…1202)

OAuth providers (openai-codex, nous, copilot) always showed "Not configured" in
Settings → Providers even when fully working. Three separate issues:

1. api/providers.py — has_key from _provider_has_key() was unconditionally discarded:
   The `else: has_key = False` branch and `except Exception: has_key = False` both
   forced False, hiding a valid token in config.yaml → providers.<id>.api_key.
   Fix: `elif has_key: key_source = "config_yaml"` preserves config.yaml tokens;
   except clause now logs debug and keeps the existing has_key value.

2. api/providers.py — OAuth providers not visible in Settings panel at all:
   configurable=False for all OAuth providers (by design — WebUI can't set OAuth tokens).
   But the JS filter `filter(p=>p.configurable)` excluded them entirely.
   Fix: added is_oauth field to the provider dict; JS filter changed to
   `filter(p=>p.configurable||p.is_oauth)` so OAuth providers appear in Settings.

3. api/providers.py + static/panels.js — auth_error not surfaced to user:
   get_auth_status() returns a descriptive error string (e.g. "Codex refresh token
   consumed by Codex CLI. Run hermes auth.") but it was discarded.
   Fix: auth_error field added to provider dict and rendered in OAuth card body.

static/panels.js:
   - isOauth now uses p.is_oauth from backend (eliminates hardcoded ID list)
   - OAuth card body shows different hints: config_yaml, auth_error, not-configured
   - Configured badge shows for OAuth providers with has_key=True

static/i18n.js:
   - providers_oauth_config_yaml_hint (6 locales)
   - providers_oauth_not_configured_hint (6 locales)

15 new tests in tests/test_issue1202_oauth_provider_status.py, including
regression guards for all three root causes.

2802 tests pass, 0 fail.

…itching

Visual feedback:
- Profile chip immediately shows the new name (optimistic update) when clicked
- Small CSS spinner appears on the chip icon during the switch
- Button is disabled to prevent double-clicks stacking
- finally block always cleans up — chip can never get stuck in loading state
- On error: chip label reverts to the previous profile name

Performance:
- populateModelDropdown() and loadWorkspaceList() now run via Promise.all
  instead of sequential awaits — model dropdown fetch and workspace list
  fetch are independent, so they run simultaneously (~50% faster switches)
- Apply steps (S._pendingProfileModel, workspace update) happen after
  Promise.all resolves — correctness unchanged

11 new tests in tests/test_profile_switch_ux.py covering:
- spinner CSS class present during switch, removed in finally
- optimistic name set before API call
- chip disabled during switch, re-enabled after
- error path reverts chip label
- Promise.all pattern verified
- no old sequential await pattern present
- CSS switching class has correct properties

2798 tests pass, 0 fail.

…1152)

Co-authored-by: bergeouss <[email protected]>
Closes #467

Rebased onto master with i18n.js conflict resolved (kept both master's
status_* keys and PR's yolo_* keys in each locale block). All other
files applied cleanly.