@mondaydotcomorg/atp-client 0.23.0 → 0.23.1

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@mondaydotcomorg/atp-client",
-	"version": "0.23.0",
+	"version": "0.23.1",
 	"description": "Client SDK for Agent Tool Protocol",
 	"type": "module",
 	"main": "./dist/index.cjs",

package/src/client.ts

@@ -43,7 +43,6 @@ interface InProcessServer {
 	handleExplore(ctx: unknown): Promise<unknown>;
 	handleExecute(ctx: unknown): Promise<unknown>;
 	handleResume(ctx: unknown, executionId: string): Promise<unknown>;
-	handleTokenRefresh(ctx: unknown): Promise<unknown>;
 }
 
 /**

package/src/core/base-session.ts

@@ -29,6 +29,15 @@ export interface ISession {
 	setTokenRefreshConfig(config: Partial<TokenRefreshConfig>): void;
 }
 
+/**
+ * Stored init parameters for re-initialization during token refresh.
+ */
+export interface StoredInitParams {
+	clientInfo?: { name?: string; version?: string; [key: string]: unknown };
+	tools?: ClientToolDefinition[];
+	services?: { hasLLM: boolean; hasApproval: boolean; hasEmbedding: boolean; hasTools: boolean };
+}
+
 /**
  * Base session class with shared token management logic.
  * Subclasses implement the transport-specific operations (HTTP vs in-process).
@@ -40,12 +49,13 @@ export abstract class BaseSession implements ISession {
 	protected tokenRotateAt?: number;
 	protected initPromise?: Promise<void>;
 	protected refreshPromise?: Promise<void>;
+	protected storedInitParams?: StoredInitParams;
 	protected tokenRefreshConfig: TokenRefreshConfig = {
 		enabled: true,
 		bufferMs: 1000,
 	};
 
-	constructor(tokenRefreshConfig?: Partial<TokenRefreshConfig>) {
+	protected constructor(tokenRefreshConfig?: Partial<TokenRefreshConfig>) {
 		if (tokenRefreshConfig) {
 			this.tokenRefreshConfig = { ...this.tokenRefreshConfig, ...tokenRefreshConfig };
 		}
@@ -81,9 +91,25 @@ export abstract class BaseSession implements ISession {
 	abstract prepareHeaders(method: string, url: string, body?: unknown): Promise<Record<string, string>>;
 
 	/**
-	 * Perform the actual token refresh - must be implemented by subclass
+	 * Perform token refresh by re-initializing the session.
+	 * Resets the init guard and calls init() again with the stored params,
+	 * effectively creating a fresh session without depending on the old
+	 * session still existing in the server's cache.
 	 */
-	protected abstract doRefreshToken(): Promise<void>;
+	protected async doRefreshToken(): Promise<void> {
+		if (!this.storedInitParams) {
+			throw new Error('Cannot refresh token: init params not stored. Was init() called?');
+		}
+
+		// Reset the init guard so init() runs a fresh handshake
+		this.initPromise = undefined;
+
+		await this.init(
+			this.storedInitParams.clientInfo,
+			this.storedInitParams.tools,
+			this.storedInitParams.services,
+		);
+	}
 
 	/**
 	 * Gets the unique client ID.
@@ -118,8 +144,8 @@ export abstract class BaseSession implements ISession {
 	 * This is called automatically before requests when autoRefresh is enabled.
 	 * Uses a shared promise to prevent concurrent refresh requests.
 	 *
-	 * Note: Even expired tokens can be refreshed as long as the server session
-	 * still exists. The server accepts expired JWTs for the refresh endpoint.
+	 * Refresh works by re-initializing the session (calling init() again),
+	 * so it does not depend on the old session still existing in the server's cache.
 	 */
 	async refreshTokenIfNeeded(): Promise<void> {
 		// Skip if auto-refresh is disabled
@@ -163,9 +189,10 @@ export abstract class BaseSession implements ISession {
 	}
 
 	/**
-	 * Check if URL should skip token refresh (to avoid infinite recursion)
+	 * Check if URL should skip token refresh (to avoid infinite recursion).
+	 * Since refresh now calls init(), we only need to guard the init path.
 	 */
 	protected shouldSkipRefreshForUrl(url: string): boolean {
-		return url.includes('/api/token/refresh') || url.includes('/api/init');
+		return url.includes('/api/init');
 	}
 }

package/src/core/in-process-session.ts

@@ -15,7 +15,6 @@ export interface InProcessServer {
 	handleExplore(ctx: InProcessRequestContext): Promise<unknown>;
 	handleExecute(ctx: InProcessRequestContext): Promise<unknown>;
 	handleResume(ctx: InProcessRequestContext, executionId: string): Promise<unknown>;
-	handleTokenRefresh(ctx: InProcessRequestContext): Promise<unknown>;
 }
 
 /**
@@ -65,6 +64,9 @@ export class InProcessSession extends BaseSession {
 		tools?: ClientToolDefinition[],
 		services?: { hasLLM: boolean; hasApproval: boolean; hasEmbedding: boolean; hasTools: boolean }
 	): Promise<TokenCredentials> {
+		// Store init params so doRefreshToken() can re-init with the same data
+		this.storedInitParams = { clientInfo, tools, services };
+
 		if (this.initPromise) {
 			await this.initPromise;
 			return {
@@ -133,20 +135,6 @@ export class InProcessSession extends BaseSession {
 		return '';
 	}
 
-	/**
-	 * Perform the actual token refresh via in-process server call
-	 */
-	protected async doRefreshToken(): Promise<void> {
-		const ctx = await this.createContext({
-			method: 'POST',
-			path: '/api/token/refresh',
-			body: { clientId: this.clientId },
-		});
-
-		const result = (await this.server.handleTokenRefresh(ctx)) as TokenCredentials;
-		this.updateTokenState(result);
-	}
-
 	/**
 	 * Prepares headers for a request, refreshing token if needed
 	 */

package/src/core/session.ts

@@ -32,6 +32,9 @@ export class ClientSession extends BaseSession {
 		tools?: ClientToolDefinition[],
 		services?: { hasLLM: boolean; hasApproval: boolean; hasEmbedding: boolean; hasTools: boolean }
 	): Promise<TokenCredentials> {
+		// Store init params so doRefreshToken() can re-init with the same data
+		this.storedInitParams = { clientInfo, tools, services };
+
 		if (this.initPromise) {
 			await this.initPromise;
 			return {
@@ -107,36 +110,6 @@ export class ClientSession extends BaseSession {
 		return this.baseUrl;
 	}
 
-	/**
-	 * Perform the actual token refresh via HTTP
-	 */
-	protected async doRefreshToken(): Promise<void> {
-		const url = `${this.baseUrl}/api/token/refresh`;
-		const body = JSON.stringify({ clientId: this.clientId });
-
-		// Use current token for auth, but don't recursively try to refresh
-		const headers: Record<string, string> = {
-			'Content-Type': 'application/json',
-			...this.customHeaders,
-			'X-Client-ID': this.clientId!,
-			Authorization: `Bearer ${this.clientToken}`,
-		};
-
-		const response = await fetch(url, {
-			method: 'POST',
-			headers,
-			body,
-		});
-
-		if (!response.ok) {
-			const errorText = await response.text();
-			throw new Error(`Token refresh failed: ${response.status} ${response.statusText} - ${errorText}`);
-		}
-
-		const data = (await response.json()) as TokenCredentials;
-		this.updateTokenState(data);
-	}
-
 	/**
 	 * Prepares headers for a request, refreshing token if needed and calling preRequest hook if configured
 	 */