Context
PR #1881 added opencli auth refresh with best-effort touched status and optional adapter refresh hooks.
Today refreshed is effectively unreachable unless a future site-specific refresh hook returns it. We need generic/adapter-level diagnostics that can compare safe cookie expiry metadata without exposing cookie values.
Goal
Make refreshed meaningful when refresh visibly extends session expiry.
Requirements
- Never output cookie/token/session values.
- Only expose safe timestamps/metadata such as
cookie_expiry_before / cookie_expiry_after when available.
- Preserve
touched as best-effort success when expiry is opaque or unchanged.
- Keep
not_logged_in / error from updating last_touched_at.
- Prefer adapter hooks where generic cookie expiry is not reliable.
Validation
- Unit tests for
refreshed vs touched classification.
- Real-site spot check with @opencli-user when implemented.
Follow-up from PR #1881 / thread #OpenCLI:7bbdfcd2.
Context
PR #1881 added
opencli auth refreshwith best-efforttouchedstatus and optional adapter refresh hooks.Today
refreshedis effectively unreachable unless a future site-specific refresh hook returns it. We need generic/adapter-level diagnostics that can compare safe cookie expiry metadata without exposing cookie values.Goal
Make
refreshedmeaningful when refresh visibly extends session expiry.Requirements
cookie_expiry_before/cookie_expiry_afterwhen available.touchedas best-effort success when expiry is opaque or unchanged.not_logged_in/errorfrom updatinglast_touched_at.Validation
refreshedvstouchedclassification.Follow-up from PR #1881 / thread #OpenCLI:7bbdfcd2.