Bounty: $45 (LT)
Area: frontend/src/services/api.ts
Current state: The API client has retry plumbing, but token refresh is still a TODO and concurrent 401 responses can trigger duplicated refresh work or leave callers with inconsistent auth state.
What is needed: Implement a guarded token refresh flow that deduplicates concurrent refresh attempts and retries the original request once after a successful refresh.
Acceptance criteria:
- Add a single-flight refresh guard so multiple simultaneous 401 responses share one refresh operation.
- Retry the original request exactly once after refresh succeeds, preserving method, headers, and body.
- Clear auth state and surface a typed authentication error when refresh fails.
- Avoid retrying unsafe loops when the refresh endpoint itself returns 401/403.
- Add unit coverage or an executable test fixture for concurrent 401s, refresh failure, and successful retry.
Required validation:
- Run python3 build.py
- Include the generated diagnostic .logd artifact from diagnostic/build-XXX.logd in the PR; also include diagnostic/build-XXX.json if present
- Use .github/pull_request_template.md for your submission
Bounty: $45 (LT)
Area: frontend/src/services/api.ts
Current state: The API client has retry plumbing, but token refresh is still a TODO and concurrent 401 responses can trigger duplicated refresh work or leave callers with inconsistent auth state.
What is needed: Implement a guarded token refresh flow that deduplicates concurrent refresh attempts and retries the original request once after a successful refresh.
Acceptance criteria:
Required validation: