When the OAuth token is invalid/expired and refresh fails, the agent tries to do an interactive OAuth login. In headless/container mode this causes 'hGetLine: illegal operation (handle is closed)' and the agent crashes.
The agent should detect if stdin is not a terminal (isatty) and fail with a clear error message like 'OAuth token expired. Run agent --provider=claude-code login interactively to re-authenticate.'
Reproduction: 1. Run agentd run with an expired/invalid OAuth token 2. Agent tries to login, hangs waiting for stdin that doesn't exist 3. Crashes with 'handle is closed'