/**
 * CSRF helpers for the admin client.
 *
 * The admin proxy and the api server's csrfMiddleware require any unsafe
 * request carrying a `revealui-session` cookie to echo the JS-readable
 * `revealui-csrf` cookie as an `X-CSRF-Token` header. The token is re-read
 * immediately before each request because the proxy re-issues the cookie
 * whenever it no longer validates against the current session (e.g. after
 * re-login or session rotation).
 */
/**
 * Read the `revealui-csrf` cookie value. Returns `undefined` outside the
 * browser, when the cookie is absent, or when its value is empty.
 */
export declare function readCsrfToken(): string | undefined;
/**
 * POST `/api/auth/sign-out`, echoing the CSRF cookie as `X-CSRF-Token` when
 * one is readable. Sign-out always runs with a session cookie, so without the
 * header the admin proxy rejects the request with 403 "CSRF token missing"
 * and the server-side session is never revoked. When no cookie is readable
 * the request stays byte-identical to the historical bare fetch (no `headers`
 * key at all).
 */
export declare function postSignOut(): Promise<Response>;
//# sourceMappingURL=csrf.d.ts.map