/**
 * CLI config storage abstraction with keyring support and file fallback.
 *
 * Stores environment configurations (names, API keys, endpoints) separately
 * from OAuth credentials. Uses a second keyring entry under the same service.
 *
 * Storage priority:
 * 1. If insecure storage forced: use file only
 * 2. Try keyring, fall back to file with warning if unavailable
 */
interface BaseEnvironmentConfig {
    name: string;
    apiKey: string;
    endpoint?: string;
}
export interface ClaimedEnvironmentConfig extends BaseEnvironmentConfig {
    type: 'production' | 'sandbox';
    clientId?: string;
}
export interface UnclaimedEnvironmentConfig extends BaseEnvironmentConfig {
    type: 'unclaimed';
    clientId: string;
    claimToken: string;
}
export type EnvironmentConfig = ClaimedEnvironmentConfig | UnclaimedEnvironmentConfig;
/**
 * Type guard — narrows to UnclaimedEnvironmentConfig with required clientId and claimToken.
 */
export declare function isUnclaimedEnvironment(env: EnvironmentConfig): env is UnclaimedEnvironmentConfig;
export interface CliConfig {
    activeEnvironment?: string;
    environments: Record<string, EnvironmentConfig>;
}
export declare function setInsecureConfigStorage(value: boolean): void;
export declare function getConfig(): CliConfig | null;
export declare function saveConfig(config: CliConfig): void;
export declare function clearConfig(): void;
export declare function getActiveEnvironment(): EnvironmentConfig | null;
export declare function getConfigPath(): string;
/**
 * Diagnostic info about config storage state — for debugging config persistence failures.
 */
export declare function diagnoseConfig(): string[];
/**
 * Mark the active unclaimed environment as claimed.
 * Updates type to 'sandbox', removes the claim token, and renames
 * the environment key from 'unclaimed' to 'sandbox'.
 */
export declare function markEnvironmentClaimed(): void;
export {};