After device-code login, packages/core/src/auth.ts stores refreshToken/expiresAt but OpZeroClient (client.ts:30) only reads creds.token → silent 401s after the 1h access-token TTL. Wire a refresh (POST /oauth/token grant_type=refresh_token) on near-expiry / on 401.
After device-code login,
packages/core/src/auth.tsstoresrefreshToken/expiresAtbutOpZeroClient(client.ts:30) only readscreds.token→ silent 401s after the 1h access-token TTL. Wire a refresh (POST/oauth/tokengrant_type=refresh_token) on near-expiry / on 401.