kontexted 0.1.14 → 0.1.16

package/dist/commands/mcp.js

@@ -28,7 +28,15 @@ async function startMcpProxy(options) {
         writeEnabled = false;
     }
     const persist = async () => {
-        await writeConfig(config);
+        const freshConfig = await readConfig();
+        const freshProfile = getProfile(freshConfig, profileKey);
+        if (freshProfile && profile.oauth.tokens) {
+            freshProfile.oauth = {
+                ...profile.oauth,
+                tokens: { ...profile.oauth.tokens },
+            };
+            await writeConfig(freshConfig);
+        }
     };
     try {
         const { client } = await connectRemoteClient(profile.serverUrl, profile.oauth, persist, { allowInteractive: false });

package/dist/commands/skill.js

@@ -1,10 +1,9 @@
 import * as readline from "readline";
-import { readConfig, writeConfig } from "../lib/config.js";
-import { getProfile, listProfiles } from "../lib/profile.js";
-import { ApiClient } from "../lib/api-client.js";
-import { ensureValidTokens } from "../lib/oauth.js";
+import { readConfig } from "../lib/config.js";
+import { listProfiles } from "../lib/profile.js";
 import { getProvider, allTemplates } from "../skill-init/index.js";
 import { initSkill } from "../skill-init/utils.js";
+import { createAuthenticatedClient } from "../lib/sync/auth-utils.js";
 /**
  * Execute workspace-tree skill via the API
  */
@@ -97,19 +96,19 @@ async function executeUpdateNoteContent(client, workspaceSlug, notePublicId, con
  * Helper function to create an API client from a profile alias
  */
 async function createApiClient(alias) {
-    const config = await readConfig();
-    const profile = getProfile(config, alias);
-    if (!profile) {
-        console.error(`Profile not found: ${alias}. Run 'kontexted login' first.`);
-        process.exit(1);
+    try {
+        const auth = await createAuthenticatedClient(alias);
+        return { client: auth.client, profile: auth.profile };
     }
-    // Proactively refresh token if needed (non-interactive)
-    const tokensValid = await ensureValidTokens(profile.oauth, async () => writeConfig(config), profile.serverUrl);
-    if (!tokensValid) {
-        console.error(`Authentication expired. Run 'kontexted login --alias ${alias}' to re-authenticate.`);
+    catch (error) {
+        if (error instanceof Error) {
+            console.error(`\nError: ${error.message}`);
+        }
+        else {
+            console.error("\nError: Failed to authenticate. Please run 'kontexted login'...");
+        }
         process.exit(1);
     }
-    return new ApiClient(profile.serverUrl, profile.oauth, async () => writeConfig(config));
 }
 /**
  * Display results from a skill execution
@@ -175,14 +174,8 @@ export function registerSkillCommand(program) {
         .requiredOption("--alias <name>", "Profile alias to use")
         .action(async (options) => {
         try {
-            const client = await createApiClient(options.alias);
-            const config = await readConfig();
-            const profile = getProfile(config, options.alias);
-            if (!profile) {
-                console.error(`Profile not found: ${options.alias}. Run 'kontexted login' first.`);
-                process.exit(1);
-            }
-            const result = await executeWorkspaceTree(client, profile.workspace);
+            const { client: apiClient, profile } = await createApiClient(options.alias);
+            const result = await executeWorkspaceTree(apiClient, profile.workspace);
             displayResult(result);
         }
         catch (error) {
@@ -198,14 +191,8 @@ export function registerSkillCommand(program) {
         .option("--limit <number>", "Maximum number of results (default: 20, max: 50)", parseInt)
         .action(async (options) => {
         try {
-            const client = await createApiClient(options.alias);
-            const config = await readConfig();
-            const profile = getProfile(config, options.alias);
-            if (!profile) {
-                console.error(`Profile not found: ${options.alias}. Run 'kontexted login' first.`);
-                process.exit(1);
-            }
-            const result = await executeSearchNotes(client, profile.workspace, options.query, options.limit);
+            const { client: apiClient, profile } = await createApiClient(options.alias);
+            const result = await executeSearchNotes(apiClient, profile.workspace, options.query, options.limit);
             displayResult(result);
         }
         catch (error) {
@@ -220,14 +207,8 @@ export function registerSkillCommand(program) {
         .requiredOption("--note-id <id>", "Public ID of the note")
         .action(async (options) => {
         try {
-            const client = await createApiClient(options.alias);
-            const config = await readConfig();
-            const profile = getProfile(config, options.alias);
-            if (!profile) {
-                console.error(`Profile not found: ${options.alias}. Run 'kontexted login' first.`);
-                process.exit(1);
-            }
-            const result = await executeNoteById(client, profile.workspace, options.noteId);
+            const { client: apiClient, profile } = await createApiClient(options.alias);
+            const result = await executeNoteById(apiClient, profile.workspace, options.noteId);
             displayResult(result);
         }
         catch (error) {
@@ -244,18 +225,12 @@ export function registerSkillCommand(program) {
         .option("--parent-id <parentPublicId>", "Public ID of parent folder (for nested folders)")
         .action(async (options) => {
         try {
-            const client = await createApiClient(options.alias);
-            const config = await readConfig();
-            const profile = getProfile(config, options.alias);
-            if (!profile) {
-                console.error(`Profile not found: ${options.alias}. Run 'kontexted login' first.`);
-                process.exit(1);
-            }
+            const { client: apiClient, profile } = await createApiClient(options.alias);
             if (!profile.write) {
                 console.error("Error: Write operations not enabled for this profile. Re-login with 'kontexted login --alias <alias> --write' to enable write access.");
                 process.exit(1);
             }
-            const result = await executeCreateFolder(client, profile.workspace, options.name, options.displayName, options.parentId);
+            const result = await executeCreateFolder(apiClient, profile.workspace, options.name, options.displayName, options.parentId);
             displayResult(result);
         }
         catch (error) {
@@ -273,18 +248,12 @@ export function registerSkillCommand(program) {
         .option("--content <content>", "Initial content for the note")
         .action(async (options) => {
         try {
-            const client = await createApiClient(options.alias);
-            const config = await readConfig();
-            const profile = getProfile(config, options.alias);
-            if (!profile) {
-                console.error(`Profile not found: ${options.alias}. Run 'kontexted login' first.`);
-                process.exit(1);
-            }
+            const { client: apiClient, profile } = await createApiClient(options.alias);
             if (!profile.write) {
                 console.error("Error: Write operations not enabled for this profile. Re-login with 'kontexted login --alias <alias> --write' to enable write access.");
                 process.exit(1);
             }
-            const result = await executeCreateNote(client, profile.workspace, options.name, options.title, options.folderId, options.content);
+            const result = await executeCreateNote(apiClient, profile.workspace, options.name, options.title, options.folderId, options.content);
             displayResult(result);
         }
         catch (error) {
@@ -300,18 +269,12 @@ export function registerSkillCommand(program) {
         .requiredOption("--content <content>", "New content for the note")
         .action(async (options) => {
         try {
-            const client = await createApiClient(options.alias);
-            const config = await readConfig();
-            const profile = getProfile(config, options.alias);
-            if (!profile) {
-                console.error(`Profile not found: ${options.alias}. Run 'kontexted login' first.`);
-                process.exit(1);
-            }
+            const { client: apiClient, profile } = await createApiClient(options.alias);
             if (!profile.write) {
                 console.error("Error: Write operations not enabled for this profile. Re-login with 'kontexted login --alias <alias> --write' to enable write access.");
                 process.exit(1);
             }
-            const result = await executeUpdateNoteContent(client, profile.workspace, options.noteId, options.content);
+            const result = await executeUpdateNoteContent(apiClient, profile.workspace, options.noteId, options.content);
             displayResult(result);
         }
         catch (error) {

package/dist/commands/sync/force-pull.js

@@ -1,11 +1,9 @@
 import fs from "node:fs/promises";
 import path from "node:path";
-import { readConfig, writeConfig } from "../../lib/config.js";
-import { getProfile } from "../../lib/profile.js";
-import { ApiClient } from "../../lib/api-client.js";
 import { ensureDirectoryExists, formatMarkdown, computeFilePath } from "../../lib/sync/utils.js";
 import { sha256 } from "../../lib/sync/crypto.js";
-import { findSyncDir, loadSyncConfig, loadSyncState, saveSyncState, validateProfile, } from "../../lib/sync/command-utils.js";
+import { createAuthenticatedClient } from "../../lib/sync/auth-utils.js";
+import { findSyncDir, loadSyncConfig, loadSyncState, saveSyncState, } from "../../lib/sync/command-utils.js";
 /**
  * Prompt user for confirmation
  */
@@ -34,13 +32,26 @@ export async function handler(argv) {
     // Step 2: Load sync config
     console.log("Loading sync configuration...");
     const syncConfig = await loadSyncConfig(syncDir);
-    // Step 3: Determine profile to use
+    // Step 3: Authenticate and create API client
     const profileAlias = argv.alias || syncConfig.alias;
-    // Step 4: Validate profile
-    console.log("Validating profile...");
-    const config = await readConfig();
-    const profile = validateProfile(config, profileAlias);
-    // Step 5: Warn about data loss if not forced
+    console.log(`Validating profile '${profileAlias}' and authenticating...`);
+    let apiClient;
+    let profile;
+    try {
+        const auth = await createAuthenticatedClient(profileAlias);
+        apiClient = auth.client;
+        profile = auth.profile;
+    }
+    catch (error) {
+        if (error instanceof Error) {
+            console.error(`\nError: ${error.message}`);
+        }
+        else {
+            console.error("\nError: Failed to authenticate. Please run 'kontexted login'...");
+        }
+        process.exit(1);
+    }
+    // Step 4: Warn about data loss if not forced
     if (!argv.force) {
         console.log("\n⚠️  WARNING: This will overwrite ALL local files with remote versions.");
         console.log("   Any local changes that don't exist on the server will be LOST.");
@@ -51,18 +62,7 @@ export async function handler(argv) {
             return;
         }
     }
-    // Step 6: Create API client
-    console.log("Connecting to server...");
-    const apiClient = new ApiClient(profile.serverUrl, profile.oauth, async () => {
-        // Update config with refreshed tokens
-        const updatedConfig = await readConfig();
-        const updatedProfile = getProfile(updatedConfig, profileAlias);
-        if (updatedProfile) {
-            updatedProfile.oauth = profile.oauth;
-            await writeConfig(updatedConfig);
-        }
-    });
-    // Step 7: Fetch all notes from server
+    // Step 6: Fetch all notes from server
     console.log("Fetching remote notes...");
     let response;
     try {

package/dist/commands/sync/force-push.js

@@ -1,10 +1,8 @@
 import fs from "node:fs/promises";
 import path from "node:path";
-import { readConfig, writeConfig } from "../../lib/config.js";
-import { getProfile } from "../../lib/profile.js";
-import { ApiClient } from "../../lib/api-client.js";
 import { parseMarkdown } from "../../lib/sync/utils.js";
-import { findSyncDir, loadSyncConfig, loadSyncState, validateProfile, } from "../../lib/sync/command-utils.js";
+import { createAuthenticatedClient } from "../../lib/sync/auth-utils.js";
+import { findSyncDir, loadSyncConfig, loadSyncState, } from "../../lib/sync/command-utils.js";
 /**
  * Handler for the sync force-push command
  */
@@ -14,15 +12,27 @@ export async function handler(argv) {
     console.log("Finding sync directory...");
     const syncDir = await findSyncDir(cwd, argv.dir);
     console.log(`Using sync directory: ${syncDir}`);
-    // Step 2: Load sync config
+    // Step 2: Load sync config (includes alias)
     console.log("Loading sync configuration...");
     const syncConfig = await loadSyncConfig(syncDir);
-    // Step 3: Determine profile to use
-    const profileAlias = argv.alias || syncConfig.alias;
-    // Step 4: Validate profile
-    console.log("Validating profile...");
-    const config = await readConfig();
-    const profile = validateProfile(config, profileAlias);
+    // Step 3: Authenticate and create API client
+    console.log("Validating profile and authenticating...");
+    let apiClient;
+    let profile;
+    try {
+        const auth = await createAuthenticatedClient(syncConfig.alias);
+        apiClient = auth.client;
+        profile = auth.profile;
+    }
+    catch (error) {
+        if (error instanceof Error) {
+            console.error(`\nError: ${error.message}`);
+        }
+        else {
+            console.error("\nError: Failed to authenticate. Please run 'kontexted login'...");
+        }
+        process.exit(1);
+    }
     // Step 5: Warn about data loss if not forced
     if (!argv.force) {
         console.log("\n⚠️  WARNING: This will overwrite ALL remote notes with local versions.");
@@ -34,18 +44,7 @@ export async function handler(argv) {
             return;
         }
     }
-    // Step 6: Create API client
-    console.log("Connecting to server...");
-    const apiClient = new ApiClient(profile.serverUrl, profile.oauth, async () => {
-        // Update config with refreshed tokens
-        const updatedConfig = await readConfig();
-        const updatedProfile = getProfile(updatedConfig, profileAlias);
-        if (updatedProfile) {
-            updatedProfile.oauth = profile.oauth;
-            await writeConfig(updatedConfig);
-        }
-    });
-    // Step 7: Load sync state
+    // Step 6: Load sync state
     let state = await loadSyncState(syncDir);
     if (state === null) {
         state = { files: {}, folders: {}, lastFullSync: null, version: 1 };

package/dist/commands/sync/init.js

@@ -1,11 +1,11 @@
 import { mkdir, readFile, writeFile } from "node:fs/promises";
 import { join } from "node:path";
-import { readConfig, writeConfig } from "../../lib/config.js";
+import { readConfig } from "../../lib/config.js";
 import { getProfile, profileExists } from "../../lib/profile.js";
-import { ApiClient } from "../../lib/api-client.js";
+import { createAuthenticatedClient } from "../../lib/sync/auth-utils.js";
+import { logDebug } from "../../lib/logger.js";
 import { sha256 } from "../../lib/sync/crypto.js";
 import { updateGitignore, formatMarkdown, ensureDirectoryExists } from "../../lib/sync/utils.js";
-import { logDebug } from "../../lib/logger.js";
 import Database from "better-sqlite3";
 // ============ Yargs Command Module ============
 export const command = "init";
@@ -45,13 +45,13 @@ export const handler = async (argv) => {
         console.error("Error: --alias is required");
         process.exit(1);
     }
-    const config = await readConfig();
+    let config = await readConfig();
     if (!profileExists(config, alias)) {
         console.error(`Error: Profile alias '${alias}' not found.`);
         console.error("Run 'kontexted login' to add a profile first.");
         process.exit(1);
     }
-    const profile = getProfile(config, alias);
+    let profile = getProfile(config, alias);
     // Step 2: Determine workspace
     const workspaceSlug = argv.workspace || profile.workspace;
     if (!workspaceSlug) {
@@ -84,15 +84,22 @@ export const handler = async (argv) => {
     initializeQueueDatabase(queueDbPath);
     // Step 6: Create API client and fetch workspace data
     console.log("Fetching workspace data from server...");
-    const apiClient = new ApiClient(profile.serverUrl, profile.oauth, async () => {
-        // The ApiClient already updates this.oauth.tokens which references the same object
-        // as profile.oauth, so profile.oauth.tokens should have the new tokens.
-        // We just need to persist the config with the updated oauth state.
-        logDebug("[SYNC INIT] Persist callback called, saving tokens...");
-        logDebug(`[SYNC INIT] Current access token: ${apiClient.getOAuth().tokens?.access_token?.substring(0, 20)}...`);
-        await writeConfig(config);
-        logDebug("[SYNC INIT] Tokens saved successfully");
-    });
+    let apiClient;
+    try {
+        const auth = await createAuthenticatedClient(alias);
+        apiClient = auth.client;
+        profile = auth.profile;
+        config = auth.config;
+    }
+    catch (error) {
+        if (error instanceof Error) {
+            console.error(`\nError: ${error.message}`);
+        }
+        else {
+            console.error("\nError: Failed to authenticate. Please run 'kontexted login'...");
+        }
+        process.exit(1);
+    }
     let pullResponse;
     try {
         const response = await apiClient.get(`/api/sync/pull?workspaceSlug=${encodeURIComponent(workspaceSlug)}`);

package/dist/commands/sync/start.js

@@ -1,10 +1,8 @@
 import fs from "node:fs/promises";
 import path from "node:path";
-import { readConfig, writeConfig } from "../../lib/config.js";
-import { getProfile } from "../../lib/profile.js";
-import { ApiClient } from "../../lib/api-client.js";
 import { SyncEngine } from "../../lib/sync/sync-engine.js";
-import { findSyncDir, loadSyncConfig, validateProfile, daemonize, isDaemonChild, watchDaemonLog, clearDaemonPid, } from "../../lib/sync/command-utils.js";
+import { createAuthenticatedClient } from "../../lib/sync/auth-utils.js";
+import { findSyncDir, loadSyncConfig, daemonize, isDaemonChild, watchDaemonLog, clearDaemonPid, } from "../../lib/sync/command-utils.js";
 /**
  * Setup console logging to file in daemon mode
  */
@@ -108,26 +106,31 @@ export async function handler(argv) {
     // Step 2: Load sync config
     console.log("Loading sync configuration...");
     const syncConfig = await loadSyncConfig(syncDir);
-    // Step 3: Validate profile
-    console.log("Validating profile...");
-    const config = await readConfig();
-    const profile = validateProfile(config, syncConfig.alias);
-    // Step 4: Create API client
-    const apiClient = new ApiClient(profile.serverUrl, profile.oauth, async () => {
-        // Update config with refreshed tokens
-        const updatedConfig = await readConfig();
-        const updatedProfile = getProfile(updatedConfig, syncConfig.alias);
-        if (updatedProfile) {
-            updatedProfile.oauth = profile.oauth;
-            await writeConfig(updatedConfig);
+    // Step 3: Authenticate and create API client
+    console.log("Validating profile and authenticating...");
+    let apiClient;
+    let profile;
+    try {
+        const auth = await createAuthenticatedClient(syncConfig.alias);
+        apiClient = auth.client;
+        profile = auth.profile;
+    }
+    catch (error) {
+        if (error instanceof Error) {
+            console.error(`\nError: ${error.message}`);
         }
-    });
+        else {
+            console.error("\nError: Failed to authenticate. Please run 'kontexted login'...");
+        }
+        process.exit(1);
+    }
     // Test API connection
     try {
         const response = await apiClient.get(`/api/sync/pull?workspaceSlug=${encodeURIComponent(syncConfig.workspaceSlug)}`);
         if (!response.ok) {
+            // 401 should not happen here since we already validated, but handle just in case
             if (response.status === 401) {
-                console.error("\nError: Authentication failed. Please run 'kontexted login' to re-authenticate.");
+                console.error("\nError: Authentication failed unexpectedly. Please try 'kontexted login'...");
                 process.exit(1);
             }
             const errorText = await response.text();

package/dist/index.js

@@ -1,4 +1,7 @@
 #!/usr/bin/env node
+import { readFileSync } from "node:fs";
+import { fileURLToPath } from "node:url";
+import { dirname, join } from "node:path";
 import { Command } from "commander";
 import { registerLoginCommand } from "./commands/login.js";
 import { registerLogoutCommand } from "./commands/logout.js";
@@ -7,11 +10,14 @@ import { registerMcpCommand } from "./commands/mcp.js";
 import { registerSkillCommand } from "./commands/skill.js";
 import { registerServerCommand } from "./commands/server/index.js";
 import { registerSyncCommand } from "./commands/sync/index.js";
+// Read version from package.json
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const packageJson = JSON.parse(readFileSync(join(__dirname, "..", "package.json"), "utf-8"));
 const program = new Command();
 program
     .name("kontexted")
     .description("CLI tool for Kontexted - MCP proxy and workspace management")
-    .version("0.1.0");
+    .version(packageJson.version);
 // Register subcommands
 registerLoginCommand(program);
 registerLogoutCommand(program);

package/dist/lib/api-client.d.ts

@@ -29,7 +29,7 @@ export declare class ApiClient {
      * Refresh the access token using the refresh token
      * @returns true if refresh was successful, false otherwise
      */
-    private refreshToken;
+    refreshToken(): Promise<boolean>;
     /**
      * Make a GET request
      */

package/dist/lib/api-client.js

@@ -113,6 +113,10 @@ export class ApiClient {
                 return false;
             }
             const tokens = (await response.json());
+            // Calculate absolute expiry time if not provided by server
+            if (tokens.expires_in && !tokens.expires_at) {
+                tokens.expires_at = Math.floor(Date.now() / 1000) + tokens.expires_in;
+            }
             this.oauth.tokens = tokens;
             await this.persist();
             logDebug("[API CLIENT] Token refresh successful");

package/dist/lib/sync/auth-utils.d.ts

@@ -0,0 +1,16 @@
+import { ApiClient } from "../../lib/api-client.js";
+import type { Config, Profile } from "../../types/index.js";
+/**
+ * Create an authenticated API client with proper token validation and persistence.
+ * This utility ensures tokens are validated/refreshed before creating the client
+ * and uses deep copy to avoid reference issues when persisting tokens.
+ *
+ * @param profileAlias - The profile alias to authenticate with
+ * @returns Object containing the authenticated ApiClient, config, and profile
+ * @throws Error if profile not found or authentication expired
+ */
+export declare function createAuthenticatedClient(profileAlias: string): Promise<{
+    client: ApiClient;
+    config: Config;
+    profile: Profile;
+}>;

package/dist/lib/sync/auth-utils.js

@@ -0,0 +1,47 @@
+import { readConfig, writeConfig } from "../../lib/config.js";
+import { getProfile } from "../../lib/profile.js";
+import { ApiClient } from "../../lib/api-client.js";
+import { ensureValidTokens } from "../../lib/oauth.js";
+/**
+ * Create an authenticated API client with proper token validation and persistence.
+ * This utility ensures tokens are validated/refreshed before creating the client
+ * and uses deep copy to avoid reference issues when persisting tokens.
+ *
+ * @param profileAlias - The profile alias to authenticate with
+ * @returns Object containing the authenticated ApiClient, config, and profile
+ * @throws Error if profile not found or authentication expired
+ */
+export async function createAuthenticatedClient(profileAlias) {
+    // Read config and get profile
+    const config = await readConfig();
+    const profile = getProfile(config, profileAlias);
+    if (!profile) {
+        throw new Error(`Profile not found: ${profileAlias}`);
+    }
+    // Create a persist callback that uses deep copy to avoid reference issues
+    const createPersistCallback = () => {
+        return async () => {
+            const freshConfig = await readConfig();
+            const freshProfile = getProfile(freshConfig, profileAlias);
+            if (freshProfile) {
+                // DEEP COPY the tokens to avoid reference issues
+                // This is the fix for the persist callback bug
+                freshProfile.oauth = {
+                    ...profile.oauth,
+                    tokens: profile.oauth.tokens ? { ...profile.oauth.tokens } : undefined,
+                };
+                await writeConfig(freshConfig);
+            }
+        };
+    };
+    // Create a single persist callback to be reused
+    const persistCallback = createPersistCallback();
+    // Proactively validate/refresh tokens before creating the client
+    const tokensValid = await ensureValidTokens(profile.oauth, persistCallback, profile.serverUrl);
+    if (!tokensValid) {
+        throw new Error(`Authentication expired for ${profileAlias}. Run 'kontexted login --alias ${profileAlias}' to re-authenticate.`);
+    }
+    // Create the ApiClient with the same persist callback
+    const client = new ApiClient(profile.serverUrl, profile.oauth, persistCallback);
+    return { client, config, profile };
+}

package/dist/lib/sync/remote-listener.d.ts

@@ -29,6 +29,10 @@ export declare class RemoteListener {
      * Connect to SSE endpoint using fetch
      */
     private connect;
+    /**
+     * Handle SSE connection after successful response
+     */
+    private handleSSEConnection;
     /**
      * Process the SSE stream
      */

package/dist/lib/sync/remote-listener.js

@@ -42,29 +42,52 @@ export class RemoteListener {
         }
         const url = `${this.apiClient.baseUrl}/api/sync/events?workspaceSlug=${encodeURIComponent(this.workspaceSlug)}`;
         this.abortController = new AbortController();
+        // Get fresh token before connecting
+        let accessToken = this.apiClient.getAccessToken();
+        if (!accessToken) {
+            console.error("[RemoteListener] No access token available");
+            this.handleReconnect();
+            return;
+        }
         try {
             const response = await fetch(url, {
                 method: "GET",
                 headers: {
                     "Accept": "text/event-stream",
-                    "Authorization": `Bearer ${this.apiClient.getAccessToken()}`,
+                    "Authorization": `Bearer ${accessToken}`,
                 },
                 signal: this.abortController.signal,
             });
             if (!response.ok) {
                 if (response.status === 401) {
-                    console.error("[RemoteListener] Authentication failed. Token may be expired.");
+                    console.warn("[RemoteListener] Token expired, attempting to refresh...");
+                    // Attempt to refresh the token via ApiClient
+                    const refreshed = await this.apiClient.refreshToken();
+                    if (refreshed) {
+                        // Retry the connection with the new token
+                        const newToken = this.apiClient.getAccessToken();
+                        if (newToken) {
+                            console.log("[RemoteListener] Token refreshed, retrying connection...");
+                            const retryResponse = await fetch(url, {
+                                method: "GET",
+                                headers: {
+                                    "Accept": "text/event-stream",
+                                    "Authorization": `Bearer ${newToken}`,
+                                },
+                                signal: this.abortController.signal,
+                            });
+                            if (retryResponse.ok) {
+                                // Success on retry - handle SSE connection
+                                await this.handleSSEConnection(retryResponse);
+                                return;
+                            }
+                        }
+                    }
+                    console.error("[RemoteListener] Authentication failed after refresh attempt.");
                 }
                 throw new Error(`SSE connection failed: ${response.status}`);
             }
-            if (!response.body) {
-                throw new Error("No response body");
-            }
-            // Reset reconnect attempts on successful connection
-            this.reconnectAttempts = 0;
-            console.log("[RemoteListener] Connected to SSE");
-            // Process the stream
-            await this.processStream(response.body);
+            await this.handleSSEConnection(response);
         }
         catch (error) {
             if (error instanceof Error && error.name === "AbortError") {
@@ -75,6 +98,19 @@ export class RemoteListener {
             this.handleReconnect();
         }
     }
+    /**
+     * Handle SSE connection after successful response
+     */
+    async handleSSEConnection(response) {
+        if (!response.body) {
+            throw new Error("No response body");
+        }
+        // Reset reconnect attempts on successful connection
+        this.reconnectAttempts = 0;
+        console.log("[RemoteListener] Connected to SSE");
+        // Process the stream
+        await this.processStream(response.body);
+    }
     /**
      * Process the SSE stream
      */

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "kontexted",
-  "version": "0.1.14",
+  "version": "0.1.16",
   "description": "CLI tool for Kontexted - MCP proxy, workspaces management, and local server",
   "type": "module",
   "bin": {
@@ -48,8 +48,8 @@
     "typescript": "^5.6.0"
   },
   "optionalDependencies": {
-    "@kontexted/darwin-arm64": "0.1.14",
-    "@kontexted/linux-x64": "0.1.14",
-    "@kontexted/windows-x64": "0.1.14"
+    "@kontexted/darwin-arm64": "0.1.16",
+    "@kontexted/linux-x64": "0.1.16",
+    "@kontexted/windows-x64": "0.1.16"
   }
 }