All Agents Went Silent Simultaneously — Claude Code OAuth Token Expiry: Outage Analysis and Recovery

Root cause analysis of an extended-period outage and five prevention measures

Key Summary

  • Multiple agents connected to Telegram and Discord stopped responding simultaneously for an extended period — cause: Claude Code OAuth token expiry
  • This is not an isolated case — GitHub Issue #12447 has 24+ comments and 22+ upvotes; no official Anthropic response as of the time of filing
  • Mitigation: long-lived token via claude setup-token (1-year validity) + watchdog auth checks + remote re-authentication capability

Background

Operating multiple agents around the clock exposes infrastructure-level failures that are quieter and more destructive than code bugs.

In this incident, every agent connected to Telegram and Discord stopped responding at the same time. tmux sessions were alive and messages were being received, but all Claude API calls were failing silently.

The anomaly was only detected after an extended period had elapsed.

The root cause was straightforward: OAuth token expiry.

Analysis

1. Failure Timeline

Phase State
Outage onset All agents stop responding
Outage duration Extended period of undetected silence
Recovery claude /login re-authentication → full restart → restored

The symptoms appeared severe, but the cause was a single expired auth token.

2. Why This Happens

The default authentication method for Claude Code under a Max subscription is OAuth. The token TTL is 2–4 hours, and automatic refresh can silently fail.

When refresh fails, every active session loses authentication simultaneously.

Three structural weaknesses contribute to this:

  1. No expiry warning is issued before the token expires
  2. There is no way to query the token's remaining TTL
  3. All in-flight tasks are left in an incomplete state when expiry occurs

3. Community Reports — GitHub Issue Status

This failure mode has been widely reported on GitHub.

Issue Description Status
#12447 OAuth token expiry interrupts autonomous workflows 24+ comments, 22+ upvotes
#33811 Both login and logout return 401 after token expiry Open
#36911 Token expires multiple times per day Open
#19456 macOS Keychain permission error prevents refresh Open

No official Anthropic response exists as of the time these issues were filed.

4. Resolution: claude setup-token — Long-Lived Token

Claude Code provides a setup-token command that generates an OAuth token valid for one year.

claude setup-token

The generated token follows the format sk-ant-oat01-xxxxx and is applied via environment variable:

export CLAUDE_CODE_OAUTH_TOKEN=sk-ant-oat01-xxxxx

Prerequisites:

  1. A Claude Pro or Max subscription is required
  2. Token generation is CLI-only (not available in the Desktop app)
  3. The token must be stored securely

5. Claude Code Authentication Priority (Official Docs)

Claude Code resolves authentication in the following order. Select the method appropriate for your environment.

Priority Method Description
1 Cloud Provider Bedrock / Vertex / Foundry environment variables
2 ANTHROPIC_AUTH_TOKEN Bearer token (for LLM gateways)
3 ANTHROPIC_API_KEY Console API key
4 apiKeyHelper Dynamic / rotating credential script
5 OAuth (/login) Default for Pro / Max / Team / Enterprise subscribers

Priority 5 (OAuth) is the default. Any subscriber without explicit configuration lands here automatically — and this is the source of the expiry failure.

6. Prevention — Five Measures

After recovery, the following five controls were implemented to prevent recurrence.

  1. Run claude setup-token → set a long-lived auth token (1-year validity)

  2. Add an auth check to the watchdog → immediate alert on expiry detection

  3. /auth command → remotely verify authentication status from Telegram or Discord

  4. /login command → issue a remote re-authentication URL (mobile tap-to-authenticate)

  5. Claude Auth status on the dashboard → single-pane visibility into auth state across all agents

Architectural Implications

  • Authentication is a single point of failure (SPOF). When multiple agents share the same OAuth token, a single expiry takes down the entire fleet.

  • The industry-standard pattern is dual-key rotation. A Blue/Green approach — where the old and new keys are simultaneously valid for a short overlap — is the safe model. Claude Code does not support this natively, making the long-lived token the practical workaround.

  • Without a watchdog, outages go undetected. If there is no alert when an agent goes silent, an extended period of non-responsiveness can pass unnoticed. A watchdog with an auth check closes this gap.

Conclusion

Production automation systems fail. The measure of a resilient system is not whether failures occur, but whether recovery is fast and recurrence is structurally prevented. This incident demonstrates how an invisible dependency — authentication — can become the single point of failure for an entire fleet.

For anyone running Claude Code agents around the clock: claude setup-token is not optional.

Sources: - GitHub Issue #12447 — OAuth token expiration disrupts autonomous workflows - GitHub Issue #33811 — OAuth token expired, no recovery path - Claude Code Authentication Docs

댓글

댓글 쓰기

이 블로그의 인기 게시물

Agent Memory Engine (2/10) — Building an AI Agent Memory System with SQLite Alone

← 1/10 SQLite Memory Engine f… 📚 Series Index 3/10 memcore Completed → A memory engine that runs without daemons, without dependencies, anywhere 핵심 요약 This post covers how to design an AI agent memory engine (memcore) on a single-file SQLite backend. - Structure: 25 modules, ~6,464 lines, 22 DB tables - Principles: no daemon, single-file portability, no required external dependencies, host-agnostic - Core techniques: 4-layer hybrid search (topic · vector · FTS5 · LIKE), U-tag dialectic-based confidence evolution, ingestion-layer bias rejection rules What This Post Covers One approach to building AI agent memory without a server or cloud vector DB. Specifically: (1) the limitations of text-file-based memory, (2) vector DB alternatives compared and selection criteria, (3) how to layer search tiers, (4) how to evolve confidence scores over time, and (5) how to block biased memory accumulation at the ingestion stage. Design Principles: Why Single-File SQLite Text-file-based ...
Read more »

"ML Foundations (9/9) — PyTorch vs TensorFlow, and the Road to Local LLMs"

이미지
← 8/9 Deep Learning Architec… 📚 Series Index (series end) The final part. So far we've focused on models. Now we focus on the tools that actually run them . We'll lay out the philosophical difference between PyTorch and TensorFlow, and trace how Hugging Face transformers , llama.cpp , MLX , and Ollama built the bridge to running large language models on your own machine. By the end you should have the full mental model of "download a pretrained LLM and serve it locally." 0. Learning Objectives Explain the eager-vs-graph difference between PyTorch and TensorFlow. Explain, in graph terms, how autograd automates the backward pass. Use Hugging Face transformers ' AutoModel , AutoTokenizer , and pipeline abstractions. Describe llama.cpp's GGUF quantization, INT4 inference, and CPU-first flow. Describe Apple MLX's use of unified memory and how it differs from PyTorch. Run a local LLM with Ollama and call it through an OpenAI-compatible API. ...
Read more »

"RAG Core Study (14/26) — Evaluation Sets with RAGAS & DeepEval"

이미지
Series overview: Series index 📚 Series Index Without an evaluation set, every RAG improvement is a story, not evidence. RAG systems fail in more than one place: retrieval, context selection, answer generation, and grounding. That means "looks better" is not a metric. Part 14 explains how to build a golden dataset , how RAGAS and DeepEval fit into the workflow, and why teams must separate retrieval quality from answer quality if they want tuning decisions to hold up. 0. Prerequisites Part 13 reranking — system quality now depends on multi-stage ranking. Part 1 grounding — a correct-looking answer is not enough. Part 12 Hybrid — multiple retrieval settings need comparison on fixed data. 1. Learning Objectives Build a small but useful golden dataset for RAG. Distinguish retrieval metrics from answer metrics . Use RAGAS and DeepEval in the right roles. Avoid the common traps in judge-model-based evaluation. 2. 핵심 요약 An evaluation set for RAG is ...
Read more »

"ML Foundations (8/9) — Deep Learning Architectures: CNN, RNN, Attention"

이미지
← 7/9 Deep Learning Training 📚 Series Index 9/9 PyTorch vs TensorFlow → What did we keep adding on top of an MLP? Vision went CNN, sequences went RNN/LSTM, and eventually both converged on Attention and the Transformer. Each architecture is easier to remember if you read it as what it gave up to gain something else . This part is the one-line summary of the decisive inflection points: LeNet → AlexNet → ResNet → LSTM → Attention → Transformer. 0. Learning Objectives Explain why CNN's convolution, pooling, and weight sharing match images so well. Trace what got unblocked from LeNet → AlexNet → VGG → ResNet as depth grew. State BPTT for RNNs and the vanishing/exploding gradient problem. Write the LSTM gate equations (forget, input, output) with intuition. Write the attention formula in query/key/value form and the scaled dot-product variant. State the precise reasons Transformers replaced RNNs (parallelism + long-range dependencies). 1. 핵심 요약 CNN : weight sharin...
Read more »

"ML Foundations (7/9) — Deep Learning Training: Optimizers, Regularization, Initialization"

← 6/9 Neural Networks 📚 Series Index 8/9 Deep Learning Architec… → Building an MLP, as we did in Part 6, is not the same as getting it to train well . The right optimizer, regularization, initialization, and learning rate — when these line up, deep networks converge. When they don't, the network refuses to learn at all. This part is the catalog of those crafts, with formulas, paper citations, and code in one place. 0. Learning Objectives Compare and write the update rules for SGD, Momentum, Nesterov, and Adam. Explain how Dropout, BatchNorm, and LayerNorm work and where they belong in a model. Derive the variance formulas for Xavier and He initialization and match them to activations. Implement step, cosine, and warmup learning-rate schedules in PyTorch. Explain why gradient clipping is effectively required for RNNs and Transformers. Diagnose the most common training failures (NaN, plateau, overfitting) and apply first-line fixes. 1. 핵심 요약 SGD : \(w \leftarro...
Read more »

OpenClaw to Hermes Migration (2/13) — What to Preserve, Partially Port, or Discard

← 1/13 Current Structure Inve… 📚 Series Index 3/13 What Moves to Hermes → A code review record classifying operational scripts into three tiers: preserve, partial-preserve, and discard. What This Post Covers An asset classification framework (preserve / partial-preserve / discard) for migrating a legacy agent system to a successor A concrete case applying the Strangler Fig + Subset Migration strategy to a memory pipeline Classification results evaluated across LOC, external dependencies, and replaceability axes A method for slimming down a bloated single file (1,310 LOC) using the migration as a natural entry point Problem Definition: Port Everything or Cut Deep? The OpenClaw inventory comprises multiple agents, multiple scheduler/daemon processes, and multiple operational scripts. When moving to the successor system, Hermes, the choice is not binary. A full port carries accumulated technical debt along with it; a minimal port discards hard-won domain logic. Code-revie...
Read more »

AI Agents I Built (5/7) — Building an Automated Blogger API Publishing System

← 4/7 My Life Organizer Agent 📚 Series Index 6/7 Dual → Designing a Markdown-Based Auto-Publish Pipeline with Blogger API v3 + OAuth 2.0 Key Summary Blogger API v3 + OAuth 2.0 enables a pipeline that converts Markdown files into publishable HTML posts blogger_publish.py handles the full flow — frontmatter parsing → body cleanup → HTML conversion → CSS injection → API post — in a single script For bulk publishing, quota management (delay, retry, TOC suppression) is the critical design concern Platform Selection Criteria API access is mandatory for AI agent-driven content publishing. A comparison of platforms: Platform API Cost AdSense Decision WordPress.com REST API Paid plan required Paid only Cost overhead Ghost REST API Self-hosted or paid Manual setup Ops overhead Blogger v3 API Free Native integration Adopted Blogger is free, exposes a REST API, and integrates natively with AdSense. For personal blog automation, this combination i...
Read more »