diff --git a/docs/plans/state.json b/docs/plans/state.json
index 9209909..804cf09 100644
--- a/docs/plans/state.json
+++ b/docs/plans/state.json
@@ -69,6 +69,18 @@
       "test_status": "pnpm test:run src/frontends/tui/minimal.test.ts src/models/openai.test.ts src/daemon/clientFactory.test.ts + pnpm typecheck passing"
     },
 
+    "zai-auth-reauthenticate-confirmation": {
+      "status": "completed",
+      "date": "2026-02-16",
+      "updated": "2026-02-16",
+      "summary": "Improved `zai-auth` UX: when a stored credential already exists, prompt for confirmation (`Re-authenticate and replace it? (y/N)`) instead of requiring manual auth.json edits. Added command tests for both cancel and replace flows.",
+      "files_modified": [
+        "src/cli/zai-auth.ts",
+        "src/cli/zai-auth.test.ts"
+      ],
+      "test_status": "pnpm test:run src/cli/zai-auth.test.ts + pnpm typecheck passing"
+    },
+
     "deployment-port-env-override": {
       "status": "completed",
       "date": "2026-02-16",
diff --git a/src/cli/zai-auth.test.ts b/src/cli/zai-auth.test.ts
new file mode 100644
index 0000000..e2f5857
--- /dev/null
+++ b/src/cli/zai-auth.test.ts
@@ -0,0 +1,80 @@
+import { Command } from 'commander';
+import { beforeEach, describe, expect, it, vi } from 'vitest';
+
+const { mockLoadStoredZaiAuth, mockStoreZaiAuth } = vi.hoisted(() => ({
+  mockLoadStoredZaiAuth: vi.fn(),
+  mockStoreZaiAuth: vi.fn(),
+}));
+
+const { mockCreateInterface } = vi.hoisted(() => ({
+  mockCreateInterface: vi.fn(),
+}));
+
+vi.mock('../auth/index.js', () => ({
+  loadStoredZaiAuth: mockLoadStoredZaiAuth,
+  storeZaiAuth: mockStoreZaiAuth,
+}));
+
+vi.mock('readline', () => ({
+  default: {
+    createInterface: mockCreateInterface,
+  },
+}));
+
+function mockReadlineAnswers(answers: string[]): void {
+  const queue = [...answers];
+  mockCreateInterface.mockImplementation(() => ({
+    question: (_prompt: string, cb: (answer: string) => void) => cb(queue.shift() ?? ''),
+    close: () => undefined,
+  }));
+}
+
+describe('zai-auth command', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+    mockLoadStoredZaiAuth.mockReset();
+    mockStoreZaiAuth.mockReset();
+    mockCreateInterface.mockReset();
+  });
+
+  it('cancels when credential exists and user answers no', async () => {
+    mockLoadStoredZaiAuth.mockReturnValue({ api_key: 'existing-key', created_at: '2026-02-16T00:00:00.000Z' });
+    mockReadlineAnswers(['n']);
+
+    const program = new Command();
+    const { registerZaiAuthCommand } = await import('./zai-auth.js');
+    registerZaiAuthCommand(program);
+
+    const consoleLog = vi.spyOn(console, 'log').mockImplementation(() => undefined);
+    const exitSpy = vi.spyOn(process, 'exit').mockImplementation(((code?: number) => {
+      throw new Error(`EXIT:${code ?? 0}`);
+    }) as never);
+
+    await expect(program.parseAsync(['node', 'test', 'zai-auth'])).rejects.toThrow('EXIT:0');
+    expect(mockStoreZaiAuth).not.toHaveBeenCalled();
+    expect(consoleLog).toHaveBeenCalledWith('Cancelled.');
+
+    exitSpy.mockRestore();
+    consoleLog.mockRestore();
+  });
+
+  it('re-prompts and stores new key when credential exists and user answers yes', async () => {
+    mockLoadStoredZaiAuth.mockReturnValue({ api_key: 'existing-key', created_at: '2026-02-16T00:00:00.000Z' });
+    mockReadlineAnswers(['y', 'new-zai-key']);
+
+    const program = new Command();
+    const { registerZaiAuthCommand } = await import('./zai-auth.js');
+    registerZaiAuthCommand(program);
+
+    const consoleLog = vi.spyOn(console, 'log').mockImplementation(() => undefined);
+    const consoleError = vi.spyOn(console, 'error').mockImplementation(() => undefined);
+
+    await program.parseAsync(['node', 'test', 'zai-auth']);
+
+    expect(mockStoreZaiAuth).toHaveBeenCalledWith('new-zai-key');
+    expect(consoleError).not.toHaveBeenCalled();
+
+    consoleLog.mockRestore();
+    consoleError.mockRestore();
+  });
+});
diff --git a/src/cli/zai-auth.ts b/src/cli/zai-auth.ts
index a3f444b..7e59e97 100644
--- a/src/cli/zai-auth.ts
+++ b/src/cli/zai-auth.ts
@@ -27,6 +27,14 @@ async function promptHidden(question: string): Promise<string> {
   return answer.trim();
 }
 
+async function promptYesNo(question: string): Promise<boolean> {
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout, terminal: true });
+  const answer = await new Promise<string>((resolve) => rl.question(question, resolve));
+  rl.close();
+  const normalized = answer.trim().toLowerCase();
+  return normalized === 'y' || normalized === 'yes';
+}
+
 export function registerZaiAuthCommand(program: Command): void {
   program
     .command('zai-auth')
@@ -35,8 +43,11 @@ export function registerZaiAuthCommand(program: Command): void {
       const existing = loadStoredZaiAuth();
       if (existing) {
         console.log('Z.AI credential already exists.');
-        console.log('Delete ~/.config/flynn/auth.json zai/zhipuai entry if you want to re-authenticate.');
-        process.exit(0);
+        const confirmed = await promptYesNo('Re-authenticate and replace it? (y/N): ');
+        if (!confirmed) {
+          console.log('Cancelled.');
+          process.exit(0);
+        }
       }
 
       console.log('Z.AI uses API keys (HTTP Bearer), not an OAuth device flow.');