import { TenantAwareDBClient } from '../../app-providers/tenant-db-client.js';
import type { IGetAliasesResult } from '../types.js';
export type AliasMutationResult = {
    success: true;
    alias: IGetAliasesResult;
} | {
    success: false;
    message: string;
};
/**
 * Manages alias→owner routing rows for v2 email ingestion.
 *
 * Writes go through TenantAwareDBClient so the `tenant_isolation_write` RLS
 * policy (`owner_id = get_current_business_id()`) is enforced as defense in
 * depth on top of the resolver's membership check. The request must therefore
 * be scoped to the target business (X-Business-Scope) — the same convention as
 * every other tenant write in the app.
 *
 * Reads use an explicit `owner_id` scope filter because the table's
 * `alias_resolution_select` policy is `USING (TRUE)` (alias resolution must work
 * before a tenant context exists), so RLS does not constrain SELECTs here.
 */
export declare class EmailIngestionAliasProvider {
    private db;
    constructor(db: TenantAwareDBClient);
    createAlias(alias: string, ownerId: string): Promise<AliasMutationResult>;
    setAliasActive(id: string, isActive: boolean): Promise<AliasMutationResult>;
    listAliases(ownerIds: readonly string[]): Promise<IGetAliasesResult[]>;
}
