[codex] Unify OpenAI auth provider picker

[steipete]

Summary

• Collapse OpenAI and OpenAI Codex setup choices into one visible OpenAI provider group.
• Keep ChatGPT/Codex browser/device login and OpenAI API key as method choices under that group, while preserving legacy OpenAI OAuth choices as manual-only compatibility choices.
• Make configure's skip/change-model path expose browse-on-demand and carry the selected model provider into the model allowlist picker, so Codex models get saved for /model.
• Preserve onboardingFeatured through provider wizard normalization for code-registered setup providers.

Real behavior proof

Behavior addressed: OpenAI configure no longer shows separate first-tier OpenAI and OpenAI Codex provider entries; Codex model selections are carried into the saved model allowlist.
Real environment tested: local OpenClaw checkout on macOS, rebased onto current main.
Exact steps or command run after this patch: node --input-type=module manifest probe for extensions/openai/openclaw.plugin.json; node scripts/run-vitest.mjs src/plugins/provider-validation.test.ts src/commands/configure.gateway-auth.prompt-auth-config.test.ts src/commands/model-picker.test.ts src/commands/auth-choice-options.test.ts extensions/openai/openai-codex-provider.test.ts extensions/openai/openai-provider.test.ts extensions/openai/openclaw.plugin.test.ts extensions/openai/setup-api.test.ts src/wizard/setup.test.ts; git diff --check.
Evidence after fix: terminal output from manifest probe showed the visible OpenAI choices after the patch:

OpenAI configure choices from bundled plugin manifest:
- manual-only: ChatGPT Login -> openai
- manual-only: ChatGPT Device Pairing -> openai-device-code
- featured featured: ChatGPT/Codex Browser Login -> openai-codex
- featured: ChatGPT/Codex Device Pairing -> openai-codex-device-code
- manual-only: OpenAI API Key Backup -> openai-codex-api-key
- featured featured: OpenAI API Key -> openai-api-key

Observed result after fix: the visible OpenAI setup surface is one featured OpenAI provider group with ChatGPT/Codex login/device pairing and OpenAI API key choices; legacy OpenAI OAuth choices remain manual-only compatibility routes. The rebased focused test lane also passed: 9 test files passed, 154 tests passed; git diff --check passed; codex-review was clean before PR creation.
What was not tested: live OAuth/browser login against OpenAI.

[clawsweeper]

Codex review: needs real behavior proof before merge.

Summary
The branch unifies OpenAI/OpenAI Codex configure choices under one OpenAI group, exposes browse-on-demand model selection in the skip path, preserves onboardingFeatured in provider wizard normalization, and updates tests/changelog.

Reproducibility: no. high-confidence interactive reproduction was run in this read-only review. Source inspection does show current main still has separate OpenAI/OpenAI Codex groups and the skip path does not enable browse-on-demand catalog selection.

Real behavior proof
Not applicable: The contributor proof gate is not applied because this PR carries the protected maintainer label and is draft; the body reports targeted tests but no live OAuth/browser proof.

Next step before merge
Draft maintainer-labeled PR with no narrow repair finding; maintainer should decide, undraft/update, and run normal gates.

Security
Cleared: No concrete security or supply-chain concern was found in the diff; it does not change workflows, install scripts, lockfiles, dependency sources, or secret storage logic.

Review details

Best possible solution:

Keep this PR open for maintainer review, undraft/update it when ready, and land the unified picker behavior only with the focused auth-choice/model-picker/provider-wizard tests green.

Do we have a high-confidence way to reproduce the issue?

No high-confidence interactive reproduction was run in this read-only review. Source inspection does show current main still has separate OpenAI/OpenAI Codex groups and the skip path does not enable browse-on-demand catalog selection.

Is this the best way to solve the issue?

Yes, the proposed direction appears maintainable: it keeps provider-specific choice IDs while changing wizard grouping metadata and scopes the model allowlist by selected provider. It still needs maintainer judgment because this is a visible OpenAI setup UX/policy change and the PR is draft.

What I checked:

• Live PR metadata: The GitHub API reports this PR as open, draft, unmerged, labeled maintainer, and mergeable_state: dirty at head 3bddda6e20bbdcb72e131dc25bf036983c76e69a. (3bddda6e20bb)
• PR diff scope: The diff changes OpenAI auth choice copy/manifest/setup providers, configure/model picker flows, provider wizard metadata, focused tests, and changelog; no workflow, install script, lockfile, or runtime dependency source is changed. (3bddda6e20bb)
• Current main still has separate OpenAI Codex group metadata: Current main defines OPENAI_CODEX_WIZARD_GROUP with groupId: "openai-codex" and groupLabel: "OpenAI Codex", so the branch's visible grouping behavior is not already on main. (extensions/openai/auth-choice-copy.ts:27, e22a7e45a40a)
• Current main skip path does not browse catalog on demand: The configure skip path currently calls promptDefaultModel with loadCatalog: false, which supports the PR's model-browse change as real current-main behavior rather than stale churn. (src/commands/configure.gateway-auth.ts:206, e22a7e45a40a)
• Current main browse-on-demand condition is provider-gated: promptDefaultModel currently requires a truthy preferredProvider before showing the browse-on-demand branch, matching the PR's targeted change for the skip path. (src/flows/model-picker.ts:611, e22a7e45a40a)
• Current provider wizard normalization drops onboardingFeatured: Current ProviderWizardOption and buildSetupOptionForMethod carry scopes, priority, and visibility, but not onboardingFeatured, which is the metadata propagation gap the PR addresses. (src/plugins/provider-wizard.ts:20, e22a7e45a40a)

Likely related people:

• steipete: Current source blame for the OpenAI auth copy/provider wizard surface points to Peter Steinberger, and GitHub path history shows repeated recent OpenAI/plugin validation work by this account; the PR also comes from the same current-main area owner signal, not only a one-off proposer. (role: recent area contributor; confidence: high; commits: 66f89540c2eb, e55ba1c33fa8, 827b0de0ce74; files: extensions/openai/auth-choice-copy.ts, extensions/openai/openai-codex-provider.ts, src/plugins/provider-wizard.ts)
• pashpashpash: GitHub path history for OpenAI Codex provider/configure surfaces includes major recent OpenAI-to-Codex routing and auth changes, including commit messages about routing OpenAI agents through Codex and rotating Codex auth profiles. (role: recent OpenAI Codex routing contributor; confidence: medium; commits: 1c3399010815, cc95d4dd28eb, c8f3fecad6fe; files: extensions/openai/openai-codex-provider.ts, src/commands/configure.gateway-auth.ts, src/flows/model-picker.ts)
• obviyus: GitHub path history for src/commands/configure.gateway-auth.ts includes recent configure and manifest model catalog picker fixes by this account, adjacent to the skip/change-model path touched here. (role: recent configure/model picker contributor; confidence: medium; commits: 1f9fafb28847, d8c4d7c3c10f, 17d05269f970; files: src/commands/configure.gateway-auth.ts, src/flows/model-picker.ts)
• shakkernerd: GitHub path history for configure/model picker surfaces includes recent provider-scoped model option and onboarding model prompt scoping fixes by this account. (role: recent model prompt and allowlist contributor; confidence: medium; commits: 8344fae38720, 26b203e573e3, c4e249114d96; files: src/commands/configure.gateway-auth.ts, src/flows/model-picker.ts)

Remaining risk / open question:

• The PR is still draft and reported as mergeable_state: dirty, so it needs maintainer branch/update handling before any merge decision.
• The PR body explicitly says live OAuth/browser login was not tested; the reviewed proof is targeted test output and source reasoning.

Codex review notes: model gpt-5.5, reasoning high; reviewed against e22a7e45a40a.

[steipete]

Landed via rebased PR branch onto current main.

• Gate: node scripts/run-vitest.mjs src/plugins/provider-validation.test.ts src/commands/configure.gateway-auth.prompt-auth-config.test.ts src/commands/model-picker.test.ts src/commands/auth-choice-options.test.ts extensions/openai/openai-codex-provider.test.ts extensions/openai/openai-provider.test.ts extensions/openai/openclaw.plugin.test.ts extensions/openai/setup-api.test.ts src/wizard/setup.test.ts (9 files, 154 tests); git diff --check; codex-review clean before PR creation.
• Real behavior proof: manifest probe showed one featured OpenAI setup group with ChatGPT/Codex browser login, device pairing, and OpenAI API key choices; legacy OpenAI OAuth choices stay manual-only.
• Land commit: f92fd41d912a99baea87d3981d38bd8d7228eb80
• Merge commit: 49e9382cc05a33d12a79cfbe9f00a6d31908f689