fix: treat OAuth refresh failures as auth errors (#1261) (thanks @zknicker)

Co-authored-by: Zach Knickerbocker <zknicker@users.noreply.github.com>

CHANGELOG.md

@@ -9,6 +9,7 @@ Docs: https://docs.clawd.bot
 
 ### Fixes
 - Web search: infer Perplexity base URL from API key source (direct vs OpenRouter).
+- Agents: treat OAuth refresh failures as auth errors to trigger model fallback. (#1261) — thanks @zknicker.
 - TUI: keep thinking blocks ordered before content during streaming and isolate per-run assembly. (#1202) — thanks @aaronveklabs.
 - CLI: avoid duplicating --profile/--dev flags when formatting commands.
 

src/agents/pi-embedded-helpers.isautherrormessage.test.ts

@@ -19,6 +19,15 @@ describe("isAuthErrorMessage", () => {
       expect(isAuthErrorMessage(sample)).toBe(true);
     }
   });
+  it("matches OAuth refresh failures", () => {
+    const samples = [
+      "OAuth token refresh failed for anthropic: Failed to refresh OAuth token for anthropic. Please try again or re-authenticate.",
+      "Please re-authenticate to continue.",
+    ];
+    for (const sample of samples) {
+      expect(isAuthErrorMessage(sample)).toBe(true);
+    }
+  });
   it("ignores unrelated errors", () => {
     expect(isAuthErrorMessage("rate limit exceeded")).toBe(false);
     expect(isAuthErrorMessage("billing issue detected")).toBe(false);

src/agents/pi-embedded-helpers/errors.ts

@@ -328,6 +328,8 @@ const ERROR_PATTERNS = {
     "incorrect api key",
     "invalid token",
     "authentication",
+    "re-authenticate",
+    "oauth token refresh failed",
     "unauthorized",
     "forbidden",
     "access denied",