import type { HttpClient } from './http.js';
import type { KsefAuthenticationChallengeResponse, KsefAuthenticationInitResponse, KsefAuthenticationOperationStatusResponse, KsefAuthenticationTokenRefreshResponse, KsefAuthenticationTokensResponse } from './generated/index.js';
export type ChallengeResponse = KsefAuthenticationChallengeResponse;
export type AuthenticationTokenResponse = KsefAuthenticationInitResponse;
export type AuthenticationOperationStatusResponse = KsefAuthenticationOperationStatusResponse;
export type RedeemedTokens = KsefAuthenticationTokensResponse;
export type RefreshTokenResponse = KsefAuthenticationTokenRefreshResponse;
export interface ActiveSession {
    accessToken: string;
    refreshToken: string;
    accessExpiresAt: Date;
    referenceNumber: string;
}
export interface InitSessionInput {
    nip: string;
    ksefToken: string;
    publicKeyPem: string;
}
export declare function initKsefSession(http: HttpClient, input: InitSessionInput): Promise<ActiveSession>;
export declare function refreshAccessToken(http: HttpClient, session: ActiveSession): Promise<ActiveSession>;
export declare function shouldRefresh(session: ActiveSession, now?: Date, bufferMs?: number): boolean;
/**
 * Best-effort session revocation. Swallows all errors — revocation failures
 * are never user-actionable and must not mask the real result of the
 * preceding operation (e.g. a successful `fetchInvoices()` should not be
 * turned into a failure because teardown hit a 429 or network blip).
 */
export declare function revokeCurrentSession(http: HttpClient, session: ActiveSession): Promise<void>;
//# sourceMappingURL=session.d.ts.map