From a4020df6279f6e32dae43204f86fa9db3344de95 Mon Sep 17 00:00:00 2001
From: Kieran Klukas <kieran@dunkirk.sh>
Date: Tue, 5 May 2026 16:04:53 -0400
Subject: [PATCH] fix(summarize): reauthenticate oauth tokens when used to
 summarize

---
 internal/agent/coordinator.go | 33 ++++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/internal/agent/coordinator.go b/internal/agent/coordinator.go
index 0050299b8bef46d95a2ec4a5913043917f7b056f..c4c1b6e6204dca3fd1e13c5ef304daf8c889cdbb 100644
--- a/internal/agent/coordinator.go
+++ b/internal/agent/coordinator.go
@@ -961,7 +961,38 @@ func (c *coordinator) Summarize(ctx context.Context, sessionID string) error {
 	if !ok {
 		return errModelProviderNotConfigured
 	}
-	return c.currentAgent.Summarize(ctx, sessionID, getProviderOptions(c.currentAgent.Model(), providerCfg))
+
+	// Proactively refresh OAuth token if expired, same as Run().
+	if providerCfg.OAuthToken != nil && providerCfg.OAuthToken.IsExpired() {
+		slog.Debug("Token needs to be refreshed before summarize", "provider", providerCfg.ID)
+		if err := c.refreshOAuth2Token(ctx, providerCfg); err != nil {
+			slog.Error("Failed to refresh OAuth2 token before summarize. Proceeding with existing token.", "error", err)
+		}
+	}
+
+	summarize := func() error {
+		return c.currentAgent.Summarize(ctx, sessionID, getProviderOptions(c.currentAgent.Model(), providerCfg))
+	}
+
+	err := summarize()
+	if err != nil && c.isUnauthorized(err) {
+		switch {
+		case providerCfg.OAuthToken != nil:
+			slog.Debug("Received 401 during summarize. Refreshing token and retrying", "provider", providerCfg.ID)
+			if refreshErr := c.refreshOAuth2Token(ctx, providerCfg); refreshErr != nil {
+				return err
+			}
+			return summarize()
+		case strings.Contains(providerCfg.APIKeyTemplate, "$"):
+			slog.Debug("Received 401 during summarize. Refreshing API Key template and retrying", "provider", providerCfg.ID)
+			if refreshErr := c.refreshApiKeyTemplate(ctx, providerCfg); refreshErr != nil {
+				return err
+			}
+			return summarize()
+		}
+	}
+
+	return err
 }
 
 func (c *coordinator) isUnauthorized(err error) bool {