import type { RequestOptions } from "../base-client";
import { RequestBuilder } from "../request-builder";
/**
 * Audit log entry returned by the admin audit API.
 *
 * Note: `ip_address` and `user_agent` are intentionally excluded —
 * those fields are `public?: false` in the resource definition.
 */
export interface AuditLog {
    id: string;
    action: string;
    resource_type: string;
    resource_id: string;
    changes: Record<string, unknown> | null;
    target_type: string | null;
    target_id: string | null;
    target_name: string | null;
    tenant_id: string | null;
    workspace_id: string | null;
    actor_id: string | null;
    /** Human-readable actor name — "System" for automated actions. Loaded via calculation. */
    actor_display_name: string | null;
    created_at: string;
}
/** Parameters for the paginated audit log list. */
export type AuditListParams = {
    /** Keyset cursor — fetch entries after this position (forward pagination). */
    after?: string;
    /** Keyset cursor — fetch entries before this position (backward pagination). */
    before?: string;
    /** Max results to return. Default: 50. */
    limit?: number;
    /** Offset for offset-based pagination. */
    offset?: number;
    /** Sort field, e.g. `created_at` or `-created_at`. */
    sort?: string;
};
/** Parameters for the tenant activity feed. */
export type ActivityFeedParams = {
    /** Required. Tenant UUID to scope the feed. */
    tenantId: string;
    /** Optional workspace UUID to narrow results to a single workspace. */
    workspaceId?: string;
    /** Optional action type filter, e.g. `"document.analyzed"`. */
    activityType?: string;
    /** Optional actor UUID — returns only actions performed by this actor. */
    actorId?: string;
    /** ISO-8601 timestamp — return only entries after this datetime. */
    fromDate?: string;
    /** ISO-8601 timestamp — return only entries before this datetime. */
    toDate?: string;
    /** Max results to return. Default: 50. */
    limit?: number;
    /** Offset for offset-based pagination. */
    offset?: number;
};
/** Parameters for the count-by-action aggregate. */
export type CountByActionParams = {
    /** Required. Tenant UUID. */
    tenantId: string;
    /** Optional workspace UUID to narrow results. */
    workspaceId?: string;
};
/** Single row from the count-by-action aggregate. */
export type CountByActionResult = {
    action: string;
    count: number;
};
/** Parameters for requesting a bulk compliance export. */
export type ExportParams = {
    /** Export format. */
    format: "csv" | "json";
    /** Required. Tenant UUID — exports only logs for this tenant. */
    tenantId: string;
    /** ISO-8601 timestamp — export only entries after this datetime. */
    fromDate?: string;
    /** ISO-8601 timestamp — export only entries before this datetime. */
    toDate?: string;
};
/** Result returned when an export is enqueued. */
export type ExportResult = {
    jobId: string;
    status: string;
};
/**
 * Audit log namespace factory.
 *
 * Provides compliance-oriented access to audit log entries: paginated listing,
 * tenant activity feeds, per-action aggregates, and async bulk exports.
 *
 * ## Required scopes for `sk_srv_` keys
 *
 * | Method            | Required scope  |
 * |-------------------|----------------|
 * | `list`            | `audit:read`   |
 * | `activityFeed`    | `audit:read`   |
 * | `countByAction`   | `audit:read`   |
 * | `requestExport`   | `audit:write`  |
 *
 * `sk_srv_` keys are granted all available scopes by default, so these
 * methods work out of the box. Narrower custom keys must explicitly include
 * the required scope when the key is created.
 *
 * @param rb - The request builder used for API communication.
 * @returns Audit namespace with `list`, `activityFeed`, `countByAction`, and `requestExport`.
 */
export declare function createAuditNamespace(rb: RequestBuilder): {
    /**
     * List audit log entries with keyset or offset pagination.
     *
     * Returns up to `limit` (default 50) entries sorted by `created_at` descending.
     * The `actor_display_name` calculation is included automatically.
     *
     * @param params - Optional pagination and sort parameters.
     * @param options - Optional request options.
     * @returns Array of AuditLog entries.
     *
     * @example
     * ```typescript
     * const admin = new GptAdmin({ apiKey: 'sk_srv_...' });
     *
     * // First page (default limit 50)
     * const page1 = await admin.audit.list();
     *
     * // Next page using keyset cursor
     * const page2 = await admin.audit.list({ after: page1.at(-1)?.id, limit: 25 });
     * ```
     */
    list(params?: AuditListParams, options?: RequestOptions): Promise<AuditLog[]>;
    /**
     * Fetch a paginated, time-sorted activity feed scoped to a tenant.
     *
     * Optionally filter by workspace, action type, actor, or date range.
     * Results are sorted by `created_at` descending (most recent first).
     *
     * @param params - Feed parameters. `tenantId` is required.
     * @param options - Optional request options.
     * @returns Array of AuditLog entries matching the filters.
     *
     * @example
     * ```typescript
     * const admin = new GptAdmin({ apiKey: 'sk_srv_...' });
     *
     * // All activity for a tenant in the last 24h
     * const feed = await admin.audit.activityFeed({
     *   tenantId: 'tenant-uuid',
     *   fromDate: new Date(Date.now() - 86400000).toISOString(),
     * });
     *
     * // Narrow to a specific workspace and actor
     * const focused = await admin.audit.activityFeed({
     *   tenantId: 'tenant-uuid',
     *   workspaceId: 'ws-uuid',
     *   actorId: 'user-uuid',
     *   limit: 20,
     * });
     * ```
     */
    activityFeed(params: ActivityFeedParams, options?: RequestOptions): Promise<AuditLog[]>;
    /**
     * Return per-action counts for a tenant, sorted by frequency descending.
     *
     * Useful for anomaly dashboards and compliance reporting.
     *
     * @param params - `tenantId` is required. `workspaceId` narrows to one workspace.
     * @param options - Optional request options.
     * @returns Array of `{ action, count }` objects sorted by count descending.
     *
     * @example
     * ```typescript
     * const admin = new GptAdmin({ apiKey: 'sk_srv_...' });
     *
     * const counts = await admin.audit.countByAction({ tenantId: 'tenant-uuid' });
     * // [{ action: "document.analyzed", count: 1240 }, { action: "user.login", count: 98 }, ...]
     * ```
     */
    countByAction(params: CountByActionParams, options?: RequestOptions): Promise<CountByActionResult[]>;
    /**
     * Enqueue a bulk compliance export of audit logs for a tenant.
     *
     * The export is processed asynchronously by the `ExportAuditLogsWorker` Oban job.
     * The caller receives a job ID and status immediately; the file URL is published
     * to `audit:export:{tenant_id}` via PubSub when ready (see `AuditExportCompleted`).
     *
     * @param params - Export parameters. `tenantId` and `format` are required.
     * @param options - Optional request options.
     * @returns `{ jobId, status }` — the Oban job ID and initial status (`"enqueued"`).
     *
     * @example
     * ```typescript
     * const admin = new GptAdmin({ apiKey: 'sk_srv_...' });
     *
     * // Request a CSV export of the last 30 days
     * const thirty = new Date();
     * thirty.setDate(thirty.getDate() - 30);
     * const result = await admin.audit.requestExport({
     *   format: 'csv',
     *   tenantId: 'tenant-uuid',
     *   fromDate: thirty.toISOString(),
     * });
     * console.log(`Export job ${result.jobId} enqueued`);
     * ```
     */
    requestExport(params: ExportParams, options?: RequestOptions): Promise<ExportResult>;
};
//# sourceMappingURL=audit.d.ts.map