/**
 * TokenManager — centralises session-token acquisition for the SDK.
 *
 * Both transports (presence WS, audio WS) and the REST helpers
 * ({@link AudinOperator.listPhoneNumbers}) need the SAME short-lived session
 * token. Rather than each call site hitting {@link GetTokenFn} independently,
 * they go through {@link TokenManager.ensureToken}, which:
 *   - returns a cached token while it is still valid, or
 *   - fetches a fresh one via `getToken`, caches it, and returns it.
 *
 * Validity is decided from the token's optional `expiresAt` (ISO-8601),
 * applying a safety skew so we never present a token that's about to lapse
 * mid-request. When no `expiresAt` is supplied, we fall back to a conservative
 * TTL so a token is still reused across the closely-spaced calls of a single
 * connect (e.g. listPhoneNumbers → goOnline) without being held forever.
 *
 * On an auth failure (e.g. a 401 from REST, or an auth-related WS close), the
 * caller invokes {@link TokenManager.invalidate} so the next `ensureToken`
 * re-mints. Concurrent `ensureToken` calls share a single in-flight fetch.
 */
import type { GetTokenFn } from "./types.js";
export declare class TokenManager {
    private readonly getToken;
    private cached;
    private inFlight;
    constructor(getToken: GetTokenFn);
    /**
     * Resolve a valid session token, reusing the cached one when possible.
     * Concurrent callers share a single underlying `getToken()` invocation.
     */
    ensureToken(): Promise<string>;
    /**
     * Drop the cached token so the next {@link ensureToken} re-mints. Call this
     * on an auth failure (401 / auth-related WS close).
     */
    invalidate(): void;
    private fetchAndCache;
}
/** Tagged error so callers can distinguish token problems from transport ones. */
export declare class TokenError extends Error {
    readonly code: string;
    constructor(code: string, message: string);
}