[Bug]: Fallback chain not triggered on 429 quota errors for openai-codex provider

[derricksy]

Summary

When an agent hits a 429 "You exceeded your current quota" error from the openai-codex provider, the configured model fallback chain does not trigger. The agent retries the same model repeatedly and fails permanently instead of falling back to the next model in the chain.

Steps to reproduce

1. Configure an agent in agents.list with model.primary=openai-codex/gpt-5.2-codex and model.fallbacks=[kimi-coding/k2p5, minimax-portal/MiniMax-M2.5]
2. Each agent has its own auth-profiles.json with a single openai-codex:default token
3. Exhaust the Codex token quota (or use a token that has hit its limit)
4. Trigger the agent via sessions_spawn from another agent
5. Observe: agent retries openai-codex 4 times with stopReason=error, never attempts fallback models

Expected behavior

429 quota error should be classified as failover-eligible (same as "usage limit" errors per #687), triggering the configured model.fallbacks chain. Agent should fall back to kimi-coding/k2p5, then minimax-portal/MiniMax-M2.5.

Actual behavior

stopReason: error returned 4 times with the same provider (openai-codex) and model (gpt-5.2-codex). Fallback models (kimi-coding/k2p5, minimax-portal/MiniMax-M2.5) are never attempted. Session ends with permanent failure.

Error message: "429 You exceeded your current quota, please check your plan and billing details. For more information on this error, read the docs: https://platform.openai.com/docs/guides/error-codes/api-errors."

OpenClaw version

2026.2.17

Operating system

macOS 14.x

Install method

npm global

Logs, screenshots, and evidence

Impact and severity

Affected: Any agent using openai-codex as primary model with fallbacks configured
Severity: High — agent permanently fails instead of degrading gracefully
Frequency: 100% repro when Codex token quota is exhausted
Consequence: Fallback models are never used, defeating the purpose of the fallback chain config. Workaround is token isolation across separate rate limit pools, but fallback should still work

Additional information

Possibly related to #11972, #19249, #5744. The fix in #687 ("recognize usage limit errors as rate limits for failover") appears to not cover the openai-codex provider's specific 429 quota error message: "You exceeded your current quota, please check your plan and billing details."

Agent config:
{
"model": {
"primary": "openai-codex/gpt-5.2-codex",
"fallbacks": ["kimi-coding/k2p5", "minimax-portal/MiniMax-M2.5"]
}
}

Per-agent auth via ~/.openclaw/agents//agent/auth-profiles.json (no global auth.order for openai-codex).

[newcodebook]

You’re not crazy—OpenClaw’s failover is two-stage:

1. rotate/disable auth profiles within the current provider
2. only then advance to the next entry in model.fallbacks

So if the openai-codex 429 is being classified as “billing/quota” (or otherwise not treated as a rate-limit/auth failover signal), you can end up retrying the same model instead of walking fallbacks.

Practical workarounds (today):

1. If you just need reliability: make Codex a fallback instead of primary

• set a non-Codex primary, keep openai-codex/gpt-5.2-codex in model.fallbacks

2. If you want Codex primary: use auth profile failover for openai-codex

• add 2+ openai-codex:* profiles (different keys/accounts) and set an explicit order via auth.order["openai-codex"]
• when quota is hit, the active profile should be disabled and OpenClaw can rotate to the next profile (then, if all profiles are exhausted, it should advance to model.fallbacks)

3. Verify what OpenClaw thinks is failing

openclaw models status --agent <agentId>
openclaw models status --agent <agentId> --probe

If you can paste a log snippet that includes the failover reason/classification for the 429 (and whether it’s “rate_limit” vs “billing”), it’ll be easier to pin down why the fallback chain isn’t advancing.

Recommended CoClaw refs:

• https://coclaw.com/troubleshooting/solutions/models-all-models-failed/
• https://coclaw.com/openclaw-config-generator/

[sstklen]

Hey! I ran into a similar pattern in our bug knowledge base and thought this might help.

What's happening: 429 quota errors are classified as transient rate-limits, triggering auth-profile rotation within the same provider. Since there's only one auth profile, it retries the same exhausted token 4 times instead of advancing to model.fallbacks. The error classifier doesn't distinguish 'quota exceeded' (permanent, billing-level) from 'rate limited' (transient, retry-worthy).

What worked for us:

In the error classification/failover logic, detect 429 responses containing 'exceeded your current quota' or 'insufficient_quota' as provider-exhausted (not retryable), immediately marking all auth profiles for that provider as failed and advancing to the next model in fallbacks. Alternatively, as a workaround: move openai-codex from model.primary to fallbacks[0] so the chain naturally advances, or add multiple distinct API keys as separate auth profiles so rotation has somewhere to go.

// In the error classifier (e.g. provider-failover.ts or retry logic):
// Before:
if (status === 429) {
  return { action: 'rotate_auth_profile' }; // retries same provider
}
// After:
if (status === 429) {
  const isQuotaExhausted = body?.error?.type === 'insufficient_quota'
    || body?.error?.message?.includes('exceeded your current quota');
  if (isQuotaExhausted) {
    return { action: 'advance_fallback_model' }; // skip to next model in chain
  }
  return { action: 'rotate_auth_profile' }; // transient rate-limit, try next key
}

Hope this helps! Let me know if it doesn't match your case — happy to dig deeper. 🦞

Disclosure: This analysis is from Confucius Debug, an AI-powered community KB for agent bugs. Please verify before applying.

---

_{🦞 Confucius Debug — community knowledge base for AI agent bugs. Free to search via MCP.}

[valo]

Is there a way to use openai-codex as primary model and if the 429 error is hit to switch to openai with an API key? I have a single codex subscription, which ideally I can use until it's throttled and then switch to an API key which is charged by the token.

[sstklen]

@valo Yes, that's exactly what model.fallbacks is designed for:

model:
  primary: openai-codex/gpt-5.2-codex
  fallbacks:
    - openai/gpt-4.1  # your paid API key

But as described in this issue, 429 quota errors from codex are misclassified — so the fallback chain won't trigger yet.

Until the fix lands, @newcodebook's workaround #1 above is probably your cleanest option: flip it — make your paid openai model the primary, and put codex in fallbacks. That way you always have a working path, and codex gets used when openai hits limits.

[valo]

Until the fix lands, @newcodebook's workaround #1 above is probably your cleanest option: flip it — make your paid openai model the primary, and put codex in fallbacks. That way you always have a working path, and codex gets used when openai hits limits.

The challenge with this solution is that my monthly bill is going to more than double...

[sstklen]

@valo Totally understand — doubling your bill defeats the purpose of having a codex sub.

Middle-ground until the 429 classification fix ships:

1. Keep codex primary, but use a cheaper fallback — openai/gpt-4.1-mini is ~10x cheaper than gpt-4.1 and handles most coding tasks fine
2. Set a daily hard cap so the fallback can't run away:

   openclaw config set daily_budget_usd 5.00
   

3. Hack to force correct fallback behavior today: add a second codex auth profile (even with the same key). When profile fix: add @lid format support and allowFrom wildcard handling #1 gets 429'd, OpenClaw rotates to Login fails with 'WebSocket Error (socket hang up)' ECONNRESET #2, which also 429s → provider exhausted → advances to model.fallbacks. Hacky but triggers the correct code path.

This way codex handles your normal workload, the cheap fallback only fires during quota spikes, and the daily cap keeps your bill predictable.