Objective: allow MCP Remote to renew OAuth access tokens automatically before expiry, ensuring users don’t get interrupted in long-running sessions. Tests mock all collaborators to validate scheduler decisions (expiring soon, lock contention, failure backoff) and the new helper functions; full CLI/proxy behavior was verified manually since Node tooling isn’t available in this environment.

- add token_state.json, server.json, and refresh_lock.json plumbing in src/lib/mcp-auth-config.ts so we can track issued/expiry timestamps, remember which servers exist, and coordinate background refreshes without overloading the existing OAuth files (which must stay spec-compliant)
- introduce TokenRefreshManager plus supporting CLI flags; it discovers every server hash with tokens, respects per-server locks/backoff, invokes the SDK’s refresh grant, and logs timing/expiry info so long-running proxies don’t require browser re-auth
- extend NodeOAuthClientProvider.saveTokens() to persist derived timing metadata, invalidate it alongside tokens, and keep tokens.json untouched for compatibility
- wire the manager into both CLI and proxy entrypoints (default on, opt-out via --disable-auto-refresh), persist server registrations during argument parsing, and document the new flags in the README so headless deployments behave predictably
- add unit tests (src/lib/token-refresh-manager.test.ts) that mock disk IO and SDK calls to cover refresh-trigger logic, locking, and backoff, and mirror the repo’s logging/test-style conventions
- enhanced debug logging now prints human-readable timestamps plus remaining durations whenever the refresh window is evaluated