/**
 * GitHub Copilot Credential Resolver
 *
 * Resolves a GitHub token suitable for direct use against api.githubcopilot.com.
 * Hermes/dot-ai uses the raw token directly as the Bearer credential — no
 * token-exchange step is required and the exchange endpoint
 * (api.github.com/copilot_internal/v2/token) can return 404 for some account
 * types, so it is intentionally NOT used here.
 *
 * Supported token types (classic PATs / ghp_* are NOT accepted):
 *   gho_*          OAuth token (recommended — via `gh auth login`)
 *   github_pat_*   Fine-grained PAT (needs Copilot Requests permission)
 *   ghu_*          GitHub App installation token
 *
 * Token resolution priority:
 *   1. GITHUB_COPILOT_TOKEN env var
 *   2. GH_TOKEN env var
 *   3. GITHUB_TOKEN env var
 *
 * On HTTP 401, callers should invoke resolve() again to re-read the chain
 * (credentials may have been refreshed externally) and retry once.
 *
 * PRD #587: GitHub Copilot Provider
 */
export interface CopilotCredentialResolver {
    /**
     * Resolve a GitHub token from the environment chain / CLI.
     * Throws if no supported token is found.
     */
    resolve(): string;
}
/**
 * Create a CopilotCredentialResolver.
 *
 * @param overrideToken  Optional explicit token (e.g. from env at factory time).
 *                       If provided and supported it is returned immediately without
 *                       inspecting the env chain.
 */
export declare function makeCopilotCredentialResolver(overrideToken?: string): CopilotCredentialResolver;
export type CopilotTokenExchanger = CopilotCredentialResolver;
//# sourceMappingURL=copilot-token-exchanger.d.ts.map