You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix: replace broken JWT-decay check with time-based token refresh
The _ensure_auth_headers() method used is_jwt_expired() to decide when to refresh the auth token. But _auth_token stores the response body '60' (not a JWT), so is_jwt_expired('60') always returned False and refresh_token() was never called. After the X-Access-Token cookie expired (~1 hour), all subsequent API calls failed with empty HTTP 200 responses.
Fix: Track _last_token_refresh timestamp and refresh every 55 minutes (TOKEN_REFRESH_INTERVAL=3300), well under the cookie's 1-hour expiry.
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>