/**
 * Returns true when the auth token still carries a pending-authentication
 * scope (`requiresAdditionalAuth` / `userDataForm` / `device:register`).
 *
 * The WaaS iframe's API client is a shared, mutable axios instance. The token
 * captured at client construction is what the init-time room-cache pre-warm
 * `createRooms` uses — it runs before any per-operation token resync. So if the
 * client is built during this pending window, that pre-warm fires with the
 * stale pre-`user:basic` token and 401s; the iframe reports the 401 back to the
 * host, which force-logs-out the user. Callers must therefore refuse to build
 * the client until the token clears (the vulnerable window is construction +
 * init, not the whole client lifetime).
 *
 * A token with no decodable scope is treated as not-pending (returns false):
 * the backend remains the source of truth and will reject anything invalid.
 */
export declare const tokenHasPendingAuthScope: (authToken?: string) => boolean;