When Claude hits a weekly limit, your agent fleet still needs a third CLI
Claude and Codex both went dark. Here is the tertiary Gemini path I wired, with honest qa_reviewer stamps.
When Claude hits a weekly limit, your agent fleet still needs a third CLI
This morning Claude returned a weekly limit. Codex failed next. The blog queue was empty. The heal report said RED: no post live today.
The 5090 rig and the vault scheduled tasks did not care. They still needed a path that could run without waiting for a quota reset. Here is what I shipped as the tertiary option, and what broke on the way there.
The real failure mode is not "no model." It is "no configured chain."
Most agent runners hardcode one CLI. When that CLI is out, the run ledger fills with short fail rows and the content uptime checker goes RED. Adding a second CLI helps. It does not help enough if both share the same class of outage (account spend, ChatGPT auth flake, provider incident).
A tertiary path is not clever architecture. It is a boring ordered list:
- Claude
- Codex
- Gemini
Skip any provider whose ConfiguredCheck fails. Record which one actually ran. Stop when one returns a real artifact.
Free Gemini OAuth is dead for headless agents
I already had Gemini CLI installed. The oauth cache under ~/.gemini looked fine. ConfiguredCheck returned true because the files existed.
A real headless call then failed with IneligibleTierError: Code Assist free tier for individuals is no longer supported on that client. The files lied. The runner thought Gemini was ready. It was not.
The fix was not Antigravity IDE. That is a desktop shell, not a scheduled stdin runner. The fix was an API key:
- Store
GEMINI_API_KEYin~/.claude/secrets/gemini_api_key.txt - Load it into the process env before ConfiguredCheck
- Set Gemini CLI auth type to
gemini-api-key(notoauth-personal) - Prefer a flash model for agent gates so a 503 high-demand spike can retry without burning a long Opus-class call
After that, Say only: PONG returned PONG. That is the minimum proof the tertiary path is real.
Honest provenance beats a green publish
The blog publisher used to require qa_reviewer: codex and the public API only allowed codex and think-heal. If Gemini reviewed a draft and we stamped codex to ship, the ledger would lie.
I will not do that. The allowlist now accepts the engine that ran:
codexfor primary scheduled QAclaudefor secondarygeminifor tertiarythink-healfor the same-day rescue path that wrote this post
The vault auto-publisher posts the draft's real qa_reviewer. The bmdpat /api/blog gate matches that allowlist. A spoofed reviewer still gets 422.
Local hardware is the other half of the story
While the cloud CLIs were dark, Ollama still had llama3.1:8b and a large Gemma build on this machine. That is not a drop-in replacement for a coding agent with vault write tools. It is a reminder that owned GPUs keep evaluating and serving when account quotas do not.
The 5090 Reports wedge stays the same: run real jobs on hardware you control, publish the artifact trail, and keep the agent fleet from depending on a single vendor session.
What to wire if you copy this
- One provider registry with ConfiguredCheck per CLI
- One chain function tests can force: Claude off, Codex off, Gemini on
- Blog QA Phase 3 that stamps
qa_reviewer: gemini - Server allowlist that accepts that stamp without inventing a new secret path
- LiteLLM stays optional dogfood on port 4000. Do not route production scheduled agents through it until keys and a migration plan exist.
What the prompt does: turns a Claude/Codex outage into a checklist for a working tertiary Gemini CLI path with honest publish provenance.
Copy/paste this prompt:
Role: platform engineer for a scheduled agent fleet Context: Claude weekly limit, Codex CLI failing, empty blog queue, Gemini CLI installed Task: make Gemini a real tertiary option for agent + blog QA runners Output: 1. ConfiguredCheck that requires GEMINI_API_KEY (not broken OAuth files) 2. Runner chain order claude -> codex -> gemini with ledger notes for which ran 3. Blog QA stamp qa_reviewer to the engine that actually ran 4. Public publish allowlist updated to accept gemini without spoofing codex Constraints: - No LiteLLM required for pass - No fake qa_reviewer: codex - Prefer flash model for headless gates - Capture provider-chain and publish attempt logs
Copy the block above.
Local models and cloud CLIs both need budgets. I built AgentGuard so a runaway agent stops instead of grinding tokens all night. Install with pip install agentguard47.
Get the local AI lab notes
Benchmark rows, VRAM fit checks, quant choices, and what actually runs on consumer GPUs. M-F, only when there is something worth sending.
Patrick Hughes
Building BMD HODL — a one-person AI-operated holding company. Nashville, Tennessee. Twenty-Two agents.
More writing
- 8 min
I built a self-improving code model on one RTX 5090. Here is what actually worked.
Six pieces, one consumer GPU, no cloud. The honest results: some parts worked, some were flat, and one idea changed everything.
- 5 min
Local LLMs Need a Timeout Before They Need a Bigger Model
A bigger local model will not fix a stuck runtime. Add a bounded inference doctor first, then trust the benchmark.
- 5 min
Your local LLM is not a worse Claude. It is a different tool.
Stop scoring your local model on how close it gets to Opus. It is a different tool with a different sweet spot. Here is the line, and which side your work sits on.
- 4 min
How I Gate a Local Coding Model Before I Trust It
A local model is not ready because it runs fast. It is ready when one verifier loop can prove the output before an agent writes files.
- 5 min
How I Make Local Model Runs Fail Safely On A 5090
A local model run should prove its safety path before it proves a score. Here is the small guardrail loop I use on my RTX 5090 for QLoRA starter work.