Skip to content

Keychain read failures are reported as expired-token errors #199

Description

@youhaowei

Summary

Clawpatch review flagged that packages/assistant/src/oauth/token-provider.ts appears to classify keychain read failures as expired-token errors. That can make credential-store failures look like ordinary token expiry, which weakens debugging and may trigger the wrong recovery path.

Observed Context

Risk

A storage/keychain access failure should remain distinguishable from an expired OAuth token. Collapsing these cases can hide platform/keychain problems and cause callers or UI flows to present misleading remediation.

Suggested Fix Direction

Audit the token-provider error path and preserve distinct error categories for:

  • expired or invalid OAuth token
  • keychain/storage read failure
  • missing token / unauthenticated state

Add focused tests that assert keychain read failures are not surfaced as token-expired errors.

Source

Reported by Clawpatch external review; not fixed in PR #197 because it is unrelated to the perception assembler/read-layer changes.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions