Add OAuth token refresh support for Anthropic API

- Add OAuthTokenManager class for loading, checking expiration, and refreshing tokens
- Add OAuthCredential and AuthProfilesStore models for auth-profiles.json format
- Add OAuthTokenHandler DelegatingHandler for automatic token refresh on 401
- Update AnthropicProvider to support OAuth authentication
- Add auth_mode, auth_profiles_path, auth_profile_id config options
- Add unit tests for OAuthTokenManager

Usage:
[providers.anthropic]
auth_mode = "oauth"
auth_profile_id = "anthropic:default"
auth_profiles_path = "~/.openclaw/agents/main/agent/auth-profiles.json"

Author: smartprogrammer93

config.example.toml

@@ -29,10 +29,15 @@ api_key = "sk-..."                   # Your OpenAI API key
 default_model = "gpt-4o"
 
 [providers.anthropic]
-api_key = "sk-ant-..."              # Your Anthropic API key
+api_key = "sk-ant-..."              # Your Anthropic API key (used when auth_mode is "api_key")
 # base_url = "https://api.anthropic.com"
 default_model = "claude-sonnet-4-20250514"
 
+# OAuth authentication (alternative to api_key)
+# auth_mode = "oauth"               # Set to "oauth" to use OAuth tokens from auth-profiles.json
+# auth_profile_id = "anthropic:default"  # Profile ID in auth-profiles.json
+# auth_profiles_path = "~/.openclaw/agents/main/agent/auth-profiles.json"
+
 [providers.openrouter]
 api_key = "sk-or-..."               # Your OpenRouter API key
 default_model = "anthropic/claude-sonnet-4-20250514"

src/ClawSharp.Cli/Commands/AgentCommand.cs

@@ -9,17 +9,26 @@ namespace ClawSharp.Cli.Commands;
 
 public class AgentCommand : Command
 {
+    private static readonly Option<string?> MessageOption = new("-m", "--message") { Description = "Send a single message" };
+    private static readonly Option<string?> ProviderOption = new("-p", "--provider") { Description = "LLM provider to use" };
+    private static readonly Option<string?> ModelOption = new("--model") { Description = "Model to use" };
+
     public AgentCommand() : base("agent", "Chat with the AI agent")
     {
-        SetAction(_ => ExecuteAsync().GetAwaiter().GetResult());
+        Add(MessageOption);
+        Add(ProviderOption);
+        Add(ModelOption);
+        SetAction(ctx =>
+        {
+            var message = ctx.GetValue(MessageOption);
+            var provider = ctx.GetValue(ProviderOption);
+            var model = ctx.GetValue(ModelOption);
+            return ExecuteAsync(message, provider, model);
+        });
     }
 
-    private static async Task ExecuteAsync()
+    private static async Task ExecuteAsync(string? message, string? provider, string? model)
     {
-        // For now, just use defaults - proper arg parsing can be added later
-        string? message = null;
-        string? provider = null;
-        string? model = null;
 
         // Load configuration
         var config = ConfigLoader.LoadConfig();

src/ClawSharp.Core/Auth/OAuthCredential.cs

@@ -0,0 +1,96 @@
+using System.Text.Json.Serialization;
+
+namespace ClawSharp.Core.Auth;
+
+/// <summary>
+/// Represents an OAuth credential with access token, refresh token, and expiration.
+/// </summary>
+public class OAuthCredential
+{
+    /// <summary>
+    /// Credential type: "oauth", "token", or "api_key".
+    /// </summary>
+    [JsonPropertyName("type")]
+    public string Type { get; set; } = "oauth";
+    
+    /// <summary>
+    /// Provider name (e.g., "anthropic", "minimax-portal").
+    /// </summary>
+    [JsonPropertyName("provider")]
+    public string Provider { get; set; } = "";
+    
+    /// <summary>
+    /// The OAuth access token.
+    /// </summary>
+    [JsonPropertyName("access")]
+    public string? Access { get; set; }
+    
+    /// <summary>
+    /// The OAuth refresh token.
+    /// </summary>
+    [JsonPropertyName("refresh")]
+    public string? Refresh { get; set; }
+    
+    /// <summary>
+    /// Unix timestamp (milliseconds) when the token expires.
+    /// </summary>
+    [JsonPropertyName("expires")]
+    public long Expires { get; set; }
+    
+    /// <summary>
+    /// Optional email associated with the OAuth account.
+    /// </summary>
+    [JsonPropertyName("email")]
+    public string? Email { get; set; }
+    
+    /// <summary>
+    /// Optional enterprise URL.
+    /// </summary>
+    [JsonPropertyName("enterpriseUrl")]
+    public string? EnterpriseUrl { get; set; }
+    
+    /// <summary>
+    /// Optional project ID.
+    /// </summary>
+    [JsonPropertyName("projectId")]
+    public string? ProjectId { get; set; }
+    
+    /// <summary>
+    /// Optional account ID.
+    /// </summary>
+    [JsonPropertyName("accountId")]
+    public string? AccountId { get; set; }
+}
+
+/// <summary>
+/// Represents the auth-profiles.json file structure.
+/// </summary>
+public class AuthProfilesStore
+{
+    [JsonPropertyName("version")]
+    public int Version { get; set; }
+    
+    [JsonPropertyName("profiles")]
+    public Dictionary<string, OAuthCredential> Profiles { get; set; } = new();
+    
+    [JsonPropertyName("lastGood")]
+    public Dictionary<string, string>? LastGood { get; set; }
+    
+    [JsonPropertyName("usageStats")]
+    public Dictionary<string, ProfileUsageStats>? UsageStats { get; set; }
+}
+
+/// <summary>
+/// Usage statistics for an auth profile.
+/// </summary>
+public class ProfileUsageStats
+{
+    [JsonPropertyName("lastUsed")]
+    public long LastUsed { get; set; }
+    
+    [JsonPropertyName("errorCount")]
+    public int ErrorCount { get; set; }
+    
+    [JsonPropertyName("lastFailureAt")]
+    public long? LastFailureAt { get; set; }
+}