import type { SwitcherDeps } from './switcher-deps.js';
/**
 * Pure decision logic for whether a re-auth attempt actually refreshed
 * the tokens. Extracted so it can be unit-tested without spawning a
 * real `claude auth login`.
 *
 * Returns the email to save (success), or null when:
 *   - login left no active account (emailAfter empty),
 *   - login changed the active account (silent swap — don't trust),
 *   - token was broken before AND is still broken after (login cancelled).
 */
export declare function reAuthOutcome(emailBefore: string, healthBefore: {
    status: string;
} | null | undefined, emailAfter: string, healthAfter: {
    status: string;
} | null | undefined): string | null;
/**
 * Run `claude auth login` for the currently-active account to refresh its
 * Keychain tokens after expiry. Differs from addAccount in that we expect
 * the email to stay the same — we just want fresh tokens captured.
 *
 * Returns the email that's now active after the login, or null if login
 * failed entirely (no oauthAccount left in claude.json) or was cancelled.
 */
export declare function reAuthenticate(claudeBin: string, claudeJsonPath: string, accountsDirPath: string, deps?: SwitcherDeps): Promise<string | null>;