import { RequestBuilder } from "../request-builder";
import type { AccessGrant, PostAdminAccessGrantsData, PatchAdminAccessGrantsByIdData } from "../_internal/types.gen";
export type { AccessGrant };
export interface AccessGrantListResult {
    data: AccessGrant[];
    meta?: {
        total?: number;
    };
}
export interface AccessGrantResult {
    data: AccessGrant;
}
export interface AccessGrantListParams {
    subject_id?: string;
    subject_type?: "user" | "application";
    object_id?: string;
    object_type?: "tenant" | "workspace";
    relation?: "tenant_admin" | "tenant_member" | "workspace_admin" | "workspace_editor" | "workspace_viewer";
}
export declare function createAccessGrantsNamespace(rb: RequestBuilder): {
    /**
     * List access grants. Filter by subject or object using query params.
     *
     * Filter params are serialized as JSON:API `filter[<field>]` query keys,
     * which is what the server-side AshJsonApi route accepts. Plain bare
     * keys (`?subject_id=...`) are silently ignored by the server.
     *
     * @param params - Optional filter parameters (subject_id, subject_type, object_id, object_type, relation)
     * @returns Paginated list of access grants
     * @example
     * const grants = await admin.accessGrants.list({ subject_id: userId });
     */
    list(params?: AccessGrantListParams): Promise<AccessGrantListResult>;
    /**
     * Get a single access grant by ID.
     *
     * @param id - AccessGrant UUID
     * @returns The access grant record
     * @example
     * const grant = await admin.accessGrants.get("grant-uuid");
     */
    get(id: string): Promise<AccessGrantResult>;
    /**
     * Create a new access grant, giving a subject (user or application) a relation to an object (tenant or workspace).
     *
     * @param attrs - Grant attributes (subject_type, subject_id, relation, object_type, object_id, expires_at)
     * @returns The created access grant
     * @example
     * const grant = await admin.accessGrants.create({
     *   data: {
     *     type: "access-grant",
     *     attributes: {
     *       subject_type: "user",
     *       subject_id: "user-uuid",
     *       relation: "workspace_editor",
     *       object_type: "workspace",
     *       object_id: "workspace-uuid",
     *     },
     *   },
     * });
     */
    create(attrs: PostAdminAccessGrantsData["body"]): Promise<AccessGrantResult>;
    /**
     * Update an existing access grant (relation, custom_permissions, expires_at).
     *
     * @param id - AccessGrant UUID
     * @param attrs - Attributes to update
     * @returns The updated access grant
     * @example
     * const updated = await admin.accessGrants.update("grant-uuid", {
     *   data: { type: "access-grant", id: "grant-uuid", attributes: { expires_at: "2027-01-01T00:00:00Z" } },
     * });
     */
    update(id: string, attrs: PatchAdminAccessGrantsByIdData["body"]): Promise<AccessGrantResult>;
    /**
     * Revoke (delete) an access grant.
     *
     * @param id - AccessGrant UUID
     * @returns void
     * @example
     * await admin.accessGrants.revoke("grant-uuid");
     */
    revoke(id: string): Promise<void>;
};
//# sourceMappingURL=access-grants.d.ts.map