fix: clean up runtime UI and harden session expiry handling

Remove redundant "X/X LIVE" badge from runtime page, breadcrumb trail
and routes section from agent detail page (pills moved into Process
Information card). Fix session expiry: guard against concurrent 401
refresh races and skip re-entrant triggers on auth endpoints.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

ui/src/api/client.ts

@@ -6,6 +6,7 @@ import { useAuthStore } from '../auth/auth-store';
 let getAccessToken: () => string | null = () =>
   useAuthStore.getState().accessToken;
 let onUnauthorized: () => void = () => {};
+let refreshing: Promise<void> | null = null;
 
 export function configureAuth(opts: {
   getAccessToken?: () => string | null;
@@ -24,9 +25,19 @@ const authMiddleware: Middleware = {
     request.headers.set('X-Cameleer-Protocol-Version', '1');
     return request;
   },
-  async onResponse({ response }) {
+  async onResponse({ request, response }) {
     if (response.status === 401 || response.status === 403) {
-      onUnauthorized();
+      // Don't re-trigger for auth endpoints (refresh/login) to avoid loops
+      const url = new URL(request.url);
+      if (url.pathname.endsWith('/auth/refresh') || url.pathname.endsWith('/auth/login')) {
+        return response;
+      }
+      // Coalesce concurrent 401s into a single refresh attempt
+      if (!refreshing) {
+        refreshing = (async () => {
+          try { onUnauthorized(); } finally { refreshing = null; }
+        })();
+      }
     }
     return response;
   },