@guilz-dev/belay 0.1.0

package/dist/core/classify-tool.js

@@ -0,0 +1,311 @@
+import path from 'node:path';
+import { canonicalStringify, toolFingerprint } from './fingerprint.js';
+import { matchesSensitivePath } from './glob.js';
+import { pathWithinRoot, relativeWithinRepo } from './path-utils.js';
+import { scrubValue } from './scrub.js';
+import { classifyShell } from './v2/adapter.js';
+const DEFAULT_SENSITIVE_PATHS = ['.env', '.env.*', '**/credentials/**'];
+const FILE_WRITE_TOOL_NAMES = new Set(['write']);
+const FILE_EDIT_TOOL_NAMES = new Set([
+    'edit',
+    'multiedit',
+    'multi_edit',
+    'patch',
+    'strreplace',
+    'str_replace',
+]);
+const FILE_DELETE_TOOL_NAMES = new Set(['delete']);
+const APPLY_PATCH_TOOL_NAMES = new Set(['apply_patch', 'applypatch']);
+function scrubPayload(value, options) {
+    return scrubValue(value, options.scrubOptions);
+}
+function extractFilePath(payload) {
+    const toolInput = payload.tool_input;
+    if (!toolInput || typeof toolInput !== 'object') {
+        return null;
+    }
+    const input = toolInput;
+    for (const key of ['path', 'file_path', 'target_file', 'filePath']) {
+        if (typeof input[key] === 'string') {
+            return input[key];
+        }
+    }
+    return null;
+}
+function extractShellCommand(payload) {
+    const toolInput = payload.tool_input;
+    if (!toolInput || typeof toolInput !== 'object') {
+        return null;
+    }
+    const input = toolInput;
+    if (typeof input.command === 'string') {
+        return input.command;
+    }
+    return null;
+}
+function extractPatch(payload) {
+    const toolInput = payload.tool_input;
+    if (!toolInput || typeof toolInput !== 'object') {
+        return null;
+    }
+    const input = toolInput;
+    for (const key of ['patch', 'input', 'text']) {
+        if (typeof input[key] === 'string' && input[key].trim()) {
+            return input[key];
+        }
+    }
+    return null;
+}
+function applyPatchTargets(patch) {
+    const targets = [];
+    for (const line of patch.split('\n')) {
+        const match = line.match(/^\*\*\* (Add|Delete|Update) File: (.+)$/);
+        if (match?.[1] && match[2]) {
+            targets.push({ path: match[2], delete: match[1] === 'Delete' });
+            continue;
+        }
+        const moveMatch = line.match(/^\*\*\* Move to: (.+)$/);
+        if (moveMatch?.[1]) {
+            targets.push({ path: moveMatch[1], delete: false });
+        }
+    }
+    return targets;
+}
+function normalizedToolName(toolName) {
+    return toolName.trim().toLowerCase();
+}
+export async function classifyToolUse(payload, repoRoot, cwd, config, options = {}) {
+    const toolName = String(payload.tool_name ?? '');
+    const toolKind = normalizedToolName(toolName);
+    const sensitivePaths = [...DEFAULT_SENSITIVE_PATHS, ...(options.sensitivePaths ?? [])];
+    const protectedRoots = [
+        ...(options.protectedArtifactRoots ?? []),
+        ...(options.controlPlaneDir ? [options.controlPlaneDir] : []),
+    ];
+    if (toolKind === 'shell') {
+        const command = extractShellCommand(payload);
+        if (!command) {
+            if (options.unknownLocalEffect === 'deny') {
+                return {
+                    verdict: 'deny_pending_approval',
+                    reason: 'tool_shell_missing_command',
+                    summary: canonicalStringify(scrubPayload(payload.tool_input ?? {}, options)),
+                    fingerprint: toolFingerprint(toolName, scrubPayload(payload.tool_input ?? {}, options), repoRoot),
+                    assessment: {
+                        reversibility: 'irreversible',
+                        external: false,
+                        blastRadius: 'tool shell',
+                        confidence: 0.85,
+                        signals: ['missing_command'],
+                    },
+                };
+            }
+            return {
+                verdict: 'allow_flagged',
+                reason: 'tool_shell_missing_command',
+                summary: canonicalStringify(scrubPayload(payload.tool_input ?? {}, options)),
+                fingerprint: toolFingerprint(toolName, scrubPayload(payload.tool_input ?? {}, options), repoRoot),
+                assessment: {
+                    reversibility: 'recoverable_with_cost',
+                    external: false,
+                    blastRadius: 'tool shell',
+                    confidence: 0.5,
+                    signals: ['missing_command'],
+                },
+            };
+        }
+        const shellResult = await classifyShell(command, cwd, repoRoot, config, options);
+        return {
+            ...shellResult,
+            summary: command,
+        };
+    }
+    if (FILE_WRITE_TOOL_NAMES.has(toolKind) ||
+        FILE_EDIT_TOOL_NAMES.has(toolKind) ||
+        FILE_DELETE_TOOL_NAMES.has(toolKind)) {
+        const filePath = extractFilePath(payload);
+        if (!filePath) {
+            if (options.unknownLocalEffect === 'deny') {
+                return {
+                    verdict: 'deny_pending_approval',
+                    reason: 'file_mutation_missing_path',
+                    summary: canonicalStringify(scrubPayload(payload.tool_input ?? {}, options)),
+                    fingerprint: toolFingerprint(toolName, scrubPayload(payload.tool_input ?? {}, options), repoRoot),
+                    assessment: {
+                        reversibility: 'irreversible',
+                        external: false,
+                        blastRadius: 'file mutation',
+                        confidence: 0.85,
+                        signals: ['missing_path'],
+                    },
+                };
+            }
+            return {
+                verdict: 'allow_flagged',
+                reason: 'file_mutation_missing_path',
+                summary: canonicalStringify(scrubPayload(payload.tool_input ?? {}, options)),
+                fingerprint: toolFingerprint(toolName, scrubPayload(payload.tool_input ?? {}, options), repoRoot),
+                assessment: {
+                    reversibility: 'recoverable_with_cost',
+                    external: false,
+                    blastRadius: 'file mutation',
+                    confidence: 0.55,
+                    signals: ['missing_path'],
+                },
+            };
+        }
+        const signals = [];
+        const resolvedPath = path.isAbsolute(filePath) ? filePath : path.resolve(cwd, filePath);
+        const hitsProtectedRoot = protectedRoots.some((root) => pathWithinRoot(root, resolvedPath));
+        if (hitsProtectedRoot) {
+            signals.push('control_plane_path');
+            return {
+                verdict: 'deny_pending_approval',
+                reason: 'control_plane_mutation',
+                summary: filePath,
+                fingerprint: toolFingerprint(toolName, { path: filePath }, repoRoot),
+                assessment: {
+                    reversibility: 'irreversible',
+                    external: false,
+                    blastRadius: 'agent-belay control plane',
+                    confidence: 0.97,
+                    signals,
+                },
+            };
+        }
+        const relativePath = relativeWithinRepo(repoRoot, resolvedPath);
+        if (relativePath === null) {
+            signals.push('outside_repo_path');
+            return {
+                verdict: 'deny_pending_approval',
+                reason: 'outside_repo_file_mutation',
+                summary: filePath,
+                fingerprint: toolFingerprint(toolName, { path: filePath }, repoRoot),
+                assessment: {
+                    reversibility: 'irreversible',
+                    external: true,
+                    blastRadius: 'outside the repository',
+                    confidence: 0.9,
+                    signals,
+                },
+            };
+        }
+        if (matchesSensitivePath(relativePath, sensitivePaths)) {
+            signals.push('sensitive_path');
+            return {
+                verdict: 'deny_pending_approval',
+                reason: 'sensitive_file_mutation',
+                summary: filePath,
+                fingerprint: toolFingerprint(toolName, { path: filePath }, repoRoot),
+                assessment: {
+                    reversibility: 'irreversible',
+                    external: false,
+                    blastRadius: 'sensitive repository file',
+                    confidence: 0.88,
+                    signals,
+                },
+            };
+        }
+        if (FILE_DELETE_TOOL_NAMES.has(toolKind)) {
+            signals.push('file_delete');
+            return {
+                verdict: 'allow_flagged',
+                reason: 'file_delete',
+                summary: filePath,
+                fingerprint: toolFingerprint(toolName, { path: filePath }, repoRoot),
+                assessment: {
+                    reversibility: 'recoverable_with_cost',
+                    external: false,
+                    blastRadius: 'this repository',
+                    confidence: 0.7,
+                    signals,
+                },
+            };
+        }
+        signals.push('file_mutation');
+        return {
+            verdict: 'allow_flagged',
+            reason: 'file_mutation',
+            summary: filePath,
+            fingerprint: toolFingerprint(toolName, { path: filePath }, repoRoot),
+            assessment: {
+                reversibility: 'recoverable_with_cost',
+                external: false,
+                blastRadius: 'this repository',
+                confidence: 0.68,
+                signals,
+            },
+        };
+    }
+    if (APPLY_PATCH_TOOL_NAMES.has(toolKind)) {
+        const patch = extractPatch(payload);
+        const targets = patch ? applyPatchTargets(patch) : [];
+        if (targets.length === 0) {
+            if (options.unknownLocalEffect === 'deny') {
+                return {
+                    verdict: 'deny_pending_approval',
+                    reason: 'apply_patch_missing_path',
+                    summary: canonicalStringify(scrubPayload(payload.tool_input ?? {}, options)),
+                    fingerprint: toolFingerprint(toolName, scrubPayload(payload.tool_input ?? {}, options), repoRoot),
+                    assessment: {
+                        reversibility: 'irreversible',
+                        external: false,
+                        blastRadius: 'file mutation',
+                        confidence: 0.85,
+                        signals: ['missing_path'],
+                    },
+                };
+            }
+            return {
+                verdict: 'allow_flagged',
+                reason: 'apply_patch_missing_path',
+                summary: canonicalStringify(scrubPayload(payload.tool_input ?? {}, options)),
+                fingerprint: toolFingerprint(toolName, scrubPayload(payload.tool_input ?? {}, options), repoRoot),
+                assessment: {
+                    reversibility: 'recoverable_with_cost',
+                    external: false,
+                    blastRadius: 'file mutation',
+                    confidence: 0.55,
+                    signals: ['missing_path'],
+                },
+            };
+        }
+        let sawDelete = false;
+        for (const target of targets) {
+            const result = await classifyToolUse({
+                tool_name: target.delete ? 'Delete' : 'Write',
+                tool_input: { path: target.path },
+            }, repoRoot, cwd, config, options);
+            if (result.verdict === 'deny_pending_approval') {
+                return result;
+            }
+            sawDelete ||= target.delete;
+        }
+        return {
+            verdict: 'allow_flagged',
+            reason: sawDelete ? 'file_delete' : 'file_mutation',
+            summary: targets.map((target) => target.path).join(', '),
+            fingerprint: toolFingerprint(toolName, scrubPayload(payload.tool_input ?? {}, options), repoRoot),
+            assessment: {
+                reversibility: 'recoverable_with_cost',
+                external: false,
+                blastRadius: 'this repository',
+                confidence: sawDelete ? 0.7 : 0.68,
+                signals: [sawDelete ? 'file_delete' : 'file_mutation', 'apply_patch'],
+            },
+        };
+    }
+    return {
+        verdict: 'allow',
+        reason: 'unclassified_tool',
+        summary: canonicalStringify(scrubPayload(payload.tool_input ?? {}, options)),
+        fingerprint: toolFingerprint(toolName, scrubPayload(payload.tool_input ?? {}, options), repoRoot),
+        assessment: {
+            reversibility: 'reversible',
+            external: false,
+            blastRadius: 'tool scope',
+            confidence: 0.5,
+            signals: ['unclassified_tool'],
+        },
+    };
+}

package/dist/core/config-layers.d.ts

@@ -0,0 +1,23 @@
+import { type ConfigPresetName } from '../presets.js';
+import type { BelayConfigV3 } from './config.js';
+export type ConfigLayerSource = 'builtin' | 'team' | 'repo' | 'protected';
+export interface ConfigProvenanceEntry {
+    path: string;
+    source: ConfigLayerSource;
+}
+export interface LayeredConfigResult {
+    config: BelayConfigV3;
+    provenance: ConfigProvenanceEntry[];
+}
+export interface TeamConfigFile {
+    preset?: ConfigPresetName;
+    config?: Record<string, unknown>;
+}
+export declare function teamConfigPath(homedir?: () => string): string;
+export declare function resolveLayeredConfig(params: {
+    repoConfig: unknown;
+    adapterDefaults: BelayConfigV3;
+    teamConfig?: TeamConfigFile | Record<string, unknown> | null;
+    teamConfigPath?: string;
+    repoConfigPath?: string;
+}): LayeredConfigResult;

package/dist/core/config-layers.js

@@ -0,0 +1,59 @@
+import path from 'node:path';
+import { applyConfigPreset } from '../presets.js';
+import { DEFAULT_CONFIG_V3, mergeConfig } from './config.js';
+export function teamConfigPath(homedir = () => process.env.HOME ?? process.env.USERPROFILE ?? '') {
+    const xdg = process.env.XDG_CONFIG_HOME?.trim();
+    const base = xdg || path.join(homedir(), '.config');
+    return path.join(base, 'agent-belay', 'team.config.json');
+}
+function applyProtectedLayer(config, builtin) {
+    const controlPlane = { ...config.controlPlane };
+    if (builtin.controlPlane.enabled && controlPlane.enabled === false) {
+        controlPlane.enabled = true;
+    }
+    if (builtin.controlPlane.integrity === 'hash-pinned' && controlPlane.integrity === 'none') {
+        controlPlane.integrity = 'hash-pinned';
+    }
+    return {
+        ...config,
+        controlPlane,
+    };
+}
+function asV3Layer(raw) {
+    if (!raw || typeof raw !== 'object') {
+        return { version: 3 };
+    }
+    return { version: 3, ...raw };
+}
+function mergeConfigLayer(base, layer) {
+    const merged = mergeConfig(layer, base);
+    if (!layer.policy) {
+        return { ...merged, policy: base.policy };
+    }
+    return merged;
+}
+export function resolveLayeredConfig(params) {
+    const provenance = [{ path: '(builtin)', source: 'builtin' }];
+    let config = mergeConfig({}, params.adapterDefaults);
+    if (params.teamConfig) {
+        const teamFile = params.teamConfig;
+        const teamRaw = teamFile.preset
+            ? applyConfigPreset(teamFile.preset, teamFile.config ?? {})
+            : (teamFile.config ?? params.teamConfig);
+        config = mergeConfigLayer(config, asV3Layer(teamRaw));
+        provenance.push({
+            path: params.teamConfigPath ?? teamConfigPath(),
+            source: 'team',
+        });
+    }
+    config = mergeConfigLayer(config, asV3Layer(params.repoConfig));
+    if (params.repoConfigPath) {
+        provenance.push({ path: params.repoConfigPath, source: 'repo' });
+    }
+    const protectedConfig = applyProtectedLayer(config, DEFAULT_CONFIG_V3);
+    if (JSON.stringify(protectedConfig) !== JSON.stringify(config)) {
+        provenance.push({ path: '(protected-layer)', source: 'protected' });
+        config = protectedConfig;
+    }
+    return { config, provenance };
+}

package/dist/core/config.d.ts

@@ -0,0 +1,219 @@
+import type { ClassifierOptions, ControlPlaneIntegrity, ScrubOptions, UnknownLocalEffectPolicy, UnparseableShellPolicy } from './types.js';
+export type BelayMode = 'enforce' | 'audit';
+export type { UnknownLocalEffectPolicy };
+export interface BelayConfigV1 {
+    version: 1;
+    mode: BelayMode;
+    approvalTtlMinutes: number;
+    tokenPrefix: string;
+    gates: {
+        shell: boolean;
+        subagent: boolean;
+    };
+    audit: {
+        logPath: string;
+    };
+}
+export interface BelayConfigV2 {
+    version: 2;
+    mode: BelayMode;
+    approvalTtlMinutes: number;
+    tokenPrefix: string;
+    gates: {
+        shell: boolean;
+        subagent: boolean;
+        fileMutation: boolean;
+        toolShell: boolean;
+    };
+    classifier: {
+        strictChains: boolean;
+        customExternalCommands: string[];
+        customAllowCommands: string[];
+        sensitivePaths: string[];
+    };
+    audit: {
+        logPath: string;
+        includeAssessment: boolean;
+    };
+}
+export interface BelayConfidenceThresholds {
+    allow: number;
+    flag: number;
+}
+export interface BelayModelAssistConfig {
+    enabled: boolean;
+    model?: string;
+    timeoutMs?: number;
+}
+export interface BelayTransactionalConfig {
+    enabled: boolean;
+    minConfidence: number;
+    maxConfidence: number;
+    timeoutMs: number;
+    maxDeletionCount: number;
+    gates: {
+        shell: boolean;
+    };
+}
+export interface BelayPolicyConfig {
+    unknownLocalEffect: UnknownLocalEffectPolicy;
+    unparseableShell: UnparseableShellPolicy;
+    confidenceThresholds: BelayConfidenceThresholds;
+    modelAssist: BelayModelAssistConfig;
+    transactional: BelayTransactionalConfig;
+    codexUnmappedTool?: 'allow' | 'deny';
+    /** R-V2: silent-pass rate below this triggers fence-drift warning (default 0.5). */
+    fenceWarnThreshold: number;
+}
+export interface BelayOverridesConfig {
+    allow: string[];
+    external: string[];
+}
+export interface BelayRedactionConfig {
+    maskApprovalIds: boolean;
+    maskBearerTokens: boolean;
+    maskAuthHeaders: boolean;
+    maskKeyValueSecrets: boolean;
+    maskHighEntropyStrings: boolean;
+}
+export type JudgeProvider = 'ollama' | 'openai-compatible';
+export interface BelayJudgeConfig {
+    provider: JudgeProvider;
+    model: string;
+    timeoutMs: number;
+    endpoint: string | null;
+    keepAlive: string | null;
+}
+export declare const DEFAULT_JUDGE_LOCAL_OLLAMA: BelayJudgeConfig;
+export declare const DEFAULT_JUDGE_OPENAI_COMPATIBLE_TEMPLATE: BelayJudgeConfig;
+/** @deprecated Use DEFAULT_JUDGE_OPENAI_COMPATIBLE_TEMPLATE */
+export declare const DEFAULT_JUDGE_CURSOR_COMPOSER: BelayJudgeConfig;
+export type ControlPlaneIsolationMode = 'none' | 'read-only-mount' | 'separate-user';
+export interface BelayControlPlaneIsolationConfig {
+    mode: ControlPlaneIsolationMode;
+    expectedOwnerUid?: number;
+    verifyAgentWritable: boolean;
+}
+export interface BelayControlPlaneConfig {
+    enabled: boolean;
+    configDir: string | null;
+    integrity: ControlPlaneIntegrity;
+    isolation: BelayControlPlaneIsolationConfig;
+}
+export type SandboxRuntime = 'none' | 'cursor-sandbox' | 'container' | 'seatbelt' | 'landlock';
+export interface BelaySandboxConfig {
+    enabled: boolean;
+    runtime: SandboxRuntime;
+    denyNetworkByDefault: boolean;
+}
+export interface BelayClassifierConfig {
+    strictChains: boolean;
+    sensitivePaths: string[];
+}
+export interface BelayNotificationsConfig {
+    webhookUrl?: string;
+    commandHook?: string;
+}
+export interface BelayApprovalSigningConfig {
+    /** When true, out-of-band approvals must present a signed token. */
+    required: boolean;
+}
+export interface BelayEgressConfig {
+    enabled: boolean;
+    listenHost: string;
+    listenPort: number;
+    /** When true with egress enabled, L3 external command lists become hints only. */
+    demoteL3External: boolean;
+}
+export interface BelayConfigV4 {
+    version: 4;
+    adapter?: 'cursor' | 'claude' | 'codex';
+    /** Where hooks/runtime/skill artifacts are installed. Defaults to project. */
+    installScope?: 'project' | 'global';
+    mode: BelayMode;
+    approvalTtlMinutes: number;
+    tokenPrefix: string;
+    gates: BelayConfigV2['gates'];
+    classifier: BelayClassifierConfig;
+    policy: BelayPolicyConfig;
+    overrides: BelayOverridesConfig;
+    redaction: BelayRedactionConfig;
+    controlPlane: BelayControlPlaneConfig;
+    notifications: BelayNotificationsConfig;
+    approvalSigning: BelayApprovalSigningConfig;
+    egress: BelayEgressConfig;
+    sandbox: BelaySandboxConfig;
+    audit: BelayConfigV2['audit'];
+    judge: BelayJudgeConfig;
+}
+/** @deprecated Use BelayConfigV4 */
+export type BelayConfigV3 = BelayConfigV4;
+export type BelayConfig = BelayConfigV4;
+/** @deprecated Use DEFAULT_SILENT_PASS_THRESHOLD from audit-summary.js */
+export declare const DEFAULT_FENCE_WARN_THRESHOLD = 0.5;
+export declare const DEFAULT_CONFIDENCE_THRESHOLDS: BelayConfidenceThresholds;
+export declare const DEFAULT_MODEL_ASSIST: BelayModelAssistConfig;
+export declare const DEFAULT_TRANSACTIONAL_V3: BelayTransactionalConfig;
+export declare const LEGACY_POLICY_V3: BelayPolicyConfig;
+/** Fresh v0.4+ install defaults (fail-closed). */
+export declare const DEFAULT_POLICY_V3: BelayPolicyConfig;
+export declare const DEFAULT_OVERRIDES_V3: BelayOverridesConfig;
+export declare const DEFAULT_REDACTION_V3: BelayRedactionConfig;
+export declare const DEFAULT_CONTROL_PLANE_ISOLATION_V3: BelayControlPlaneIsolationConfig;
+export declare const LEGACY_CONTROL_PLANE_V3: BelayControlPlaneConfig;
+export declare const DEFAULT_CONTROL_PLANE_V3: BelayControlPlaneConfig;
+export declare const DEFAULT_SANDBOX_V3: BelaySandboxConfig;
+export declare const DEFAULT_NOTIFICATIONS_V3: BelayNotificationsConfig;
+export declare const DEFAULT_APPROVAL_SIGNING_V3: BelayApprovalSigningConfig;
+export declare const DEFAULT_EGRESS_V3: BelayEgressConfig;
+export declare function normalizeEgressListenHost(host: string): string;
+export declare const DEFAULT_CONFIG_V2: BelayConfigV2;
+export declare const DEFAULT_CONFIG_V4: BelayConfigV4;
+/** @deprecated Use DEFAULT_CONFIG_V4 */
+export declare const DEFAULT_CONFIG_V3: BelayConfigV4;
+export declare function mapLegacyClassifierToOverrides(classifier: {
+    customAllowCommands?: string[];
+    customExternalCommands?: string[];
+}): BelayOverridesConfig;
+export declare function migrateV2ToV3(v2: BelayConfigV2, rawOverrides?: Partial<BelayOverridesConfig>): BelayConfigV4;
+export declare function isConfigV1(value: unknown): value is BelayConfigV1;
+export declare function isConfigV2(value: unknown): value is BelayConfigV2;
+export declare function isConfigV3(value: unknown): value is BelayConfigV4;
+export declare function isConfigV4(value: unknown): value is BelayConfigV4;
+export declare function normalizeJudgeProvider(provider: string | undefined): 'ollama' | 'openai-compatible';
+export declare function normalizeJudgeConfig(judge: BelayJudgeConfig): BelayJudgeConfig;
+export declare function migrateV3ToV4(v3: BelayConfigV4, raw?: RawConfigInput): BelayConfigV4;
+type RawConfigInput = Partial<{
+    version: number;
+    judge: Partial<BelayJudgeConfig>;
+    mode: BelayMode;
+    approvalTtlMinutes: number;
+    tokenPrefix: string;
+    gates: Partial<BelayConfigV2['gates']>;
+    classifier: Partial<BelayConfigV2['classifier']> & Partial<BelayClassifierConfig>;
+    policy: Partial<BelayPolicyConfig>;
+    overrides: Partial<BelayOverridesConfig>;
+    redaction: Partial<BelayRedactionConfig>;
+    controlPlane: Partial<BelayControlPlaneConfig>;
+    notifications: Partial<BelayNotificationsConfig>;
+    approvalSigning: Partial<BelayApprovalSigningConfig>;
+    egress: Partial<BelayEgressConfig>;
+    sandbox: Partial<BelaySandboxConfig>;
+    audit: Partial<BelayConfigV2['audit']>;
+    installScope: 'project' | 'global';
+}>;
+export declare function migrateConfig(loaded: unknown): BelayConfigV4;
+export declare function normalizeConfigV2(config: BelayConfigV2): BelayConfigV2;
+export declare function normalizeConfig(config: BelayConfigV4): BelayConfigV4;
+export declare function normalizeConfig(config: BelayConfigV2): BelayConfigV2;
+export declare function isFreshConfigInput(loaded: unknown): boolean;
+export declare function mergeConfig(existing: unknown, defaults?: BelayConfigV4): BelayConfigV4;
+export declare function scrubOptionsFromConfig(config: BelayConfigV4): ScrubOptions;
+export declare function classifierOptionsFromConfig(config: BelayConfigV4): ClassifierOptions;
+export declare function defaultControlPlaneDir(env?: NodeJS.ProcessEnv, homedir?: () => string): string;
+export declare function resolveControlPlaneDir(config: BelayConfigV4): string;
+/** Control-plane directory regardless of enabled flag (for orphan migration). */
+export declare function configuredControlPlaneDir(config: BelayConfigV4): string;
+export declare function belayStateDir(config: BelayConfigV4, repoLocalStateDir: string): string;
+export declare function pendingApprovalsFile(config: BelayConfigV4, repoLocalStateDir: string): string;
+export declare function approvedApprovalsFile(config: BelayConfigV4, repoLocalStateDir: string): string;