fix(status): restore Codex synthetic usage line

[brokemac79]

Summary

Fixes #91694.

• Restores the /status provider-usage line for OpenAI/Codex sessions running on the Codex runtime, including the visible Usage: 5h ... Week ... windows that existed in the previous release.
• Routes OpenAI/Codex synthetic usage reads through the Codex provider hook with the existing codex-app-server marker and the default Codex auth bridge, so live OAuth/CLI auth can be used without hard-coding any profile id.
• Covers both OAuth-labeled Codex sessions and no-local-OpenAI-profile Codex sessions, and gives cold Codex app-server usage reads an 8s timeout.
• Addresses the ClawSweeper SDK-boundary rank-up: the Codex app-server rate-limit parser is plugin-local in extensions/codex/src/app-server/rate-limits.ts, not exported from openclaw/plugin-sdk/provider-usage, so this PR does not add or baseline a new public SDK contract.
• Keeps the change scoped to status/provider-usage paths; no changelog entry is included per CONTRIBUTING.md guidance for contributor PRs.

AI-assisted: prepared with Codex. The proof below was run on the reporter's live VPS OpenClaw host, which is where #91694 was found.

Linked context

Closes #91694.

Related: reporter requested live VPS proof instead of Crabbox/Testbox/Docker because the live VPS OpenClaw environment is where the regression was observed.

Real behavior proof (required for external PRs)

• Behavior or issue addressed: /status for an OpenAI/Codex session on the Codex runtime should visibly show the restored 5h and weekly usage windows.
• Real environment tested: Reporter live VPS OpenClaw host myvps (polymarket-mc), Linux 6.17.0-1011-oracle arm64, Node v22.22.0, pnpm 10.32.1, live OpenClaw config/Gateway from 2026.6.5-beta.6, patched source checkout /tmp/openclaw-91694-proof at PR head 5a0bdc4de39b7cde80b3eadb6c3647f64b8dc7a4. The proof used the reporter's live OpenAI/Codex auth profile with private details redacted; no profile id or account-specific value is committed in code.
• Exact steps or command run after this patch: Checked out PR head 5a0bdc4de39b7cde80b3eadb6c3647f64b8dc7a4 on the live VPS, loaded the live OpenClaw config/session store, registered the PR source Codex provider in-process, and rendered the live chat /status text for session agent:main:beta531-smoke-codex-runtime-after-plugin.
• Evidence after fix (screenshot, recording, terminal capture, console output, redacted runtime log, linked artifact, or copied live output): Redacted terminal transcript from the reporter live VPS:

$ ssh myvps "cd /tmp/openclaw-91694-proof && node --import tsx ./proof-render-live-status-source-provider.mjs"
session: agent:main:beta531-smoke-codex-runtime-after-plugin
--- live VPS OpenClaw chat /status render with PR source provider start ---
🦞 OpenClaw 2026.6.2 (ad5614c)
⏱️ Uptime: gateway 13s · system 43d 19h
🧠 Model: openai/gpt-5.5
🔄 Fallbacks: google/gemini-3.1-pro-preview
🧮 Tokens: 11k in / 32 out
🗄️ Cache: 77% hit · 38k cached, 0 new
📚 Context: 50k/272k (18%) · 🧹 Compactions: 0
📊 Usage: 5h 84% left ⏱3h 1m · Week 44% left ⏱1d 9h
🧵 Session: agent:main:beta531-smoke-codex-runtime-after-plugin • updated 9d ago
⚙️ Execution: direct · Runtime: OpenAI Codex · Think: off · Fast: off · Text: low · elevated
🔊 Voice: inbound · provider=microsoft · voice=en-GB-RyanNeural · limit=1500 · summary=on
🪢 Queue: steer (depth 0)
--- live VPS OpenClaw chat /status render with PR source provider end ---
Your OpenClaw config was written by version 2026.6.5-beta.6, but this command is running 2026.6.2.
Check: `openclaw --version`, `which openclaw`, and `openclaw gateway status --deep`.
If unexpected, update PATH so `openclaw` points to the version you want, or reinstall the Gateway service from that same OpenClaw install.
Config warnings:
- plugins.entries.codex: plugin codex: plugin requires plugin API >=2026.6.5-beta.6, but this host is 2026.6.2; skipping discovery
- plugins.entries.tokenjuice: plugin tokenjuice: plugin requires plugin API >=2026.6.5-beta.6, but this host is 2026.6.2; skipping discovery
- plugins.entries.active-memory: plugin disabled (disabled in config) but config is present

• Observed result after fix: The live VPS /status render now visibly includes 📊 Usage: 5h 84% left ... Week 44% left ... for Runtime: OpenAI Codex, matching the previous-release behavior shown in [Bug]: Codex/OpenAI usage line disappears from status after 2026.6.5-beta.6 #91694's before screenshot.
• What was not tested: No Telegram/Desktop screenshot was captured; this proof renders the same chat status text path from the live VPS config/session/auth state. No production model quota was consumed beyond reading rate-limit/status state.
• Proof limitations or environment constraints: The live VPS config/Gateway was from 2026.6.5-beta.6, while the source checkout reports 2026.6.2, so the proof command prints the version/config warnings shown above. The proof registers the PR source Codex provider in-process because the installed live plugin is pre-fix and skipped by the local source checkout; the status renderer, provider hook, live config/session store, and live auth bridge are still the patched code path and real VPS environment. Crabbox/Testbox/Docker were not used for the final proof because the reporter explicitly requested the live VPS as the bug source.
• Before evidence (optional but encouraged): [Bug]: Codex/OpenAI usage line disappears from status after 2026.6.5-beta.6 #91694's before screenshot showed the prior expected line, for example Usage: 5h ... Week ...; the regression removed that visible line after upgrading.

Tests and validation

Focused commands run after the final patch:

• Reporter live VPS (/tmp/openclaw-91694-proof, head 5a0bdc4de39b7cde80b3eadb6c3647f64b8dc7a4): ssh myvps "cd /tmp/openclaw-91694-proof && node --import tsx ./proof-render-live-status-source-provider.mjs" -> passed and copied above with visible Usage: output.
• Reporter live VPS: env CI=1 NODE_OPTIONS=--max-old-space-size=4096 OPENCLAW_TEST_PROJECTS_PARALLEL=4 OPENCLAW_VITEST_MAX_WORKERS=1 OPENCLAW_VITEST_NO_OUTPUT_TIMEOUT_MS=900000 node scripts/run-vitest.mjs src/infra/provider-usage.auth.plugin.test.ts src/infra/provider-usage.load.plugin.test.ts extensions/codex/provider.test.ts extensions/codex/src/app-server/rate-limits.test.ts src/auto-reply/reply/commands-status.test.ts -> passed, 3 Vitest shards, 67 tests.
• Reporter live VPS: node scripts/run-tsgo.mjs -p tsconfig.core.json --noEmit --incremental false -> passed.
• Reporter live VPS: node scripts/run-tsgo.mjs -p tsconfig.extensions.json --noEmit --incremental false -> passed.
• Reporter live VPS: git diff --check -> passed.
• Local Windows: node scripts/run-vitest.mjs extensions/codex/provider.test.ts -> passed, 18 tests.
• Local Windows: node scripts/run-vitest.mjs extensions/codex/src/app-server/rate-limits.test.ts -> passed, 14 tests.
• Local Windows: node scripts/run-vitest.mjs src/infra/provider-usage.auth.plugin.test.ts src/infra/provider-usage.load.plugin.test.ts -> passed, 10 tests.
• Local Windows: node node_modules\vitest\vitest.mjs run src/auto-reply/reply/commands-status.test.ts -t "loads Codex synthetic usage" --config test\vitest\vitest.auto-reply.config.ts --reporter=verbose -> passed, 1 targeted status regression test.
• Local Windows: node scripts/run-tsgo.mjs -p tsconfig.core.json --noEmit --incremental false -> passed.
• Local Windows: node scripts/run-tsgo.mjs -p tsconfig.extensions.json --noEmit --incremental false -> passed.
• Local Windows: git diff --check -> passed.

Regression coverage added or updated:

• src/auto-reply/reply/commands-status.test.ts: covers Codex synthetic usage rendering for OpenAI/Codex sessions with OAuth labels and with no local OpenAI profile.
• src/infra/provider-usage.auth.plugin.test.ts: covers synthetic Codex auth fallback for OpenAI usage.
• src/infra/provider-usage.load.plugin.test.ts: covers routing an OpenAI usage request through the Codex provider hook while preserving OpenAI provider context.
• extensions/codex/provider.test.ts: covers default Codex auth-bridge rate-limit reads, without forcing or committing any authProfileId.
• extensions/codex/src/app-server/rate-limits.test.ts: covers plugin-local Codex app-server rate-limit payload parsing.

Risk checklist

Did user-visible behavior change? Yes.

Did config, environment, or migration behavior change? No.

Did security, auth, secrets, network, or tool execution behavior change? Yes, narrowly: status can read Codex app-server rate-limit data through the existing Codex provider hook when OpenAI/Codex synthetic auth is active.

Highest-risk area: provider-usage auth routing between OpenAI status context and Codex hook execution.

Risk mitigation: focused tests cover auth fallback, hook routing, Codex payload parsing, provider hook integration, default auth-bridge behavior, and /status rendering; live VPS proof exercised the reporter's active OpenClaw config/session/auth state and visibly restored the 5h and weekly usage line.

Current review state

Next action: maintainer review after the current CI pass completes.

Still waiting on: maintainer acceptance for the OpenAI-to-Codex synthetic usage auth routing that ClawSweeper flagged as the remaining human review point.

CI note: d670f9c was an empty commit pushed only to retrigger the infra-failed OpenGrep check. The latest head $head adds test-only mock typing fixes after CI check-test-types found two test inference errors. Runtime code and live VPS behavior proof remain from 5a0bdc4; subsequent commits do not change runtime behavior.

Bot/reviewer comments addressed:

• ClawSweeper re-review completed for 5a0bdc4: proof is sufficient, result is ready for maintainer review, and status: 👀 ready for maintainer look / proof: sufficient labels were applied.
• ClawSweeper proof blocker addressed: this PR body includes redacted, unellipsized live VPS /status output with the restored Usage: line visibly present.
• ClawSweeper SDK-boundary rank-up addressed: the Codex app-server parser is plugin-local in extensions/codex/src/app-server/rate-limits.ts; no new public Plugin SDK parser or SDK contract is introduced.
• Real behavior proof format updated to match CONTRIBUTING.md and .github/pull_request_template.md, with live VPS proof from the environment where [Bug]: Codex/OpenAI usage line disappears from status after 2026.6.5-beta.6 #91694 was found.

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed June 9, 2026, 12:00 PM ET / 16:00 UTC.

Summary
The PR routes OpenAI/Codex status usage through the Codex provider hook, adds a plugin-local Codex app-server rate-limit usage parser, and expands status/provider-usage regression tests.

PR surface: Source +195, Tests +268. Total +463 across 10 files.

Reproducibility: yes. The linked report gives a concrete live VPS before/after path, and current main source shows OpenAI usage depends on an OAuth/token auth label that the no-local-profile Codex app-server case lacks.

Review metrics: 2 noteworthy metrics.

• Provider-usage route: 1 cross-provider route added. OpenAI usage can now be fetched through the Codex hook, which is the core merge-risk decision.
• Public Plugin SDK exports: 0 added. The Codex app-server parser stays plugin-local, so the previous SDK-boundary concern appears addressed.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🦞 diamond lobster
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• [P2] Have a maintainer explicitly accept or reject the OpenAI-to-Codex synthetic usage routing before merge.
• [P2] Optionally add a Telegram Desktop /status proof if maintainers want native transport evidence.

Mantis proof suggestion
A native Telegram /status recording would show the visible chat surface that originally regressed, beyond the shared terminal status text proof. A maintainer can ask Mantis to capture proof by posting a new PR comment that starts with the OpenClaw Mantis account mention, followed by:

telegram desktop proof: verify Telegram /status for an OpenAI/Codex session includes the 5h and Week Usage line.

Risk before merge

• [P1] Merging intentionally lets an OpenAI usage summary execute the Codex provider hook with the synthetic codex-app-server marker; maintainers should explicitly accept that auth-provider boundary.
• [P1] The proof covers the shared status text path on the reporter's live VPS, but it does not include a native Telegram Desktop transcript for the reporter-visible Telegram /status surface.

Maintainer options:

1. Accept Codex-owned OpenAI usage routing (recommended)
   Maintainers can land after explicitly accepting that Codex-runtime OpenAI sessions report usage through the Codex plugin/app-server auth bridge instead of a local OpenAI profile.
2. Request native Telegram proof first
   Maintainers can ask for a short Telegram Desktop /status proof if they want transport-visible evidence before accepting the shared status-text proof.
3. Pause for a different provider contract
   If maintainers do not want OpenAI usage contexts to call Codex hooks, pause this PR and replace it with a more explicit provider-usage contract.

Next step before merge

• [P2] The remaining action is maintainer acceptance of compatibility-sensitive auth-provider routing, not a narrow automatable code repair.

Security
Cleared: No concrete security or supply-chain issue was found; the diff adds a bounded Codex app-server rate-limit read and does not add dependencies, workflows, or new secret storage.

Review details

Best possible solution:

Land this only after maintainer acceptance of the OpenAI-to-Codex synthetic usage routing, keeping the rate-limit parser plugin-local and avoiding any new public SDK surface.

Do we have a high-confidence way to reproduce the issue?

Yes. The linked report gives a concrete live VPS before/after path, and current main source shows OpenAI usage depends on an OAuth/token auth label that the no-local-profile Codex app-server case lacks.

Is this the best way to solve the issue?

Yes, with maintainer acceptance. Keeping the Codex rate-limit fetch and parser inside the Codex plugin is the right owner boundary; the only open question is whether maintainers accept the OpenAI usage context calling the Codex hook.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 86bab9699d0d.

Label changes

Label justifications:

• P2: This fixes a real status/usage visibility regression with limited runtime blast radius, but the model still runs.
• merge-risk: 🚨 compatibility: The PR changes provider-usage behavior for existing OpenAI/Codex setups during upgrade by restoring usage through a new cross-provider route.
• merge-risk: 🚨 auth-provider: The diff deliberately routes OpenAI usage reads through the Codex provider hook and Codex app-server auth bridge.
• rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🦞 diamond lobster and patch quality is 🐚 platinum hermit.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (terminal): The PR body includes redacted live VPS terminal output from the reporter environment showing the restored after-fix Usage line in the shared chat status text path.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes redacted live VPS terminal output from the reporter environment showing the restored after-fix Usage line in the shared chat status text path.
• mantis: telegram-visible-proof: Mantis should capture Telegram visible proof. The restored /status Usage line is visible in Telegram, so a short Telegram Desktop proof would materially demonstrate the reporter-facing surface.

Evidence reviewed

PR surface:

Source +195, Tests +268. Total +463 across 10 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	5	201	6	+195
Tests	5	268	0	+268
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	10	469	6	+463

What I checked:

• Repository policy applied: Root AGENTS.md and relevant scoped extension/plugin/provider guidance were read; this review applied the explicit Codex dependency-source gate and the compatibility-sensitive provider-routing policy. (AGENTS.md:8, 86bab9699d0d)
• Current-main source of regression: Current main only loads OpenAI usage when the status auth label resolves as OAuth/token, so a Codex app-server synthetic route with no local OpenAI profile can suppress the Usage line. (src/status/status-text.ts:325, 86bab9699d0d)
• Status fix path: The PR detects Codex runtime usage, treats it as token-backed for usage lookup, extends the timeout to 8s, passes config/workspace context, and supplies an explicit OpenAI auth object with hookProvider codex. (src/status/status-text.ts:342, 8b157997e863)
• Provider-usage hook routing: The PR adds a synthetic OpenAI usage auth result with token codex-app-server and hookProvider codex, while the loader preserves OpenAI context but resolves the plugin hook through Codex. (src/infra/provider-usage.load.ts:57, 8b157997e863)
• Codex plugin-local usage reader: The Codex plugin now accepts only the codex-app-server marker, calls account/rateLimits/read through an isolated app-server client, and converts the payload with a plugin-local parser rather than adding a public SDK parser. (extensions/codex/provider.ts:118, 8b157997e863)
• Codex payload parser: The new parser selects the Codex bucket from rateLimitsByLimitId/rate_limits_by_limit_id payloads, formats 5h/Week-style windows, clamps percentages, and preserves plan/credit display metadata. (extensions/codex/src/app-server/rate-limits.ts:192, 8b157997e863)

Likely related people:

• vincentkoc: Current-main blame in this checkout attributes the status/provider-usage/Codex integration files to Vincent Koc, and the PR timeline shows vincentkoc assigned for review. (role: recent area contributor and assigned reviewer signal; confidence: medium; commits: 5f13d0c81780, 2e08f0f4221f; files: src/status/status-text.ts, src/infra/provider-usage.auth.ts, extensions/codex/provider.ts)
• Peter Steinberger: History shows Peter authored the provider usage runtime hooks and the original Codex app-server harness extension that this PR composes with. (role: introduced adjacent provider/Codex runtime surfaces; confidence: high; commits: e7555724af15, dd26e8c44d4e; files: src/plugins/provider-runtime.ts, src/plugins/types.ts, extensions/codex/provider.ts)
• Eva H: History shows an adjacent Codex provider catalog/auth marker fix, relevant to the synthetic codex-app-server marker path. (role: adjacent Codex provider contributor; confidence: medium; commits: 49d99c750014; files: extensions/codex/provider.ts, extensions/codex/provider-discovery.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[brokemac79]

@clawsweeper re-review

Addressed the review findings at head ad5614c5978d793bce04108e5a8049c928a1b874:

• Moved buildCodexAppServerUsageSnapshot out of openclaw/plugin-sdk/provider-usage and into the Codex app-server rate-limit module, so the Codex app-server parser is no longer new public Plugin SDK API.
• Refreshed the PR body with required Real behavior proof format and live reporter VPS proof from myvps / polymarket-mc, the environment where [Bug]: Codex/OpenAI usage line disappears from status after 2026.6.5-beta.6 #91694 was found.
• Re-ran focused provider-usage, Codex provider/rate-limit, full auto-reply status, core tsgo, extensions tsgo, and git diff --check on that VPS at the exact head SHA.

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27213498463
• Updated: 2026-06-09T14:41:41.839Z

[brokemac79]

@clawsweeper re-review

PR body is now updated directly with:

• Real behavior proof in the template/CONTRIBUTING.md format.
• Reporter live VPS OC proof from myvps / polymarket-mc, the environment where [Bug]: Codex/OpenAI usage line disappears from status after 2026.6.5-beta.6 #91694 was found.
• Explicit ClawSweeper rank-up response: the Codex app-server parser is plugin-local in extensions/codex/src/app-server/rate-limits.ts and is no longer exported from openclaw/plugin-sdk/provider-usage, so there is no new public SDK contract to document or baseline.

Please re-review head ad5614c5978d793bce04108e5a8049c928a1b874 using the updated PR body.

[clawsweeper]

🦞👀
ClawSweeper picked this up.

Command router queued. I will update this comment with the next step.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27212264450
• Updated: 2026-06-09T14:23:03.429Z

[brokemac79]

@clawsweeper re-review

Updated the PR body directly at head 5a0bdc4de39b7cde80b3eadb6c3647f64b8dc7a4 with the redacted live VPS OpenClaw /status transcript from the reporter host where #91694 was found. The body now visibly includes the restored line:

📊 Usage: 5h 84% left ⏱3h 1m · Week 44% left ⏱1d 9h

Also preserved the SDK-boundary response from the rank-up move: the Codex app-server parser is plugin-local in extensions/codex/src/app-server/rate-limits.ts, so this PR does not add or baseline a new public SDK contract. The repository real-behavior proof policy script passes against the updated body.

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27215415691
• Updated: 2026-06-09T15:11:00.986Z

[vincentkoc]

Maintainer verification before landing:

• Pushed maintainer fixes to the PR branch at d71b028ec0bb50515b5b20139d61b2ea0333d0b9.
• Autoreview: .agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main -> clean, no accepted/actionable findings.
• Focused verification: node scripts/run-vitest.mjs extensions/codex/provider.test.ts extensions/codex/src/app-server/rate-limits.test.ts src/auto-reply/reply/commands-status.test.ts src/infra/provider-usage.auth.plugin.test.ts src/infra/provider-usage.load.plugin.test.ts -> 3 shards passed, 71 tests.
• Whitespace: git diff --check -> clean.
• Codex contract checked against openai/codex: codex-rs/app-server-protocol/src/protocol/v2/account.rs, codex-rs/app-server/src/request_processors/account_processor.rs, codex-rs/app-server/tests/suite/v2/rate_limits.rs, codex-rs/tui/src/app_server_session.rs, and codex-rs/tui/src/status/rate_limits.rs.
• GitHub reports mergeable=MERGEABLE, mergeStateStatus=CLEAN, and no required checks for the refreshed PR branch.

Known proof gap: pnpm check:changed / Testbox was not runnable from this shell because pnpm, corepack, blacksmith, and crabbox are not available on PATH here; the focused repo wrapper tests above covered the touched Codex/status/usage surfaces.