From d0c8f68840052e6dcc320b14fe5570a914301a54 Mon Sep 17 00:00:00 2001
From: Xian Zhang <xanzh@microsoft.com>
Date: Wed, 25 Feb 2026 18:59:23 +0800
Subject: [PATCH] fix: auto re-authenticate when stored GitHub token returns
 401

When the stored GitHub token becomes invalid (expired or revoked),
the API call to verify the user returns 401 Bad Credentials. Previously
this caused the server to crash with an unhandled error.

Now the invalid token is automatically cleared and the device code
authentication flow is triggered, so the user can re-authenticate
without manually deleting the token file.
---
 src/lib/token.ts | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/src/lib/token.ts b/src/lib/token.ts
index fc8d2785..d4083c62 100644
--- a/src/lib/token.ts
+++ b/src/lib/token.ts
@@ -57,9 +57,22 @@ export async function setupGitHubToken(
       if (state.showToken) {
         consola.info("GitHub token:", githubToken)
       }
-      await logUser()
 
-      return
+      try {
+        await logUser()
+        return
+      } catch (error) {
+        // If the stored token is invalid (401), clear it and fall through to re-auth
+        if (error instanceof HTTPError && error.response.status === 401) {
+          consola.warn(
+            "Stored GitHub token is invalid, re-authenticating...",
+          )
+          state.githubToken = ""
+          await fs.unlink(PATHS.GITHUB_TOKEN_PATH).catch(() => {})
+        } else {
+          throw error
+        }
+      }
     }
 
     consola.info("Not logged in, getting new access token")