I hit this exact failure recently:

Agent failed before reply: OAuth token refresh failed for openai-codex: Failed to refresh OAuth token for openai-codex. Please try again or re-authenticate.
Logs: openclaw logs --follow

The short version is: your OpenClaw runtime is fine, but the OAuth session for openai-codex is stale or invalid and needs to be re-authenticated.

Fast fix that worked

Run this command:

openclaw onboard --auth-choice openai-codex

That re-runs onboarding and refreshes auth for the OpenAI Codex provider. I got this exact recovery path from a YouTube walkthrough and confirmed it works in practice.

Sanity checks after re-auth

1. Run openclaw status and verify model/auth look normal.
2. Send a quick test message in your control UI/chat.
3. If you rely on cron, trigger one test run and confirm delivery.

If it still fails

• Tail logs: openclaw logs --follow
• Check local clock drift/timezone issues (OAuth can be time-sensitive).
• Restart gateway once: openclaw gateway restart
• Run onboarding command again and complete the browser auth flow cleanly.

The key lesson: this error usually looks scary but is mostly an auth refresh issue, not a full system failure. Re-auth, verify, and move on.