fix(codex): distrust exec reviewer transport overrides

vincentkoc · vincentkoc · commit e3318f163e63 · 2026-06-09T09:23:52.000+09:00
diff --git a/extensions/codex/src/app-server/config.test.ts b/extensions/codex/src/app-server/config.test.ts
@@ -411,6 +411,52 @@ describe("Codex app-server config", () => {
         },
       }),
     ).toBe(false);
+    for (const openAIProvider of [
+      {
+        baseUrl: "https://api.openai.com/v1",
+        request: { proxy: { mode: "explicit-proxy" as const, url: "http://localhost:8080" } },
+        models: [],
+      },
+      {
+        baseUrl: "https://api.openai.com/v1",
+        headers: { "x-openclaw-reviewer-proxy": "local" },
+        models: [],
+      },
+      {
+        baseUrl: "https://api.openai.com/v1",
+        authHeader: false,
+        models: [],
+      },
+      {
+        baseUrl: "https://api.openai.com/v1",
+        models: [
+          {
+            id: "gpt-5.5",
+            name: "GPT with custom headers",
+            reasoning: true,
+            input: ["text" as const],
+            cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+            contextWindow: 128_000,
+            maxTokens: 8_192,
+            headers: { "x-openclaw-reviewer-proxy": "local" },
+          },
+        ],
+      },
+    ]) {
+      expect(
+        canUseCodexModelBackedApprovalsReviewerForModel({
+          modelProvider: "openai",
+          model: "gpt-5.5",
+          config: {
+            models: {
+              providers: {
+                openai: openAIProvider,
+              },
+            },
+          },
+        }),
+      ).toBe(false);
+    }
     expect(
       canUseCodexModelBackedApprovalsReviewerForModel({
         modelProvider: "openai",
diff --git a/extensions/codex/src/app-server/config.ts b/extensions/codex/src/app-server/config.ts
@@ -1350,10 +1350,13 @@ function configuredOpenAIProviderIsTrustedForModelBackedReview(
   openAIProvider: Record<string, unknown>,
   modelInput: string | undefined,
 ): boolean {
-  if (readRecord(openAIProvider.localService)) {
-    return false;
-  }
-  if (!isNativeOpenAIBaseUrl(openAIProvider.baseUrl)) {
+  if (
+    readRecord(openAIProvider.localService) ||
+    hasNonEmptyRecord(openAIProvider.headers) ||
+    hasNonEmptyRecord(openAIProvider.request) ||
+    typeof openAIProvider.authHeader === "boolean" ||
+    !isNativeOpenAIBaseUrl(openAIProvider.baseUrl)
+  ) {
     return false;
   }
   const models = openAIProvider.models;
@@ -1369,7 +1372,11 @@ function configuredOpenAIProviderIsTrustedForModelBackedReview(
     if (typeof model?.id !== "string" || !matchesConfiguredOpenAIModelId(modelId, model.id)) {
       continue;
     }
-    if (!isNativeOpenAIBaseUrl(model.baseUrl)) {
+    if (
+      hasNonEmptyRecord(model.headers) ||
+      hasNonEmptyRecord(model.request) ||
+      !isNativeOpenAIBaseUrl(model.baseUrl)
+    ) {
       return false;
     }
   }
@@ -1390,6 +1397,11 @@ function matchesConfiguredOpenAIModelId(modelId: string, configuredModelId: stri
   return Boolean(configured) && (modelId === configured || modelId.startsWith(`${configured}@`));
 }
 
+function hasNonEmptyRecord(value: unknown): boolean {
+  const record = readRecord(value);
+  return record !== undefined && Object.keys(record).length > 0;
+}
+
 function isNativeOpenAIBaseUrl(value: unknown): boolean {
   if (typeof value !== "string" || !value.trim()) {
     return true;
