Problem
After an idle period, the first MCP tool call fails with a 401 Unauthorized error. The user sees the error and has to retry manually, wasting a round-trip.
Current Behavior
In pkg/adt/http.go, the transport already auto-retries on:
- 403 Forbidden — refreshes CSRF token and retries (line 136-144)
- 400 Session Timeout — clears session, re-authenticates, retries (line 164-175)
But 401 Unauthorized is returned directly to the caller with no retry (line 177).
Proposed Fix
Add 401 to the retry path — clear cached tokens/session, re-fetch CSRF token (which re-authenticates), and retry once. This follows the exact same pattern as the existing 400 session timeout handler.
Impact
- Single file change:
pkg/adt/http.go
- No breaking changes — only adds transparent retry before surfacing error
- Existing unit tests continue to pass
Problem
After an idle period, the first MCP tool call fails with a 401 Unauthorized error. The user sees the error and has to retry manually, wasting a round-trip.
Current Behavior
In
pkg/adt/http.go, the transport already auto-retries on:But 401 Unauthorized is returned directly to the caller with no retry (line 177).
Proposed Fix
Add 401 to the retry path — clear cached tokens/session, re-fetch CSRF token (which re-authenticates), and retry once. This follows the exact same pattern as the existing 400 session timeout handler.
Impact
pkg/adt/http.go