import { ExecutionContext } from '@nestjs/common';
import { IInvoke } from './invoke';
export interface CustomRole {
    tenant: string;
    role: string;
}
export declare class UserContext {
    userId: string;
    tenantRole: string;
    tenantCode: string;
    constructor(partial: Partial<UserContext>);
}
/**
 * Extract user context from JWT claims and request headers.
 *
 * Tenant code determination:
 * 1. If `custom:tenant` exists in JWT claims, use it (user bound to specific tenant)
 * 2. Otherwise, use `x-tenant-code` header (for cross-tenant operations)
 *
 * Note: Security validation for header-based tenant override is handled by RolesGuard,
 * not by this function. This allows for flexible security policies at the application level.
 */
export declare function getUserContext(ctx: IInvoke | ExecutionContext): UserContext;