+        contextLines: context_lines,
+        caseInsensitive: case_insensitive,
+        maxResults: max_results
+      });
+      const _display = {
+        type: "search",
+        pattern,
+        matches: result.matches.map((match) => ({
+          file: match.file,
+          line: match.lineNumber,
+          content: match.line,
+          ...match.context && {
+            context: [...match.context.before, ...match.context.after]
+          }
+        })),
+        totalMatches: result.totalMatches,
+        truncated: result.truncated
+      };
+      return {
+        matches: result.matches.map((match) => ({
+          file: match.file,
+          line_number: match.lineNumber,
+          line: match.line,
+          ...match.context && {
+            context: {
+              before: match.context.before,
+              after: match.context.after
+            }
+          }
+        })),
+        total_matches: result.totalMatches,
+        files_searched: result.filesSearched,
+        truncated: result.truncated,
+        _display
+      };
+    }
+  };
+}
+export {
+  createGrepContentTool
+};

package/dist/index.cjs

@@ -0,0 +1,55 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var index_exports = {};
+__export(index_exports, {
+  FileSystemError: () => import_errors.FileSystemError,
+  FileSystemErrorCode: () => import_error_codes.FileSystemErrorCode,
+  FileSystemService: () => import_filesystem_service.FileSystemService,
+  PathValidator: () => import_path_validator.PathValidator,
+  createEditFileTool: () => import_edit_file_tool.createEditFileTool,
+  createGlobFilesTool: () => import_glob_files_tool.createGlobFilesTool,
+  createGrepContentTool: () => import_grep_content_tool.createGrepContentTool,
+  createReadFileTool: () => import_read_file_tool.createReadFileTool,
+  createWriteFileTool: () => import_write_file_tool.createWriteFileTool,
+  fileSystemToolsProvider: () => import_tool_provider.fileSystemToolsProvider
+});
+module.exports = __toCommonJS(index_exports);
+var import_tool_provider = require("./tool-provider.js");
+var import_filesystem_service = require("./filesystem-service.js");
+var import_path_validator = require("./path-validator.js");
+var import_errors = require("./errors.js");
+var import_error_codes = require("./error-codes.js");
+var import_read_file_tool = require("./read-file-tool.js");
+var import_write_file_tool = require("./write-file-tool.js");
+var import_edit_file_tool = require("./edit-file-tool.js");
+var import_glob_files_tool = require("./glob-files-tool.js");
+var import_grep_content_tool = require("./grep-content-tool.js");
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  FileSystemError,
+  FileSystemErrorCode,
+  FileSystemService,
+  PathValidator,
+  createEditFileTool,
+  createGlobFilesTool,
+  createGrepContentTool,
+  createReadFileTool,
+  createWriteFileTool,
+  fileSystemToolsProvider
+});

package/dist/index.d.cts

@@ -0,0 +1,14 @@
+export { fileSystemToolsProvider } from './tool-provider.cjs';
+export { DirectoryApprovalCallbacks, FileToolOptions } from './file-tool-types.cjs';
+export { FileSystemService } from './filesystem-service.cjs';
+export { PathValidator } from './path-validator.cjs';
+export { FileSystemError } from './errors.cjs';
+export { FileSystemErrorCode } from './error-codes.cjs';
+export { BufferEncoding, EditFileOptions, EditOperation, EditResult, FileContent, FileMetadata, FileSystemConfig, GlobOptions, GlobResult, GrepOptions, PathValidation, ReadFileOptions, SearchMatch, SearchResult, WriteFileOptions, WriteResult } from './types.cjs';
+export { createReadFileTool } from './read-file-tool.cjs';
+export { createWriteFileTool } from './write-file-tool.cjs';
+export { createEditFileTool } from './edit-file-tool.cjs';
+export { createGlobFilesTool } from './glob-files-tool.cjs';
+export { createGrepContentTool } from './grep-content-tool.cjs';
+import 'zod';
+import '@dexto/core';

package/dist/index.d.ts

@@ -0,0 +1,14 @@
+export { fileSystemToolsProvider } from './tool-provider.js';
+export { DirectoryApprovalCallbacks, FileToolOptions } from './file-tool-types.js';
+export { FileSystemService } from './filesystem-service.js';
+export { PathValidator } from './path-validator.js';
+export { FileSystemError } from './errors.js';
+export { FileSystemErrorCode } from './error-codes.js';
+export { BufferEncoding, EditFileOptions, EditOperation, EditResult, FileContent, FileMetadata, FileSystemConfig, GlobOptions, GlobResult, GrepOptions, PathValidation, ReadFileOptions, SearchMatch, SearchResult, WriteFileOptions, WriteResult } from './types.js';
+export { createReadFileTool } from './read-file-tool.js';
+export { createWriteFileTool } from './write-file-tool.js';
+export { createEditFileTool } from './edit-file-tool.js';
+export { createGlobFilesTool } from './glob-files-tool.js';
+export { createGrepContentTool } from './grep-content-tool.js';
+import 'zod';
+import '@dexto/core';

package/dist/index.js

@@ -0,0 +1,22 @@
+import { fileSystemToolsProvider } from "./tool-provider.js";
+import { FileSystemService } from "./filesystem-service.js";
+import { PathValidator } from "./path-validator.js";
+import { FileSystemError } from "./errors.js";
+import { FileSystemErrorCode } from "./error-codes.js";
+import { createReadFileTool } from "./read-file-tool.js";
+import { createWriteFileTool } from "./write-file-tool.js";
+import { createEditFileTool } from "./edit-file-tool.js";
+import { createGlobFilesTool } from "./glob-files-tool.js";
+import { createGrepContentTool } from "./grep-content-tool.js";
+export {
+  FileSystemError,
+  FileSystemErrorCode,
+  FileSystemService,
+  PathValidator,
+  createEditFileTool,
+  createGlobFilesTool,
+  createGrepContentTool,
+  createReadFileTool,
+  createWriteFileTool,
+  fileSystemToolsProvider
+};

package/dist/path-validator.cjs

@@ -0,0 +1,232 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var path_validator_exports = {};
+__export(path_validator_exports, {
+  PathValidator: () => PathValidator
+});
+module.exports = __toCommonJS(path_validator_exports);
+var path = __toESM(require("node:path"), 1);
+var import_node_fs = require("node:fs");
+class PathValidator {
+  config;
+  normalizedAllowedPaths;
+  normalizedBlockedPaths;
+  normalizedBlockedExtensions;
+  logger;
+  directoryApprovalChecker;
+  constructor(config, logger) {
+    this.config = config;
+    this.logger = logger;
+    const workingDir = config.workingDirectory || process.cwd();
+    this.normalizedAllowedPaths = config.allowedPaths.map((p) => path.resolve(workingDir, p));
+    this.normalizedBlockedPaths = config.blockedPaths.map((p) => path.normalize(p));
+    this.normalizedBlockedExtensions = (config.blockedExtensions || []).map((ext) => {
+      const e = ext.startsWith(".") ? ext : `.${ext}`;
+      return e.toLowerCase();
+    });
+    this.logger.debug(
+      `PathValidator initialized with ${this.normalizedAllowedPaths.length} allowed paths`
+    );
+  }
+  /**
+   * Set a callback to check if a path is in an approved directory.
+   * This allows PathValidator to consult ApprovalManager without a direct dependency.
+   *
+   * @param checker Function that returns true if path is in an approved directory
+   */
+  setDirectoryApprovalChecker(checker) {
+    this.directoryApprovalChecker = checker;
+    this.logger.debug("Directory approval checker configured");
+  }
+  /**
+   * Validate a file path for security and policy compliance
+   */
+  validatePath(filePath) {
+    if (!filePath || filePath.trim() === "") {
+      return {
+        isValid: false,
+        error: "Path cannot be empty"
+      };
+    }
+    const workingDir = this.config.workingDirectory || process.cwd();
+    let normalizedPath;
+    try {
+      normalizedPath = path.isAbsolute(filePath) ? path.resolve(filePath) : path.resolve(workingDir, filePath);
+      try {
+        normalizedPath = import_node_fs.realpathSync.native(normalizedPath);
+      } catch {
+      }
+    } catch (error) {
+      return {
+        isValid: false,
+        error: `Failed to normalize path: ${error instanceof Error ? error.message : String(error)}`
+      };
+    }
+    if (this.hasPathTraversal(filePath, normalizedPath)) {
+      return {
+        isValid: false,
+        error: "Path traversal detected"
+      };
+    }
+    if (!this.isPathAllowed(normalizedPath)) {
+      return {
+        isValid: false,
+        error: `Path is not within allowed paths. Allowed: ${this.normalizedAllowedPaths.join(", ")}`
+      };
+    }
+    const blockedReason = this.isPathBlocked(normalizedPath);
+    if (blockedReason) {
+      return {
+        isValid: false,
+        error: `Path is blocked: ${blockedReason}`
+      };
+    }
+    const ext = path.extname(normalizedPath).toLowerCase();
+    if (ext && this.normalizedBlockedExtensions.includes(ext)) {
+      return {
+        isValid: false,
+        error: `File extension ${ext} is not allowed`
+      };
+    }
+    return {
+      isValid: true,
+      normalizedPath
+    };
+  }
+  /**
+   * Check if path contains traversal attempts
+   */
+  hasPathTraversal(originalPath, normalizedPath) {
+    if (originalPath.includes("../") || originalPath.includes("..\\")) {
+      const workingDir = this.config.workingDirectory || process.cwd();
+      const relative = path.relative(workingDir, normalizedPath);
+      if (relative.startsWith("..")) {
+        return true;
+      }
+    }
+    return false;
+  }
+  /**
+   * Check if path is within allowed paths (whitelist check)
+   * Also consults the directory approval checker if configured.
+   */
+  isPathAllowed(normalizedPath) {
+    if (this.normalizedAllowedPaths.length === 0) {
+      return true;
+    }
+    const isInConfigPaths = this.normalizedAllowedPaths.some((allowedPath) => {
+      const relative = path.relative(allowedPath, normalizedPath);
+      return !relative.startsWith("..") && !path.isAbsolute(relative);
+    });
+    if (isInConfigPaths) {
+      return true;
+    }
+    if (this.directoryApprovalChecker) {
+      return this.directoryApprovalChecker(normalizedPath);
+    }
+    return false;
+  }
+  /**
+   * Check if path matches blocked patterns (blacklist check)
+   */
+  isPathBlocked(normalizedPath) {
+    const roots = this.normalizedAllowedPaths.length > 0 ? this.normalizedAllowedPaths : [this.config.workingDirectory || process.cwd()];
+    for (const blocked of this.normalizedBlockedPaths) {
+      for (const root of roots) {
+        const blockedFull = path.isAbsolute(blocked) ? path.normalize(blocked) : path.resolve(root, blocked);
+        if (normalizedPath === blockedFull || normalizedPath.startsWith(blockedFull + path.sep)) {
+          return `Within blocked directory: ${blocked}`;
+        }
+      }
+    }
+    return null;
+  }
+  /**
+   * Quick check if a path is allowed (for internal use)
+   */
+  isPathAllowedQuick(normalizedPath) {
+    return this.isPathAllowed(normalizedPath) && !this.isPathBlocked(normalizedPath);
+  }
+  /**
+   * Check if a file path is within the configured allowed paths (from config only).
+   * This method does NOT consult ApprovalManager - it only checks the static config paths.
+   *
+   * This is used by file tools to determine if a path needs directory approval.
+   * Paths within config-allowed directories don't need directory approval prompts.
+   *
+   * @param filePath The file path to check (can be relative or absolute)
+   * @returns true if the path is within config-allowed paths, false otherwise
+   */
+  isPathWithinAllowed(filePath) {
+    if (!filePath || filePath.trim() === "") {
+      return false;
+    }
+    const workingDir = this.config.workingDirectory || process.cwd();
+    let normalizedPath;
+    try {
+      normalizedPath = path.isAbsolute(filePath) ? path.resolve(filePath) : path.resolve(workingDir, filePath);
+      try {
+        normalizedPath = import_node_fs.realpathSync.native(normalizedPath);
+      } catch {
+      }
+    } catch {
+      return false;
+    }
+    return this.isInConfigAllowedPaths(normalizedPath);
+  }
+  /**
+   * Check if path is within config-allowed paths only (no approval checker).
+   * Used for prompting decisions.
+   */
+  isInConfigAllowedPaths(normalizedPath) {
+    if (this.normalizedAllowedPaths.length === 0) {
+      return true;
+    }
+    return this.normalizedAllowedPaths.some((allowedPath) => {
+      const relative = path.relative(allowedPath, normalizedPath);
+      return !relative.startsWith("..") && !path.isAbsolute(relative);
+    });
+  }
+  /**
+   * Get normalized allowed paths
+   */
+  getAllowedPaths() {
+    return [...this.normalizedAllowedPaths];
+  }
+  /**
+   * Get blocked paths
+   */
+  getBlockedPaths() {
+    return [...this.normalizedBlockedPaths];
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  PathValidator
+});

package/dist/path-validator.d.cts

@@ -0,0 +1,90 @@
+import { FileSystemConfig, PathValidation } from './types.cjs';
+import { IDextoLogger } from '@dexto/core';
+
+/**
+ * Path Validator
+ *
+ * Security-focused path validation for file system operations
+ */
+
+/**
+ * Callback type for checking if a path is in an approved directory.
+ * Used to consult ApprovalManager without creating a direct dependency.
+ */
+type DirectoryApprovalChecker = (filePath: string) => boolean;
+/**
+ * PathValidator - Validates file paths for security and policy compliance
+ *
+ * Security checks:
+ * 1. Path traversal detection (../, symbolic links)
+ * 2. Allowed paths enforcement (whitelist + approved directories)
+ * 3. Blocked paths detection (blacklist)
+ * 4. File extension restrictions
+ * 5. Absolute path normalization
+ *
+ * PathValidator can optionally consult an external approval checker (e.g., ApprovalManager)
+ * to determine if paths outside the config's allowed paths are accessible.
+ */
+declare class PathValidator {
+    private config;
+    private normalizedAllowedPaths;
+    private normalizedBlockedPaths;
+    private normalizedBlockedExtensions;
+    private logger;
+    private directoryApprovalChecker;
+    constructor(config: FileSystemConfig, logger: IDextoLogger);
+    /**
+     * Set a callback to check if a path is in an approved directory.
+     * This allows PathValidator to consult ApprovalManager without a direct dependency.
+     *
+     * @param checker Function that returns true if path is in an approved directory
+     */
+    setDirectoryApprovalChecker(checker: DirectoryApprovalChecker): void;
+    /**
+     * Validate a file path for security and policy compliance
+     */
+    validatePath(filePath: string): PathValidation;
+    /**
+     * Check if path contains traversal attempts
+     */
+    private hasPathTraversal;
+    /**
+     * Check if path is within allowed paths (whitelist check)
+     * Also consults the directory approval checker if configured.
+     */
+    private isPathAllowed;
+    /**
+     * Check if path matches blocked patterns (blacklist check)
+     */
+    private isPathBlocked;
+    /**
+     * Quick check if a path is allowed (for internal use)
+     */
+    isPathAllowedQuick(normalizedPath: string): boolean;
+    /**
+     * Check if a file path is within the configured allowed paths (from config only).
+     * This method does NOT consult ApprovalManager - it only checks the static config paths.
+     *
+     * This is used by file tools to determine if a path needs directory approval.
+     * Paths within config-allowed directories don't need directory approval prompts.
+     *
+     * @param filePath The file path to check (can be relative or absolute)
+     * @returns true if the path is within config-allowed paths, false otherwise
+     */
+    isPathWithinAllowed(filePath: string): boolean;
+    /**
+     * Check if path is within config-allowed paths only (no approval checker).
+     * Used for prompting decisions.
+     */
+    private isInConfigAllowedPaths;
+    /**
+     * Get normalized allowed paths
+     */
+    getAllowedPaths(): string[];
+    /**
+     * Get blocked paths
+     */
+    getBlockedPaths(): string[];
+}
+
+export { type DirectoryApprovalChecker, PathValidator };