fix: claude auth expiry warning — correct field name and smarter threshold

- Fix 'undefined' in auth banner: read access_token_hours_remaining (not hours_remaining)
- Fix false-positive warning on fresh tokens: when refresh token present, only warn
  within 1 hour of expiry (not 24h) since the CLI should auto-rotate but sometimes misses
- Emit claude_auth_expired SSE event on 401 so UI shows inline red banner immediately
- app.js: handle claude_auth_expired SSE event with persistent top banner + dismiss button

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

cortex/llm_client.py

@@ -4,6 +4,7 @@ import os
 import signal
 import subprocess
 from config import settings
+import event_bus
 
 logger = logging.getLogger(__name__)
 
@@ -48,7 +49,10 @@ async def complete(
         response = await _dispatch(primary, system_prompt, messages, model)
         return response, primary
     except Exception as e:
+        err_str = str(e)
         logger.warning("%s failed (%s) — falling back to %s", primary, e, fallback)
+        if primary == "claude" and any(k in err_str for k in ("401", "authenticate", "expired", "OAuth")):
+            await event_bus.publish({"type": "claude_auth_expired"})
         response = await _dispatch(fallback, system_prompt, messages, None)
         return response, fallback