fix(agents): detect Cloudflare challenge pages and provide actionable error message

[SARAMALI15792]

Summary

• Problem: Cloudflare returns 403 with JS Challenge page when openai-codex provider accessed via proxy from mainland China. Current error message says "Authentication failed" which is misleading — the issue is TLS fingerprint detection, not auth.
• Why it matters: Users waste time re-authenticating when the real fix is a reverse proxy with browser-like TLS fingerprint.
• What changed: Added cloudflare_challenge failure kind to detect Cloudflare challenge pages (403 with cf-browser-verification, challenges.cloudflare.com, etc.) and return actionable error message explaining TLS fingerprinting + reverse proxy workaround.
• What did NOT change: Generic 403 HTML errors still classified as auth_html_403. No changes to transport layer, provider config, or TLS implementation.

Change Type (select all)

• Bug fix
• Feature
• Refactor required for the fix
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Closes [Bug] openai-codex provider blocked by Cloudflare JS Challenge when accessed via proxy in mainland China #67670
• Related fix(agents): classify Cloudflare/CDN HTML error pages as transport failures #67642 (Cloudflare HTML error classification for 5xx)
• This PR fixes a bug or regression

Root Cause (if applicable)

• Root cause: classifyProviderRuntimeFailureKind classifies all 403 HTML responses as auth_html_403 without checking for Cloudflare-specific challenge patterns. Cloudflare challenge pages contain distinctive markers (cf-browser-verification, challenges.cloudflare.com) that distinguish them from genuine auth failures.
• Missing detection / guardrail: No pattern matching for Cloudflare challenge page signatures before falling through to generic 403 HTML classification.
• Contributing context: Issue fix(agents): classify Cloudflare/CDN HTML error pages as transport failures #67642 fixed Cloudflare 5xx HTML classification but didn't address 403-specific challenge pages.

Regression Test Plan (if applicable)

• Coverage level that should have caught this:
  • Unit test
  • Seam / integration test
  • End-to-end test
  • Existing coverage already sufficient
• Target test or file: src/agents/pi-embedded-helpers/provider-error-patterns.test.ts
• Scenario the test should lock in: 403 HTML with Cloudflare challenge patterns (cf-browser-verification, challenges.cloudflare.com, _cf_chl_, just a moment, ray id:) returns cloudflare_challenge failure kind, not auth_html_403.
• Why this is the smallest reliable guardrail: Unit test directly verifies classification logic with minimal HTML fixture containing only Cloudflare challenge markers.
• Existing test that already covers this: None (new functionality).
• If no new test is added, why not: N/A (3 new tests added).

User-visible / Behavior Changes

Before: Users seeing Cloudflare 403 challenges get misleading error:

"Authentication failed with an HTML 403 response from the provider. Re-authenticate and verify your provider account access."

After: Users get actionable error explaining root cause and workaround:

"Cloudflare blocked the request with a browser challenge (HTTP 403). Node.js TLS fingerprint was detected as non-browser traffic. Set up a local reverse proxy using a browser-compatible HTTP client (e.g. Python cloudscraper) and point the provider's baseUrl to it."

Diagram (if applicable)

Before:
403 + Cloudflare challenge HTML → classifyProviderRuntimeFailureKind
  → isHtmlErrorResponse(403) → "auth_html_403"
  → "Authentication failed" (misleading)

After:
403 + Cloudflare challenge HTML → classifyProviderRuntimeFailureKind
  → isCloudflareChallengePage(403) → "cloudflare_challenge"
  → "Cloudflare blocked... TLS fingerprint... reverse proxy" (actionable)

403 + generic HTML → classifyProviderRuntimeFailureKind
  → isHtmlErrorResponse(403) → "auth_html_403" (unchanged)

Security Impact (required)

• New permissions/capabilities? No
• Secrets/tokens handling changed? No
• New/changed network calls? No
• Command/tool execution surface changed? No
• Data access scope changed? No

Repro + Verification

Environment

• OS: macOS 26.3 (arm64), Windows 11 Pro
• Runtime/container: Node.js v22.22.2
• Model/provider: openai-codex (chatgpt.com/backend-api)
• Integration/channel: N/A
• Relevant config: Proxy routing traffic through VPN/Quantumult X from mainland China

Steps

1. Configure openai-codex provider with valid OAuth token
2. Route traffic through proxy from mainland China (or any region where Cloudflare triggers JS challenges for Node.js TLS fingerprints)
3. Attempt LLM request via openai-codex provider
4. Observe 403 response with Cloudflare challenge HTML

Expected

Error message explains TLS fingerprint detection and suggests reverse proxy workaround.

Actual

Before fix: "Authentication failed with an HTML 403 response from the provider."
After fix: "Cloudflare blocked the request with a browser challenge (HTTP 403). Node.js TLS fingerprint was detected as non-browser traffic. Set up a local reverse proxy using a browser-compatible HTTP client (e.g. Python cloudscraper) and point the provider's baseUrl to it."

Evidence

• Failing test/log before + passing after
• Trace/log snippets
• Screenshot/recording
• Perf numbers (if relevant)

Test results:

• 3 new tests added, all passing (39/39 total in test suite)
• Test: "classifies 403 Cloudflare challenge as cloudflare_challenge" ✅
• Test: "classifies non-Cloudflare 403 HTML as auth_html_403 (regression guard)" ✅
• Test: "formats Cloudflare challenge error with TLS fingerprint guidance" ✅

Human Verification (required)

Verified scenarios:

• Cloudflare challenge HTML (with cf-browser-verification, challenges.cloudflare.com, _cf_chl_, just a moment, ray id:) → cloudflare_challenge classification
• Generic 403 HTML (no Cloudflare patterns) → auth_html_403 classification (regression guard)
• Error message contains "Cloudflare blocked", "TLS fingerprint", "reverse proxy", "cloudscraper"

Edge cases checked:

• 403 HTML without Cloudflare patterns still returns auth_html_403
• Non-403 status codes with Cloudflare patterns do not trigger cloudflare_challenge (status check first)
• HTML responses without cf-browser-verification or other markers fall through to generic classification

What I did NOT verify:

• Actual Cloudflare challenge page in production (requires mainland China proxy setup)
• Integration with live openai-codex provider endpoint

Review Conversations

• I replied to or resolved every bot review conversation I addressed in this PR.
• I left unresolved only the conversations that still need reviewer or maintainer judgment.

Compatibility / Migration

• Backward compatible? Yes
• Config/env changes? No
• Migration needed? No

Risks and Mitigations

• Risk: False positives — generic HTML pages containing "cloudflare" text might get misclassified as challenges.

  • Mitigation: Regex requires multiple CF-specific patterns (cf-browser-verification, challenges.cloudflare.com, etc.), not just keyword "cloudflare". Pattern is case-insensitive and matches partial strings safely.

• Risk: Cloudflare changes challenge page structure, patterns no longer match.

  • Mitigation: Regex covers multiple stable markers (div ID, script domain, form field prefix, heading text, Ray ID footer). Unlikely all change simultaneously. If needed, patterns can be updated in future PR.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 1f46fbd85f

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Require Cloudflare-specific markers for challenge detection

The new CLOUDFLARE_CHALLENGE_RE matches on generic phrases like just a moment by itself, so any non-Cloudflare 403 HTML page containing that text will now be classified as cloudflare_challenge. In that scenario, users get a TLS/proxy workaround message instead of the correct auth/access guidance, which can send debugging in the wrong direction. Consider requiring at least one Cloudflare-unique token (for example cf-browser-verification or challenges.cloudflare.com) or a multi-signal match before returning cloudflare_challenge.

Useful? React with 👍 / 👎.

[greptile-apps]

Greptile Summary

This PR adds cloudflare_challenge detection to classifyProviderRuntimeFailureKind, routing 403 HTML responses that contain Cloudflare-specific markers (cf-browser-verification, challenges.cloudflare.com, _cf_chl_, etc.) to a new actionable error message instead of the generic "Authentication failed" copy. The implementation is correctly ordered (Cloudflare check before the generic HTML 403 branch), backward-compatible (non-CF 403 HTML still returns auth_html_403), and covered by three targeted regression tests. The unrelated .worktrees/ addition to .gitignore appears to have come along via a merge commit and is not part of the core change.

Confidence Score: 5/5

Safe to merge — no P0 or P1 issues; all findings are P2 or lower.

The Cloudflare challenge detection is correctly gated (status 403 + valid HTML structure + CF-specific regex), backward-compatible, and tested with a regression guard. The unrelated .gitignore addition is benign.

No files require special attention.

_{Reviews (1): Last reviewed commit: "test(agents): verify Cloudflare challeng..." | Re-trigger Greptile}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2bc556ecb7

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Require challenge-specific markers before classifying 403 pages

This regex classifies any 403 HTML containing Ray ID: as cloudflare_challenge, but Cloudflare’s non-challenge “Sorry, you have been blocked” pages also include a Ray ID footer, so blocked-IP/WAF cases will get the TLS-fingerprint workaround message even when no browser challenge exists. Fresh evidence: the matcher is a single OR-list, so ray id: alone is sufficient to return cloudflare_challenge. Tightening this to require at least one challenge-specific token (for example cf-browser-verification, _cf_chl_, or challenges.cloudflare.com) would avoid misdirecting users.

Useful? React with 👍 / 👎.

[steipete]

Codex deep review: not merge-ready yet; the classifier direction is useful, but this adds a new runtime failure kind without updating the existing raw-error suppression paths.

What this is trying to fix:

• Issue #67670 reports openai-codex behind a mainland China proxy getting Cloudflare 403 browser-challenge HTML.
• Current main classifies 403 HTML as auth_html_403, which gives misleading auth guidance.
• #67642 already fixed the non-403 CDN HTML path; this PR handles the 403 challenge variant.

Blocking fix needed:

• src/agents/pi-embedded-subscribe.handlers.lifecycle.ts suppresses rawError=... console suffixes for auth_html_403, auth_scope, and auth_refresh.
• src/agents/pi-embedded-runner/run/failover-observation.ts has the same suppression list.
• This PR changes Cloudflare 403 challenge HTML from auth_html_403 to cloudflare_challenge, but does not add the new kind to either suppression list. Result: the same HTML page that was previously suppressed can be appended again as rawError=<html preview...> in lifecycle/failover console output.

Suggested patch:

• Add cloudflare_challenge to both suppression lists.
• Add focused tests for lifecycle/failover observation proving Cloudflare challenge errors keep the friendly message and do not append raw HTML in consoleMessage.

Other cleanup:

• Drop the unrelated .gitignore .worktrees/ change from this PR.
• The dependency/workaround itself is plausible: upstream VeNoMouS/cloudscraper has a 3.0.0 release in 2025 and recent repo activity, but I would keep the product copy cautious. Say Cloudflare returned a browser challenge and suggest a trusted local/browser-compatible proxy; avoid making “Node TLS fingerprint was detected” sound more certain than the runtime can prove from an HTML page alone.

Once the suppression/test gap is fixed, this looks like the right continuation of #67642 rather than a duplicate/close candidate.

[SARAMALI15792]

All review feedback addressed — here's what changed:

Regex tightened (errors.ts)
Removed \bjust a moment\b and \bray id: from CLOUDFLARE_CHALLENGE_RE. Both tokens appear on non-challenge Cloudflare pages (WAF blocks, generic nginx 403s), causing misclassification. The regex now requires at least one of the three challenge-specific tokens: cf-browser-verification, challenges.cloudflare.com, or _cf_chl_. Two regression tests added to prove a WAF block page and a generic "just a moment" 403 both fall back to auth_html_403.

Raw-error suppression added to both paths (lifecycle.ts, failover-observation.ts)
Added cloudflare_challenge to shouldSuppressRawErrorConsoleSuffix in both files so the HTML preview no longer leaks as rawError=<html...> in console output. A focused test in each file verifies the consoleMessage contains no rawError= suffix when the error kind is cloudflare_challenge.

Error message copy made cautious (errors.ts)
Replaced "Node.js TLS fingerprint was detected as non-browser traffic" with "Cloudflare returned a browser challenge (HTTP 403). Try routing requests through a trusted local or browser-compatible proxy and pointing the provider's baseUrl to it." — no causal claim about TLS fingerprinting.

Unrelated .gitignore entry removed
.worktrees/ dropped.

All affected tests pass. Branch is up to date with upstream main.

[clawsweeper]

Codex review: needs real behavior proof before merge.

Latest ClawSweeper review: 2026-05-19 22:59 UTC / May 19, 2026, 6:59 PM ET.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
Adds a cloudflare_challenge provider runtime failure kind with 403 HTML marker detection, browser-compatible proxy guidance, raw HTML console-suffix suppression, focused tests, and a net .gitignore ordering change.

Reproducibility: yes. at source level: current main routes status-prefixed 403 HTML provider responses through auth_html_403 with auth-oriented guidance, and the PR fixtures exercise representative Cloudflare challenge HTML. No live regional Cloudflare/proxy run was established here.

PR rating
Overall: 🦪 silver shellfish
Proof: 🦪 silver shellfish
Patch quality: 🦐 gold shrimp
Summary: The patch is a useful narrow fix, but real behavior proof is missing and one source-level matcher gap remains.

Rank-up moves:

• Add redacted after-fix proof from the affected provider/proxy path; redact private IPs, tokens, phone numbers, endpoints, and other private details.
• Include cdn-cgi/challenge-platform and challenge-error-text as challenge-specific 403 markers while keeping WAF false-positive guards.
• Remove the .gitignore ordering change.

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

Real behavior proof
Needs real behavior proof before merge: Needs contributor action: the PR provides fixture/unit-test evidence only and says the production Cloudflare/provider route was not verified; add redacted terminal/live output, logs, screenshot, recording, or a linked artifact, then update the PR body for fresh ClawSweeper review.

Risk before merge

• The full affected mainland-China/proxy Cloudflare path still has no after-fix real behavior proof from the contributor's setup.
• The matcher can miss 403 challenge pages that use cdn-cgi/challenge-platform and challenge-error-text without _cf_chl_, leaving misleading auth guidance in place.
• The branch still carries unrelated .gitignore ordering churn.

Maintainer options:

1. Decide the mitigation before merge
   Keep the narrow diagnostic classifier, align it with existing challenge-specific markers while preserving WAF false-positive guards, drop unrelated churn, and require redacted after-fix real behavior proof before merge.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge
Contributor/human handling is needed for redacted real behavior proof; automation should not queue a repair while the PR still lacks proof from the affected setup.

Security
Cleared: The diff only changes local error classification, error copy, console suppression, tests, and .gitignore, with no new dependencies, CI, permissions, network calls, or secret-handling paths.

Review findings

• [P2] Cover the existing challenge markers — src/agents/pi-embedded-helpers/errors.ts:335
• [P3] Drop the unrelated gitignore reorder — .gitignore:1

Review details

Best possible solution:

Keep the narrow diagnostic classifier, align it with existing challenge-specific markers while preserving WAF false-positive guards, drop unrelated churn, and require redacted after-fix real behavior proof before merge.

Do we have a high-confidence way to reproduce the issue?

Yes at source level: current main routes status-prefixed 403 HTML provider responses through auth_html_403 with auth-oriented guidance, and the PR fixtures exercise representative Cloudflare challenge HTML. No live regional Cloudflare/proxy run was established here.

Is this the best way to solve the issue?

No, not yet. A distinct failure kind with cautious browser-compatible proxy copy is the right narrow direction, but the matcher should cover existing challenge-specific markers and the PR still needs real behavior proof.

Label justifications:

• P2: This is a focused provider-error diagnostic bug fix with limited blast radius, but it still has a source-level matcher gap and proof gate before merge.
• rating: 🦪 silver shellfish: Current PR rating is 🦪 silver shellfish because proof is 🦪 silver shellfish, patch quality is 🦐 gold shrimp, and The patch is a useful narrow fix, but real behavior proof is missing and one source-level matcher gap remains.
• status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs real behavior proof before merge: Needs contributor action: the PR provides fixture/unit-test evidence only and says the production Cloudflare/provider route was not verified; add redacted terminal/live output, logs, screenshot, recording, or a linked artifact, then update the PR body for fresh ClawSweeper review.

Full review comments:

• [P2] Cover the existing challenge markers — src/agents/pi-embedded-helpers/errors.ts:335
  The new matcher only recognizes cf-browser-verification, challenges.cloudflare.com, or _cf_chl_, but current main already treats cdn-cgi/challenge-platform and challenge-error-text as Cloudflare challenge signals. A 403 challenge page with those markers but no _cf_chl_ still falls through to auth_html_403, so please add those challenge-specific markers without reintroducing the Ray ID or Just a moment false positives.
  Confidence: 0.87
• [P3] Drop the unrelated gitignore reorder — .gitignore:1
  The net diff still moves .worktrees/ from its existing position to the top of .gitignore, even though this PR is scoped to agent error classification. Please keep .gitignore identical to current main so the branch does not carry unrelated churn.
  Confidence: 0.9

Overall correctness: patch is incorrect
Overall confidence: 0.87

What I checked:

• current_main_routes_403_html_to_auth: Current main has no cloudflare_challenge failure kind and classifies any detected 403 HTML provider runtime response as auth_html_403, which still formats as re-authentication guidance. (src/agents/pi-embedded-helpers/errors.ts:973, ecb6da9289b1)
• existing_shared_challenge_markers: Current main already recognizes standalone Cloudflare challenge pages using cdn-cgi/challenge-platform, challenge-error-text, and the JavaScript/cookies challenge copy. (src/shared/assistant-error-format.ts:16, ecb6da9289b1)
• pr_matcher_gap: The PR head matcher only accepts cf-browser-verification, challenges.cloudflare.com, or _cf_chl_, so a status-prefixed 403 challenge page containing only the existing shared markers can still fall through to auth_html_403. (src/agents/pi-embedded-helpers/errors.ts:335, 6a0fd43f3c95)
• pr_improves_suppression_and_tests: The PR adds the new failure kind to both raw-error console suffix suppression paths and adds focused classifier/formatter/lifecycle/failover tests. (src/agents/pi-embedded-runner/run/failover-observation.ts:60, 6a0fd43f3c95)
• proof_gate_still_open: The PR body lists tests and fixture scenarios, but explicitly says the actual Cloudflare challenge page and live openai-codex provider endpoint were not verified. (6a0fd43f3c95)
• related_prior_html_classification: Merged PR 67642 introduced the related HTML provider error classification work that preserved generic 403 HTML as auth-oriented while adding non-403 upstream HTML handling. (src/agents/pi-embedded-helpers/errors.ts:973, e588e904a744)

Likely related people:

• stainlu: Auth/non-auth HTML provider response classification is tied to the merged Cloudflare/CDN HTML error-page work that this PR extends. (role: introduced related behavior; confidence: high; commits: e588e904a744; files: src/agents/pi-embedded-helpers/errors.ts, src/agents/pi-embedded-helpers/provider-error-patterns.test.ts, src/agents/pi-embedded-helpers.formatassistanterrortext.test.ts)
• chris-yyau: Authored the standalone Cloudflare challenge HTML diagnostic path and shared markers that the new 403 classifier should align with. (role: adjacent challenge-diagnostic contributor; confidence: high; commits: 36dd58ac2a5d, 59caf03d6783; files: src/shared/assistant-error-format.ts, src/agents/pi-embedded-helpers.formatassistanterrortext.test.ts, src/agents/pi-embedded-helpers.isbillingerrormessage.test.ts)
• Eva: Added the OpenAI Codex auth/runtime failure classification and formatter surface that owns auth_html_403. (role: introduced current runtime failure classifier; confidence: medium; commits: 8166d592d92f; files: src/agents/pi-embedded-helpers/errors.ts, src/agents/pi-embedded-subscribe.handlers.lifecycle.ts)
• altaywtf: Introduced embedded error observation helpers and the failover/lifecycle observation paths that the PR updates for raw HTML suppression. (role: adjacent observation owner; confidence: medium; commits: 87d939be7936; files: src/agents/pi-embedded-error-observation.ts, src/agents/pi-embedded-runner/run/failover-observation.ts, src/agents/pi-embedded-subscribe.handlers.lifecycle.ts)
• steipete: Provided substantive review on this PR and recently touched adjacent fallback failure observability/error surfaces. (role: recent reviewer and adjacent contributor; confidence: high; commits: 0e586bb48a31; files: src/agents/pi-embedded-helpers/errors.ts, src/agents/pi-embedded-runner/run/failover-observation.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against ecb6da9289b1.

[clawsweeper]

ClawSweeper PR egg

🎁 Pass real behavior proof to wake the egg and unlock a hatchable treat.

Where did the egg go?

• The egg game starts only after the PR passes the real-behavior proof check.
• Before that, no creature or rarity is rolled. The treat waits for real proof.
• This is still just collectible flavor: proof affects review readiness, not creature quality.

[steipete]

Thanks for the patch. Closing with #67670 because this targets the legacy provider-direct openai-codex Cloudflare path.

Current supported config is canonical openai/gpt-* on the Codex runtime, with legacy openai-codex/* refs repaired by doctor. If the challenge-page failure still reproduces on the canonical route, we should handle that as a fresh current-path bug.