import { SetDocumentsContext } from "./document.data.model";
import { ResolverEndpointConfig, ResolverResponse } from "./resolver.data.model";
import { UserContact } from "./user-contact.data.model";
import { UserPermissionAccessRole } from "./user-resolver.data.model";
export declare class User {
    /**
     * Unique user identifier that you use to identify your user.
     */
    userId: string;
    /**
     * Your user's full name.
     *
     * Default: Random avatar name.
     */
    name?: string;
    email_lowercase?: string;
    name_lowercase?: string;
    clientUserName?: string;
    /**
    * Your user's display picture URL.
    *
    * Default: Random avatar image.
    */
    photoUrl?: string;
    /**
     * This is required if you want us to send email or slack notifications
     * to users when they add comments and tag their co-workers.
     */
    email?: string;
    /**
    * This will help us show a drop down when a user wants to tag their co-workers in a comment.
    */
    contacts?: UserContact[];
    /**
     * The product plan your user is on.
     */
    plan?: string;
    /**
    * It could be a domain name or any identifier you use to cluster a group of users who work together.
    */
    groupId?: string;
    /**
     * Original groupId provided by the user.
     */
    clientGroupId?: string;
    organizationId?: string;
    clientOrganizationId?: string;
    /**
     * Auto generated unique user id that is linked with your app's user ID.
     * This is needed by us for internal processing.
     */
    userSnippylyId?: string;
    /**
     * A random color is assigned to the user for the current session.
     * This is the color on the avatar border and live cursor, if these features are enabled.
     */
    color?: string;
    /**
     * This is the color on the avatar text.
     */
    textColor?: string;
    /**
     * User type.
     *
     */
    type?: string;
    isAdmin?: boolean;
    /**
     * Readonly user
     */
    isReadOnly?: boolean;
    /**
     * Anonymous user can only view the comments
     */
    isAnonymous?: boolean;
    /**
     * Guest user
     */
    isGuest?: boolean;
    initial?: string;
}
export declare class Options {
    /**
     * If you want to replace the contacts of the user with the contacts you are sending.
     * This will replace personal and group contacts of the user.
     */
    replaceContacts?: boolean;
    /**
     * If you want to replace the personal contacts of the user with the contacts you are sending.
     * This will replace personal contacts of the user.
     */
    replacePrivateContacts?: boolean;
    /**
     * If you want to replace the group contacts of the user with the contacts you are sending.
     * This will replace group contacts of the user.
     */
    replaceGroupContacts?: boolean;
    /**
     * Pass the auth token of the user.
     */
    authToken?: string;
    /**
     * If you want to force re-login the user.
     */
    forceReset?: boolean;
    /**
     * If you want to throw an error if the user is not authenticated.
     */
    throwError?: boolean;
}
export interface AuthRetryConfig {
    retryCount?: number;
    retryDelay?: number;
}
export interface Context {
    access: {
        [key: string]: string | number;
    };
    accessFields?: Array<string>;
}
export interface VeltAuthProvider {
    user: User;
    options?: Options;
    retryConfig?: AuthRetryConfig;
    generateToken?: () => Promise<string>;
    onError?: (err: unknown) => void;
}
export declare const RevokeAccessOnType: {
    readonly DOCUMENT_UNSET: "document_unset";
    readonly USER_LOGOUT: "user_logout";
};
export type RevokeAccessOnType = (typeof RevokeAccessOnType)[keyof typeof RevokeAccessOnType];
export declare const PermissionSource: {
    readonly SET_DOCUMENTS: "setDocuments";
    readonly IDENTIFY: "identify";
    readonly GET_NOTIFICATIONS: "getNotifications";
    readonly SET_NOTIFICATIONS: "setNotifications";
    readonly REVOKE_ACCESS_ON_USER_LOGOUT: "revokeAccessOnUserLogout";
    readonly REVOKE_ACCESS_ON_DOCUMENT_UNSET: "revokeAccessOnDocumentUnset";
};
export type PermissionSource = (typeof PermissionSource)[keyof typeof PermissionSource];
export interface RevokeAccessOn {
    type: RevokeAccessOnType;
    revokeOrganizationAccess?: boolean;
}
export interface VeltPermissionProvider {
    retryConfig?: AuthRetryConfig;
    isContextEnabled?: boolean;
    revokeAccessOn?: RevokeAccessOn[];
    forceRefresh?: boolean;
    /**
     * LOCAL-DEV ONLY. When `true`, the SDK resolves permissions in the browser
     * (via {@link endpointConfig} or {@link resolvePermissions}) and relays the
     * results to the backend, instead of relying on the server-to-server
     * Real-Time Permission Provider. This lets a `localhost` permission endpoint
     * be reached without an ngrok/Cloudflare tunnel during development.
     *
     * This flag is an ergonomic switch only — it is NOT a security boundary.
     * The backend independently gates browser-resolved results to dev/test API
     * keys; production keys always ignore them and fall back to the server-side
     * provider. MUST NOT be relied on in production.
     */
    dev?: boolean;
    /**
     * URL-based client-side resolver. When set (and {@link dev} is `true`), the
     * browser POSTs `{ data: { requests } }` to `url` — byte-for-byte identical
     * to what the server-side permission provider sends — and expects the same
     * `{ data: PermissionResult[], success, statusCode }` response. Takes
     * precedence over {@link resolvePermissions} when both are provided.
     */
    endpointConfig?: ResolverEndpointConfig;
    /**
     * Callback-based client-side resolver. When set (and {@link dev} is `true`,
     * and no {@link endpointConfig} URL is provided), it is invoked with the
     * same `{ data: { requests } }` envelope and may return either a bare
     * `PermissionResult[]` or a `ResolverResponse<PermissionResult[]>`.
     */
    resolvePermissions?: (request: PermissionResolverRequest) => Promise<PermissionResult[] | ResolverResponse<PermissionResult[]>>;
    /**
     * Optional per-call timeout (ms) for the client-side resolver. When the
     * resolver does not settle within this window the check fails closed (deny).
     */
    resolveTimeout?: number;
}
/**
 * The request envelope handed to a client-side permission resolver
 * ({@link VeltPermissionProvider.endpointConfig} URL body or
 * {@link VeltPermissionProvider.resolvePermissions} callback argument). The
 * shape mirrors the server-side permission provider request byte-for-byte so a
 * customer's existing handler works unchanged.
 */
export interface PermissionResolverRequest {
    data: {
        requests: PermissionQuery[];
    };
}
export declare const PermissionResourceType: {
    readonly FOLDER: "folder";
    readonly DOCUMENT: "document";
    readonly ORGANIZATION: "organization";
    readonly CONTEXT: "context";
};
export type PermissionResourceType = (typeof PermissionResourceType)[keyof typeof PermissionResourceType];
export interface PermissionQuery {
    userId: string;
    resource: {
        id: string;
        type: PermissionResourceType;
        source: PermissionSource;
        organizationId: string;
        context?: Context | SetDocumentsContext;
        parentFolderId?: string;
    };
}
export interface PermissionResult {
    userId: string;
    resourceId: string;
    organizationId: string;
    type: PermissionResourceType;
    accessRole?: UserPermissionAccessRole;
    expiresAt?: number;
    hasAccess: boolean;
}
