Session model route drifts from openai/gpt-5.5 to openai-codex/gpt-5.5 with native Codex runtime

[nexic-hh]

Summary

With canonical OpenAI defaults and native Codex runtime, a Telegram direct session drifts back from the desired user-facing model route openai/gpt-5.5 to openai-codex/gpt-5.5 after a live Codex turn.

This is not just the expected auth profile display. The /status model line is composed from session state as openai-codex/gpt-5.5, while the desired and configured route is openai/gpt-5.5.

Environment

• OpenClaw: 2026.5.28 (e932160)
• macOS: 26.5 (25F71)
• Channel: Telegram direct message
• Runtime: native Codex / OpenAI Codex
• Codex plugin: enabled (@openclaw/codex)
• Default model route: openai/gpt-5.5
• Auth profile: openai-codex:<account> OAuth profile

Relevant config / diagnostics

Static config looks canonical and passes validation:

• openclaw config validate succeeds.
• openclaw models status --plain reports openai/gpt-5.5.
• agents.defaults.model.primary = openai/gpt-5.5.
• No static openai-codex/gpt-* model route is configured.
• No models.providers.openai-codex override is configured.
• auth.order.openai = [ "openai-codex:<account>" ].
• plugins.entries.codex.enabled = true.
• codexDynamicToolsLoading = "searchable".

The auth split also appears intentional for this installed version:

• openclaw models auth list --provider openai shows openai-codex:<account> as usable under OpenAI.
• openclaw models auth list --provider openai-codex shows the same profile.
• openclaw models status --probe --probe-provider openai reports runtime auth along the lines of: openai via codex uses openai-codex ... status=usable.
• Running openclaw models auth login --provider openai --profile-id openai:<account> --device-code still launches the Codex device flow and stores/keeps the profile as openai-codex:<account>, not openai:<account>.

So openai-codex:<account> as an auth profile seems valid, but it appears to leak into the session's model provider.

Steps to reproduce

1. Configure OpenAI/Codex subscription auth so the canonical model route is openai/gpt-5.5.
2. Use native Codex runtime, either omitted runtime or agentRuntime.id = "codex".
3. Ensure the Codex OAuth profile is stored as openai-codex:<account> under auth.order.openai.
4. Run openclaw doctor --fix --non-interactive or manually reset the current session to openai/gpt-5.5.
5. Confirm status shows:
   • Model: openai/gpt-5.5
   • Auth: openai-codex:<account>
   • Runtime: OpenAI Codex
6. Send a Telegram DM turn through the live agent.
7. Check /status or session status again.

Expected behavior

The user-facing session model route should remain:

Model: openai/gpt-5.5
Auth: openai-codex:<account>
Runtime: OpenAI Codex

The auth/transport identity may be openai-codex, but it should not replace the logical model provider in session state.

Actual behavior

After a live turn, the same session drifts back to:

Model: openai-codex/gpt-5.5
Auth: openai-codex:<account>
Runtime: OpenAI Codex

Manually resetting the current session to openai/gpt-5.5 restores the desired display temporarily, but the drift returns after the next live run.

doctor --fix can clean stale openai-codex/* session pins, but the next live Codex run can re-persist modelProvider="openai-codex".

Source-level hypothesis from installed dist

From the installed 2026.5.28 dist files:

• agent-runner.runtime-*.js has a persistSessionUsageUpdate() path that writes params.providerUsed back into entry.modelProvider.
• providerUsed appears to derive from runResult.meta?.agentMeta?.provider.
• For native Codex turns, the Codex app-server metadata reports provider/transport as openai-codex with model gpt-5.5.
• That value then appears to be persisted into sessionEntry.modelProvider, producing the composed route openai-codex/gpt-5.5.

This looks like a semantic mix between:

• logical/user-facing model provider: openai
• auth/transport/provider used by Codex OAuth: openai-codex
• model id: gpt-5.5

Related issue

Possibly related but not identical to #90021. That issue is about explicit agentRuntime.id="openclaw" appearing to switch into Codex runtime. This report is for the native Codex runtime path, where Codex runtime is expected, but the session model route itself drifts from openai/gpt-5.5 to legacy-looking openai-codex/gpt-5.5.

Question

Should sessionEntry.modelProvider preserve the requested logical provider (openai) instead of the returned Codex auth/transport provider (openai-codex)?

Alternatively, should status/session composition normalize openai-codex metadata back to openai when the selected route is canonical openai/gpt-* and the openai-codex:<account> value is only the auth profile?

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve. Reviewed June 3, 2026, 6:36 PM ET / 22:36 UTC.

Summary
Codex review failed: timeout.

Reproducibility: unclear. The review failed before ClawSweeper could establish a reproduction path.

Ways to help us reproduce this

• Add a screenshot or short recording showing the behavior.
• Include the exact command, prompt, or workflow that triggered it.
• Add expected vs actual behavior.

Next step
Review did not complete, so no work-lane recommendation was made.

Review details

Best possible solution:

Retry the Codex review after fixing the execution failure.

Do we have a high-confidence way to reproduce the issue?

Unclear. The review failed before ClawSweeper could establish a reproduction path.

Is this the best way to solve the issue?

Unclear. Retry the review first so ClawSweeper can evaluate the actual issue and fix direction.

AGENTS.md: unclear because the file could not be read completely.

Remaining risk / open question:

• No close action taken because the review did not complete.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 95045b1d5bb2.

Label changes

Label changes:

• add issue-rating: 🦪 silver shellfish: Current issue advisory state selects this label.
• add clawsweeper:needs-info: Current issue advisory state selects this label.

Evidence reviewed

What I checked:

• failure reason: timeout.
• codex failure detail: Codex review failed for this issue: spawnSync codex ETIMEDOUT.
• codex stdout: Per-item Codex failure; continuing with the rest of the shard.

Likely related people:

• unknown: Codex failed before it could trace repository history. (role: review did not complete; confidence: low)

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[ooiuuii]

Adding a fresh 2026.6.1 real-upgrade datapoint that matches this issue.

Environment (sanitized):

• Windows gateway upgraded official npm package from 2026.5.28 (e932160) to 2026.6.1 (2e08f0f).
• Channel: Telegram direct session, plus dashboard/Discord sessions present.
• Intended route after migration: openai/gpt-5.5 with native Codex runtime (agentRuntime.id: "codex") and OAuth auth profile.

Observed failure:

• A new smoke session worked after migration.
• The existing real Telegram direct/main entry still failed with:
  • Unknown model: openai-codex/gpt-5.5
• Root cause found locally: old user-facing model refs/session state were not fully migrated. In particular, the live config still had old refs in agents.defaults.model / agents.list.main.model until manually repaired.

After manual repair:

• Config has agents.defaults.model = openai/gpt-5.5 and all agent model refs use openai/gpt-5.5.
• codex plugin is enabled/allowed.
• Existing Telegram direct session smoke passed (TELEGRAM_SESSION_SMOKE_OK).

Remaining relevant evidence:

• Even after cleanup, retained existing sessions can still contain session metadata like providerOverride=openai-codex while the desired user-facing route is openai/gpt-5.5 + Codex runtime. This makes /status / route resolution easy to drift or display misleadingly.

I am preparing small PRs rather than one large patch:

1. config migration coverage for old openai-codex/* refs,
2. session-store route normalization for existing channel sessions,
3. guard against Codex harness metadata re-persisting legacy user-facing routes.

[ooiuuii]

For traceability: PR #90317 is the first small PR from the live-upgrade investigation, but it is intentionally scoped to config-migration coverage only.

It covers the config side of the failure mode (agents.defaults.model and several agents.list[].model entries left on openai-codex/gpt-5.5). Session-store repair and preventing later legacy route re-persistence remain separate PRs for this issue.

[ooiuuii]

Opened PR #90319 as the focused PR2 for persisted session-store route coverage.

Scope:

• covers a Telegram direct session key with stale openai-codex provider route state
• asserts repair moves the route to canonical openai while preserving canonical OpenAI auth-profile pins (openai:*)
• asserts stale Codex runtime/session override pins are cleared after the route repair

This is separate from PR #90317 (config migration coverage). The remaining PR3 scope is preventing legacy route re-persistence after model selection/runtime handling.

[ooiuuii]

Opened PR #90321 as the focused PR3 for preventing legacy route re-persistence.

Scope:

• canonicalizes session runtime model pairs at the setSessionRuntimeModel() persistence helper boundary
• prevents future completed runs from writing modelProvider: "openai-codex" or model: "openai-codex/*" back into session state
• complements PR Add Codex session route migration coverage #90319, which only repairs already-persisted stale session routes

Current split:

• PR Add Codex multi-agent config migration coverage #90317: config migration coverage
• PR Add Codex session route migration coverage #90319: persisted session-store repair coverage
• PR Normalize legacy Codex session runtime state #90321: prevent future session runtime state from re-persisting legacy Codex routes