import DataLoader from 'dataloader';
import { AdminContextProvider } from '../../admin-context/providers/admin-context.provider.js';
import { TenantAwareDBClient } from '../../app-providers/tenant-db-client.js';
import { AuditLogsProvider } from '../../common/providers/audit-logs.provider.js';
import { AuthContextProvider } from './auth-context.provider.js';
import { BusinessUsersProvider } from './business-users.provider.js';
/** Stored invitation as listed for management (never exposes the one-time token). */
export type BusinessInvitationRecord = {
    id: string;
    email: string;
    roleId: string;
    expiresAt: Date;
};
export declare class InvitationsProvider {
    private db;
    private adminContextProvider;
    private businessUsersProvider;
    private auditLogsProvider;
    private authContextProvider;
    constructor(db: TenantAwareDBClient, adminContextProvider: AdminContextProvider, businessUsersProvider: BusinessUsersProvider, auditLogsProvider: AuditLogsProvider, authContextProvider: AuthContextProvider);
    private batchInvitationsByEmails;
    getInvitationByEmailLoader: DataLoader<string, import("../types.js").IGetActiveInvitationsByEmailsResult[], string>;
    private batchInvitationsByTokens;
    getInvitationByTokensLoader: DataLoader<string, import("../types.js").IGetInvitationsByTokensResult[], string>;
    insertInvitation({ email, roleId, auth0UserId, invitedByUserId, ownerId, }: {
        email: string;
        roleId: string;
        auth0UserId: string;
        invitedByUserId: string;
        ownerId: string;
    }): Promise<{
        id: string;
        email: string;
        roleId: string;
        expiresAt: Date;
        token: string;
    }>;
    /**
     * List the pending invitations for the current business.
     * Restricted to business owners and strictly scoped to the caller's tenant.
     * The one-time invitation token is never exposed.
     */
    listInvitations(): Promise<BusinessInvitationRecord[]>;
    /**
     * Revoke (hard-delete) a pending invitation.
     * Restricted to business owners and strictly scoped to the caller's tenant, so
     * an invitation belonging to another business can never be revoked. Already
     * accepted invitations are not revocable. The pending placeholder membership
     * created alongside the invitation is removed too, so it does not linger as a
     * ghost user. The Auth0 user is intentionally left untouched: the same blocked
     * user may be shared by invitations across businesses (and is reused on
     * re-invite), so deleting it here could break unrelated tenants.
     * Returns false when no matching pending invitation exists in the current business.
     */
    revokeInvitation(invitationId: string): Promise<boolean>;
    private requireBusinessOwner;
}
