Codex migration (2026.6.1) drops the gpt-5.5 model when a canonical `openai` provider exists for embeddings — agents go silent

[holgergruenhagen]

Summary

First off — thank you for OpenClaw and for moving the OpenAI Codex handling onto a cleaner, canonical footing in #88605. The intent (no more openai-codex as a first-class runtime/provider id) makes a lot of sense.

We hit a sharp edge of that migration when upgrading to 2026.6.1: the legacy-config migration removed our openai-codex model provider but did not carry its model definition over to the canonical openai provider. The only place our chat model gpt-5.5 was defined was that provider, so after the upgrade the model simply no longer existed — and every agent went silent.

I think the scenario below may not have been considered, because it depends on a perfectly reasonable reason to have both providers configured at the same time.

Why we had a canonical openai provider and an openai-codex provider

These two providers served two different, legitimate purposes with two different auth modes:

• openai (api_key, baseUrl: https://api.openai.com/v1) — existed only to host text-embedding-3-small for memory / vector search (agents.defaults.memorySearch.provider: "openai", model: "text-embedding-3-small"). This is the standard embeddings setup.
• openai-codex (oauth, baseUrl: https://chatgpt.com/backend-api, api: openai-codex-responses) — hosted the actual chat model gpt-5.5, used by every agent via agents.defaults.model.primary: "openai/gpt-5.5" with agentRuntime.id: "codex".

So the canonical openai provider was present, but it was embeddings-only — it did not contain gpt-5.5. The migration treated the existence of any canonical openai provider as "the codex provider is now redundant" and dropped it, taking gpt-5.5 with it.

Root cause

In migrateLegacyOpenAICodexProvider (dist legacy-config-migrations-*.js), the relevant branch is roughly:

if (!hasCanonicalOpenAIProvider(providers)) {
  providers[OPENAI_PROVIDER_ID] = normalized.value;          // move codex -> openai
  changes.push(`Moved models.providers.openai-codex → models.providers.openai.`);
} else {
  changes.push(`Removed models.providers.openai-codex because models.providers.openai already exists.`);
}
delete providers[providerId];

When a canonical openai provider already exists, the codex provider is deleted outright. Its models[] (including gpt-5.5) are not merged into the existing openai provider, and the already-computed normalized.value (with the openai-codex-responses → openai-chatgpt-responses api rename applied) is discarded. The assumption seems to be that a canonical openai provider already covers everything the codex provider did — which isn't true when the two providers hold disjoint models (embeddings vs. the ChatGPT-backend chat model).

This behavior runs both during openclaw doctor --fix and during the post-openclaw update doctor step, so the upgrade applies it automatically.

Impact

After the upgrade, openai/gpt-5.5 was unresolvable. Every agent turn failed. The user-facing symptom chain:

1. Codex app-server auth profile "openai:<account>" was not found. (native Codex path)
2. embedded failover → 401 Unauthorized: Missing bearer or basic authentication in header, url: https://api.openai.com/v1/responses
3. Embedded agent failed before reply: …

Net effect: a fully working multi-agent fleet went completely silent after a routine update, with no obvious pointer that a model had been removed (config still validated cleanly, since the dangling auth profile alone is accepted).

Environment

• OpenClaw: 2026.6.1 (2e08f0f)
• Node: v22.22.2
• Install: npm global (Linux)
• Auth: Codex/ChatGPT OAuth for the chat model; OpenAI api_key path only for embeddings
• Default route: openai/gpt-5.5, agentRuntime.id: "codex"

Steps to reproduce

1. On a pre-6.1 install, configure two model providers:
   • models.providers.openai (api_key) with only an embedding model (e.g. text-embedding-3-small), referenced by agents.defaults.memorySearch.
   • models.providers.openai-codex (oauth, api: openai-codex-responses) with the chat model gpt-5.5.
   • agents.defaults.model.primary: "openai/gpt-5.5", runtime codex.
2. Upgrade to 2026.6.1 (or run openclaw doctor --fix).
3. Observe: models.providers.openai-codex is removed; gpt-5.5 no longer exists under any provider; all agents fail with the auth-profile/401 chain above.

Suggested fix

When removing a "shadowed" openai-codex provider because a canonical openai provider already exists, merge rather than drop:

• Move any models from openai-codex that are not already present in openai into openai.models[].
• Apply the existing openai-codex-responses → openai-chatgpt-responses rename to those moved models (the code already computes this as normalized.value).
• Preserve each moved model's baseUrl (the ChatGPT-backend models rely on a per-model baseUrl, since the openai provider's own baseUrl points at api.openai.com).

That way the canonical-openai-already-exists case keeps both the embeddings model and the ChatGPT-backend chat model, and the migration stays loss-free.

A secondary, lower-priority nicety: when a model route (e.g. openai/gpt-5.5) becomes unresolvable as a result of a migration, surfacing a doctor warning would have made this immediately diagnosable.

Workaround (for anyone hitting this)

1. Add the chat model back into the canonical openai provider's models[], using the new api id and a per-model baseUrl:

   {
     "id": "gpt-5.5",
     "name": "GPT-5.5",
     "baseUrl": "https://chatgpt.com/backend-api",
     "api": "openai-chatgpt-responses",
     "reasoning": false,
     "input": ["text"],
     "cost": { "input": 0, "output": 0, "cacheRead": 0, "cacheWrite": 0 },
     "contextWindow": 200000,
     "contextTokens": 195000,
     "maxTokens": 8192
   }

   (Do not recreate a separate openai-codex provider — it fails 6.1 schema validation, and doctor --fix would remove it again.)
2. Run openclaw doctor --fix to rename the dangling openai-codex:<account> auth profile to the canonical openai:<account> and rewrite references. Existing OAuth credentials are reused — no re-login is required.
3. Restart the gateway. openclaw config validate should be clean and agents respond again.

Thanks again for the great work, and happy to help confirm a fix against this configuration shape.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve. Reviewed June 3, 2026, 7:17 PM ET / 23:17 UTC.

Summary
Current main still contains the shipped migration behavior that deletes a legacy openai-codex provider whenever any canonical openai provider exists, so the reported lossy upgrade path remains actionable.

Reproducibility: yes. A config with models.providers.openai plus models.providers.openai-codex.models[] follows the source branch that deletes the legacy provider when canonical openai exists, although I did not run doctor in this read-only review.

Next step
This is a narrow doctor migration regression with clear source, history, and focused test surfaces.

Review details

Best possible solution:

Keep the canonical openai provider, but have doctor merge non-conflicting normalized legacy openai-codex.models[] entries into it, preserving per-model api, baseUrl, runtime policy, and metadata while skipping or clearly reporting true conflicts.

Do we have a high-confidence way to reproduce the issue?

Yes. A config with models.providers.openai plus models.providers.openai-codex.models[] follows the source branch that deletes the legacy provider when canonical openai exists, although I did not run doctor in this read-only review.

Is this the best way to solve the issue?

Yes. Merging normalized disjoint model rows in the doctor migration is the narrowest maintainable fix because runtime stays canonical while user-owned model metadata is not lost.

AGENTS.md: found and applied where relevant.

Remaining risk / open question:

• I did not execute openclaw doctor --fix against a synthetic config because this review is read-only, so the reproduction is source-proven rather than runtime-run.
• The built-in OpenAI catalog contains gpt-5.5, so some installs may avoid a pure unknown-model failure; the remaining actionable bug is still that custom legacy model rows and per-model metadata are discarded instead of migrated.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 116bc2a0f0c4.

Label changes

Label changes:

• add P1: The report describes a latest-release upgrade regression that can break OpenAI/Codex-backed agent turns for existing multi-provider configs.
• add impact:data-loss: The migration deletes legacy configured model rows instead of preserving them under the canonical provider.
• add impact:message-loss: The user-visible symptom is agents failing before they can reply after upgrade.
• add impact:auth-provider: The dropped provider/model metadata affects OpenAI/Codex provider routing, auth mode, and model resolution.
• add issue-rating: 🦞 diamond lobster: Current issue advisory state selects this label.
• add clawsweeper:source-repro: Current issue advisory state selects this label.
• add clawsweeper:queueable-fix: Current issue advisory state selects this label.
• add clawsweeper:fix-shape-clear: Current issue advisory state selects this label.

Label justifications:

• P1: The report describes a latest-release upgrade regression that can break OpenAI/Codex-backed agent turns for existing multi-provider configs.
• impact:data-loss: The migration deletes legacy configured model rows instead of preserving them under the canonical provider.
• impact:auth-provider: The dropped provider/model metadata affects OpenAI/Codex provider routing, auth mode, and model resolution.
• impact:message-loss: The user-visible symptom is agents failing before they can reply after upgrade.

Evidence reviewed

Acceptance criteria:

• node scripts/run-vitest.mjs src/commands/doctor/shared/legacy-config-migrate.test.ts -- --reporter=dot
• node scripts/run-vitest.mjs src/commands/doctor/shared/legacy-config-migrations.runtime.models.test.ts -- --reporter=dot

What I checked:

• Current migration drops the legacy provider in the shadowed case: On current main, migrateLegacyOpenAICodexProvider normalizes the legacy provider but, when hasCanonicalOpenAIProvider(providers) is true, records removal and deletes the legacy provider without merging its models[] into openai. (src/commands/doctor/shared/legacy-config-migrations.runtime.models.ts:997, 116bc2a0f0c4)
• Existing test locks the lossy branch: The current test named records removal when canonical OpenAI provider already exists expects the canonical openai provider to remain unchanged and openai-codex to be absent, with no coverage for preserving disjoint model rows. (src/commands/doctor/shared/legacy-config-migrate.test.ts:104, 116bc2a0f0c4)
• Doctor applies this migration path: migrateLegacyConfig calls applyLegacyDoctorMigrations, and that migration set includes the runtime model migrations containing models.providers.openai-codex->models.providers.openai. (src/commands/doctor/shared/legacy-config-migrate.ts:10, 116bc2a0f0c4)
• Shipped release has the same behavior: The v2026.6.1 tag points at the latest release commit and its tagged source still contains the same Removed models.providers.openai-codex because models.providers.openai already exists branch. (src/commands/doctor/shared/legacy-config-migrations.runtime.models.ts:997, 2e08f0f4221f)
• Regression provenance: The branch came from the merged OpenAI Codex legacy-doctor refactor, whose summary explicitly moved legacy provider cleanup into doctor including shadowed openai-codex removal. (src/commands/doctor/shared/legacy-config-migrations.runtime.models.ts:997, 00d17e9df784)
• Codex auth contract checked: The sibling Codex source distinguishes API-key and ChatGPT auth modes, defaults stored auth without an API key to ChatGPT, and builds bearer headers from either API key or ChatGPT token data; this supports treating the OpenAI/Codex auth route as a real dependency boundary rather than a string-only rename. (codex-rs/login/src/auth/manager.rs:49, 4d4837c49513)

Likely related people:

• steipete: The linked merged refactor that added the shadowed-provider removal branch was authored as refactor: make OpenAI Codex legacy doctor-only and changed the migration and tests for this exact surface. (role: introduced behavior; confidence: high; commits: 00d17e9df784; files: src/commands/doctor/shared/legacy-config-migrations.runtime.models.ts, src/commands/doctor/shared/legacy-config-migrate.test.ts)
• Vincent Koc: The shallow current-main history and latest release commit both touch the same legacy migration/test files, making this a plausible routing candidate for current release-state context. (role: recent area contributor; confidence: medium; commits: 344e04b5d559, 2e08f0f4221f; files: src/commands/doctor/shared/legacy-config-migrations.runtime.models.ts, src/commands/doctor/shared/legacy-config-migrate.test.ts)

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[ooiuuii]

Adding another 2026.6.1 upgrade datapoint.

Environment (sanitized):

• Windows / official npm upgrade: 2026.5.28 (e932160) -> 2026.6.1 (2e08f0f).
• Existing setup used Codex OAuth/subscription before upgrade.
• Desired post-migration route: canonical openai/gpt-5.5 plus agentRuntime.id: "codex".

What happened:

• doctor --fix identified the Codex migration/plugin direction and installed/enabled the Codex plugin path, but the config write did not fully land for all old model refs.
• Existing real entrypoints still had openai-codex/gpt-5.5 refs after the first pass, including defaults/main agent state.
• New-session smoke was green, but real Telegram direct/main still failed with Unknown model: openai-codex/gpt-5.5 until those residual refs were manually fixed.

Expected behavior:

• The migration should be atomic/complete for durable config, not just enough for a new-session smoke.
• If openai-codex/* is accepted as legacy migration input, all relevant durable config locations should be rewritten or explicitly reported as unresolved.
• The repair should ensure the codex runtime/plugin requirement is satisfied when producing openai/gpt-5.5 + agentRuntime.id: "codex".

I plan to follow up with a focused PR for config migration coverage first, separate from session-store migration/status display changes.

[ooiuuii]

Opened PR #90317 as the focused PR1 for config-migration coverage.

Scope:

• covers a live 6.1 upgrade shape with agents.defaults.model plus multiple agents.list[].model entries still on openai-codex/gpt-5.5
• asserts doctor repair rewrites them to openai/gpt-5.5, preserves Codex intent via agentRuntime.id = "codex", and enables/adds the codex plugin when a restrictive allowlist exists

This intentionally does not cover session-store persistence or route re-persistence; I will keep those in separate PRs linked to #90036.