@meowpanel/api 1.0.0-beta.1 → 1.0.0-beta.2

package/esm/mod.d.ts

@@ -45,7 +45,7 @@
 export { MeowPanelApi } from './src/client.js';
 export type { MeowPanelApiOptions } from './src/client.js';
 export { AuthResource } from './src/resources/auth.js';
-export type { AuthMeta, AuthProvider } from './src/resources/auth.js';
+export type { AuthMeta, AuthProvider, RefreshOptions, RefreshResponse } from './src/resources/auth.js';
 export { ReactiveResource } from './src/reactive.js';
 export { ApiError } from './src/errors.js';
 export type { ApiErrorOptions } from './src/errors.js';

package/esm/mod.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"mod.d.ts","sourceRoot":"","sources":["../src/mod.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2CG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,YAAY,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAG3D,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,YAAY,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAEtE,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAGrD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,YAAY,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAEvD,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,YAAY,EACX,iBAAiB,EACjB,WAAW,EACX,YAAY,EACZ,UAAU,EACV,wBAAwB,EACxB,wBAAwB,EACxB,0BAA0B,EAC1B,cAAc,GACd,MAAM,eAAe,CAAC;AAEvB,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,YAAY,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAErD,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,YAAY,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AAG7C,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AACxD,YAAY,EACX,cAAc,EACd,OAAO,EACP,WAAW,EACX,MAAM,EACN,SAAS,EACT,WAAW,EACX,UAAU,EACV,YAAY,EACZ,qBAAqB,EACrB,cAAc,EACd,mBAAmB,GACnB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAAE,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAClG,YAAY,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAGvF,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AACvE,YAAY,EAAE,YAAY,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AAGzG,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AACtE,YAAY,EACX,UAAU,EACV,aAAa,EACb,YAAY,EACZ,aAAa,EACb,UAAU,EACV,mBAAmB,GACnB,MAAM,4BAA4B,CAAC;AAGpC,OAAO,EACN,IAAI,EACJ,gBAAgB,EAChB,kBAAkB,EAClB,sBAAsB,EACtB,YAAY,EACZ,cAAc,EACd,QAAQ,GACR,MAAM,0BAA0B,CAAC;AAClC,YAAY,EACX,6BAA6B,EAC7B,gCAAgC,EAChC,iBAAiB,EACjB,sBAAsB,EACtB,oBAAoB,EACpB,sBAAsB,EACtB,cAAc,EACd,QAAQ,EACR,UAAU,EACV,YAAY,EACZ,WAAW,EACX,UAAU,EACV,gBAAgB,EAChB,YAAY,EACZ,QAAQ,EACR,6BAA6B,EAC7B,+BAA+B,GAC/B,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACtE,YAAY,EACX,OAAO,EACP,SAAS,EACT,QAAQ,EACR,YAAY,EACZ,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,WAAW,EACX,UAAU,EACV,OAAO,EACP,gBAAgB,GAChB,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAChE,YAAY,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAGzD,OAAO,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,kCAAkC,CAAC;AACtF,YAAY,EACX,wBAAwB,EACxB,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,qBAAqB,GACrB,MAAM,kCAAkC,CAAC;AAG1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC;AACpE,YAAY,EACX,mBAAmB,EACnB,YAAY,EACZ,aAAa,EACb,UAAU,EACV,mBAAmB,GACnB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,MAAM,EAAE,MAAM,mCAAmC,CAAC;AAC3D,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAC;AAGnH,OAAO,EAAE,gBAAgB,EAAE,MAAM,uCAAuC,CAAC;AACzE,YAAY,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,MAAM,uCAAuC,CAAC;AAGvG,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AAGjF,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,MAAM,iCAAiC,CAAC;AAC9E,YAAY,EAAE,kBAAkB,EAAE,MAAM,wCAAwC,CAAC;AACjF,YAAY,EAAE,cAAc,EAAE,WAAW,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAGlH,OAAO,EAAE,oBAAoB,EAAE,wBAAwB,EAAE,MAAM,wCAAwC,CAAC;AACxG,YAAY,EAAE,kBAAkB,EAAE,MAAM,wCAAwC,CAAC;AAGjF,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAG3F,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC"}
+{"version":3,"file":"mod.d.ts","sourceRoot":"","sources":["../src/mod.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2CG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,YAAY,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAG3D,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,YAAY,EAAE,QAAQ,EAAE,YAAY,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAEvG,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAGrD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,YAAY,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAEvD,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,YAAY,EACX,iBAAiB,EACjB,WAAW,EACX,YAAY,EACZ,UAAU,EACV,wBAAwB,EACxB,wBAAwB,EACxB,0BAA0B,EAC1B,cAAc,GACd,MAAM,eAAe,CAAC;AAEvB,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,YAAY,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAErD,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,YAAY,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AAG7C,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AACxD,YAAY,EACX,cAAc,EACd,OAAO,EACP,WAAW,EACX,MAAM,EACN,SAAS,EACT,WAAW,EACX,UAAU,EACV,YAAY,EACZ,qBAAqB,EACrB,cAAc,EACd,mBAAmB,GACnB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAAE,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAClG,YAAY,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAGvF,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AACvE,YAAY,EAAE,YAAY,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AAGzG,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AACtE,YAAY,EACX,UAAU,EACV,aAAa,EACb,YAAY,EACZ,aAAa,EACb,UAAU,EACV,mBAAmB,GACnB,MAAM,4BAA4B,CAAC;AAGpC,OAAO,EACN,IAAI,EACJ,gBAAgB,EAChB,kBAAkB,EAClB,sBAAsB,EACtB,YAAY,EACZ,cAAc,EACd,QAAQ,GACR,MAAM,0BAA0B,CAAC;AAClC,YAAY,EACX,6BAA6B,EAC7B,gCAAgC,EAChC,iBAAiB,EACjB,sBAAsB,EACtB,oBAAoB,EACpB,sBAAsB,EACtB,cAAc,EACd,QAAQ,EACR,UAAU,EACV,YAAY,EACZ,WAAW,EACX,UAAU,EACV,gBAAgB,EAChB,YAAY,EACZ,QAAQ,EACR,6BAA6B,EAC7B,+BAA+B,GAC/B,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACtE,YAAY,EACX,OAAO,EACP,SAAS,EACT,QAAQ,EACR,YAAY,EACZ,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,WAAW,EACX,UAAU,EACV,OAAO,EACP,gBAAgB,GAChB,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAChE,YAAY,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAGzD,OAAO,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,kCAAkC,CAAC;AACtF,YAAY,EACX,wBAAwB,EACxB,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,qBAAqB,GACrB,MAAM,kCAAkC,CAAC;AAG1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC;AACpE,YAAY,EACX,mBAAmB,EACnB,YAAY,EACZ,aAAa,EACb,UAAU,EACV,mBAAmB,GACnB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,MAAM,EAAE,MAAM,mCAAmC,CAAC;AAC3D,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAC;AAGnH,OAAO,EAAE,gBAAgB,EAAE,MAAM,uCAAuC,CAAC;AACzE,YAAY,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,MAAM,uCAAuC,CAAC;AAGvG,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AAGjF,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,MAAM,iCAAiC,CAAC;AAC9E,YAAY,EAAE,kBAAkB,EAAE,MAAM,wCAAwC,CAAC;AACjF,YAAY,EAAE,cAAc,EAAE,WAAW,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAGlH,OAAO,EAAE,oBAAoB,EAAE,wBAAwB,EAAE,MAAM,wCAAwC,CAAC;AACxG,YAAY,EAAE,kBAAkB,EAAE,MAAM,wCAAwC,CAAC;AAGjF,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAG3F,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC"}

package/esm/src/client.d.ts

@@ -2,6 +2,7 @@ import type { HttpLogger } from './http.js';
 import { SseConnection } from './sse.js';
 import { AccountResource } from './resources/account.js';
 import { AuthResource } from './resources/auth.js';
+import type { RefreshOptions, RefreshResponse } from './resources/auth.js';
 import { ApiKeysNamespace } from './resources/api-keys.js';
 import { EggsNamespace } from './resources/eggs.js';
 import { HostsNamespace } from './resources/hosts.js';
@@ -46,6 +47,12 @@ export interface MeowPanelApiOptions {
      * Defaults to `undefined` (browser default is `'same-origin'`).
      */
     credentials?: RequestCredentials;
+    /**
+     * Callback invoked when the access token is automatically refreshed.
+     *
+     * Useful for persisting the new token or updating external state.
+     */
+    onTokenRefresh?: (token: string) => void;
 }
 /**
  * The root MeowPanel API client.
@@ -80,6 +87,7 @@ export interface MeowPanelApiOptions {
  */
 export declare class MeowPanelApi {
     private readonly http;
+    private readonly sseConnections;
     /**
      * Fetch authentication configuration (available login providers).
      *
@@ -229,5 +237,12 @@ export declare class MeowPanelApi {
      * ```
      */
     connectSse(): SseConnection;
+    /**
+     * Manually trigger a token refresh.
+     *
+     * Typically not needed as the client refreshes automatically when using
+     * JWT tokens that are about to expire.
+     */
+    refresh(opts?: RefreshOptions): Promise<RefreshResponse>;
 }
 //# sourceMappingURL=client.d.ts.map

package/esm/src/client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/src/client.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAEhE;;GAEG;AACH,MAAM,WAAW,mBAAmB;IACnC;;;;;;OAMG;IACH,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;IAClB;;;;OAIG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;;OAIG;IACH,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAChC;;;;OAIG;IACH,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB;;;;;OAKG;IACH,WAAW,CAAC,EAAE,kBAAkB,CAAC;CACjC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,qBAAa,YAAY;IACxB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAa;IAElC;;;;;;;;OAQG;IACH,SAAgB,IAAI,EAAE,YAAY,CAAC;IAEnC;;;;;;;;;OASG;IACH,SAAgB,OAAO,EAAE,eAAe,CAAC;IAEzC;;;;;;;;OAQG;IACH,SAAgB,OAAO,EAAE,gBAAgB,CAAC;IAE1C;;;;;;;;;;;OAWG;IACH,SAAgB,OAAO,EAAE,gBAAgB,CAAC;IAE1C;;;;;;;;;;OAUG;IACH,SAAgB,KAAK,EAAE,cAAc,CAAC;IAEtC;;;;;;;;;;;OAWG;IACH,SAAgB,IAAI,EAAE,aAAa,CAAC;IAEpC;;;;;;;;;OASG;IACH,SAAgB,KAAK,EAAE,cAAc,CAAC;IAEtC;;;;;;;;;;OAUG;IACH,SAAgB,YAAY,EAAE,qBAAqB,CAAC;IAEpD;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACH,SAAgB,OAAO,EAAE,gBAAgB,CAAC;gBAEvB,OAAO,EAAE,mBAAmB;IAoB/C;;;;;;OAMG;IACI,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAIpC;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACI,UAAU,IAAI,aAAa;CAIlC"}
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/src/client.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,KAAK,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAC3E,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAEhE;;GAEG;AACH,MAAM,WAAW,mBAAmB;IACnC;;;;;;OAMG;IACH,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;IAClB;;;;OAIG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;;OAIG;IACH,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAChC;;;;OAIG;IACH,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB;;;;;OAKG;IACH,WAAW,CAAC,EAAE,kBAAkB,CAAC;IACjC;;;;OAIG;IACH,cAAc,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;CACzC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,qBAAa,YAAY;IACxB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAa;IAClC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAA4B;IAE3D;;;;;;;;OAQG;IACH,SAAgB,IAAI,EAAE,YAAY,CAAC;IAEnC;;;;;;;;;OASG;IACH,SAAgB,OAAO,EAAE,eAAe,CAAC;IAEzC;;;;;;;;OAQG;IACH,SAAgB,OAAO,EAAE,gBAAgB,CAAC;IAE1C;;;;;;;;;;;OAWG;IACH,SAAgB,OAAO,EAAE,gBAAgB,CAAC;IAE1C;;;;;;;;;;OAUG;IACH,SAAgB,KAAK,EAAE,cAAc,CAAC;IAEtC;;;;;;;;;;;OAWG;IACH,SAAgB,IAAI,EAAE,aAAa,CAAC;IAEpC;;;;;;;;;OASG;IACH,SAAgB,KAAK,EAAE,cAAc,CAAC;IAEtC;;;;;;;;;;OAUG;IACH,SAAgB,YAAY,EAAE,qBAAqB,CAAC;IAEpD;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACH,SAAgB,OAAO,EAAE,gBAAgB,CAAC;gBAEvB,OAAO,EAAE,mBAAmB;IA2B/C;;;;;;OAMG;IACI,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAIpC;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACI,UAAU,IAAI,aAAa;IAQlC;;;;;OAKG;IACI,OAAO,CAAC,IAAI,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,CAAC;CAG/D"}

package/esm/src/client.js

@@ -42,6 +42,7 @@ import { ServersNamespace } from './resources/servers/index.js';
  */
 export class MeowPanelApi {
     http;
+    sseConnections = new Set();
     /**
      * Fetch authentication configuration (available login providers).
      *
@@ -159,12 +160,19 @@ export class MeowPanelApi {
      */
     servers;
     constructor(options) {
+        const userCallback = options.onTokenRefresh;
         this.http = new HttpClient({
             url: options.url.toString(),
             token: options.token,
             fetch: options.fetch,
             logger: options.logger,
             credentials: options.credentials,
+            onTokenRefresh: (token) => {
+                for (const sse of this.sseConnections) {
+                    sse.updateToken(token);
+                }
+                userCallback?.(token);
+            },
         });
         this.auth = new AuthResource(this.http);
         this.account = new AccountResource(this.http);
@@ -211,6 +219,17 @@ export class MeowPanelApi {
      */
     connectSse() {
         const url = this.http.buildUrl('/sse');
-        return new SseConnection(url, this.http.getToken());
+        const sse = new SseConnection(url, this.http.getToken());
+        this.sseConnections.add(sse);
+        return sse;
+    }
+    /**
+     * Manually trigger a token refresh.
+     *
+     * Typically not needed as the client refreshes automatically when using
+     * JWT tokens that are about to expire.
+     */
+    refresh(opts) {
+        return this.auth.refresh(opts);
     }
 }

package/esm/src/http.d.ts

@@ -19,6 +19,8 @@ export interface HttpClientOptions {
      * Defaults to `undefined` (browser default is `'same-origin'`).
      */
     credentials?: RequestCredentials;
+    /** Callback invoked when the access token is refreshed. */
+    onTokenRefresh?: (token: string) => void;
 }
 /** Typed lifecycle code emitted by {@link HttpClient}'s optional logger. */
 export type HttpLogCode = 'request.start' | 'request.success' | 'request.error';
@@ -70,6 +72,8 @@ export declare class HttpClient {
     protected readonly fetchImpl: typeof globalThis.fetch;
     protected readonly logger?: HttpLogger;
     protected readonly credentials?: RequestCredentials;
+    protected readonly onTokenRefresh?: (token: string) => void;
+    private refreshPromise;
     constructor(options: HttpClientOptions);
     /** Replace the bearer token for all subsequent requests. */
     setToken(token: string): void;
@@ -83,9 +87,18 @@ export declare class HttpClient {
     protected parseError(response: Response): Promise<ApiError>;
     private log;
     private executeFetch;
+    /** Extract the `exp` claim from a JWT without verification. Returns 0 for non-JWT tokens. */
+    private getTokenExp;
+    /** Refresh the access token if it's a JWT and about to expire. */
+    private refreshTokenIfNeeded;
+    /** Force a token refresh regardless of expiry. Only works if credentials are set (cookie auth). */
+    private forceRefresh;
     /**
      * Perform a raw `fetch` and throw {@link ApiError} on non-2xx responses.
      *
+     * Proactively refreshes JWT tokens that are about to expire and retries
+     * once on `401 Unauthorized` after forcing a token refresh.
+     *
      * @param path Path relative to the API base URL, e.g. `/servers`.
      * @param init Standard `RequestInit` options.
      * @param params Query parameters to append.

package/esm/src/http.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../../src/src/http.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEzD,4CAA4C;AAC5C,MAAM,WAAW,iBAAiB;IACjC,6EAA6E;IAC7E,GAAG,EAAE,MAAM,CAAC;IACZ,uDAAuD;IACvD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,mEAAmE;IACnE,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAChC,4EAA4E;IAC5E,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,kBAAkB,CAAC;CACjC;AAED,4EAA4E;AAC5E,MAAM,MAAM,WAAW,GAAG,eAAe,GAAG,iBAAiB,GAAG,eAAe,CAAC;AAEhF,wDAAwD;AACxD,UAAU,gBAAgB;IACzB,IAAI,EAAE,WAAW,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC,CAAC;CAC/D;AAED,oDAAoD;AACpD,MAAM,WAAW,wBAAyB,SAAQ,gBAAgB;IACjE,IAAI,EAAE,eAAe,CAAC;CACtB;AAED,uDAAuD;AACvD,MAAM,WAAW,0BAA2B,SAAQ,gBAAgB;IACnE,IAAI,EAAE,iBAAiB,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;CACnB;AAED,sEAAsE;AACtE,MAAM,WAAW,wBAAyB,SAAQ,gBAAgB;IACjE,IAAI,EAAE,eAAe,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,KAAK,CAAC;CACb;AAED,+DAA+D;AAC/D,MAAM,MAAM,YAAY,GACrB,wBAAwB,GACxB,0BAA0B,GAC1B,wBAAwB,CAAC;AAE5B,8DAA8D;AAC9D,MAAM,MAAM,UAAU,GAAG,CAAC,KAAK,EAAE,YAAY,KAAK,IAAI,CAAC;AAEvD,wEAAwE;AACxE,MAAM,WAAW,cAAc;IAC9B,2EAA2E;IAC3E,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC,CAAC;IAC/D,8CAA8C;IAC9C,MAAM,CAAC,EAAE,WAAW,CAAC;CACrB;AAED;;;;;GAKG;AACH,qBAAa,UAAU;IACtB,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,KAAK,EAAE,MAAM,CAAC;IACxB,SAAS,CAAC,QAAQ,CAAC,SAAS,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IACtD,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,UAAU,CAAC;IACvC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,kBAAkB,CAAC;gBAMjC,OAAO,EAAE,iBAAiB;IAQ7C,4DAA4D;IACrD,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAIpC,uCAAuC;IAChC,QAAQ,IAAI,MAAM;IAIzB,kEAAkE;IAC3D,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC,GAAG,MAAM;IAUrG,mDAAmD;IACnD,SAAS,KAAK,cAAc,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAOrD;IAED,8DAA8D;cAC9C,UAAU,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAYjE,OAAO,CAAC,GAAG;YAQG,YAAY;IAiE1B;;;;;;OAMG;IACU,KAAK,CACjB,IAAI,EAAE,MAAM,EACZ,IAAI,GAAE,WAAgB,EACtB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC,GAC5D,OAAO,CAAC,QAAQ,CAAC;IAOpB;;;;;OAKG;IACU,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,GAAE,cAAmB,GAAG,OAAO,CAAC,CAAC,CAAC;IAKxE;;;;;;OAMG;IACU,IAAI,CAAC,CAAC,GAAG,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,GAAE,cAAmB,GAAG,OAAO,CAAC,CAAC,CAAC;IAUhG;;;;;;OAMG;IACU,KAAK,CAAC,CAAC,GAAG,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,GAAE,cAAmB,GAAG,OAAO,CAAC,CAAC,CAAC;IAUjG;;;;;OAKG;IACU,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,GAAE,cAAmB,GAAG,OAAO,CAAC,IAAI,CAAC;IAI3E;;;;;;;OAOG;IACU,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,GAAE,cAAmB,GAAG,OAAO,CAAC,CAAC,CAAC;IAapH;;;;;;;OAOG;IACU,IAAI,CAAC,CAAC,EAClB,IAAI,EAAE,MAAM,EACZ,IAAI,GAAE,WAAgB,EACtB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC,GACjE,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;CAwBxB"}
+{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../../src/src/http.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEzD,4CAA4C;AAC5C,MAAM,WAAW,iBAAiB;IACjC,6EAA6E;IAC7E,GAAG,EAAE,MAAM,CAAC;IACZ,uDAAuD;IACvD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,mEAAmE;IACnE,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAChC,4EAA4E;IAC5E,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,kBAAkB,CAAC;IACjC,2DAA2D;IAC3D,cAAc,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;CACzC;AAED,4EAA4E;AAC5E,MAAM,MAAM,WAAW,GAAG,eAAe,GAAG,iBAAiB,GAAG,eAAe,CAAC;AAEhF,wDAAwD;AACxD,UAAU,gBAAgB;IACzB,IAAI,EAAE,WAAW,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC,CAAC;CAC/D;AAED,oDAAoD;AACpD,MAAM,WAAW,wBAAyB,SAAQ,gBAAgB;IACjE,IAAI,EAAE,eAAe,CAAC;CACtB;AAED,uDAAuD;AACvD,MAAM,WAAW,0BAA2B,SAAQ,gBAAgB;IACnE,IAAI,EAAE,iBAAiB,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;CACnB;AAED,sEAAsE;AACtE,MAAM,WAAW,wBAAyB,SAAQ,gBAAgB;IACjE,IAAI,EAAE,eAAe,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,KAAK,CAAC;CACb;AAED,+DAA+D;AAC/D,MAAM,MAAM,YAAY,GACrB,wBAAwB,GACxB,0BAA0B,GAC1B,wBAAwB,CAAC;AAE5B,8DAA8D;AAC9D,MAAM,MAAM,UAAU,GAAG,CAAC,KAAK,EAAE,YAAY,KAAK,IAAI,CAAC;AAEvD,wEAAwE;AACxE,MAAM,WAAW,cAAc;IAC9B,2EAA2E;IAC3E,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC,CAAC;IAC/D,8CAA8C;IAC9C,MAAM,CAAC,EAAE,WAAW,CAAC;CACrB;AAED;;;;;GAKG;AACH,qBAAa,UAAU;IACtB,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,KAAK,EAAE,MAAM,CAAC;IACxB,SAAS,CAAC,QAAQ,CAAC,SAAS,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IACtD,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,UAAU,CAAC;IACvC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,kBAAkB,CAAC;IACpD,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;IAC5D,OAAO,CAAC,cAAc,CAA8B;gBAMjC,OAAO,EAAE,iBAAiB;IAS7C,4DAA4D;IACrD,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAIpC,uCAAuC;IAChC,QAAQ,IAAI,MAAM;IAIzB,kEAAkE;IAC3D,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC,GAAG,MAAM;IAUrG,mDAAmD;IACnD,SAAS,KAAK,cAAc,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAOrD;IAED,8DAA8D;cAC9C,UAAU,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAYjE,OAAO,CAAC,GAAG;YAQG,YAAY;IAiE1B,6FAA6F;IAC7F,OAAO,CAAC,WAAW;IAYnB,kEAAkE;YACpD,oBAAoB;IAUlC,mGAAmG;YACrF,YAAY;IA8B1B;;;;;;;;;OASG;IACU,KAAK,CACjB,IAAI,EAAE,MAAM,EACZ,IAAI,GAAE,WAAgB,EACtB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC,GAC5D,OAAO,CAAC,QAAQ,CAAC;IAqBpB;;;;;OAKG;IACU,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,GAAE,cAAmB,GAAG,OAAO,CAAC,CAAC,CAAC;IAKxE;;;;;;OAMG;IACU,IAAI,CAAC,CAAC,GAAG,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,GAAE,cAAmB,GAAG,OAAO,CAAC,CAAC,CAAC;IAUhG;;;;;;OAMG;IACU,KAAK,CAAC,CAAC,GAAG,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,GAAE,cAAmB,GAAG,OAAO,CAAC,CAAC,CAAC;IAUjG;;;;;OAKG;IACU,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,GAAE,cAAmB,GAAG,OAAO,CAAC,IAAI,CAAC;IAI3E;;;;;;;OAOG;IACU,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,GAAE,cAAmB,GAAG,OAAO,CAAC,CAAC,CAAC;IAapH;;;;;;;OAOG;IACU,IAAI,CAAC,CAAC,EAClB,IAAI,EAAE,MAAM,EACZ,IAAI,GAAE,WAAgB,EACtB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC,GACjE,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;CAwBxB"}

package/esm/src/http.js

@@ -11,6 +11,8 @@ export class HttpClient {
     fetchImpl;
     logger;
     credentials;
+    onTokenRefresh;
+    refreshPromise = null;
     [Symbol.for('nodejs.util.inspect.custom')]() {
         return `HttpClient { ${this.baseUrl} }`;
     }
@@ -20,6 +22,7 @@ export class HttpClient {
         this.fetchImpl = options.fetch ?? globalThis.fetch;
         this.logger = options.logger;
         this.credentials = options.credentials;
+        this.onTokenRefresh = options.onTokenRefresh;
     }
     /** Replace the bearer token for all subsequent requests. */
     setToken(token) {
@@ -131,18 +134,86 @@ export class HttpClient {
             throw error;
         }
     }
+    /** Extract the `exp` claim from a JWT without verification. Returns 0 for non-JWT tokens. */
+    getTokenExp() {
+        const parts = this.token.split('.');
+        if (parts.length !== 3)
+            return 0; // Not a JWT token
+        try {
+            const payload = JSON.parse(atob(parts[1]));
+            return typeof payload.exp === 'number' ? payload.exp : 0;
+        }
+        catch {
+            return 0;
+        }
+    }
+    /** Refresh the access token if it's a JWT and about to expire. */
+    async refreshTokenIfNeeded() {
+        const exp = this.getTokenExp();
+        if (exp === 0)
+            return;
+        const nowSec = Math.floor(Date.now() / 1000);
+        if (exp - nowSec > 60)
+            return;
+        await this.forceRefresh();
+    }
+    /** Force a token refresh regardless of expiry. Only works if credentials are set (cookie auth). */
+    async forceRefresh() {
+        if (this.refreshPromise) {
+            await this.refreshPromise;
+            return !!this.token;
+        }
+        this.refreshPromise = (async () => {
+            try {
+                const res = await this.fetchImpl(this.baseUrl + '/auth/refresh', {
+                    method: 'POST',
+                    headers: {
+                        'Content-Type': 'application/json',
+                        'Accept': 'application/json',
+                    },
+                    credentials: this.credentials,
+                });
+                if (res.ok) {
+                    const data = await res.json();
+                    this.token = data.access_token;
+                    this.onTokenRefresh?.(data.access_token);
+                }
+            }
+            finally {
+                this.refreshPromise = null;
+            }
+        })();
+        await this.refreshPromise;
+        return !!this.token;
+    }
     /**
      * Perform a raw `fetch` and throw {@link ApiError} on non-2xx responses.
      *
+     * Proactively refreshes JWT tokens that are about to expire and retries
+     * once on `401 Unauthorized` after forcing a token refresh.
+     *
      * @param path Path relative to the API base URL, e.g. `/servers`.
      * @param init Standard `RequestInit` options.
      * @param params Query parameters to append.
      */
     async fetch(path, init = {}, params) {
-        return await this.executeFetch(path, {
+        await this.refreshTokenIfNeeded();
+        const buildInit = () => ({
             ...init,
             headers: { ...this.defaultHeaders, ...init.headers },
-        }, params);
+        });
+        try {
+            return await this.executeFetch(path, buildInit(), params);
+        }
+        catch (error) {
+            if (error instanceof ApiError && error.status === 401 && path !== '/auth/refresh') {
+                const refreshed = await this.forceRefresh();
+                if (refreshed) {
+                    return await this.executeFetch(path, buildInit(), params);
+                }
+            }
+            throw error;
+        }
     }
     /**
      * GET and deserialize a JSON response body.

package/esm/src/resources/auth.d.ts

@@ -13,6 +13,18 @@ export interface AuthMeta {
     /** Available auth providers keyed by provider ID (e.g. `'email'`, `'whmcs'`). */
     providers: Record<string, AuthProvider>;
 }
+/** Response from the token refresh endpoint. */
+export interface RefreshResponse {
+    access_token: string;
+    expires_in_seconds: number;
+    token_type: string;
+    account?: Record<string, unknown>;
+}
+/** Options for the refresh request. */
+export interface RefreshOptions {
+    /** Fields to include in the response (e.g. `['account', 'display']`). */
+    include?: string[];
+}
 /**
  * Resource for authentication configuration.
  *
@@ -35,5 +47,11 @@ export declare class AuthResource {
      * Returns the available login providers and their display fields.
      */
     getMeta(): Promise<AuthMeta>;
+    /**
+     * Exchange a refresh token for a short-lived JWT access token.
+     *
+     * Used for exhanging tokens via cookies, managed by the host.
+     */
+    refresh(opts?: RefreshOptions): Promise<RefreshResponse>;
 }
 //# sourceMappingURL=auth.d.ts.map

package/esm/src/resources/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/src/resources/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAS7C;;GAEG;AACH,MAAM,WAAW,YAAY;IAC5B,0EAA0E;IAC1E,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACxB,iFAAiF;IACjF,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;CACxC;AAED;;;;;;;;;;;GAWG;AACH,qBAAa,YAAY;IAEL,OAAO,CAAC,QAAQ,CAAC,IAAI;IADxC,gBAAgB;gBACoB,IAAI,EAAE,UAAU;IAEpD;;;;OAIG;IACI,OAAO,IAAI,OAAO,CAAC,QAAQ,CAAC;CAGnC"}
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/src/resources/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAS7C;;GAEG;AACH,MAAM,WAAW,YAAY;IAC5B,0EAA0E;IAC1E,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACxB,iFAAiF;IACjF,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;CACxC;AAED,gDAAgD;AAChD,MAAM,WAAW,eAAe;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,uCAAuC;AACvC,MAAM,WAAW,cAAc;IAC9B,yEAAyE;IACzE,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAED;;;;;;;;;;;GAWG;AACH,qBAAa,YAAY;IAEL,OAAO,CAAC,QAAQ,CAAC,IAAI;IADxC,gBAAgB;gBACoB,IAAI,EAAE,UAAU;IAEpD;;;;OAIG;IACI,OAAO,IAAI,OAAO,CAAC,QAAQ,CAAC;IAInC;;;;OAIG;IACI,OAAO,CAAC,IAAI,GAAE,cAAmB,GAAG,OAAO,CAAC,eAAe,CAAC;CAQnE"}

package/esm/src/resources/auth.js

@@ -24,4 +24,16 @@ export class AuthResource {
     getMeta() {
         return this.http.get('/auth');
     }
+    /**
+     * Exchange a refresh token for a short-lived JWT access token.
+     *
+     * Used for exhanging tokens via cookies, managed by the host.
+     */
+    refresh(opts = {}) {
+        const params = {};
+        if (opts.include?.length) {
+            params['include'] = opts.include.join(',');
+        }
+        return this.http.post('/auth/refresh', undefined, { params });
+    }
 }

package/esm/src/sse.d.ts

@@ -20,7 +20,7 @@ export type SseState = 'disconnected' | 'connecting' | 'connected' | 'error';
  */
 export declare class SseConnection {
     private readonly url;
-    private readonly token;
+    private token;
     private abortController?;
     private _state;
     /**
@@ -28,6 +28,8 @@ export declare class SseConnection {
      * @param token Bearer token used in the `Authorization` header.
      */
     constructor(url: string, token: string);
+    /** Update the bearer token for subsequent reconnections. */
+    updateToken(token: string): void;
     /** Current connection state. */
     get state(): SseState;
     /** `true` when the connection is actively open. */

package/esm/src/sse.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sse.d.ts","sourceRoot":"","sources":["../../src/src/sse.ts"],"names":[],"mappings":"AAAA,yCAAyC;AACzC,MAAM,MAAM,QAAQ,GAAG,cAAc,GAAG,YAAY,GAAG,WAAW,GAAG,OAAO,CAAC;AAE7E;;;;;;;;;;;;;;;;;GAiBG;AACH,qBAAa,aAAa;IASxB,OAAO,CAAC,QAAQ,CAAC,GAAG;IACpB,OAAO,CAAC,QAAQ,CAAC,KAAK;IATvB,OAAO,CAAC,eAAe,CAAC,CAAkB;IAC1C,OAAO,CAAC,MAAM,CAA4B;IAE1C;;;OAGG;gBAEe,GAAG,EAAE,MAAM,EACX,KAAK,EAAE,MAAM;IAG/B,gCAAgC;IAChC,IAAW,KAAK,IAAI,QAAQ,CAE3B;IAED,mDAAmD;IACnD,IAAW,WAAW,IAAI,OAAO,CAEhC;IAED;;;;;;;;;OASG;IACI,OAAO,CACb,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,IAAI,EAC9C,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,GAC9B,IAAI;IAyCP,0DAA0D;IACnD,UAAU,IAAI,IAAI;IAMzB,sGAAsG;YACxF,UAAU;CAmCxB"}
+{"version":3,"file":"sse.d.ts","sourceRoot":"","sources":["../../src/src/sse.ts"],"names":[],"mappings":"AAAA,yCAAyC;AACzC,MAAM,MAAM,QAAQ,GAAG,cAAc,GAAG,YAAY,GAAG,WAAW,GAAG,OAAO,CAAC;AAE7E;;;;;;;;;;;;;;;;;GAiBG;AACH,qBAAa,aAAa;IASxB,OAAO,CAAC,QAAQ,CAAC,GAAG;IACpB,OAAO,CAAC,KAAK;IATd,OAAO,CAAC,eAAe,CAAC,CAAkB;IAC1C,OAAO,CAAC,MAAM,CAA4B;IAE1C;;;OAGG;gBAEe,GAAG,EAAE,MAAM,EACpB,KAAK,EAAE,MAAM;IAGtB,4DAA4D;IACrD,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAIvC,gCAAgC;IAChC,IAAW,KAAK,IAAI,QAAQ,CAE3B;IAED,mDAAmD;IACnD,IAAW,WAAW,IAAI,OAAO,CAEhC;IAED;;;;;;;;;OASG;IACI,OAAO,CACb,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,IAAI,EAC9C,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,GAC9B,IAAI;IAyCP,0DAA0D;IACnD,UAAU,IAAI,IAAI;IAMzB,sGAAsG;YACxF,UAAU;CAmCxB"}

package/esm/src/sse.js

@@ -29,6 +29,10 @@ export class SseConnection {
         this.url = url;
         this.token = token;
     }
+    /** Update the bearer token for subsequent reconnections. */
+    updateToken(token) {
+        this.token = token;
+    }
     /** Current connection state. */
     get state() {
         return this._state;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@meowpanel/api",
-  "version": "1.0.0-beta.1",
+  "version": "1.0.0-beta.2",
   "description": "MeowPanel API client library",
   "license": "MIT",
   "main": "./script/mod.js",

package/script/mod.d.ts

@@ -45,7 +45,7 @@
 export { MeowPanelApi } from './src/client.js';
 export type { MeowPanelApiOptions } from './src/client.js';
 export { AuthResource } from './src/resources/auth.js';
-export type { AuthMeta, AuthProvider } from './src/resources/auth.js';
+export type { AuthMeta, AuthProvider, RefreshOptions, RefreshResponse } from './src/resources/auth.js';
 export { ReactiveResource } from './src/reactive.js';
 export { ApiError } from './src/errors.js';
 export type { ApiErrorOptions } from './src/errors.js';

package/script/mod.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"mod.d.ts","sourceRoot":"","sources":["../src/mod.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2CG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,YAAY,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAG3D,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,YAAY,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAEtE,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAGrD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,YAAY,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAEvD,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,YAAY,EACX,iBAAiB,EACjB,WAAW,EACX,YAAY,EACZ,UAAU,EACV,wBAAwB,EACxB,wBAAwB,EACxB,0BAA0B,EAC1B,cAAc,GACd,MAAM,eAAe,CAAC;AAEvB,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,YAAY,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAErD,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,YAAY,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AAG7C,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AACxD,YAAY,EACX,cAAc,EACd,OAAO,EACP,WAAW,EACX,MAAM,EACN,SAAS,EACT,WAAW,EACX,UAAU,EACV,YAAY,EACZ,qBAAqB,EACrB,cAAc,EACd,mBAAmB,GACnB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAAE,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAClG,YAAY,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAGvF,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AACvE,YAAY,EAAE,YAAY,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AAGzG,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AACtE,YAAY,EACX,UAAU,EACV,aAAa,EACb,YAAY,EACZ,aAAa,EACb,UAAU,EACV,mBAAmB,GACnB,MAAM,4BAA4B,CAAC;AAGpC,OAAO,EACN,IAAI,EACJ,gBAAgB,EAChB,kBAAkB,EAClB,sBAAsB,EACtB,YAAY,EACZ,cAAc,EACd,QAAQ,GACR,MAAM,0BAA0B,CAAC;AAClC,YAAY,EACX,6BAA6B,EAC7B,gCAAgC,EAChC,iBAAiB,EACjB,sBAAsB,EACtB,oBAAoB,EACpB,sBAAsB,EACtB,cAAc,EACd,QAAQ,EACR,UAAU,EACV,YAAY,EACZ,WAAW,EACX,UAAU,EACV,gBAAgB,EAChB,YAAY,EACZ,QAAQ,EACR,6BAA6B,EAC7B,+BAA+B,GAC/B,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACtE,YAAY,EACX,OAAO,EACP,SAAS,EACT,QAAQ,EACR,YAAY,EACZ,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,WAAW,EACX,UAAU,EACV,OAAO,EACP,gBAAgB,GAChB,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAChE,YAAY,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAGzD,OAAO,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,kCAAkC,CAAC;AACtF,YAAY,EACX,wBAAwB,EACxB,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,qBAAqB,GACrB,MAAM,kCAAkC,CAAC;AAG1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC;AACpE,YAAY,EACX,mBAAmB,EACnB,YAAY,EACZ,aAAa,EACb,UAAU,EACV,mBAAmB,GACnB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,MAAM,EAAE,MAAM,mCAAmC,CAAC;AAC3D,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAC;AAGnH,OAAO,EAAE,gBAAgB,EAAE,MAAM,uCAAuC,CAAC;AACzE,YAAY,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,MAAM,uCAAuC,CAAC;AAGvG,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AAGjF,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,MAAM,iCAAiC,CAAC;AAC9E,YAAY,EAAE,kBAAkB,EAAE,MAAM,wCAAwC,CAAC;AACjF,YAAY,EAAE,cAAc,EAAE,WAAW,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAGlH,OAAO,EAAE,oBAAoB,EAAE,wBAAwB,EAAE,MAAM,wCAAwC,CAAC;AACxG,YAAY,EAAE,kBAAkB,EAAE,MAAM,wCAAwC,CAAC;AAGjF,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAG3F,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC"}
+{"version":3,"file":"mod.d.ts","sourceRoot":"","sources":["../src/mod.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2CG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,YAAY,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAG3D,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,YAAY,EAAE,QAAQ,EAAE,YAAY,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAEvG,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAGrD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,YAAY,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAEvD,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,YAAY,EACX,iBAAiB,EACjB,WAAW,EACX,YAAY,EACZ,UAAU,EACV,wBAAwB,EACxB,wBAAwB,EACxB,0BAA0B,EAC1B,cAAc,GACd,MAAM,eAAe,CAAC;AAEvB,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,YAAY,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAErD,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,YAAY,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AAG7C,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AACxD,YAAY,EACX,cAAc,EACd,OAAO,EACP,WAAW,EACX,MAAM,EACN,SAAS,EACT,WAAW,EACX,UAAU,EACV,YAAY,EACZ,qBAAqB,EACrB,cAAc,EACd,mBAAmB,GACnB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAAE,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAClG,YAAY,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAGvF,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AACvE,YAAY,EAAE,YAAY,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AAGzG,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AACtE,YAAY,EACX,UAAU,EACV,aAAa,EACb,YAAY,EACZ,aAAa,EACb,UAAU,EACV,mBAAmB,GACnB,MAAM,4BAA4B,CAAC;AAGpC,OAAO,EACN,IAAI,EACJ,gBAAgB,EAChB,kBAAkB,EAClB,sBAAsB,EACtB,YAAY,EACZ,cAAc,EACd,QAAQ,GACR,MAAM,0BAA0B,CAAC;AAClC,YAAY,EACX,6BAA6B,EAC7B,gCAAgC,EAChC,iBAAiB,EACjB,sBAAsB,EACtB,oBAAoB,EACpB,sBAAsB,EACtB,cAAc,EACd,QAAQ,EACR,UAAU,EACV,YAAY,EACZ,WAAW,EACX,UAAU,EACV,gBAAgB,EAChB,YAAY,EACZ,QAAQ,EACR,6BAA6B,EAC7B,+BAA+B,GAC/B,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACtE,YAAY,EACX,OAAO,EACP,SAAS,EACT,QAAQ,EACR,YAAY,EACZ,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,WAAW,EACX,UAAU,EACV,OAAO,EACP,gBAAgB,GAChB,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAChE,YAAY,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAGzD,OAAO,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,kCAAkC,CAAC;AACtF,YAAY,EACX,wBAAwB,EACxB,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,qBAAqB,GACrB,MAAM,kCAAkC,CAAC;AAG1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC;AACpE,YAAY,EACX,mBAAmB,EACnB,YAAY,EACZ,aAAa,EACb,UAAU,EACV,mBAAmB,GACnB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,MAAM,EAAE,MAAM,mCAAmC,CAAC;AAC3D,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAC;AAGnH,OAAO,EAAE,gBAAgB,EAAE,MAAM,uCAAuC,CAAC;AACzE,YAAY,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,MAAM,uCAAuC,CAAC;AAGvG,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AAGjF,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,MAAM,iCAAiC,CAAC;AAC9E,YAAY,EAAE,kBAAkB,EAAE,MAAM,wCAAwC,CAAC;AACjF,YAAY,EAAE,cAAc,EAAE,WAAW,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAGlH,OAAO,EAAE,oBAAoB,EAAE,wBAAwB,EAAE,MAAM,wCAAwC,CAAC;AACxG,YAAY,EAAE,kBAAkB,EAAE,MAAM,wCAAwC,CAAC;AAGjF,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAG3F,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC"}

package/script/src/client.d.ts

@@ -2,6 +2,7 @@ import type { HttpLogger } from './http.js';
 import { SseConnection } from './sse.js';
 import { AccountResource } from './resources/account.js';
 import { AuthResource } from './resources/auth.js';
+import type { RefreshOptions, RefreshResponse } from './resources/auth.js';
 import { ApiKeysNamespace } from './resources/api-keys.js';
 import { EggsNamespace } from './resources/eggs.js';
 import { HostsNamespace } from './resources/hosts.js';
@@ -46,6 +47,12 @@ export interface MeowPanelApiOptions {
      * Defaults to `undefined` (browser default is `'same-origin'`).
      */
     credentials?: RequestCredentials;
+    /**
+     * Callback invoked when the access token is automatically refreshed.
+     *
+     * Useful for persisting the new token or updating external state.
+     */
+    onTokenRefresh?: (token: string) => void;
 }
 /**
  * The root MeowPanel API client.
@@ -80,6 +87,7 @@ export interface MeowPanelApiOptions {
  */
 export declare class MeowPanelApi {
     private readonly http;
+    private readonly sseConnections;
     /**
      * Fetch authentication configuration (available login providers).
      *
@@ -229,5 +237,12 @@ export declare class MeowPanelApi {
      * ```
      */
     connectSse(): SseConnection;
+    /**
+     * Manually trigger a token refresh.
+     *
+     * Typically not needed as the client refreshes automatically when using
+     * JWT tokens that are about to expire.
+     */
+    refresh(opts?: RefreshOptions): Promise<RefreshResponse>;
 }
 //# sourceMappingURL=client.d.ts.map

package/script/src/client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/src/client.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAEhE;;GAEG;AACH,MAAM,WAAW,mBAAmB;IACnC;;;;;;OAMG;IACH,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;IAClB;;;;OAIG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;;OAIG;IACH,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAChC;;;;OAIG;IACH,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB;;;;;OAKG;IACH,WAAW,CAAC,EAAE,kBAAkB,CAAC;CACjC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,qBAAa,YAAY;IACxB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAa;IAElC;;;;;;;;OAQG;IACH,SAAgB,IAAI,EAAE,YAAY,CAAC;IAEnC;;;;;;;;;OASG;IACH,SAAgB,OAAO,EAAE,eAAe,CAAC;IAEzC;;;;;;;;OAQG;IACH,SAAgB,OAAO,EAAE,gBAAgB,CAAC;IAE1C;;;;;;;;;;;OAWG;IACH,SAAgB,OAAO,EAAE,gBAAgB,CAAC;IAE1C;;;;;;;;;;OAUG;IACH,SAAgB,KAAK,EAAE,cAAc,CAAC;IAEtC;;;;;;;;;;;OAWG;IACH,SAAgB,IAAI,EAAE,aAAa,CAAC;IAEpC;;;;;;;;;OASG;IACH,SAAgB,KAAK,EAAE,cAAc,CAAC;IAEtC;;;;;;;;;;OAUG;IACH,SAAgB,YAAY,EAAE,qBAAqB,CAAC;IAEpD;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACH,SAAgB,OAAO,EAAE,gBAAgB,CAAC;gBAEvB,OAAO,EAAE,mBAAmB;IAoB/C;;;;;;OAMG;IACI,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAIpC;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACI,UAAU,IAAI,aAAa;CAIlC"}
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/src/client.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,KAAK,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAC3E,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAEhE;;GAEG;AACH,MAAM,WAAW,mBAAmB;IACnC;;;;;;OAMG;IACH,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;IAClB;;;;OAIG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;;OAIG;IACH,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAChC;;;;OAIG;IACH,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB;;;;;OAKG;IACH,WAAW,CAAC,EAAE,kBAAkB,CAAC;IACjC;;;;OAIG;IACH,cAAc,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;CACzC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,qBAAa,YAAY;IACxB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAa;IAClC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAA4B;IAE3D;;;;;;;;OAQG;IACH,SAAgB,IAAI,EAAE,YAAY,CAAC;IAEnC;;;;;;;;;OASG;IACH,SAAgB,OAAO,EAAE,eAAe,CAAC;IAEzC;;;;;;;;OAQG;IACH,SAAgB,OAAO,EAAE,gBAAgB,CAAC;IAE1C;;;;;;;;;;;OAWG;IACH,SAAgB,OAAO,EAAE,gBAAgB,CAAC;IAE1C;;;;;;;;;;OAUG;IACH,SAAgB,KAAK,EAAE,cAAc,CAAC;IAEtC;;;;;;;;;;;OAWG;IACH,SAAgB,IAAI,EAAE,aAAa,CAAC;IAEpC;;;;;;;;;OASG;IACH,SAAgB,KAAK,EAAE,cAAc,CAAC;IAEtC;;;;;;;;;;OAUG;IACH,SAAgB,YAAY,EAAE,qBAAqB,CAAC;IAEpD;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACH,SAAgB,OAAO,EAAE,gBAAgB,CAAC;gBAEvB,OAAO,EAAE,mBAAmB;IA2B/C;;;;;;OAMG;IACI,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAIpC;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACI,UAAU,IAAI,aAAa;IAQlC;;;;;OAKG;IACI,OAAO,CAAC,IAAI,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,CAAC;CAG/D"}

package/script/src/client.js

@@ -45,6 +45,7 @@ const index_js_1 = require("./resources/servers/index.js");
  */
 class MeowPanelApi {
     http;
+    sseConnections = new Set();
     /**
      * Fetch authentication configuration (available login providers).
      *
@@ -162,12 +163,19 @@ class MeowPanelApi {
      */
     servers;
     constructor(options) {
+        const userCallback = options.onTokenRefresh;
         this.http = new http_js_1.HttpClient({
             url: options.url.toString(),
             token: options.token,
             fetch: options.fetch,
             logger: options.logger,
             credentials: options.credentials,
+            onTokenRefresh: (token) => {
+                for (const sse of this.sseConnections) {
+                    sse.updateToken(token);
+                }
+                userCallback?.(token);
+            },
         });
         this.auth = new auth_js_1.AuthResource(this.http);
         this.account = new account_js_1.AccountResource(this.http);
@@ -214,7 +222,18 @@ class MeowPanelApi {
      */
     connectSse() {
         const url = this.http.buildUrl('/sse');
-        return new sse_js_1.SseConnection(url, this.http.getToken());
+        const sse = new sse_js_1.SseConnection(url, this.http.getToken());
+        this.sseConnections.add(sse);
+        return sse;
+    }
+    /**
+     * Manually trigger a token refresh.
+     *
+     * Typically not needed as the client refreshes automatically when using
+     * JWT tokens that are about to expire.
+     */
+    refresh(opts) {
+        return this.auth.refresh(opts);
     }
 }
 exports.MeowPanelApi = MeowPanelApi;

package/script/src/http.d.ts

@@ -19,6 +19,8 @@ export interface HttpClientOptions {
      * Defaults to `undefined` (browser default is `'same-origin'`).
      */
     credentials?: RequestCredentials;
+    /** Callback invoked when the access token is refreshed. */
+    onTokenRefresh?: (token: string) => void;
 }
 /** Typed lifecycle code emitted by {@link HttpClient}'s optional logger. */
 export type HttpLogCode = 'request.start' | 'request.success' | 'request.error';
@@ -70,6 +72,8 @@ export declare class HttpClient {
     protected readonly fetchImpl: typeof globalThis.fetch;
     protected readonly logger?: HttpLogger;
     protected readonly credentials?: RequestCredentials;
+    protected readonly onTokenRefresh?: (token: string) => void;
+    private refreshPromise;
     constructor(options: HttpClientOptions);
     /** Replace the bearer token for all subsequent requests. */
     setToken(token: string): void;
@@ -83,9 +87,18 @@ export declare class HttpClient {
     protected parseError(response: Response): Promise<ApiError>;
     private log;
     private executeFetch;
+    /** Extract the `exp` claim from a JWT without verification. Returns 0 for non-JWT tokens. */
+    private getTokenExp;
+    /** Refresh the access token if it's a JWT and about to expire. */
+    private refreshTokenIfNeeded;
+    /** Force a token refresh regardless of expiry. Only works if credentials are set (cookie auth). */
+    private forceRefresh;
     /**
      * Perform a raw `fetch` and throw {@link ApiError} on non-2xx responses.
      *
+     * Proactively refreshes JWT tokens that are about to expire and retries
+     * once on `401 Unauthorized` after forcing a token refresh.
+     *
      * @param path Path relative to the API base URL, e.g. `/servers`.
      * @param init Standard `RequestInit` options.
      * @param params Query parameters to append.

package/script/src/http.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../../src/src/http.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEzD,4CAA4C;AAC5C,MAAM,WAAW,iBAAiB;IACjC,6EAA6E;IAC7E,GAAG,EAAE,MAAM,CAAC;IACZ,uDAAuD;IACvD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,mEAAmE;IACnE,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAChC,4EAA4E;IAC5E,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,kBAAkB,CAAC;CACjC;AAED,4EAA4E;AAC5E,MAAM,MAAM,WAAW,GAAG,eAAe,GAAG,iBAAiB,GAAG,eAAe,CAAC;AAEhF,wDAAwD;AACxD,UAAU,gBAAgB;IACzB,IAAI,EAAE,WAAW,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC,CAAC;CAC/D;AAED,oDAAoD;AACpD,MAAM,WAAW,wBAAyB,SAAQ,gBAAgB;IACjE,IAAI,EAAE,eAAe,CAAC;CACtB;AAED,uDAAuD;AACvD,MAAM,WAAW,0BAA2B,SAAQ,gBAAgB;IACnE,IAAI,EAAE,iBAAiB,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;CACnB;AAED,sEAAsE;AACtE,MAAM,WAAW,wBAAyB,SAAQ,gBAAgB;IACjE,IAAI,EAAE,eAAe,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,KAAK,CAAC;CACb;AAED,+DAA+D;AAC/D,MAAM,MAAM,YAAY,GACrB,wBAAwB,GACxB,0BAA0B,GAC1B,wBAAwB,CAAC;AAE5B,8DAA8D;AAC9D,MAAM,MAAM,UAAU,GAAG,CAAC,KAAK,EAAE,YAAY,KAAK,IAAI,CAAC;AAEvD,wEAAwE;AACxE,MAAM,WAAW,cAAc;IAC9B,2EAA2E;IAC3E,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC,CAAC;IAC/D,8CAA8C;IAC9C,MAAM,CAAC,EAAE,WAAW,CAAC;CACrB;AAED;;;;;GAKG;AACH,qBAAa,UAAU;IACtB,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,KAAK,EAAE,MAAM,CAAC;IACxB,SAAS,CAAC,QAAQ,CAAC,SAAS,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IACtD,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,UAAU,CAAC;IACvC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,kBAAkB,CAAC;gBAMjC,OAAO,EAAE,iBAAiB;IAQ7C,4DAA4D;IACrD,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAIpC,uCAAuC;IAChC,QAAQ,IAAI,MAAM;IAIzB,kEAAkE;IAC3D,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC,GAAG,MAAM;IAUrG,mDAAmD;IACnD,SAAS,KAAK,cAAc,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAOrD;IAED,8DAA8D;cAC9C,UAAU,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAYjE,OAAO,CAAC,GAAG;YAQG,YAAY;IAiE1B;;;;;;OAMG;IACU,KAAK,CACjB,IAAI,EAAE,MAAM,EACZ,IAAI,GAAE,WAAgB,EACtB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC,GAC5D,OAAO,CAAC,QAAQ,CAAC;IAOpB;;;;;OAKG;IACU,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,GAAE,cAAmB,GAAG,OAAO,CAAC,CAAC,CAAC;IAKxE;;;;;;OAMG;IACU,IAAI,CAAC,CAAC,GAAG,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,GAAE,cAAmB,GAAG,OAAO,CAAC,CAAC,CAAC;IAUhG;;;;;;OAMG;IACU,KAAK,CAAC,CAAC,GAAG,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,GAAE,cAAmB,GAAG,OAAO,CAAC,CAAC,CAAC;IAUjG;;;;;OAKG;IACU,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,GAAE,cAAmB,GAAG,OAAO,CAAC,IAAI,CAAC;IAI3E;;;;;;;OAOG;IACU,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,GAAE,cAAmB,GAAG,OAAO,CAAC,CAAC,CAAC;IAapH;;;;;;;OAOG;IACU,IAAI,CAAC,CAAC,EAClB,IAAI,EAAE,MAAM,EACZ,IAAI,GAAE,WAAgB,EACtB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC,GACjE,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;CAwBxB"}
+{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../../src/src/http.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEzD,4CAA4C;AAC5C,MAAM,WAAW,iBAAiB;IACjC,6EAA6E;IAC7E,GAAG,EAAE,MAAM,CAAC;IACZ,uDAAuD;IACvD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,mEAAmE;IACnE,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAChC,4EAA4E;IAC5E,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,kBAAkB,CAAC;IACjC,2DAA2D;IAC3D,cAAc,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;CACzC;AAED,4EAA4E;AAC5E,MAAM,MAAM,WAAW,GAAG,eAAe,GAAG,iBAAiB,GAAG,eAAe,CAAC;AAEhF,wDAAwD;AACxD,UAAU,gBAAgB;IACzB,IAAI,EAAE,WAAW,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC,CAAC;CAC/D;AAED,oDAAoD;AACpD,MAAM,WAAW,wBAAyB,SAAQ,gBAAgB;IACjE,IAAI,EAAE,eAAe,CAAC;CACtB;AAED,uDAAuD;AACvD,MAAM,WAAW,0BAA2B,SAAQ,gBAAgB;IACnE,IAAI,EAAE,iBAAiB,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;CACnB;AAED,sEAAsE;AACtE,MAAM,WAAW,wBAAyB,SAAQ,gBAAgB;IACjE,IAAI,EAAE,eAAe,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,KAAK,CAAC;CACb;AAED,+DAA+D;AAC/D,MAAM,MAAM,YAAY,GACrB,wBAAwB,GACxB,0BAA0B,GAC1B,wBAAwB,CAAC;AAE5B,8DAA8D;AAC9D,MAAM,MAAM,UAAU,GAAG,CAAC,KAAK,EAAE,YAAY,KAAK,IAAI,CAAC;AAEvD,wEAAwE;AACxE,MAAM,WAAW,cAAc;IAC9B,2EAA2E;IAC3E,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC,CAAC;IAC/D,8CAA8C;IAC9C,MAAM,CAAC,EAAE,WAAW,CAAC;CACrB;AAED;;;;;GAKG;AACH,qBAAa,UAAU;IACtB,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,KAAK,EAAE,MAAM,CAAC;IACxB,SAAS,CAAC,QAAQ,CAAC,SAAS,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IACtD,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,UAAU,CAAC;IACvC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,kBAAkB,CAAC;IACpD,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;IAC5D,OAAO,CAAC,cAAc,CAA8B;gBAMjC,OAAO,EAAE,iBAAiB;IAS7C,4DAA4D;IACrD,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAIpC,uCAAuC;IAChC,QAAQ,IAAI,MAAM;IAIzB,kEAAkE;IAC3D,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC,GAAG,MAAM;IAUrG,mDAAmD;IACnD,SAAS,KAAK,cAAc,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAOrD;IAED,8DAA8D;cAC9C,UAAU,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAYjE,OAAO,CAAC,GAAG;YAQG,YAAY;IAiE1B,6FAA6F;IAC7F,OAAO,CAAC,WAAW;IAYnB,kEAAkE;YACpD,oBAAoB;IAUlC,mGAAmG;YACrF,YAAY;IA8B1B;;;;;;;;;OASG;IACU,KAAK,CACjB,IAAI,EAAE,MAAM,EACZ,IAAI,GAAE,WAAgB,EACtB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC,GAC5D,OAAO,CAAC,QAAQ,CAAC;IAqBpB;;;;;OAKG;IACU,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,GAAE,cAAmB,GAAG,OAAO,CAAC,CAAC,CAAC;IAKxE;;;;;;OAMG;IACU,IAAI,CAAC,CAAC,GAAG,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,GAAE,cAAmB,GAAG,OAAO,CAAC,CAAC,CAAC;IAUhG;;;;;;OAMG;IACU,KAAK,CAAC,CAAC,GAAG,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,GAAE,cAAmB,GAAG,OAAO,CAAC,CAAC,CAAC;IAUjG;;;;;OAKG;IACU,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,GAAE,cAAmB,GAAG,OAAO,CAAC,IAAI,CAAC;IAI3E;;;;;;;OAOG;IACU,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,GAAE,cAAmB,GAAG,OAAO,CAAC,CAAC,CAAC;IAapH;;;;;;;OAOG;IACU,IAAI,CAAC,CAAC,EAClB,IAAI,EAAE,MAAM,EACZ,IAAI,GAAE,WAAgB,EACtB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC,GACjE,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;CAwBxB"}

package/script/src/http.js

@@ -14,6 +14,8 @@ class HttpClient {
     fetchImpl;
     logger;
     credentials;
+    onTokenRefresh;
+    refreshPromise = null;
     [Symbol.for('nodejs.util.inspect.custom')]() {
         return `HttpClient { ${this.baseUrl} }`;
     }
@@ -23,6 +25,7 @@ class HttpClient {
         this.fetchImpl = options.fetch ?? globalThis.fetch;
         this.logger = options.logger;
         this.credentials = options.credentials;
+        this.onTokenRefresh = options.onTokenRefresh;
     }
     /** Replace the bearer token for all subsequent requests. */
     setToken(token) {
@@ -134,18 +137,86 @@ class HttpClient {
             throw error;
         }
     }
+    /** Extract the `exp` claim from a JWT without verification. Returns 0 for non-JWT tokens. */
+    getTokenExp() {
+        const parts = this.token.split('.');
+        if (parts.length !== 3)
+            return 0; // Not a JWT token
+        try {
+            const payload = JSON.parse(atob(parts[1]));
+            return typeof payload.exp === 'number' ? payload.exp : 0;
+        }
+        catch {
+            return 0;
+        }
+    }
+    /** Refresh the access token if it's a JWT and about to expire. */
+    async refreshTokenIfNeeded() {
+        const exp = this.getTokenExp();
+        if (exp === 0)
+            return;
+        const nowSec = Math.floor(Date.now() / 1000);
+        if (exp - nowSec > 60)
+            return;
+        await this.forceRefresh();
+    }
+    /** Force a token refresh regardless of expiry. Only works if credentials are set (cookie auth). */
+    async forceRefresh() {
+        if (this.refreshPromise) {
+            await this.refreshPromise;
+            return !!this.token;
+        }
+        this.refreshPromise = (async () => {
+            try {
+                const res = await this.fetchImpl(this.baseUrl + '/auth/refresh', {
+                    method: 'POST',
+                    headers: {
+                        'Content-Type': 'application/json',
+                        'Accept': 'application/json',
+                    },
+                    credentials: this.credentials,
+                });
+                if (res.ok) {
+                    const data = await res.json();
+                    this.token = data.access_token;
+                    this.onTokenRefresh?.(data.access_token);
+                }
+            }
+            finally {
+                this.refreshPromise = null;
+            }
+        })();
+        await this.refreshPromise;
+        return !!this.token;
+    }
     /**
      * Perform a raw `fetch` and throw {@link ApiError} on non-2xx responses.
      *
+     * Proactively refreshes JWT tokens that are about to expire and retries
+     * once on `401 Unauthorized` after forcing a token refresh.
+     *
      * @param path Path relative to the API base URL, e.g. `/servers`.
      * @param init Standard `RequestInit` options.
      * @param params Query parameters to append.
      */
     async fetch(path, init = {}, params) {
-        return await this.executeFetch(path, {
+        await this.refreshTokenIfNeeded();
+        const buildInit = () => ({
             ...init,
             headers: { ...this.defaultHeaders, ...init.headers },
-        }, params);
+        });
+        try {
+            return await this.executeFetch(path, buildInit(), params);
+        }
+        catch (error) {
+            if (error instanceof errors_js_1.ApiError && error.status === 401 && path !== '/auth/refresh') {
+                const refreshed = await this.forceRefresh();
+                if (refreshed) {
+                    return await this.executeFetch(path, buildInit(), params);
+                }
+            }
+            throw error;
+        }
     }
     /**
      * GET and deserialize a JSON response body.

package/script/src/resources/auth.d.ts

@@ -13,6 +13,18 @@ export interface AuthMeta {
     /** Available auth providers keyed by provider ID (e.g. `'email'`, `'whmcs'`). */
     providers: Record<string, AuthProvider>;
 }
+/** Response from the token refresh endpoint. */
+export interface RefreshResponse {
+    access_token: string;
+    expires_in_seconds: number;
+    token_type: string;
+    account?: Record<string, unknown>;
+}
+/** Options for the refresh request. */
+export interface RefreshOptions {
+    /** Fields to include in the response (e.g. `['account', 'display']`). */
+    include?: string[];
+}
 /**
  * Resource for authentication configuration.
  *
@@ -35,5 +47,11 @@ export declare class AuthResource {
      * Returns the available login providers and their display fields.
      */
     getMeta(): Promise<AuthMeta>;
+    /**
+     * Exchange a refresh token for a short-lived JWT access token.
+     *
+     * Used for exhanging tokens via cookies, managed by the host.
+     */
+    refresh(opts?: RefreshOptions): Promise<RefreshResponse>;
 }
 //# sourceMappingURL=auth.d.ts.map

package/script/src/resources/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/src/resources/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAS7C;;GAEG;AACH,MAAM,WAAW,YAAY;IAC5B,0EAA0E;IAC1E,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACxB,iFAAiF;IACjF,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;CACxC;AAED;;;;;;;;;;;GAWG;AACH,qBAAa,YAAY;IAEL,OAAO,CAAC,QAAQ,CAAC,IAAI;IADxC,gBAAgB;gBACoB,IAAI,EAAE,UAAU;IAEpD;;;;OAIG;IACI,OAAO,IAAI,OAAO,CAAC,QAAQ,CAAC;CAGnC"}
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/src/resources/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAS7C;;GAEG;AACH,MAAM,WAAW,YAAY;IAC5B,0EAA0E;IAC1E,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACxB,iFAAiF;IACjF,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;CACxC;AAED,gDAAgD;AAChD,MAAM,WAAW,eAAe;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,uCAAuC;AACvC,MAAM,WAAW,cAAc;IAC9B,yEAAyE;IACzE,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAED;;;;;;;;;;;GAWG;AACH,qBAAa,YAAY;IAEL,OAAO,CAAC,QAAQ,CAAC,IAAI;IADxC,gBAAgB;gBACoB,IAAI,EAAE,UAAU;IAEpD;;;;OAIG;IACI,OAAO,IAAI,OAAO,CAAC,QAAQ,CAAC;IAInC;;;;OAIG;IACI,OAAO,CAAC,IAAI,GAAE,cAAmB,GAAG,OAAO,CAAC,eAAe,CAAC;CAQnE"}

package/script/src/resources/auth.js

@@ -27,5 +27,17 @@ class AuthResource {
     getMeta() {
         return this.http.get('/auth');
     }
+    /**
+     * Exchange a refresh token for a short-lived JWT access token.
+     *
+     * Used for exhanging tokens via cookies, managed by the host.
+     */
+    refresh(opts = {}) {
+        const params = {};
+        if (opts.include?.length) {
+            params['include'] = opts.include.join(',');
+        }
+        return this.http.post('/auth/refresh', undefined, { params });
+    }
 }
 exports.AuthResource = AuthResource;

package/script/src/sse.d.ts

@@ -20,7 +20,7 @@ export type SseState = 'disconnected' | 'connecting' | 'connected' | 'error';
  */
 export declare class SseConnection {
     private readonly url;
-    private readonly token;
+    private token;
     private abortController?;
     private _state;
     /**
@@ -28,6 +28,8 @@ export declare class SseConnection {
      * @param token Bearer token used in the `Authorization` header.
      */
     constructor(url: string, token: string);
+    /** Update the bearer token for subsequent reconnections. */
+    updateToken(token: string): void;
     /** Current connection state. */
     get state(): SseState;
     /** `true` when the connection is actively open. */

package/script/src/sse.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sse.d.ts","sourceRoot":"","sources":["../../src/src/sse.ts"],"names":[],"mappings":"AAAA,yCAAyC;AACzC,MAAM,MAAM,QAAQ,GAAG,cAAc,GAAG,YAAY,GAAG,WAAW,GAAG,OAAO,CAAC;AAE7E;;;;;;;;;;;;;;;;;GAiBG;AACH,qBAAa,aAAa;IASxB,OAAO,CAAC,QAAQ,CAAC,GAAG;IACpB,OAAO,CAAC,QAAQ,CAAC,KAAK;IATvB,OAAO,CAAC,eAAe,CAAC,CAAkB;IAC1C,OAAO,CAAC,MAAM,CAA4B;IAE1C;;;OAGG;gBAEe,GAAG,EAAE,MAAM,EACX,KAAK,EAAE,MAAM;IAG/B,gCAAgC;IAChC,IAAW,KAAK,IAAI,QAAQ,CAE3B;IAED,mDAAmD;IACnD,IAAW,WAAW,IAAI,OAAO,CAEhC;IAED;;;;;;;;;OASG;IACI,OAAO,CACb,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,IAAI,EAC9C,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,GAC9B,IAAI;IAyCP,0DAA0D;IACnD,UAAU,IAAI,IAAI;IAMzB,sGAAsG;YACxF,UAAU;CAmCxB"}
+{"version":3,"file":"sse.d.ts","sourceRoot":"","sources":["../../src/src/sse.ts"],"names":[],"mappings":"AAAA,yCAAyC;AACzC,MAAM,MAAM,QAAQ,GAAG,cAAc,GAAG,YAAY,GAAG,WAAW,GAAG,OAAO,CAAC;AAE7E;;;;;;;;;;;;;;;;;GAiBG;AACH,qBAAa,aAAa;IASxB,OAAO,CAAC,QAAQ,CAAC,GAAG;IACpB,OAAO,CAAC,KAAK;IATd,OAAO,CAAC,eAAe,CAAC,CAAkB;IAC1C,OAAO,CAAC,MAAM,CAA4B;IAE1C;;;OAGG;gBAEe,GAAG,EAAE,MAAM,EACpB,KAAK,EAAE,MAAM;IAGtB,4DAA4D;IACrD,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAIvC,gCAAgC;IAChC,IAAW,KAAK,IAAI,QAAQ,CAE3B;IAED,mDAAmD;IACnD,IAAW,WAAW,IAAI,OAAO,CAEhC;IAED;;;;;;;;;OASG;IACI,OAAO,CACb,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,IAAI,EAC9C,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,GAC9B,IAAI;IAyCP,0DAA0D;IACnD,UAAU,IAAI,IAAI;IAMzB,sGAAsG;YACxF,UAAU;CAmCxB"}

package/script/src/sse.js

@@ -32,6 +32,10 @@ class SseConnection {
         this.url = url;
         this.token = token;
     }
+    /** Update the bearer token for subsequent reconnections. */
+    updateToken(token) {
+        this.token = token;
+    }
     /** Current connection state. */
     get state() {
         return this._state;