[Bug] Docs and onboarding silently route users to the PI path instead of the Codex app-server runtime, causing chatgpt.com 403 in Cloudflare-sensitive environments

[crhan]

Draft: New issue to file against openclaw/openclaw

用途：作为独立 issue 提交。题目是 docs/onboarding 把用户引导到无法使用的路径。
比 #67670 范围更广（不限于 Cloudflare 403 那一种症状）。

直接拷贝 --- 之间作为 issue body。Title 写在最上面。

Title: [Bug] Docs and onboarding silently route users to the PI path instead of the Codex app-server runtime, causing chatgpt.com 403 in Cloudflare-sensitive environments

---

Summary

Following the canonical onboarding instructions in
docs/providers/openai.md and docs/plugins/codex-harness.md (as of
2026.5.12) lands the user on the PI runtime path — OpenClaw's
internal Node fetch (undici) directly calling
chatgpt.com/backend-api. This path fails with HTTP 403
cf-mitigated: challenge from any egress IP that hasn't been
whitelisted by OpenAI's Cloudflare config, which in practice means
every user in mainland China and many users behind commodity
VPN/proxy egress nodes.

There is a working alternative path (Codex app-server runtime:
codex/gpt-* + agentRuntime.id="codex" plus @openclaw/codex
plugin) that bypasses the issue entirely — OpenAI evidently
whitelists the official codex CLI's TLS profile. Unfortunately,
nothing in the docs or in the openclaw models auth login /
onboarding flow guides users toward this path. The user typically
discovers it only after several hours of debugging and reading
source code.

This is a docs↔implementation drift / onboarding completeness bug,
distinct from #67670 (which proposes adding TLS-fingerprint
emulation to the PI path).

Reproduction (no Cloudflare workaround required)

Tested on OpenClaw 2026.5.12, Linux x86_64, Node 25, behind a
mihomo HTTP proxy whose egress IP is in Singapore (AWS).

1. Fresh install, follow docs/providers/openai.md Step 2 / 3:

   openclaw models auth login --provider openai-codex --device-code
   # (device-code flag is documented but not implemented in CLI yet,
   #  see drift item A below; if user falls back to plain login,
   #  the OAuth flow completes successfully)
   openclaw config set agents.defaults.model.primary openai-codex/gpt-5.5
   openclaw gateway restart

2. Send a turn:

   openclaw agent --agent main --message "Reply PONG" --json

Expected (per docs Step 3 "OpenAI agent turns select the native
Codex app-server runtime automatically"):

• agentHarnessId: "codex"
• Real codex app-server subprocess visible in ps
• 200 OK from chatgpt.com

Actual:

• agentHarnessId: "pi"
• No codex subprocess (ps -ef | grep codex empty during the turn)
• `[openai-transport] [responses] error provider=codex
  api=openai-codex-responses model=gpt-5.5 status=403 message=403 ...cf-mitigated: challenge`
• Turn falls through to whatever fallback chain is configured
  (often another provider that happens to succeed by accident,
  masking the failure)

Diagnosis

The openai-codex/* namespace exposed by the bundled openai
plugin (buildOpenAICodexProviderPlugin →
https://chatgpt.com/backend-api/codex) is a PI-direct provider
implemented in OpenClaw's own Node fetch stack. It has the same
authentication source (the openai-codex:* profile in
auth-profiles.json) as the Codex app-server path, but a
completely separate transport. The openclaw models auth login --provider openai-codex command registers the OAuth profile but
does not:

• install @openclaw/codex
• mirror credentials to a per-agent
  ~/.openclaw/agents/<id>/agent/codex-home/auth.json
• update agents.defaults.model to a value that triggers the
  Codex app-server runtime

So the post-login default state is "OAuth in place, but the only
ready provider is openai-codex/* which is PI-direct".

Documentation ↔ implementation drift checklist

Cataloguing what I tripped over while diagnosing. Some are docs
errors, some are missing implementation pieces:

#	Drift	Evidence
A	openclaw models auth login --provider openai-codex --device-code documented but --device-code not recognized by the 2026.5.12 CLI	Error: openclaw does not recognize option "--device-code"
B	config set agents.defaults.model.primary openai/gpt-5.5 rejected with Model override "X" is not allowed for agent "Y" until the user separately writes agents.defaults.models["openai/gpt-5.5"] = {}. Not documented anywhere	Reproducible on any fresh install
C	docs/plugins/codex-harness.md:170 claims agentRuntime.id: "codex" is optional "for normal OpenAI auto mode", implying the system picks Codex automatically. In practice the auto-mode picker always selects PI unless agentRuntime.id is set explicitly	See actual log signature in repro above
D	Two parallel auth stores exist (auth-profiles.json for PI provider + per-agent codex-home/auth.json for codex app-server). Docs don't explain which one each runtime path reads	Has to be discovered from source: extensions/codex/src/app-server/transport-stdio.ts (CODEX_HOME=per-agent) vs extensions/openai/src/codex-provider.ts (auth-profiles.json)
E	openclaw models list shows codex/gpt-* (from @openclaw/codex plugin) but not openai/gpt-*, while docs prescribe openai/gpt-*. No documented alias mechanism	The user can only set openai/gpt-* as primary if they manually add it to agents.defaults.models, but then no provider serves it
F	docs/providers/openai.md Step 3: "OpenClaw installs or repairs the bundled Codex plugin when this route is chosen". No such auto-install happens during models auth login	~/.openclaw/npm/node_modules/@openclaw/codex remains absent after models auth login --provider openai-codex
G	Schema rejects contextWindow / input keys under agents.defaults.models[X], so users cannot correct stale model metadata registered by a plugin (e.g. codex plugin currently registers codex/gpt-5.5 with contextWindow=200000, OpenAI's actual gpt-5.5 limit is 272k)	config validate error: Unrecognized keys: "contextWindow", "input"
H	openclaw models auth login --provider openai-codex doesn't chmod 600 the per-agent auth.json it would write (if it wrote one); users who mirror credentials manually have to remember to do it	Minor, but a hardening gap

Items A, C, D, E, F together are why every careful user who reads
the docs end-to-end still ends up on the PI path.

Why this matters now

The PI path happens to work when the user's egress IP is in
OpenAI's accepted set — large ChatGPT account ranges (residential
ISPs in the US/EU) generally pass. The path fails for:

• Any user in mainland China routing through any commercial
  proxy (the egress IPs are routinely challenged; [Bug] openai-codex provider blocked by Cloudflare JS Challenge when accessed via proxy in mainland China #67670 is one of
  several reports)
• Cloud-hosted gateways (e.g. AWS / GCP / DigitalOcean egress
  often challenges)
• Any user whose proxy IP rotates into a Cloudflare-blocked
  range later (silently breaks production)

The codex/* + agentRuntime.id="codex" path is robust against all
of these because it uses the codex CLI's whitelisted client. Users
deserve to land on it by default.

Proposed fixes (high-level, open to direction)

In rough order of leverage:

1. Consolidate openclaw models auth login --provider openai-codex
   into a one-shot Codex onboarding command that, in addition to
   the current OAuth profile write:
   • Installs @openclaw/codex if not already present (matches the
     docs Step 3 promise).
   • Mirrors the OAuth credentials to
     ~/.openclaw/agents/<default-agent>/agent/codex-home/auth.json
     (chmod 600).
   • Optionally (interactive) / informatively (non-interactive) sets
     agents.defaults.model.primary = codex/gpt-5.5 with
     agentRuntime.id: "codex" in the allow-list.
   • Prints a one-line verification: "Run openclaw agent ... PONG
     and look for agentHarnessId: codex".
2. Implement the device-code flag (Drift A) in openclaw models auth login — it's already in docs.
3. Make auto mode actually pick Codex when it's available (Drift
   C), or update the docs to say "auto mode does not automatically
   choose codex runtime; explicit agentRuntime.id: "codex" is
   required".
4. Improve the Model override "X" is not allowed for agent "Y"
   error message to point at the agents.defaults.models
   allow-list (Drift B).
5. Deprecate openai-codex/* as a directly-configurable provider
   ref (or at least emit a warning at gateway startup) since it's
   the PI path that 99% of users don't want.

I'm happy to file a PR for Fix #1 / #4 — I have a working
reproduction and the relevant source code annotated. The other
items I'll wait for maintainer direction.

Related

• [Bug] openai-codex provider blocked by Cloudflare JS Challenge when accessed via proxy in mainland China #67670 — same 403 symptom but proposes TLS-fingerprint
  emulation as the fix. With this issue's path fix, no fingerprint
  emulation is needed.
• fix(agents): detect Cloudflare challenge pages and provide actionable error message #67717 — narrow 403 error classification fix. Helpful but does
  not change the underlying path selection.
• [Bug]: Exec approval delay of 3-18 minutes after gateway restart despite security=full, ask=off #22144 — cf_clearance cookie loss after codex login in
  app-server mode (separate; cookie store sharing between processes)

Environment

• OpenClaw 2026.5.12 (f066dd2)
• Linux 6.8.0 x86_64, Node 25.2.0
• Codex CLI 0.130.0 (via @openclaw/codex plugin)
• Egress: mihomo HTTP proxy → AWS Singapore

[clawsweeper]

Thanks for the context here. I did a careful shell check against current main, and this is already implemented.

Current main already addresses the central onboarding drift: docs now route Codex subscription users to canonical openai/gpt-* refs, runtime selection prefers the Codex app-server harness, and the recent routing fix forwards Codex OAuth through that harness. The fix is on current main only and is not in v2026.5.12.

I found the merged PR that appears to have closed this: #82864: Fix OpenAI Codex runtime provider routing.

So I’m closing this as already implemented rather than keeping a duplicate issue open.

Review details

Best possible solution:

Keep the current-main Codex routing and docs; leave direct PI Cloudflare/TLS behavior to the separate canonical tracking item.

Do we have a high-confidence way to reproduce the issue?

No high-confidence failing path remains on current main from source inspection. The release reproduction is credible, but current docs and runtime selection now route the reported setup through Codex instead of PI.

Is this the best way to solve the issue?

Yes. The current implementation keeps provider/model refs canonical, makes PI explicit, loads the Codex runtime when selected, and forwards Codex OAuth through the harness without adding TLS-emulation policy to onboarding.

Security review:

Security review: This is issue triage with no proposed patch to security-review.

What I checked:

• Current docs route users to Codex app-server: docs/providers/openai.md says openai/* is the canonical OpenAI model route and OpenAI agent turns run through the native Codex app-server runtime by default; the setup step uses openai/gpt-5.5 and says no runtime config is required. (docs/providers/openai.md:14, 76da34760c32)
• Codex harness docs reject the old model prefix: docs/plugins/codex-harness.md tells users not to configure openai-codex/gpt-*, to use openai/gpt-*, and to verify Runtime: OpenAI Codex; troubleshooting now says a corrected run should show the openai-codex OAuth path instead of a plain OpenAI API-key failure. (docs/plugins/codex-harness.md:19, 76da34760c32)
• Runtime selection now chooses Codex for OpenAI agent refs: resolveAgentHarnessPolicy maps official openai and legacy openai-codex providers in auto mode to the codex runtime, while explicit PI remains opt-in. (src/agents/harness/policy.ts:38, 76da34760c32)
• Codex plugin is loaded for the selected runtime: ensureSelectedAgentHarnessPlugin detects the codex runtime and loads only the codex plugin before harness selection, covering the docs promise that the route installs or repairs the bundled plugin path. (src/agents/harness/runtime-plugin.ts:30, 76da34760c32)
• Routing fix forwards Codex runtime through the Codex auth provider: Commit 58f1db1bc8eb5eb7bf32225227ed51bdcf2447d3 added the runtime === "codex" branch so OpenAI runs owned by the Codex harness use the openai-codex provider contract instead of the plain OpenAI API-key path. (src/agents/openai-codex-routing.ts:187, 58f1db1bc8eb)
• Fix provenance: git show identifies 58f1db1bc8eb5eb7bf32225227ed51bdcf2447d3 as Fix OpenAI Codex runtime provider routing, including OAuth bootstrap into the Codex harness and tests for the forced openai/* Codex response path. (src/agents/pi-embedded-runner/run.overflow-compaction.test.ts:420, 58f1db1bc8eb)

Likely related people:

• ragesaq: Authored the current-main commit that routes OpenAI Codex runtime provider selection through openai-codex and adds OAuth bootstrap coverage. (role: recent routing fix author; confidence: high; commits: 58f1db1bc8eb; files: src/agents/openai-codex-routing.ts, src/agents/pi-embedded-runner/run.ts, src/agents/pi-embedded-runner/run.overflow-compaction.test.ts)
• steipete: Listed as a co-author on the routing fix commit, so likely useful for follow-up routing or release questions. (role: adjacent co-author; confidence: medium; commits: 58f1db1bc8eb; files: src/agents/openai-codex-routing.ts, src/agents/pi-embedded-runner/run.ts, docs/plugins/codex-harness.md)

Codex review notes: model gpt-5.5, reasoning high; reviewed against 76da34760c32; fix evidence: merged PR #82864, commit 58f1db1bc8eb, main fix timestamp 2026-05-17T07:06:18+01:00.

[crhan]

Follow-up comment for issue #82978 (already closed)

不 reopen。只是 acknowledge bot 反馈 + 留个 trace。

Thanks @clawsweeper for the careful verification — checked the
referenced commits on main and you're right, #82864 lands
exactly the routing + auth-bridge fixes that resolve what I was
reporting. The drift I observed was real on the 2026.5.12 stable
release I was testing against, but on main the docs and runtime
selection do route OpenAI subscription users straight to the
Codex harness as described.

Closing as completed is the right call. Tracking when #82864
ships in a stable release is the only remaining gap for users
still on 2026.5.12 — until then, the manual fix described in
#67670 (set agentRuntime.id: "codex" explicitly + manually
bridge auth via codex-home/auth.json) is the workaround on the
release branch.