[QA harness] Mock approval followthrough emits undeclared read for Codex app-server lane

[100yenadmin]

Correction TLDR

Status: harness/mock-provider artifact, not a proven user-facing Codex app-server bug.

The original issue overclaimed this as a P1 Codex runtime problem. A higher-confidence audit shows the mock provider emits a provider-level read function call from prompt text even when the Codex app-server lane does not declare read as an OpenClaw dynamic tool. Codex intentionally owns workspace tools such as read/write/edit/exec/apply_patch natively rather than exposing them through the OpenClaw dynamic-tool bridge.

What actually breaks: the QA parity harness was comparing a malformed mock-provider plan against the Codex app-server lane. This is not enough evidence that real users lose approval-followthrough reads.

Product impact if OpenClaw moved fully to Codex today: P4 until live/native proof says otherwise. The remaining risk is live proof coverage, not a demonstrated production approval-read regression.

Latest Beta.5 Evidence

OpenClaw baseline: v2026.5.10-beta.5
PR: #80323
PR head: 3336dec6419c9cc9a87dc7cfa6f48118ca2d838e
Remote proof run: https://github.com/electricsheephq/openclaw-local-test/actions/runs/25719383976
Confidence tracker: #80936

The corrected first-hour-20 mock gate now has zero hard failures:

{
  "first-hour-20-direct": { "total": 18, "passed": 15, "skipped": 3, "failed": 0 }
}

approval-turn-tool-followthrough is one of the 3 report-only rows:

mock-openai still models approval followthrough as a Pi-style read call; Codex-native approval/read behavior requires native/live proof

Correct Fix

• Gate mock read planning on declared/available tools, or model Codex-native read through the real Codex app-server native tool protocol.
• Keep mock provider-plan diagnostics separate from runtime transcript/tool-call evidence.
• Reopen/escalate as a product bug only if a live/native Codex run shows approved reads fail outside this mock contract.

Superseded Original Report

The earlier reproduction and observed drift were useful for finding the harness flaw, but should not be read as proof of a Codex product/runtime bug.

Links

• Umbrella RFC/tracker: Codex-vs-Pi runtime parity QA harness (RFC + tracking) #80171
• PR: [qa-lab] Complete Codex vs Pi runtime parity harness phases 2-5 #80323
• Confidence proof: [QA-lab] Codex runtime parity beta.5 confidence proof for PR #80323 #80936
• Live/Testbox proof tracker: [QA-lab] Complete live-frontier token-efficiency and Testbox parity proof #80397

[100yenadmin]

The harness PR that exposed this drift is #80238. It intentionally does not fix this runtime behavior; it adds the diagnostic lane that makes the drift visible and actionable.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Summary
Keep open: current main still shows the Codex-native workspace-tool filter and the mock provider can still plan read from the approval prompt, while the latest issue comments say the active runtime-parity branch still fails this row as a harness/mock-provider fidelity problem rather than a proven production Codex bug.

Reproducibility: Do we have a high-confidence way to reproduce the issue? Partly: the fresh issue comments provide a focused runtime-pair command and failing output against the active PR head, and source inspection on current main confirms the mock/Codex mismatch; I did not establish an end-to-end current-main failure because the runtime-pair lane is not merged.

Next step
An active same-author harness PR already references this issue, so maintainer review should decide whether the approval-read fixture fix lands there or in a focused follow-up before ClawSweeper queues duplicate repair work.

Review details

Best possible solution:

The desired end state is a QA harness where Codex-native workspace reads are exercised through native app-server behavior, or the mock provider refuses to plan undeclared read tools, with provider-plan diagnostics kept separate from transcript runtime tool evidence.

Do we have a high-confidence way to reproduce the issue?

Do we have a high-confidence way to reproduce the issue? Partly: the fresh issue comments provide a focused runtime-pair command and failing output against the active PR head, and source inspection on current main confirms the mock/Codex mismatch; I did not establish an end-to-end current-main failure because the runtime-pair lane is not merged.

Is this the best way to solve the issue?

Is this the best way to solve the issue? Yes for the updated direction: exposing read as an OpenClaw dynamic tool in the Codex lane would fight the current Codex-native contract, so the maintainable fix is mock-tool gating or a native Codex read/approval fixture coordinated with the active runtime-parity PR.

What I checked:

• Live issue discussion: The issue body and latest comments reclassify the report as a QA harness/mock-provider fidelity issue, include a fresh rerun against open PR head 767606e where approval-turn-tool-followthrough still fails, and explicitly say it should stay open for native-read modeling or mock read gating.
• Codex dynamic tool contract: Codex app-server-owned dynamic tool excludes include read, write, edit, apply_patch, exec, process, and update_plan, matching the issue's corrected premise that workspace reads are Codex-native rather than OpenClaw dynamic tools. (extensions/codex/src/app-server/dynamic-tool-profile.ts:3, 32c1ba77b6de)
• Codex app-server test contract: Current tests assert that read and the other workspace tools are not exposed as Codex app-server dynamic tools, while integration tools such as web_search, message, and sessions_spawn remain exposed. (extensions/codex/src/app-server/run-attempt.test.ts:556, 32c1ba77b6de)
• Mock provider read planning path: The mock OpenAI provider still emits a read call when the prompt mentions read/inspect/repo/docs/scenario/kickoff and there is no tool output, without checking that read was declared in the provider request. (extensions/qa-lab/src/providers/mock-openai/server.ts:1991, 32c1ba77b6de)
• Declared tool helper exists but does not guard the read fallback: The mock provider has a hasDeclaredTool helper and uses it for selected tools, which supports the narrow fix direction of gating mock read planning on the declared tool surface. (extensions/qa-lab/src/providers/mock-openai/server.ts:766, 32c1ba77b6de)
• Approval followthrough fixture asks for a read: The scenario's approval prompt asks the agent to read QA_KICKOFF_TASK.md, so this is the row where an undeclared mock read plan can collide with Codex-native workspace-tool ownership. (qa/scenarios/runtime/approval-turn-tool-followthrough.md:28, 32c1ba77b6de)

Likely related people:

• Peter Steinberger: Current-main blame for the mock-provider read path, approval fixture, and Codex dynamic-tool filter points to 005cca7, and shortlog shows the largest sample count across the central QA/Codex files. (role: recent area contributor; confidence: high; commits: 005cca7464a9, eeef4864494f, 2fc429dfbf0e; files: extensions/qa-lab/src/providers/mock-openai/server.ts, qa/scenarios/runtime/approval-turn-tool-followthrough.md, extensions/codex/src/app-server/dynamic-tool-profile.ts)
• pashpashpash: Local history shows pashpashpash authored the recent Codex native code-mode work that is directly adjacent to the app-server native workspace-tool boundary implicated here. (role: Codex runtime contributor; confidence: medium; commits: 0e8a7e12da4a; files: extensions/codex/src/app-server/dynamic-tool-profile.ts, extensions/codex/src/app-server/run-attempt.ts, extensions/codex/src/app-server/run-attempt.test.ts)
• 100yenadmin: The issue comments and open PRs test(qa-lab): add Codex vs Pi runtime parity harness #80238 and [qa-lab] Complete Codex vs Pi runtime parity harness phases 2-5 #80323 show 100yenadmin actively auditing and implementing the runtime-parity harness; local history also shows Eva-authored parity scenario/report commits in this area. (role: active harness follow-up owner; confidence: medium; commits: fd45ea2bf17d, 55df6f11a4e3, 67fdd3b4dfe6; files: extensions/qa-lab/src/agentic-parity.ts, extensions/qa-lab/src/providers/mock-openai/server.ts, qa/scenarios/runtime/approval-turn-tool-followthrough.md)

Remaining risk / open question:

• The end-to-end runtime-pair reproduction is on active PR branches rather than current main, so current-main inspection proves the component mismatch but not a merged-lane failure.
• Open PR [qa-lab] Complete Codex vs Pi runtime parity harness phases 2-5 #80323 may subsume this fixture work, so a separate automated repair would risk racing an active harness branch.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 32c1ba77b6de.

[100yenadmin]

Fresh Rerun Evidence

I reran the focused approval followthrough parity row against current PR #80323.

Status remains: open as a QA harness/mock-provider fidelity issue, not a proven Codex product/runtime bug.

Priority if OpenClaw moved fully to Codex today: P4 product impact, P2 harness fidelity.

Command

OPENCLAW_QA_SUITE_PROGRESS=1 OPENCLAW_BUILD_PRIVATE_QA=1 OPENCLAW_ENABLE_PRIVATE_QA_CLI=1 \
pnpm openclaw qa suite \
  --runtime-pair pi,codex \
  --provider-mode mock-openai \
  --concurrency 1 \
  --allow-failures \
  --scenario approval-turn-tool-followthrough \
  --output-dir .artifacts/openclaw-parity-harness/full-rerun-20260511/issue-80236-approval-followthrough

Observed Summary

{
  "status": "fail",
  "drift": "tool-call-shape",
  "driftDetails": "tool call count differs (1 vs 0)",
  "piCalls": 1,
  "codexCalls": 0,
  "piProviderPlans": 1,
  "codexProviderPlans": 1,
  "piFinal": "Protocol note: I reviewed the requested material. Evidence snippet: QA mission: Understand this OpenClaw repo from source + docs before acting...",
  "codexFinal": "Protocol note: I reviewed the requested material. Evidence snippet: unsupported call: read"
}

Interpretation

This confirms the issue is still present in the mock harness row: the mock provider plans read for both cells, Pi executes a read-shaped call, and Codex records unsupported call: read with no transcript runtime tool call. This still does not prove a live/native Codex user-facing read failure; it proves the mock approval fixture is not Codex-native-aware.

Artifact

Local artifact path from this rerun:

.artifacts/openclaw-parity-harness/full-rerun-20260511/issue-80236-approval-followthrough/qa-suite-summary.json

[100yenadmin]

2026-05-10 update: keep as approval/read mock-fixture issue

TLDR: this is a QA harness/mock-provider fidelity issue, not a proven production Codex read bug. Codex app-server mode intentionally does not expose OpenClaw dynamic read; native Codex owns file reads.

Product severity if OpenClaw moved fully to Codex today: P4 from this evidence.

QA severity: P2, because approval-followthrough still needs a Codex-native read proof path instead of a mock provider plan that can emit undeclared read.

What was wrong with the old interpretation

The old report treated the mock provider's planned read as if it were a real Codex runtime tool call. That is not safe. In Codex app-server mode, read is filtered from OpenClaw dynamic tools by design, so a mock read plan is testing the wrong protocol layer unless the fixture explicitly models native Codex read behavior.

Current expected fix

• Do not require OpenClaw dynamic read exposure in the Codex cell.
• Add a native Codex read/approval fixture or make the mock provider gate read planning on the declared tool surface.
• Keep provider-plan snapshots separate from transcript/app-server runtime tool calls.

Current status

The broader #80323 correction now handles Codex-native workspace fixtures as native-owned, so these rows no longer become hard product failures solely because Codex has zero OpenClaw dynamic read calls. This issue should stay open only for the approval-followthrough fixture's missing native-read modeling.

[100yenadmin]

95% confidence audit update

TLDR: still not a confirmed Codex runner bug. Keep this open as a QA/mock approval-read fixture issue unless native Codex approval/read behavior independently reproduces.

Fresh audit on PR #80323 head 767606e98624949c824f845dcce5b6d94e4e7eee:

• first-hour-20 mock runtime-pair suite: 18 total / 6 pass / 12 fail.
• approval-turn-tool-followthrough: still fails as tool-call-shape, Pi actual tool calls 1, Codex actual tool calls 0.
• Codex provider-plan/debug evidence still shows the planned read, but transcript-derived runtime tool calls are zero and final text includes unsupported call: read.

Current confidence classification:

• Product impact: P4 until native/live proof says otherwise.
• QA impact: P1/P2, because the mock approval/read fixture is still useful but is testing the wrong layer for Codex-native workspace reads.
• Action: model this through native Codex app-server behavior or fix the mock to avoid emitting undeclared direct read calls for the Codex lane.

This issue should not be used to claim users lose approval-followthrough reads in Codex. It is a harness fidelity issue unless a non-mock Codex run proves the same failure.

[100yenadmin]

2026-05-11 correction / current status

TLDR: this is not currently a confirmed Codex runner product bug. It is a mock/native mismatch: the mock-openai provider still models approval followthrough as a Pi-style read call, but Codex owns read natively and does not expose duplicate OpenClaw dynamic read in app-server mode.

Current evidence from PR #80323 head 7ed1a27f8932e6a049095abf27bab46d41355bbd:

• first-hour-20 direct: 15 passed / 0 failed / 3 report-only.
• This row is now explicitly report-only with reason: mock-openai still models approval followthrough as a Pi-style read call; Codex-native approval/read behavior requires native/live proof.

What actually breaks in the corrected mock lane:

• Pi cell can use a dynamic read fixture.
• Codex cell intentionally does not have duplicate dynamic read.
• The mock provider does not yet drive a Codex-native read event, so the row cannot prove native approval/read behavior in mock mode.

Product impact if OpenClaw moved fully to Codex today: P4 based on current evidence. No native/live approval-read failure has been reproduced yet.

QA impact: P2. The row should stay visible because approval followthrough is important, but mock-only failure must not be filed as a Codex product regression.

Next action: keep open only as a QA/native-proof gap. Escalate to a product bug only if a native/live Codex approval-read run fails outside the mock provider assumption.

[100yenadmin]

Post-main 95% confidence update from PR #80323 head be853815c1:

TLDR: this remains a QA/native-proof gap, not a confirmed Codex product read bug. The corrected first-hour-20 run still marks approval-turn-tool-followthrough report-only because the mock provider models the action as a Pi-style read call, while Codex workspace reads are native-owned and should be proven through native/live Codex behavior.

Severity after correction:

• Product impact if OpenClaw moved to Codex today: P4 unless a native/live approval-read failure is reproduced.
• QA impact: P2 because this row cannot yet be used as a hard mock CI gate for Codex-native approval/read behavior.

Fresh evidence:

first-hour-20 direct, mock-openai, post-main:
{ "total": 18, "passed": 15, "failed": 0 }

Approval row status:
report-only runtime drift classified as failure-mode: mock-openai still models approval followthrough as a Pi-style read call; Codex-native approval/read behavior requires native/live proof

Action: keep this as a harness/proof-lane issue until we either add a native Codex approval-read repro or move this row into a live/native proof workflow.

[100yenadmin]

Final remote proof update from PR #80323 head f488e5c08d

TLDR: this is still not a confirmed Codex read/approval product bug. It remains a QA/native-proof gap: the mock provider cannot prove Codex-native approval/read behavior because Codex owns workspace reads natively instead of exposing duplicate OpenClaw dynamic read.

Remote proof run: https://github.com/electricsheephq/openclaw-local-test/actions/runs/25675814764
Runtime artifact: https://github.com/electricsheephq/openclaw-local-test/actions/runs/25675814764/artifacts/6921629392

Current evidence:

• first-hour-20 direct: 18 total / 15 passed / 0 failed.
• The approval/read row is report-only/native-live-required, not a hard mock failure.
• No source-level proof or live/native reproduction currently shows Codex app-server cannot perform the approval/read path.

Impact classification:

• Product impact if OpenClaw moved to Codex today: P4 unless a native/live approval-read failure is reproduced.
• QA impact: P2, because this row should not be used as a hard mock CI gate until a native/live proof lane exists.

Next proof path: run a local Codex-OAuth live smoke through Codex app-server using the existing local CODEX_HOME, then only escalate if the native path fails.