fix(claude-code): stop frequent sign-ins by hardening OAuth refresh

[hannesrudolph]

Why

Users are being prompted to sign in to Claude Code (“Not authenticated with Claude Code”) roughly daily.

Root cause

Claude Code’s OAuth refresh response can legitimately omit refresh_token (common OAuth behavior). We treated it as required, so refresh parsing could fail and we’d clear stored auth, forcing a full re-login.

Fix

• Preserve the existing refresh token when the refresh response omits refresh_token
• Don’t clear stored credentials for transient refresh failures (network/5xx); only clear for clearly-invalid refresh tokens (e.g. invalid_grant)
• If a request fails due to auth, force-refresh once and retry the request
• Route [claude-code-oauth] logs to the Roo Code output channel for better diagnostics

Tests

cd src
npx vitest run api/providers/__tests__/claude-code.spec.ts integrations/claude-code/__tests__/oauth.spec.ts

Note

We can’t extend the server-issued token TTL; this PR prevents unnecessary sign-outs by making refresh handling resilient.

[roomote]

Oroocle   Follow along on Roo Cloud

Review complete. No remaining issues.

• Test: restore global.fetch after mocking to avoid leaking state across tests

Previous reviews

• 88c3fbf: Review #1
• f40f3dc: Review #2

_{Mention @roomote in a comment to request specific changes to this pull request or fix all unresolved issues.}

[mrubens]

This while true is a little scary - I don’t follow all of the logic, but I’m worried about a tight loop that keeps retrying.

[hannesrudolph]

@roomote fix it

[roomote]

Fixaroo   See task on Roo Cloud

Refactored the while (true) loop to a bounded for loop that clearly shows the retry limit (max 2 attempts). All tests passed.

_{View commit | Revert commit}