From 8e6e3381982574ccc692a4b153aeb8bf4677f0d2 Mon Sep 17 00:00:00 2001
From: yaowenc2 <tonychang430@gmail.com>
Date: Sun, 29 Mar 2026 17:46:20 -0700
Subject: [PATCH] fix: auto re-authenticate when token refresh fails

Instead of throwing an error telling users to manually run
`insforge login`, the CLI now automatically opens the OAuth
login flow when a token refresh fails in interactive mode.
Non-TTY environments still get the explicit error message.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 src/lib/credentials.ts | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/lib/credentials.ts b/src/lib/credentials.ts
index 85457b9..5f87833 100644
--- a/src/lib/credentials.ts
+++ b/src/lib/credentials.ts
@@ -68,6 +68,12 @@ export async function refreshAccessToken(apiUrl?: string): Promise<string> {
     saveCredentials(updated);
     return data.access_token;
   } catch {
+    // Token refresh failed — try re-authenticating interactively
+    if (process.stdout.isTTY) {
+      clack.log.warn('Session expired. Please log in again.');
+      const newCreds = await performOAuthLogin(apiUrl);
+      return newCreds.access_token;
+    }
     throw new AuthError('Failed to refresh token. Run `insforge login` again.');
   }
 }