@aouda/client 0.0.1

package/dist/client-DXT2ZAeO.d.ts

@@ -0,0 +1,3356 @@
+/**
+ * Auth type definitions for @aouda/client.
+ */
+/**
+ * Authentication credentials for server/database-admin access.
+ * Routes auth requests to `/api/auth/…`.
+ *
+ * Use `apiKey` (server API key, `mk_srv_` prefix) or a pre-obtained `token` for
+ * machine/service access. Mutually exclusive: provide either `apiKey` or `token`.
+ */
+interface ServerAuthOptions {
+    /** Pre-obtained JWT access token. Mutually exclusive with apiKey. */
+    token?: string;
+    /** Refresh token for proactive/reactive refresh. Requires token. */
+    refreshToken?: string;
+    /** Server API key (e.g. `mk_srv_…`). Sent as Bearer on every request.
+     *  Mutually exclusive with token. */
+    apiKey?: string;
+    /** User JWT to forward as X-User-Token header on outgoing requests.
+     *  Only effective when `apiKey` is a service-level key (prefix `mk_svc_` or `mk_srv_`).
+     *  Allows backends to execute requests on behalf of a specific user with PLS enforcement. */
+    userToken?: string;
+    /** How early before expiry (ms) to proactively refresh. Default: 120_000 (2 min). */
+    refreshThresholdMs?: number;
+}
+/**
+ * Authentication credentials for application-user access.
+ * Routes auth requests to `/api/databases/{db}/auth/…`.
+ *
+ * Two-layer auth model:
+ * - Layer 1 (connection): use `apiKey` (anon or service_role key from database creation).
+ * - Layer 2 (identity): call `client.auth.signIn(email, password)` after connecting.
+ *
+ * For backends using service keys, set `userToken` to forward a user JWT as X-User-Token,
+ * enabling PLS enforcement on behalf of that user.
+ *
+ * Mutually exclusive: provide either token, or apiKey — not both.
+ */
+interface AppAuthOptions {
+    /** Pre-obtained JWT access token. Mutually exclusive with apiKey. */
+    token?: string;
+    /** Refresh token for proactive/reactive refresh. Requires token. */
+    refreshToken?: string;
+    /** API key for connection-level auth (anon or service_role key). Sent as Bearer on every
+     *  request. After `client.auth.signIn()`, the user JWT replaces it as the bearer token.
+     *  Mutually exclusive with token. */
+    apiKey?: string;
+    /** User JWT to forward as X-User-Token header on outgoing requests.
+     *  Only effective when `apiKey` is a service-level key (prefix `mk_svc_` or `mk_srv_`).
+     *  Allows backends to execute requests on behalf of a specific user with PLS enforcement. */
+    userToken?: string;
+    /** Explicit auth database name. Discovered from X-Auth-Database header if not set, defaults to "_auth". */
+    authDatabase?: string;
+    /** How early before expiry (ms) to proactively refresh. Default: 120_000 (2 min). */
+    refreshThresholdMs?: number;
+}
+/**
+ * Auth response from sign-in, sign-up, or refresh endpoints.
+ */
+interface AuthResult {
+    user: AuthUserInfo;
+    accessToken: string;
+    refreshToken: string;
+    expiresIn: number;
+}
+/**
+ * Minimal user info returned in auth responses.
+ */
+interface AuthUserInfo {
+    id: string;
+    email: string;
+}
+/**
+ * Full user profile returned by the /me endpoint.
+ */
+interface UserProfile {
+    id: string;
+    email: string;
+    roles: string[];
+    createdAt: string;
+}
+/**
+ * Allowed table authorization modes for ADRA-enabled table metadata.
+ */
+type AuthorizationMode = "jwt-claim" | "auth-db-pls" | "auth-db-rls";
+/**
+ * Request payload for creating a partition grant.
+ */
+interface CreatePartitionGrantRequest {
+    dimension: string;
+    partitionKey: string;
+    accessLevel?: string;
+    grantedBy?: string;
+    validFrom?: string;
+    validTo?: string;
+}
+/**
+ * Partition grant DTO returned by admin endpoints.
+ */
+interface PartitionGrant {
+    id: string;
+    userId: string;
+    dimension: string;
+    partitionKey: string;
+    accessLevel: string;
+    grantedBy?: string;
+    validFrom?: string;
+    validTo?: string;
+    createdAt: string;
+}
+/**
+ * Response payload for listing partition grants.
+ */
+interface PartitionGrantsListResponse {
+    grants: PartitionGrant[];
+}
+/**
+ * Input rule when updating an RLS resolver.
+ */
+interface RlsResolverRuleInput {
+    ruleOrder: number;
+    columnName?: string;
+    operator?: string;
+    valueSource?: string;
+    valueConfig?: string;
+    combinator?: string;
+}
+/**
+ * Request payload for creating an RLS resolver.
+ */
+interface CreateRlsResolverRequest {
+    name: string;
+    description?: string;
+    targetTable: string;
+    resolverType: string;
+    createdBy?: string;
+}
+/**
+ * Request payload for patching an existing RLS resolver.
+ */
+interface UpdateRlsResolverRequest {
+    description?: string;
+    rules?: RlsResolverRuleInput[];
+}
+/**
+ * RLS resolver rule DTO returned by admin endpoints.
+ */
+interface RlsResolverRule {
+    id: string;
+    resolverId: string;
+    ruleOrder: number;
+    columnName: string;
+    operator: string;
+    valueSource: string;
+    valueConfig: string;
+    combinator?: string;
+}
+/**
+ * RLS resolver DTO returned by admin endpoints.
+ */
+interface RlsResolver {
+    id: string;
+    name: string;
+    description?: string;
+    targetTable: string;
+    resolverType: string;
+    createdBy?: string;
+    createdAt: string;
+    updatedAt: string;
+    rules: RlsResolverRule[];
+}
+/**
+ * Response payload for listing RLS resolvers.
+ */
+interface RlsResolversListResponse {
+    resolvers: RlsResolver[];
+}
+
+/**
+ * @aouda/client type definitions.
+ */
+
+/**
+ * Retry policy with exponential backoff and jitter.
+ * Transient failures (connection, timeout, 5xx) are retried up to maxRetries times.
+ */
+interface RetryPolicy {
+    /** Maximum number of retry attempts (default: 3). Setting to 0 disables retries. */
+    maxRetries?: number;
+    /** Initial delay before first retry in ms (default: 100). */
+    initialDelayMs?: number;
+    /**
+     * Base delay between retries in milliseconds.
+     * @deprecated Use initialDelayMs instead. If both are present, initialDelayMs takes precedence.
+     */
+    baseDelayMs?: number;
+    /** Maximum delay between retries in ms (default: 30_000). */
+    maxDelayMs?: number;
+    /** Backoff multiplier (default: 2). */
+    multiplier?: number;
+    /** Jitter factor 0–1 to randomize delays (default: 0.1). */
+    jitterFactor?: number;
+}
+/** Retry policy presets (None, Default, Aggressive). */
+declare namespace RetryPolicy {
+    /** No retries. */
+    const None: RetryPolicy;
+    /** Default: 3 retries, 100ms initial delay, 30s max. */
+    const Default: RetryPolicy;
+    /** Aggressive: 5 retries, 60s max delay. */
+    const Aggressive: RetryPolicy;
+}
+/**
+ * Circuit breaker policy. After failureThreshold failures within failureWindowMs,
+ * the circuit opens and requests fail fast until openDurationMs has passed (then half-open).
+ */
+interface CircuitBreakerPolicy {
+    /** Number of failures before opening the circuit (default: 5). */
+    failureThreshold?: number;
+    /** Time window for counting failures in ms (default: 30_000). */
+    failureWindowMs?: number;
+    /** Time to wait before allowing test requests (half-open) in ms (default: 30_000). */
+    openDurationMs?: number;
+    /** Successes needed in half-open to close the circuit (default: 2). */
+    successThreshold?: number;
+}
+/** Circuit breaker policy presets (Disabled, Default, Sensitive). */
+declare namespace CircuitBreakerPolicy {
+    /** Circuit breaker disabled (never opens). */
+    const Disabled: CircuitBreakerPolicy;
+    /** Default: 5 failures in 30s window, 30s open duration. */
+    const Default: CircuitBreakerPolicy;
+    /** Sensitive: 3 failures in 15s window. */
+    const Sensitive: CircuitBreakerPolicy;
+}
+/**
+ * Configuration options for AoudaClient.
+ */
+interface AoudaClientOptions {
+    /**
+     * The base URL of the Aouda server.
+     * Required. Must be a valid URL (e.g., "http://localhost:8080").
+     */
+    serverUrl: string;
+    /**
+     * Database name to scope all data and schema operations.
+     * Required. Must be a non-empty string (no default).
+     */
+    database: string;
+    /**
+     * Request timeout in milliseconds.
+     * @default 30000
+     */
+    timeout?: number;
+    /**
+     * Optional retry policy configuration.
+     * When omitted, no retries are performed (equivalent to RetryPolicy.None).
+     */
+    retryPolicy?: RetryPolicy;
+    /**
+     * Optional circuit breaker policy.
+     * When omitted, circuit breaker is disabled (equivalent to CircuitBreakerPolicy.Disabled).
+     */
+    circuitBreakerPolicy?: CircuitBreakerPolicy;
+    /**
+     * Server/database-admin auth credentials. Routes to `/api/auth/…`.
+     * Mutually exclusive with `appAuth`.
+     * When set, the client automatically handles token lifecycle:
+     * proactive refresh, and 401 retry.
+     */
+    serverAuth?: ServerAuthOptions;
+    /**
+     * Application-user auth credentials. Routes to `/api/databases/{db}/auth/…`.
+     * Mutually exclusive with `serverAuth`.
+     * When set, the client automatically handles token lifecycle:
+     * proactive refresh, and 401 retry.
+     * Use `apiKey` for connection (Layer 1); call `client.auth.signIn()` for user identity (Layer 2).
+     */
+    appAuth?: AppAuthOptions;
+    /**
+     * Streaming transport options.
+     */
+    streaming?: {
+        /**
+         * Enables permessage-deflate compression for WebSocket transport in Node.js.
+         * Browser-native WebSocket compression remains browser-managed.
+         * @default true
+         */
+        enableCompression?: boolean;
+        /**
+         * Streaming WebSocket wire mode.
+         * - "json": text frames (default)
+         * - "msgpack": binary MessagePack frames after auth negotiation
+         * @default "json"
+         */
+        wireMode?: "json" | "msgpack";
+        /**
+         * Enables HTTP long-poll fallback when WebSocket transport cannot connect.
+         * @default true
+         */
+        enableLongPollFallback?: boolean;
+        /**
+         * Long-poll wait timeout in milliseconds for fallback transport.
+         * @default 25000
+         */
+        longPollWaitMs?: number;
+    };
+}
+/**
+ * Health status response from the Aouda server.
+ * Matches the wire protocol response from GET /health.
+ */
+interface HealthStatus {
+    /**
+     * Status string from the server (e.g., "healthy").
+     */
+    status: string;
+    /**
+     * Whether the server is healthy.
+     * Derived: true if status equals "healthy" (case-insensitive).
+     */
+    isHealthy: boolean;
+}
+/**
+ * Schema type contract for the generic Aouda client.
+ *
+ * Use as the type parameter for `createAoudaClient<S>(options)` so that
+ * `table(name)` accepts only table names from the schema and returns
+ * queries typed with the corresponding row interface.
+ *
+ * Shape (aligned with server TypeScript generator and B.8 CLI output):
+ * - `tables`: record mapping table names (string keys) to row types (object types).
+ *
+ * @example
+ * ```typescript
+ * interface Order { id: number; status: string; }
+ * interface Schema { tables: { orders: Order; }; }
+ * const client = createAoudaClient<Schema>({ serverUrl: "..." });
+ * client.table('orders'); // OK, returns TableQuery<Order>
+ * client.table('other'); // type error
+ * ```
+ */
+interface SchemaLike {
+    /** Maps table names to their row types. */
+    tables: Record<string, Record<string, unknown>>;
+}
+/**
+ * Default schema when no generic is provided: any string table name,
+ * rows typed as `Record<string, unknown>`.
+ */
+interface DefaultSchema extends SchemaLike {
+    tables: Record<string, Record<string, unknown>>;
+}
+/**
+ * Extracts the union of table names from a schema type.
+ * Use for variables or parameters that must be a valid table name for schema `S`.
+ *
+ * @example
+ * ```typescript
+ * type TableName = TableNameFromSchema<Schema>; // 'orders' | 'authors' | ...
+ * const name: TableName = 'orders';
+ * ```
+ */
+type TableNameFromSchema<S extends SchemaLike> = keyof S["tables"] & string;
+/**
+ * Full request configuration for HttpTransport.request().
+ */
+interface RequestConfig {
+    method: "GET" | "POST" | "PUT" | "PATCH" | "DELETE";
+    path: string;
+    body?: unknown;
+    headers?: Record<string, string>;
+    /** Override default timeout for this request. */
+    timeout?: number;
+    /** External abort signal (e.g. client disconnect). */
+    signal?: AbortSignal;
+    /** If true, return the raw response text instead of parsing JSON. */
+    rawText?: boolean;
+    /**
+     * If response status is in this list, return parsed JSON instead of throwing.
+     * Used e.g. for GET /ready which returns 503 with a body when not ready.
+     */
+    allowStatuses?: number[];
+    /**
+     * If set, send this raw string as the request body instead of JSON-serializing `body`.
+     * Used for NDJSON streaming (bulk-load :append).
+     */
+    rawBodyStr?: string;
+}
+/**
+ * Options for convenience methods (get, post, put, patch, delete).
+ */
+interface RequestOptions {
+    headers?: Record<string, string>;
+    timeout?: number;
+    signal?: AbortSignal;
+    /** Sent as X-Request-Id header when provided. */
+    requestId?: string;
+}
+/**
+ * User-facing comparison operator for where clauses.
+ * Mapped to wire protocol operators (eq, ne, gt, etc.) internally.
+ */
+type WhereOperator = "=" | "!=" | ">" | "<" | ">=" | "<=" | "in" | "notIn" | "like" | "isNull" | "isNotNull" | "between";
+/**
+ * User-facing sort direction.
+ * Mapped to wire protocol `descending` boolean internally.
+ */
+type SortDirection = "asc" | "desc";
+/**
+ * Statistics about query execution.
+ * Returned by the server with every query response.
+ */
+interface QueryStats {
+    /** Number of rows scanned during query execution. */
+    rowsScanned: number;
+    /** Number of rows returned in the result. */
+    rowsReturned: number;
+    /** Number of segments accessed during query execution. */
+    segmentsAccessed: number;
+    /** Query execution time in milliseconds. */
+    executionMs: number;
+}
+/**
+ * Result of a query execution.
+ * Contains the rows and execution statistics.
+ */
+interface QueryResult<T = Record<string, unknown>> {
+    /** Array of result rows. */
+    rows: T[];
+    /** Query execution statistics. */
+    stats: QueryStats;
+}
+/**
+ * Wire protocol comparison operators.
+ * @internal
+ */
+type WireOperator = "eq" | "ne" | "gt" | "gte" | "lt" | "lte" | "in" | "nin" | "like";
+/**
+ * A single predicate in a where clause.
+ * @internal
+ */
+interface WherePredicate {
+    column: string;
+    op: WireOperator;
+    value: unknown;
+}
+/**
+ * Where clause structure for the wire protocol.
+ * Semantics: `(∧ and) ∧ (∨ or) ∧ (∧ groups[i])` — see server `QueryTranslator`.
+ * Prefer `TableQuery.whereGroup` / `WhereGroupBuilder` in the TS client instead of hand-building `groups`.
+ * @internal
+ */
+interface WhereClause {
+    and?: WherePredicate[];
+    or?: WherePredicate[];
+    /** Nested sub-clauses AND-combined with top-level `and` / `or` (wire: `groups`). */
+    groups?: WhereClause[];
+}
+/**
+ * Order by clause for the wire protocol.
+ * @internal
+ */
+interface OrderByClause {
+    column: string;
+    descending?: boolean;
+}
+/**
+ * Supported join types in query requests.
+ * @internal
+ */
+type JoinType = "inner" | "left" | "right" | "full" | "cross";
+/**
+ * Join clause for the wire protocol query request.
+ * Supports both single-column and multi-column equality joins, plus cross join.
+ * @internal
+ */
+interface JoinClause {
+    table: string;
+    type?: JoinType;
+    leftColumn?: string;
+    rightColumn?: string;
+    leftColumns?: string[];
+    rightColumns?: string[];
+}
+/**
+ * Supported aggregate functions in query requests.
+ * @internal
+ */
+type AggregateFunction = "sum" | "min" | "max";
+/**
+ * Aggregate operation specification for query requests.
+ * @internal
+ */
+interface AggregateOperation {
+    op: AggregateFunction;
+    column: string;
+}
+/**
+ * Columnar response from the server (default format).
+ */
+interface ColumnarResponse {
+    columns: string[];
+    types: string[];
+    data: unknown[][];
+    rowCount: number;
+    stats: QueryStats;
+}
+/**
+ * Summary of a table returned by list().
+ */
+interface TableSummary {
+    /** Table name. */
+    name: string;
+    /** Number of columns in the table. */
+    columnCount: number;
+    /** Total row count across all segments. */
+    rowCount: number;
+    /** ISO 8601 timestamp when table was created (empty for legacy tables). */
+    createdAt: string;
+    /** ISO 8601 timestamp when table/data was last modified (empty for legacy tables). */
+    lastModifiedAt: string;
+    /** Approximate size in bytes across all segments. */
+    sizeBytes: number;
+    /** Storage policy (optional metadata). */
+    policy?: TablePolicy;
+}
+/**
+ * Detailed schema of a table returned by get().
+ */
+interface TableSchema {
+    /** Table name. */
+    name: string;
+    /** Column definitions. */
+    columns: ColumnSchema[];
+    /** Storage policy (optional metadata). */
+    policy?: TablePolicy;
+    /** Whether partition-level security is enabled. */
+    partitionLevelSecurity?: boolean;
+    /** Table authorization mode (ADRA). */
+    authMode?: AuthorizationMode;
+    /** Permission dimension for auth-db-pls mode. */
+    permissionDimension?: string;
+    /** Resolver name for auth-db-rls mode. */
+    rlsResolverName?: string;
+}
+/**
+ * Schema definition for a single column.
+ */
+interface ColumnSchema {
+    /** Column name. */
+    name: string;
+    /** Aouda data type (e.g., 'Int64', 'String', 'Double'). */
+    type: string;
+    /** Whether the column allows null values. */
+    isNullable: boolean;
+    /** Whether column has server-assigned auto-increment values. */
+    isAutoIncrement?: boolean;
+    /** Position in composite primary key (null if not PK). */
+    primaryKeyOrder?: number;
+    /** Position in composite partition key. */
+    partitionKeyOrder?: number;
+    /** Position in cluster columns for storage ordering. */
+    clusterOrder?: number;
+    /** Reference to another table's column (for relationship navigation). */
+    reference?: ReferenceInfo;
+}
+/**
+ * Storage policy for a table.
+ */
+interface TablePolicy {
+    /** Storage temperature setting. */
+    storageTemperature?: string;
+    /** Residency configuration. */
+    residency?: ResidencyConfig;
+}
+/**
+ * Residency configuration within a table policy.
+ */
+interface ResidencyConfig {
+    /** Data durability setting. */
+    dataDurability?: string;
+    /** Whether all data is pinned in memory. */
+    pinAllInMemory?: boolean;
+}
+/**
+ * Reference information for a column pointing to another table.
+ */
+interface ReferenceInfo {
+    /** Name of the table this column references. */
+    targetTable: string;
+    /** Name of the column in the target table. */
+    targetColumn: string;
+    /** Whether this reference was explicitly declared or inferred from naming conventions. */
+    source: "declared" | "inferred";
+}
+/**
+ * Enhanced schema response from schema() method.
+ */
+interface TableSchemaResponse {
+    /** Table name. */
+    name: string;
+    /** Column definitions with full metadata. */
+    columns: ColumnSchema[];
+    /** Column names forming the primary key, in order. */
+    primaryKey: string[];
+    /** Column names forming the partition key, in order. */
+    partitionKey: string[];
+    /** Column names for cluster ordering, in order. */
+    clusterColumns: string[];
+    /** Secondary indexes (placeholder for future). */
+    indexes: IndexInfo[];
+    /** Relationships to other tables (both declared and inferred). */
+    relationships?: RelationshipInfo[];
+    /** Whether partition-level security is enabled. */
+    partitionLevelSecurity?: boolean;
+    /** Table authorization mode (ADRA). */
+    authMode?: AuthorizationMode;
+    /** Permission dimension for auth-db-pls mode. */
+    permissionDimension?: string;
+    /** Resolver name for auth-db-rls mode. */
+    rlsResolverName?: string;
+}
+/**
+ * Index information (placeholder for future index management).
+ */
+interface IndexInfo {
+    /** Index name. */
+    name: string;
+    /** Indexed column names. */
+    columns: string[];
+    /** Whether index enforces uniqueness. */
+    isUnique: boolean;
+}
+/**
+ * Relationship between tables for ERD visualization.
+ */
+interface RelationshipInfo {
+    /** Source column of the relationship. */
+    from: RelationshipEndpoint;
+    /** Target table and column. */
+    to: RelationshipEndpoint;
+    /** Whether this relationship was declared or inferred. */
+    source: "declared" | "inferred";
+    /** Cardinality of the relationship. */
+    cardinality: "many-to-one" | "one-to-one" | "one-to-many";
+}
+/**
+ * Endpoint of a relationship (from or to side).
+ */
+interface RelationshipEndpoint {
+    /** Table name (required for "to" side, optional for "from" side in single-table context). */
+    table?: string;
+    /** Column name. */
+    column: string;
+}
+/**
+ * Response for relationships() — all tables with relationships for ERD.
+ */
+interface SchemaRelationshipsResponse {
+    /** All tables with column summaries. */
+    tables: TableSummaryForErd[];
+    /** All relationships (declared and inferred) across all tables. */
+    relationships: RelationshipInfo[];
+}
+/**
+ * Simplified table summary for ERD visualization.
+ */
+interface TableSummaryForErd {
+    /** Table name. */
+    name: string;
+    /** Column summaries. */
+    columns: ColumnSummaryForErd[];
+}
+/**
+ * Simplified column summary for ERD visualization.
+ */
+interface ColumnSummaryForErd {
+    /** Column name. */
+    name: string;
+    /** Data type. */
+    type: string;
+    /** Whether this column is part of the primary key. */
+    isPrimaryKey?: boolean;
+    /** Whether this column references another table. */
+    isReference?: boolean;
+}
+/**
+ * Options for TypeScript type generation.
+ */
+interface TypeGenerationOptions {
+    /** Include JSDoc comments in output (default: true). */
+    comments?: boolean;
+    /** Include Schema interface and TableName type (default: true). */
+    schema?: boolean;
+    /** Optional namespace wrapper for the generated types. */
+    namespace?: string;
+}
+/**
+ * Result of an insert operation.
+ */
+interface InsertResult {
+    /** Number of rows successfully inserted. */
+    rowsInserted: number;
+    /** Server-side execution time in milliseconds. */
+    executionMs: number;
+    /** Generated values for auto-increment columns. Keys are row indices (as strings). */
+    generatedValues?: Record<string, Record<string, unknown>>;
+}
+/**
+ * Result of an update or delete operation.
+ */
+interface MutationResult {
+    /** Number of rows affected by the operation. */
+    rowsAffected: number;
+    /** Server-side execution time in milliseconds. */
+    executionMs: number;
+    /** True when a limited delete can continue with additional matching rows. */
+    hasMore?: boolean;
+    /**
+     * Rows returned by a RETURNING clause. Present only when `returning` was specified.
+     * For UPDATE: post-update values. For DELETE: pre-delete values.
+     */
+    rows?: Record<string, unknown>[];
+    /**
+     * True when the RETURNING row count exceeded the server maximum (10 000)
+     * and the result was truncated to the first 10 000 rows.
+     */
+    rowsTruncated?: boolean;
+}
+/**
+ * Per-operation result for batch mutations.
+ */
+interface BatchMutationOperationResult {
+    /** Operation index in request order. */
+    index: number;
+    /** Operation kind. */
+    operationType: "update" | "delete";
+    /** Rows affected by this operation. */
+    rowsAffected: number;
+    /** For limited deletes, true means additional rows still match. */
+    hasMore?: boolean;
+}
+/**
+ * Result of a batch mutation execution.
+ */
+interface BatchMutationResult {
+    /** Per-operation results in request order. */
+    operationResults: BatchMutationOperationResult[];
+    /** Aggregate rows affected across all operations. */
+    totalRowsAffected: number;
+    /** Server-side execution time in milliseconds. */
+    executionMs: number;
+}
+/**
+ * Literal (constant) value node.
+ * @internal
+ */
+interface LiteralScalarExpr {
+    type: "literal";
+    value: unknown;
+}
+/**
+ * Column reference node — reads another column in the same row.
+ * @internal
+ */
+interface ColRefScalarExpr {
+    type: "colRef";
+    col: string;
+}
+/**
+ * Binary arithmetic node. op must be "+", "-", "*", or "/".
+ * @internal
+ */
+interface ArithmeticScalarExpr {
+    type: "arithmetic";
+    op: "+" | "-" | "*" | "/";
+    left: ScalarExprNode;
+    right: ScalarExprNode;
+}
+/**
+ * Coalesce node — returns the first non-null argument.
+ * @internal
+ */
+interface CoalesceScalarExpr {
+    type: "coalesce";
+    args: ScalarExprNode[];
+}
+/**
+ * Conditional (CASE WHEN) node. when is a WhereClause evaluated per row.
+ * @internal
+ */
+interface ConditionalScalarExpr {
+    type: "conditional";
+    when: WhereClause;
+    then: ScalarExprNode;
+    else: ScalarExprNode;
+}
+/**
+ * Discriminated union for scalar expression nodes in expression-based SET values.
+ * Named ScalarExprNode (not SetExprNode) to allow reuse for future SELECT projections.
+ * @internal
+ */
+type ScalarExprNode = LiteralScalarExpr | ColRefScalarExpr | ArithmeticScalarExpr | CoalesceScalarExpr | ConditionalScalarExpr;
+/**
+ * A single server-side computed column definition for SELECT projections.
+ * Plain JSON object; the polymorphism lives in ScalarExprNode.
+ * @internal
+ */
+interface ComputedColumnDef {
+    /** Output column alias. Must be unique and must not collide with physical column names in the select list. */
+    alias: string;
+    /** Expression tree evaluated per row to produce the column value. */
+    expr: ScalarExprNode;
+}
+/**
+ * Request body for PATCH /api/tables/{name}/rows (update).
+ * @internal
+ */
+/**
+ * Options for `update()` on a query builder.
+ */
+interface UpdateOptions {
+    /**
+     * Columns to include in the RETURNING clause.
+     * Use `["*"]` to return all columns.
+     * Returned rows reflect post-update values.
+     */
+    returning?: string[];
+}
+/**
+ * Options for `delete()` on a query builder.
+ */
+interface DeleteOptions {
+    /**
+     * Columns to include in the RETURNING clause.
+     * Use `["*"]` to return all columns.
+     * Returned rows reflect pre-delete values.
+     */
+    returning?: string[];
+}
+/** Valid Aouda column types per wire protocol Data Types. */
+declare const AOUDA_DATA_TYPES: readonly ["Bool", "Byte", "Int16", "Int32", "Int64", "UInt16", "UInt32", "UInt64", "Float32", "Double", "Decimal", "String", "Timestamp", "Date", "Guid"];
+type AoudaDataType = (typeof AOUDA_DATA_TYPES)[number];
+/** Partition function applied to partition key columns at insert time. */
+type PartitionFunction = "None" | "TruncateToDay" | "TruncateToHour" | "TruncateToMinute" | "TruncateToWeek" | "TruncateToMonth" | "TruncateToYear";
+/**
+ * Column definition when creating a table (POST /api/databases/{db}/tables).
+ */
+interface CreateColumnRequest {
+    name: string;
+    type: string;
+    /** Whether the column allows null values. */
+    isNullable?: boolean;
+    primaryKeyOrder?: number;
+    partitionKeyOrder?: number;
+    clusterOrder?: number;
+    partitionFunction?: PartitionFunction;
+    reference?: {
+        targetTable: string;
+        targetColumn: string;
+    };
+    isAutoIncrement?: boolean;
+}
+/**
+ * Request body for creating a table. Must include database (required by server in multi-db).
+ */
+interface CreateTableRequest {
+    database: string;
+    name: string;
+    columns: CreateColumnRequest[];
+    policy?: {
+        storageTemperature?: string;
+    };
+    authMode?: AuthorizationMode;
+    permissionDimension?: string;
+    rlsResolverName?: string;
+}
+/**
+ * Request body for renaming a table (PATCH /api/databases/{db}/tables/{name}).
+ */
+interface RenameTableRequest {
+    database: string;
+    newName: string;
+}
+/**
+ * Request body for adding a column (POST /api/databases/{db}/tables/{name}/columns).
+ */
+interface AddColumnRequest {
+    database: string;
+    name: string;
+    type: string;
+}
+/**
+ * Request body for renaming a column (PATCH /api/databases/{db}/tables/{name}/columns/{columnName}).
+ */
+interface RenameColumnRequest {
+    database: string;
+    newName: string;
+}
+/**
+ * Request body for updating a table's storage policy (PUT /api/databases/{db}/tables/{name}/policy).
+ * When calling client.tables.updatePolicy(name, body), the client injects database from the scoped client.
+ * storageTemperature: "Auto" | "HotOnly" | "ColdPreferred".
+ */
+interface UpdateTablePolicyRequest {
+    storageTemperature: string;
+}
+/**
+ * Database options in server response (camelCase).
+ */
+interface DatabaseOptionsInfo {
+    maxMemoryBytes?: number | null;
+    defaultTemperature: string;
+    enableWal: boolean;
+    replicationMode: string;
+}
+/**
+ * Database info returned by list/create/get (camelCase, matches server JSON).
+ */
+interface DatabaseInfo {
+    name: string;
+    state: string;
+    createdAt: string;
+    options: DatabaseOptionsInfo;
+}
+/**
+ * Options when creating a database (camelCase, matches server request).
+ */
+interface CreateDatabaseOptions {
+    enableWal?: boolean;
+    replicationMode?: string;
+    maxMemoryBytes?: number | null;
+    defaultTemperature?: string | null;
+}
+interface BulkLoadOptions {
+    embeddingModelVersion?: string;
+    maxRowsPerSegment?: number;
+    conflictPolicy?: "block" | "failFast";
+    pkUniquenessOverride?: "strict" | "recent" | "bestEffort";
+    /** Replication policy. See ADR 0030. */
+    replicationMode?: "logShipSegments" | "skipReplication" | "markForSnapshot";
+    /** Two-key safety for "skipReplication" on multi-node clusters. */
+    forceSingleNodeReplicationBypass?: boolean;
+    /** Post-load materialized-query behavior. */
+    postLoadMqBehavior?: "auto" | "skip";
+    /** Write-concern barrier at commit. Default "acknowledged". */
+    writeConcern?: "acknowledged" | "majority" | "all";
+    /** Max wait for the write-concern barrier in milliseconds. Default 300000 (5 min). */
+    writeConcernTimeoutMs?: number;
+    /** Max rows per :append call. Default 50000. Server caps take precedence if lower. */
+    appendBatchSize?: number;
+    /** If true, wait for deferred work before resolving. Default false. */
+    waitForDeferredWork?: boolean;
+    /** Idempotency key. Strongly recommended for production; enables resume from durable cursor. */
+    idempotencyKey?: string;
+    /** Progress callback invoked after each :append and once during :commit. */
+    onProgress?: (progress: BulkLoadProgress) => void;
+    /** AbortSignal for cancellation. Issues :abort on the server before throwing. */
+    signal?: AbortSignal;
+}
+interface BulkLoadProgress {
+    ivfAssignmentsCompleted: number;
+    ivfAssignmentsTotal: number;
+    raBitQEncodingsCompleted: number;
+    raBitQEncodingsTotal: number;
+    cscMirrorsCompleted: number;
+    cscMirrorsTotal: number;
+    pkIndexRebuildCompleted: number;
+    pkIndexRebuildTotal: number;
+    replicas: BulkLoadReplicaProgress[];
+}
+interface BulkLoadReplicaProgress {
+    serverId: string;
+    segmentsFetched: number;
+    segmentsTotal: number;
+    lagSeconds: number;
+}
+interface BulkLoadJobHandle {
+    readonly jobId: string;
+    readonly tables: readonly string[];
+    readonly rowsLoaded: number;
+    readonly perTableRowCounts: Readonly<Record<string, number>>;
+    readonly rowsDurablyCommitted: number;
+    readonly segmentsCreated: number;
+    readonly committedAtUtc: string;
+    readonly walPosition: number;
+    readonly writeConcernSatisfied: "acknowledged" | "majority" | "all";
+    readonly writeConcernTimedOut: boolean;
+    /** True if this load was resumed from a server-restart-recovered job. */
+    readonly wasResumed: boolean;
+    /** Resolves when deferred work is done. Polls the server with exponential backoff. */
+    readonly deferredWorkCompletion: Promise<BulkLoadProgress>;
+    /** One-off progress snapshot. */
+    getProgress(): Promise<BulkLoadProgress>;
+}
+interface BulkLoadStatusResponse {
+    jobId: string;
+    tables: string[];
+    state: "acquired" | "appending" | "committing" | "deferred" | "completed" | "failed" | "aborted" | string;
+    rowsAppendedToBuffer: number;
+    rowsDurablyCommitted: number;
+    segmentsSealed: number;
+    startedAtUtc: string;
+    lastUpdatedUtc: string;
+    progress?: BulkLoadProgressDto;
+    replicas: BulkLoadReplicaProgressDto[];
+    error?: string;
+    errorCode?: string;
+    mqRebuildStatus?: "pending" | "inProgress" | "completed" | "skipped" | "failed" | string;
+}
+/** Response for GET /api/databases/{db}/bulk-load:list. */
+interface BulkLoadListResponse {
+    database: string;
+    jobs: BulkLoadStatusResponse[];
+    snapshotUtc: string;
+}
+/** Request body for POST /api/databases/{db}/bulk-load:force-abort. */
+interface BulkLoadForceAbortRequest {
+    database: string;
+    jobId: string;
+    /** Operator-supplied reason recorded in the WAL frame. Required. */
+    reason: string;
+}
+/** Response for POST /api/databases/{db}/bulk-load:force-abort. */
+interface BulkLoadForceAbortResponse {
+    jobId: string;
+    aborted: boolean;
+}
+/** @internal */
+interface BulkLoadProgressDto {
+    ivfAssignmentsCompleted: number;
+    ivfAssignmentsTotal: number;
+    raBitQEncodingsCompleted: number;
+    raBitQEncodingsTotal: number;
+    cscMirrorsCompleted: number;
+    cscMirrorsTotal: number;
+    pkIndexRebuildCompleted: number;
+    pkIndexRebuildTotal: number;
+}
+interface BulkLoadReplicaProgressDto {
+    serverId: string;
+    segmentsFetched: number;
+    segmentsTotal: number;
+    lagSeconds: number;
+}
+
+/**
+ * HTTP transport layer for @aouda/client.
+ * Internal use only — not exported from the package.
+ */
+
+/**
+ * Transport interface used by the client for all server calls.
+ * Implemented by HttpTransport and ResilientTransport (wrapper).
+ */
+interface Transport {
+    request<T>(config: RequestConfig): Promise<T>;
+    requestRaw(config: RequestConfig): Promise<Response>;
+    get<T>(path: string, options?: RequestOptions): Promise<T>;
+    post<T>(path: string, body: unknown, options?: RequestOptions): Promise<T>;
+    put<T>(path: string, body: unknown, options?: RequestOptions): Promise<T>;
+    patch<T>(path: string, body: unknown, options?: RequestOptions): Promise<T>;
+    delete<T>(path: string, body?: unknown, options?: RequestOptions): Promise<T>;
+    getText(path: string, options?: RequestOptions): Promise<string>;
+    /**
+     * POST a raw string body (e.g. NDJSON) without JSON serialization.
+     * The caller sets Content-Type via options.headers.
+     */
+    postRaw<T>(path: string, rawBody: string, contentType: string, options?: RequestOptions): Promise<T>;
+    /** List all bulk-load sessions for a database (admin). */
+    bulkLoadList(db: string): Promise<BulkLoadListResponse>;
+    /** Force-abort a stuck bulk-load job by emitting a BulkLoadAborted WAL frame (admin). */
+    bulkLoadForceAbort(db: string, jobId: string, reason: string): Promise<BulkLoadForceAbortResponse>;
+    abort(): void;
+    reset(): void;
+}
+
+/**
+ * Response types for admin API (server info, memory, metrics, health).
+ * Aligned with Aouda server JSON (camelCase).
+ */
+/** Service information from GET /. */
+interface ServiceInfo {
+    service: string;
+    version: string;
+    status: string;
+    tables: number;
+    databases: number;
+}
+/** Per-database memory in server memory response. */
+interface DatabaseMemoryUsage {
+    databaseName: string;
+    totalBytes: number;
+    budgetBytes: number | null;
+    hotSegmentBytes: number;
+    pageCacheBytes: number;
+    bloomFilterBytes: number;
+    tableCount: number;
+    pressure: string;
+    perTableBytes: Record<string, number>;
+}
+/** Server-wide memory usage from GET /api/server/memory. */
+interface ServerMemoryResponse {
+    serverTotalBytes: number;
+    serverMaxBytes: number;
+    sharedPoolBytes: number;
+    sharedPoolUsedBytes: number;
+    databaseCount: number;
+    perDatabaseUsage: Record<string, DatabaseMemoryUsage>;
+    timestamp: string;
+}
+/** Per-database metrics DTO in server metrics response. */
+interface DatabaseMetricsDto {
+    totalBytes: number;
+    budgetBytes: number | null;
+    hotSegmentBytes: number;
+    bloomFilterBytes: number;
+    pressure: string;
+    tableCount: number;
+    queryCount: number;
+    queryMs: number;
+    rowsReturned: number;
+    insertCount: number;
+    rowsInserted: number;
+    insertMs: number;
+    perTableBytes: Record<string, number>;
+}
+/** Server-wide per-database metrics from GET /api/server/metrics. */
+interface ServerMetricsResponse {
+    databases: Record<string, DatabaseMetricsDto>;
+}
+/** Single database metrics from GET /api/server/databases/{db}/metrics. */
+interface SingleDatabaseMetricsResponse {
+    databaseName: string;
+    totalBytes: number;
+    budgetBytes: number | null;
+    hotSegmentBytes: number;
+    bloomFilterBytes: number;
+    pressure: string;
+    tableCount: number;
+    engineAccessible: boolean;
+    queryCount: number;
+    queryMs: number;
+    rowsReturned: number;
+    insertCount: number;
+    rowsInserted: number;
+    insertMs: number;
+    perTableBytes: Record<string, number>;
+}
+/** Readiness probe response from GET /ready. */
+interface ReadinessResponse {
+    ready: boolean;
+    reason: string | null;
+}
+/** Component entry in detailed health response. */
+interface ComponentHealthEntry {
+    status: string;
+    isCritical: boolean;
+    reason?: string | null;
+    details?: Record<string, unknown> | null;
+}
+/** Detailed health from GET /health/detailed. */
+interface DetailedHealthResponse {
+    status: string;
+    timestamp: string;
+    serverRole: string;
+    checkDurationMs: number;
+    components: Record<string, ComponentHealthEntry>;
+}
+
+/**
+ * Server admin API: info, memory, metrics.
+ * Access via client.admin.server.
+ */
+
+declare class ServerAdminApi {
+    private readonly transport;
+    constructor(transport: Transport);
+    /**
+     * Service information (name, version, status, table/database counts).
+     * GET /
+     */
+    info(): Promise<ServiceInfo>;
+    /**
+     * Server-wide memory usage with per-database breakdown.
+     * GET /api/server/memory
+     */
+    memory(): Promise<ServerMemoryResponse>;
+    /**
+     * Per-database metrics summary for all databases.
+     * GET /api/server/metrics
+     */
+    metrics(): Promise<ServerMetricsResponse>;
+    /**
+     * Combined metrics for a single database.
+     * GET /api/server/databases/{db}/metrics
+     *
+     * @param databaseName - Database name.
+     */
+    databaseMetrics(databaseName: string): Promise<SingleDatabaseMetricsResponse>;
+}
+
+/**
+ * Health admin API: check, ready, detailed.
+ * Access via client.admin.health.
+ */
+
+declare class HealthAdminApi {
+    private readonly transport;
+    constructor(transport: Transport);
+    /**
+     * Basic liveness probe. Same as client.health().
+     * GET /health
+     */
+    check(): Promise<HealthStatus>;
+    /**
+     * Readiness probe. Returns 200 when ready; on 503 returns parsed body (ready: false, reason).
+     * GET /ready
+     */
+    ready(): Promise<ReadinessResponse>;
+    /**
+     * Detailed component-level health. Returns 200 when healthy/degraded, 503 when unhealthy (body still returned).
+     * GET /health/detailed
+     */
+    detailed(): Promise<DetailedHealthResponse>;
+}
+
+/**
+ * Response types for admin metrics API.
+ * Aligned with Aouda server JSON (camelCase) from MetricsSnapshot, MetricsSummary, MetricsHistory, SubsystemModels.
+ */
+/** Latency percentiles for response time metrics. */
+interface LatencyPercentiles {
+    p50: number;
+    p95: number;
+    p99: number;
+}
+/** Query execution metrics. */
+interface QueryMetrics {
+    total: number;
+    active: number;
+    totalMs: number;
+    durationMs: LatencyPercentiles;
+    rowsScanned: number;
+    rowsReturned: number;
+    hotAggregateOps: number;
+    coldAggregateOps: number;
+    hotScanRows: number;
+    coldScanRows: number;
+    parallelScans: number;
+    vectorizedOps: number;
+    fusedAggregateOps: number;
+}
+/** Page cache statistics. */
+interface PageCacheMetrics {
+    bytes: number;
+    entries: number;
+    hits: number;
+    misses: number;
+    hitRatio: number;
+    evictions: number;
+}
+/** Storage metrics for hot/cold segments. */
+interface StorageMetrics {
+    hotSegments: number;
+    coldSegments: number;
+    hotBytes: number;
+    coldBytes: number;
+    demotions: number;
+    promotions: number;
+    pageCache: PageCacheMetrics;
+}
+/** Replication state metrics. */
+interface ReplicationMetrics {
+    role: string;
+    walPosition: number;
+    lagBytes: number;
+    lagSeconds: number;
+    connectedPeers: number;
+    canAcceptWrites: boolean;
+    perDatabaseLag?: Record<string, number>;
+}
+/** Backup operation metrics. */
+interface BackupMetrics {
+    operationsStarted: number;
+    operationsCompleted: number;
+    operationsFailed: number;
+    blobsUploaded: number;
+    bytesUploaded: number;
+    restoreOperationsCompleted: number;
+}
+/** Partition operation metrics. */
+interface PartitioningMetrics {
+    promotions: number;
+    dedicatedPartitions: number;
+    autoModePartitions: number;
+    crossPartitionQueries: number;
+}
+/** Time-series/delta segment metrics. */
+interface TimeSeriesMetrics {
+    deltaSegmentsCreated: number;
+    lateArrivalsRouted: number;
+    manifestsRead: number;
+    segmentSummaryCount: number;
+}
+/** Materialized query metrics. */
+interface MaterializedQueryMetrics {
+    active: number;
+    lagMs: number;
+    queueDepth: number;
+    routes: number;
+}
+/** Bloom filter metrics. */
+interface BloomFilterMetrics {
+    lookups: number;
+    hits: number;
+    misses: number;
+    pagesPruned: number;
+    adaptiveBytes: number;
+}
+/** Mini-transaction metrics. */
+interface TransactionMetrics {
+    beginCount: number;
+    commitCount: number;
+    abortCount: number;
+    rowsCommitted: number;
+    activeCount: number;
+}
+/** Per-database memory metrics (memory subsystem). */
+interface DatabaseMemoryMetrics {
+    totalBytes: number;
+    budgetBytes: number | null;
+    hotBytes: number;
+    bloomBytes: number;
+    tableCount: number;
+    pressure: string;
+}
+/** Memory budget metrics. */
+interface MemoryMetrics {
+    totalBudgetBytes: number;
+    hotBytes: number;
+    cacheBytes: number;
+    evictions: number;
+    perDatabase?: Record<string, DatabaseMemoryMetrics>;
+}
+/** I/O operation metrics. */
+interface IoMetrics {
+    totalMs: number;
+    pageReadCount: number;
+    pageReadBytes: number;
+    pageReadMs: number;
+    decodeCount: number;
+    decodeMs: number;
+}
+/** SIMD intrinsics metrics. */
+interface SimdMetrics {
+    avx2Ops: number;
+    sse2Ops: number;
+    advSimdOps: number;
+    scalarFallbacks: number;
+    intrinsicsAvailable: number;
+}
+/** Per-database metrics in full snapshot (memory + operations). */
+interface PerDatabaseMetrics {
+    totalBytes: number;
+    budgetBytes: number | null;
+    hotSegmentBytes: number;
+    bloomFilterBytes: number;
+    pressure: string;
+    tableCount: number;
+    queryCount: number;
+    queryMs: number;
+    rowsReturned: number;
+    insertCount: number;
+    rowsInserted: number;
+    insertMs: number;
+    perTableBytes?: Record<string, number>;
+}
+/** Full metrics snapshot from GET /api/admin/metrics. */
+interface MetricsSnapshot {
+    timestamp: string;
+    uptimeSeconds: number;
+    query: QueryMetrics;
+    storage: StorageMetrics;
+    replication: ReplicationMetrics;
+    backup: BackupMetrics;
+    partitioning: PartitioningMetrics;
+    timeSeries: TimeSeriesMetrics;
+    materializedQueries: MaterializedQueryMetrics;
+    bloomFilters: BloomFilterMetrics;
+    transactions: TransactionMetrics;
+    memory: MemoryMetrics;
+    io: IoMetrics;
+    simd: SimdMetrics;
+    databases?: Record<string, PerDatabaseMetrics>;
+}
+/** Lightweight metrics summary from GET /api/admin/metrics/summary. */
+interface MetricsSummary {
+    timestamp: string;
+    status: string;
+    queriesPerSecond: number;
+    hotMemoryPercent: number;
+    replicationLagMs: number;
+    cacheHitRatio: number;
+    lastBackupHoursAgo: number;
+    activeConnections: number;
+    activeMaterializedQueries: number;
+    databaseCount: number;
+}
+/** Historical metrics from GET /api/admin/metrics/history. */
+interface MetricsHistory {
+    timestamps: string[];
+    queriesPerSecond: number[];
+    hotMemoryBytes: number[];
+    replicationLagMs: number[];
+    cacheHitRatio: number[];
+    rowsScanned: number[];
+}
+/** Options for metrics history request. */
+interface MetricsHistoryOptions {
+    /** Minutes of history (1–1440; server clamps). Default 60. */
+    minutes?: number;
+    /** Sampling interval in seconds (1–3600; server clamps). Default 60. */
+    interval?: number;
+}
+
+/**
+ * Admin metrics API: snapshot, summary, subsystem, history.
+ * Access via client.admin.metrics.
+ */
+
+declare class MetricsAdminApi {
+    private readonly transport;
+    constructor(transport: Transport);
+    /**
+     * Full metrics snapshot with all subsystems.
+     * GET /api/admin/metrics
+     */
+    snapshot(): Promise<MetricsSnapshot>;
+    /**
+     * Lightweight metrics summary for dashboard cards.
+     * GET /api/admin/metrics/summary
+     */
+    summary(): Promise<MetricsSummary>;
+    /**
+     * Metrics for a specific subsystem (query, storage, replication, etc.).
+     * GET /api/admin/metrics/{subsystem}
+     * Returns 404 for unknown subsystem name.
+     *
+     * @param name - Subsystem name (e.g. query, storage, replication, memory, io).
+     */
+    subsystem(name: string): Promise<Record<string, unknown>>;
+    /**
+     * Historical metrics for sparkline charts.
+     * GET /api/admin/metrics/history?minutes=&interval=
+     * Server clamps minutes to 1–1440, interval to 1–3600.
+     *
+     * @param options - Optional minutes (default 60) and interval in seconds (default 60).
+     */
+    history(options?: MetricsHistoryOptions): Promise<MetricsHistory>;
+}
+
+/**
+ * Response types for admin replication API.
+ * Aligned with Aouda server JSON (camelCase) from ReplicationModels.
+ */
+/** Per-database lag entry for GET /admin/replication/status. */
+interface PerDatabaseLagEntry {
+    walPosition: number;
+    primaryPosition: number;
+    lagBytes: number;
+}
+/** Replication status response from GET /admin/replication/status. */
+interface ReplicationStatusResponse {
+    role: string;
+    currentPrimary: string | null;
+    walPosition: number;
+    lagBytes: number;
+    fencingToken: number;
+    canAcceptWrites: boolean;
+    perDatabaseLag: Record<string, PerDatabaseLagEntry>;
+}
+/** Per-database status for a topology member. */
+interface PerDatabaseStatusEntry {
+    walPosition: number;
+    lagBytes: number;
+}
+/** Per-database table subscription info for a connected secondary. */
+interface SubscriptionInfo {
+    database: string;
+    filterMode: string;
+    tableNames: string[];
+}
+/** Information about a replica set member. */
+interface MemberInfo {
+    address: string;
+    role: string;
+    isSelf: boolean;
+    temperatureProfile: string | null;
+    isHidden: boolean;
+    isReadCandidate: boolean;
+    perDatabaseStatus: Record<string, PerDatabaseStatusEntry>;
+    subscriptions?: SubscriptionInfo[] | null;
+}
+/** Topology response from GET /admin/replication/topology. */
+interface TopologyResponse {
+    replicaSetName: string | null;
+    members: MemberInfo[];
+    readCandidates: string[];
+    primary: string | null;
+}
+/** Per-table replication coverage entry. */
+interface TableCoverageEntry {
+    replicationEnabled: boolean;
+    subscriberCount: number;
+    subscribers: string[];
+    warning: string | null;
+}
+/** Per-database coverage info. */
+interface DatabaseCoverageEntry {
+    tables: Record<string, TableCoverageEntry>;
+}
+/** Replication coverage response from GET /admin/replication/coverage. */
+interface CoverageResponse {
+    databases: Record<string, DatabaseCoverageEntry>;
+}
+
+/**
+ * Admin replication API: status, topology, coverage.
+ * Access via client.admin.replication.
+ */
+
+declare class ReplicationAdminApi {
+    private readonly transport;
+    constructor(transport: Transport);
+    /**
+     * Current replication status (role, lag, fencing token, per-database lag).
+     * GET /admin/replication/status
+     */
+    status(): Promise<ReplicationStatusResponse>;
+    /**
+     * Replica set topology (members, read candidates, primary).
+     * GET /admin/replication/topology
+     */
+    topology(): Promise<TopologyResponse>;
+    /**
+     * Per-table replication coverage across all databases.
+     * GET /admin/replication/coverage
+     */
+    coverage(): Promise<CoverageResponse>;
+}
+
+/**
+ * Admin cluster lifecycle response/request types.
+ * Mirrors Aouda server JSON payloads under /admin/cluster/*.
+ */
+type ClusterNodeRole = "secondary" | "witness";
+interface JoinClusterRequest {
+    replicaSetName: string;
+    primaryAddress: string;
+    thisNodeAddress: string;
+    role?: ClusterNodeRole;
+}
+interface JoinClusterResponse {
+    message: string;
+    replicaSetName: string;
+}
+interface LeaveClusterResponse {
+    message: string;
+}
+interface PromoteClusterResponse {
+    message: string;
+}
+interface FailoverClusterResponse {
+    message: string;
+}
+interface DrainClusterResponse {
+    nodeAddress: string;
+    isDraining: boolean;
+}
+interface ClusterMemberEntry {
+    address: string;
+    isDraining: boolean;
+}
+interface ClusterThisNodeEntry {
+    address?: string | null;
+    priority: number;
+    arbiter: boolean;
+}
+interface ClusterConfigResponse {
+    mode: string;
+    replicaSetName?: string | null;
+    members?: ClusterMemberEntry[] | null;
+    thisNode?: ClusterThisNodeEntry | null;
+    heartbeatIntervalMs: number;
+    electionTimeoutMs: number;
+}
+interface ClusterConfigPatchRequest {
+    heartbeatIntervalMs?: number;
+    electionTimeoutMs?: number;
+}
+
+/**
+ * Admin cluster lifecycle API.
+ * Access via client.admin.cluster.
+ */
+
+declare class ClusterAdminApi {
+    private readonly transport;
+    constructor(transport: Transport);
+    /**
+     * Join this node to an existing replica set.
+     * POST /admin/cluster/join
+     */
+    join(request: JoinClusterRequest): Promise<JoinClusterResponse>;
+    /**
+     * Leave the current cluster and return to standalone mode.
+     * DELETE /admin/cluster/leave
+     */
+    leave(): Promise<LeaveClusterResponse>;
+    /**
+     * Trigger election to promote this node.
+     * POST /admin/cluster/promote
+     */
+    promote(): Promise<PromoteClusterResponse>;
+    /**
+     * Trigger failover by stepping down current primary.
+     * POST /admin/cluster/failover
+     */
+    failover(): Promise<FailoverClusterResponse>;
+    /**
+     * Mark a member as draining.
+     * POST /admin/cluster/drain/{nodeAddress}
+     */
+    drain(nodeAddress: string): Promise<DrainClusterResponse>;
+    /**
+     * Fetch current cluster config.
+     * GET /admin/cluster/config
+     */
+    getConfig(): Promise<ClusterConfigResponse>;
+    /**
+     * Patch mutable cluster config fields.
+     * PATCH /admin/cluster/config
+     */
+    patchConfig(patch: ClusterConfigPatchRequest): Promise<ClusterConfigResponse>;
+}
+
+/**
+ * Admin backup response/request types.
+ * Mirrors Aouda server JSON payloads under /admin/backup/*.
+ */
+interface TriggerBackupRequest {
+    destination?: string | null;
+    incremental?: boolean;
+    baseBackupId?: string | null;
+}
+interface TriggerBackupResponse {
+    backupId: string;
+    createdUtc: string;
+    basedOn?: string | null;
+    totalBytes: number;
+    newBytes: number;
+    fileCount: number;
+    newFileCount: number;
+    blobsUploaded: number;
+    blobsSkipped: number;
+    durationSeconds: number;
+}
+interface BackupSummary {
+    backupId: string;
+    createdUtc: string;
+    basedOn?: string | null;
+    totalBytes: number;
+    newBytes: number;
+    fileCount: number;
+    newFileCount: number;
+}
+interface ListBackupsResponse {
+    backups: BackupSummary[];
+    warning?: string | null;
+}
+interface RestoreBackupResponse {
+    backupId: string;
+    restoredUtc: string;
+    filesRestored: number;
+    bytesDownloaded: number;
+    integrityVerified: boolean;
+    durationSeconds: number;
+}
+interface BackupSchedule {
+    cronExpression?: string | null;
+    destination?: string | null;
+    incremental: boolean;
+}
+
+/**
+ * Admin backup API.
+ * Access via client.admin.backup.
+ */
+
+declare class BackupAdminApi {
+    private readonly transport;
+    constructor(transport: Transport);
+    /**
+     * Trigger an immediate backup.
+     * POST /admin/backup/trigger
+     */
+    trigger(request?: TriggerBackupRequest): Promise<TriggerBackupResponse>;
+    /**
+     * List available backups.
+     * GET /admin/backup/list
+     */
+    list(): Promise<ListBackupsResponse>;
+    /**
+     * Restore a backup by id.
+     * POST /admin/backup/restore/{id}
+     */
+    restore(backupId: string): Promise<RestoreBackupResponse>;
+    /**
+     * Get backup schedule.
+     * GET /admin/backup/schedule
+     */
+    getSchedule(): Promise<BackupSchedule>;
+    /**
+     * Set backup schedule.
+     * PUT /admin/backup/schedule
+     */
+    setSchedule(schedule: BackupSchedule): Promise<BackupSchedule>;
+}
+
+/**
+ * Admin runtime configuration response/request types.
+ * Mirrors Aouda server JSON payloads under /admin/config*.
+ */
+interface AdminMemoryConfig {
+    maxTotalRamBytes: number;
+    maxHotBytes: number;
+    maxPageCacheBytes: number;
+}
+interface AdminBackupConfig {
+    cronExpression?: string | null;
+    destination?: string | null;
+    incremental: boolean;
+}
+interface AdminLoggingConfig {
+    level: string;
+}
+interface AdminConfigResponse {
+    memory: AdminMemoryConfig;
+    backup: AdminBackupConfig;
+    logging: AdminLoggingConfig;
+}
+interface AdminConfigSchemaResponse {
+    mutableFields: string[];
+    immutableFields: string[];
+}
+interface AdminMemoryPatch {
+    maxTotalRamBytes?: number;
+    maxHotBytes?: number;
+    maxPageCacheBytes?: number;
+}
+interface AdminBackupPatch {
+    cronExpression?: string | null;
+    destination?: string | null;
+    incremental?: boolean;
+}
+interface AdminLoggingPatch {
+    level?: string;
+}
+interface AdminConfigPatchRequest {
+    memory?: AdminMemoryPatch;
+    backup?: AdminBackupPatch;
+    logging?: AdminLoggingPatch;
+}
+
+/**
+ * Admin runtime config API.
+ * Access via client.admin.config.
+ */
+
+declare class ConfigAdminApi {
+    private readonly transport;
+    constructor(transport: Transport);
+    /**
+     * Get current runtime config.
+     * GET /admin/config
+     */
+    get(): Promise<AdminConfigResponse>;
+    /**
+     * Patch mutable runtime config values.
+     * PATCH /admin/config
+     */
+    patch(patch: AdminConfigPatchRequest): Promise<AdminConfigResponse>;
+    /**
+     * Get mutable and immutable config fields.
+     * GET /admin/config/schema
+     */
+    schema(): Promise<AdminConfigSchemaResponse>;
+}
+
+/**
+ * Admin node info/log response/request types.
+ * Mirrors Aouda server JSON payloads under /admin/node*.
+ */
+interface NodeInfoResponse {
+    nodeId: string;
+    address?: string | null;
+    role: string;
+    version: string;
+    uptimeSeconds: number;
+    processId: number;
+    machineName: string;
+    osDescription: string;
+    processorCount: number;
+    workingSetBytes: number;
+    gcHeapBytes: number;
+}
+type NodeLogLevel = "Trace" | "Debug" | "Information" | "Warning" | "Error" | "Critical";
+interface NodeLogEntry {
+    timestampUtc: string;
+    level: NodeLogLevel;
+    category: string;
+    message: string;
+}
+interface NodeLogsResponse {
+    entries: NodeLogEntry[];
+}
+interface NodeLogsQuery extends RequestOptions {
+    level?: NodeLogLevel;
+    contains?: string;
+    limit?: number;
+}
+interface NodeLogStreamOptions extends RequestOptions {
+    level?: NodeLogLevel;
+    contains?: string;
+}
+
+/**
+ * Admin node info and logs API.
+ * Access via client.admin.node.
+ */
+
+declare class NodeAdminApi {
+    private readonly transport;
+    constructor(transport: Transport);
+    /**
+     * Get node identity and resource snapshot.
+     * GET /admin/node
+     */
+    get(): Promise<NodeInfoResponse>;
+    /**
+     * Query recent buffered logs.
+     * GET /admin/node/logs
+     */
+    logs(options?: NodeLogsQuery): Promise<NodeLogsResponse>;
+    /**
+     * Stream node logs as SSE events.
+     * GET /admin/node/logs/stream
+     */
+    streamLogs(options?: NodeLogStreamOptions): AsyncIterable<NodeLogEntry>;
+    private buildLogsPath;
+}
+
+/**
+ * Admin API: server info, memory, metrics, health, replication.
+ * Access via client.admin.
+ */
+
+/** Aggregated admin API exposed as client.admin. */
+declare class AdminApi {
+    readonly server: ServerAdminApi;
+    readonly health: HealthAdminApi;
+    readonly metrics: MetricsAdminApi;
+    readonly replication: ReplicationAdminApi;
+    readonly cluster: ClusterAdminApi;
+    readonly backup: BackupAdminApi;
+    readonly config: ConfigAdminApi;
+    readonly node: NodeAdminApi;
+    constructor(transport: Transport);
+}
+
+/**
+ * AuthHandler — manages the client's authentication state:
+ * token storage, proactive refresh, and a promise-coalescing single-refresh gate.
+ *
+ * Two-layer auth model: clients connect via API key (Layer 1); user sign-in is performed
+ * explicitly via AuthClient.signIn() (Layer 2). There is no auto-authentication on first request.
+ *
+ * All auth endpoint calls use direct globalThis.fetch to avoid
+ * circular refresh through the transport pipeline.
+ *
+ * @internal
+ */
+
+/**
+ * Flat credential config passed to AuthHandler.
+ * Decoupled from ServerAuthOptions/AppAuthOptions so the handler is auth-system-agnostic.
+ * @internal
+ */
+interface AuthConfig {
+    /** Resolved auth endpoint base path: "/api/auth" or "/api/databases/{db}/auth". */
+    basePath: string;
+    apiKey?: string;
+    token?: string;
+    refreshToken?: string;
+    userToken?: string;
+    /** Explicit auth database name (app auth only). */
+    authDatabase?: string;
+    /** How early before expiry (ms) to proactively refresh. Default: 120_000 (2 min). */
+    refreshThresholdMs?: number;
+}
+declare class AuthHandler {
+    private _accessToken;
+    private _refreshToken;
+    private _tokenExpiry;
+    private _authenticated;
+    private _refreshPromise;
+    private readonly _serverUrl;
+    private readonly _timeout;
+    private readonly _refreshThresholdMs;
+    private readonly _apiKeyMode;
+    private readonly _isServiceKeyMode;
+    private readonly _userToken;
+    /** Base path for auth endpoints: either "/api/auth" (server) or "/api/databases/{db}/auth" (app). */
+    private readonly _authBasePath;
+    private _authDatabase;
+    private readonly _authDatabaseExplicit;
+    constructor(config: AuthConfig, serverUrl: string, timeout: number);
+    /** True when configured with apiKey and no refresh-capable user session exists. */
+    get isApiKeyMode(): boolean;
+    /**
+     * The user JWT to forward as X-User-Token on outgoing requests.
+     * Non-null only when the primary credential is a service-level key
+     * (prefix `mk_svc_` or `mk_srv_`) and `userToken` was set in the auth config.
+     */
+    get userToken(): string | null;
+    /** The resolved auth database name (explicit, discovered, or default "_auth"). */
+    get authDatabase(): string;
+    /**
+     * Updates the auth database from an X-Auth-Database response header.
+     * Only updates if the database was not explicitly configured at construction.
+     */
+    setDiscoveredAuthDatabase(name: string): void;
+    /** Whether initial authentication has completed. */
+    get isAuthenticated(): boolean;
+    /** Internal server URL used for direct auth endpoint calls. */
+    get serverUrl(): string;
+    /** Internal auth base path (e.g. /api/auth or /api/databases/{db}/auth). */
+    get authBasePath(): string;
+    /** Internal request timeout used for direct auth endpoint calls. */
+    get timeoutMs(): number;
+    /** Current access token (null if not yet authenticated). */
+    get currentAccessToken(): string | null;
+    /** Current refresh token (null if not set). */
+    get currentRefreshToken(): string | null;
+    /**
+     * No-op in the two-layer auth model.
+     * App-mode clients connect via ApiKey (set at construction).
+     * User sign-in is done explicitly via AuthClient.signIn() / signUp().
+     */
+    ensureAuthenticated(): Promise<void>;
+    /**
+     * Returns the current access token. If the token is within the refresh threshold
+     * of expiry, proactively refreshes first. In API key mode, returns the API key with no refresh.
+     */
+    getAccessToken(): Promise<string | null>;
+    /**
+     * Attempts to refresh the access token using the stored refresh token.
+     * Uses promise coalescing: if a refresh is already in flight, all callers
+     * await the same Promise. The first caller initiates the refresh; subsequent
+     * callers get the same result.
+     *
+     * @returns true if refresh succeeded, false if it failed.
+     */
+    tryRefresh(): Promise<boolean>;
+    /**
+     * Stores tokens from an auth response (sign-in, sign-up, or refresh).
+     */
+    handleSignInResult(result: AuthResult): void;
+    /**
+     * Clears all stored tokens (called on sign-out).
+     */
+    clearTokens(): void;
+    callSignInEndpoint(email: string, password: string): Promise<AuthResult | null>;
+    callSignUpEndpoint(email: string, password: string): Promise<AuthResult | null>;
+    callSignOutEndpoint(): Promise<void>;
+    callRefreshEndpoint(): Promise<AuthResult>;
+    callMeEndpoint(): Promise<UserProfile>;
+    callChangePasswordEndpoint(currentPassword: string, newPassword: string): Promise<void>;
+    private shouldProactivelyRefresh;
+    private _doRefresh;
+    private _fetchJson;
+    private _tryReadErrorBody;
+}
+
+/**
+ * AuthClient — public auth API exposed as `client.auth`.
+ * Makes direct fetch calls through AuthHandler (not through the transport
+ * pipeline) to avoid circular refresh.
+ */
+
+/**
+ * Public auth API for application-level auth operations.
+ * Access via `client.auth`.
+ */
+declare class AuthClient {
+    private readonly _authHandler;
+    constructor(authHandler: AuthHandler);
+    /**
+     * Creates a new user account and returns auth tokens.
+     * Updates the client's stored tokens so subsequent requests use the new identity.
+     */
+    signUp(email: string, password: string): Promise<AuthResult>;
+    /**
+     * Authenticates with credentials and returns auth tokens.
+     * Updates the client's stored tokens so subsequent requests use the new identity.
+     */
+    signIn(email: string, password: string): Promise<AuthResult>;
+    /**
+     * Signs out the current user, revokes session, and clears stored tokens.
+     */
+    signOut(): Promise<void>;
+    /**
+     * Refreshes the access token using the stored refresh token.
+     * Updates the client's stored tokens.
+     */
+    refresh(): Promise<AuthResult>;
+    /**
+     * Returns the current user's profile.
+     */
+    me(): Promise<UserProfile>;
+    /**
+     * Changes the current user's password.
+     */
+    changePassword(currentPassword: string, newPassword: string): Promise<void>;
+    /**
+     * Creates a partition grant for a user.
+     */
+    createPartitionGrant(userId: string, request: CreatePartitionGrantRequest): Promise<PartitionGrant>;
+    /**
+     * Lists partition grants for a user with optional dimension filtering.
+     */
+    listPartitionGrants(userId: string, options?: {
+        dimension?: string;
+    }): Promise<PartitionGrant[]>;
+    /**
+     * Deletes a partition grant for a user.
+     */
+    deletePartitionGrant(userId: string, grantId: string): Promise<void>;
+    /**
+     * Creates an RLS resolver.
+     */
+    createRlsResolver(request: CreateRlsResolverRequest): Promise<RlsResolver>;
+    /**
+     * Lists RLS resolvers with optional target table filtering.
+     */
+    listRlsResolvers(options?: {
+        targetTable?: string;
+    }): Promise<RlsResolver[]>;
+    /**
+     * Gets a single RLS resolver.
+     */
+    getRlsResolver(resolverId: string): Promise<RlsResolver>;
+    /**
+     * Updates an existing RLS resolver.
+     */
+    updateRlsResolver(resolverId: string, request: UpdateRlsResolverRequest): Promise<RlsResolver>;
+    /**
+     * Deletes an RLS resolver.
+     */
+    deleteRlsResolver(resolverId: string): Promise<void>;
+    private validateNonEmptyString;
+    private authRequest;
+    private tryReadAuthError;
+}
+
+/**
+ * Wire protocol message types for Aouda real-time streaming (ADR 0020 §4).
+ * No imports — pure type definitions.
+ */
+type StreamingWireMode = "json" | "msgpack";
+interface AuthMessage {
+    type: "auth";
+    token: string | null;
+    database: string;
+    wire_mode?: StreamingWireMode;
+}
+interface SubscribeMessage {
+    type: "subscribe";
+    id: string;
+    target: string;
+    filter?: Record<string, unknown>;
+    resume_from?: number;
+}
+interface UnsubscribeMessage {
+    type: "unsubscribe";
+    id: string;
+}
+interface StreamOpenMessage {
+    type: "stream_open";
+    id: string;
+    table: string;
+    mode: "insert" | "upsert";
+}
+interface StreamRowsMessage {
+    type: "stream_rows";
+    id: string;
+    seq: number;
+    rows: unknown[];
+}
+interface StreamCloseMessage {
+    type: "stream_close";
+    id: string;
+}
+interface PingMessage {
+    type: "ping";
+}
+type ClientMessage = AuthMessage | SubscribeMessage | UnsubscribeMessage | StreamOpenMessage | StreamRowsMessage | StreamCloseMessage | PingMessage;
+interface AuthOkMessage {
+    type: "auth_ok";
+    user_id?: string;
+    expires_at?: string;
+    wire_mode?: StreamingWireMode;
+}
+interface AuthErrorMessage {
+    type: "auth_error";
+    code: string;
+    message: string;
+}
+interface SnapshotMessage {
+    type: "snapshot";
+    id: string;
+    rows: unknown[];
+    version: number;
+}
+interface ChangeMessage {
+    type: "change";
+    id: string;
+    op: "insert" | "update" | "delete";
+    row?: unknown;
+    prev?: unknown;
+    key?: unknown;
+    version: number;
+}
+interface StreamAckMessage {
+    type: "stream_ack";
+    id: string;
+    through: number;
+}
+interface StreamReadyMessage {
+    type: "stream_ready";
+    id: string;
+}
+interface StreamClosedMessage {
+    type: "stream_closed";
+    id: string;
+}
+interface HeartbeatMessage {
+    type: "heartbeat";
+    version: number;
+}
+interface ServerErrorMessage {
+    type: "error";
+    id?: string;
+    code: string;
+    message: string;
+}
+interface PongMessage {
+    type: "pong";
+}
+type ServerMessage = AuthOkMessage | AuthErrorMessage | SnapshotMessage | ChangeMessage | StreamAckMessage | StreamReadyMessage | StreamClosedMessage | HeartbeatMessage | ServerErrorMessage | PongMessage;
+
+type StreamingMessageHandler = (message: ServerMessage) => void;
+interface StreamingTransport {
+    readonly lastVersion: number;
+    connect(): Promise<void>;
+    send(message: ClientMessage): Promise<void>;
+    registerHandler(id: string, handler: StreamingMessageHandler): void;
+    unregisterHandler(id: string): void;
+    registerReconnectHandler(id: string, handler: () => void): void;
+    unregisterReconnectHandler(id: string): void;
+    dispose(): Promise<void>;
+}
+
+interface SubscriptionSnapshotEvent<T = Record<string, unknown>> {
+    type: "snapshot";
+    rows: T[];
+    version: number;
+}
+interface SubscriptionChangeEvent<T = Record<string, unknown>> {
+    type: "change";
+    op: "insert" | "update" | "delete";
+    row?: T;
+    prev?: T;
+    key?: unknown;
+    version: number;
+}
+type SubscriptionEvent<T = Record<string, unknown>> = SubscriptionSnapshotEvent<T> | SubscriptionChangeEvent<T>;
+interface SubscribeOptions<T = Record<string, unknown>> {
+    onSnapshot?: (rows: T[], version: number) => void;
+    onChange?: (event: SubscriptionChangeEvent<T>) => void;
+    onError?: (error: Error) => void;
+    filter?: Record<string, unknown>;
+}
+interface Subscription<T = Record<string, unknown>> extends AsyncIterable<SubscriptionEvent<T>> {
+    readonly id: string;
+    readonly lastVersion: number;
+    unsubscribe(): Promise<void>;
+}
+
+interface OpenWriteStreamOptions {
+    mode?: "insert" | "upsert";
+}
+interface WriteStream<T = Record<string, unknown>> {
+    readonly id: string;
+    readonly lastAcknowledgedSeq: number;
+    write(row: Partial<T> | Partial<T>[]): Promise<void>;
+    close(): Promise<void>;
+}
+
+/**
+ * Query builder for @aouda/client.
+ * Provides a fluent API for constructing and executing queries.
+ */
+
+/**
+ * Mutable builder for a nested {@link WhereClause} used with {@link TableQuery.whereGroup}.
+ * - `where()` — ANDs predicates inside this group.
+ * - `orWhere()` — adds to this group’s `or` list (disjunction).
+ * - `subgroup()` — nests another clause under wire `groups`.
+ */
+declare class WhereGroupBuilder {
+    private andPredicates;
+    private orPredicates;
+    private subgroups;
+    where(column: string, operator: "isNull" | "isNotNull"): this;
+    where(column: string, operator: Exclude<WhereOperator, "isNull" | "isNotNull">, value: unknown): this;
+    /**
+     * Adds a predicate to the inner `or` list (disjunction within this group).
+     */
+    orWhere(column: string, operator: "isNull" | "isNotNull"): this;
+    orWhere(column: string, operator: Exclude<WhereOperator, "isNull" | "isNotNull">, value: unknown): this;
+    /**
+     * Nests a further {@link WhereClause} under `groups`.
+     */
+    subgroup(fn: (inner: WhereGroupBuilder) => void): this;
+    build(): WhereClause;
+}
+/**
+ * One batch mutation operation for {@link TableQuery.batch}.
+ */
+type BatchOperationInput<T = Record<string, unknown>> = {
+    where: (query: TableQuery<T>) => TableQuery<T>;
+    update: Partial<T>;
+    delete?: false;
+} | {
+    where: (query: TableQuery<T>) => TableQuery<T>;
+    delete: true;
+    limit?: number;
+    orderBy?: OrderByClause[];
+    update?: never;
+};
+/**
+ * Internal state for the query builder.
+ * This is passed between immutable instances.
+ */
+interface QueryBuilderState {
+    predicates: WherePredicate[];
+    /** Root-level `groups` entries (each merged with top-level `and`). */
+    groupClauses: WhereClause[];
+    orderByClauses: OrderByClause[];
+    joinClauses: JoinClause[];
+    aggregateOperations: AggregateOperation[];
+    groupByColumns: string[] | null;
+    selectColumns: string[] | null;
+    limitValue: number | null;
+    offsetValue: number | null;
+    crossPartitionAccess: boolean;
+    /** Server-side computed column projections (S7). */
+    selectExprs: ComputedColumnDef[] | null;
+}
+/**
+ * Coerces a raw columnar value using the server-declared column type name.
+ *
+ * The server sends typed columnar data (e.g. Timestamp as Int64 ticks, Guid as string) alongside
+ * a `types[]` array. This function is the TypeScript equivalent of the C# `CoerceValue` in
+ * `ClientColumnarResult` — it is the single place that applies type-aware conversions so that
+ * callers receive properly typed values without needing to know about wire-format details.
+ *
+ * Timestamp: .NET ticks (100-ns intervals since 0001-01-01 UTC) → ISO 8601 string.
+ * Guid:      already a string — passed through unchanged.
+ * All other types: passed through unchanged.
+ */
+declare function coerceColumnarValue(value: unknown, typeName: string): unknown;
+/**
+ * Fluent query builder for Aouda tables.
+ *
+ * The builder is immutable — each method returns a new instance
+ * with the updated state, allowing query branching.
+ *
+ * @example
+ * ```typescript
+ * const results = await client.table('orders')
+ *   .where('status', '=', 'active')
+ *   .where('price', '>', 100)
+ *   .orderBy('price', 'desc')
+ *   .thenBy('createdAt')
+ *   .limit(50)
+ *   .select('id', 'status', 'price')
+ *   .execute();
+ * ```
+ *
+ * Nested boolean filters (e.g. OR under an AND) use {@link TableQuery.whereGroup} and
+ * {@link WhereGroupBuilder}; those become the wire `groups` array on {@link WhereClause}.
+ *
+ * @typeParam T - The type of rows returned by the query.
+ */
+declare class TableQuery<T = Record<string, unknown>> {
+    private readonly transport;
+    private readonly tableName;
+    private readonly database;
+    private readonly state;
+    private readonly getWebSocketTransport;
+    /**
+     * Creates a new TableQuery instance.
+     *
+     * @param transport - The HTTP transport for making requests.
+     * @param tableName - The name of the table to query.
+     * @param database - The database name for path and request body.
+     * @param state - Optional initial state (used for immutable chaining).
+     * @internal Use `client.table()` to create queries.
+     */
+    constructor(transport: Transport, tableName: string, database: string, state?: QueryBuilderState, getWebSocketTransport?: () => StreamingTransport);
+    /**
+     * Adds a filter predicate to the query.
+     * Multiple `where()` calls are combined with AND.
+     *
+     * When T is a specific row type, only keys of T are accepted as column names.
+     *
+     * @param column - The column name to filter on.
+     * @param operator - The comparison operator.
+     * @param value - The value to compare against.
+     * @returns A new TableQuery with the filter added.
+     *
+     * @example
+     * ```typescript
+     * query.where('status', '=', 'active')
+     *      .where('price', '>', 100)
+     * ```
+     */
+    where(column: keyof T & string, operator: "isNull" | "isNotNull"): TableQuery<T>;
+    where(column: keyof T & string, operator: Exclude<WhereOperator, "isNull" | "isNotNull">, value: unknown): TableQuery<T>;
+    /**
+     * AND-combines a nested where subtree with any prior `where()` predicates.
+     * Serializes as the `groups` property on the request body (see {@link WhereClause.groups}).
+     *
+     * @param fn - Configures a {@link WhereGroupBuilder}; must not leave the group empty.
+     */
+    whereGroup(fn: (g: WhereGroupBuilder) => void): TableQuery<T>;
+    /**
+     * Sets the primary sort column for the query.
+     * Calling `orderBy()` again replaces any previous ordering.
+     *
+     * When T is a specific row type, only keys of T are accepted as column names.
+     *
+     * @param column - The column name to sort by.
+     * @param direction - The sort direction ('asc' or 'desc'). Defaults to 'asc'.
+     * @returns A new TableQuery with the ordering set.
+     *
+     * @example
+     * ```typescript
+     * query.orderBy('price', 'desc')
+     * ```
+     */
+    orderBy(column: keyof T & string, direction?: SortDirection): TableQuery<T>;
+    /**
+     * Sets the primary sort column to descending order.
+     * Convenience alias for `orderBy(column, 'desc')`.
+     *
+     * @param column - The column name to sort by descending.
+     * @returns A new TableQuery with descending ordering set.
+     *
+     * @example
+     * ```typescript
+     * query.orderByDescending('price')
+     * ```
+     */
+    orderByDescending(column: keyof T & string): TableQuery<T>;
+    /**
+     * Adds a secondary sort column to the query.
+     * Must be called after `orderBy()`.
+     *
+     * When T is a specific row type, only keys of T are accepted as column names.
+     *
+     * @param column - The column name to sort by.
+     * @param direction - The sort direction ('asc' or 'desc'). Defaults to 'asc'.
+     * @returns A new TableQuery with the secondary sort added.
+     * @throws Error if `orderBy()` has not been called first.
+     *
+     * @example
+     * ```typescript
+     * query.orderBy('status')
+     *      .thenBy('price', 'desc')
+     *      .thenBy('createdAt')
+     * ```
+     */
+    thenBy(column: keyof T & string, direction?: SortDirection): TableQuery<T>;
+    /**
+     * Sets the maximum number of rows to return.
+     *
+     * @param count - The maximum number of rows.
+     * @returns A new TableQuery with the limit set.
+     *
+     * @example
+     * ```typescript
+     * query.limit(50)
+     * ```
+     */
+    limit(count: number): TableQuery<T>;
+    /**
+     * Sets the number of rows to skip.
+     *
+     * @param count - The number of rows to skip.
+     * @returns A new TableQuery with the offset set.
+     *
+     * @example
+     * ```typescript
+     * query.offset(100).limit(50) // Page 3 of 50-row pages
+     * ```
+     */
+    offset(count: number): TableQuery<T>;
+    /**
+     * Requests cross-partition access for this query.
+     *
+     * Sets `crossPartitionAccess: true` on the wire request. Use for admin or
+     * authorized analytics queries that scan multiple partitions without a
+     * partition-key filter. Server-side PLS and role checks still apply.
+     *
+     * @returns A new TableQuery with cross-partition access enabled.
+     */
+    withCrossPartitionAccess(): TableQuery<T>;
+    /**
+     * Restricts the columns returned in the result.
+     * If not called, all columns are returned.
+     *
+     * When T is a specific row type, only keys of T are accepted as column names.
+     *
+     * @param columns - The column names to return.
+     * @returns A new TableQuery with column selection set.
+     *
+     * @example
+     * ```typescript
+     * query.select('id', 'name', 'price')
+     * ```
+     */
+    select(...columns: (keyof T & string)[]): TableQuery<T>;
+    /**
+     * Adds server-side computed columns to the query result.
+     *
+     * Each entry specifies an output alias and a {@link ScalarExprNode} expression tree
+     * evaluated per row on the server. Computed columns are appended after any physical-column
+     * `select()` projection.
+     *
+     * @param projections - One or more `{ alias, expr }` pairs.
+     * @returns A new TableQuery with computed columns set.
+     *
+     * @example
+     * ```typescript
+     * query.selectExpr(
+     *   { alias: 'discounted', expr: { $mul: [{ $col: 'price' }, { $lit: 0.9 }] } }
+     * )
+     * ```
+     */
+    selectExpr(...projections: ComputedColumnDef[]): TableQuery<T>;
+    /**
+     * Adds an INNER JOIN clause.
+     */
+    join(rightTable: string, leftColumn: string, rightColumn: string): TableQuery<Record<string, unknown>>;
+    join(rightTable: string, leftColumns: string[], rightColumns: string[]): TableQuery<Record<string, unknown>>;
+    /**
+     * Adds a LEFT JOIN clause.
+     */
+    leftJoin(rightTable: string, leftColumn: string, rightColumn: string): TableQuery<Record<string, unknown>>;
+    leftJoin(rightTable: string, leftColumns: string[], rightColumns: string[]): TableQuery<Record<string, unknown>>;
+    /**
+     * Adds a RIGHT JOIN clause.
+     */
+    rightJoin(rightTable: string, leftColumn: string, rightColumn: string): TableQuery<Record<string, unknown>>;
+    rightJoin(rightTable: string, leftColumns: string[], rightColumns: string[]): TableQuery<Record<string, unknown>>;
+    /**
+     * Adds a FULL JOIN clause.
+     */
+    fullJoin(rightTable: string, leftColumn: string, rightColumn: string): TableQuery<Record<string, unknown>>;
+    fullJoin(rightTable: string, leftColumns: string[], rightColumns: string[]): TableQuery<Record<string, unknown>>;
+    /**
+     * Adds a CROSS JOIN clause.
+     */
+    crossJoin(rightTable: string): TableQuery<Record<string, unknown>>;
+    /**
+     * Adds a SUM aggregate operation for the specified column.
+     */
+    sum(column: keyof T & string): TableQuery<T>;
+    /**
+     * Adds a MIN aggregate operation for the specified column.
+     */
+    min(column: keyof T & string): TableQuery<T>;
+    /**
+     * Adds a MAX aggregate operation for the specified column.
+     */
+    max(column: keyof T & string): TableQuery<T>;
+    /**
+     * Sets grouping columns for aggregate queries.
+     */
+    groupBy(...columns: (keyof T & string)[]): TableQuery<T>;
+    /**
+     * Validates grouped aggregate configuration and returns the same query.
+     */
+    groupAggregate(): TableQuery<T>;
+    /**
+     * Subscribes to table changes over the shared WebSocket transport.
+     * Supports callback handlers and async-iterator consumption.
+     */
+    subscribe(options?: SubscribeOptions<T>): Subscription<T>;
+    /**
+     * Opens a high-throughput write stream for insert/upsert operations.
+     */
+    openWriteStream(options?: OpenWriteStreamOptions): Promise<WriteStream<T>>;
+    /**
+     * Builds the query request body for the wire protocol.
+     * @returns The query request object.
+     * @internal
+     */
+    private buildRequest;
+    private buildWhereClause;
+    private addJoinClause;
+    private addAggregate;
+    private requireWebSocketTransport;
+    /**
+     * Executes the query and returns the results.
+     *
+     * Sends a POST request to `/api/query` with the built query
+     * and converts the columnar response to row objects.
+     *
+     * @returns The query result with rows and statistics.
+     *
+     * @example
+     * ```typescript
+     * const result = await client.table('orders')
+     *   .where('status', '=', 'active')
+     *   .execute();
+     *
+     * console.log(result.rows);
+     * console.log(result.stats.executionMs);
+     * ```
+     */
+    execute(): Promise<QueryResult<T>>;
+    /**
+     * Executes the query and returns the raw columnar JSON payload (no row-object conversion).
+     */
+    toColumnar(): Promise<ColumnarResponse>;
+    /**
+     * Executes a count query and returns the number of matching rows.
+     *
+     * This is a convenience method that executes the query with
+     * limit 0 and returns the rowCount from statistics.
+     *
+     * @returns The number of rows matching the query.
+     *
+     * @example
+     * ```typescript
+     * const count = await client.table('orders')
+     *   .where('status', '=', 'active')
+     *   .count();
+     * ```
+     */
+    count(): Promise<number>;
+    /**
+     * Inserts a single row into the table.
+     *
+     * This is a terminal operation — it executes immediately and returns
+     * a Promise. It does not use query builder state (where, orderBy, etc.).
+     *
+     * @param row - The row data to insert. Keys are column names.
+     * @returns The insert result with row count, execution time, and optional generated values.
+     * @throws Error if `row` is null or undefined.
+     *
+     * @example
+     * ```typescript
+     * const result = await client.table('orders')
+     *   .insert({ status: 'pending', price: 100 });
+     *
+     * console.log(result.rowsInserted); // 1
+     * console.log(result.generatedValues); // { "0": { id: 42 } }
+     * ```
+     */
+    insert(row: Partial<T>): Promise<InsertResult>;
+    /**
+     * Inserts multiple rows into the table in a single request.
+     *
+     * This is a terminal operation — it executes immediately and returns
+     * a Promise. It does not use query builder state (where, orderBy, etc.).
+     *
+     * @param rows - Array of row objects to insert. Must contain at least one row.
+     * @returns The insert result with total row count, execution time, and optional generated values.
+     * @throws Error if `rows` is empty.
+     *
+     * @example
+     * ```typescript
+     * const result = await client.table('orders')
+     *   .insertMany([
+     *     { status: 'pending', price: 100 },
+     *     { status: 'shipped', price: 200 },
+     *   ]);
+     *
+     * console.log(result.rowsInserted); // 2
+     * ```
+     */
+    insertMany(rows: Partial<T>[]): Promise<InsertResult>;
+    /**
+     * Updates rows matching the current where predicates.
+     *
+     * This is a terminal operation — it executes immediately and returns
+     * a Promise. Requires at least one `where()` predicate to prevent
+     * accidental bulk updates.
+     *
+     * @param values - The column values to set. Keys are column names.
+     * @returns The mutation result with rows affected and execution time.
+     * @throws Error if no `where()` predicates have been set.
+     * @throws Error if `values` is null, undefined, or empty.
+     *
+     * @example
+     * ```typescript
+     * const result = await client.table('orders')
+     *   .where('id', '=', 1)
+     *   .update({ status: 'shipped' });
+     *
+     * console.log(result.rowsAffected); // 1
+     * ```
+     */
+    update(values: Partial<T>, options?: UpdateOptions): Promise<MutationResult>;
+    /**
+     * Deletes rows matching the current where predicates.
+     *
+     * This is a terminal operation — it executes immediately and returns
+     * a Promise. Requires at least one `where()` predicate to prevent
+     * accidental bulk deletes.
+     *
+     * @returns The mutation result with rows affected and execution time.
+     * @throws Error if no `where()` predicates have been set.
+     *
+     * @example
+     * ```typescript
+     * const result = await client.table('orders')
+     *   .where('id', '=', 1)
+     *   .delete();
+     *
+     * console.log(result.rowsAffected); // 1
+     * ```
+     */
+    delete(options?: DeleteOptions): Promise<MutationResult>;
+    /**
+     * Truncates the table (removes all rows) while preserving schema.
+     *
+     * This is a terminal operation and does not require where() predicates.
+     */
+    truncate(): Promise<MutationResult>;
+    /**
+     * Executes multiple update/delete mutations against the same table in one request.
+     *
+     * Each operation must provide its own `where` query builder callback.
+     */
+    batch(operations: BatchOperationInput<T>[]): Promise<BatchMutationResult>;
+    /**
+     * Bulk-load rows into this table.
+     *
+     * Executes the full `:begin` → `:append × N` → `:commit` sequence,
+     * handling batching and resume-on-reconnect automatically.
+     *
+     * @param rows - Synchronous or asynchronous iterable of row objects.
+     * @param options - Optional bulk-load tuning options.
+     * @returns A handle describing the committed job.
+     *
+     * @example
+     * ```typescript
+     * const handle = await client.table('products').bulkLoad(rows);
+     * console.log(`Loaded ${handle.rowsLoaded} rows`);
+     * ```
+     */
+    bulkLoad(rows: Iterable<T> | AsyncIterable<T>, options?: BulkLoadOptions): Promise<BulkLoadJobHandle>;
+}
+
+/**
+ * Table operations API for @aouda/client.
+ * Provides table listing, schema introspection, and type generation.
+ */
+
+/**
+ * API for table listing and metadata operations.
+ * Access via `client.tables`.
+ */
+declare class TablesApi {
+    private readonly transport;
+    private readonly database;
+    constructor(transport: Transport, database: string);
+    /**
+     * Lists all tables in the database with statistics.
+     * @returns Array of table summaries (includes rowCount, sizeBytes, timestamps).
+     */
+    list(): Promise<TableSummary[]>;
+    /**
+     * Gets detailed schema for a specific table.
+     * @param name - The table name.
+     * @returns Table schema with columns.
+     * @throws AoudaNotFoundError if table does not exist.
+     * @throws Error if table name is empty or whitespace-only.
+     */
+    get(name: string): Promise<TableSchema>;
+    /**
+     * Gets enhanced schema introspection with key arrays and relationships.
+     * Optimized for schema exploration tools like Aouda Studio.
+     * @param name - The table name.
+     * @returns Enhanced schema with primaryKey, partitionKey, clusterColumns, relationships.
+     * @throws AoudaNotFoundError if table does not exist.
+     * @throws Error if table name is empty or whitespace-only.
+     */
+    schema(name: string): Promise<TableSchemaResponse>;
+    /**
+     * Gets all tables and relationships for ERD visualization.
+     * Returns both declared and inferred relationships.
+     * @returns All tables with column summaries and relationship graph.
+     */
+    relationships(): Promise<SchemaRelationshipsResponse>;
+    /**
+     * Generates TypeScript interfaces for all tables.
+     * @param options - Generation options (comments, schema wrapper, namespace).
+     * @returns TypeScript code as a string.
+     */
+    generateTypes(options?: TypeGenerationOptions): Promise<string>;
+    /**
+     * Creates a new table.
+     * @param body - Request body (database, name, columns, optional policy). database must match the client's database.
+     * @returns 201 response body (table detail).
+     * @throws AoudaApiError for TABLE_EXISTS, WRITE_NOT_ALLOWED, INVALID_REQUEST, etc.
+     */
+    createTable(body: CreateTableRequest): Promise<TableSchema | undefined>;
+    /**
+     * Renames a table.
+     * @param name - Current table name.
+     * @param body - Request body (database, newName).
+     * @returns 200 response body (table detail).
+     * @throws AoudaNotFoundError if table does not exist; AoudaApiError for WRITE_NOT_ALLOWED, etc.
+     */
+    renameTable(name: string, body: RenameTableRequest): Promise<TableSchema | undefined>;
+    /**
+     * Deletes a table.
+     * @param name - Table name.
+     * @throws AoudaNotFoundError if table does not exist; AoudaApiError for WRITE_NOT_ALLOWED, etc.
+     */
+    deleteTable(name: string): Promise<void>;
+    /**
+     * Adds a column to a table.
+     * @param tableName - Table name.
+     * @param body - Request body (database, name, type).
+     * @returns 201 response body (column detail).
+     * @throws AoudaNotFoundError if table does not exist; AoudaApiError for COLUMN_EXISTS, WRITE_NOT_ALLOWED, etc.
+     */
+    addColumn(tableName: string, body: AddColumnRequest): Promise<ColumnSchema | undefined>;
+    /**
+     * Renames a column.
+     * @param tableName - Table name.
+     * @param columnName - Current column name.
+     * @param body - Request body (database, newName).
+     * @returns 200 response body (column detail).
+     * @throws AoudaNotFoundError if table or column does not exist; AoudaApiError for WRITE_NOT_ALLOWED, etc.
+     */
+    renameColumn(tableName: string, columnName: string, body: RenameColumnRequest): Promise<ColumnSchema | undefined>;
+    /**
+     * Drops a column from a table.
+     * @param tableName - Table name.
+     * @param columnName - Column name.
+     * @throws AoudaNotFoundError if table or column does not exist; AoudaApiError for WRITE_NOT_ALLOWED, etc.
+     */
+    dropColumn(tableName: string, columnName: string): Promise<void>;
+    /**
+     * Updates a table's storage policy (temperature).
+     * @param name - Table name.
+     * @param body - Request body with storageTemperature ("Auto" | "HotOnly" | "ColdPreferred").
+     * @returns Updated policy (storageTemperature, optional residency).
+     * @throws AoudaNotFoundError if table does not exist; AoudaApiError for WRITE_NOT_ALLOWED, INVALID_REQUEST, etc.
+     */
+    updatePolicy(name: string, body: UpdateTablePolicyRequest): Promise<TablePolicy>;
+}
+
+/**
+ * Databases API for @aouda/client.
+ * Server-level operations: list and create databases.
+ */
+
+/**
+ * API for listing and creating databases.
+ * Access via `client.databases`.
+ * Uses server-level paths (GET/POST /api/databases) with no database in path.
+ */
+declare class DatabasesApi {
+    private readonly transport;
+    constructor(transport: Transport);
+    /**
+     * Lists all databases on the server.
+     * GET /api/databases
+     *
+     * @returns Array of database info (name, state, createdAt, options).
+     */
+    list(): Promise<DatabaseInfo[]>;
+    /**
+     * Creates a new database.
+     * POST /api/databases
+     *
+     * @param name - Database name.
+     * @param options - Optional settings (enableWal, replicationMode, maxMemoryBytes, defaultTemperature).
+     * @returns The created database info.
+     */
+    create(name: string, options?: CreateDatabaseOptions): Promise<DatabaseInfo>;
+    /**
+     * Gets information for a single database.
+     * GET /api/databases/{db}
+     *
+     * @param databaseName - Database name.
+     * @returns Database info.
+     */
+    get(databaseName: string): Promise<DatabaseInfo>;
+    /**
+     * Drops a database.
+     * DELETE /api/databases/{db}
+     *
+     * @param databaseName - Database name.
+     */
+    drop(databaseName: string): Promise<void>;
+}
+
+/**
+ * Schema management API: diff, apply, export, history.
+ * Uses server endpoints under /api/databases/{db}/schema.
+ */
+
+/** Server diff result (matches SchemaDiffResult). */
+interface SchemaDiffResult {
+    changes: SchemaChange[];
+    summary: DiffSummary;
+    warnings?: SchemaChangeWarning[];
+}
+interface SchemaChange {
+    type: string;
+    tableName?: string | null;
+    columnName?: string | null;
+    isDestructive: boolean;
+    details: string;
+    before?: unknown;
+    after?: unknown;
+}
+interface DiffSummary {
+    totalChanges: number;
+    safeChanges: number;
+    destructiveChanges: number;
+    tablesCreated: number;
+    tablesDropped: number;
+    columnsAdded: number;
+    columnsDropped: number;
+    policiesUpdated: number;
+    durabilitiesUpdated: number;
+    settingsUpdated: number;
+}
+interface SchemaChangeWarning {
+    code?: string;
+    message?: string;
+}
+/** Server apply response (SchemaApplyResponse). */
+interface SchemaApplyResponse {
+    result: SchemaApplyResult;
+    historyId?: number | null;
+}
+interface SchemaApplyResult {
+    entries: ApplyResultEntry[];
+    summary: ApplyResultSummary;
+}
+interface ApplyResultEntry {
+    changeType: string;
+    tableName?: string | null;
+    columnName?: string | null;
+    status: string;
+    reason?: string | null;
+}
+interface ApplyResultSummary {
+    totalChanges: number;
+    applied: number;
+    skipped: number;
+    failed: number;
+    planned: number;
+}
+/** Migration history entry (MigrationHistoryEntry). */
+interface MigrationHistoryEntry {
+    id: number;
+    timestamp: string;
+    source: string;
+    schemaHash: string;
+    changes: MigrationChangeEntry[];
+    appliedBy?: string | null;
+}
+interface MigrationChangeEntry {
+    changeType?: string;
+    tableName?: string | null;
+    columnName?: string | null;
+    status?: string;
+}
+/** Per-table counts from `POST .../schema/seed`. */
+interface SeedTableApplyResult {
+    insertedCount: number;
+    skippedCount: number;
+}
+/** Root response from seed apply. */
+interface SeedApplyResult {
+    tables: Record<string, SeedTableApplyResult>;
+}
+/**
+ * Schema API for Aouda (diff, apply, export, history).
+ */
+declare class SchemaApi {
+    private readonly transport;
+    private readonly database;
+    constructor(transport: Transport, database: string);
+    private get prefix();
+    /**
+     * Compute diff between desired schema and current database.
+     * @param desired - Schema document (merged from file + overlay).
+     * @param format - "json" (default) or "markdown".
+     */
+    diff(desired: Record<string, unknown>, format?: "json" | "markdown"): Promise<SchemaDiffResult | string>;
+    /**
+     * Apply desired schema to the database.
+     */
+    apply(desired: Record<string, unknown>, options?: {
+        allowDestructive?: boolean;
+        dryRun?: boolean;
+    }): Promise<SchemaApplyResponse>;
+    /**
+     * Export current database schema as JSON (aouda.schema.json format).
+     */
+    export(): Promise<Record<string, unknown>>;
+    /**
+     * Get paginated migration history (newest first).
+     */
+    history(limit?: number, offset?: number): Promise<MigrationHistoryEntry[]>;
+    /**
+     * Apply seed data (idempotent inserts). Body is a aouda seed document (`{ tables: { ... } }`).
+     */
+    seed(document: Record<string, unknown>): Promise<SeedApplyResult>;
+}
+
+/**
+ * Branches API: list, create, get, delete, diff, merge.
+ * Uses server endpoints under /api/databases/{db}/branches.
+ */
+
+/** Branch metadata (and optional diff from parent). Matches server BranchInfo. */
+interface BranchInfo {
+    name: string;
+    from: string;
+    createdAt: string;
+    diff?: SchemaDiffResult | null;
+}
+/** Request body for creating a branch. */
+interface CreateBranchRequest {
+    name: string;
+    parentBranch?: string;
+    /** Server uses "from" for parent branch name. */
+    from?: string;
+}
+/** Options for merge (dry-run vs execute). */
+interface MergeBranchOptions {
+    dryRun?: boolean;
+    /** Server uses "execute" in body. */
+    execute?: boolean;
+    allowDestructive?: boolean;
+    force?: boolean;
+}
+/** Merge conflict (branch change vs parent change). */
+interface MergeConflict {
+    branchChange: SchemaChange;
+    parentChange: SchemaChange;
+    description: string;
+}
+/** Merge plan result (dry-run). */
+interface MergeResult {
+    mergePlan: SchemaDiffResult;
+    conflicts: MergeConflict[];
+    hasConflicts: boolean;
+    parentDiverged: boolean;
+    branchName: string;
+    baseSnapshotMissing?: boolean;
+}
+/** Result of executing a merge. */
+interface MergeExecutionResult {
+    mergeResult: MergeResult;
+    applyResult?: SchemaApplyResult | null;
+    historyId?: number | null;
+    executed: boolean;
+}
+/**
+ * Branches API for Aouda (database-scoped).
+ */
+declare class BranchesApi {
+    private readonly transport;
+    private readonly database;
+    constructor(transport: Transport, database: string);
+    private get prefix();
+    /** List all branches (excluding implicit main). */
+    list(): Promise<BranchInfo[]>;
+    /** Create a branch. Parent defaults to main. */
+    create(body: CreateBranchRequest): Promise<BranchInfo>;
+    /** Get branch details (includes diff from parent when available). */
+    get(name: string): Promise<BranchInfo>;
+    /** Get schema diff of branch vs parent. */
+    diff(name: string): Promise<SchemaDiffResult>;
+    /**
+     * Merge branch to parent (main). Use dryRun: true to get plan, then execute without dryRun to apply.
+     * Returns MergeResult when dryRun (or no options); returns MergeExecutionResult when execute: true.
+     */
+    merge(name: string, options?: MergeBranchOptions): Promise<MergeResult | MergeExecutionResult>;
+    /** Delete a branch. */
+    delete(name: string): Promise<void>;
+}
+
+/**
+ * Materialized query HTTP API (`/api/databases/{db}/materialized-queries`).
+ */
+
+/** Matches server `MaterializedQueryType` enum (numeric). */
+declare const MaterializedQueryType: {
+    readonly LatestPerKey: 1;
+    readonly FirstPerKey: 2;
+    readonly Aggregate: 3;
+    readonly Filter: 4;
+    readonly TopNPerGroup: 5;
+};
+type MaterializedQueryTypeNumber = (typeof MaterializedQueryType)[keyof typeof MaterializedQueryType];
+/** Matches server `MaterializedQueryState` enum (numeric). */
+declare const MaterializedQueryState: {
+    readonly Building: 0;
+    readonly Ready: 1;
+    readonly Rebuilding: 2;
+    readonly Error: 3;
+};
+type MaterializedQueryStateNumber = (typeof MaterializedQueryState)[keyof typeof MaterializedQueryState];
+/** Status DTO returned by list/get (camelCase JSON from ASP.NET). */
+interface MaterializedQueryStatus {
+    name: string;
+    sourceTable: string;
+    type: number;
+    state: number;
+    rowCount: number;
+    createdUtc: string;
+    lastUpdatedUtc?: string | null;
+    currentLag?: string | null;
+    rebuildProgress?: number | null;
+    errorMessage?: string | null;
+}
+/**
+ * Create payload: `configJson` is the type-specific config string (FilterConfig, LatestPerKeyConfig, …).
+ * You may pass `config` as an object instead; it is JSON-stringified for the wire body.
+ */
+interface MaterializedQueryDefinition {
+    version?: number;
+    name: string;
+    sourceTable: string;
+    type: MaterializedQueryTypeNumber;
+    /** Serialized JSON text for the pattern config. */
+    configJson?: string;
+    /** If set (and `configJson` omitted), serialized with `JSON.stringify`. */
+    config?: unknown;
+    storage?: {
+        storageTemperature?: string;
+    };
+    updateMode?: number;
+}
+interface MaterializedQueryExecuteResult {
+    rows: Record<string, unknown>[];
+    stats?: {
+        rowsScanned: number;
+        rowsReturned: number;
+        executionMs: number;
+    };
+}
+/** Placeholder for future filter/limit on materialized query execution. */
+type MaterializedQueryExecuteOptions = Record<string, never>;
+interface MaterializedQueryRefreshOptions {
+    await?: boolean;
+}
+/**
+ * Materialized query operations for a single database.
+ */
+declare class MaterializedQueriesApi {
+    private readonly transport;
+    private readonly database;
+    constructor(transport: Transport, database: string);
+    private get prefix();
+    list(): Promise<MaterializedQueryStatus[]>;
+    /**
+     * Create a materialized query. Server returns 204 with an empty body on success.
+     */
+    create(spec: MaterializedQueryDefinition): Promise<void>;
+    drop(name: string): Promise<void>;
+    status(name: string): Promise<MaterializedQueryStatus>;
+    refresh(name: string, options?: MaterializedQueryRefreshOptions): Promise<void>;
+    /**
+     * Read rows from a Ready materialized query. Optional `options` reserved for future use.
+     */
+    query(name: string, _options?: MaterializedQueryExecuteOptions): Promise<MaterializedQueryExecuteResult>;
+}
+
+/**
+ * @aouda/client — AoudaClient implementation.
+ */
+
+/**
+ * Official TypeScript client for Aouda.
+ *
+ * When a schema type `S` is supplied (e.g. from the Type Generation CLI),
+ * use `AoudaClient<S>` or `createAoudaClient<S>(options)` for table and
+ * column name autocomplete and inferred result row types.
+ *
+ * Basic usage:
+ * ```typescript
+ * const client = new AoudaClient({ serverUrl: "http://localhost:8080", database: "mydb" });
+ * await client.connect();
+ * const health = await client.health();
+ * console.log(health.isHealthy);
+ * await client.disconnect();
+ * ```
+ *
+ * @typeParam S - Schema type with `tables` mapping table names to row types. Defaults to untyped (any table name, Record<string, unknown> rows).
+ */
+declare class AoudaClient<S extends SchemaLike = DefaultSchema> {
+    private readonly transport;
+    private readonly baseUrl;
+    private readonly timeout;
+    private readonly database;
+    private connected;
+    private readonly _tables;
+    private readonly _databases;
+    private readonly _schema;
+    private readonly _branches;
+    private readonly _admin;
+    private readonly _materializedQueries;
+    private readonly _auth;
+    private readonly _authHandler;
+    private readonly _streamingEnableCompression;
+    private readonly _streamingWireMode;
+    private readonly _streamingEnableLongPollFallback;
+    private readonly _streamingLongPollWaitMs;
+    private _wsTransport;
+    /**
+     * Creates a new AoudaClient instance.
+     *
+     * @param options - Client configuration options.
+     * @throws Error if serverUrl or database is empty or invalid.
+     */
+    constructor(options: AoudaClientOptions);
+    /**
+     * Connects to the Aouda server.
+     *
+     * This method validates the configuration and optionally verifies
+     * connectivity by calling the health endpoint. For HTTP clients,
+     * no persistent connection is maintained; this method ensures
+     * the client is in a valid state and the server is reachable.
+     *
+     * @throws AoudaConnectionError if the server is unreachable.
+     * @throws AoudaTimeoutError if the health check times out.
+     */
+    connect(): Promise<void>;
+    /**
+     * Disconnects from the Aouda server.
+     *
+     * This method releases any resources held by the client.
+     * For HTTP clients, this aborts any pending requests and
+     * resets internal state. This method is idempotent and
+     * safe to call multiple times.
+     */
+    disconnect(): Promise<void>;
+    /**
+     * Checks the health of the Aouda server.
+     *
+     * Performs a GET request to the /health endpoint and returns
+     * the health status. The request respects the configured timeout
+     * and will be aborted if disconnect() is called.
+     *
+     * @returns The health status of the server.
+     * @throws AoudaConnectionError if the server is unreachable or client is disconnected.
+     * @throws AoudaTimeoutError if the request times out.
+     * @throws AoudaResponseError if the server returns a non-2xx status.
+     */
+    health(): Promise<HealthStatus>;
+    /**
+     * Creates a query builder for the specified table.
+     *
+     * This is the primary entry point for querying data from Aouda.
+     * Returns a fluent query builder that can be chained with
+     * `where()`, `orderBy()`, `limit()`, etc.
+     *
+     * When the client is typed with a schema (e.g. createAoudaClient&lt;Schema&gt;(options)),
+     * `name` is constrained to keys of `S['tables']` and the returned query is typed
+     * with the corresponding row type.
+     *
+     * @param name - The name of the table to query.
+     * @returns A new TableQuery instance for building the query.
+     * @throws Error if the table name is empty or whitespace-only.
+     *
+     * @example
+     * ```typescript
+     * const results = await client.table('orders')
+     *   .where('status', '=', 'active')
+     *   .orderBy('price', 'desc')
+     *   .limit(50)
+     *   .execute();
+     * ```
+     */
+    table<N extends keyof S["tables"]>(name: N): TableQuery<S["tables"][N]>;
+    /**
+     * Access table listing and schema operations.
+     * @returns The tables API.
+     */
+    get tables(): TablesApi;
+    /**
+     * Access server-level database operations (list, create, get, drop).
+     * @returns The databases API.
+     */
+    get databases(): DatabasesApi;
+    /**
+     * Access schema management operations (diff, apply, export, history).
+     * @returns The schema API.
+     */
+    get schema(): SchemaApi;
+    /**
+     * Access branch operations (list, create, get, diff, merge, delete).
+     * @returns The branches API.
+     */
+    get branches(): BranchesApi;
+    /**
+     * Access admin operations (server info, memory, metrics, health).
+     * @returns The admin API.
+     */
+    get admin(): AdminApi;
+    /**
+     * Materialized query lifecycle (list, create, drop, status, query).
+     */
+    get materializedQueries(): MaterializedQueriesApi;
+    /**
+     * Access auth operations (signUp, signIn, signOut, refresh, me, changePassword).
+     * @returns The auth API.
+     * @throws Error if auth is not configured on this client.
+     */
+    get auth(): AuthClient;
+    /**
+     * Returns whether the client is currently connected.
+     */
+    get isConnected(): boolean;
+    /**
+     * Returns the configured server URL (normalized).
+     */
+    get serverUrl(): string;
+    /**
+     * Returns the configured timeout in milliseconds.
+     */
+    get timeoutMs(): number;
+    /**
+     * Returns the configured database name.
+     */
+    get databaseName(): string;
+    /**
+     * Resets the circuit breaker to closed state.
+     * Call after manual recovery or when the server is known to be healthy again.
+     */
+    resetCircuitBreaker(): void;
+    /**
+     * Bulk-load rows into a single table.
+     *
+     * Executes the full `:begin` → `:append × N` → `:commit` sequence, handling
+     * batching and resume-on-reconnect automatically.
+     *
+     * @param tableName - Target table.
+     * @param rows - Synchronous or asynchronous iterable of row objects.
+     * @param options - Optional bulk-load tuning options.
+     * @returns A handle describing the committed job and providing deferred-work polling.
+     *
+     * @example
+     * ```typescript
+     * const handle = await client.bulkLoad('products', rows, { writeConcern: 'majority' });
+     * console.log(`Loaded ${handle.rowsLoaded} rows, job ${handle.jobId}`);
+     * ```
+     */
+    bulkLoad<T extends Record<string, unknown>>(tableName: string, rows: Iterable<T> | AsyncIterable<T>, options?: BulkLoadOptions): Promise<BulkLoadJobHandle>;
+    /**
+     * Bulk-load rows into multiple tables atomically.
+     *
+     * Each row must include a `_table` discriminator field that matches one of
+     * the supplied table names.
+     *
+     * @param tables - Target table names.
+     * @param rows - Synchronous or asynchronous iterable of row objects.
+     * @param options - Optional bulk-load tuning options.
+     * @returns A handle describing the committed job.
+     */
+    bulkLoadMultiTable<T extends Record<string, unknown>>(tables: readonly string[], rows: Iterable<T> | AsyncIterable<T>, options?: BulkLoadOptions): Promise<BulkLoadJobHandle>;
+    /**
+     * List all bulk-load sessions registered for a database.
+     * Admin use: returns both active and recently-completed jobs from the in-memory registry.
+     */
+    bulkLoadList(db: string): Promise<BulkLoadListResponse>;
+    /**
+     * Force-abort a stuck bulk-load job by emitting a BulkLoadAborted WAL frame.
+     * Requires BulkLoad + write permission. Use only when the job is in a terminal-wait
+     * state past its bulkLoadResumeWindow.
+     */
+    bulkLoadForceAbort(db: string, jobId: string, reason: string): Promise<BulkLoadForceAbortResponse>;
+    /**
+     * Returns the shared WebSocketTransport for this client, creating it lazily
+     * on the first call. Used internally by streaming operations (S13+).
+     *
+     * @internal
+     */
+    _getOrCreateWebSocketTransport(): StreamingTransport;
+}
+/**
+ * Factory function to create a new AoudaClient instance.
+ *
+ * When a schema type `S` is provided, the returned client's `table()` method
+ * accepts only table names from `S['tables']` and returns typed TableQuery.
+ * Without a type argument, behavior is unchanged (any string table name,
+ * rows as Record&lt;string, unknown&gt;).
+ *
+ * @param options - Client configuration options.
+ * @returns A new AoudaClient instance.
+ *
+ * @example
+ * ```typescript
+ * const client = createAoudaClient({ serverUrl: "http://localhost:8080", database: "mydb" });
+ * ```
+ *
+ * @example
+ * ```typescript
+ * const client = createAoudaClient<Schema>({ serverUrl: "http://localhost:8080", database: "mydb" });
+ * const q = client.table('orders'); // TableQuery<Order>
+ * ```
+ */
+declare function createAoudaClient<S extends SchemaLike = DefaultSchema>(options: AoudaClientOptions): AoudaClient<S>;
+
+export { type BulkLoadForceAbortRequest as $, AoudaClient as A, type BulkLoadOptions as B, type CoverageResponse as C, type DetailedHealthResponse as D, type AoudaDataType as E, type FailoverClusterResponse as F, type AppAuthOptions as G, type HealthStatus as H, AuthClient as I, type JoinClusterRequest as J, type AuthResult as K, type ListBackupsResponse as L, type AuthUserInfo as M, type NodeInfoResponse as N, type AuthorizationMode as O, type PromoteClusterResponse as P, BackupAdminApi as Q, type ReplicationStatusResponse as R, type SchemaLike as S, type Transport as T, type BackupMetrics as U, type BackupSummary as V, type BatchMutationResult as W, type BatchOperationInput as X, type BloomFilterMetrics as Y, type BranchInfo as Z, BranchesApi as _, type BulkLoadJobHandle as a, type NodeLogsQuery as a$, type BulkLoadForceAbortResponse as a0, type BulkLoadListResponse as a1, type BulkLoadProgress as a2, type BulkLoadReplicaProgress as a3, type BulkLoadReplicaProgressDto as a4, type BulkLoadStatusResponse as a5, CircuitBreakerPolicy as a6, ClusterAdminApi as a7, type ClusterMemberEntry as a8, type ClusterThisNodeEntry as a9, MaterializedQueriesApi as aA, type MaterializedQueryDefinition as aB, type MaterializedQueryExecuteOptions as aC, type MaterializedQueryExecuteResult as aD, type MaterializedQueryMetrics as aE, type MaterializedQueryRefreshOptions as aF, MaterializedQueryState as aG, type MaterializedQueryStateNumber as aH, type MaterializedQueryStatus as aI, MaterializedQueryType as aJ, type MaterializedQueryTypeNumber as aK, type MemberInfo as aL, type MemoryMetrics as aM, type MergeBranchOptions as aN, type MergeConflict as aO, type MergeExecutionResult as aP, type MergeResult as aQ, MetricsAdminApi as aR, type MetricsHistory as aS, type MetricsHistoryOptions as aT, type MetricsSnapshot as aU, type MetricsSummary as aV, type MutationResult as aW, NodeAdminApi as aX, type NodeLogEntry as aY, type NodeLogLevel as aZ, type NodeLogStreamOptions as a_, type ColumnSchema as aa, type ColumnSummaryForErd as ab, type ColumnarResponse as ac, type ComponentHealthEntry as ad, type ComputedColumnDef as ae, ConfigAdminApi as af, type CreateBranchRequest as ag, type CreateColumnRequest as ah, type CreateDatabaseOptions as ai, type CreatePartitionGrantRequest as aj, type CreateRlsResolverRequest as ak, type CreateTableRequest as al, type DatabaseCoverageEntry as am, type DatabaseInfo as an, type DatabaseMemoryMetrics as ao, type DatabaseMemoryUsage as ap, type DatabaseMetricsDto as aq, type DatabaseOptionsInfo as ar, DatabasesApi as as, type DeleteOptions as at, type DiffSummary as au, HealthAdminApi as av, type IndexInfo as aw, type InsertResult as ax, type IoMetrics as ay, type LatencyPercentiles as az, type TopologyResponse as b, type WriteStream as b$, type NodeLogsResponse as b0, type OpenWriteStreamOptions as b1, type PageCacheMetrics as b2, type PartitionGrant as b3, type PartitionGrantsListResponse as b4, type PartitioningMetrics as b5, type PerDatabaseLagEntry as b6, type PerDatabaseMetrics as b7, type PerDatabaseStatusEntry as b8, type QueryMetrics as b9, type SingleDatabaseMetricsResponse as bA, type SortDirection as bB, type StorageMetrics as bC, type SubscribeOptions as bD, type Subscription as bE, type SubscriptionChangeEvent as bF, type SubscriptionEvent as bG, type SubscriptionInfo as bH, type SubscriptionSnapshotEvent as bI, type TableCoverageEntry as bJ, type TableNameFromSchema as bK, type TablePolicy as bL, TableQuery as bM, type TableSchema as bN, type TableSchemaResponse as bO, type TableSummary as bP, type TableSummaryForErd as bQ, TablesApi as bR, type TimeSeriesMetrics as bS, type TransactionMetrics as bT, type TypeGenerationOptions as bU, type UpdateOptions as bV, type UpdateRlsResolverRequest as bW, type UpdateTablePolicyRequest as bX, type UserProfile as bY, WhereGroupBuilder as bZ, type WhereOperator as b_, type QueryResult as ba, type QueryStats as bb, type ReferenceInfo as bc, type RelationshipEndpoint as bd, type RelationshipInfo as be, type RenameColumnRequest as bf, type RenameTableRequest as bg, ReplicationAdminApi as bh, type ReplicationMetrics as bi, type ResidencyConfig as bj, RetryPolicy as bk, type RlsResolver as bl, type RlsResolverRule as bm, type RlsResolverRuleInput as bn, type RlsResolversListResponse as bo, type SchemaChange as bp, type SchemaDiffResult as bq, type SchemaRelationshipsResponse as br, type SeedApplyResult as bs, type SeedTableApplyResult as bt, ServerAdminApi as bu, type ServerAuthOptions as bv, type ServerMemoryResponse as bw, type ServerMetricsResponse as bx, type ServiceInfo as by, type SimdMetrics as bz, type ReadinessResponse as c, coerceColumnarValue as c0, createAoudaClient as c1, type TriggerBackupRequest as d, type TriggerBackupResponse as e, type RestoreBackupResponse as f, type BackupSchedule as g, type JoinClusterResponse as h, type LeaveClusterResponse as i, type DrainClusterResponse as j, type ClusterConfigResponse as k, type ClusterConfigPatchRequest as l, type DefaultSchema as m, AOUDA_DATA_TYPES as n, type AddColumnRequest as o, AdminApi as p, type AdminBackupConfig as q, type AdminBackupPatch as r, type AdminConfigPatchRequest as s, type AdminConfigResponse as t, type AdminConfigSchemaResponse as u, type AdminLoggingConfig as v, type AdminLoggingPatch as w, type AdminMemoryConfig as x, type AdminMemoryPatch as y, type AoudaClientOptions as z };