[QA harness] fs.read failure fixture compares mock provider-plan args, not Codex runtime args

[100yenadmin]

Correction TLDR

Status: harness/mock fixture artifact, not a proven user-facing Codex runtime bug.

The original issue framed this as Codex replaying happy-path fs.read args on a failure-path runtime call. The stronger audit shows the evidence came from the mock provider's /debug/requests planned-args field, not from a verified Codex runtime tool execution.

What actually breaks: the QA fixture used mock provider-plan args as if they were runtime transcript tool-call args. That invalidated the fixture as proof of Codex failure-path read behavior.

Product impact if OpenClaw moved fully to Codex today: P4 until live/native proof says otherwise. This should not be treated as a user-facing read failure unless a real Codex native read-denial path reproduces it.

Latest Beta.5 Evidence

OpenClaw baseline: v2026.5.10-beta.5
PR: #80323
PR head: 3336dec6419c9cc9a87dc7cfa6f48118ca2d838e
Remote proof run: https://github.com/electricsheephq/openclaw-local-test/actions/runs/25719383976
Confidence tracker: #80936

The corrected confidence proof separates provider-plan intent from runtime transcript calls and passes with zero unknowns:

{
  "tool-defaults-direct": { "total": 20, "passed": 20, "skipped": 0, "failed": 0 },
  "confidence-report": { "pass": true, "zeroUnknowns": true }
}

Correct Fix

• Replace direct __qaFailureMode tool args with valid tool-shaped args plus separate harness fault injection when this row is expanded again.
• Report provider-plan args separately from runtime tool-call args.
• Add live/native Codex proof before reopening as a product/runtime bug.

Superseded Original Report

The earlier artifact was useful for identifying report confusion, but it should not be treated as proof that Codex rewrites runtime read args.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Summary
Keep open. The issue was corrected into a QA-harness fixture/reporting problem, and current main still lacks the runtime-pair/tool-defaults surface needed to reproduce or repair it there; the remaining work is already tied to the open harness PR rather than a standalone source fix on main.

Reproducibility: no. Current main lacks the runtime-tool-fs-read fixture and the --runtime-pair/tool-defaults CLI surface, so there is no high-confidence current-main reproduction path even though the linked PR/local artifacts describe one.

Next step
Not a safe standalone repair lane because the remaining work is already paired with the open harness PR and depends on landing or splitting that runtime-pair fixture surface first.

Review details

Best possible solution:

Land or split a minimal runtime-pair fs.read fixture that records runtime tool-call args separately from mock planned args, then escalate to a Codex runtime bug only if native/live proof reproduces the drift.

Do we have a high-confidence way to reproduce the issue?

No. Current main lacks the runtime-tool-fs-read fixture and the --runtime-pair/tool-defaults CLI surface, so there is no high-confidence current-main reproduction path even though the linked PR/local artifacts describe one.

Is this the best way to solve the issue?

Unclear. The requested direction is right for harness correctness, but the fix should happen in the runtime parity harness or its open PR before treating this as a user-facing Codex runtime defect.

What I checked:

• Live issue state and corrected scope: The issue is still open, has no protected labels, and its body now says the evidence is a harness/mock fixture artifact rather than a proven user-facing Codex runtime bug; the requested fix is valid tool-shaped args plus separate fault injection and provider-plan/runtime-call reporting.
• Open paired harness PR: The linked PR remains open and unmerged; its body says it adds runtime-pair suites, per-tool fixtures, tool coverage, and tracks this issue as fs.read failure-path drift. (2ad1a4b9d281)
• PR branch fixture evidence: The open PR file list includes qa/scenarios/runtime/tools/fs-read.md, whose patch marks the fs.read fixture with tracking/known-broken metadata for this issue; that fixture is not on current main. (qa/scenarios/runtime/tools/fs-read.md:1, 2ad1a4b9d281)
• Current main lacks per-tool runtime fixtures: Current main lists runtime scenarios but no qa/scenarios/runtime/tools directory or runtime-tool-fs-read fixture, so the reported fixture path cannot be run from this checkout. (qa/scenarios/runtime/approval-turn-tool-followthrough.md:1, 4837930b5cae)
• Current CLI lacks runtime-pair/tool-defaults selectors: The qa suite command on current main exposes scenario, provider, model, parity-pack, and related options, but not --runtime-pair, --runtime-suite, or tool-defaults; qa parity-report also still expects candidate/baseline summaries, not a runtime-axis summary. (extensions/qa-lab/src/cli.ts:239, 4837930b5cae)
• Mock provider records planned arguments: The mock OpenAI debug snapshot explicitly stores plannedToolArgs extracted from generated provider events, matching the issue's concern that provider-plan args can be mistaken for runtime tool-call args. (extensions/qa-lab/src/providers/mock-openai/server.ts:104, 4837930b5cae)

Likely related people:

• @shakkernerd: Local blame for the current QA CLI, mock-provider planned-argument debug capture, and Codex dynamic tool-call capture points to Shakker's recent commit in the relevant files. (role: recent area contributor; confidence: medium; commits: 3de98c652fb6; files: extensions/qa-lab/src/cli.ts, extensions/qa-lab/src/providers/mock-openai/server.ts, extensions/codex/src/app-server/run-attempt.ts)
• 100yenadmin: They authored this issue and the open harness PR that adds the missing fs.read runtime-tool fixture and runtime parity reporting surface. (role: QA parity reporter and proposed harness contributor; confidence: medium; commits: 2ad1a4b9d281; files: qa/scenarios/runtime/tools/fs-read.md, extensions/qa-lab/src/runtime-parity.ts, extensions/qa-lab/src/tool-coverage-report.ts)

Remaining risk / open question:

• The failing fixture and local artifacts named in the issue are on an open PR/local run, not current main, so the exact failure cannot be validated from this checkout.
• The root cause remains unproven until provider-plan args and Codex runtime-captured tool-call args are reported separately.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 4837930b5cae.

[100yenadmin]

Tied into the Phase 2 harness in #80323.

The runtime-tool-fs-read fixture now marks this as the known-broken tracking issue, and the full tool coverage proof records the drift in .artifacts/qa-e2e/tool-coverage-phase2-full-runtime.md. This is linked back to umbrella #80171 and Phase 2 #80173.

[100yenadmin]

Adding maintainer triage details.

Priority

Medium. This is a narrow read-argument parity bug. It matters because read/list are high-frequency tools and argument-shape drift can hide failure-path handling bugs, but it is not as broad as #80319.

Plain-English problem

The fixture asks both runtimes to perform two read calls:

1. Happy path: read QA_KICKOFF_TASK.md.
2. Failure path: call read with a synthetic denied-input marker so the harness can prove failure arguments/results are preserved.

Pi preserves the second call as the synthetic failure-path input. Codex repeats the first/happy-path args on the second call.

Fresh local evidence

In the plugin-backed tool-defaults run:

Runtime tool fixture — fs.read
pi:    pass, 2 read calls
codex: pass, 2 read calls
drift: tool-call-shape
details: tool call 2 differs (...) -> tool argument shape differs

This is different from #80319: Codex does call read, but the second call arguments differ from Pi.

Repro

OPENCLAW_QA_SUITE_PROGRESS=1 OPENCLAW_BUILD_PRIVATE_QA=1 OPENCLAW_ENABLE_PRIVATE_QA_CLI=1 \
  node scripts/run-openclaw-parity.mjs tool-defaults \
    --openclaw-root /Volumes/LEXAR/repos/openclaw-1 \
    --provider-mode mock-openai \
    --concurrency 1 \
    --output-dir artifacts/closure-tool-defaults-mock

Inspect:

• /Volumes/LEXAR/repos/openclaw-1/.artifacts/openclaw-parity-harness/closure-tool-defaults-mock/runtime-report/qa-runtime-parity-report.md

What to debug

Compare the captured mock-provider planned args versus the Codex runtime-cell captured tool call args for the second read. If the mock provider emitted the denied-input marker and Codex captured path: QA_KICKOFF_TASK.md, the bug is in Codex tool-call projection/capture. If the mock provider emitted the happy-path args for Codex, the bug is in the Codex cell prompt/tool-schema path into the mock provider.

[100yenadmin]

Fresh Rerun Evidence

I reran the current tool-defaults mock parity suite on PR #80323 and extracted the runtime-tool-fs-read row.

Status remains: open as a QA harness/mock fixture issue. It is now correctly report-only (skip) instead of a hard product/runtime failure.

Priority if OpenClaw moved fully to Codex today: P4 product impact, P2 harness fidelity.

Command

OPENCLAW_QA_SUITE_PROGRESS=1 OPENCLAW_BUILD_PRIVATE_QA=1 OPENCLAW_ENABLE_PRIVATE_QA_CLI=1 \
pnpm openclaw qa suite \
  --runtime-pair pi,codex \
  --runtime-suite tool-defaults \
  --provider-mode mock-openai \
  --output-dir .artifacts/openclaw-parity-harness/harness-only-repair-smoke-final

Observed fs.read Row

{
  "scenario": "runtime-tool-fs-read",
  "status": "skip",
  "details": "report-only runtime drift classified as tool-call-shape: QA mock failure-path capture currently reports provider-plan args, not proven Codex runtime args.",
  "drift": "tool-call-shape",
  "driftDetails": "tool call count differs (2 vs 0)",
  "piCalls": 2,
  "codexCalls": 0,
  "piProviderPlans": 2,
  "codexProviderPlans": 2
}

Interpretation

The original overclaim is fixed: provider plans are tracked separately from runtime transcript calls, and the row is no longer treated as a hard Codex runtime failure. The underlying harness gap remains: the mock fixture still cannot honestly prove Codex native read failure-path behavior.

Artifact

.artifacts/openclaw-parity-harness/harness-only-repair-smoke-final/qa-suite-summary.json

[100yenadmin]

2026-05-10 update: narrowed to provider-plan vs runtime-call capture

TLDR: this remains a QA fixture/reporting bug. It does not currently prove Codex replays happy-path fs.read args in a real runtime call.

Product severity if OpenClaw moved fully to Codex today: P4 from this evidence.

QA severity: P2, because fs.read/fs.list are important enough that the harness needs trustworthy native-read failure-path proof.

What was actually wrong

The fixture mixed two evidence sources:

• /debug/requests.plannedToolArgs: mock provider intent.
• transcript/app-server toolCalls: actual runtime evidence.

The issue was originally described from provider-plan data. That is not enough to claim a Codex runtime argument rewrite, especially because Codex intentionally owns read natively and does not expose duplicate OpenClaw dynamic read.

Harness correction now in #80323

• fs.read and fs.list are classified as codex-native-workspace rows.
• Missing OpenClaw dynamic read exposure in Codex is no longer hard drift by itself.
• Provider-plan args are labeled diagnostic-only.
• The row remains tracked to this issue until the failure-path uses valid read-shaped args plus separate fault injection, or a native Codex read denial path is captured directly.

Current action

Keep open as a fixture-proof gap. Do not escalate as a product/runtime bug unless a native/live Codex run shows a real read argument or denial-path failure outside the mock provider plan.

[100yenadmin]

Closing as fixed/superseded by the harness correction

TLDR: the fresh audit no longer shows a hard fs.read product or gate failure. The original issue was provider-plan/runtime-call confusion, and PR #80323 now separates providerPlanToolCalls from actual transcript-derived toolCalls.

Fresh audit on PR #80323 head 767606e98624949c824f845dcce5b6d94e4e7eee:

• runtime-tool-fs-read: pass.
• Drift: text-only only.
• Product impact: P4. No Codex runner bug proven.
• QA impact after correction: covered by QA tool-defaults suite conflates Codex-native tools with OpenClaw dynamic tool parity #80319's broader mock/searchable-tool fidelity work.

If a native/live Codex read-denial path reproduces a real failure, it should be filed as a new product bug with non-mock evidence. This issue is no longer the right tracker.

[100yenadmin]

Post-correction note: this remains correctly closed/superseded.

PR #80323 now separates mock provider planned calls from actual runtime transcript calls, and the corrected tool-defaults direct lane is 20/20 passing. The original confusion here was a QA/reporting problem, not a confirmed Codex runner product bug.

Product impact if OpenClaw moved fully to Codex today: P4 based on current evidence.
QA impact before #80323 lands: covered by #80319/#80323.

[100yenadmin]

Final remote proof update from PR #80323 head f488e5c08d

TLDR: this remains correctly closed/superseded. The final remote proof confirms the provider-plan/runtime-call separation fixed the old false signal.

Remote proof run: https://github.com/electricsheephq/openclaw-local-test/actions/runs/25675814764
Runtime artifact: https://github.com/electricsheephq/openclaw-local-test/actions/runs/25675814764/artifacts/6921629392

Verified result: tool-defaults --codex-tool-loading direct is 20 total / 20 passed / 0 failed.

Impact classification: product P4; QA impact covered by #80319/#80323.