fix(agent): consolidated fallback/retry correctness — SSL retry, cooldown, config context, auth fallback parity

[teknium1]

Summary

Consolidated salvage of 5 retry / fallback-chain correctness PRs touching the agent loop. Attribution preserved via rebase-merge. All changes preserve prompt-cache integrity (no context mutation, no mid-session reloads).

Changes

• run_agent.py (SSL retry) — ssl.SSLError inherits from ValueError via Python MRO, so the is_local_validation_error = isinstance(api_error, (ValueError, TypeError)) check misclassified TLS transport failures as "local programming bug" and aborted without retrying. Added ssl.SSLError to the exclusion tuple alongside UnicodeEncodeError and json.JSONDecodeError (fix(agent): retry on json.JSONDecodeError instead of treating it as a local validation error #15107). From @Bartok9 (fix(agent): exclude ssl.SSLError from is_local_validation_error to prevent non-retryable abort #14445).
• run_agent.py (fallback config context) — _try_activate_fallback() passed base_url/api_key/provider into get_model_context_length() but dropped config_context_length, so explicit model.context_length overrides in config.yaml were ignored once the fallback activated (falling back to 128K even when config said 204800). From @CruxExperts (fix(agent): pass config_context_length in fallback activation path #14727).
• run_agent.py (switch_model fallback state guard) — switch_model() wrote self._fallback_chain = [pruned] only inside the provider-mismatch if branch. When called on a partially-constructed agent (via AIAgent.__new__ in tests) or when old_norm == new_norm, it left _fallback_chain unset and crashed on the next access. Now always initializes via getattr(self, "_fallback_chain", []) or [] and assigns back unconditionally. From @LeonSGP43 (fix: default missing fallback state in switch_model #14867).
• agent/error_classifier.py + run_agent.py (429 + cooldown) — Two-part fix:
  1. classify_api_error() force-sets status_code=429 when the error type is RateLimitError but .status_code is missing (Copilot / GitHub Models SDK quirk), so downstream rate-limit handling fires.
  2. _try_activate_fallback(reason=...) sets self._rate_limited_until = time.monotonic() + 60 only when leaving the primary provider (not when chain-advancing between fallbacks). _restore_primary_runtime() now respects the cooldown and stays on the working fallback until it expires, preventing the flip-flop retry loop that burned the budget on exhausted primaries. From @vlwkaos (fix(agent): force 429 classification for RateLimitError + rate-limit cooldown on primary restore #8023).
• gateway/run.py + cron/scheduler.py (auth fallback parity) — Mirrors the CLI fallback-on-AuthError path (fix(codex): consolidated OAuth error parsing + failed-status fallback routing + reauth UX #15104 / @A-FdL-Prog's fix(codex): route auth failures to fallback provider chain #5948) for the gateway and cron contexts. When resolve_runtime_provider() raises AuthError at session/job startup, walk the fallback_providers chain and switch to the first working provider instead of failing the message/job. From @Tranquil-Flow (fix(gateway,cron): activate fallback_model when primary provider auth fails #7432).

Credit

• @Bartok9 — PR fix(agent): exclude ssl.SSLError from is_local_validation_error to prevent non-retryable abort #14445
• @CruxExperts — PR fix(agent): pass config_context_length in fallback activation path #14727
• @LeonSGP43 — PR fix: default missing fallback state in switch_model #14867 (supersedes @AndreKurait's fix(switch_model): guard _fallback_chain access on partially-constructed agents #14731, credit there)
• @vlwkaos — PR fix(agent): force 429 classification for RateLimitError + rate-limit cooldown on primary restore #8023
• @Tranquil-Flow — PR fix(gateway,cron): activate fallback_model when primary provider auth fails #7432

Validation

scripts/run_tests.sh tests/agent/test_error_classifier.py \
  tests/run_agent/test_primary_runtime_restore.py \
  tests/run_agent/test_switch_model_fallback_prune.py \
  tests/run_agent/test_provider_fallback.py \
  tests/gateway/test_auth_fallback.py \
  tests/run_agent/test_run_agent_codex_responses.py \
  tests/run_agent/test_jsondecodeerror_retryable.py

226/226 passing. run_agent.py, cli.py, agent/error_classifier.py, gateway/run.py, cron/scheduler.py all compile.

Conflict resolutions

• fix(agent): exclude ssl.SSLError from is_local_validation_error to prevent non-retryable abort #14445 SSL exclusion — combined with main's (UnicodeEncodeError, json.JSONDecodeError) tuple from fix(agent): retry on json.JSONDecodeError instead of treating it as a local validation error #15107.
• fix: default missing fallback state in switch_model #14867 fallback state — auto-merged against main's in-place swap semantics.
• fix(agent): force 429 classification for RateLimitError + rate-limit cooldown on primary restore #8023 rate-limit cooldown — re-added reason parameter to _try_activate_fallback() signature, wired reason=classified.reason at the primary rate-limit caller site (line ~10633), added cooldown check in _restore_primary_runtime(). Force-429 classification added directly to classify_api_error().

Not included

• fix(switch_model): guard _fallback_chain access on partially-constructed agents #14731 @AndreKurait — superseded by fix: default missing fallback state in switch_model #14867's more thorough defensive initialization. Will close with credit.