[QA harness] mock Pi provider id and apply_patch failure fixture distort parity

[100yenadmin]

Correction TLDR

Status: QA harness bug, not a Codex user-facing apply_patch bug.

The original report conflated two harness problems with product behavior:

1. Provider/profile setup bug: the Pi cell stayed on mock-openai/<model>, but Pi only exposes apply_patch for OpenAI-compatible provider ids such as openai / openai-codex. The mock server already clones the endpoint under openai, so the parity harness needed to remap forced runtime cells correctly.
2. Fixture fault-injection boundary: synthetic failure-path inputs must be treated as QA fixture/fault-injection behavior, not proof that Codex users lose patching.

Product impact if OpenClaw moved fully to Codex today: P4. Product patching is not proven broken.

QA impact: resolved for the beta.5 mock hard gate. The corrected tool-defaults direct lane now passes 20/20 with zero skips and zero failures.

Latest Beta.5 Evidence

OpenClaw baseline: v2026.5.10-beta.5
PR: #80323
PR head: 3336dec6419c9cc9a87dc7cfa6f48118ca2d838e
Remote proof run: https://github.com/electricsheephq/openclaw-local-test/actions/runs/25719383976
Confidence tracker: #80936

Relevant artifact result:

{
  "tool-defaults-direct": { "total": 20, "passed": 20, "skipped": 0, "failed": 0 },
  "confidence-report": { "pass": true, "zeroUnknowns": true }
}

Correct Fix

• Remap mock runtime-pair provider/model ids so the Pi and Codex cells exercise the intended OpenAI-compatible tool surface.
• Keep apply_patch in default-tool coverage.
• Do not file this as a product/Codex runtime bug unless a live/native Codex run reproduces patch failure outside this mock fixture.

Superseded Original Report

The earlier wording described this as Pi omitting apply_patch while Codex exposed it. That was true only inside an invalid QA mock provider setup and should not be read as a user-facing runtime regression.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Summary
Keep open: current main still has the mock-provider/tool-gate mismatch, and the linked parity harness PR is open rather than merged. This is a QA harness contract issue around a mutating apply_patch surface, so it should not be closed as implemented or stale.

Reproducibility: no. full high-confidence current-main CLI reproduction: the --runtime-pair/tool fixture surface is not on current main. The central subcase is source-reproducible because mock-openai fails the Pi apply_patch provider gate while the mock provider config also exposes an openai clone.

Next step
A same-author open PR already carries the proposed harness correction, so a separate ClawSweeper repair job would duplicate normal maintainer review.

Security
Needs attention: The issue is security-sensitive because the likely fix touches exposure of a mutating apply_patch tool.

Review details

Best possible solution:

Review and land or revise the linked parity harness PR so only private QA runtime-pair cells are remapped while production apply_patch trust gates remain narrow.

Do we have a high-confidence way to reproduce the issue?

No full high-confidence current-main CLI reproduction: the --runtime-pair/tool fixture surface is not on current main. The central subcase is source-reproducible because mock-openai fails the Pi apply_patch provider gate while the mock provider config also exposes an openai clone.

Is this the best way to solve the issue?

Unclear until maintainers review the harness contract in the linked PR. The narrow direction is a private-QA remap or explicit expected-drift marker, not broader production provider eligibility.

Security concerns:

• [medium] Preserve apply_patch provider gates — src/agents/pi-tools.ts:566
apply_patch can mutate workspace files and is currently gated through provider/model/workspace checks; any harness fix should remap private QA cells rather than allowing arbitrary mock or OpenAI-compatible provider ids in production.
  Confidence: 0.86

What I checked:

• Issue and related context: The provided discussion ties this issue to open PR [qa-lab] Complete Codex vs Pi runtime parity harness phases 2-5 #80323 plus umbrella issues Codex-vs-Pi runtime parity QA harness (RFC + tracking) #80171 and [Codex×Pi parity Phase 2] Per-tool fixture set #80173; the PR is described as the branch carrying the mock runtime-pair remap and report-only fixture handling.
• Pi apply_patch provider gate: Current main exposes apply_patch only when isOpenAIProvider(options?.modelProvider) passes; that local helper accepts openai and openai-codex, not mock-openai. (src/agents/pi-tools.ts:93, bae80fc2dd0b)
• Tool construction test coverage: The focused test asserts apply_patch for openai and openai-codex, absence for default/no-provider and Anthropic paths, and has no positive mock-openai expectation. (src/agents/pi-tools.create-openclaw-coding-tools.test.ts:540, bae80fc2dd0b)
• Mock QA provider identity: The QA mock provider defaults its model refs from the selected mode, so mock-openai produces mock-openai/gpt-5.5, while the provider map clones the same mock endpoint under openai. (extensions/qa-lab/src/providers/shared/mock-provider-definition.ts:27, bae80fc2dd0b)
• Runtime-pair surface not on current main: Current main has only the existing runtime scenarios and no runtime-pair, runtime-suite, tool-defaults, runtime-tool-*, knownBroken, or tool-coverage command/fixture surface, so the exact linked harness correction has not landed in this checkout. (qa/scenarios/runtime, bae80fc2dd0b)
• apply_patch history provenance: History search shows Peter Steinberger introduced apply_patch and later changed its default/provider gating in commits touching src/agents/pi-tools.ts, which is the central gate involved here. (src/agents/pi-tools.ts:566, b9c60fd37a5e)

Likely related people:

• steipete: Peter Steinberger introduced the apply_patch tool, later changed its default/provider gating, and current local blame/logs also point to recent touches across the relevant Pi tool and QA mock-provider files. (role: feature-history owner and recent area contributor; confidence: high; commits: 8b4bdaa8a473, b9c60fd37a5e, 264c8e286ebf; files: src/agents/pi-tools.ts, src/agents/apply-patch.ts, extensions/qa-lab/src/providers/shared/mock-provider-definition.ts)
• 100yenadmin: The issue author supplied the corrected diagnosis and the open linked PR context says their branch carries the runtime-pair remap and report-only fixture handling for this exact QA harness gap. (role: proposed harness follow-up owner; confidence: medium; commits: cda3da3967d8; files: extensions/qa-lab/src, qa/scenarios/runtime)

Remaining risk / open question:

• The exact end-to-end --runtime-pair fixture path is not on current main, so the full CLI repro/fix is tied to the open harness PR rather than locally verifiable from this checkout.
• Any fix that broadens production apply_patch eligibility to arbitrary mock or OpenAI-compatible provider ids would weaken a mutating workspace tool gate.
• The synthetic apply_patch failure-path fixture still needs an explicit harness contract: valid patch-shaped input with separate fault injection, or report-only known drift.

Codex review notes: model gpt-5.5, reasoning high; reviewed against bae80fc2dd0b.

[100yenadmin]

Tied into #80323 and tracked under umbrella #80171 / Phase 2 #80173.

The runtime-tool-apply-patch fixture carries knownBroken.issue: "#80320", so the tool coverage gate remains usable while preserving this Pi-vs-Codex tool-surface mismatch.

[100yenadmin]

Adding maintainer triage details.

Priority

Medium-high. This is narrower than #80319 but important because apply_patch is a visible coding-tool capability and should not silently differ between runtime paths unless that is the intended product contract.

Plain-English problem

For the runtime-tool-apply-patch fixture, Codex exposes apply_patch and executes the planned happy/failure-path calls. Pi’s effective tool inventory does not include apply_patch, so the Pi cell records zero apply_patch calls.

Fresh local report row:

Runtime tool fixture — apply-patch
pi:    pass, 0 tool calls, 0 tokens
codex: pass, 2 tool calls, 176 tokens
drift: tool-call-shape
details: tool call count differs (0 vs 2)

What this likely means

This is probably a provider/tool-surface gate mismatch in the QA lane, not a model behavior issue. The mock OpenAI provider is OpenAI-compatible, but the Pi tool-construction gate may only recognize provider ids like openai / openai-codex, so mock-openai does not receive apply_patch in Pi.

Repro

OPENCLAW_QA_SUITE_PROGRESS=1 OPENCLAW_BUILD_PRIVATE_QA=1 OPENCLAW_ENABLE_PRIVATE_QA_CLI=1 \
  node scripts/run-openclaw-parity.mjs tool-defaults \
    --openclaw-root /Volumes/LEXAR/repos/openclaw-1 \
    --provider-mode mock-openai \
    --concurrency 1 \
    --output-dir artifacts/closure-tool-defaults-mock

Inspect:

• /Volumes/LEXAR/repos/openclaw-1/.artifacts/openclaw-parity-harness/closure-tool-defaults-mock/runtime-report/qa-runtime-parity-report.md

Fix direction

Either:

• Treat mock-openai as OpenAI-compatible for Pi apply_patch exposure in private QA lanes, preserving production gates; or
• Mark/document that Pi intentionally lacks apply_patch in this QA provider mode and keep it as expected drift.

[100yenadmin]

Fresh Rerun Evidence

I reran the current tool-defaults mock parity suite on PR #80323 and extracted the runtime-tool-apply-patch row.

Status remains: open, but narrowed. Provider remap is fixed; the remaining drift is the synthetic failure-path fixture.

Priority if OpenClaw moved fully to Codex today: P4 product impact, P2 harness readiness.

Observed apply_patch Row

{
  "scenario": "runtime-tool-apply-patch",
  "status": "skip",
  "details": "report-only runtime drift classified as tool-call-shape: QA mock apply_patch fixture still uses synthetic failure-path inputs; provider remap fixed tool exposure, but failure injection remains harness-only.",
  "drift": "tool-call-shape",
  "driftDetails": "tool call count differs (2 vs 1)",
  "piCalls": 2,
  "codexCalls": 1,
  "piProviderPlans": 2,
  "codexProviderPlans": 2
}

Interpretation

The previous invalid baseline issue is fixed: both provider-plan counts are now present, which means the mock provider setup is no longer hiding apply_patch from Pi. The remaining row is correctly report-only because the failure-path fixture still uses synthetic invalid input that Codex does not execute as a second real runtime call.

Artifact

.artifacts/openclaw-parity-harness/harness-only-repair-smoke-final/qa-suite-summary.json

[100yenadmin]

2026-05-10 update: apply_patch is Codex-native, remaining issue is fixture fault injection

TLDR: keep this as a QA harness/fixture issue, not a Codex product apply_patch bug. Codex app-server mode intentionally owns apply_patch natively and filters duplicate OpenClaw dynamic apply_patch.

Product severity if OpenClaw moved fully to Codex today: P4 from this evidence.

QA severity: P2, because apply_patch is mutating and the parity proof must be clean before it can be a hard gate.

Current corrected interpretation

The old report combined two separate harness facts:

• The mock provider/profile remap needed to make the Pi and Codex cells comparable in private QA.
• The synthetic failure-path input is not a valid apply_patch-shaped operation, so the fixture still cannot prove native patch failure behavior.

With the new bucket model, apply_patch is classified as codex-native-workspace; Codex is not expected to expose an OpenClaw dynamic apply_patch tool.

Current action

Keep open only for the fixture fault-injection cleanup: use valid patch-shaped inputs plus a separate harness fault marker. Do not broaden production apply_patch eligibility, and do not treat this row as a product bug unless a live/native Codex patch run fails outside this mock fixture.

[100yenadmin]

95% confidence audit update

TLDR: this is downgraded to QA fixture hardening only, not a Codex apply_patch product bug.

Fresh audit on PR #80323 head 767606e98624949c824f845dcce5b6d94e4e7eee:

• runtime-tool-apply-patch: pass.
• Drift: text-only only.
• Tool coverage report: Product impact P4, QA impact P2.
• The remaining actionable work is fixture quality: replace synthetic invalid __qaFailureMode patch args with valid patch-shaped input plus separate harness fault injection.

This should stay framed as harness/fixture work only. It does not prove Codex users cannot patch files.