flowstack-sdk 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,1546 @@
1
+ /**
2
+ * Flowstack SDK Type Definitions
3
+ * Complete Backend-as-a-Service types for AI-powered apps
4
+ */
5
+ /**
6
+ * Main SDK configuration
7
+ */
8
+ interface FlowstackConfig {
9
+ /** JWT secret for token signing/verification.
10
+ * Optional for built apps using the broker auth flow (BrokeredLoginButton). */
11
+ jwtSecret?: string;
12
+ /** Secret for password hashing.
13
+ * Optional for built apps using the broker auth flow (BrokeredLoginButton). */
14
+ passwordSecret?: string;
15
+ /** Flowstack API base URL (default: https://sage-api.flowstack.fun) */
16
+ baseUrl?: string;
17
+ /** Tenant ID (default: shared tenant) */
18
+ tenantId?: string;
19
+ /** Auth providers configuration */
20
+ auth?: AuthConfig;
21
+ /** Redis cache configuration */
22
+ redis?: RedisConfig$1;
23
+ /** Database configuration for user accounts */
24
+ database?: DatabaseConfig;
25
+ /** Default agent template */
26
+ agentTemplate?: AgentTemplate;
27
+ /** Base URL for standalone agent service (e.g., openai-agent ALB endpoint) */
28
+ agentServiceUrl?: string;
29
+ /** Credential storage strategy */
30
+ storage?: 'local' | 'session';
31
+ /** SDK mode: production (default), development (relaxed validation), or mock (uses fixtures) */
32
+ mode?: 'production' | 'development' | 'mock';
33
+ /** Privy embedded wallet config (enables email/Google signup with auto-wallet) */
34
+ privyConfig?: {
35
+ appId: string;
36
+ };
37
+ /** Blockchain chain for INFER token integration */
38
+ chain?: 'arbitrum-sepolia' | 'arbitrum';
39
+ /** MoonPay/Transak fiat on-ramp config */
40
+ onRampConfig?: {
41
+ apiKey: string;
42
+ environment: 'sandbox' | 'production';
43
+ };
44
+ /** App scope (site_id) for built apps — scopes user data to this app's MongoDB collections.
45
+ * Set automatically by the site builder. When present, login/register embeds it in the JWT
46
+ * and all MongoDB operations are scoped to {appScope}__* collections. */
47
+ appScope?: string;
48
+ }
49
+ interface AuthConfig {
50
+ /** Enabled auth providers */
51
+ providers: ('email' | 'google')[];
52
+ /** Google OAuth client ID */
53
+ googleClientId?: string;
54
+ /** Google OAuth client secret (server-side only) */
55
+ googleClientSecret?: string;
56
+ /** Require email verification */
57
+ emailVerification?: boolean;
58
+ /** Minimum password length (default: 8) */
59
+ passwordMinLength?: number;
60
+ }
61
+ interface RedisConfig$1 {
62
+ /** Upstash Redis REST URL */
63
+ url: string;
64
+ /** Upstash Redis REST token */
65
+ token: string;
66
+ }
67
+ interface DatabaseConfig {
68
+ /** Supabase project URL */
69
+ supabaseUrl: string;
70
+ /** Supabase service role key */
71
+ supabaseKey: string;
72
+ }
73
+ /**
74
+ * User information for authentication
75
+ */
76
+ interface User {
77
+ /** Unique user identifier */
78
+ id: string;
79
+ /** User email address */
80
+ email: string;
81
+ /** Tenant ID the user belongs to */
82
+ tenantId: string;
83
+ /** Token expiration (ISO timestamp) */
84
+ expiresAt?: string;
85
+ }
86
+ /**
87
+ * User credentials stored after authentication
88
+ */
89
+ interface FlowstackCredentials {
90
+ /** JWT session token */
91
+ apiKey: string;
92
+ /** Tenant ID */
93
+ tenantId: string;
94
+ /** User ID for isolation */
95
+ userId?: string;
96
+ /** User email */
97
+ email?: string;
98
+ /** Token expiration (ISO timestamp) */
99
+ expiresAt?: string;
100
+ }
101
+ interface LoginRequest {
102
+ email: string;
103
+ password: string;
104
+ }
105
+ interface LoginResponse {
106
+ success: boolean;
107
+ sessionToken?: string;
108
+ email?: string;
109
+ tenantId?: string;
110
+ userId?: string;
111
+ expiresAt?: string;
112
+ error?: string;
113
+ }
114
+ interface RegisterRequest {
115
+ email: string;
116
+ password: string;
117
+ name?: string;
118
+ }
119
+ interface RegisterResponse {
120
+ success: boolean;
121
+ message?: string;
122
+ requiresVerification?: boolean;
123
+ error?: string;
124
+ }
125
+ interface GoogleAuthResponse {
126
+ success: boolean;
127
+ sessionToken?: string;
128
+ email?: string;
129
+ tenantId?: string;
130
+ userId?: string;
131
+ expiresAt?: string;
132
+ error?: string;
133
+ }
134
+ interface SessionState {
135
+ sessionId: string | null;
136
+ workspaceId: string | null;
137
+ isConnected: boolean;
138
+ lastActivity: Date | null;
139
+ }
140
+ interface WorkspaceInfo {
141
+ workspaceId: string;
142
+ name: string;
143
+ description?: string;
144
+ datasetCount: number;
145
+ visualizationCount: number;
146
+ modelCount: number;
147
+ createdAt: string;
148
+ lastAccessed: string;
149
+ }
150
+ interface CreateWorkspaceRequest {
151
+ name: string;
152
+ description?: string;
153
+ }
154
+ interface DatasetInfo {
155
+ id: string;
156
+ name: string;
157
+ rows: number;
158
+ columns: number;
159
+ schema?: Record<string, ColumnSchema>;
160
+ columnNames?: string[];
161
+ createdAt?: string;
162
+ updatedAt?: string;
163
+ }
164
+ interface ColumnSchema {
165
+ type: 'string' | 'number' | 'boolean' | 'date' | 'object';
166
+ nullable: boolean;
167
+ unique?: boolean;
168
+ }
169
+ interface DatasetRow {
170
+ [key: string]: unknown;
171
+ }
172
+ type DatasetCellValue = string | number | boolean | null;
173
+ interface DatasetPreview {
174
+ columns: string[];
175
+ rows: DatasetCellValue[][];
176
+ }
177
+ interface DatasetStreamOptions {
178
+ limit?: number;
179
+ offset?: number;
180
+ }
181
+ interface VisualizationData {
182
+ name: string;
183
+ type?: string;
184
+ imageUrl?: string;
185
+ imageBase64?: string;
186
+ format?: 'png' | 'jpeg' | 'svg' | 'html' | string;
187
+ createdAt?: string;
188
+ metadata?: Record<string, unknown>;
189
+ }
190
+ interface ReportInfo {
191
+ id: string;
192
+ name: string;
193
+ format: string;
194
+ url: string;
195
+ size?: number;
196
+ createdAt?: string;
197
+ }
198
+ interface PublishedSiteInfo {
199
+ id: string;
200
+ name: string;
201
+ url: string;
202
+ shortUrl?: string;
203
+ siteType: 'on_demand' | 'daily' | 'js_build';
204
+ fileCount: number;
205
+ totalBytes?: number;
206
+ createdAt: string;
207
+ expiresAt?: string;
208
+ description?: string;
209
+ metadata?: Record<string, unknown>;
210
+ currentVersion?: number;
211
+ liveVersion?: number;
212
+ subdomainUrl?: string;
213
+ alias?: string | null;
214
+ }
215
+ interface CreateSiteParams$1 {
216
+ name: string;
217
+ siteType?: 'on_demand' | 'daily' | 'js_build';
218
+ description?: string;
219
+ files?: Record<string, string>;
220
+ }
221
+ interface UseSitesReturn {
222
+ sites: PublishedSiteInfo[];
223
+ isLoading: boolean;
224
+ error: string | null;
225
+ createSite: (params: CreateSiteParams$1) => Promise<PublishedSiteInfo | null>;
226
+ addFile: (siteId: string, path: string, content: string) => Promise<boolean>;
227
+ publishSite: (siteId: string) => Promise<PublishedSiteInfo | null>;
228
+ deleteSite: (siteId: string) => Promise<boolean>;
229
+ refreshSites: () => Promise<void>;
230
+ }
231
+ interface SiteVersion {
232
+ version: number;
233
+ type: 'build' | 'edit';
234
+ createdAt: string;
235
+ description?: string;
236
+ fileCount: number;
237
+ totalBytes: number;
238
+ url: string;
239
+ }
240
+ interface SiteVersionManifest {
241
+ siteId: string;
242
+ name: string;
243
+ liveVersion: number;
244
+ versions: SiteVersion[];
245
+ alias?: string | null;
246
+ githubRepo?: {
247
+ owner: string;
248
+ repo: string;
249
+ url: string;
250
+ } | null;
251
+ }
252
+ interface UseSiteVersionsReturn {
253
+ versions: SiteVersion[];
254
+ liveVersion: number | null;
255
+ isLoading: boolean;
256
+ error: string | null;
257
+ promote: (version: number) => Promise<boolean>;
258
+ deleteVersion: (version: number) => Promise<boolean>;
259
+ refresh: () => Promise<void>;
260
+ }
261
+ interface PublishToGitHubParams {
262
+ repoName: string;
263
+ isPrivate?: boolean;
264
+ version?: number;
265
+ }
266
+ interface PublishToGitHubResult {
267
+ repoUrl: string;
268
+ commitSha: string;
269
+ }
270
+ interface AgentInfo {
271
+ /** Agent identifier (used in targetAgent parameter) */
272
+ name: string;
273
+ /** Human-readable description of what this agent does */
274
+ description: string;
275
+ /** Tools available to this agent */
276
+ tools: string[];
277
+ /** Example phrases that trigger this agent */
278
+ triggerPhrases: string[];
279
+ /** Use cases this agent handles */
280
+ useFor: string[];
281
+ /** Whether this agent owns its full pipeline (never hands off) */
282
+ isTerminal: boolean;
283
+ }
284
+ interface UseAgentsReturn {
285
+ /** Available agents */
286
+ agents: AgentInfo[];
287
+ /** Loading state */
288
+ isLoading: boolean;
289
+ /** Error message */
290
+ error: string | null;
291
+ /** Refresh the agent list */
292
+ refreshAgents: () => Promise<void>;
293
+ }
294
+ interface ModelInfo {
295
+ id: string;
296
+ name: string;
297
+ format: string;
298
+ size_bytes: number;
299
+ last_modified?: string;
300
+ download_url?: string;
301
+ metadata?: Record<string, unknown>;
302
+ s3_key?: string;
303
+ }
304
+ interface ScriptInfo {
305
+ name: string;
306
+ extension: string;
307
+ size_bytes?: number;
308
+ created_at?: string;
309
+ modified_at?: string;
310
+ content?: string;
311
+ metadata?: Record<string, unknown>;
312
+ }
313
+ type DataSourceType = 'mongodb' | 'postgresql' | 's3';
314
+ interface DataSource {
315
+ source_id: string;
316
+ tenant_id: string;
317
+ source_type: DataSourceType;
318
+ name: string;
319
+ auth_method: string;
320
+ is_tenant_wide: boolean;
321
+ user_id?: string;
322
+ credentials_preview?: Record<string, unknown>;
323
+ metadata?: Record<string, unknown>;
324
+ created_at: number;
325
+ updated_at?: number;
326
+ }
327
+ interface DataSourceConfig {
328
+ type: DataSourceType;
329
+ name: string;
330
+ connectionString?: string;
331
+ auth_method?: string;
332
+ credentials?: Record<string, unknown>;
333
+ metadata?: Record<string, unknown>;
334
+ is_tenant_wide?: boolean;
335
+ }
336
+ interface ConnectionTestResult {
337
+ success: boolean;
338
+ message: string;
339
+ details?: Record<string, unknown>;
340
+ }
341
+ interface ChatMessage {
342
+ id: string;
343
+ role: 'user' | 'assistant';
344
+ content: string;
345
+ timestamp: Date;
346
+ toolCalls?: ToolCall[];
347
+ visualizations?: VisualizationData[];
348
+ searchResults?: SearchResultsData[];
349
+ isStreaming?: boolean;
350
+ /** Live status text shown during streaming (tool progress, agent status) */
351
+ statusLine?: string;
352
+ /** P0-57: PII entities that were masked in this message (user messages only) */
353
+ piiRedacted?: PiiRedactedEntity[];
354
+ /** Filenames the user attached when sending this message (user messages only).
355
+ * Set by useAgent.query() after a successful upload so the chat UI can
356
+ * render an attachment chip on the persisted message. */
357
+ attachmentNames?: string[];
358
+ }
359
+ /**
360
+ * Input shape accepted by `useAgent.query()` for file attachments. Either a
361
+ * native `File` (preferred — no double-encode) or an already-base64-encoded
362
+ * payload matching the chat-input wire format. The SDK uploads each one to
363
+ * the workspace via `/upload` before streaming and prepends the resolved
364
+ * dataset names to the prompt so the agent grounds on the right file
365
+ * instead of rummaging the user's library.
366
+ */
367
+ type AttachmentInput = File | {
368
+ filename: string;
369
+ content_type: string;
370
+ data: string;
371
+ };
372
+ interface ToolCall {
373
+ id: string;
374
+ toolUseId?: string;
375
+ name: string;
376
+ args?: Record<string, unknown>;
377
+ result?: unknown;
378
+ agentResponse?: string;
379
+ status: 'pending' | 'running' | 'complete' | 'error';
380
+ startTime?: number;
381
+ endTime?: number;
382
+ }
383
+ interface SearchResult {
384
+ rank: number;
385
+ title: string;
386
+ url: string;
387
+ content: string;
388
+ score: number;
389
+ }
390
+ interface SearchResultsData {
391
+ search_id: string;
392
+ query: string;
393
+ result_count: number;
394
+ results: SearchResult[];
395
+ answer?: string;
396
+ }
397
+ interface StreamEvent {
398
+ type: StreamEventType;
399
+ content?: string;
400
+ tool?: string;
401
+ toolUseId?: string;
402
+ args?: Record<string, unknown>;
403
+ result?: unknown;
404
+ /** P0-132 (G1): backend emits the tool's return value under `content` and an
405
+ * `is_error` flag on `tool_result` events. Surfaced here so useAgent can mark
406
+ * failed tool calls as 'error' instead of silently 'complete'. */
407
+ isError?: boolean;
408
+ error?: string;
409
+ data?: unknown;
410
+ message?: string;
411
+ percentage?: number;
412
+ }
413
+ type StreamEventType = 'content' | 'text' | 'delta' | 'metadata' | 'tool_call' | 'tool_use' | 'tool_result' | 'visualization' | 'progress' | 'credit_status' | 'budget_update' | 'complete' | 'done' | 'error' | 'interrupt';
414
+ interface InterruptInfo {
415
+ reason: string;
416
+ timestamp?: number;
417
+ }
418
+ interface DataSourceBadgeInfo {
419
+ source_id: string;
420
+ type: string;
421
+ name: string;
422
+ }
423
+ type AgentTemplate = 'data-science' | 'marketing' | 'support' | 'custom';
424
+ interface AgentConfig {
425
+ template: AgentTemplate;
426
+ systemPrompt?: string;
427
+ tools?: string[];
428
+ streaming?: boolean;
429
+ networkMode?: 'SANDBOX' | 'PUBLIC';
430
+ }
431
+ interface QueryOptions {
432
+ workspaceId?: string;
433
+ networkMode?: 'SANDBOX' | 'PUBLIC';
434
+ tools?: string[];
435
+ }
436
+ interface UsageStats {
437
+ today: UsagePeriod;
438
+ thisMonth: UsagePeriod;
439
+ allTime: UsagePeriod;
440
+ }
441
+ interface UsagePeriod {
442
+ analyses: number;
443
+ inputTokens: number;
444
+ outputTokens: number;
445
+ totalTokens: number;
446
+ }
447
+ interface CreditStatus {
448
+ remaining: number;
449
+ used: number;
450
+ total: number;
451
+ purchasedRemaining?: number;
452
+ }
453
+ interface UseAuthReturn {
454
+ /** User information (preferred over credentials) */
455
+ user: User | null;
456
+ /** Raw credentials (maintained for backward compatibility) */
457
+ credentials: FlowstackCredentials | null;
458
+ isAuthenticated: boolean;
459
+ isLoading: boolean;
460
+ error: string | null;
461
+ login: (email: string, password: string) => Promise<boolean>;
462
+ register: (email: string, password: string, name?: string) => Promise<boolean>;
463
+ googleSignIn: () => Promise<void>;
464
+ logout: () => void;
465
+ refreshToken: () => Promise<boolean>;
466
+ }
467
+ interface UseWorkspaceReturn {
468
+ workspaces: WorkspaceInfo[];
469
+ selectedWorkspace: WorkspaceInfo | null;
470
+ isLoading: boolean;
471
+ error: string | null;
472
+ createWorkspace: (name: string, description?: string) => Promise<WorkspaceInfo | null>;
473
+ selectWorkspace: (workspace: WorkspaceInfo) => void;
474
+ refreshWorkspaces: () => Promise<void>;
475
+ }
476
+ interface UseDatasetsReturn {
477
+ datasets: DatasetInfo[];
478
+ isLoading: boolean;
479
+ error: string | null;
480
+ uploadDataset: (file: File, name?: string) => Promise<DatasetInfo | null>;
481
+ downloadDataset: (name: string) => Promise<Blob | null>;
482
+ deleteDataset: (name: string) => Promise<boolean>;
483
+ refreshDatasets: () => Promise<void>;
484
+ }
485
+ interface UseVisualizationsReturn {
486
+ visualizations: VisualizationData[];
487
+ isLoading: boolean;
488
+ error: string | null;
489
+ refreshVisualizations: () => Promise<void>;
490
+ }
491
+ interface UseReportsReturn {
492
+ reports: ReportInfo[];
493
+ isLoading: boolean;
494
+ error: string | null;
495
+ uploadReport: (file: File, name?: string) => Promise<ReportInfo | null>;
496
+ downloadReport: (url: string, name: string, format: string) => Promise<Blob | null>;
497
+ refreshReports: () => Promise<void>;
498
+ }
499
+ interface UseModelsReturn {
500
+ models: ModelInfo[];
501
+ isLoading: boolean;
502
+ error: string | null;
503
+ downloadModel: (name: string) => Promise<Blob | null>;
504
+ refreshModels: () => Promise<void>;
505
+ }
506
+ interface UseDataSourcesReturn {
507
+ dataSources: DataSource[];
508
+ isLoading: boolean;
509
+ error: string | null;
510
+ createDataSource: (config: DataSourceConfig) => Promise<DataSource | null>;
511
+ testConnection: (id: string) => Promise<ConnectionTestResult>;
512
+ deleteDataSource: (id: string) => Promise<boolean>;
513
+ refreshDataSources: () => Promise<void>;
514
+ }
515
+ interface UseAgentOptions {
516
+ /** Tool whitelist — when provided, only these tools are available to the agent */
517
+ tools?: string[];
518
+ /** @deprecated Strands swarm removed in P0-73. Pass `capabilities` instead
519
+ * to pre-load tool categories for built apps. This field is ignored
520
+ * server-side but kept in the type so older built-app bundles that
521
+ * still pass it continue to compile. */
522
+ targetAgent?: string;
523
+ /** @deprecated Strands swarm removed in P0-73. Use `capabilities` instead.
524
+ * This field is silently ignored by /mono/stream — the SDK no longer
525
+ * forwards it. Kept in the type for back-compat with frozen bundles. */
526
+ targetAgents?: string[];
527
+ /** P0-80: pre-declare the tool categories a built app needs. The SDK forwards
528
+ * these to /mono/stream, and the backend seeds `state.loaded_categories`
529
+ * before the first LLM turn so the agent has the right tools available
530
+ * immediately (no meta-tool discovery step). Values are meta-tool names:
531
+ * 'site_operations' | 'data_access' | 'external_integration'
532
+ * | 'code_execution' | 'domain_task' | 'workspace_management'
533
+ * Omit or pass an empty array to let the agent discover tools on demand. */
534
+ capabilities?: string[];
535
+ /** Query mode hint — "chat" forces text-only responses, "build" allows the
536
+ * full build/edit pipeline. Defaults to auto-detected from the message
537
+ * content when omitted. Added in P0-66 to unblock MobileChat.tsx and other
538
+ * consumers that want to lock the agent into chat-only behavior. */
539
+ mode?: 'chat' | 'build' | 'edit' | 'auto';
540
+ /** P0-132 (G5): inline system-prompt override forwarded to the backend as
541
+ * `system_prompt_override`. Lets a hook instance run an inline persona prompt
542
+ * without registering a separate agent. Previously dropped by useAgent even
543
+ * though the wire/client already supported it. */
544
+ systemPrompt?: string;
545
+ /** P0-132 (G4): target a specific registered persona/subagent by name. Maps to
546
+ * `target_agents` on the wire. Without this, the backend auto-selects the first
547
+ * registered subagent, so multi-persona apps could only ever reach one. This
548
+ * re-enables persona selection only — it does NOT revive the removed Strands
549
+ * swarm (distinct from the deprecated `targetAgents` field above). */
550
+ persona?: string;
551
+ /** P0-132 (G4): alias for `persona`. Either may be used; `persona` wins if both
552
+ * are set. */
553
+ agentName?: string;
554
+ /** P0-132 (G8): namespaces this hook instance's conversation/session storage so
555
+ * independent surfaces (e.g. an interview chat and a matchmaker) keep separate
556
+ * conversations instead of sharing one tenant-wide session (which caused
557
+ * cross-talk). Pass a STABLE string per surface (e.g. 'interview') to preserve
558
+ * that surface's history across page refreshes. Omit to keep the legacy
559
+ * tenant-shared session (back-compatible default). */
560
+ sessionKey?: string;
561
+ }
562
+ interface UseAgentReturn {
563
+ query: (prompt: string, attachments?: AttachmentInput[], allowedTerms?: string[]) => Promise<void>;
564
+ messages: ChatMessage[];
565
+ isStreaming: boolean;
566
+ isLoading: boolean;
567
+ toolCalls: ToolCall[];
568
+ error: string | null;
569
+ pendingInterrupts?: InterruptInfo[] | null;
570
+ connectedDataSources: DataSourceBadgeInfo[];
571
+ clearMessages: () => void;
572
+ /** Start a genuinely new backend conversation (sends force_new_session=true). */
573
+ startNewSession: () => void;
574
+ cancelQuery: () => void;
575
+ interruptAgent: () => Promise<void>;
576
+ respondToInterrupt: (message: string) => Promise<void>;
577
+ }
578
+ interface UseQueryReturn {
579
+ execute: (prompt: string, options?: QueryOptions) => Promise<void>;
580
+ isStreaming: boolean;
581
+ result: string | null;
582
+ toolCalls: ToolCall[];
583
+ visualizations: VisualizationData[];
584
+ error: string | null;
585
+ cancel: () => void;
586
+ }
587
+ /**
588
+ * User role levels for tenant management
589
+ */
590
+ type UserRole = 'owner' | 'admin' | 'member' | 'viewer';
591
+ /**
592
+ * User account status
593
+ */
594
+ type UserStatus = 'active' | 'suspended' | 'pending_verification' | 'deactivated';
595
+ /**
596
+ * Activity types for user activity logs
597
+ */
598
+ type UserActivityType = 'login' | 'logout' | 'register' | 'password_reset' | 'profile_update' | 'workspace_create' | 'workspace_access' | 'dataset_upload' | 'query_execute' | 'api_call';
599
+ /**
600
+ * Managed user - extended user info for admin management
601
+ */
602
+ interface ManagedUser {
603
+ /** Unique user identifier */
604
+ id: string;
605
+ /** User email address */
606
+ email: string;
607
+ /** Display name (optional) */
608
+ name?: string;
609
+ /** User's role in the tenant */
610
+ role: UserRole;
611
+ /** Account status */
612
+ status: UserStatus;
613
+ /** Tenant ID the user belongs to */
614
+ tenantId: string;
615
+ /** Account creation timestamp (ISO) */
616
+ createdAt: string;
617
+ /** Last login timestamp (ISO) */
618
+ lastLoginAt?: string;
619
+ /** Last activity timestamp (ISO) */
620
+ lastActivityAt?: string;
621
+ /** Profile image URL */
622
+ avatarUrl?: string;
623
+ /** Custom metadata */
624
+ metadata?: Record<string, unknown>;
625
+ }
626
+ /**
627
+ * User activity log entry
628
+ */
629
+ interface UserActivityLog {
630
+ /** Activity ID */
631
+ id: string;
632
+ /** User who performed the action */
633
+ userId: string;
634
+ /** Type of activity */
635
+ activityType: UserActivityType;
636
+ /** Human-readable description */
637
+ description: string;
638
+ /** Activity timestamp (ISO) */
639
+ timestamp: string;
640
+ /** Related resource (workspace, dataset, etc.) */
641
+ resourceType?: string;
642
+ resourceId?: string;
643
+ /** Additional context */
644
+ metadata?: Record<string, unknown>;
645
+ /** IP address (if available) */
646
+ ipAddress?: string;
647
+ }
648
+ /**
649
+ * Request to update a managed user
650
+ */
651
+ interface UpdateUserRequest {
652
+ name?: string;
653
+ role?: UserRole;
654
+ status?: UserStatus;
655
+ metadata?: Record<string, unknown>;
656
+ }
657
+ /**
658
+ * Tenant-level user statistics
659
+ */
660
+ interface UserStats {
661
+ /** Total registered users */
662
+ totalUsers: number;
663
+ /** Active users (logged in within 30 days) */
664
+ activeUsers: number;
665
+ /** Users by role */
666
+ usersByRole: Record<UserRole, number>;
667
+ /** Users by status */
668
+ usersByStatus: Record<UserStatus, number>;
669
+ /** New users this month */
670
+ newUsersThisMonth: number;
671
+ /** Daily active users (last 7 days) */
672
+ dailyActiveUsers: number[];
673
+ }
674
+ /**
675
+ * Pagination parameters for user lists
676
+ */
677
+ interface UserListParams {
678
+ /** Page number (1-indexed) */
679
+ page?: number;
680
+ /** Items per page (default 20, max 100) */
681
+ limit?: number;
682
+ /** Filter by role */
683
+ role?: UserRole;
684
+ /** Filter by status */
685
+ status?: UserStatus;
686
+ /** Search by email or name */
687
+ search?: string;
688
+ /** Sort field */
689
+ sortBy?: 'createdAt' | 'lastLoginAt' | 'email' | 'name';
690
+ /** Sort direction */
691
+ sortOrder?: 'asc' | 'desc';
692
+ }
693
+ /**
694
+ * Paginated user list response
695
+ */
696
+ interface UserListResponse {
697
+ users: ManagedUser[];
698
+ totalCount: number;
699
+ page: number;
700
+ limit: number;
701
+ hasMore: boolean;
702
+ }
703
+ /**
704
+ * Return type for useUserManagement hook
705
+ */
706
+ interface UseUserManagementReturn {
707
+ /** List of managed users */
708
+ users: ManagedUser[];
709
+ /** User statistics */
710
+ stats: UserStats | null;
711
+ /** Loading state */
712
+ isLoading: boolean;
713
+ /** Error message */
714
+ error: string | null;
715
+ /** Pagination state */
716
+ pagination: {
717
+ page: number;
718
+ limit: number;
719
+ totalCount: number;
720
+ hasMore: boolean;
721
+ };
722
+ /** Refresh user list */
723
+ refreshUsers: (params?: UserListParams) => Promise<void>;
724
+ /** Get user by ID */
725
+ getUser: (userId: string) => Promise<ManagedUser | null>;
726
+ /** Update user details */
727
+ updateUser: (userId: string, updates: UpdateUserRequest) => Promise<boolean>;
728
+ /** Suspend a user */
729
+ suspendUser: (userId: string, reason?: string) => Promise<boolean>;
730
+ /** Reactivate a suspended user */
731
+ reactivateUser: (userId: string) => Promise<boolean>;
732
+ /** Delete a user (permanent) */
733
+ deleteUser: (userId: string) => Promise<boolean>;
734
+ /** Get user activity logs */
735
+ getUserActivity: (userId: string, limit?: number) => Promise<UserActivityLog[]>;
736
+ /** Refresh statistics */
737
+ refreshStats: () => Promise<void>;
738
+ /** Set current page */
739
+ setPage: (page: number) => void;
740
+ /** Set search query */
741
+ setSearch: (search: string) => void;
742
+ /** Set role filter */
743
+ setRoleFilter: (role: UserRole | null) => void;
744
+ /** Set status filter */
745
+ setStatusFilter: (status: UserStatus | null) => void;
746
+ /** Current admin user has permission */
747
+ canManageUsers: boolean;
748
+ }
749
+ declare const LLM_PROVIDERS: readonly ["anthropic", "openai", "gemini", "deepseek", "xai", "ollama"];
750
+ type LLMProvider = (typeof LLM_PROVIDERS)[number];
751
+ /**
752
+ * One platform credential a user can pin via /user/model-preference.
753
+ * Mirrors the backend ModelOption pydantic model in user_preferences.py.
754
+ */
755
+ interface ModelOption {
756
+ credential_id: string;
757
+ provider: string;
758
+ model_id: string;
759
+ purpose: string;
760
+ is_default: boolean;
761
+ }
762
+ /**
763
+ * The user's resolved model preference state. `is_auto=true` means no
764
+ * pinned cred — runtime resolver falls back to the tenant's purpose default.
765
+ */
766
+ interface ModelPreferenceState {
767
+ preferred_credential_id: string | null;
768
+ resolved_provider: string | null;
769
+ resolved_model_id: string | null;
770
+ is_auto: boolean;
771
+ }
772
+ /**
773
+ * Tenant-admin platform credential — what `/admin/provider-credentials`
774
+ * lists. `masked_key` is `XXXX…last4` for display.
775
+ */
776
+ interface AdminProviderCredential {
777
+ credential_id: string;
778
+ provider: string;
779
+ purpose: string;
780
+ scope: string;
781
+ model_id: string;
782
+ is_default: boolean;
783
+ masked_key: string;
784
+ created_at: number;
785
+ updated_at?: number;
786
+ }
787
+ /**
788
+ * Non-platform credential already owned by the tenant — candidate for
789
+ * promotion into the platform pool via `/admin/provider-credentials/promote`.
790
+ */
791
+ interface ExistingProviderCredential {
792
+ credential_id: string;
793
+ tenant_id: string;
794
+ provider: string;
795
+ purpose: string;
796
+ scope: string;
797
+ model_id: string;
798
+ is_default: boolean;
799
+ api_key_preview: string;
800
+ created_at?: number;
801
+ }
802
+ interface CreateAdminProviderCredentialInput {
803
+ provider: LLMProvider | string;
804
+ api_key: string;
805
+ model_id?: string;
806
+ purpose?: string;
807
+ is_default?: boolean;
808
+ }
809
+ /**
810
+ * Credential purposes after the P0-68 collapse. Only `default` and
811
+ * `code_sandbox` are actively used by MonoSage. Legacy purposes remain
812
+ * in the union for back-compat — reads resolve them to `default` server-side
813
+ * and writes are still accepted, but new code should target `default`.
814
+ */
815
+ declare const CREDENTIAL_PURPOSES: readonly ["default", "code_sandbox", "llm", "swarm", "thinking", "data_operations", "visualization", "google_marketing", "site_builder", "site_planner", "site_style", "site_data_integrator", "daily_brief", "js_builder", "site_patch", "code_interpreter"];
816
+ type CredentialPurpose = (typeof CREDENTIAL_PURPOSES)[number];
817
+ interface ProviderCredential {
818
+ credential_id: string;
819
+ provider: LLMProvider;
820
+ model_id: string;
821
+ purpose: string;
822
+ is_default: boolean;
823
+ api_key?: string;
824
+ host?: string;
825
+ model_settings?: ProviderModelSettings;
826
+ created_at?: string;
827
+ }
828
+ interface ProviderModelSettings {
829
+ temperature?: number;
830
+ max_tokens?: number;
831
+ top_p?: number;
832
+ [key: string]: unknown;
833
+ }
834
+ /** Sensible defaults for model settings. */
835
+ declare const DEFAULT_PROVIDER_MODEL_SETTINGS: ProviderModelSettings;
836
+ /** Runtime type guard for ProviderCredential objects. */
837
+ declare function isProviderCredential(value: unknown): value is ProviderCredential;
838
+ declare const COLLECTION_LAYERS: readonly ["shared", "user", "auto"];
839
+ type CollectionLayer = (typeof COLLECTION_LAYERS)[number];
840
+ interface PurposeInfo {
841
+ purpose: string;
842
+ label: string;
843
+ description: string;
844
+ default_provider?: LLMProvider;
845
+ }
846
+ interface OllamaLocalModel {
847
+ name: string;
848
+ size: number;
849
+ modified_at: string;
850
+ digest?: string;
851
+ }
852
+ interface OllamaStatus {
853
+ available: boolean;
854
+ host: string;
855
+ models: OllamaLocalModel[];
856
+ error?: string;
857
+ }
858
+ interface CollectionSchemaInfo {
859
+ fields: {
860
+ name: string;
861
+ type: string;
862
+ }[];
863
+ }
864
+ interface UserCollectionInfo {
865
+ full_name: string;
866
+ name: string;
867
+ database: string;
868
+ doc_count: number;
869
+ site_name?: string;
870
+ data_tier?: string;
871
+ scope?: string;
872
+ }
873
+ interface ApiResponse<T = unknown> {
874
+ ok: boolean;
875
+ status: number;
876
+ data?: T;
877
+ error?: string;
878
+ }
879
+ interface ListResponse<T> {
880
+ items: T[];
881
+ totalCount: number;
882
+ hasMore?: boolean;
883
+ cached?: boolean;
884
+ }
885
+ /**
886
+ * Full context value provided by FlowstackProvider
887
+ */
888
+ interface FlowstackContextValue {
889
+ config: FlowstackConfig;
890
+ credentials: FlowstackCredentials | null;
891
+ setCredentials: (creds: FlowstackCredentials | null) => void;
892
+ isAuthenticated: boolean;
893
+ isInitialized: boolean;
894
+ logout: () => void;
895
+ session: SessionState;
896
+ workspaces: WorkspaceInfo[];
897
+ selectedWorkspace: WorkspaceInfo | null;
898
+ setSelectedWorkspace: (workspace: WorkspaceInfo | null) => void;
899
+ refreshWorkspaces: () => Promise<void>;
900
+ createWorkspace: (name: string, description?: string) => Promise<WorkspaceInfo | null>;
901
+ isLoadingWorkspaces: boolean;
902
+ messages: ChatMessage[];
903
+ addMessage: (message: ChatMessage) => void;
904
+ updateMessage: (id: string, updates: Partial<ChatMessage>) => void;
905
+ clearMessages: () => void;
906
+ isQueryRunning: boolean;
907
+ setIsQueryRunning: (running: boolean) => void;
908
+ queryStartTime: number | null;
909
+ setQueryStartTime: (time: number | null) => void;
910
+ datasets: DatasetInfo[];
911
+ setDatasets: (datasets: DatasetInfo[]) => void;
912
+ refreshDatasets: () => Promise<void>;
913
+ isLoadingDatasets: boolean;
914
+ visualizations: VisualizationData[];
915
+ setVisualizations: (vizs: VisualizationData[]) => void;
916
+ addVisualization: (viz: VisualizationData) => void;
917
+ refreshVisualizations: () => Promise<void>;
918
+ isLoadingVisualizations: boolean;
919
+ clearVisualizations: () => void;
920
+ reports: ReportInfo[];
921
+ refreshReports: () => Promise<void>;
922
+ isLoadingReports: boolean;
923
+ models: ModelInfo[];
924
+ refreshModels: () => Promise<void>;
925
+ isLoadingModels: boolean;
926
+ scripts: ScriptInfo[];
927
+ refreshScripts: () => Promise<void>;
928
+ isLoadingScripts: boolean;
929
+ isSidebarOpen: boolean;
930
+ setSidebarOpen: (open: boolean) => void;
931
+ activeTab: 'chat' | 'datasets' | 'visualizations' | 'reports' | 'models';
932
+ setActiveTab: (tab: 'chat' | 'datasets' | 'visualizations' | 'reports' | 'models') => void;
933
+ }
934
+ interface UserDataOverviewWorkspace {
935
+ workspace_id: string;
936
+ name?: string;
937
+ artifact_counts?: Record<string, number>;
938
+ }
939
+ interface UserDataOverview {
940
+ workspaces: UserDataOverviewWorkspace[];
941
+ sites: {
942
+ site_id: string;
943
+ name: string;
944
+ }[];
945
+ mongodb_summary: {
946
+ total_collections: number;
947
+ total_documents: number;
948
+ };
949
+ }
950
+ interface GitHubRepo {
951
+ id: number;
952
+ name: string;
953
+ full_name: string;
954
+ private: boolean;
955
+ html_url: string;
956
+ description?: string;
957
+ language?: string;
958
+ default_branch: string;
959
+ }
960
+ interface PiiEntitySettings {
961
+ [entityType: string]: boolean;
962
+ }
963
+ interface PiiSettings {
964
+ query_masking?: {
965
+ enabled?: boolean;
966
+ entity_types?: PiiEntitySettings;
967
+ };
968
+ file_masking?: {
969
+ enabled?: boolean;
970
+ };
971
+ }
972
+ /** P0-57: Detailed report of a single PII entity detected/masked in a query. */
973
+ interface PiiRedactedEntity {
974
+ entity_type: string;
975
+ /** Original text that was masked. Partially redacted for ALWAYS_MASK types (SSN, CC). */
976
+ original_text: string;
977
+ start: number;
978
+ end: number;
979
+ score: number;
980
+ is_always_masked: boolean;
981
+ /** Whether this entity will actually be masked given current settings. (Preview only) */
982
+ will_mask?: boolean;
983
+ }
984
+
985
+ /**
986
+ * Flowstack API Client
987
+ *
988
+ * CRITICAL: This enforces user-level isolation for the shared tenant architecture.
989
+ * ALL API requests MUST go through this client to prevent data leakage.
990
+ *
991
+ * Architecture:
992
+ * - Flowstack: Multi-user, single-tenant system
993
+ * - Backend: Multi-tenant system
994
+ * - Isolation: By user_id within shared tenant
995
+ */
996
+
997
+ interface FlowstackClientConfig {
998
+ baseUrl?: string;
999
+ tenantId?: string;
1000
+ enforceUserScope?: boolean;
1001
+ /** App scope (site_id) — embedded in JWT for built-app users */
1002
+ appScope?: string;
1003
+ }
1004
+ /**
1005
+ * Request options for API calls
1006
+ */
1007
+ interface RequestOptions {
1008
+ method?: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH';
1009
+ body?: unknown;
1010
+ headers?: Record<string, string>;
1011
+ credentials: FlowstackCredentials;
1012
+ }
1013
+ /**
1014
+ * Make a request to the Flowstack API with user-level isolation
1015
+ */
1016
+ declare function flowstackFetch<T = unknown>(endpoint: string, options: RequestOptions, config?: FlowstackClientConfig): Promise<ApiResponse<T>>;
1017
+ /**
1018
+ * List workspaces for the current user
1019
+ */
1020
+ declare function listWorkspaces(credentials: FlowstackCredentials, limit?: number, config?: FlowstackClientConfig): Promise<ApiResponse<{
1021
+ workspaces: WorkspaceInfo[];
1022
+ total_count: number;
1023
+ has_more: boolean;
1024
+ }>>;
1025
+ /**
1026
+ * Create a new workspace
1027
+ */
1028
+ declare function createWorkspace(credentials: FlowstackCredentials, name: string, description?: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1029
+ workspace: WorkspaceInfo;
1030
+ }>>;
1031
+ /**
1032
+ * Get a single workspace
1033
+ */
1034
+ declare function getWorkspace(credentials: FlowstackCredentials, workspaceId: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1035
+ workspace: WorkspaceInfo;
1036
+ }>>;
1037
+ /**
1038
+ * List datasets for a tenant (optionally filtered by workspace)
1039
+ */
1040
+ declare function listDatasets(credentials: FlowstackCredentials, workspaceId?: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1041
+ datasets: DatasetInfo[];
1042
+ }>>;
1043
+ /**
1044
+ * Get dataset details
1045
+ */
1046
+ declare function getDataset(credentials: FlowstackCredentials, datasetName: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1047
+ dataset: DatasetInfo;
1048
+ }>>;
1049
+ /**
1050
+ * Get a preview of dataset rows and columns
1051
+ */
1052
+ declare function getDatasetPreview(credentials: FlowstackCredentials, datasetName: string, workspaceId: string, config?: FlowstackClientConfig): Promise<ApiResponse<DatasetPreview>>;
1053
+ /**
1054
+ * Delete a dataset
1055
+ * Note: Dataset deletion must be done through the agent chat interface
1056
+ */
1057
+ declare function deleteDataset(_credentials: FlowstackCredentials, _datasetName: string, _config?: FlowstackClientConfig): Promise<ApiResponse<{
1058
+ success: boolean;
1059
+ }>>;
1060
+ /**
1061
+ * List visualizations in a workspace
1062
+ */
1063
+ declare function listVisualizations(credentials: FlowstackCredentials, workspaceId: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1064
+ visualizations: VisualizationData[];
1065
+ }>>;
1066
+ /**
1067
+ * List reports in a workspace
1068
+ */
1069
+ declare function listReports(credentials: FlowstackCredentials, workspaceId: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1070
+ reports: ReportInfo[];
1071
+ }>>;
1072
+ /**
1073
+ * List ML models in a workspace
1074
+ */
1075
+ declare function listModels(credentials: FlowstackCredentials, workspaceId: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1076
+ models: ModelInfo[];
1077
+ }>>;
1078
+ /**
1079
+ * Get model details
1080
+ */
1081
+ declare function getModel(credentials: FlowstackCredentials, workspaceId: string, modelName: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1082
+ model: ModelInfo;
1083
+ }>>;
1084
+ /**
1085
+ * List scripts in a workspace
1086
+ */
1087
+ declare function listScripts(credentials: FlowstackCredentials, workspaceId: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1088
+ scripts: ScriptInfo[];
1089
+ }>>;
1090
+ /**
1091
+ * List data sources
1092
+ */
1093
+ declare function listDataSources(credentials: FlowstackCredentials, config?: FlowstackClientConfig, options?: {
1094
+ /**
1095
+ * P0-69: when true, appends `include_provenance=true` so the backend
1096
+ * returns the `_flowstack` workspace attribution envelope on every
1097
+ * data source. Required for built apps that need to know which
1098
+ * workspace a shared data source belongs to.
1099
+ */
1100
+ includeProvenance?: boolean;
1101
+ }): Promise<ApiResponse<{
1102
+ datasources: DataSource[];
1103
+ }>>;
1104
+ /**
1105
+ * Create a data source
1106
+ */
1107
+ declare function createDataSource(credentials: FlowstackCredentials, sourceConfig: DataSourceConfig, config?: FlowstackClientConfig): Promise<ApiResponse<DataSource>>;
1108
+ /**
1109
+ * Test a data source connection
1110
+ */
1111
+ declare function testDataSource(credentials: FlowstackCredentials, sourceId: string, config?: FlowstackClientConfig): Promise<ApiResponse<ConnectionTestResult>>;
1112
+ /**
1113
+ * Delete a data source
1114
+ */
1115
+ declare function deleteDataSource(credentials: FlowstackCredentials, sourceId: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1116
+ success: boolean;
1117
+ }>>;
1118
+ /**
1119
+ * List available agents with descriptions and capabilities.
1120
+ * No credentials required — this is a public capability catalog.
1121
+ */
1122
+ declare function listAgents(config?: FlowstackClientConfig): Promise<ApiResponse<{
1123
+ agents: AgentInfo[];
1124
+ count: number;
1125
+ workflows: any[];
1126
+ }>>;
1127
+ /**
1128
+ * Execute a streaming query
1129
+ * Returns the Response object for SSE streaming
1130
+ */
1131
+ declare function executeQuery(credentials: FlowstackCredentials, query: string, workspaceId: string, options?: {
1132
+ networkMode?: 'SANDBOX' | 'PUBLIC';
1133
+ tools?: string[];
1134
+ /** @deprecated P0-73: Strands swarm removed. Use `capabilities` instead. */
1135
+ targetAgent?: string;
1136
+ /** @deprecated P0-73: Strands swarm removed. Use `capabilities` instead. */
1137
+ targetAgents?: string[];
1138
+ /** P0-80: meta-tool categories to pre-load on the server so the agent
1139
+ * has the right tools available from turn 1. Values: 'site_operations',
1140
+ * 'data_access', 'external_integration', 'code_execution',
1141
+ * 'domain_task', 'workspace_management'. */
1142
+ capabilities?: string[];
1143
+ /** Session ID for conversation continuity */
1144
+ sessionId?: string;
1145
+ /**
1146
+ * When true, backend generates a new session key (appends timestamp to
1147
+ * the deterministic hash) so end-users of built apps get a fresh
1148
+ * conversation on the backend, not just cleared frontend state.
1149
+ */
1150
+ forceNewSession?: boolean;
1151
+ }, config?: FlowstackClientConfig): Promise<Response>;
1152
+ /**
1153
+ * Execute a streaming query with custom agent configuration
1154
+ *
1155
+ * Extends executeQuery to support system prompt overrides, tool whitelists,
1156
+ * and direct agent targeting.
1157
+ */
1158
+ declare function executeQueryWithConfig(credentials: FlowstackCredentials, query: string, workspaceId: string, options?: {
1159
+ networkMode?: 'SANDBOX' | 'PUBLIC';
1160
+ systemPrompt?: string;
1161
+ tools?: string[];
1162
+ /** @deprecated P0-73: Strands swarm removed. Use `capabilities` instead. */
1163
+ targetAgent?: string;
1164
+ /** @deprecated P0-73: Strands swarm removed. Use `capabilities` instead. */
1165
+ targetAgents?: string[];
1166
+ /** P0-80: meta-tool categories to pre-load on the server. */
1167
+ capabilities?: string[];
1168
+ /** P0-132 (G4): target a specific registered persona/subagent by name. Sent
1169
+ * as `target_agents` on the wire so multi-persona apps can pick a persona
1170
+ * instead of always hitting the auto-selected first subagent. This is the
1171
+ * supported persona-selection path — distinct from the deprecated Strands
1172
+ * swarm `targetAgent(s)` fields above. */
1173
+ persona?: string;
1174
+ /** Session ID for conversation continuity */
1175
+ sessionId?: string;
1176
+ /** P0-57: Per-request PII allowlist — terms the user explicitly allowed */
1177
+ allowedTerms?: string[];
1178
+ /** Force backend to create a new conversation (appends timestamp to session hash) */
1179
+ forceNewSession?: boolean;
1180
+ }, config?: FlowstackClientConfig): Promise<Response>;
1181
+ /**
1182
+ * Query a MongoDB collection directly (for useCollection hook).
1183
+ *
1184
+ * Requires app_scope in JWT — only built-app users can use this.
1185
+ * Collection name is auto-prefixed with app_scope by the backend.
1186
+ */
1187
+ declare function queryCollection<T = Record<string, any>>(credentials: FlowstackCredentials, collection: string, options?: {
1188
+ filter?: Record<string, any>;
1189
+ limit?: number;
1190
+ skip?: number;
1191
+ sort?: Record<string, 1 | -1>;
1192
+ projection?: Record<string, 0 | 1>;
1193
+ layer?: CollectionLayer;
1194
+ /**
1195
+ * P0-69: when true, appends `include_provenance=true` so the backend
1196
+ * returns the `_flowstack` workspace attribution envelope on every
1197
+ * document. Backend strips the envelope when this param is absent.
1198
+ */
1199
+ includeProvenance?: boolean;
1200
+ }, config?: FlowstackClientConfig): Promise<ApiResponse<{
1201
+ documents: T[];
1202
+ count: number;
1203
+ total: number;
1204
+ }>>;
1205
+ /**
1206
+ * Insert one or more documents into a MongoDB collection.
1207
+ *
1208
+ * Requires app_scope in JWT — only built-app users can use this.
1209
+ * Collection name is auto-prefixed with app_scope by the backend.
1210
+ */
1211
+ declare function insertDocuments(credentials: FlowstackCredentials, collection: string, documents: Record<string, any> | Record<string, any>[], config?: FlowstackClientConfig, layer?: CollectionLayer): Promise<ApiResponse<{
1212
+ inserted_count: number;
1213
+ inserted_ids: string[];
1214
+ collection: string;
1215
+ }>>;
1216
+ /**
1217
+ * Update documents in a MongoDB collection matching the filter.
1218
+ *
1219
+ * Requires app_scope in JWT — only built-app users can use this.
1220
+ * Collection name is auto-prefixed with app_scope by the backend.
1221
+ */
1222
+ declare function updateDocuments(credentials: FlowstackCredentials, collection: string, filter: Record<string, any>, update: Record<string, any>, options?: {
1223
+ upsert?: boolean;
1224
+ }, config?: FlowstackClientConfig, layer?: CollectionLayer): Promise<ApiResponse<{
1225
+ matched_count: number;
1226
+ modified_count: number;
1227
+ collection: string;
1228
+ }>>;
1229
+ /**
1230
+ * Delete documents from a MongoDB collection matching the filter.
1231
+ *
1232
+ * Requires app_scope in JWT — only built-app users can use this.
1233
+ * Collection name is auto-prefixed with app_scope by the backend.
1234
+ */
1235
+ declare function deleteDocuments(credentials: FlowstackCredentials, collection: string, filter: Record<string, any>, config?: FlowstackClientConfig, layer?: CollectionLayer): Promise<ApiResponse<{
1236
+ deleted_count: number;
1237
+ collection: string;
1238
+ }>>;
1239
+ /**
1240
+ * Invoke an agent tool directly (bypasses LLM orchestration).
1241
+ */
1242
+ declare function invokeTool<T = any>(credentials: FlowstackCredentials, agentName: string, toolName: string, kwargs?: Record<string, any>, config?: FlowstackClientConfig): Promise<ApiResponse<{
1243
+ status: string;
1244
+ result: T;
1245
+ }>>;
1246
+ /**
1247
+ * Upload a file to a workspace
1248
+ */
1249
+ declare function uploadFile(credentials: FlowstackCredentials, workspaceId: string, file: File, name?: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1250
+ dataset?: DatasetInfo;
1251
+ report?: ReportInfo;
1252
+ }>>;
1253
+ /**
1254
+ * Upload a document (PDF/DOCX/image/etc.) to a workspace's uploads/ prefix.
1255
+ *
1256
+ * The two upload routes split by intent: `/upload` parses tabular formats into
1257
+ * a queryable DataFrame (dataset); `/upload-document` stores raw bytes for the
1258
+ * agent's `ingest_document` / `search_documents` tools. The chat input
1259
+ * accepts both kinds of file, so useAgent.query() must pick the right route
1260
+ * by extension or the backend 400s with "Unsupported file type".
1261
+ */
1262
+ declare function uploadDocument(credentials: FlowstackCredentials, workspaceId: string, file: File, documentName?: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1263
+ document_name?: string;
1264
+ filename?: string;
1265
+ format?: string;
1266
+ size_bytes?: number;
1267
+ s3_key?: string;
1268
+ }>>;
1269
+ /**
1270
+ * Login to get session token
1271
+ */
1272
+ declare function login(email: string, password: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1273
+ session_token: string;
1274
+ user_id: string;
1275
+ access_token?: string;
1276
+ }>>;
1277
+ /**
1278
+ * Register a new user
1279
+ */
1280
+ declare function register(email: string, password: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1281
+ user_id: string;
1282
+ message?: string;
1283
+ session_token?: string;
1284
+ tenant_id?: string;
1285
+ }>>;
1286
+ /**
1287
+ * Authenticate via Google OAuth authorization code.
1288
+ * Call this from the /api/auth/google/callback route after receiving the code from Google.
1289
+ */
1290
+ declare function googleLogin(code: string, redirectUri: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1291
+ session_token: string;
1292
+ user_id: string;
1293
+ tenant_id?: string;
1294
+ expires_at?: string;
1295
+ }>>;
1296
+ /**
1297
+ * List users in the tenant with pagination and filtering
1298
+ */
1299
+ declare function listUsers(credentials: FlowstackCredentials, params?: UserListParams, config?: FlowstackClientConfig): Promise<ApiResponse<UserListResponse>>;
1300
+ /**
1301
+ * Get a single user by ID
1302
+ */
1303
+ declare function getUser(credentials: FlowstackCredentials, userId: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1304
+ user: ManagedUser;
1305
+ }>>;
1306
+ /**
1307
+ * Update a user's profile or role
1308
+ */
1309
+ declare function updateUser(credentials: FlowstackCredentials, userId: string, updates: UpdateUserRequest, config?: FlowstackClientConfig): Promise<ApiResponse<{
1310
+ user: ManagedUser;
1311
+ }>>;
1312
+ /**
1313
+ * Delete a user permanently
1314
+ */
1315
+ declare function deleteUser(credentials: FlowstackCredentials, userId: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1316
+ success: boolean;
1317
+ }>>;
1318
+ /**
1319
+ * Suspend a user account
1320
+ */
1321
+ declare function suspendUser(credentials: FlowstackCredentials, userId: string, reason?: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1322
+ user: ManagedUser;
1323
+ }>>;
1324
+ /**
1325
+ * Reactivate a suspended user account
1326
+ */
1327
+ declare function reactivateUser(credentials: FlowstackCredentials, userId: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1328
+ user: ManagedUser;
1329
+ }>>;
1330
+ /**
1331
+ * Get user activity logs
1332
+ */
1333
+ declare function getUserActivity(credentials: FlowstackCredentials, userId: string, limit?: number, config?: FlowstackClientConfig): Promise<ApiResponse<{
1334
+ activities: UserActivityLog[];
1335
+ }>>;
1336
+ /**
1337
+ * Get user statistics for the tenant
1338
+ */
1339
+ declare function getUserStats(credentials: FlowstackCredentials, config?: FlowstackClientConfig): Promise<ApiResponse<UserStats>>;
1340
+ /**
1341
+ * Check if the current user has admin permissions to manage users
1342
+ */
1343
+ declare function checkAdminPermissions(credentials: FlowstackCredentials, config?: FlowstackClientConfig): Promise<ApiResponse<{
1344
+ canManageUsers: boolean;
1345
+ role: string;
1346
+ }>>;
1347
+ /**
1348
+ * Get conversation history for a workspace/session
1349
+ */
1350
+ declare function getConversationHistory(credentials: FlowstackCredentials, workspaceId: string, options?: {
1351
+ limit?: number;
1352
+ offset?: number;
1353
+ }, config?: FlowstackClientConfig): Promise<ApiResponse<{
1354
+ messages: Array<{
1355
+ role: string;
1356
+ content: string;
1357
+ timestamp: string;
1358
+ }>;
1359
+ }>>;
1360
+ interface CreateSiteParams {
1361
+ name: string;
1362
+ siteType?: 'on_demand' | 'daily' | 'js_build';
1363
+ description?: string;
1364
+ files?: Record<string, string>;
1365
+ }
1366
+ /**
1367
+ * List all published sites for the current user
1368
+ */
1369
+ declare function listSites(credentials: FlowstackCredentials, config?: FlowstackClientConfig): Promise<ApiResponse<{
1370
+ sites: PublishedSiteInfo[];
1371
+ count: number;
1372
+ }>>;
1373
+ /**
1374
+ * Get a single published site by ID
1375
+ */
1376
+ declare function getSite(credentials: FlowstackCredentials, siteId: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1377
+ site: PublishedSiteInfo;
1378
+ }>>;
1379
+ /**
1380
+ * Create a new site. If files are provided, publishes immediately.
1381
+ * Otherwise creates a staging area for incremental file uploads.
1382
+ */
1383
+ declare function createSite(credentials: FlowstackCredentials, params: CreateSiteParams, config?: FlowstackClientConfig): Promise<ApiResponse<{
1384
+ site?: PublishedSiteInfo;
1385
+ site_id?: string;
1386
+ mode?: string;
1387
+ }>>;
1388
+ /**
1389
+ * Add or update a single file in a site's staging area.
1390
+ * Call this for each file, then publishStagedSite() to deploy.
1391
+ */
1392
+ declare function addSiteFile(credentials: FlowstackCredentials, siteId: string, filePath: string, content: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1393
+ success: boolean;
1394
+ }>>;
1395
+ /**
1396
+ * Publish a staged site to CDN. Call after adding all files with addSiteFile().
1397
+ */
1398
+ declare function publishStagedSite(credentials: FlowstackCredentials, siteId: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1399
+ site: PublishedSiteInfo;
1400
+ }>>;
1401
+ /**
1402
+ * Delete a published site and all its files from CDN
1403
+ */
1404
+ declare function deleteSite(credentials: FlowstackCredentials, siteId: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1405
+ success: boolean;
1406
+ }>>;
1407
+ declare function getSiteVersions(credentials: FlowstackCredentials, siteId: string, config?: FlowstackClientConfig): Promise<ApiResponse<SiteVersionManifest>>;
1408
+ declare function promoteSiteVersion(credentials: FlowstackCredentials, siteId: string, version: number, config?: FlowstackClientConfig): Promise<ApiResponse<SiteVersionManifest>>;
1409
+ declare function deleteSiteVersion(credentials: FlowstackCredentials, siteId: string, version: number, config?: FlowstackClientConfig): Promise<ApiResponse<SiteVersionManifest>>;
1410
+ declare function setSiteAlias(credentials: FlowstackCredentials, siteId: string, alias: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1411
+ alias: string;
1412
+ url: string;
1413
+ }>>;
1414
+ declare function removeSiteAlias(credentials: FlowstackCredentials, siteId: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1415
+ success: boolean;
1416
+ }>>;
1417
+ declare function publishToGitHub(credentials: FlowstackCredentials, siteId: string, params: PublishToGitHubParams, config?: FlowstackClientConfig): Promise<ApiResponse<PublishToGitHubResult>>;
1418
+ declare function listGitHubRepos(credentials: FlowstackCredentials, config?: FlowstackClientConfig): Promise<ApiResponse<{
1419
+ repos: GitHubRepo[];
1420
+ }>>;
1421
+ declare function importFromGitHub(credentials: FlowstackCredentials, params: {
1422
+ repoFullName: string;
1423
+ branch?: string;
1424
+ workspaceId?: string;
1425
+ }, config?: FlowstackClientConfig): Promise<ApiResponse<{
1426
+ files_imported: number;
1427
+ }>>;
1428
+ declare function getPiiSettings(credentials: FlowstackCredentials, workspaceId: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1429
+ settings: PiiSettings;
1430
+ }>>;
1431
+ declare function updatePiiSettings(credentials: FlowstackCredentials, workspaceId: string, settings: PiiSettings, config?: FlowstackClientConfig): Promise<ApiResponse<{
1432
+ success: boolean;
1433
+ }>>;
1434
+ declare function previewPiiMasking(credentials: FlowstackCredentials, query: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1435
+ entities: PiiRedactedEntity[];
1436
+ }>>;
1437
+ declare function getPiiAllowlist(credentials: FlowstackCredentials, workspaceId: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1438
+ allowlist: Array<{
1439
+ term: string;
1440
+ entity_type: string;
1441
+ }>;
1442
+ }>>;
1443
+ declare function addPiiAllowlistTerm(credentials: FlowstackCredentials, workspaceId: string, term: string, entityType: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1444
+ success: boolean;
1445
+ allowlist: Array<{
1446
+ term: string;
1447
+ entity_type: string;
1448
+ }>;
1449
+ }>>;
1450
+ declare function removePiiAllowlistTerm(credentials: FlowstackCredentials, workspaceId: string, term: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1451
+ success: boolean;
1452
+ allowlist: Array<{
1453
+ term: string;
1454
+ entity_type: string;
1455
+ }>;
1456
+ }>>;
1457
+ declare function getUserDataOverview(credentials: FlowstackCredentials, config?: FlowstackClientConfig): Promise<ApiResponse<UserDataOverview>>;
1458
+ declare function getUserCollections(credentials: FlowstackCredentials, params?: {
1459
+ siteId?: string;
1460
+ includeSchema?: boolean;
1461
+ }, config?: FlowstackClientConfig): Promise<ApiResponse<{
1462
+ collections: UserCollectionInfo[];
1463
+ grouped_by_site: Record<string, UserCollectionInfo[]>;
1464
+ }>>;
1465
+ declare function getUserCollectionDocuments<T = Record<string, any>>(credentials: FlowstackCredentials, collection: string, params?: {
1466
+ filter?: Record<string, any>;
1467
+ limit?: number;
1468
+ skip?: number;
1469
+ sort?: Record<string, 1 | -1>;
1470
+ database?: string;
1471
+ }, config?: FlowstackClientConfig): Promise<ApiResponse<{
1472
+ documents: T[];
1473
+ total: number;
1474
+ }>>;
1475
+ declare function getUserCollectionSchema(credentials: FlowstackCredentials, collection: string, params?: {
1476
+ database?: string;
1477
+ sampleSize?: number;
1478
+ }, config?: FlowstackClientConfig): Promise<ApiResponse<CollectionSchemaInfo>>;
1479
+ declare function deleteUserCollection(credentials: FlowstackCredentials, collection: string, config?: FlowstackClientConfig): Promise<ApiResponse<{
1480
+ deleted: boolean;
1481
+ collection: string;
1482
+ }>>;
1483
+ declare function exportUserCollection(credentials: FlowstackCredentials, collection: string, params?: {
1484
+ format?: 'json' | 'csv';
1485
+ filter?: Record<string, any>;
1486
+ database?: string;
1487
+ }, config?: FlowstackClientConfig): Promise<ApiResponse<Blob>>;
1488
+
1489
+ /**
1490
+ * Redis Cache Layer for Flowstack SDK
1491
+ * Uses Upstash Redis for serverless caching
1492
+ */
1493
+
1494
+ declare const CACHE_TTL: {
1495
+ readonly WORKSPACES: 300;
1496
+ readonly DATASETS: 60;
1497
+ readonly VISUALIZATIONS: 60;
1498
+ readonly REPORTS: 60;
1499
+ readonly SITES: 120;
1500
+ readonly MESSAGES: 0;
1501
+ readonly SESSION: 86400;
1502
+ };
1503
+ /**
1504
+ * Redis client configuration
1505
+ */
1506
+ interface RedisConfig {
1507
+ url: string;
1508
+ token: string;
1509
+ }
1510
+ declare function getCachedWorkspaces(credentials: FlowstackCredentials, config: RedisConfig): Promise<WorkspaceInfo[] | null>;
1511
+ declare function setCachedWorkspaces(credentials: FlowstackCredentials, workspaces: WorkspaceInfo[], config: RedisConfig): Promise<boolean>;
1512
+ declare function invalidateWorkspacesCache(credentials: FlowstackCredentials, config: RedisConfig): Promise<boolean>;
1513
+ declare function getCachedDatasets(credentials: FlowstackCredentials, workspaceId: string, config: RedisConfig): Promise<DatasetInfo[] | null>;
1514
+ declare function setCachedDatasets(credentials: FlowstackCredentials, workspaceId: string, datasets: DatasetInfo[], config: RedisConfig): Promise<boolean>;
1515
+ declare function invalidateDatasetsCache(credentials: FlowstackCredentials, workspaceId: string, config: RedisConfig): Promise<boolean>;
1516
+ declare function getCachedVisualizations(credentials: FlowstackCredentials, workspaceId: string, config: RedisConfig): Promise<VisualizationData[] | null>;
1517
+ declare function setCachedVisualizations(credentials: FlowstackCredentials, workspaceId: string, visualizations: VisualizationData[], config: RedisConfig): Promise<boolean>;
1518
+ declare function invalidateVisualizationsCache(credentials: FlowstackCredentials, workspaceId: string, config: RedisConfig): Promise<boolean>;
1519
+ declare function getCachedReports(credentials: FlowstackCredentials, workspaceId: string, config: RedisConfig): Promise<ReportInfo[] | null>;
1520
+ declare function setCachedReports(credentials: FlowstackCredentials, workspaceId: string, reports: ReportInfo[], config: RedisConfig): Promise<boolean>;
1521
+ declare function invalidateReportsCache(credentials: FlowstackCredentials, workspaceId: string, config: RedisConfig): Promise<boolean>;
1522
+ /**
1523
+ * Invalidate all workspace artifacts (datasets, visualizations, reports)
1524
+ */
1525
+ declare function invalidateWorkspaceArtifacts(credentials: FlowstackCredentials, workspaceId: string, config: RedisConfig): Promise<void>;
1526
+ /**
1527
+ * Invalidate all user cache
1528
+ */
1529
+ declare function invalidateAllUserCache(credentials: FlowstackCredentials, config: RedisConfig): Promise<void>;
1530
+ /**
1531
+ * Get a cached value
1532
+ */
1533
+ declare function getCached<T>(key: string, config: RedisConfig): Promise<T | null>;
1534
+ /**
1535
+ * Set a cached value
1536
+ */
1537
+ declare function setCached<T>(key: string, value: T, ttl: number, config: RedisConfig): Promise<boolean>;
1538
+ /**
1539
+ * Delete a cached value
1540
+ */
1541
+ declare function deleteCached(key: string, config: RedisConfig): Promise<boolean>;
1542
+ declare function getCachedSites(credentials: FlowstackCredentials, config: RedisConfig): Promise<PublishedSiteInfo[] | null>;
1543
+ declare function setCachedSites(credentials: FlowstackCredentials, sites: PublishedSiteInfo[], config: RedisConfig): Promise<boolean>;
1544
+ declare function invalidateSitesCache(credentials: FlowstackCredentials, config: RedisConfig): Promise<boolean>;
1545
+
1546
+ export { type RedisConfig$1 as $, type AgentTemplate as A, type DataSourceBadgeInfo as B, type ChatMessage as C, type DatasetInfo as D, type AgentConfig as E, type FlowstackConfig as F, type ModelPreferenceState as G, type ModelOption as H, type AdminProviderCredential as I, type ExistingProviderCredential as J, type CreateAdminProviderCredentialInput as K, type LLMProvider as L, type ManagedUser as M, type FlowstackClientConfig as N, type OllamaLocalModel as O, type ProviderCredential as P, LLM_PROVIDERS as Q, CREDENTIAL_PURPOSES as R, type StreamEvent as S, type ToolCall as T, type UseAuthReturn as U, type VisualizationData as V, type WorkspaceInfo as W, DEFAULT_PROVIDER_MODEL_SETTINGS as X, isProviderCredential as Y, COLLECTION_LAYERS as Z, type AuthConfig as _, type FlowstackContextValue as a, deleteDataSource as a$, type DatabaseConfig as a0, type LoginRequest as a1, type LoginResponse as a2, type RegisterRequest as a3, type RegisterResponse as a4, type GoogleAuthResponse as a5, type SessionState as a6, type CreateWorkspaceRequest as a7, type DatasetPreview as a8, type ColumnSchema as a9, type PiiSettings as aA, type PiiEntitySettings as aB, type PiiRedactedEntity as aC, type ApiResponse as aD, type ListResponse as aE, type UserRole as aF, type UserStatus as aG, type UserActivityType as aH, type UpdateUserRequest as aI, type UserListParams as aJ, type UserListResponse as aK, flowstackFetch as aL, listWorkspaces as aM, createWorkspace as aN, getWorkspace as aO, listDatasets as aP, getDataset as aQ, getDatasetPreview as aR, deleteDataset as aS, listVisualizations as aT, listReports as aU, listModels as aV, listScripts as aW, getModel as aX, listDataSources as aY, createDataSource as aZ, testDataSource as a_, type DatasetRow as aa, type DatasetStreamOptions as ab, type ReportInfo as ac, type ModelInfo as ad, type ScriptInfo as ae, type DataSourceType as af, type DataSourceConfig as ag, type ConnectionTestResult as ah, type SearchResult as ai, type SearchResultsData as aj, type StreamEventType as ak, type InterruptInfo as al, type QueryOptions as am, type UsageStats as an, type UsagePeriod as ao, type CreditStatus as ap, type AgentInfo as aq, type PublishedSiteInfo as ar, type CreateSiteParams$1 as as, type SiteVersion as at, type SiteVersionManifest as au, type PublishToGitHubParams as av, type PublishToGitHubResult as aw, type CredentialPurpose as ax, type UserDataOverviewWorkspace as ay, type GitHubRepo as az, type UseWorkspaceReturn as b, getCachedSites as b$, executeQuery as b0, executeQueryWithConfig as b1, uploadFile as b2, login as b3, register as b4, googleLogin as b5, listUsers as b6, getUser as b7, updateUser as b8, deleteUser as b9, updatePiiSettings as bA, previewPiiMasking as bB, getPiiAllowlist as bC, addPiiAllowlistTerm as bD, removePiiAllowlistTerm as bE, getUserDataOverview as bF, getUserCollections as bG, getUserCollectionDocuments as bH, getUserCollectionSchema as bI, deleteUserCollection as bJ, exportUserCollection as bK, type RequestOptions as bL, CACHE_TTL as bM, getCachedWorkspaces as bN, setCachedWorkspaces as bO, invalidateWorkspacesCache as bP, getCachedDatasets as bQ, setCachedDatasets as bR, invalidateDatasetsCache as bS, getCachedVisualizations as bT, setCachedVisualizations as bU, invalidateVisualizationsCache as bV, getCachedReports as bW, setCachedReports as bX, invalidateReportsCache as bY, invalidateWorkspaceArtifacts as bZ, invalidateAllUserCache as b_, suspendUser as ba, reactivateUser as bb, getUserActivity as bc, getUserStats as bd, checkAdminPermissions as be, getConversationHistory as bf, listAgents as bg, listSites as bh, getSite as bi, createSite as bj, addSiteFile as bk, publishStagedSite as bl, deleteSite as bm, getSiteVersions as bn, promoteSiteVersion as bo, deleteSiteVersion as bp, setSiteAlias as bq, removeSiteAlias as br, publishToGitHub as bs, insertDocuments as bt, updateDocuments as bu, deleteDocuments as bv, invokeTool as bw, listGitHubRepos as bx, importFromGitHub as by, getPiiSettings as bz, type UseDatasetsReturn as c, setCachedSites as c0, invalidateSitesCache as c1, getCached as c2, setCached as c3, deleteCached as c4, queryCollection as c5, uploadDocument as c6, type CreateSiteParams as c7, type RedisConfig as c8, type UseVisualizationsReturn as d, type UseReportsReturn as e, type UseModelsReturn as f, type UseDataSourcesReturn as g, type UseAgentOptions as h, type UseAgentReturn as i, type UseQueryReturn as j, type UseUserManagementReturn as k, type UseSitesReturn as l, type UseAgentsReturn as m, type CollectionLayer as n, type UseSiteVersionsReturn as o, type PurposeInfo as p, type ProviderModelSettings as q, type OllamaStatus as r, type UserDataOverview as s, type UserCollectionInfo as t, type CollectionSchemaInfo as u, type FlowstackCredentials as v, type User as w, type DataSource as x, type UserStats as y, type UserActivityLog as z };