[Bug]: OAuth tokens (sk-ant-oat) skip service_tier, causing excessive 529 overloaded errors

[rxyknight]

Summary

OAuth tokens (sk-ant-oat-*) are excluded from service_tier injection in createAnthropicFastModeWrapper. During high API load, this causes OAuth-authenticated requests to receive significantly more HTTP 529 overloaded_error responses compared to Claude Code (which uses the same OAuth token type but with service_tier enabled).

Root cause

In src/agents/pi-embedded-runner/anthropic-stream-wrappers.ts, the fast mode wrapper explicitly skips OAuth tokens:

// createAnthropicFastModeWrapper
if (model.api !== "anthropic-messages" || model.provider !== "anthropic" 
    || !isAnthropicPublicApiBaseUrl(model.baseUrl) 
    || isAnthropicOAuthApiKey(options?.apiKey))   // ← OAuth skipped here
    return underlying(model, context, options);

// Only non-OAuth gets service_tier
payloadObj.service_tier = serviceTier;

This means OAuth-authenticated requests are sent without any service_tier parameter, resulting in lowest priority during high load. Claude Code itself uses the same sk-ant-oat token type but includes service_tier, which is why it works fine while OpenClaw gets 529s under the same conditions.

Steps to reproduce

1. Configure OpenClaw with an Anthropic OAuth token (sk-ant-oat-*)
2. Use claude-opus-4-6 as primary model
3. Send messages during periods of elevated Anthropic API load
4. Observe repeated 529 overloaded_error responses, even with Sonnet fallback configured (both models fail)

Meanwhile, Claude Code CLI using the same account/token type works without issues.

Evidence from logs

132 overloaded errors in a single day, in bursts of 5 retries per request, across 11 separate runs:

"httpCode": "529",
"providerErrorType": "overloaded_error",
"model": "claude-opus-4-6",
"provider": "anthropic"

The cooldown cascade makes it worse: after 4 failures, the auth profile enters a 1-hour cooldown (calculateAuthProfileCooldownMs with 5^n backoff), blocking all subsequent requests.

Expected behavior

OAuth tokens should include service_tier in API requests, matching the behavior of Claude Code and other first-party Anthropic clients.

Actual behavior

OAuth tokens are excluded from service_tier injection, receiving no priority during high load, leading to persistent 529 errors and cooldown cascades.

Related

• PR Anthropic: wire explicit service tier params #45453 (Anthropic: wire explicit service tier params) explicitly scopes out OAuth: "What did NOT change: Anthropic OAuth auth"
• PR feat(anthropic): migrate 1M context from beta to GA #45613 (context-1m GA migration) fixes a similar OAuth-specific skip for context-1m beta
• Issue [Bug]: context-1m OAuth skip is now overly broad Anthropic accepts it for Extra Usage enabled accounts #30049 (context-1m OAuth skip is overly broad)

OpenClaw version

2026.3.13 (also verified unchanged in 2026.3.24)

Operating system

macOS 26.4 (arm64)

[Aeroverra]

makes openclaw highly unreliable.

[vincentkoc]

Thanks for the clear repro and root-cause writeup.

Tracked in #55922 now. Keeping this issue open until that PR lands.

[Mdx2025]

Post-merge follow-up after #55922 landed:

Recommended hardening so this does not regress silently:

• Add a small integration assertion in CI that OAuth (sk-ant-oat-*) requests include service_tier in the same wrapper path as API-key auth.
• Add one telemetry counter split by auth type for 529s (oauth vs api_key) so we can detect drift quickly after releases.

The code fix is in; these checks would make future regressions much easier to catch.