fix(daemon): pass allowCachedAuth to runtime for OAuth token reuse

The daemon host never passed allowCachedAuth when calling
runtime.callTool() or runtime.listTools(), and the KeepAliveRuntime
callTool wrapper did not forward it to the daemon client either.

Without allowCachedAuth, createClientContext skips
applyCachedAuthIfAvailable, so cached OAuth tokens are never read
and every daemon-managed OAuth server fails after token expiry.

Changes:
- protocol.ts: add allowCachedAuth to CallToolParams
- host.ts: pass allowCachedAuth in callTool and listTools handlers
- runtime-wrapper.ts: forward allowCachedAuth in callTool daemon path

Fixes openclaw/mcporter#181
Related openclaw/mcporter#179

src/daemon/host.ts

@@ -302,6 +302,7 @@ async function processRequest(
           const result = await runtime.callTool(params.server, params.tool, {
             args: params.args ?? {},
             timeoutMs: params.timeoutMs,
+            allowCachedAuth: params.allowCachedAuth ?? true,
           });
           markActivity(params.server, activity);
           if (loggable) {
@@ -327,6 +328,7 @@ async function processRequest(
           const result = await runtime.listTools(params.server, {
             includeSchema: params.includeSchema,
             autoAuthorize: params.autoAuthorize,
+            allowCachedAuth: true,
           });
           markActivity(params.server, activity);
           if (loggable) {

src/daemon/protocol.ts

@@ -28,6 +28,7 @@ export interface CallToolParams {
   readonly tool: string;
   readonly args?: Record<string, unknown>;
   readonly timeoutMs?: number;
+  readonly allowCachedAuth?: boolean;
 }
 
 export interface ListToolsParams {

src/daemon/runtime-wrapper.ts

@@ -75,6 +75,7 @@ class KeepAliveRuntime implements Runtime {
           tool: toolName,
           args: options?.args,
           timeoutMs: options?.timeoutMs,
+          allowCachedAuth: options?.allowCachedAuth ?? true,
         })
       );
     }