import type { FileManifest, FileQueryResult, FilesConfig, ResolvedFilesConfig } from "./types.js";
export declare class FileStoreError extends Error {
    statusCode: number;
    constructor(statusCode: number, message: string);
}
export interface Requester {
    userId?: string;
    orgId?: string;
}
export declare class FileStore {
    private cfg;
    private sweepTimer?;
    /** Ingests currently in flight in this process (concurrency guard). */
    private activeIngests;
    constructor(config: FilesConfig);
    get config(): ResolvedFilesConfig;
    init(): Promise<void>;
    startCleanup(log: (msg: string) => void): void;
    stopCleanup(): void;
    private sweepExpired;
    ingest(filename: string, buffer: Buffer, requester: Requester): Promise<FileManifest>;
    /** Total bytes currently held in the drop dir (best-effort). */
    private dirSizeBytes;
    /** CSV / TSV → a single table named `data`, types inferred by DuckDB. */
    private ingestDelimited;
    /** XLSX → one table per non-empty worksheet, via per-sheet CSV + DuckDB. */
    private ingestXlsx;
    query(fileId: string, sql: string, requester: Requester): Promise<FileQueryResult>;
    getManifest(fileId: string, requester: Requester): Promise<FileManifest>;
    list(requester: Requester): Promise<FileManifest[]>;
    /** Idempotent — deleting an unknown / already-gone file is a no-op success. */
    delete(fileId: string, requester: Requester): Promise<void>;
    private describeTable;
    private recordPath;
    private readRecord;
    private getOwnedRecord;
    /**
     * Ownership: enforced only when both sides carry the identity field. The
     * connection-level bearer token already proves the caller is the trusted
     * proxy; this is org/user-scoped defense-in-depth for shared app-servers.
     * System / out-of-band callers (no identity) are allowed, matching the
     * rest of app-server's trust model.
     */
    private ownsRecord;
    private removeFiles;
}
//# sourceMappingURL=store.d.ts.map