fix(gateway,cron): activate fallback_model when primary provider auth fails

[Tranquil-Flow]

Description

When the primary provider raises AuthError (expired OAuth token, revoked API key), the error was re-raised before AIAgent was created, so fallback_model was never consulted. Now both gateway/run.py and cron/scheduler.py catch AuthError specifically and attempt to resolve credentials from the fallback_providers/fallback_model config chain before propagating the error.

Related issue: #7230

Type of Change

• Bug fix

Changes Made

• gateway/run.py: Catch AuthError in _resolve_runtime_agent_kwargs(), try _try_resolve_fallback_provider() before raising.
• cron/scheduler.py: Same pattern in run_job() — catch AuthError, iterate fallback chain.

How to Test

1. Configure config.yaml with a primary provider and a fallback_model
2. Let the primary provider's OAuth token expire (or revoke the API key)
3. Send a message via gateway or trigger a cron job
4. Agent should respond using the fallback model instead of returning an error

Checklist

• All tests pass
• Follows Conventional Commits
• Tests added for this bug fix

Closes #7230

[teknium1]

Thanks for this fix, @Tranquil-Flow — the change landed on main via the consolidated salvage PR #15134 (merged 2026-04-24).

This is an automated hermes-sweeper review.

Evidence:

• Commit ee83a710f on main is your exact commit, preserving authorship.
• PR fix(agent): consolidated fallback/retry correctness — SSL retry, cooldown, config context, auth fallback parity #15134 explicitly credits this PR for the gateway/run.py + cron/scheduler.py auth fallback parity change.
• gateway/run.py lines 329–356: AuthError caught in _resolve_runtime_agent_kwargs(), _try_resolve_fallback_provider() defined at line 357.
• cron/scheduler.py lines 939–973: same pattern in run_job().
• tests/gateway/test_auth_fallback.py (73 lines) also present on main.

The fix is live on main; closing as implemented.