Handle Z.AI textual 401 errors for auth diagnostics

src/models/openai.test.ts

@@ -152,4 +152,20 @@ describe('OpenAIClient tool use', () => {
       messages: [{ role: 'user', content: 'hello' }],
     })).rejects.toThrow(/Z\.AI authentication failed \(401\)/);
   });
+
+  it('rewrites Z.AI textual 401 errors when SDK status is absent', async () => {
+    mockCreate.mockRejectedValueOnce(new Error(
+      '401 You have insufficient permissions for this operation. Missing scopes: model.request.',
+    ));
+
+    const client = new OpenAIClient({
+      apiKey: 'zai-key',
+      model: 'glm-4.7',
+      baseURL: 'https://api.z.ai/api/paas/v4',
+    });
+
+    await expect(client.chat({
+      messages: [{ role: 'user', content: 'hello' }],
+    })).rejects.toThrow(/The key lacks `model\.request` scope/);
+  });
 });

src/models/openai.ts

@@ -260,9 +260,10 @@ export class OpenAIClient implements ModelClient {
       const message = error instanceof Error ? error.message : String(error);
 
       const isZai = (this.baseURL ?? '').includes('api.z.ai');
+      const isUnauthorized401 = status === 401 || /\b401\b/.test(message);
       const missingModelRequestScope = message.includes('Missing scopes: model.request');
 
-      if (isZai && status === 401) {
+      if (isZai && isUnauthorized401) {
         const hint = missingModelRequestScope
           ? 'The key lacks `model.request` scope.'
           : 'The API key is invalid, expired, or not allowed for this model/endpoint.';