From aedf4ce328fcac8c5fbadfff3c52a26025c585ad Mon Sep 17 00:00:00 2001
From: Peter Steinberger <steipete@gmail.com>
Date: Tue, 20 Jan 2026 09:31:24 +0000
Subject: [PATCH] fix: treat OAuth refresh failures as auth errors (#1261)
 (thanks @zknicker)

Co-authored-by: Zach Knickerbocker <zknicker@users.noreply.github.com>
---
 CHANGELOG.md                                             | 1 +
 .../pi-embedded-helpers.isautherrormessage.test.ts       | 9 +++++++++
 src/agents/pi-embedded-helpers/errors.ts                 | 2 ++
 3 files changed, 12 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6d38fd047..1f4861956 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ Docs: https://docs.clawd.bot
 
 ### Fixes
 - Web search: infer Perplexity base URL from API key source (direct vs OpenRouter).
+- Agents: treat OAuth refresh failures as auth errors to trigger model fallback. (#1261) — thanks @zknicker.
 - TUI: keep thinking blocks ordered before content during streaming and isolate per-run assembly. (#1202) — thanks @aaronveklabs.
 - CLI: avoid duplicating --profile/--dev flags when formatting commands.
 
diff --git a/src/agents/pi-embedded-helpers.isautherrormessage.test.ts b/src/agents/pi-embedded-helpers.isautherrormessage.test.ts
index ff5633305..160054b11 100644
--- a/src/agents/pi-embedded-helpers.isautherrormessage.test.ts
+++ b/src/agents/pi-embedded-helpers.isautherrormessage.test.ts
@@ -19,6 +19,15 @@ describe("isAuthErrorMessage", () => {
       expect(isAuthErrorMessage(sample)).toBe(true);
     }
   });
+  it("matches OAuth refresh failures", () => {
+    const samples = [
+      "OAuth token refresh failed for anthropic: Failed to refresh OAuth token for anthropic. Please try again or re-authenticate.",
+      "Please re-authenticate to continue.",
+    ];
+    for (const sample of samples) {
+      expect(isAuthErrorMessage(sample)).toBe(true);
+    }
+  });
   it("ignores unrelated errors", () => {
     expect(isAuthErrorMessage("rate limit exceeded")).toBe(false);
     expect(isAuthErrorMessage("billing issue detected")).toBe(false);
diff --git a/src/agents/pi-embedded-helpers/errors.ts b/src/agents/pi-embedded-helpers/errors.ts
index 4d3dbfde5..ad287fa02 100644
--- a/src/agents/pi-embedded-helpers/errors.ts
+++ b/src/agents/pi-embedded-helpers/errors.ts
@@ -328,6 +328,8 @@ const ERROR_PATTERNS = {
     "incorrect api key",
     "invalid token",
     "authentication",
+    "re-authenticate",
+    "oauth token refresh failed",
     "unauthorized",
     "forbidden",
     "access denied",