fix(codex): force codex_responses api_mode for openai-codex provider#10044
Closed
saamuelng601-pixel wants to merge 1 commit into
Closed
fix(codex): force codex_responses api_mode for openai-codex provider#10044saamuelng601-pixel wants to merge 1 commit into
saamuelng601-pixel wants to merge 1 commit into
Conversation
The openai-codex provider targets `chatgpt.com/backend-api/codex/...`, which Cloudflare began blocking on `/chat/completions` with a managed challenge (403) on 2026-04-14. The `/responses` endpoint (aka codex_responses api_mode) is the correct path and is not yet challenged. Previously, the AIAgent.__init__ resolution order honored a caller- passed api_mode before applying the provider-specific requirement, so a stale `api_mode="chat_completions"` value inherited from tools/delegate_tool.py (parent agent's api_mode after a model switch) or resolve_runtime_provider() would leak into the openai-codex agent and route it to the blocked endpoint. This change flips the order so that `provider == "openai-codex"` (or a base_url pointing at `chatgpt.com/backend-api/codex`) always forces api_mode="codex_responses", with caller overrides applied only for other providers. Refs: openclaw/openclaw#66633 (same upstream CF blocker). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Zijie-Tian
added a commit
to Zijie-Tian/hermes-agent
that referenced
this pull request
Apr 18, 2026
The main OpenAI client path was injecting a custom httpx transport that bypassed proxy-aware defaults, while the raw Codex path ignored runtime-resolved base URLs and openai-codex callers could still pin chat_completions. This packages the minimal local fixes and regression tests needed to make Hermes reliably use Codex gpt-5.4 behind the user's configured proxy. Constraint: Must preserve unrelated local edits in the repo Constraint: Must keep Hermes on the Codex Responses path for openai-codex Rejected: Commit workspace-level ~/.hermes/.env changes | outside repo scope Rejected: Wait for upstream PR merges | user needs a working fork branch now Confidence: high Scope-risk: moderate Reversibility: clean Directive: If upstream merges NousResearch#11733/NousResearch#10044/NousResearch#5988, rebase this branch against their final versions before reusing it Tested: pytest tests/run_agent/test_create_openai_client_reuse.py -q Tested: pytest tests/run_agent/test_run_agent_codex_responses.py -q Tested: pytest tests/agent/test_auxiliary_client.py -q Tested: hermes chat --provider openai-codex -m gpt-5.4 -Q --max-turns 1 -q "Reply with exactly OK." Tested: hermes chat -Q --max-turns 1 -q "Reply with exactly OK." Not-tested: gateway / IM platform flows Related: NousResearch#11609 Related: NousResearch#11733 Related: NousResearch#10044 Related: NousResearch#5988
1 task
Contributor
|
Thanks for the submission @saamuelng601-pixel. Closing as superseded — already on main — see Hermes's Codex auth design was reworked in #12360 ("Hermes owns its own Codex auth; stop touching The valid adjacent fixes from this batch (error parsing, fallback chain on auth failure, reauth UX) landed together in #15104. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
openai-codexprovider targetschatgpt.com/backend-api/codex/*, but Cloudflare started issuing managed challenges (403) on/chat/completionson 2026-04-14./responses, akaapi_mode="codex_responses") is not yet challenged, and is already the documented transport for this provider inhermes_cli/providers.py:57.AIAgent.__init__honored a caller-passedapi_modebefore applying the provider requirement. A staleapi_mode="chat_completions"could leak in viatools/delegate_tool.py:325(subagent inherits parent's post-switch api_mode) orresolve_runtime_provider()cache from a previous OpenRouter/etc. session, routingopenai-codexto the blocked endpoint.provider == "openai-codex"(or base_url =chatgpt.com/backend-api/codex) always forcesapi_mode="codex_responses"before considering caller overrides.Verified symptom in local logs: 111+ CF challenge pages captured on
/backend-api/codex/chat/completions?__cf_chl_tk=…in a 24h window.Upstream references: openclaw/openclaw#66633, #62142, #62087 — parallel Cloudflare blocker across ecosystems.
Test plan
test_auth_codex_provider.py/test_codex_models.pypass.../codex/responses, not/chat/completionsanthropic_messages/chat_completionsstill selectable for non-codex providers when caller explicitly passesapi_mode🤖 Generated with Claude Code