#Adding OpenAI Business account for backup models:

Goal: Add OpenAI Business account to OpenClaw so we can use cheaper models (gpt-4o-mini, gpt-4o) for:

CRON polling tasks (checking Beelancer every 20 minutes)
Background research
Sub-agent workers

Current setup:

3 agents (Jarvis/CLU/Cortana) using Anthropic (Opus/Sonnet/Haiku)
All configured with Claude setup-token (OAuth, no API keys)
Want to add OpenAI the same way (avoid API key management)

Questions:

Correct command to add OpenAI Business via OAuth?

bash openclaw models auth login --provider openai-codex
Is that right for Business accounts?

After auth, how do we configure specific tasks to use OpenAI models?

Can we set fallback models per agent?
Can we specify model per CRON job?

Do we need to configure anything in openclaw.json for model routing, or does the auth setup handle everything?

Use case: Want Jarvis to use Opus for strategy, but use gpt-4o-mini for simple polling tasks to save costs.

First thing: what’s your openclaw --version? The CLI flags around models/cron have changed a bit across releases, so I want to make sure we’re looking at the same command surface.

1) “OpenAI Business via OAuth” — two different things in OpenClaw

OpenClaw supports two OpenAI paths (docs: https://docs.openclaw.ai/providers/openai):

A) OpenAI Platform API (API key) → provider openai/*
This is what you’d typically use for models like gpt-4o(-mini). It requires an API key (usage-based billing).

B) OpenAI Code / Codex subscription OAuth (ChatGPT sign-in) → provider openai-codex/*
This is the OAuth flow you’re referring to. It’s subscription auth, but it’s for Codex cloud, and the model IDs are under openai-codex/... (not openai/...).

So:

• ✅ openclaw models auth login --provider openai-codex is the correct command for Codex OAuth.
• If your goal is specifically OpenAI Platform models (e.g. gpt-4o-mini), you’ll likely still need Option A (API key).

OAuth details: https://docs.openclaw.ai/concepts/oauth

2) Correct command for the OAuth flow

Yes (Codex OAuth):

openclaw models auth login --provider openai-codex

(or via wizard)

openclaw onboard --auth-choice openai-codex

Then verify credentials + expiry:

openclaw models status

Note: auth is per-agent (stored under each agent’s auth-profiles.json), so if Jarvis/CLU/Cortana are separate agents, you either:

• run the login once per agent, or
• copy the resulting auth-profiles.json into the other agents’ agentDirs (docs explain per-agent auth storage).

3) How to make specific tasks use OpenAI (and keep Jarvis on Opus)

You’ve got a few clean knobs (docs: https://docs.openclaw.ai/concepts/models):

Global default + fallbacks

• Set the default model:

openclaw models set <provider/model>

• Add fallbacks:

openclaw models fallbacks add <provider/model>

(Equivalent config keys are agents.defaults.model.primary + agents.defaults.model.fallbacks.)

Per-agent default model
In config, you can set a per-agent default via agents.list[].model (see multi-agent routing examples):
https://docs.openclaw.ai/concepts/multi-agent

Per-CRON-job model (best fit for “cheap polling”)
For your “check Beelancer every 20 minutes” use case: make it an isolated cron job and pin a cheaper model override per job (docs: https://docs.openclaw.ai/automation/cron-jobs):

openclaw cron add \
--name "Beelancer poll" \

--every "20m" \
--session isolated \
--message "Check Beelancer and report only if something changed." \
--model "<provider/model-or-alias>"

You can also bind the cron job to a specific agent (so Jarvis stays “strategy/Opus”, and a separate “poller” agent stays cheap), via the cron --agent ... option (same cron docs).

4) “Do we need anything in openclaw.json for routing?”

Usually:

• Auth: no secrets in openclaw.json for OAuth; the login stores them in the agent state dir.
• Routing/model selection: you do need to set which model to use (via openclaw models set, fallbacks, per-agent model, or per-cron --model).

One gotcha from the models doc: if you have a model allowlist configured (agents.defaults.models), you must add the new model there or you’ll get “Model … is not allowed”.

2026.2.6-3 version

If you paste:

1. openclaw --version
2. The output of openclaw models status (just the relevant bits showing providers/auth)

…I can tell you exactly whether you’re currently set up for openai-codex/* (OAuth), openai/* (API key), or both—and the cleanest way to wire Jarvis/CLU/Cortana + cron jobs the way you described.

2026.2.6-3 is new enough for all the knobs you want (per-cron --model, sub-agent model defaults, fallbacks, etc.).

1) OAuth command: yes — but it’s Codex OAuth, not “OpenAI Platform”

This is correct for OpenAI Codex / ChatGPT sign-in OAuth:

openclaw models auth login --provider openai-codex

Docs: https://docs.openclaw.ai/providers/openai and https://docs.openclaw.ai/concepts/oauth

Important nuance: that OAuth flow gives you access to openai-codex/* models (Codex subscription auth). It is not the same thing as OpenAI Platform API access (openai/*), which is what you typically use for gpt-4o / gpt-4o-mini.

So if the goal is specifically gpt-4o(-mini) for cheap polling/research, you’ll most likely still need OpenAI Platform API key auth (Option A in the OpenAI provider doc).

2) “Avoid API key management” for OpenAI Platform (practical answer)

OpenClaw can’t magically OAuth into OpenAI Platform billing today; the “no API key” path is the Codex subscription path.

If you still want OpenAI Platform models but don’t want to handle keys often, the low-friction setup is:

• put the key once in ~/.openclaw/.env (daemon-friendly), or
• run the wizard which stores it for daemon use:

openclaw onboard --auth-choice openai-api-key

(That’s still an API key, just “set once and forget”.)

3) Configure specific tasks to use OpenAI models

You’ve got 3 good mechanisms (docs: https://docs.openclaw.ai/concepts/models):

A) Per-CRON job model (recommended for polling)
Make the Beelancer poll an isolated cron job and pin the model there:

openclaw cron add \
  --name "Beelancer poll" \
  --every "20m" \
  --session isolated \
  --message "Check Beelancer. Only report if something changed; otherwise say 'no change'." \
  --model "<provider/model-or-alias>"

Cron docs: https://docs.openclaw.ai/automation/cron-jobs
(Using --session isolated avoids accidentally changing the shared “main session” model.)

B) Sub-agents default model (great for background research workers)
Set a cheaper default for sub-agents via config:

• agents.defaults.subagents.model (or per-agent override)

Sub-agent docs: https://docs.openclaw.ai/tools/subagents

C) Agent-level default + fallbacks

• Default model: agents.defaults.model.primary
• Fallbacks: agents.defaults.model.fallbacks

Failover behavior: https://docs.openclaw.ai/concepts/model-failover

4) Fallback models per agent? + model per cron?

• Model per cron job: yes (best practice: isolated jobs).
• Fallbacks: yes globally via agents.defaults.model.fallbacks.

If you want hard separation (Jarvis always “strategy/Opus”, poller always “cheap”), the cleanest pattern is a dedicated poller agent and bind cron jobs to that agent (--agent poller in cron add). That way Jarvis never flips models because of background chores.

5) “Do we need anything in openclaw.json for model routing?”

Auth login stores tokens/keys in the agent state dir, but you still need to select models (defaults / fallbacks / per-job overrides). Also: if you have an allowlist configured (agents.defaults.models), make sure the OpenAI model you want is included or OpenClaw will reject it as “not allowed”.

If you paste the output of:

openclaw models status

…I can tell you exactly what providers you currently have auth for (openai-codex vs openai) and the most direct next command(s) to get to “Jarvis=Opus, cron/subagents=cheap”.

Krill - Here's the output:
Version:
OpenClaw 2026.2.6-3 (85ed6c7)
Models status:
Config : ~/.openclaw/openclaw.json
Agent dir : ~/.openclaw/agents/main/agent
Default : anthropic/claude-opus-4-6
Fallbacks (0) : -
Image model : -
Image fallbacks (0): -
Aliases (0) : -
Configured models (0): all

Auth overview
Auth store : ~/.openclaw/agents/main/agent/auth-profiles.json
Shell env : off
Providers w/ OAuth/tokens (1): anthropic (1)

• anthropic effective=profiles:~/.openclaw/agents/main/agent/auth-profiles.json | profiles=1 (oauth=0, token=1, api_key=0) | anthropic:default=token:sk-ant-o...7Sp02AAA

OAuth/token status

• anthropic
  • anthropic:default static
    Current setup:

Main agent (Jarvis) using Anthropic token (Claude setup-token flow)
Two other agents (CLU/Cortana) in separate agent dirs with same auth setup
No OpenAI configured yet

Ready for the exact steps to add OpenAI Business via OAuth! 🦞

You’re set up cleanly right now (no model allowlist, Anthropic token present). The only missing piece is: which “OpenAI via OAuth” do you mean, because OpenClaw has exactly one OpenAI OAuth path today:

• OAuth (no API key) = OpenAI Codex / ChatGPT sign-in → provider openai-codex/*
• OpenAI Platform (gpt-4o, gpt-4o-mini, etc.) = provider openai/* → API key required (usage-based billing)

Docs: https://docs.openclaw.ai/providers/openai

A) Exact steps to add OpenAI via OAuth (Codex / ChatGPT sign-in)

Run this on the Gateway host (where ~/.openclaw/agents/... lives):

1. Start the OAuth login flow:

openclaw models auth login --provider openai-codex

2. Follow the prompt:

• It’ll try to open a browser + capture the callback locally.
• If you’re on a remote/headless box, it will ask you to paste the redirect URL / code.

3. Verify it landed in the auth store:

openclaw models status

Optional (live probe; real request, may consume tokens):

openclaw models status --probe-provider openai-codex

4. See which models you can actually select under that provider:

openclaw models list --all --provider openai-codex

(or in chat: /model list)

At that point, you can use those openai-codex/... models for cron/subagents.

B) Use OpenAI only for cron polling (keep Jarvis on Opus)

Do it as an isolated cron job and pin the model per job:

openclaw cron add \
  --name "Beelancer poll" \
  --every "20m" \
  --session isolated \
  --message "Check Beelancer. Only report if something changed; otherwise say 'no change'." \
  --model "openai-codex/<pick-from-models-list>"

Cron model override is documented here: https://docs.openclaw.ai/automation/cron-jobs

C) What about CLU/Cortana (separate agent dirs)?

Auth is per-agent dir. You have two options:

• Repeat the login per agent (preferred/clean): run the same command while targeting that agent (the exact flag surface varies a bit—quickest is openclaw models auth login --help and look for --agent <id> support, which models status definitely has).
• Or copy the resulting auth-profiles.json into the other agents’ agentDirs (works, but be careful not to clobber existing profiles).

Multi-agent auth storage: https://docs.openclaw.ai/concepts/multi-agent

D) If you specifically need gpt-4o / gpt-4o-mini

That’s the OpenAI Platform provider (openai/*) and requires an API key in OpenClaw (no OAuth equivalent there right now). Easiest “set once, forget” method:

openclaw onboard --auth-choice openai-api-key

Then:

openclaw models list --all --provider openai

…and you can pin cron/subagents to openai/<whatever-you-see-in-that-list>.

If you tell me which of these is your real target:

1. “No API keys, OK with Codex models” vs
2. “Need gpt-4o-mini/gpt-4o specifically”

…I’ll give you the exact recommended layout for Jarvis + cron + subagents (including where to set a default cheap model for sub-agents).

Going with Option A: OpenAI Codex OAuth (no API key).

I already pay for ChatGPT Business subscription - want to use that instead of usage-based billing.

Questions:

1. After running openclaw models auth login --provider openai-codex, which models will be available?
2. Will those Codex models be cheap enough for 20-minute polling tasks?
3. How do I set it up for all 3 agents (Jarvis/CLU/Cortana)?
4. Exact cron setup to use openai-codex models for Beelancer polling while keeping Jarvis on Opus for main work?

Ready to run the commands whenever you give the green light! 🦞

Yep — green light for Codex OAuth.

1) After openclaw models auth login --provider openai-codex, which models will be available?

You’ll get whatever the Gateway currently knows under the openai-codex/* provider (the exact list changes over time, so I don’t want to hardcode it).

Right after login, run:

openclaw models status
openclaw models list --all --provider openai-codex

That second command is the “source of truth” for what you can actually pick on your version/install.

(Provider doc: https://docs.openclaw.ai/providers/openai)

2) Are Codex OAuth models “cheap enough” for 20‑minute polling?

They’re “cheap” in the sense that you’re using subscription auth (no usage-based API key billing), but they’re still a real hosted model with:

• rate limits / quotas (you can still see 429s),
• and they can be “overkill” for a tiny poll.

For a 20‑minute poll, the practical way to keep it efficient is:

• choose the smallest/fastest openai-codex/* model you see in models list, and
• make the cron prompt extremely strict: only output something when there’s a change (see cron recipe below).

3) How to set it up for all 3 agents (Jarvis/CLU/Cortana)?

Auth profiles are per-agent-dir, so you need the login to land in each agent’s auth store.

Do the OAuth login once per agent by pointing the command at each agent dir (works even if the auth command itself doesn’t expose --agent):

# Jarvis (example agentId: jarvis)
OPENCLAW_AGENT_DIR=~/.openclaw/agents/jarvis/agent \

  openclaw models auth login --provider openai-codex

# CLU
OPENCLAW_AGENT_DIR=~/.openclaw/agents/clu/agent \
  openclaw models auth login --provider openai-codex

# Cortana
OPENCLAW_AGENT_DIR=~/.openclaw/agents/cortana/agent \
  openclaw models auth login --provider openai-codex

Verify each one:

openclaw models status --agent jarvis

openclaw models status --agent clu
openclaw models status --agent cortana

(Models CLI doc: https://docs.openclaw.ai/cli/models)

4) Exact cron setup: use openai-codex/* for Beelancer polling, keep Jarvis on Opus

Key points:

• Keep Jarvis default model = Opus (you already have that).
• Run the poll as isolated cron with a model override (so it doesn’t mutate Jarvis’s main session model).
• Use the “delivery suppression” trick: in announce mode, cron will not deliver “heartbeat-only” output. So we instruct the job: if no changes → reply exactly HEARTBEAT_OK and nothing else.

Steps:

1. Pick the codex model id after OAuth:

openclaw models list --all --provider openai-codex

2. Create the cron (replace <CODEX_MODEL_ID> with what you chose from the list):

openclaw cron add \
  --name "Beelancer poll" \
  --every "20m" \
  --session isolated \
  --agent jarvis \
  --model "openai-codex/<CODEX_MODEL_ID>" \
  --message "Poll Beelancer for updates since the last run. If there are NO changes, reply with exactly: HEARTBEAT_OK (and nothing else). If there ARE changes, reply with a short bullet list of what changed + any urgent actions." \
  --announce \
  --channel discord \
  --to "channel:1470196288678138070"

Notes:

• --agent jarvis ensures it runs under Jarvis’s workspace/tools, but still uses the cron’s --model override.
• The HEARTBEAT_OK suppression behavior is documented in the cron jobs doc (“Heartbeat-only responses … are not delivered”): https://docs.openclaw.ai/automation/cron-jobs
• If you’d rather bind polling to a dedicated “poller” agent instead of Jarvis, swap --agent jarvis to that agent id.

If you paste back:

• the output of openclaw models list --all --provider openai-codex (just the model IDs/names),
  I’ll tell you which one to pick for “fastest/cheapest polling” without guessing.

hey krill so i got this message back

Error: No provider plugins found. Install one via openclaw plugins install.

That error means your OpenClaw install currently has zero “provider auth” plugins loaded, so openclaw models auth login … has nothing to run (it’s a plugin-backed command).

Let’s diagnose in 2 commands (safe; no changes yet). Please paste the output:

openclaw plugins list
openclaw plugins doctor

What we’re looking for / likely fix

1. If you see a bundled Codex/OpenAI auth plugin in the list but it’s disabled
   Enable it, then retry the login:

openclaw plugins enable <that-plugin-id>
openclaw models auth login --provider openai-codex

2. If plugins list is basically empty (or no bundled plugins show up at all)
   Then your install is likely missing bundled extensions or plugins are disabled/allowlisted in config.

In that case, also paste the plugins section of ~/.openclaw/openclaw.json (if it exists). Specifically anything like:

• plugins: { enabled: false }
• plugins: { allow: [...] }

Docs for how plugins are discovered/enabled:
https://docs.openclaw.ai/cli/plugins and https://docs.openclaw.ai/tools/plugin

Once I see plugins list, I can tell you the exact openclaw plugins enable … line (no guessing plugin IDs).

question. I already have anthropic oauth setup so the other option besides the API key. Can't I literally just go through that same process and select OpenAI and then codex?

Not quite — what you did for Anthropic is not OAuth in the “browser login” sense. Your models status output shows:

• anthropic:default = token: sk-ant-... static

That’s the Claude setup-token flow (a pasted long-lived token), and it’s handled by core commands like:

• openclaw models auth setup-token --provider anthropic
• openclaw models auth paste-token --provider anthropic

OpenAI Codex is different: it’s a real OAuth PKCE browser flow, and in your build it’s implemented as a provider auth plugin. That’s why you’re seeing:

Error: No provider plugins found. Install one via openclaw plugins install

So even if you “go through the same process” (wizard vs direct command), you’ll hit the same wall until plugins are loading.

What to do next

1. Check whether plugins are disabled / blocked / missing:

openclaw plugins list
openclaw plugins doctor

2. Also check if your config is restricting plugins. Look in ~/.openclaw/openclaw.json for anything like:

• plugins: { enabled: false }
• plugins: { allow: [...] }

Paste the output of plugins list + plugins doctor (and if there’s a plugins block in config, paste that block), and I’ll tell you the exact openclaw plugins enable … / install … step to get the openai-codex provider auth flow working.

plugins list output: Shows 31 plugins total, only 2 loaded (memory-core, telegram). All OAuth provider plugins including OpenAI/Codex are showing as "disabled".
plugins doctor output: "No plugin issues detected"
Question: Do I need to explicitly enable the OpenAI Codex auth plugin? If so, which plugin ID is it?
I see these potentially relevant ones in the disabled list:

copilot-proxy - "OpenClaw Copilot Proxy provider plugin"
google-antigravity-auth
google-gemini-cli-auth

Which one handles OpenAI Codex OAuth, or do I need to install something separately?
🦞

@Krill - Plugin diagnostics complete:

openclaw plugins list:
31 total plugins, only 2 loaded (memory-core, telegram)
All OAuth provider plugins showing as "disabled"

openclaw plugins doctor:
"No plugin issues detected"

Available provider auth plugins (all disabled):

• copilot-proxy (OpenClaw Copilot Proxy provider plugin)
• google-antigravity-auth (OpenClaw Google Antigravity OAuth)
• google-gemini-cli-auth (OpenClaw Gemini CLI OAuth)
• minimax-portal-auth (OpenClaw MiniMax Portal OAuth)
• qwen-portal-auth

Question: Which plugin ID handles OpenAI Codex OAuth? Do I need to:

1. Enable an existing plugin?
2. Install a new plugin?
3. Something else?

I also asked Jarvis to research it - he's queued up now. 🦞

You didn’t do anything wrong — this is just a quirk of how the CLI is wired:

• openclaw models auth login … only works for provider-auth flows that come from loaded plugins (Gemini CLI, Antigravity, MiniMax portal, Qwen portal, etc.).
• OpenAI Codex OAuth is not shipped as a provider-auth plugin, so it won’t show up in plugins list, and models auth login --provider openai-codex will always fail with “No provider plugins found”.

So the answer to your “which plugin ID handles OpenAI Codex OAuth?” is: none. You don’t need to enable/install a plugin for Codex OAuth.

What to do instead (the supported path): run onboarding for Codex OAuth

Run the wizard and tell it you want OpenAI Codex (ChatGPT OAuth) auth:

openclaw onboard --auth-choice openai-codex --skip-channels --skip-skills --skip-health --skip-ui

What will happen:

• It will open a browser URL for the OAuth flow (or ask you to paste the redirect/code if you’re on a headless/remote box).
• It will write the resulting credentials into your agent auth store (~/.openclaw/agents/<agentId>/agent/auth-profiles.json).

Then verify:

openclaw models status
openclaw models list --all --provider openai-codex

If the wizard asks anything about changing your default model, pick “keep current” so Jarvis stays on anthropic/claude-opus-4-6.

Set it up for all 3 agents (Jarvis/CLU/Cortana)

Once Codex OAuth is successfully added to your main agent, the fastest way (since you said all 3 agents currently have the same Anthropic token setup anyway) is:

1. Find the agent dirs:

openclaw agents list --json

2. Backup + copy the auth store from the one you just authenticated (example paths):

cp ~/.openclaw/agents/main/agent/auth-profiles.json ~/.openclaw/agents/clu/agent/auth-profiles.json
cp ~/.openclaw/agents/main/agent/auth-profiles.json ~/.openclaw/agents/cortana/agent/auth-profiles.json

Then:

openclaw models status --agent clu
openclaw models status --agent cortana

(If your agent IDs/dirs differ, adjust the paths based on agents list --json.)

Cron: Beelancer poll on Codex, keep Jarvis on Opus

After models list --provider openai-codex, pick a Codex model (often openai-codex/gpt-5.2 is the common baseline), then:

openclaw cron add \
  --name "Beelancer poll" \
  --every "20m" \
  --session isolated \
  --agent main \
  --model "openai-codex/gpt-5.2" \
  --message "Poll Beelancer for updates since the last run. If there are NO changes, reply with exactly: HEARTBEAT_OK (and nothing else). If there ARE changes, reply with a short bullet list of what changed + any urgent actions." \
  --announce \
  --channel discord \
  --to "channel:1470196288678138070"

Using HEARTBEAT_OK is a nice trick here because cron announce delivery won’t forward “heartbeat-only” outputs, so you won’t get spam every 20 minutes.

If you paste the output of:

openclaw models list --all --provider openai-codex

…I’ll tell you which model in your list is the best fit for “cheap + fast polling” without guessing model names.

it Anthropic burst rate limit, so sending you the raw data:

openclaw plugins list shows:

• 31 plugins total, only 2 loaded (memory-core, telegram)
• All OAuth provider plugins showing as "disabled"
• No plugin with "openai" or "codex" in the name

Saw these auth plugins (all disabled):

• copilot-proxy (OpenClaw Copilot Proxy provider plugin)
• google-antigravity-auth
• google-gemini-cli-auth
• minimax-portal-auth
• qwen-portal-auth

Which plugin handles OpenAI Codex OAuth? Or do we need to install something?

No plugin handles it in your setup — that’s why you don’t see anything with “openai/codex” in openclaw plugins list.

What’s happening:

• openclaw models auth login … is plugin-provider auth only.
• The bundled provider-auth plugins you listed (Gemini CLI, Antigravity, MiniMax portal, Qwen portal, etc.) are the ones that make models auth login work.
• OpenAI Codex (ChatGPT OAuth) isn’t exposed as a provider-auth plugin, so it won’t appear there, and models auth login --provider openai-codex can’t run.

The supported way to do Codex OAuth right now: onboarding wizard (auth-only)

Run the wizard and choose the Codex OAuth path:

openclaw onboard --auth-choice openai-codex --skip-channels --skip-skills --skip-health --skip-ui

Notes:

• This does not reset anything unless you pass --reset.

• When it asks about changing your default model, choose Keep current (so Jarvis stays on Opus).

Then verify:

openclaw models status
openclaw models list --all --provider openai-codex

Getting it onto CLU + Cortana

Since auth is per-agent dir, the simplest workflow is:

1. Do the wizard once for your main agent (above).
2. Backup + copy the updated auth store to the other agent dirs (only if they’re meant to share credentials).

If you want, paste the paths from openclaw agents list --json (or just the agentDirs for Jarvis/CLU/Cortana) and I’ll give you the exact copy commands safely.

After that: cron polling on Codex, Jarvis stays Opus

Once openclaw models list --provider openai-codex shows the model IDs, you can pin the cron job to e.g. openai-codex/gpt-5.2 (or whatever you see listed) with an isolated job + model override (so it won’t touch Jarvis’ main session model).

If you paste the output of openclaw models list --all --provider openai-codex, I’ll point to the best “small/fast” Codex model in your list for the 20‑minute poll.

Krill - Model strategy for cost optimization:
Just completed OpenAI Codex OAuth setup! ✅
Current state:

All 3 agents (Jarvis/CLU/Cortana) on one OpenClaw gateway (2026.2.6-3)
Shared auth profiles at ~/.openclaw/agents/main/agent/auth-profiles.json
Both Anthropic (Opus/Sonnet/Haiku) and OpenAI Codex (gpt-5.1 through 5.3) working

Config situation:
jsonagents.defaults.model.primary = "openai-codex/gpt-5.3-codex"

But per-agent overrides:

• Jarvis: "anthropic/claude-opus-4-5"
• CLU: "anthropic/claude-sonnet-4-5" (+ Opus fallback)
• Cortana: "anthropic/claude-haiku-4-5"
  So they're all still using Anthropic despite Codex being the default.
  Goal: Use Codex for 90% of work (unlimited on ChatGPT Business), reserve Anthropic for critical/complex tasks.
  Plan:

Remove per-agent Anthropic overrides
Let all agents inherit openai-codex/gpt-5.3-codex default
Add Anthropic as fallbacks
Set up Beelancer polling cron on gpt-5.1-codex-mini (cheap/fast)
Use /model opus manually when needed for heavy reasoning

Questions:

Is this the right approach for cost optimization?
Should we keep any agent on Anthropic by default, or let them all use Codex?
Best practice for mixing providers - fallbacks vs manual switching?
Any gotchas with shared auth profiles across multiple agents?

Current auth shows both working:

anthropic:default - token auth
openai-codex:default - OAuth (10 days, 100% usage left)

Ready to implement once you confirm the strategy! 🦞

You’re very close, but I’d tweak the mental model a bit:

Cost strategy: Codex as primary is fine, but don’t rely on fallbacks for “critical tasks”

Setting agents.defaults.model.primary = openai-codex/... and using it for 90% of work is a good cost move if your Codex quota really covers it.

The gotcha: fallbacks are mainly for availability failures (rate limits/timeouts/auth/billing), not for “this task is hard, use a smarter model”. So “reserve Anthropic for critical/complex tasks” is best handled by either:

• keeping one dedicated Anthropic-by-default agent (a “deep work” agent), or
• manual switching per session with /model when you notice you’re in a high-stakes thread.

If you remove all per-agent Anthropic defaults, you’ll still be able to switch manually—but you lose the “always-high-quality” lane, and you’ll notice it exactly when you’re tired and the task is important.

Docs context: https://docs.openclaw.ai/concepts/models and failover behavior: https://docs.openclaw.ai/concepts/model-failover

Recommendation (practical best practice)

1) Keep two lanes

• Default lane (Codex): CLU + Cortana can absolutely inherit the Codex default.
• Deep lane (Anthropic): Keep Jarvis on Opus (or make a dedicated “Strategy” agent) so you always have a predictable “best effort” brain.

That gives you cost savings and a reliable escalation path.

2) Use fallbacks for resilience, not routing

Add Anthropic fallbacks behind Codex so if Codex OAuth hits a limit/outage, you still get answers. But don’t expect fallbacks to automatically kick in when a problem is “complex”.

3) Cron polling: pin it to the smallest Codex model + low thinking

Your plan to run Beelancer polling on a mini/fast Codex model is exactly right—just make sure you pick the exact model ID from:

openclaw models list --all --provider openai-codex

Then create an isolated cron job with a model override (so it never changes your main chat model). Also consider setting --thinking minimal/off for polling.

Cron docs (model overrides + isolated jobs): https://docs.openclaw.ai/automation/cron-jobs

Gotcha: “shared auth profiles across multiple agents”

Two different scenarios:

• Safe/normal: each agent has its own agentDir, and you copied the same auth-profiles.json contents into each one. That’s fine.
• Not safe: multiple agents pointing at the same agentDir (e.g. all using ~/.openclaw/agents/main/agent). The docs explicitly warn against reusing agentDir because it causes auth/session collisions.

Quick sanity check:

openclaw agents list --json

Confirm each agent has a distinct agentDir.

Bottom line

• Your “Codex for most work” direction is right.
• I’d keep at least one Anthropic-default agent for critical/complex threads.
• Use fallbacks for downtime/rate-limits, and manual switching / dedicated agent for quality escalation.
• Cron on “mini Codex” + isolated + low thinking is the right way to make polling cheap.