Codex OAuth refresh failures can wedge an agent for hours without clear alerting or aggressive profile rotation

[aaldrich]

Summary

When Codex OAuth refresh starts timing out or a profile later returns 401 Unauthorized: Your authentication token has been invalidated, OpenClaw can keep retrying inside the same provider/auth lane for hours without surfacing a clear operator-visible incident and without rotating aggressively enough across other valid profiles.

Observed behavior

On my local OpenClaw runtime, Dev was effectively down for about a day even though some Codex subscriptions were still valid. The system did retry and sometimes fell back from openai/gpt-5.5 to openai/gpt-5.4, but that was still inside the same Codex auth path and did not resolve the incident.

What it did wrong:

• kept retrying a failing Codex OAuth refresh path for many hours
• did not raise a clear operator-visible alert saying a subscription/auth profile was failing
• did not rotate hard enough across other configured valid profiles after repeated refresh timeouts
• later encountered a hard 401 invalidated on one profile after the prolonged timeout loop

Expected behavior

After repeated refresh timeouts or an invalidated-token response, OpenClaw should:

• classify this as an auth-profile/subscription incident, not a generic long-running retry
• surface a visible alert to the operator
• quarantine the failing profile/provider path sooner
• rotate across other valid configured profiles more aggressively
• avoid leaving an agent effectively down for hours while only logging internal fallback churn

Concrete evidence

From ~/.openclaw/logs/gateway.err.log:

• 2026-05-23T12:42:10.723-07:00
embedded run failover decision ... rawError=auth refresh request timed out after 10s
• 2026-05-23T12:43:19.371-07:00
Embedded agent failed before reply: All models failed (2): openai/gpt-5.5: auth refresh request timed out after 10s (timeout) | openai/gpt-5.4: auth refresh request timed out after 10s (timeout)
• this same pattern repeats across cron and direct session runs through 2026-05-24T13:27:55.170-07:00
• 2026-05-24T14:28:22.074-07:00
embedded run failover decision ... reason=auth ... rawError=unexpected status 401 Unauthorized: Your authentication token has been invalidated. Please try signing in again.

Current runtime state after restart/reauth showed multiple configured openai-codex OAuth profiles, including both Pro and Free accounts, but the outage path was not surfaced as a clear profile-selection/auth incident.

Environment

• OpenClaw 2026.5.22
• runtime from local gateway logs
• Codex provider via OAuth profiles
• Discord-triggered agent plus cron-triggered runs both affected

Why this matters

This failure mode makes the system look like the model or subscription is just "down" while the actual problem is auth refresh/profile management. The current behavior costs hours of silent degraded service and forces manual log spelunking to understand what happened.

Suggested fix areas

• auth failure classification for repeated Codex refresh timeouts
• provider/profile quarantine and rotation policy
• operator-visible incident/alert path
• session status surface making it obvious which auth profile is failing and why

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve. Reviewed May 24, 2026, 6:17 PM ET / 22:17 UTC.

Summary
Keep open: current main has auth-profile cooldown/disable machinery and some status surfacing, but the Codex OAuth refresh-timeout and operator-visible incident behavior is not clearly fully owned by the broader provider-quarantine issue.

Reproducibility: no. live high-confidence reproduction was run. Source inspection plus the provided logs give a credible path through OAuth refresh timeout, auth candidate rotation, and missing incident-level surfacing, but the exact prolonged outage was not reproduced locally.

Ways to help us reproduce this

• Add a screenshot or short recording showing the behavior.
• Add expected vs actual behavior.

Next step
Maintainer review should decide whether to close this into the broader provider-quarantine issue or keep a Codex-specific auth-refresh incident-alert follow-up.

Review details

Best possible solution:

Fold the Codex refresh-timeout evidence into the canonical auth-provider quarantine/status work, or keep this as the narrower Codex OAuth incident-alert follow-up if maintainers want separate tracking.

Do we have a high-confidence way to reproduce the issue?

No live high-confidence reproduction was run. Source inspection plus the provided logs give a credible path through OAuth refresh timeout, auth candidate rotation, and missing incident-level surfacing, but the exact prolonged outage was not reproduced locally.

Is this the best way to solve the issue?

Unclear as a standalone issue. The most maintainable path is likely to extend the existing provider failure-class/quarantine design rather than adding Codex-only special handling unless the refresh-timeout path proves distinct.

Remaining risk / open question:

• The fix direction changes auth failover and alerting behavior, so maintainers need to decide whether the Codex-specific evidence folds into the broader quarantine issue or needs a narrower follow-up.
• Aggressive quarantine can strand users when all profiles share a transient upstream OAuth outage, so cooldown duration, retry, and alert semantics need explicit policy.

Codex review notes: model gpt-5.5, reasoning high; reviewed against b681d5d5a626.

Label changes

Label changes:

• add P1: The report describes a recent auth-provider failure mode that left Discord and cron-triggered agent runs effectively down for many hours.
• add impact:auth-provider: The issue is specifically about Codex OAuth refresh, invalidated tokens, profile selection, and auth-profile quarantine.
• add issue-rating: 🐚 platinum hermit: Current issue advisory state selects this label.
• add clawsweeper:needs-live-repro: Current issue advisory state selects this label.
• add clawsweeper:no-new-fix-pr: Current issue advisory state selects this label.
• add clawsweeper:needs-maintainer-review: Current issue advisory state selects this label.
• add clawsweeper:needs-product-decision: Current issue advisory state selects this label.

Label justifications:

• P1: The report describes a recent auth-provider failure mode that left Discord and cron-triggered agent runs effectively down for many hours.
• impact:auth-provider: The issue is specifically about Codex OAuth refresh, invalidated tokens, profile selection, and auth-profile quarantine.

Evidence reviewed

What I checked:

• Current OAuth refresh timeout source: Current main wraps OAuth refresh calls in a hard timeout and raises an OAuth refresh timeout error, matching the reported refresh-timeout failure family. (src/agents/auth-profiles/oauth-manager.ts:361, b681d5d5a626)
• Current candidate rotation behavior: Auth initialization can skip cooldowned profiles and advance to another candidate after auth resolution fails, but the catch path shown here does not itself mark the failed pre-run OAuth-refresh candidate as unusable. (src/agents/pi-embedded-runner/run/auth-controller.ts:453, b681d5d5a626)
• Existing auth-profile health state: Classified profile failures can be persisted as cooldown or disabled windows, with permanent auth failures treated separately from transient cooldowns. (src/agents/auth-profiles/usage.ts:656, b681d5d5a626)
• Existing status and doctor surfacing: Status and doctor already summarize some OAuth refresh failures and report auth-profile cooldown/disabled states, but that is not the same as an aggressive incident alert/rotation policy for repeated Codex refresh timeouts. (src/commands/status-all/gateway.ts:121, b681d5d5a626)
• Related canonical work is close but not complete coverage: The provided GitHub context shows feat: provider fallback by failure class — quarantine auth-broken providers #47910 already tracks failure-class fallback, auth-broken provider quarantine, and provider health in status; this issue adds Codex-specific refresh-timeout and operator-alert evidence that may need to be folded into that canonical work rather than closed automatically.
• History provenance for routing: Blame on the central OAuth timeout, auth-controller rotation, failure-state, and status lines points to grafted commit 8473e89 by Peter Steinberger in this checkout. (src/agents/pi-embedded-runner/run/auth-controller.ts:453, 8473e8933a1f)

Likely related people:

• Peter Steinberger: Current checkout blame for the OAuth timeout, auth-profile rotation, failure-state, and status/doctor surfacing paths points to this author on grafted commit 8473e89. (role: recent area contributor; confidence: medium; commits: 8473e8933a1f; files: src/agents/auth-profiles/oauth-manager.ts, src/agents/pi-embedded-runner/run/auth-controller.ts, src/agents/auth-profiles/usage.ts)
• openclaw/openclaw-secops: CODEOWNERS assigns auth-profile and gateway auth-sensitive paths to this team, so policy changes around OAuth credentials and profile disabling should route there for review. (role: CODEOWNERS review team; confidence: high; files: .github/CODEOWNERS, src/agents/auth-profiles/, docs/gateway/authentication.md)

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[Keesan12]

This needs a visible auth stale state rather than a silent wedge. If refresh fails repeatedly, the agent should trip a circuit breaker, log the failing scope, and rotate or re-auth before the run can keep pretending it's healthy. That turns a multi-hour stall into an actionable incident.

[aaldrich]

Additional live repro evidence from another 2026.5.22 deployment.

Environment

• OpenClaw: 2026.5.22
• Channel: Discord
• Runtime path: Codex-backed embedded agent using openai-codex OAuth profiles
• Gateway health endpoint remained live during the incident

Observed behavior

The operator had three configured openai-codex OAuth profiles visible in status, each showing roughly 6 days remaining. Despite that, Discord-triggered runs still failed before reply with:

auth refresh request timed out after 10s

This reproduced multiple times in the same Discord lane. One run sat as a long-running Discord session for about 139 seconds, failed with the auth refresh timeout, and then the Discord channel session entry remained persisted as status: running. After that, new Discord messages for the same lane appeared to spin/queue behind the stale session instead of starting a clean run.

A later repro showed the same pattern again: valid profiles in status, refresh timeout, and the Discord channel session key stuck as running until manually cleared.

Manual recovery that restored the lane

The local recovery was:

1. Archive the stuck Discord channel session entry and nearby logs.
2. Remove only that affected agent:<agent>:discord:channel:<id> session key from sessions.json.
3. Kill stale Codex app-server child processes for that agent.
4. Restart the affected gateway service.
5. Verify /health is live and that only the normal direct/main session remains.

After that, the Discord bot showed connected again and the stuck lane was clear.

Why this seems relevant to this issue

The important part is that the OAuth profiles were not expired according to status. The failure appears to be the per-run Codex auth refresh/validation path timing out, and OpenClaw then leaves the channel session in a running/wedged state. That makes the user-visible symptom look like Discord is receiving the message but the bot just spins forever.

This may be a narrower follow-up inside this issue: repeated Codex refresh timeout should mark/quarantine/rotate the auth candidate and should also release or fail the channel session cleanly so future messages do not block behind a stale running entry.

[toruvieI]

Additional live evidence confirming this bug also occurs on OpenClaw 2026.5.27: when auth-related failures occur underneath an agent run, OpenClaw does not communicate the problem clearly to the operator. The underlying auth failure cause is out of scope for this comment; the issue here is what OpenClaw does afterward: the failure is spread across logs and not surfaced as a clear incident/status problem.

Environment

• OpenClaw: 2026.5.27
• Channel/UI: WebChat + Telegram enabled
• Runtime path: openai-codex / Codex OAuth-backed provider, with model fallback to openai/gpt-5.4
• Command used: openclaw logs --limit 800 --plain --local-time

Observed behavior

Auth-related failures occurred under the run, but the operator-visible reporting did not clearly say that auth/provider state was broken or that affected runs were failing because of it. The useful evidence was only visible after reading gateway logs across several subsystems.

From Control UI, the affected run looked stuck as In Progress: no assistant output, no visible tool calls, and no clear error surfaced in the conversation, while the gateway logs underneath kept churning through auth/fallback/timeout failures. At the same time, normal status/UI requests such as models.authStatus still completed successfully, which made the system look more healthy than it was.

Relevant log excerpt

2026-06-01T21:22:06.425+02:00 info gateway/ws ... ⇄ res ✓ models.authStatus 1342ms ...
2026-06-01T21:23:14.477+02:00 error Embedded agent failed before reply: All models failed (2): openai/gpt-5.5: 401 Your authentication token has been invalidated. Please try signing in again. (auth) | openai/gpt-5.4: No available auth profile for openai (all in cooldown or unavailable). (auth) | No available auth profile for openai (all in cooldown or unavailable).
2026-06-01T21:24:36.241+02:00 warn agent/embedded ... decision="surface_error" failoverReason="timeout" profileFailureReason="timeout" provider="openai-codex" model="gpt-5.5" ... timedOut=true aborted=true
2026-06-01T21:24:36.255+02:00 warn openai-transport ... provider=openai model=gpt-5.5 ... message=401 You have insufficient permissions for this operation. Missing scopes: api.responses.write.
2026-06-01T21:24:36.269+02:00 warn agent/embedded ... failoverReason="auth" ... providerRuntimeFailureKind="unclassified"
2026-06-01T21:24:36.976+02:00 warn openai-transport ... provider=openai-codex ... status=401 code=token_revoked ... message=401 Encountered invalidated oauth token for user, failing request
2026-06-01T21:24:37.018+02:00 warn plugins ... active-memory: memory sub-agent failed, skipping recall: HTTP 401: Encountered invalidated oauth token for user, failing request
2026-06-01T21:24:37.019+02:00 info plugins ... active-memory ... done status=failed elapsedMs=433 summaryChars=0
2026-06-01T21:24:37.624+02:00 warn model-fallback/decision ... decision="candidate_failed" ... fallbackStepFinalOutcome="next_fallback" ... nextCandidateModel="gpt-5.4"
2026-06-01T21:24:37.648+02:00 warn model-fallback/decision ... decision="candidate_failed" ... candidateModel="gpt-5.4" ... fallbackStepFinalOutcome="chain_exhausted"
2026-06-01T21:24:37.680+02:00 error Embedded agent failed before reply: All models failed (2): openai/gpt-5.5: 401 Your authentication token has been invalidated. Please try signing in again. (auth) | openai/gpt-5.4: No available auth profile for openai (all in cooldown or unavailable). (auth) | No available auth profile for openai (all in cooldown or unavailable).
2026-06-01T21:28:34.045+02:00 info gateway/ws ... ⇄ res ✓ models.authStatus 1240ms ...
2026-06-01T21:29:43.804+02:00 error plugins ... [hooks] before_prompt_build handler from active-memory failed: timed out after 8000ms
2026-06-01T21:29:43.864+02:00 info plugins ... active-memory ... done status=timeout_partial elapsedMs=8053 summaryChars=53
2026-06-01T21:30:01.141+02:00 error diagnostic ... message processed: channel=cron ... outcome=error ... error="FailoverError: HTTP 401: You have insufficient permissions for this operation. Missing scopes: api.responses.write. ..."
2026-06-01T21:31:26.157+02:00 warn agent/embedded ... embedded abort settle timed out ... timeoutMs=2000
2026-06-01T21:31:27.506+02:00 warn provider-transport-fetch ... provider=openai-codex ... name=TimeoutError ... message=request timed out
2026-06-01T21:36:46.143+02:00 info gateway/ws ... ⇄ res ✓ models.authStatus 1803ms ...

Reporting problem

The logs above are useful, but they are not turned into a clear operator-facing report. The problem only becomes understandable after manually correlating active-memory, agent/embedded, model-fallback, cron, openai-transport, and provider-transport-fetch entries.

Expected behavior: when runs are failing because auth/provider problems are occurring underneath, OpenClaw should surface a concise incident/status item in the conversation/control UI/status surface, e.g. that auth/provider errors were detected, which runs/subsystems were affected, and that operator action may be needed. The exact underlying auth root cause can remain separate; the reporting gap is that OpenClaw does not clearly communicate the degraded state once those failures happen.

Hope this helps. This seems adjacent to the original report: not necessarily the same underlying auth root cause, but the same operator-facing failure mode where auth/provider trouble underneath is not reported clearly at the UI/status level.

[Countermarch]

Additional cron-specific evidence from OpenClaw 2026.5.28 (e932160): this auth-profile cooldown path can fail isolated cron jobs before their payloads start, and the fallback chain can end on an unsupported Codex model id.

Environment

• OpenClaw: 2026.5.28 (e932160)
• Channel/runtime: recurring cron jobs using Codex-backed OpenAI routes
• Local Codex CLI auth check: codex login status reported Logged in using ChatGPT
• Gateway/doctor/secrets checks were otherwise healthy: gateway health OK, doctor OK with 0 findings, and secrets audit had no plaintext/unresolved/shadowed findings

Observed behavior

Two independent enabled cron jobs had recent successful runs, then both began recording repeated sub-second failures before their payload commands ran. Both latest failure chains reported:

All models failed (3): openai/gpt-5.5: No available auth profile for openai-codex (all in cooldown or unavailable). (rate_limit) | openai/gpt-5.4: No available auth profile for openai-codex (all in cooldown or unavailable). (rate_limit) | openai/gpt-5.3-codex: Unknown model: openai-codex/gpt-5.3-codex (model_not_found)

The affected cron job state showed:

status: error
lastRunStatus: error
lastErrorReason: model_not_found
consecutiveErrors: 5
lastDeliveryStatus: not-requested
lastFailureNotificationDeliveryStatus: not-requested

The notable details are:

• the same jobs had successful runs shortly before the failure window;
• the failures were sub-second and produced only agent-run diagnostics, consistent with failure before a real tool/payload turn was persisted;
• no session artifact files were found for the latest failed run ids under the normal session area;
• local side-effect checks showed the payload-owned artifacts did not change during the failure window;
• codex login status still reported a valid ChatGPT login, so this looks like OpenClaw's Codex auth-profile/cooldown or profile-selection layer rather than an absent CLI login.

Why this seems relevant here

This is the same broad failure family as the original report: Codex auth/profile availability gets unhealthy underneath OpenClaw, but the operator-visible state is not a durable auth-profile incident. In the cron case, the job is marked as payload-level error, consecutiveErrors climbs, failure notification delivery remains not-requested, and the final reported reason becomes model_not_found because fallback tries openai-codex/gpt-5.3-codex after the gpt-5.5/gpt-5.4 auth-profile candidates are unavailable.

Expected behavior for this cron path would be to classify this as an auth/profile cooldown incident, avoid rapid job-level failure churn, and avoid ending the fallback chain on an unknown model id that obscures the root auth-profile problem.

Redactions: omitted local usernames, full filesystem paths, private cron job names, payload prompts, chat ids, account identifiers, and local target artifact paths.

[Countermarch]

Additional live evidence from OpenClaw 2026.6.1 (2e08f0f): this auth/provider failure family can also regress into cost-bearing API-key use for Codex-harness GPT routes, not just failed or wedged runs.

Environment

• OpenClaw: 2026.6.1 (2e08f0f)
• Runtime: recurring/agent runs using Codex-backed OpenAI routes such as openai/gpt-5.5
• Expected auth path: Codex app-server / ChatGPT OAuth for GPT model turns
• Intended API-key use: low-volume non-Codex utilities such as embeddings only

Observed behavior

The operator noticed new OpenAI API dashboard usage for gpt-5_5-style traffic even though these GPT turns were expected to run through Codex OAuth.

Local inspection found a split-brain auth state:

system Codex CLI auth: auth_mode = chatgpt, OAuth tokens present, no API key
agent-specific Codex homes: auth_mode = apikey, OPENAI_API_KEY present

The affected agent-specific Codex homes were the main agent, hooks agent, cron-delivery agent, and qwen-cron agent. Each still had an API-key auth shape even while the system-level Codex CLI was logged in with ChatGPT/OAuth.

openclaw models status --json still reported the OpenAI route as usable through the Codex runtime/token path, with shell environment fallback disabled, so the operator-facing status did not make it obvious that the per-agent Codex homes could still use API-key auth.

Impact

This turns the same broad Codex auth/profile state problem into a billing/cost issue:

• GPT model traffic can be charged to the OpenAI API key when the operator expects Codex OAuth.
• The system can look healthy because codex login status and models status report a usable Codex route.
• The failure is not surfaced as an auth-profile incident before cost-bearing usage happens.

Manual repair / verification

The local repair was to back up the four stale agent-specific Codex auth files, replace them with the current ChatGPT/OAuth auth shape, and restart only the OpenClaw gateway so stale Codex app-server child processes would not continue with pre-repair auth state.

After repair:

launchctl OPENAI_API_KEY: unset
system codex login status: Logged in using ChatGPT
all four agent CODEX_HOME codex login status checks: Logged in using ChatGPT
agent auth.json files: auth_mode = chatgpt, OPENAI_API_KEY absent, OAuth token object present
openclaw models status: provider=openai runtime=codex status=usable, synthetic auth source=codex-app-server token, shellEnvFallback=false
openclaw doctor --lint: ok, no findings
openclaw secrets audit: no OpenAI billing-related plaintext/unresolved/shadowed findings

No model-generation call was run as part of verification, to avoid adding more API usage.

Expected behavior

OpenClaw should prevent or loudly surface this state before GPT traffic can silently use API-key auth:

• Codex-harness GPT routes should not fall back to per-agent API-key auth unless explicitly configured and clearly reported.
• models status, doctor, or an auth-profile status surface should detect when system Codex auth is ChatGPT/OAuth but agent-specific Codex homes are still API-key backed.
• If API-key fallback is allowed for any reason, it should be visible as a cost-bearing route decision, not hidden behind a generic runtime=codex status=usable check.

This seems related to the auth-profile/cooldown/operator-visible incident behavior tracked here. It is also adjacent to the closed session-route persistence issue #87436, but this comment is about auth selection/cost-bearing route drift rather than stale openai-codex session metadata.

Redactions: omitted local usernames, absolute home paths, private job names, account identifiers, tokens, chat IDs, and local artifact paths. Kept version, auth-mode shape, route/status fields, and the four generic agent-home categories because those are the actionable reproduction clues.

[Countermarch]

Follow-up live evidence from the same 2026.6.1 deployment: the earlier containment did not hold. Within hours, the operator again saw gpt-5_5-style API-key spend, and the in-product slash status reported:

Model: openai/gpt-5.5 · api-key (openai:default)
Execution: direct · Runtime: OpenAI Codex

What changed since the previous comment

After the prior repair, the system had been verified with agent Codex homes using ChatGPT/OAuth. A later direct Telegram session nevertheless showed the main route selecting openai:default as an API-key profile. Fresh inspection found:

system Codex CLI auth: ChatGPT/OAuth
main agent Codex home: apikey
hooks agent Codex home: apikey
cron-delivery Codex home: ChatGPT/OAuth
qwen-cron Codex home: apikey
main OpenAI profile openai:default: api_key
main OpenAI profile openai:chatgpt-default: oauth

So this is not only a stale status label. The local agent state had actually drifted back into API-key auth for most agent-specific Codex homes, while the system-level Codex CLI login remained ChatGPT/OAuth.

Containment performed locally

The local containment was:

• back up the affected agent auth files and auth-profile stores;
• replace all agent-specific Codex-home auth files with the system ChatGPT/OAuth auth shape;
• change OpenAI openai:default in the agent auth-profile stores from API-key to OAuth;
• preserve/avoid deleting secrets, but prevent the GPT/Codex route from selecting the API-key default profile;
• restart only the OpenClaw gateway.

Post-containment verification

After gateway restart:

launchctl OPENAI_API_KEY: unset
system codex login status: Logged in using ChatGPT
all four agent CODEX_HOME codex login status checks: Logged in using ChatGPT
openclaw models status: provider=openai runtime=codex status=usable
OpenAI profiles in main/hooks/cron-delivery/qwen-cron stores: openai:default=oauth, openai:chatgpt-default=oauth, no OpenAI key refs or API-key profiles
openclaw models status OpenAI provider profile summary: oauth=2, apiKey=0, labels include openai:default=OAuth
secrets audit: clean for plaintext/unresolved/shadowed findings

One unrelated doctor warning remained about a non-OpenAI skill binary; it does not appear related to the auth regression.

Why this is higher impact

This recurrence shows the cost-bearing route can come back after manual repair. The system-level Codex login and general model status are not sufficient indicators. OpenClaw needs either to prevent regeneration/selection of API-key-backed per-agent Codex state for Codex-harness GPT routes, or to emit an explicit high-priority warning when a Codex runtime route is about to use openai:default API-key auth.

Expected behavior: if a route says Runtime: OpenAI Codex, it should not silently use api-key (openai:default) for GPT traffic unless the operator explicitly opted into cost-bearing API-key fallback.

Redactions: omitted local usernames, full filesystem paths, private thread/session names, account identifiers, tokens, and local backup paths.