User reports Ava / Claude-code auth requires re-login too often. Investigate runtime logs and auth code paths for token refresh behavior and possible Anthropic API changes. Check Ava logs, Omni/Agent/Auth.hs refresh flow, and compare with pi-mono reference implementation if needed.
Investigated ava logs and auth code. Evidence in journal: repeated claude-oauth failures at 2026-04-12 07:27 with HTTP 401 authentication_error message 'Invalid authentication credentials' and no refresh attempt (Ava fell back to OpenRouter until manual /login). Root cause: Omni/Agent/Provider.hs only attempted refresh when 401 body contained literal 'OAuth token has expired'. Also Ava token loading bypassed Auth.getValidToken refresh path by reading auth.json directly. Compared with pi-mono reference in /home/ben/src/badlogic/pi-mono/packages/ai/src/utils/oauth/anthropic.ts; recent implementation uses updated OAuth flow and more robust auth handling patterns. Implemented fix in commit e5672cca: refresh once on any Anthropic OAuth 401, retry with fresh token, add Claude CLI-style headers on refresh POST, and use Auth.getValidToken in Ava token loading before raw-file fallback. Validation: typecheck.sh Omni/Agent/Provider.hs, typecheck.sh Omni/Ava/Telegram/Bot.hs, lint both files, bild --test Omni/Agent/Provider.hs, bild --test Omni/Ava/Telegram/Bot.hs all pass.