fix(auth): harden Codex auth probes

[nxmxbbd]

Summary

What problem does this PR solve?

• Makes models status --probe --probe-provider openai-codex --probe-profile <id> run as a raw OpenClaw model probe with the selected OAuth profile instead of inheriting the normal Codex harness/session path.
• Ensures native Codex Responses probe payloads still send non-empty instructions when raw probe mode suppresses the normal system prompt.
• Keeps the change narrow: no stream-resolution changes, no config/schema changes, no generated output.

Why does this matter now?

The auth probe is meant to answer whether a selected profile can complete a minimal model round-trip. If the probe runs through the normal session harness or sends an empty native Responses instruction field, it can fail or exercise a different path than the status command is trying to validate.

What is the intended outcome?

A selected openai-codex OAuth profile can be probed through the built-in OpenClaw model-run path, while native Codex Responses receives a small default instruction only when the raw probe would otherwise produce no instructions.

What is intentionally out of scope?

• Existing session continuation and stream-resolution ownership.
• General provider discovery or credential-store migration behavior.
• Non-native/custom Codex-compatible Responses backends.

What does success look like?

The CLI probe reports status: "ok" for the selected profile, focused regression tests cover the call shape and payload fallback, and existing stream-resolution tests continue to pass.

What should reviewers focus on?

The runtime/auth fields passed by the probe (agentHarnessRuntimeOverride, modelRun, authProfileId) and the native-only scoping of the default instructions fallback.

Linked context

Which issue does this close?

Does not close an issue.

Which issues, PRs, or discussions are related?

Related #75272. This branch is a current-main narrow implementation for the auth-probe path and intentionally avoids changing stream resolution.

Was this requested by a maintainer or owner?

No maintainer request.

Real behavior proof (required for external PRs)

• Behavior or issue addressed:

models status --probe for a selected openai-codex OAuth profile should exercise a raw OpenClaw model-run probe and complete a minimal round-trip.

• Real environment tested:

Local synthetic-current-main checkout: this patch applied cleanly on top of upstream/main bd6a404aa32357c21d6588a35b18e1034fe4b610 at proof time, using an existing local OAuth profile and a minimal config file at /tmp/openclaw-empty-config.json to avoid unrelated legacy config fields. Final pre-push fetch later moved upstream/main to 05f357b13bb348f408b9a13a84e675ffe5dbd38f; the branch still had zero touched-file overlap with base changes and git merge-tree --write-tree upstream/main HEAD was clean.

• Exact steps or command run after this patch:

OPENCLAW_CONFIG_PATH=/tmp/openclaw-empty-config.json \
  node --import tsx src/entry.ts models status \
    --agent main \
    --probe \
    --probe-provider openai-codex \
    --probe-profile openai-codex:default \
    --probe-timeout 90000 \
    --probe-max-tokens 16 \
    --json

• Evidence after fix (screenshot, recording, terminal capture, console output, redacted runtime log, linked artifact, or copied live output):

Terminal capture from the synthetic-current-main checkout, copied live output with secrets redacted and only the public-safe probe result included:

exit 0
duration_s 88.61
stdout_bytes 6802
stderr_bytes 77
stdout_prefix_lines ['[agents/auth-profiles] using external OAuth credential after refresh [REDACTED]']
probe_summary.results[0]:
{
  "provider": "openai-codex",
  "model": "openai-codex/gpt-5.4",
  "profileId": "openai-codex:default",
  "label": "openai-codex:default",
  "source": "profile",
  "mode": "oauth",
  "status": "ok",
  "latencyMs": 12958
}
proof_ok True

• Observed result after fix:

The command exited 0 and the parsed probe result for openai-codex:default reported status: "ok" on a checkout with this patch applied to upstream/main at proof time. The later final pre-push fresh-base check found no touched-file overlap and a clean merge-tree against 05f357b13bb348f408b9a13a84e675ffe5dbd38f.

• What was not tested:

I did not test every provider profile combination, expired/invalid OAuth recovery, or hosted CI before opening. The real run used one local openai-codex:default OAuth profile.

• Proof limitations or environment constraints:

The local raw stdout also contained one auth-profile refresh warning before the JSON object, so the evidence above is the sanitized terminal summary and probe-result excerpt rather than the full raw status output. The warning was unrelated to this patch and the parsed probe result completed successfully.

• Before evidence (optional but encouraged):

Before the patch, focused RED checks showed the raw Codex Responses payload could have instructions === undefined, and the probe runner did not pass raw model-run/runtime override fields for the openai-codex probe path.

Tests and validation

Which commands did you run?

git diff --check -- src/commands/models/list.probe.ts src/commands/models/list.probe.test.ts src/agents/openai-transport-stream.ts src/agents/openai-transport-stream.test.ts
node_modules/.bin/oxfmt --check src/commands/models/list.probe.ts src/commands/models/list.probe.test.ts src/agents/openai-transport-stream.ts src/agents/openai-transport-stream.test.ts
node scripts/run-vitest.mjs src/commands/models/list.probe.test.ts src/agents/openai-transport-stream.test.ts src/agents/embedded-agent-runner/stream-resolution.test.ts --root /tmp/openclaw-codex-auth-probe-20260528135601
node scripts/run-vitest.mjs src/agents/harness/selection.test.ts src/agents/harness/runtime-plugin.test.ts --root /tmp/openclaw-codex-auth-probe-20260528135601

# Additional drift proof on upstream/main at proof time (bd6a404aa3) with this patch applied:
git apply --check /tmp/openclaw-codex-auth-probe-current-main.patch
git diff --check --cached -- src/commands/models/list.probe.ts src/commands/models/list.probe.test.ts src/agents/openai-transport-stream.ts src/agents/openai-transport-stream.test.ts
node_modules/.bin/oxfmt --check src/commands/models/list.probe.ts src/commands/models/list.probe.test.ts src/agents/openai-transport-stream.ts src/agents/openai-transport-stream.test.ts
node scripts/run-vitest.mjs src/commands/models/list.probe.test.ts src/agents/openai-transport-stream.test.ts src/agents/embedded-agent-runner/stream-resolution.test.ts --root /tmp/openclaw-codex-auth-probe-mergeproof-20260528150011
node scripts/run-vitest.mjs src/agents/harness/selection.test.ts src/agents/harness/runtime-plugin.test.ts --root /tmp/openclaw-codex-auth-probe-mergeproof-20260528150011

What regression coverage was added or updated?

• list.probe.test.ts now asserts the selected openai-codex profile is forwarded with raw OpenClaw model-run fields.
• openai-transport-stream.test.ts covers native fallback instructions and confirms custom/proxy Codex-compatible Responses backends are not changed.

What failed before this fix, if known?

The new focused checks failed before the production changes: the probe call lacked the raw model-run/runtime override fields, and the native raw Responses payload had no instructions.

If no test was added, why not?

Tests were added.

Risk checklist

Did user-visible behavior change? (Yes/No)

Yes, for models status --probe when probing selected openai-codex profiles.

Did config, environment, or migration behavior change? (Yes/No)

No.

Did security, auth, secrets, network, or tool execution behavior change? (Yes/No)

Yes, auth probe execution now pins the built-in runtime path and preserves the selected OAuth profile explicitly. It does not add new credential storage or logging.

What is the highest-risk area?

Accidentally changing normal Codex session stream ownership or applying the fallback instructions to custom/proxy backends.

How is that risk mitigated?

The patch does not touch stream-resolution.ts; existing stream-resolution tests still pass. The fallback instructions are gated by native backend detection, with a regression test proving custom/proxy backends still omit the fallback.

Current review state

What is the next action?

Maintainer review and CI after the PR is opened.

What is still waiting on author, maintainer, CI, or external proof?

No known author-side code blocker. CI has not run on this branch yet; local drift proof applied this patch to upstream/main at proof time and reran the focused checks plus real CLI probe. Final pre-push fresh-base check against 05f357b13bb348f408b9a13a84e675ffe5dbd38f had zero touched-file overlap and a clean merge-tree.

Which bot or reviewer comments were addressed?

No comments on this PR yet.

[clawsweeper]

Codex review: needs real behavior proof before merge. Reviewed May 28, 2026, 8:16 PM ET / 00:16 UTC.

Summary
The PR routes selected openai-codex auth probes through raw OpenClaw model-run mode, adds native Codex Responses fallback instructions, bootstraps OpenClaw-native Codex OAuth profile loading, and refreshes focused tests/prompt snapshots.

PR surface: Source +29, Tests +131. Total +160 across 11 files.

Reproducibility: yes. source-reproducible: current main builds the selected-profile probe without raw model-run/runtime override and can produce undefined native Codex Responses instructions when the raw probe has no system prompt. I did not run a live failing current-main probe in this read-only review.

Review metrics: 1 noteworthy metric.

• Auth-provider routing: 1 probe/runtime routing path changed. Selected openai-codex auth probes now force OpenClaw runtime/model-run behavior, so maintainers should notice the provider-auth decision before merge.

Merge readiness
Overall: 🦪 silver shellfish
Proof: 🦪 silver shellfish
Patch quality: 🐚 platinum hermit
Result: blocked until stronger real behavior proof is added.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• [P1] Add redacted current-head terminal/live output for head 784a68d showing the selected openai-codex OAuth probe exits 0 with status ok.
• [P1] Have a maintainer explicitly approve or verify the auth-provider routing change before merge.

Proof guidance:

• [P1] Needs stronger real behavior proof before merge: The PR body has redacted live output, but it is not tied to the latest head after later auth-overlay and snapshot commits, so current-head proof is still needed before merge. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Risk before merge

• [P1] Current-head real behavior proof is insufficient for head 784a68d after later runtime auth-overlay and prompt snapshot commits; before merge, reviewers need redacted terminal/live output for the selected openai-codex OAuth probe on the current head.
• [P1] The diff changes which runtime and OAuth profile path validates selected openai-codex probes and native Codex Responses auth bootstrap, so maintainers should explicitly own that auth-provider routing before merge.
• [P1] Focused tests and snapshot checks were listed in the PR body, but this read-only review did not rerun artifact-producing tests against the latest head.

Maintainer options:

1. Refresh current-head auth proof (recommended)
   Update the PR body with redacted terminal/live output proving head 784a68d runs the selected openai-codex OAuth probe successfully after the auth-overlay change.
2. Maintainer-owned verification
   A maintainer can accept the auth-routing risk by recording their own local or Crabbox proof and explicitly approving the OpenClaw-native Codex auth path before merge.

Next step before merge

• [P1] Manual review should verify current-head proof and own the auth-provider routing change; this review did not find a narrow automated code repair.

Security
Cleared: The diff changes OAuth profile routing for probes but adds no credential logging, storage format, dependency, workflow, or supply-chain change; no concrete security issue found.

Review details

Best possible solution:

Merge after current-head redacted live probe proof, maintainer approval of the auth-provider routing, and green focused tests plus prompt snapshot checks.

Do we have a high-confidence way to reproduce the issue?

Yes, source-reproducible: current main builds the selected-profile probe without raw model-run/runtime override and can produce undefined native Codex Responses instructions when the raw probe has no system prompt. I did not run a live failing current-main probe in this read-only review.

Is this the best way to solve the issue?

Yes, broadly: the PR uses a narrow runtime override plus native-only payload fallback and focused regression tests. The remaining blocker is proof and maintainer ownership of the auth-provider routing, not a clear alternative implementation.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against fc8b57e0cf12.

Label changes

Label justifications:

• P2: This is a normal-priority auth probe bug fix with limited blast radius but meaningful operator impact for validating Codex OAuth profiles.
• merge-risk: 🚨 auth-provider: The PR changes the runtime and profile-bootstrap path used to validate openai-codex OAuth probes.
• rating: 🦪 silver shellfish: Overall readiness is 🦪 silver shellfish; proof is 🦪 silver shellfish and patch quality is 🐚 platinum hermit.
• status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs stronger real behavior proof before merge: The PR body has redacted live output, but it is not tied to the latest head after later auth-overlay and snapshot commits, so current-head proof is still needed before merge. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Evidence reviewed

PR surface:

Source +29, Tests +131. Total +160 across 11 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	3	39	10	+29
Tests	8	170	39	+131
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	11	209	49	+160

What I checked:

• Repository policy applied: The root policy treats provider routing, auth/session state, fallbacks, and upgrade-sensitive behavior as merge risk even with green CI; scoped agent guidance also prefers focused helper tests for embedded-runner behavior. (AGENTS.md:17, fc8b57e0cf12)
• Current main probe path: Current main forwards the selected auth profile into runEmbeddedAgent but does not set raw model-run mode or force the OpenClaw runtime for openai-codex probes. (src/commands/models/list.probe.ts:513, fc8b57e0cf12)
• PR probe routing change: The PR head adds an openai-codex-only OpenClaw runtime override and sets modelRun: true for probe execution. (src/commands/models/list.probe.ts:525, 784a68d7d36f)
• PR native Codex payload fallback: The PR head adds a native-backend-only default instruction when Codex Responses instructions would otherwise be empty, while preserving undefined instructions for custom/proxy Codex-compatible backends in tests. (src/agents/openai-transport-stream.ts:1996, 784a68d7d36f)
• PR auth bootstrap change: The PR head also changes OpenClaw-native Codex Responses runs to load the openai-codex external auth provider scope before the auth store is built. (src/agents/embedded-agent-runner/run.ts:784, 784a68d7d36f)
• Current-head proof gap: The PR body includes useful redacted terminal output, but the recorded live probe is tied to earlier synthetic-main/base SHAs and does not identify head 784a68d after the later auth-overlay and snapshot commits. (784a68d7d36f)

Likely related people:

• vincentkoc: Current-main blame for the auth probe call shape, Codex Responses request shaping, and embedded-runner auth bootstrap region points to commit 6d90e00, though the checkout history is shallow. (role: current source area contributor; confidence: medium; commits: 6d90e00fa3; files: src/commands/models/list.probe.ts, src/agents/openai-transport-stream.ts, src/agents/embedded-agent-runner/run.ts)
• steipete: Recent PR-head commits add the auth-overlay preservation and prompt snapshot refreshes, and the PR is assigned to this person in the provided timeline. (role: recent branch and adjacent auth/probe contributor; confidence: high; commits: a794be30e1fe, e7a031004923, 54ee231280e1; files: src/agents/embedded-agent-runner/run.ts, test/fixtures/agents/prompt-snapshots/codex-runtime-happy-path/*)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[clawsweeper]

ClawSweeper PR egg: ✨ hatched 🌱 uncommon Sunspot Lint Imp. Rarity: 🌱 uncommon. Trait: stacks clean commits.

Details

Share on X: post this hatch
Copy: My PR egg hatched a 🌱 uncommon Sunspot Lint Imp in ClawSweeper.
Hatchability:

• Merged PRs are hatchable.
• Open PRs are hatchable when they are status: 👀 ready for maintainer look, status: 🚀 automerge armed, or labeled clawsweeper:automerge.
• Closed unmerged PRs are hatchable only when one of those hatchable labels is still present in the durable record.

About:

• Eggs appear after real-behavior proof passes. They are collectible flavor only.
• Review momentum changes the shell state: follow-up work warms it, re-review makes it wobble, and a clean final review lets it hatch.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.