openclaw
diff --git a/‎docs/plugins/codex-harness.md‎
Lines changed: 103 additions & 0 deletions b/‎docs/plugins/codex-harness.md‎
Lines changed: 103 additions & 0 deletions
diff --git a/‎docs/tools/slash-commands.md‎
Lines changed: 1 addition & 0 deletions b/‎docs/tools/slash-commands.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎extensions/codex/harness.ts‎
Lines changed: 5 additions & 2 deletions b/‎extensions/codex/harness.ts‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎extensions/codex/index.test.ts‎
Lines changed: 6 additions & 0 deletions b/‎extensions/codex/index.test.ts‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎extensions/codex/index.ts‎
Lines changed: 3 additions & 1 deletion b/‎extensions/codex/index.ts‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎extensions/codex/openclaw.plugin.json‎
Lines changed: 114 additions & 0 deletions b/‎extensions/codex/openclaw.plugin.json‎
Lines changed: 114 additions & 0 deletions
diff --git a/‎extensions/codex/package.json‎
Lines changed: 2 additions & 1 deletion b/‎extensions/codex/package.json‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎extensions/codex/provider.test.ts‎
Lines changed: 3 additions & 1 deletion b/‎extensions/codex/provider.test.ts‎
Lines changed: 3 additions & 1 deletion
@@ -255,6 +255,106 @@ fallback catalog:
 }
 ```
 
+## App-server connection and policy
+
+By default, the plugin starts Codex locally with:
+
+```bash
+codex app-server --listen stdio://
+```
+
+You can keep that default and only tune Codex native policy:
+
+```json5
+{
+  plugins: {
+    entries: {
+      codex: {
+        enabled: true,
+        config: {
+          appServer: {
+            approvalPolicy: "on-request",
+            sandbox: "workspace-write",
+            serviceTier: "priority",
+          },
+        },
+      },
+    },
+  },
+}
+```
+
+For an already-running app-server, use WebSocket transport:
+
+```json5
+{
+  plugins: {
+    entries: {
+      codex: {
+        enabled: true,
+        config: {
+          appServer: {
+            transport: "websocket",
+            url: "ws://127.0.0.1:39175",
+            authToken: "${CODEX_APP_SERVER_TOKEN}",
+            requestTimeoutMs: 60000,
+          },
+        },
+      },
+    },
+  },
+}
+```
+
+Supported `appServer` fields:
+
+| Field               | Default                                  | Meaning                                                                  |
+| ------------------- | ---------------------------------------- | ------------------------------------------------------------------------ |
+| `transport`         | `"stdio"`                                | `"stdio"` spawns Codex; `"websocket"` connects to `url`.                 |
+| `command`           | `"codex"`                                | Executable for stdio transport.                                          |
+| `args`              | `["app-server", "--listen", "stdio://"]` | Arguments for stdio transport.                                           |
+| `url`               | unset                                    | WebSocket app-server URL.                                                |
+| `authToken`         | unset                                    | Bearer token for WebSocket transport.                                    |
+| `headers`           | `{}`                                     | Extra WebSocket headers.                                                 |
+| `requestTimeoutMs`  | `60000`                                  | Timeout for app-server control-plane calls.                              |
+| `approvalPolicy`    | `"never"`                                | Native Codex approval policy sent to thread start/resume/turn.           |
+| `sandbox`           | `"workspace-write"`                      | Native Codex sandbox mode sent to thread start/resume.                   |
+| `approvalsReviewer` | `"user"`                                 | Use `"guardian_subagent"` to let Codex guardian review native approvals. |
+| `serviceTier`       | unset                                    | Optional Codex service tier, for example `"priority"`.                   |
+
+The older environment variables still work as fallbacks for local testing when
+the matching config field is unset:
+
+- `OPENCLAW_CODEX_APP_SERVER_BIN`
+- `OPENCLAW_CODEX_APP_SERVER_ARGS`
+- `OPENCLAW_CODEX_APP_SERVER_APPROVAL_POLICY`
+- `OPENCLAW_CODEX_APP_SERVER_SANDBOX`
+- `OPENCLAW_CODEX_APP_SERVER_GUARDIAN=1`
+
+Config is preferred for repeatable deployments.
+
+## Codex command
+
+The bundled plugin registers `/codex` as an authorized slash command. It is
+generic and works on any channel that supports OpenClaw text commands.
+
+Common forms:
+
+- `/codex status` shows live app-server connectivity, models, account, rate limits, MCP servers, and skills.
+- `/codex models` lists live Codex app-server models.
+- `/codex threads [filter]` lists recent Codex threads.
+- `/codex resume <thread-id>` attaches the current OpenClaw session to an existing Codex thread.
+- `/codex compact` asks Codex app-server to compact the attached thread.
+- `/codex review` starts Codex native review for the attached thread.
+- `/codex account` shows account and rate-limit status.
+- `/codex mcp` lists Codex app-server MCP server status.
+- `/codex skills` lists Codex app-server skills.
+
+`/codex resume` writes the same sidecar binding file that the harness uses for
+normal turns. On the next message, OpenClaw resumes that Codex thread, passes the
+currently selected OpenClaw `codex/*` model into app-server, and keeps extended
+history enabled.
+
 ## Tools, media, and compaction
 
 The Codex harness changes the low-level embedded agent executor only.
@@ -286,6 +386,9 @@ reports version `0.118.0` or newer.
 **Model discovery is slow:** lower `plugins.entries.codex.config.discovery.timeoutMs`
 or disable discovery.
 
+**WebSocket transport fails immediately:** check `appServer.url`, `authToken`,
+and that the remote app-server speaks the same Codex app-server protocol version.
+
 **A non-Codex model uses PI:** that is expected. The Codex harness only claims
 `codex/*` model refs.
 
 
@@ -152,6 +152,7 @@ Bundled plugins can add more slash commands. Current bundled commands in this re
 - `/phone status|arm <camera|screen|writes|all> [duration]|disarm` temporarily arms high-risk phone node commands.
 - `/voice status|list [limit]|set <voiceId|name>` manages Talk voice config. On Discord, the native command name is `/talkvoice`.
 - `/card ...` sends LINE rich card presets. See [LINE](/channels/line).
+- `/codex status|models|threads|resume|compact|review|account|mcp|skills` inspects and controls the bundled Codex app-server harness. See [Codex Harness](/plugins/codex-harness).
 - QQBot-only commands:
   - `/bot-ping`
   - `/bot-version`
 
@@ -18,6 +18,7 @@ export function createCodexAppServerAgentHarness(options?: {
   id?: string;
   label?: string;
   providerIds?: Iterable<string>;
+  pluginConfig?: unknown;
 }): AgentHarness {
   const providerIds = new Set(
     [...(options?.providerIds ?? DEFAULT_CODEX_HARNESS_PROVIDER_IDS)].map((id) =>
@@ -37,8 +38,10 @@ export function createCodexAppServerAgentHarness(options?: {
         reason: `provider is not one of: ${[...providerIds].toSorted().join(", ")}`,
       };
     },
-    runAttempt: runCodexAppServerAttempt,
-    compact: maybeCompactCodexAppServerSession,
+    runAttempt: (params) =>
+      runCodexAppServerAttempt(params, { pluginConfig: options?.pluginConfig }),
+    compact: (params) =>
+      maybeCompactCodexAppServerSession(params, { pluginConfig: options?.pluginConfig }),
     reset: async (params) => {
       if (params.sessionFile) {
         await clearCodexAppServerBinding(params.sessionFile);
 
@@ -14,6 +14,7 @@ describe("codex plugin", () => {
 
   it("registers the codex provider and agent harness", () => {
     const registerAgentHarness = vi.fn();
+    const registerCommand = vi.fn();
     const registerProvider = vi.fn();
 
     plugin.register(
@@ -25,6 +26,7 @@ describe("codex plugin", () => {
         pluginConfig: {},
         runtime: {} as never,
         registerAgentHarness,
+        registerCommand,
         registerProvider,
       }),
     );
@@ -34,5 +36,9 @@ describe("codex plugin", () => {
       id: "codex",
       label: "Codex agent harness",
     });
+    expect(registerCommand.mock.calls[0]?.[0]).toMatchObject({
+      name: "codex",
+      description: "Inspect and control the Codex app-server harness",
+    });
   });
 });
@@ -1,13 +1,15 @@
 import { definePluginEntry } from "openclaw/plugin-sdk/plugin-entry";
 import { createCodexAppServerAgentHarness } from "./harness.js";
 import { buildCodexProvider } from "./provider.js";
+import { createCodexCommand } from "./src/commands.js";
 
 export default definePluginEntry({
   id: "codex",
   name: "Codex",
   description: "Codex app-server harness and Codex-managed GPT model catalog.",
   register(api) {
-    api.registerAgentHarness(createCodexAppServerAgentHarness());
+    api.registerAgentHarness(createCodexAppServerAgentHarness({ pluginConfig: api.pluginConfig }));
     api.registerProvider(buildCodexProvider({ pluginConfig: api.pluginConfig }));
+    api.registerCommand(createCodexCommand({ pluginConfig: api.pluginConfig }));
   },
 });
@@ -3,6 +3,13 @@
   "name": "Codex",
   "description": "Codex app-server harness and Codex-managed GPT model catalog.",
   "providers": ["codex"],
+  "commandAliases": [
+    {
+      "name": "codex",
+      "kind": "runtime-slash",
+      "cliCommand": "plugins"
+    }
+  ],
   "configSchema": {
     "type": "object",
     "additionalProperties": false,
@@ -18,6 +25,57 @@
             "default": 2500
           }
         }
+      },
+      "appServer": {
+        "type": "object",
+        "additionalProperties": false,
+        "properties": {
+          "transport": {
+            "type": "string",
+            "enum": ["stdio", "websocket"],
+            "default": "stdio"
+          },
+          "command": {
+            "type": "string",
+            "default": "codex"
+          },
+          "args": {
+            "oneOf": [
+              {
+                "type": "array",
+                "items": { "type": "string" }
+              },
+              { "type": "string" }
+            ]
+          },
+          "url": { "type": "string" },
+          "authToken": { "type": "string" },
+          "headers": {
+            "type": "object",
+            "additionalProperties": { "type": "string" }
+          },
+          "requestTimeoutMs": {
+            "type": "number",
+            "minimum": 1,
+            "default": 60000
+          },
+          "approvalPolicy": {
+            "type": "string",
+            "enum": ["never", "on-request", "on-failure", "untrusted"],
+            "default": "never"
+          },
+          "sandbox": {
+            "type": "string",
+            "enum": ["read-only", "workspace-write", "danger-full-access"],
+            "default": "workspace-write"
+          },
+          "approvalsReviewer": {
+            "type": "string",
+            "enum": ["user", "guardian_subagent"],
+            "default": "user"
+          },
+          "serviceTier": { "type": "string" }
+        }
       }
     }
   },
@@ -34,6 +92,62 @@
       "label": "Discovery Timeout",
       "help": "Maximum time to wait for Codex app-server model discovery before falling back to the bundled model list.",
       "advanced": true
+    },
+    "appServer": {
+      "label": "App Server",
+      "help": "Runtime controls for connecting to Codex app-server.",
+      "advanced": true
+    },
+    "appServer.transport": {
+      "label": "Transport",
+      "help": "Use stdio to spawn Codex locally, or websocket to connect to an already-running app-server.",
+      "advanced": true
+    },
+    "appServer.command": {
+      "label": "Command",
+      "help": "Executable used for stdio transport.",
+      "advanced": true
+    },
+    "appServer.args": {
+      "label": "Arguments",
+      "help": "Arguments used for stdio transport. Defaults to app-server --listen stdio://.",
+      "advanced": true
+    },
+    "appServer.url": {
+      "label": "WebSocket URL",
+      "help": "Codex app-server WebSocket URL when transport is websocket.",
+      "advanced": true
+    },
+    "appServer.authToken": {
+      "label": "Auth Token",
+      "help": "Bearer token sent to the WebSocket app-server.",
+      "sensitive": true,
+      "advanced": true
+    },
+    "appServer.requestTimeoutMs": {
+      "label": "Request Timeout",
+      "help": "Maximum time to wait for Codex app-server control-plane requests.",
+      "advanced": true
+    },
+    "appServer.approvalPolicy": {
+      "label": "Approval Policy",
+      "help": "Codex native approval policy sent to thread start, resume, and turns.",
+      "advanced": true
+    },
+    "appServer.sandbox": {
+      "label": "Sandbox",
+      "help": "Codex native sandbox mode sent to thread start and resume.",
+      "advanced": true
+    },
+    "appServer.approvalsReviewer": {
+      "label": "Approvals Reviewer",
+      "help": "Use user approvals or the Codex guardian subagent for native app-server approvals.",
+      "advanced": true
+    },
+    "appServer.serviceTier": {
+      "label": "Service Tier",
+      "help": "Optional Codex service tier passed when starting or resuming threads.",
+      "advanced": true
     }
   }
 }
@@ -4,7 +4,8 @@
   "description": "OpenClaw Codex harness and model provider plugin",
   "type": "module",
   "dependencies": {
-    "@mariozechner/pi-coding-agent": "0.65.2"
+    "@mariozechner/pi-coding-agent": "0.65.2",
+    "ws": "^8.20.0"
   },
   "devDependencies": {
     "@openclaw/plugin-sdk": "workspace:*"
 
@@ -29,7 +29,9 @@ describe("codex provider", () => {
       pluginConfig: { discovery: { timeoutMs: 1234 } },
     });
 
-    expect(listModels).toHaveBeenCalledWith({ limit: 100, timeoutMs: 1234 });
+    expect(listModels).toHaveBeenCalledWith(
+      expect.objectContaining({ limit: 100, timeoutMs: 1234 }),
+    );
     expect(result.provider).toMatchObject({
       auth: "token",
       api: "openai-codex-responses",