import { z } from '@strapi/utils';
import type { Core, Modules, Struct } from '@strapi/types';
import type { ContentManagerModelForMcp } from './types';
/** Returns true if the content type identified by `uid` has the i18n `localized` plugin option enabled. */
export declare const isContentTypeLocalized: (strapi: Core.Strapi, uid: string) => boolean;
/**
 * Builds the base locale Zod schema for a derived MCP tool input.
 * When `localeCodes` is provided, constrains the field to a `z.enum` of available codes
 * with an optional default; otherwise falls back to a plain optional string.
 */
export declare const buildLocaleSchema: (localeCodes: [string, ...string[]] | null, defaultLocale: string | null) => z.ZodTypeAny;
/**
 * Narrows the base locale schema to only locales the session is permitted to access
 * for the given action + uid combination.
 *
 * Returns the base schema unchanged when:
 *   - localeCodes is null (i18n not installed)
 *   - the content type is not localized
 *   - all installed locales are permitted for this action
 *
 * Returns z.never().optional() when no locales are permitted, keeping the tool
 * registered but signalling no valid locale input.
 */
export declare const resolvePermittedLocaleSchema: (strapi: Core.Strapi, context: Modules.MCP.McpHandlerContext, action: string, uid: string, localeCodes: [string, ...string[]] | null, defaultLocale: string | null, baseLocaleSchema: z.ZodTypeAny) => z.ZodTypeAny;
/**
 * Recursively resolves leaf field paths for a component, matching the nested
 * path format used by CASL rules (e.g. 'SEO.title', 'SEO.og.image').
 *
 * The admin RBAC system decomposes component attrs into nested paths and removes
 * the parent key — so checking `ability.can(action, uid, 'SEO')` returns false
 * even when the user has full access to the component's sub-fields.
 */
export declare const getComponentLeafPaths: (strapi: Core.Strapi, componentUid: string, prefix: string, visited?: Set<string>) => string[];
/**
 * Returns the subset of attribute keys the session may access for `action` on `uid`.
 * Returns `null` when all fields are permitted (caller should skip field filtering).
 * Component attributes are resolved to their nested leaf paths before checking CASL rules.
 */
export declare const getPermittedFields: (strapi: Core.Strapi, userAbility: Modules.MCP.McpHandlerContext["userAbility"], action: string, uid: string, attributes: Struct.SchemaAttributes) => Set<string> | null;
/**
 * Filters `localeCodes` to only those the session may access for `action`.
 * Returns `null` when all locales are permitted (caller should use the unfiltered base schema).
 * Returns an empty tuple-like array when no locale is permitted.
 */
export declare const getPermittedLocales: (permissionChecker: {
    cannot: (action: string, entity?: unknown) => boolean;
}, action: string, localeCodes: [string, ...string[]]) => [string, ...string[]] | null;
export type { ContentManagerModelForMcp };
//# sourceMappingURL=permissions.d.ts.map