Problem
Google Docs (and likely other OAuth-based) connections show state: operational in one --agent list but fail with error code 2019 when actually used. The refresh token has expired but One CLI doesn't detect or report this.
Impact
Our diligence pipeline runs for 15+ minutes before hitting the Google Docs step at the end. When the connection is silently dead, the entire run's output (memo, charts, analysis) can't be published. We've hit this 3 times in one week.
Expected Behavior
one --agent list should show state: expired or state: needs_reauth when the refresh token is invalidone --agent actions execute should return a specific error: "OAuth refresh token expired. Run one add google-docs to re-authorize."- Ideally:
one --agent connection check <key> command that validates the token actually works (makes a lightweight API call)
Current Behavior
one --agent list → state: operational (misleading)one --agent actions execute → {"code": 2019, "key": "http_error", "message": "Connection not found"} (generic, doesn't mention OAuth)- No way to pre-validate a connection without actually executing an action
Workaround
We've added a pre-flight connection check at the start of our pipeline that creates a throwaway document. If it fails, the pipeline stops immediately. This wastes a Google Doc but saves 15 minutes.
Relates To
Google OAuth tokens expire after ~1 hour. The stored refresh token should auto-renew them. When the refresh token itself expires (6 months inactivity, re-auth of same account, consent revocation), One CLI should detect and surface this clearly.
Problem
Google Docs (and likely other OAuth-based) connections show
state: operationalinone --agent listbut fail with error code 2019 when actually used. The refresh token has expired but One CLI doesn't detect or report this.Impact
Our diligence pipeline runs for 15+ minutes before hitting the Google Docs step at the end. When the connection is silently dead, the entire run's output (memo, charts, analysis) can't be published. We've hit this 3 times in one week.
Expected Behavior
one --agent listshould showstate: expiredorstate: needs_reauthwhen the refresh token is invalidone --agent actions executeshould return a specific error: "OAuth refresh token expired. Runone add google-docsto re-authorize."one --agent connection check <key>command that validates the token actually works (makes a lightweight API call)Current Behavior
one --agent list→state: operational(misleading)one --agent actions execute→{"code": 2019, "key": "http_error", "message": "Connection not found"}(generic, doesn't mention OAuth)Workaround
We've added a pre-flight connection check at the start of our pipeline that creates a throwaway document. If it fails, the pipeline stops immediately. This wastes a Google Doc but saves 15 minutes.
Relates To
Google OAuth tokens expire after ~1 hour. The stored refresh token should auto-renew them. When the refresh token itself expires (6 months inactivity, re-auth of same account, consent revocation), One CLI should detect and surface this clearly.