fix(openai-codex): avoid stale Responses replay state

[MkDev11]

Summary

• Problem: native ChatGPT Codex Responses turns could carry session-scoped request/cache/replay state across Telegram turns after tool calls.
• Why it matters: stale prior assistant/tool-call state can make a fresh user message receive an old assistant reply.
• What changed: turn-scope native Codex request identity, strip native Codex prompt_cache_key, and avoid replaying prior Responses reasoning/message/function item IDs for native Codex.
• What did NOT change (scope boundary): custom/proxy Codex-compatible endpoints still keep compatible cache/replay behavior; lossless-claw memory reconciliation is not changed here.

Change Type

• Bug fix

Scope

• Gateway / orchestration
• API / contracts

Linked Issue/PR

• Refs [Bug]: openai-codex Telegram session replays prior assistant reply to unrelated turns when the prior turn included a tool call (transport state-chaining + LCM glob) #76413
• This PR fixes the OpenClaw core transport/replay portion of the reported bug or regression

Root Cause

• Root cause: native ChatGPT Codex Responses reused session-scoped request identity, prompt_cache_key, and prior Responses item IDs across turns.
• Missing detection / guardrail: tests covered native Codex metadata stripping but still expected prompt_cache_key and replay IDs to survive.
• Contributing context: the private ChatGPT Codex backend does not behave like the public OpenAI Responses API for these replay/cache fields.

Regression Test Plan

• Coverage level that should have caught this:
  • Unit test
• Target test or file:
  • extensions/openai/transport-policy.test.ts
  • src/agents/openai-transport-stream.test.ts
• Scenario the test should lock in:
  • native ChatGPT Codex stream turns use turn-scoped x-client-request-id
  • native ChatGPT Codex payloads strip prompt_cache_key
  • native ChatGPT Codex does not replay prior Responses reasoning/message/function item IDs
  • custom Codex-compatible routes keep existing replay behavior
• Why this is the smallest reliable guardrail:
  • the bug lives in request construction and transcript-to-Responses payload conversion, so unit tests can verify the exact payload shape without live Telegram or private backend access.

User-visible / Behavior Changes

Native openai-codex/* ChatGPT backend sessions should no longer send stale request/cache/replay state that can cause prior tool-call replies to reappear on unrelated later turns.

Diagram

N/A

Security Impact (required)

• New permissions/capabilities? No
• Secrets/tokens handling changed? No
• New/changed network calls? No
• Command/tool execution surface changed? No
• Data access scope changed? No

Repro + Verification

Environment

• OS: local Linux workspace
• Runtime/container: Node/pnpm repo checkout
• Model/provider: openai-codex/openai-codex-responses payload construction
• Integration/channel: Telegram issue path, unit-tested at transport boundary
• Relevant config: native ChatGPT Codex base URL https://chatgpt.com/backend-api

Steps

1. Build a native Codex Responses payload after a prior assistant tool-call turn.
2. Inspect request headers and Responses input items.
3. Compare native ChatGPT Codex behavior against custom Codex-compatible route behavior.

Expected

• native ChatGPT Codex uses turn-scoped request identity
• native ChatGPT Codex strips prompt_cache_key
• native ChatGPT Codex omits prior reasoning/message/function item IDs
• custom Codex-compatible routes preserve existing compatible behavior

Actual

Before this PR, native ChatGPT Codex preserved session-scoped request/cache/replay state.

Evidence

• Failing test/log before + passing after

Human Verification (required)

• Verified scenarios:
  • targeted transport policy regression
  • targeted native Codex payload sanitizer regression
  • targeted native/custom Codex replay-item regression
  • changed-file type/lint/check gate
• Edge cases checked:
  • payload-hook mutation
  • custom Codex-compatible base URL
  • prior reasoning item replay
  • prior function-call item ID replay
• What you did not verify:
  • live Telegram + ChatGPT Codex + lossless-claw end-to-end reproduction

AI Assistance

• AI-assisted PR; I reviewed the generated diff and understand the code path being changed.
• Testing level: targeted unit/regression tests plus changed-file checks.

Review Conversations

• I replied to or resolved every bot review conversation I addressed in this PR.
• I left unresolved only the conversations that still need reviewer or maintainer judgment.

Compatibility / Migration

• Backward compatible? Yes
• Config/env changes? No
• Migration needed? No

Risks and Mitigations

• Risk: native Codex backend might rely on some prior item replay for niche continuations.
  • Mitigation: scope suppression only to native ChatGPT Codex Responses; custom/proxy compatible routes retain existing replay behavior and tests lock that boundary.

[clawsweeper]

Codex review: needs maintainer review before merge.

Summary
The PR updates OpenAI Codex transport policy, Responses payload construction, tests, docs, and changelog to use turn-scoped native Codex request IDs, strip native prompt_cache_key, and suppress native Codex replay item IDs while preserving custom proxy behavior.

Reproducibility: yes. for the transport payload path: current main can be inspected to show session-scoped native Codex request IDs, prompt_cache_key, and prior Responses item IDs crossing turns. I did not establish a live Telegram plus ChatGPT Codex replay in this read-only review.

Next step before merge
No repair job is queued because the PR already contains the narrow implementation; the remaining action is maintainer review plus normal validation.

Security
Cleared: The diff changes transport headers, payload serialization, tests, docs, and changelog only; it adds no dependencies, workflow changes, permissions, lifecycle scripts, or secret-handling paths.

Review details

Best possible solution:

Land this transport-scoped fix after normal maintainer review and keep the linked bug report available for any remaining lossless-claw or live-channel validation.

Do we have a high-confidence way to reproduce the issue?

Yes for the transport payload path: current main can be inspected to show session-scoped native Codex request IDs, prompt_cache_key, and prior Responses item IDs crossing turns. I did not establish a live Telegram plus ChatGPT Codex replay in this read-only review.

Is this the best way to solve the issue?

Yes for the core transport portion: the PR changes only native ChatGPT Codex cache/replay identity while preserving custom Codex-compatible proxy behavior and adding focused regression coverage. Remaining lossless-claw reconciliation, if still needed, should stay a separate follow-up.

Acceptance criteria:

• pnpm test extensions/openai/transport-policy.test.ts src/agents/openai-transport-stream.test.ts -- --reporter=verbose
• pnpm check:changed

What I checked:

• Current main uses session-scoped request identity: On current main, native OpenAI-family session headers set x-client-request-id from the session id, and resolveOpenAITransportTurnState carries those headers into each stream turn without replacing it with the turn id. (extensions/openai/transport-policy.ts:61, ab032675ce09)
• Current main replays prior Responses item IDs: The Responses transcript converter currently replays stored reasoning signatures, assistant message IDs, and function-call item IDs for same-provider Responses/Codex assistant history. (src/agents/openai-transport-stream.ts:289, ab032675ce09)
• Current main still sends prompt_cache_key: The native Codex unsupported-params sanitizer omits prompt_cache_key, while buildOpenAIResponsesParams still sets it from options.sessionId when cache retention is enabled. (src/agents/openai-transport-stream.ts:980, ab032675ce09)
• PR diff is scoped and covered: The PR diff adds the native Codex turn-scoped request-id branch, strips prompt_cache_key, gates reasoning/message/function item replay for native Codex, and adds targeted regression tests plus docs/changelog coverage. (src/agents/openai-transport-stream.ts, cc76c2f0dd68)
• Related report gives concrete reproduction context: The linked bug report [Bug]: openai-codex Telegram session replays prior assistant reply to unrelated turns when the prior turn included a tool call (transport state-chaining + LCM glob) #76413 describes a Telegram openai-codex session that repeats a prior tool-call answer on an unrelated later turn, and identifies the same request identity, prompt cache key, and Responses replay fields as transport contributors.
• Relevant docs surface checked: The current transcript hygiene doc says OpenAI/Codex preserves replayable Responses reasoning item payloads, and the PR updates that provider matrix with the native ChatGPT Codex exception. Public docs: docs/reference/transcript-hygiene.md. (docs/reference/transcript-hygiene.md:117, ab032675ce09)

Likely related people:

• steipete: Recent commits and current blame show repeated maintenance of src/agents/openai-transport-stream.ts, including OpenAI reasoning, maxTokens, attribution, and Codex Responses payload behavior near this surface. (role: recent maintainer and adjacent owner; confidence: high; commits: 11e05e86a233, 399d7f61783f, bc21f500d4c1; files: src/agents/openai-transport-stream.ts, extensions/openai/transport-policy.ts)
• keshavbotagent: Commit 388019f changed the same OpenAI Codex Responses transport path to preserve Codex OAuth transport and scope native Codex payload sanitization to the ChatGPT backend. (role: adjacent Codex OAuth transport contributor; confidence: medium; commits: 388019f5b693; files: src/agents/openai-transport-stream.ts)
• obviyus: Commit 3624dda refactored the OpenAI base URL helpers that transport-policy.ts uses to distinguish native ChatGPT Codex routes from proxy routes. (role: adjacent OpenAI base-url helper maintainer; confidence: medium; commits: 3624dda67d70; files: extensions/openai/base-url.ts, extensions/openai/transport-policy.ts)

Remaining risk / open question:

• This read-only review did not live-test the private ChatGPT Codex backend or the Telegram end-to-end sequence.
• The linked bug report also calls out lossless-claw ignore-session-pattern behavior, which this PR intentionally leaves outside its transport boundary.

Codex review notes: model gpt-5.5, reasoning high; reviewed against ab032675ce09.

[MkDev11]

@clawsweeper

[steipete]

Landed via rebase onto main.

• Gate: exact-head GitHub CI for ee7e7f690b75c6309caf1eb87b04bcc9796611c1 completed with no failures; local targeted proof: pnpm test src/agents/openai-transport-stream.test.ts extensions/openai/transport-policy.test.ts and git diff --check.
• Source head: ee7e7f6
• Landed commits: 27e467a, 15d3fd8, 29eb47e

Thanks @MkDev11!