fix(agent): Handle optional OAuth token fields in credential manager

Make refreshToken and expiresAt optional in OAuth credential validation.
Setup tokens without expiry are now treated as non-expired.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

src/agent/credentials/default-credential-manager.ts

@@ -177,7 +177,18 @@ export class DefaultAccountCredentialManager implements AccountCredentialManager
       };
     }
 
-    // Credentials expired — attempt refresh
+    // Credentials expired — attempt refresh if we have a refresh token
+    if (!credentials.refreshToken) {
+      log.warn({ configDir, accountId }, 'setup token expired, no refresh token available');
+      this.emitExpired(accountId, 'token_expired', 'Setup token expired, no refresh token available');
+      return {
+        valid: false,
+        credentials: null,
+        error: 'Setup token expired, no refresh token available',
+        refreshed: false,
+      };
+    }
+
     log.info({ configDir, accountId }, 'credentials expired, refreshing');
     const previousExpiresAt = credentials.expiresAt;
     const refreshed = await this.refresh(configDir, credentials.refreshToken);