/**
 * Filters env vars to only those safe for client-side bundles.
 *
 * Allows: TINA_PUBLIC_*, NEXT_PUBLIC_*, NODE_ENV, HEAD.
 * Everything else is excluded to prevent leaking secrets.
 *
 * @see https://github.com/tinacms/tinacms/security/advisories/GHSA-pc2q-jcxq-rjrr
 */
export declare function filterPublicEnv(env?: Record<string, string | undefined>): Record<string, string>;