Post-update sessions can surface stale openai-codex missing-key errors until doctor runs

[pfrederiksen]

Summary

After updating OpenClaw from 2026.5.12 to 2026.5.18, the Telegram main session failed twice with:

⚠️ Missing API key for provider "openai-codex". Configure the gateway auth for that provider, then try again.

Running openclaw doctor restored the session. After that:

openclaw --version
# OpenClaw 2026.5.18 (50a2481)

openclaw models list
# openai/gpt-5.5 ... Auth yes
# codex/gpt-5.5 ... Auth yes

Gateway and dashboard health were also fine:

systemctl --user is-active openclaw-gateway
# active

curl -s -o /dev/null -w '%{http_code}' http://127.0.0.1:4000/
# 200

Why this matters

The installed model auth was healthy, but the live session surfaced a stale openai-codex missing-key error until doctor ran. For users updating via package manager or gateway restart flows, this looks like a broken auth setup even when doctor can repair it immediately.

Expected behavior

Post-update/restart should either:

• run the same stale Codex route/session repair that doctor applies before sessions resume, or
• detect this specific stale openai-codex auth-route state and point directly at openclaw doctor --fix / auto-repair, instead of generic API-key setup guidance.

Observed behavior

• Update completed.
• Session replies failed with generic missing API key guidance for openai-codex.
• Manual openclaw doctor fixed the session.
• Model auth was healthy afterward.

Notes

This may be related to the existing Codex route repair path in src/commands/doctor/shared/codex-route-warnings.ts, especially stale session entries with providerOverride / modelProvider set to openai-codex.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
Keep open: current main still maps the stale openai-codex missing-key failure to generic gateway-auth guidance, and the linked fixing PR is open but not merged.

Reproducibility: no. not by a live upgrade in this review. The source path is reproducible: doctor detects and repairs stale openai-codex session routes, while the current chat failure formatter still returns generic missing-key guidance for that provider.

Ways to help us reproduce this

• Add a screenshot or short recording showing the behavior.
• Add expected vs actual behavior.

Next step
No new ClawSweeper repair lane is needed because the issue is already paired with an open linked fix PR.

Review details

Best possible solution:

Land or otherwise decide the linked PR’s narrow doctor-guidance fix, while leaving any startup auto-repair behavior as a separate maintainer choice.

Do we have a high-confidence way to reproduce the issue?

No, not by a live upgrade in this review. The source path is reproducible: doctor detects and repairs stale openai-codex session routes, while the current chat failure formatter still returns generic missing-key guidance for that provider.

Is this the best way to solve the issue?

Yes, the narrow linked approach is the best current fix because it reuses the existing doctor-owned repair path without adding startup mutation. Automatic pre-session repair would need a separate maintainer decision.

Label justifications:

• P1: The report describes a post-update regression that can break a live Telegram agent session until manual doctor repair.
• impact:session-state: The failure is tied to stale persisted session route fields such as providerOverride and modelProvider.
• impact:auth-provider: The user-visible symptom is provider auth routing to openai-codex and a misleading missing-key error despite doctor-restorable auth routing.

What I checked:

• Reporter and follow-up context: The issue reports a 2026.5.12 to 2026.5.18 update where a live Telegram session failed with Missing API key for provider "openai-codex" until openclaw doctor repaired legacy Codex route state, missing plugin wiring, and runtime enablement.
• Current main still emits generic missing-key guidance: On current main, buildMissingApiKeyFailureText treats openai-codex as a safe provider id and returns Configure the gateway auth for that provider, with no doctor repair hint. (src/auto-reply/reply/agent-runner-execution.ts:547, d75e16a1b920)
• Doctor has the stale session route repair: Current main rewrites stale modelProvider and providerOverride session route fields and warns users to run openclaw doctor --fix when stale openai-codex/* session state is detected. (src/commands/doctor/shared/codex-route-warnings.ts:2650, d75e16a1b920)
• Doctor flow invokes the repair path: The doctor health flow imports maybeRepairCodexSessionRoutes and passes ctx.prompter.shouldRepair, so plain doctor can warn and doctor --fix can repair. (src/flows/doctor-health-contributions.ts:370, d75e16a1b920)
• Docs describe doctor-owned Codex route repair: The doctor documentation says --fix rewrites legacy openai-codex/* model refs, removes stale runtime pins, and keeps canonical OpenAI refs on the Codex harness. Public docs: docs/gateway/doctor.md. (docs/gateway/doctor.md:174, d75e16a1b920)
• Linked PR contains the narrow proposed fix but remains open: The linked PR head adds a special case for openai-codex missing-key failures and a regression test, but the provided GitHub context lists it as open and unmerged. (src/auto-reply/reply/agent-runner-execution.ts:547, b340bbf79518)

Likely related people:

• @pfrederiksen: Provided the live post-update reproduction context and authored the linked branch that changes the implicated failure-copy path and regression test. (role: reporter and linked fix author; confidence: high; commits: b340bbf79518; files: src/auto-reply/reply/agent-runner-execution.ts, src/auto-reply/reply/agent-runner-execution.test.ts)
• @joshavant: Recent current-main history includes nearby session delivery work, which is adjacent to the affected live reply/session failure path. (role: recent adjacent session-delivery contributor; confidence: low; commits: e99615973810; files: src/agents/command/delivery.ts, src/agents/command/delivery.test.ts)
• Super Zheng: Local blame for the relevant current-main missing-key formatter and doctor repair lines points to commit d124c5a, though the commit title suggests broad snapshot-style attribution rather than precise feature authorship. (role: current-line provenance in compact checkout; confidence: low; commits: d124c5aa2005; files: src/auto-reply/reply/agent-runner-execution.ts, src/commands/doctor/shared/codex-route-warnings.ts)

Remaining risk / open question:

• The linked fixing PR has not merged, so affected users on current main can still see generic API-key guidance for stale Codex route state.
• This review did not rerun the live upgrade failure; the reproduction confidence comes from reporter-provided live output plus current source inspection.

Codex review notes: model gpt-5.5, reasoning high; reviewed against d75e16a1b920.

[pfrederiksen]

Adding the relevant doctor repair output from the affected live install. This makes the root cause clearer: the session was not missing a normal API key; the install had legacy openai-codex/* route state plus missing/disabled Codex runtime/plugin wiring, and doctor repaired both.

Redacted/normalized excerpt:

Doctor changes

Repaired Codex model routes:
- agents.defaults.model.primary: openai-codex/gpt-5.5 -> openai/gpt-5.5
- agents.defaults.model.fallbacks.0: openai-codex/gpt-5.5 -> openai/gpt-5.5
- agents.defaults.models.openai-codex/gpt-5.5: openai-codex/gpt-5.5 -> openai/gpt-5.5
- agents.list.researcher.model: openai-codex/gpt-5.4 -> openai/gpt-5.4
- agents.list.email-agent.model: openai-codex/gpt-5.4 -> openai/gpt-5.4
- agents.list.photo-agent.model: openai-codex/gpt-5.4 -> openai/gpt-5.4
- agents.list.career-agent.model: openai-codex/gpt-5.4 -> openai/gpt-5.4
- agents.list.news-agent.model: openai-codex/gpt-5.4 -> openai/gpt-5.4
- agents.list.innovation-agent.model: openai-codex/gpt-5.4 -> openai/gpt-5.4

Set agents.defaults.models.openai/gpt-5.5.agentRuntime.id to "codex" so repaired OpenAI refs keep Codex auth routing.
Set agents.list.<agent>.models.openai/gpt-5.4.agentRuntime.id to "codex" so repaired OpenAI refs keep Codex auth routing.

Doctor changes

Installed missing configured plugin "codex" from @openclaw/codex.

Doctor changes

codex agent runtime configured, enabled automatically.

This supports the PR behavior: when an agent run surfaces No API key found for provider "openai-codex" in this post-update/migration state, telling the user to configure a provider API key is misleading. The working recovery is openclaw doctor --fix, which repairs the Codex route/plugin/runtime state.

[pfrederiksen]

Addressed in PR #83937: #83937

What changed:

• buildMissingApiKeyFailureText now special-cases openai-codex missing-key failures and points users to openclaw doctor --fix.
• Added a focused regression test for the exact No API key found for provider "openai-codex" failure signature.

Expected vs actual:

• Before: stale post-update Codex route state surfaced generic gateway API-key setup guidance.
• After: the same failure points to doctor repair, which is the recovery path shown by the live doctor output.

Validation:

• PR CI is clean: 74 success, 27 skipped, 1 neutral.
• Relevant CI shard checks-node-auto-reply-reply-agent-runner passed.
• Relevant existing doctor-route area was covered by Critical Quality (agent-runtime-boundary) and related checks passing.
• Local pnpm exec oxlint src/auto-reply/reply/agent-runner-execution.ts src/auto-reply/reply/agent-runner-execution.test.ts passed.
• Local git diff --check passed.

Note: local focused Vitest invocation in this checkout did not exit cleanly before producing a result, but the PR CI completed the relevant selected shards successfully.

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26073551478
• Updated: 2026-05-19T03:06:57.097Z

[jasonftl]

Same symptom here on another 2026.5.18 install, with Discord and WhatsApp also affected.

The visible channel reply was:

Missing API key for provider "openai-codex". Configure the gateway auth for that provider, then try again.

Environment:

OpenClaw 2026.5.18 (50a2481)
macOS 26.3.1
Node v22.22.3
model: openai/gpt-5.5
runtime: codex
auth profile: openai-codex:<email>

The current intended route on this install is:

agents.defaults.model.primary = openai/gpt-5.5
agents.defaults.models.openai/gpt-5.5.agentRuntime.id = codex

openclaw doctor found stale Codex session route state:

legacy openai-codex/* session route state
5 affected sessions

The targeted repair result was:

{
  scannedStores: 2,
  repairedStores: 1,
  repairedSessions: 5,
  warnings: [],
  changes: [
    "Repaired Codex session routes: moved 5 sessions across 1 store to openai/* while preserving auth-profile pins."
  ]
}

A follow-up dry run showed no remaining repairs:

repairedStores: 0
repairedSessions: 0

After the route repair and a normal OAuth re-auth, fresh checks worked:

openclaw agent --agent main --session-id codex-oauth-fresh-explicit-20260520 --message 'Reply exactly: OK' --timeout 120
# OK

openclaw agent --agent main --channel discord --session-id codex-oauth-discord-smoke-20260520b --message 'Reply exactly: OK' --timeout 120
# OK

openclaw agent --agent main --channel whatsapp --session-id codex-oauth-whatsapp-smoke-20260520b --message 'Reply exactly: OK' --timeout 120
# OK

Current status after repair:

Default       : openai/gpt-5.5
Configured models (1): openai/gpt-5.5
Runtime auth
- openai via codex uses openai-codex ... status=usable

The extra datapoint is that the same stale route issue was not limited to one Telegram session for me. It showed up across multiple entry points before repair, including scheduled runs and channel-shaped sessions:

2026-05-19 23:19 Gmail hook
2026-05-20 06:10 cron
2026-05-20 06:15 explicit run
2026-05-20 10:00 cron
2026-05-20 10:53 Discord

So #83935 matches my install closely: current auth can be valid, but old session route state can still surface a misleading openai-codex missing-key message until doctor repair is run.

[R3NK0R]

Additional 2026.5.19 confirmation from a Linux/systemd Telegram install.

The visible symptom matched this issue exactly: the live Telegram session surfaced:

No API key found for provider "openai-codex"

But OAuth was present locally for openai-codex:<redacted-email>, so this was not actually a missing-key setup problem.

openclaw doctor --non-interactive detected legacy route state:

Legacy openai-codex/* session route state detected.
Affected sessions: 1.
Run `openclaw doctor --fix` to rewrite stale session model/provider pins across all agent session stores.

Running openclaw doctor --fix repaired it:

Repaired Codex session routes: moved 1 session across 1 store to openai/* while preserving auth-profile pins.

Afterward:

rg 'openai-codex/' ~/.openclaw/agents/*/sessions/sessions.json
# no hits

The active direct session then reported OpenAI Codex / gpt-5.5 using the openai-codex:<redacted-email> OAuth profile. So the existing doctor repair path is correct, but the live error remains misleading on 2026.5.19 until doctor is run.