#Setting up openclaw with OpenAi Codex OAuth

Hello

Hey, what are you stuck on?

If you’re setting up OpenClaw with OpenAI Codex OAuth, send:

1. openclaw --version
2. what step you’re on
3. the exact error, if any

I’ll help you sort it out. 🦐

I’m super confused- I’ve set it up with GPT-5.4 OpenAI-codex but I’m typing in the chat on the openclaw control and it’s replying me with nothing just timestamp

Yeah, that’s not normal. If Control only shows a timestamp, the turn usually started but never produced a usable reply.

Please paste these in one message:

openclaw --version
openclaw status --all
openclaw models status
openclaw doctor

Then send one test prompt in Control and run:

openclaw logs --follow

The main things I’d check are:

1. Wrong model route
   For ChatGPT/Codex OAuth, it should be:

   openai-codex/gpt-5.4
   

   not openai/gpt-5.4.

2. Codex OAuth auth/refresh issue
   If models status shows trouble on openai-codex, re-login:

   openclaw models auth login --provider openai-codex
   

3. Old config overriding the built-in Codex route
   openclaw doctor will warn if you have stale models.providers.openai-codex transport overrides shadowing the normal OAuth path.

Docs:

• FAQ: https://docs.openclaw.ai/help/faq
• Troubleshooting: https://docs.openclaw.ai/gateway/troubleshooting
• OpenAI/Codex provider: https://docs.openclaw.ai/providers/openai

Paste the outputs and I’ll help you read them. 🦐

Where do I send this? In chat or terminal

Terminal 🙂

Run them on the machine where OpenClaw is installed, then paste the output here in this thread.

If openclaw isn’t in your PATH, use:

pnpm openclaw --version
pnpm openclaw status --all
pnpm openclaw models status
pnpm openclaw doctor
pnpm openclaw logs --follow

If you want, paste the first 3 commands first and I’ll tell you what they mean before you do the log step.

I pasted open claw logs follow

Perfect, now do this:

1. Keep openclaw logs --follow running in the terminal.
2. In the Control UI, send a test message like hello.
3. Copy the new log lines that appear after that and paste them here.

If nothing new appears, say that too, that’s useful.

The message gets queued

That’s useful, thanks. If it stays queued, the Control UI is reaching the gateway, but the agent turn is not actually getting picked up.

Please run these in the terminal and paste the output:

openclaw --version
openclaw status
openclaw gateway status

If it still shows queued after a few seconds, do this next:

openclaw gateway restart

Then try one more test message in Control.

If it still queues after restart, paste:

openclaw status --all

and I’ll narrow it down from there.

Docs: https://docs.openclaw.ai/help/faq • https://docs.openclaw.ai/gateway/troubleshooting

A lot of this stuff

required
gateway connect failed: GatewayClientRequestError: pairing required
09:36:56+00:00 warn gateway/ws {"subsystem":"gateway/ws"} {"cause":"pairing-required","handshake":"failed","durationMs":18,"lastFrameType":"req","lastFrameMethod":"connect","lastFrameId":"a54391dd-2943-4bd5-a7b3-51f51e79224c","host":"127.0.0.1:18789","remoteAddr":"127.0.0.1","remotePort":51407,"localAddr":"127.0.0.1","localPort":18789,"endpoint":"127.0.0.1:51407->127.0.0.1:18789","deviceId":"5154e97e9e38e60533ddae63ea82f433e24496ccb5029e7767c0a9a4e2b4592e","requestId":"be50e771-906f-4313-82a4-7b02375148d5","reason":"scope-upgrade"} closed before connect conn=5413865c-da88-4c04-8d11-85bdbbbbc4ac peer=127.0.0.1:51407->127.0.0.1:18789 remote=127.0.0.1 fwd=n/a origin=n/a host=127.0.0.1:18789 ua=n/a code=1008 reason=connect failed
09:36:57+00:00 warn gateway {"subsystem":"gateway"} security audit: device access upgrade requested reason=scope-upgrade device=5154e97e9e38e60533ddae63ea82f433e24496ccb5029e7767c0a9a4e2b4592e ip=unknown-ip auth=token roleFrom=operator roleTo=operator scopesFrom=operator.read scopesTo=operator.admin,operator.approvals,operator.pairing,operator.read,operator.talk.secrets,operator.write client=cli conn=6837b2b8-424f-48cb-9261-2becfa0e6871
09:36:57+00:00 error gateway connect failed: GatewayClientRequestError: pairing required
09:36:57+00:00 error gateway connect failed: GatewayClientRequestError: pairing required
gateway connect failed: GatewayClientRequestError: pairing required
09:36:57+00:00 warn gateway/ws {"subsystem":"gateway/ws"} {"cause":"pairing-required","handshake":"failed","durationMs":20,"lastFrameType":"req","lastFrameMethod":"connect","lastFrameId":"fe245928-6227-46b3-981a-0093dc49e46b","host":"127.0.0.1:18789","remoteAddr":"127.0.0.1","remotePort":51408,"localAddr":"127.0.0.1","localPort":18789,"endpoint":"127.0.0.1:

Yep, that’s the problem.

Your log shows a pairing scope upgrade. The client currently has only operator.read, but it’s trying to use write/admin scopes, so the gateway is blocking it.

Run this in the terminal:

openclaw devices list
openclaw devices approve <requestId>

Use the pending requestId from openclaw devices list, not necessarily the old one from the log, because it can get replaced.

Then:

1. refresh the Control UI
2. send another test message

Why I’m confident: this line is the giveaway:

reason":"scope-upgrade"
scopesFrom=operator.read
scopesTo=operator.admin,operator.approvals,operator.pairing,operator.read,operator.talk.secrets,operator.write

If devices approve says not found, run openclaw devices list again and approve the newest one.

Docs: https://docs.openclaw.ai/cli/devices • https://docs.openclaw.ai/web/control-ui

And it’s not letting me type in the terminal now

Yep, because openclaw logs --follow is still running and holding the terminal.

Press:

Ctrl + C

That stops the live log stream and gives you the prompt back.

Then run:

openclaw devices list
openclaw devices approve <requestId>

After that, refresh Control and try again.

openclaw devices list
openclaw devices approve <requestId>

What do I write in request id

<requestId> is just a placeholder, replace it with the real ID from openclaw devices list.

So do:

openclaw devices list

Look for the pending request, then copy its requestId.

It’ll look something like:

be50e771-906f-4313-82a4-7b02375148d5

Then run:

openclaw devices approve be50e771-906f-4313-82a4-7b02375148d5

If devices list shows a different/newer one, use that newer ID instead.

🦞 OpenClaw 2026.4.14 (323493f)
   If you can describe it, I can probably automate it—or at least make it funnier.

│
gateway connect failed: GatewayClientRequestError: pairing required
◇  
Direct scope access failed; using local fallback.
Pending (1)
┌────────────────────┬────────┬────────┬────────┬────────────┬────────┬────────┐
│ Request            │ Device │ Role   │ Scopes │ IP         │ Age    │ Flags  │
├────────────────────┼────────┼────────┼────────┼────────────┼────────┼────────┤
│ 76f89747-8256-     │ 5154e9 │ operat │ operat │            │ 3m ago │ repair │
│ 4934-bb45-         │ 7e9e38 │ or     │ or.    │            │        │        │
│ 65e7b093439b       │ e60533 │        │ admin, │            │        │        │
│                    │ ddae63 │        │ operat │            │        │        │
│                    │ ea82f4 │        │ or.    │            │        │        │
│                    │ 33e244 │        │ read,  │            │        │        │
│                    │ 96ccb5 │        │ operat │            │        │        │
│                    │ 029e77 │        │ or.    │            │        │        │
│                    │ 67c0a9 │        │ write, │            │        │        │
│                    │ a4e2b4 │        │ operat │            │        │        │
│                    │ 592e   │        │ or.    │            │        │        │

│                    │        │        │ approv │            │        │        │
│                    │        │        │ als,   │            │        │        │
│                    │        │        │ operat │            │        │        │
│                    │        │        │ or.    │            │        │        │
│                    │        │        │ pairin │            │        │        │
│                    │        │        │ g,     │            │        │        │
│                    │        │        │ operat │            │        │        │
│                    │        │        │ or.    │            │        │        │
│                    │        │        │ talk.  │            │        │        │
│                    │        │        │ secret │            │        │        │
│                    │        │        │ s      │            │        │        │
└────────────────────┴────────┴────────┴────────┴────────────┴────────┴────────┘
Paired (2)
┌────────────────┬────────────┬──────────────────────┬────────────┬────────────┐
│ Device         │ Roles      │ Scopes               │ Tokens     │ IP         │
├────────────────┼────────────┼──────────────────────┼────────────┼────────────┤
│ 03d81529040a8c │ operator   │ operator.admin,      │ operator   │            │
│ a63e24cffcab27 │            │ operator.read,       │            │            │
│ c3e93a175cae17 │            │ operator.write,      │            │            │
│ dfd53a0dec8853 │            │ operator.approvals,  │            │            │
│ e1c32948       │            │ operator.pairing     │            │            │
│ 5154e97e9e38e6 │ operator   │ operator.read        │ operator   │            │
│ 0533ddae63ea82 │            │                      │            │            │
│ f433e24496ccb5 │            │                      │            │            │
│ 029e7767c0a9a4 │            │                      │            │            │
L

Nice, that’s the one.

Run this exact command:

openclaw devices approve 76f89747-8256-4934-bb45-65e7b093439b

Then:

1. refresh the Control UI
2. send a test message again

If it still acts weird after approving, paste what the terminal says next.

That looks promising, approval probably worked.

You now have a paired device with the full scopes:

• operator.admin
• operator.read
• operator.write
• operator.approvals
• operator.pairing

Next, do this:

1. go back to the Control UI
2. hard refresh the page
3. send a test message

If it still gets stuck, run:

openclaw devices list

again and tell me whether a new Pending request appears. If yes, paste that part and I’ll help with the next step.

I restarted gateway now I have new error

⚠️ Agent failed before reply: No API key found for provider "openai". You are authenticated with OpenAI Codex OAuth. Use openai-codex/gpt-5.4 (OAuth) or set OPENAI_API_KEY to use openai/gpt-5.4. | No API key found for provider "openai". You are authenticated with OpenAI Codex OAuth. Use openai-codex/gpt-5.4 (OAuth) or set OPENAI_API_KEY to use openai/gpt-5.4.
Logs: openclaw logs --follow

Good, we found the real issue now.

You’re signed in with Codex OAuth, but the session is trying to use openai/gpt-5.4, which needs an OPENAI_API_KEY.

If you want to use your Codex OAuth login, switch to:

openai-codex/gpt-5.4

Easiest fix

Run this in the terminal:

openclaw config set agents.defaults.model.primary openai-codex/gpt-5.4
openclaw gateway restart

Then refresh Control and try again.

Important

If Control UI still shows openai/gpt-5.4 in the session model picker, change that session too, because a session override can beat the default.

If you want, after restart paste:

openclaw models status

and I’ll sanity-check it.

It says ever too many arguments for expected two arguments, but got three

Ah, run them as two separate commands, one at a time.

Use this exactly:

openclaw config set agents.defaults.model.primary "openai-codex/gpt-5.4"

then:

openclaw gateway restart

If you’re using pnpm, same thing:

pnpm openclaw config set agents.defaults.model.primary "openai-codex/gpt-5.4"
pnpm openclaw gateway restart

If it still errors, paste the exact command you typed, because I think it may have gotten combined into one line.

I did this

openclaw config set agents.defaults model.primary "openai-codex/gpt-5.4"

but still it says too many arguments for set

Yep, I see it, there’s an extra space in the key.

You typed:

openclaw config set agents.defaults model.primary "openai-codex/gpt-5.4"

It needs to be one key, with no space:

openclaw config set "agents.defaults.model.primary" "openai-codex/gpt-5.4"

Then run:

openclaw gateway restart

So the important fix is:

• wrong: agents.defaults model.primary
• right: agents.defaults.model.primary

You’re close 🙂

What exactly to copy paste

Copy paste these exactly, one at a time:

openclaw config set "agents.defaults.model.primary" "openai-codex/gpt-5.4"

then:

openclaw gateway restart

After that, refresh the Control UI and try a message again.

It said

🦞 OpenClaw 2026.4.14 (323493f)
   Welcome to the command line: where dreams compile and confidence segfaults.

Error: config set mode error: value/json mode requires <path> when batch mode is not used.
zsh: command not found: agents. defaults model primary
zsh: no such file or directory: openai-codex/gpt-5.4
soren@Mac ~ %

Got it, the shell split it up. Please do this as one single line:

openclaw config set 'agents.defaults.model.primary' 'openai-codex/gpt-5.4'

Then, on the next line, run:

openclaw gateway restart

Important:

• paste the first command as one line
• do not press Enter in the middle
• do not add spaces inside agents.defaults.model.primary

If it helps, type it manually instead of pasting from Discord, because the spacing got mangled.

soren@Mac ~ % openclaw config set
'agents.defaults.model.primary''openai-codex/gpt-5.4'

🦞 OpenClaw 2026.4.14 (323493f)
   Welcome to the command line: where dreams compile and confidence segfaults.

Error: config set mode error: value/json mode requires <path> when batch mode is not used.
zsh: no such file or directory: agents.defaults.model.primaryopenai-codex/gpt-5.4
soren@Mac ~ %

I see the problem, you hit Enter after openclaw config set.

Type this as one single line exactly:

openclaw config set agents.defaults.model.primary openai-codex/gpt-5.4

Then press Enter.

There should be:

• one space after set
• one space after primary

So it should not look like this:

openclaw config set

'agents.defaults.model.primary''openai-codex/gpt-5.4'

After that works, run:

openclaw gateway restart

You’re very close, the shell formatting is just being annoying.

It’s not working

Let’s stop fighting the terminal for a second.

Do it in the Control UI instead:

1. open the chat/session in Control
2. look for the model picker at the top of the chat
3. change it from openai/gpt-5.4 to openai-codex/gpt-5.4
4. start a new chat/session or retry the message

That should work right away if your Codex OAuth is set up.

If you don’t see openai-codex/gpt-5.4 in the picker, run this in terminal and paste the output:

openclaw models status

I think the terminal command itself is fine, Discord is just mangling the copy/paste.

I’ve set it to GPT-5.4 openai-codex in model and now it’s not replying me no error but my text is
Queued

Got it. If it just sits on Queued, the gateway got the message, but the run is not starting.

Try this first:

1. hard refresh the Control UI
2. start a brand new session/chat (don’t reuse the old stuck one)
3. send a tiny message like hello

If it still stays queued for more than ~10 seconds, do this in terminal:

openclaw status --all

and in a second terminal tab/window:

openclaw logs --follow

Then send one test message in Control and paste the new log lines that appear after that.

At this point the model is probably right, so we’re down to “why isn’t the run starting.”

Gateway last log line:
  2026-04-15T11:59:19.222+03:00 [errors] Long error truncated: <html>
    <head>
  … 18 lines omitted …
      <style global>body{font-family:Arial,Helvetica,sans-serif}.container{align-items:center;display:flex;flex
  2026-04-15T13:03:22.996+03:00 [agent/embedded] embedded run agent end: runId=0a944c7e-18eb-445c-ad56-f49928767ed1 isError=true model=gpt-5.4 provider=openai-codex error=<html>
    <head>
      <meta name="viewport" content="width=device-width, initial-scale=1" />
      <style global>body{font-family:Arial,Helvetica,sans-serif}.container{align-items:center;display:flex;flex-direction:column;gap:2rem;height:100%;justify-content:center;width:100%}@keyframes enlarge-appear{0%{opacity:0;transform:scale(75%) rotate(-90deg)}to{opacity:1;transform:scale(100%) rotate(0deg)}}.lo… rawError=<html> <head> <meta name="viewport" content="width=device-width, initial-scale=1" /> <style global>body{font-family:Arial,Helvetica,sans-serif}.container{align-items:center;display:flex;flex-direction…
  2026-04-15T13:03:23.014+03:00 [errors] Long error truncated: <html>
    <head>
      <meta name="viewport" content="width=device-width, initial-scale=1" />
      <style global>body{font-family:Arial,Helvetica,sans-serif}.container{align-items:center;display:flex;flex
  2026-04-15T13:03:23.032+03:00 [errors] Long error truncated: <html>
    <head>
      <meta name="viewport" content="width=device-width, initial-scale=1" />
      <style global>body{font-family:Arial,Helvetica,sans-serif}.container{align-items:center;display:flex;flex
  2026-04-15T13:03:33.213+03:00 [agent/embedded] embedded run agent end: runId=540a1f06-b987-49c9-96b1-01f46b1cc5bc isError=true model=gpt-5.4 provider=openai-codex error=⚠️ API rate limit reached. Please try again later. rawError=<html> <head> <meta name="viewport" content="width=device-width, l

Okay, we found the real root cause.

Your setup is working now, but openai-codex is hitting a rate limit:

error=⚠️ API rate limit reached. Please try again later.
provider=openai-codex

That big HTML blob is basically OpenAI returning an error page, and OpenClaw is truncating it in logs.

What this means

• not a pairing problem anymore
• not the wrong model anymore
• the request is reaching openai-codex, but OpenAI is refusing it for now

What to do next

1. Wait a bit and retry later
2. Run:

   openclaw models status
   

   and paste it here, that can show the visible Codex usage/quota window
3. If you want direct OpenAI API billing instead of Codex OAuth limits, use OPENAI_API_KEY with openai/gpt-5.4
4. Or temporarily switch to another provider/model until the limit resets

One important gotcha: Codex OAuth limits can differ from ChatGPT web limits, even on the same account.

Docs:

• https://docs.openclaw.ai/help/faq
• https://docs.openclaw.ai/providers/openai

Paste openclaw models status if you want and I’ll help interpret it.

If I have to change my codex account to another account what to do

Yep, easiest way is to re-run the Codex OAuth login with the other account:

openclaw models auth login --provider openai-codex --set-default

Then sign in with the new OpenAI/Codex account in the browser flow.

If the browser keeps auto-picking the old account:

1. sign out of OpenAI in that browser first, or use a private/incognito window
2. run the command again

After that, make sure your model is still:

openai-codex/gpt-5.4

Docs:

• https://docs.openclaw.ai/providers/openai
• https://docs.openclaw.ai/cli/models

If you want, I can also walk you through checking that the new account actually became the default after login.

Okay I changed it and now it’s back to GPT-5.4 how do I change it to code

In the model picker, choose the one that says:

openai-codex/gpt-5.4

or GPT-5.4 (OpenAI Codex) if it shows friendly names.

The important part is:

• ✅ openai-codex/gpt-5.4
• ❌ plain openai/gpt-5.4

If you want, after you switch it:

1. start a new chat/session
2. send a tiny test message like hello

If it keeps switching back, that means the default model is still set wrong, and I can give you the exact fix for that too.

Yes it’s default to 5.4

Yep, that means the global default is still plain GPT-5.4.

To change the default to Codex, you need this one terminal command, typed manually as one line:

openclaw config set agents.defaults.model.primary openai-codex/gpt-5.4

Then run:

openclaw gateway restart

After that:

1. refresh Control
2. start a new session
3. it should default to openai-codex/gpt-5.4

If the terminal still fights you, paste the exact line you typed and I’ll spot the typo.

I reload the page it goes back to GPT5.4

Yep, that means the stored default is still plain GPT-5.4.

Changing the model picker only changed the current session. Reload pulls the saved default back in.

Easiest fix, use the Control UI config

1. open Config in Control
2. find agents.defaults.model.primary
3. change it to:

openai-codex/gpt-5.4

4. Apply/Save
5. Restart when prompted
6. refresh the page

After that, reload should stay on Codex.

If you want, I can walk you click-by-click through the Control UI path instead of the terminal.

In the chat or terminal

Neither, do it in the Control UI Config screen, not in chat.

So:

• Chat model picker = only changes the current session
• Control UI → Config = changes the saved default
• Terminal = also works, but since it’s been annoying, I’d use Config in Control

You want the Config page/panel in Control, then set:

agents.defaults.model.primary = openai-codex/gpt-5.4

If you want, I can give you the exact click path inside Control.

Where is this

In the Control UI itself, look for a Config tab/page, usually in the left sidebar or menu, not inside the chat box.

So:

• not the chat input
• not the terminal
• the Config section of Control

Once you find Config, search for:

agents.defaults.model.primary

and set it to:

openai-codex/gpt-5.4

If you don’t see a Config tab, tell me what tabs/sections you do see and I’ll guide you from there.

Nope I don’t see that in the config

Ah, got it, the Config view is probably showing the nested form, not the dotted path.

Look for this structure instead:

• agents
  • defaults
    • model

Then:

• if model is a single text field, set it to:

  openai-codex/gpt-5.4
  

• if model is an object, set:

  • primary = openai-codex/gpt-5.4

So you’re looking for either:

agents.defaults.model

or:

agents.defaults.model.primary

After changing it, Apply/Save and Restart.

If you want, send a screenshot of that part of Config and I’ll tell you exactly what to type.

When I click on config, I can see settings, environment, authentication updates, Meta logging diagnostics, CLI secrets

Yep, that means you’re in the right place. Go into Settings.

Then look for:

• Agents
• Defaults
• Model

and set it to:

openai-codex/gpt-5.4

If there’s a search box in Settings, search for:

model

or

agents

You want the default model, not auth/environment.

After changing it:

1. save/apply
2. restart if prompted
3. refresh the page

If you open Settings and still can’t find Agents/Defaults/Model, tell me what subsections show up inside Settings.

I do set it but it keeps going back to GPT5.4

That means one of two things is happening:

1. you changed the session model, not the saved default, or
2. the config change is not actually being applied/restarted

At this point, fastest path is: send a screenshot of the Settings area where you changed it, including the field name and the buttons at the bottom.

I’m pretty sure I can spot what’s wrong in one glance, and it’ll be faster than us guessing back and forth.

I’m unable to send screenshot here

No worries, text is fine.

Let’s check what OpenClaw has actually saved as the default.

Run these in the terminal, one at a time, and paste the output here:

openclaw config get --json agents.defaults.model

openclaw config get --json agents.defaults.model.primary

That’ll tell us whether the saved default is:

• a plain string
• an object with primary

• or something else overriding it

Once you paste those two outputs, I can give you the exact next step.

"primary": "openai-codex/gpt-5.4"
"openai-codex/gpt-5.4"

Perfect, that means the saved default is already correct.

You are set to:

openai-codex/gpt-5.4

So if the UI only shows “GPT-5.4”, that’s probably just the short display name, not the wrong provider.

The important part is the provider underneath, and your config says it’s openai-codex.

Also, your earlier log already confirmed it was running as:

provider=openai-codex

So at this point, you do not need to keep changing the default model.
The thing blocking you earlier was the Codex rate limit, not the model setting.

If you want to double-check one last time, send a test message and look for provider=openai-codex in openclaw logs --follow.

Glad we finally untangled that 😅🦐

But the bot isn’t replying I have credits on my OpenAI I didn’t hit the limit it’s different account now

The key gotcha is this:

openai-codex/gpt-5.4 does not use your OpenAI API credits.

It uses the Codex OAuth / subscription route, and those limits can be different from:

• your API billing credits
• ChatGPT web/app usage
• even another OpenAI account unless the OAuth login actually switched

So two possibilities:

1. OpenClaw is still authenticated against the old Codex account
2. The new account has API credits, but not the Codex OAuth entitlement/window you expect

Best next check

Run these and paste the output:

openclaw models status

Then send one test message and check:

openclaw logs --follow

If you want to use your API credits, the route should be:

openai/gpt-5.4

with OPENAI_API_KEY.

If you want to use Codex OAuth, re-run:

openclaw models auth login --provider openai-codex --set-default

and do it in a browser/private window where you are definitely signed into the new account.

Docs:

• https://docs.openclaw.ai/providers/openai
• https://docs.openclaw.ai/help/faq

If you paste openclaw models status, I can tell you which of those two situations you’re in.

No I’m going with the OAuth option and

Got it, then stick with Codex OAuth and ignore API credits.

For the OAuth path, do this:

1. open a private/incognito browser window
2. run:

   openclaw models auth login --provider openai-codex --set-default
   

3. sign into the exact OpenAI/Codex account you want
4. then run:

   openclaw models status
   

After that, try one test message.

If it still doesn’t reply, paste:

• openclaw models status
• the fresh error from openclaw logs --follow

At that point we’ll know whether it’s:

• still the wrong OAuth account, or
• an OpenAI-side Codex OAuth quota/entitlement issue.

Maybe I should reinstall open claw?

Tapi still needing help ?

i have a sugestion for you.

I wouldn’t reinstall yet.

From what you’ve shown, OpenClaw is installed and running fine, and it’s already reaching openai-codex. Reinstalling probably won’t fix an OAuth/account/quota issue.

I’d do these before reinstalling:

1. re-run Codex OAuth login on the right account:

   openclaw models auth login --provider openai-codex --set-default
   

   use a private/incognito window

2. check:

   openclaw models status
   

If that still shows the same behavior, then we know it’s not the install.

So, short answer: no, not yet. Reinstall is very likely the wrong hammer here.

Yeah, I think we’re close.

So far it looks like:

• pairing/scope issue got fixed
• default model is now openai-codex/gpt-5.4
• the install itself seems fine
• current blocker looks more like Codex OAuth account/quota/auth state, not OpenClaw being broken

The next useful check is a fresh:

openclaw models status

after re-logging openai-codex on the intended account.

Ah yes- idk why it keeps moving back to GPT5.4 though I’m choosing the codex

you can install Codex on windwos, and instruct it to setup you openclaw, in this way OpenAi is going to setup you Openclaw and configure it

Go for it.

when i have isues and can not start openclaw i tell Codex from Openai to troubleshoot and start it

I’m pretty sure it’s not actually moving back.

What’s probably happening is:

• the UI shows the short name GPT-5.4
• but the actual provider underneath is still openai-codex

Your saved config already showed:

primary = openai-codex/gpt-5.4

So the real test is not the label in the picker, it’s:

• openclaw models status
• or openclaw logs --follow and check whether it says provider=openai-codex

If it says provider=openai-codex, then you are on Codex, even if the UI only says GPT-5.4.

are you on windows and openclaw is local ?

That’s a fair fallback, yeah.

A local agent like Codex that can read the machine, logs, and config directly is often way faster than doing support over Discord. The docs recommend that too when someone is really stuck: https://docs.openclaw.ai/help/faq

That said, from the logs so far this still looks more like a Codex OAuth/account/quota issue than “OpenClaw is installed wrong”, so I’d still want to see openclaw models status before jumping to reinstall/setup-from-scratch.

Yep, for machine-local weirdness, that’s often the fastest path.

Especially for stuff like:

• PATH issues
• auth files
• service/gateway state
• config drift
• logs on disk

That’s exactly where a local agent can beat Discord back-and-forth pretty hard.

I’m on Mac and yes it’s local

Good question, that matters a lot.

If it’s Windows + local OpenClaw, a local agent can inspect the actual install/logs/service state directly, which is way more useful.

Tapi, if you can share:

• Windows or Mac/Linux
• local install or remote/VPS

that’ll narrow the next step pretty fast.

let me see if exist Codex for Mac

Perfect, that actually helps a lot.

Since it’s Mac + local, the fastest next step is probably:

1. run

   openclaw models status
   

   and paste it here, or

2. let a local agent like Codex inspect it directly on your Mac

Because at this point the install itself looks mostly okay, and the remaining issue smells like local OAuth/auth state or Codex quota/account state.

If you want the “fastest get unstuck” route, this is the docs path: https://docs.openclaw.ai/help/faq#i-am-stuck-fastest-way-to-get-unstuck

If you paste openclaw models status, we can still keep debugging it here.

Yep, Codex works on Mac too.

Yep it’s there

Yep, Mac is fine for that route too.

If you want to keep debugging here, the most useful next paste is still:

openclaw models status

If not, having Codex inspect the local Mac install directly is a pretty solid next move.

i am on windows so is show me the install for windows, can you check from your mac , "codex for mack download" ?

install it , log in to it , and then tell him to troubleshoot Openclaw and show him the install link for mac

Yep, looks like Codex exists on Mac too.

Official-looking links I found:

• OpenAI app page: https://developers.openai.com/codex/app
• GitHub CLI repo: https://github.com/openai/codex

The OpenAI app page says it supports Windows or macOS. So if Tapi wants to use Codex locally on the Mac to debug OpenClaw, that route should exist.

https://docs.openclaw.ai/install

Yep, that’s a reasonable next move.

For Mac:

• install link: https://developers.openai.com/codex/app
• CLI repo: https://github.com/openai/codex

Then have Codex inspect the local machine and specifically check:

• openclaw status --all
• openclaw models status
• openclaw logs --follow

and tell it the issue is with OpenClaw + openai-codex/gpt-5.4 OAuth not replying. That should give it enough context to dig into the local auth/log state.

Yep, that’s the OpenClaw install docs: https://docs.openclaw.ai/install

Useful if Tapi wants the official install path alongside the Codex troubleshooting route.

i am using 4 Openai Oauth accounts from friends in my openclaw

I can’t help with sharing other people’s accounts.

If they’re your own or you’re explicitly authorized to use them, OpenClaw can handle multiple auth profiles, but I wouldn’t recommend using friends’ OAuth accounts. That’s between you and OpenAI’s terms.

For legit multi-account setups, the relevant docs are:

• Models/auth: https://docs.openclaw.ai/cli/models
• Config: https://docs.openclaw.ai/gateway/configuration

and keep codex installed , for the future , if Openclaw break, you can start it with Codex

Yep, keeping a local coding agent around for troubleshooting is genuinely useful.

Especially for:

• reading logs
• checking config/auth files
• restarting services
• spotting local setup issues faster than chat support

I’d just treat it as a debug helper, and review what it changes before accepting anything.

openai-codex DNS lookup failed with ChatGPT Plus

Hi! I'm trying to use openai-codex provider with my ChatGPT Plus ($20/mo) subscription. Auth is successful and openclaw models status shows 100% usage left (5h and weekly), but every request fails with:

DNS lookup for the provider endpoint failed.

Sometimes it alternates with API rate limit reached.

Setup:

• OpenClaw 2026.4.14 (323493f)
• macOS 26.4.1 (arm64), Mac Mini
• Model: openai-codex/gpt-5.4 (also tried gpt-5.4-mini, same issue)
• Auth: OAuth via openclaw models auth login --provider openai-codex (successful)
• curl -I https://api.openai.com works fine (HTTP/2 421)
• Slack and Telegram channels both OK

What I've tried:

• Re-authenticated with openai-codex (success)
• Switched between gpt-5.4 and gpt-5.4-mini
• Gateway restart multiple times
• openclaw doctor shows no issues

Is this a known issue with Plus subscriptions through openai-codex? Or is there additional configuration needed?

Thanks!

I don’t think this is “Plus is unsupported.”

openai-codex is supported with ChatGPT/Codex OAuth, but your curl https://api.openai.com check is testing the wrong host. Codex OAuth uses:

https://chatgpt.com/backend-api

So the first thing I’d check is DNS/reachability for chatgpt.com, not api.openai.com.

Try on the Mac:

curl -I https://chatgpt.com/backend-api
dscacheutil -q host -a name chatgpt.com

If you use any of these, temporarily disable them for one test:

• VPN
• NextDNS / custom DNS
• ad blockers / network filters
• Little Snitch / LuLu / similar
• iCloud Private Relay

Also, openai-codex defaults to WebSocket-first. I’d try forcing SSE for a test:

{
  agents: {
    defaults: {
      models: {
        "openai-codex/gpt-5.4": {
          params: { transport: "sse" }

        }
      }
    }
  }
}

So short version:

1. test chatgpt.com, not api.openai.com
2. rule out local DNS/filtering on the Mac
3. force transport: "sse" and retry

If you paste the output of those two commands, or a fresh rawError line from openclaw logs --follow, I can narrow it down further.

Docs:

• https://docs.openclaw.ai/providers/openai
• https://docs.openclaw.ai/concepts/model-providers

littlemia , same advice that i give to TAPI : you can try to install codex from openai on your mac, log on to it and then tell it to help you start Openclaw . Because Codex is an AI Agent he will do the rest

That’s a reasonable fallback, yeah.

For littlemia specifically, I’d still check the actual openai-codex network path first, because the clue here is the DNS failure and openai-codex talks to chatgpt.com/backend-api, not api.openai.com.

So both are valid:

• local agent to inspect the Mac directly
• or direct DNS/transport debugging for chatgpt.com first

Update: curl -I https://chatgpt.com/backend-api returns 403 with cf-mitigated: challenge. Looks like Cloudflare is blocking the openai-codex endpoint. DNS resolves fine. Is there a workaround for this?

A raw curl getting 403 with cf-mitigated: challenge is not enough by itself to prove OpenClaw is blocked.

That endpoint is behind bot protection, so plain curl can absolutely get challenged even when the real OAuth flow is valid.

So I’d read it like this:

• DNS is probably fine
• plain curl is not a valid auth/path test for Codex OAuth
• the real question is whether OpenClaw’s actual request is failing with Cloudflare, or whether the remaining error is still something else

What I’d do next:

1. Check chatgpt.com in a normal browser on that Mac

   • can you load ChatGPT/Codex there normally?
   • if browser access is broken too, then it’s likely network/IP/VPN/filtering related

2. Temporarily disable

• VPN
  • proxy
  • ad blocker / network filter
  • Little Snitch / LuLu
  • iCloud Private Relay
  • custom DNS / NextDNS

3. Try another network
   easiest test is phone hotspot. If that works, it strongly points to network/IP filtering.

4. Grab the real OpenClaw error

   openclaw logs --follow
   

   then send one tiny test prompt from Control UI and paste the fresh lines

Important bit: if Cloudflare is truly challenging the real OAuth traffic, there usually isn’t an OpenClaw-side “bypass” knob for that. The practical workaround is usually change network / remove filtering. Forcing SSE is still worth a try, but it won’t fix a true Cloudflare/IP challenge.

If you paste the fresh log lines after a test run, I can tell you whether this is actually CF/challenge-related or just a misleading curl result.

Browser access to chatgpt.com works fine. No VPN, no Private Relay, no firewall, no ad blocker. Here are the fresh log lines from openclaw logs --follow after sending "hi" from Control UI:

I don’t see the actual log lines yet, just the intro text.

Please paste the fresh block from openclaw logs --follow, especially any lines containing:

• openai-codex
• chatgpt.com
• 403
• cf-mitigated
• DNS
• ENOTFOUND
• EAI_AGAIN
• rate limit

If Discord ate the formatting, wrapping it like this helps:

paste logs here

If browser access to chatgpt.com works, that’s actually encouraging, it makes a pure network block less likely. The real logs should tell us whether this is:

• transport issue
• provider-side rate limit
• Cloudflare challenge on the actual request
• or something else entirely

19:13:49+00:00 info gateway/ws {"subsystem":"gateway/ws"} ⇄ res ✓ sessions.list 109ms conn=f67682ea…4445 id=435e753b…3a88
19:13:49+00:00 info gateway/ws {"subsystem":"gateway/ws"} ⇄ res ✓ chat.history 252ms conn=f67682ea…4445 id=b09ea1d1…6348
19:13:49+00:00 info gateway/ws {"subsystem":"gateway/ws"} ⇄ res ✓ sessions.list 113ms conn=82dba0b2…22a9 id=bc0b975a…508a
19:13:50+00:00 warn agent/embedded {"subsystem":"agent/embedded"} {"event":"auth_profile_failure_state_updated","tags":["error_handling","auth_profiles","cooldown"],"runId":"ac7a4a78-c67b-436e-8ffa-8bb062c3aa2e","profileId":"sha256:6a5508577e04","provider":"openai-codex","reason":"rate_limit","windowType":"cooldown","windowReused":false,"previousErrorCount":0,"errorCount":1,"cooldownUntil":1776280444980,"failureCounts":{"rate_limit":1}} auth profile failure state updated

19:13:50+00:00 warn agent/embedded {"subsystem":"agent/embedded"} {"event":"embedded_run_failover_decision","tags":["error_handling","failover","assistant","surface_error"],"runId":"ac7a4a78-c67b-436e-8ffa-8bb062c3aa2e","stage":"assistant","decision":"surface_error","failoverReason":"rate_limit","profileFailureReason":"rate_limit","provider":"openai-codex","model":"gpt-5.4","sourceProvider":"openai-codex","sourceModel":"gpt-5.4","profileId":"sha256:6a5508577e04","fallbackConfigured":false,"timedOut":false,"aborted":false,"rawErrorPreview":"<html>\n <head>\n <meta name="viewport" content="width=device-width, initial-scale=1" />\n <style global>body{font-family:Arial,Helvetica,sans-serif}.container{align-items:center;display:flex;flex-direction:column;gap:2rem;height:100%;justify-content:center;width:100%}@keyframes enlarge-appear{0%{opacity:0;transform:scale(75%) rotate(-90deg)}to{opacity:1;transform:scale(100%) rotate(0deg)}}.lo…","rawErrorHash":"sha256:822be8b31620","providerRuntimeFailureKind":"rate_limit"} embedded run failover decision
19:14:04+00:00 info gateway/ws {"subsystem":"gateway/ws"} ⇄ res ✓ sessions.list 158ms conn=82dba0b2…22a9 id=4333908b…7fbd
19:14:04+00:00 info gateway/ws {"subsystem":"gateway/ws"} ⇄ res ✓ sessions.list 135ms conn=f67682ea…4445 id=4f2387ee…14e8

Nice, that narrows it down a lot.

That log says the failure is not DNS and not obviously the Cloudflare curl probe either. The real OpenClaw request is being classified as:

provider: "openai-codex"
reason: "rate_limit"
windowType: "cooldown"

So the current blocker looks like Codex OAuth rate limiting on that account/profile.

In other words:

• OpenClaw is reaching openai-codex
• auth is present enough to make the request
• the provider is putting that profile into a cooldown window
• the curl ... cf-mitigated result was probably a red herring

What I’d do next:

1. Wait a bit and retry
   this specific profile is in cooldown now

2. Re-login to openai-codex in a private window
   to make sure it’s the intended account:

   openclaw models auth login --provider openai-codex --set-default
   

3. Check available Codex models

   openclaw models status
   

   If openai-codex/gpt-5.4-mini is available, test that first. It may be less likely to hit limits.

4. Try one tiny prompt after cooldown
   then watch:

   openclaw logs --follow
   

So my current read is:

• not an install problem
• not a general network/DNS problem
• most likely account-side Codex OAuth rate limiting

If you want, paste openclaw models status next, and I’ll tell you the best model to test on the OAuth route without switching to API keys.

Yep, this is the clearest signal so far.

That line means OpenClaw got an HTML edge page back from the openai-codex request, and its error handling classified it as:

providerRuntimeFailureKind: "rate_limit"
failoverReason: "rate_limit"
fallbackConfigured: false

So the practical read is:

• not DNS
• not an OpenClaw install problem
• not a Control UI bug first
• the openai-codex OAuth path is hitting an edge/rate-limit page for that account/request path

The annoying part is that this can happen even if normal browser ChatGPT use still works.

Workarounds

For the OAuth route, there usually isn’t a magic OpenClaw-side bypass for this.

Your realistic options are:

1. wait and retry later
2. re-login openai-codex in a private window, to make sure it’s the intended account
3. try a smaller Codex OAuth model if your account exposes one in openclaw models status
4. try another network/IP once, just as a diagnostic
5. if you need reliability right now, the more stable route is usually direct API key, not consumer OAuth

So yes, I’d call this provider-side Codex OAuth limiting/challenge behavior, not a bad local setup.

If you paste:

openclaw models status

I can help you choose the safest OAuth-side model to test next without switching to API keys.

OAuth/token status:

openai-codex usage: 5h 100% left, Week 100% left
openai-codex:default ok expires in 10d
openai-codex:my-email ok expires in 10d

I notice there are two openai-codex profiles (default + email). Could profile rotation be causing the cooldown?

Yes, that could absolutely be part of it.

OpenClaw does auth-profile rotation within a provider, and for rate limits it can try another same-provider profile before giving up. So if you have:

• openai-codex:default
• openai-codex:my-email

then OpenClaw may treat them as two candidate profiles unless you pin the order.

A couple important details though:

• it does not rotate every single request, sessions are usually sticky
• but once one profile hits cooldown, OpenClaw can rotate to the other one
• if both profiles are really the same underlying OpenAI account, that can create confusing behavior without actually solving the limit

Best next step

Force OpenClaw to use one Codex profile only:

openclaw models auth order get --provider openai-codex
openclaw models auth order set --provider openai-codex openai-codex:my-email

Or, if the intended one is the default profile:

openclaw models auth order set --provider openai-codex openai-codex:default

Then restart the gateway, wait out the cooldown, and test again.

I’d avoid --probe right now, because probe requests are real requests and can trigger more rate limits.

So yes, my recommendation is:

1. pick one Codex profile

2. pin auth order to that one
3. retry after cooldown

If you want, I can give you the exact “use the email profile” command sequence including restart.

I’m doing the onboard process again and now it’s being stucked here

TypeError: Cannot read properties of undefined (reading 'trim')

First, what does this show?

openclaw --version

And please paste the full stack trace, not just the last line.

That exact:

TypeError: Cannot read properties of undefined (reading 'trim')

has shown up before with stale session/bootstrap state, so I would not reinstall yet.

Quick things to try first:

openclaw gateway restart

then retry onboarding once.

If it still happens, paste:

1. openclaw --version
2. the full error block
3. whether this is a brand new install or an older setup you’re reusing

If this fixed it, please right-click the solution message → Apps → ✅ Mark Solution.

OpenClaw 2026.4.14 (323493f)

This is all I got when I entered the command for version

Yep, that part was just the version check 👍

Now do this next:

openclaw gateway restart

Then run the onboard command again, and copy everything it prints after it fails.

I need the actual onboarding error output, not the version output.

So the sequence is:

openclaw gateway restart

# then run your onboard command again

Then paste the full failure text here.

How channels work
│  DM security: default is pairing; unknown DMs get a pairing code.      
│  Approve with: openclaw pairing approve <channel> <code>    
│  Public DMs require dmPolicy="open" + allowFrom=["*"].    
│  Multi-user DMs: run: openclaw config set session.dmScope "per-channel-peer" (or   │
│  "per-account-channel-peer" for multi-account channels) to isolate sessions. 
│  Docs: channels/pairing     
│  Feishu: 飞书/Lark enterprise messaging with doc/wiki/drive tools. 
│  Nostr: Decentralized protocol; encrypted DMs via NIP-04
│  Microsoft Teams: Teams SDK; enterprise support
│  Nextcloud Talk: Self-hosted chat via Nextcloud Talk webhook bots
│  BlueBubbles: iMessage via the BlueBubbles mac app + REST api
│  Zalo: Vietnam-focused messaging platform with Bot Api
│  Zalo Personal: Zalo personal account via QR code login
│  Discord: very well supported right now
│  QQ Bot: connect to QQ via official QQ Bot API with group chat and direct message  │support
│  WhatsApp: works with your own number; recommend a separate phone + esim
│  Google Chat: Google Workspace Chat app with HTTP webhook
│  Mattermost: self-hosted Slack-style chat; install the plugin to enable
│  Matrix: open protocol; configure a homeserver + access token.
│  IRC: classic IRC networks; host, nick,channels
│  Synology Chat: Connect your Synology NAS Chat to openclaw
│  Tlon: Decentralized messaging on urbit
│  undefined: undefined                                                  
│  LINE: LINE Messaging API bot for Japan/Taiwan/Thailand markets.     
│  undefined: undefined                                                              │
│  Slack: supports bot + app tokens, channels, threads, and interactive replies.     │
│  undefined: undefined                                                    
│  Twitch: Twitch chat integration                                                     Select channel (QuickStart)
│  Skip for now
TypeError: Cannot read properties of undefined (reading 'trim')

Yep, that looks like a real onboarding bug.

The giveaway is the picker showing multiple lines like:

undefined: undefined

right before:

TypeError: Cannot read properties of undefined (reading 'trim')

So this is not you mis-typing something. The QuickStart channel picker is getting bad channel metadata and then crashing.

Workaround

I’d bypass that broken step and do auth/channel setup separately instead of rerunning full onboard again.

If your goal is Codex OAuth + Control UI, do this:

openclaw models auth login --provider openai-codex --set-default
openclaw gateway restart
openclaw dashboard

If you want to add a channel later, do it outside onboarding:

openclaw channels add

or directly, for example:

openclaw channels add --channel discord

My read

• onboarding itself is bugging in the QuickStart channel selection
• your install is not necessarily broken
• you can probably keep going by skipping full onboard and using the direct commands above

This one is worth filing as a bug too: https://github.com/openclaw/openclaw/issues

If openclaw dashboard opens after the restart, try one test message there and we can keep debugging the Codex OAuth side from that point.

It said no models found

That usually means the auth flow finished, but the model catalog came back empty, so --set-default had nothing to pick from.

Try it in two separate steps instead:

openclaw models auth login --provider openai-codex
openclaw config set agents.defaults.model.primary openai-codex/gpt-5.4
openclaw gateway restart
openclaw models status

So:

• login first
• set the model manually
• restart
• check status

If it still says “no models found”, paste the exact command you ran and the full output. That part matters a lot here.

The coded bot checked and it says

Exact issue right now:
    •    Your openai-codex requests to chatgpt.com/backend-api/v1/codex/responses are being blocked/challenged upstream (Cloudflare), so the call never reaches Codex.
    •    OpenClaw reports that failure as DNS lookup for the provider endpoint failed (misleading wording), then Telegram falls back to ollama/qwen3.5:4b.
So: not subscription, not OAuth, not local bot config. It’s upstream endpoint access/path blocking.

Yeah, that matches the evidence pretty well.

Especially with the earlier log showing:

• rawErrorPreview as HTML
• providerRuntimeFailureKind: "rate_limit"
• calls going to chatgpt.com/backend-api...

So I’d phrase it like this:

• Root problem: upstream chatgpt.com/backend-api is returning an edge/challenge page
• Not the root problem: local OpenClaw install, basic OAuth setup, or your subscription alone
• Misleading bit: OpenClaw surfacing some of these failures as DNS lookup for the provider endpoint failed
• Why Ollama appears: that’s just your configured fallback kicking in after openai-codex fails

Also, browser ChatGPT still working does not disprove this. A browser can satisfy Cloudflare/browser checks that backend API-style requests may not.

Practical next step

At this point there usually isn’t a clean OpenClaw-side fix for the Codex OAuth path itself.

Your real options are:

1. stay on OAuth and try another network / wait / retry later
2. use direct OpenAI API key route if you need reliable access now
3. disable or change the Ollama fallback if you want the real Codex failure surfaced instead of silently falling back
4. file a GitHub issue because the DNS wording is misleading here: https://github.com/openclaw/openclaw/issues

So yes, I think the coded bot is basically right: this is an upstream edge/challenge problem on the Codex OAuth route, with misleading error reporting on top.

Why is this issue and how to solve it

Short version:

Why this happens

openai-codex is not the normal OpenAI API route.

It uses the ChatGPT/Codex OAuth backend on:

chatgpt.com/backend-api

That path sits behind edge protections and usage controls. So what’s happening is:

• your browser can reach ChatGPT fine
• but OpenClaw’s openai-codex request gets an upstream challenge / limit page instead of a normal Codex response
• OpenClaw then reports that badly, sometimes as DNS or rate-limit
• if you have a fallback model configured, it switches to that instead

So the issue is basically:
Codex OAuth backend path is being challenged/limited upstream, not “your Mac is broken”.

How to solve it

Best reliability

Use the direct API route instead of OAuth:

openai/gpt-5.4 + OPENAI_API_KEY

That avoids the ChatGPT/Codex backend path entirely.

If you want to stay on OAuth

Your realistic fixes are:

1. wait and retry later
2. try another network/IP
3. re-login the intended openai-codex profile
4. pin one Codex auth profile only so rotation doesn’t muddy things
5. disable/change fallback if you want to see the real error instead of falling back silently

My honest recommendation

If you need this to work reliably right now, switch to the API-key route.

If you specifically want Codex OAuth, then this is more of an upstream edge/availability problem, and there may not be a clean OpenClaw-side fix.

If this fixed it, please right-click the solution message → Apps → ✅ Mark Solution.

Is this persons issue same as mine?

Message from Codex:

"The hotspot ruled out your home network. The Codex backend still returns a Cloudflare challenge on the iPhone connection too, so this looks much more like a device/untime fingerprint problem with openclaw hitting chatgpt.com/backend-api/v1, not a bad network or bad Auth.
Two notable things:
your Mac did switch to the hotspot for the default route
Tailscale DNS is still present as a supplemental resolver, but traffic is leaving over the hotspot and the challenge still happens anyway
So the likely conclusion is: OpenClaw's openai-codex transport is being challenged by Cloudflare from this Mac/client path, even with a fresh login.
Best next moves now:
If ChatGPT works in your normal browser on this Mac, that strongly confirms it's an OpenClaw client-path problem.
Downgrade OpenClaw to 2026.4.12 •
Or stop using openai-codex/gpt-5.4 as primary for now."

For the Codex OAuth failure, yes, it sounds like the same family of issue.

If both of you have this pattern:

• openai-codex/gpt-5.4
• browser ChatGPT works
• hotspot/new network doesn’t fix it
• OpenClaw logs show HTML / Cloudflare-ish response, or misleading DNS / rate_limit
• requests go to chatgpt.com/backend-api

then I’d treat that as the same upstream/client-path challenge problem.

But one important distinction:

• your onboarding undefined / trim crash is a separate bug
• your Codex OAuth requests getting challenged is the same likely issue

So, same issue for Codex route failures, not same issue for the onboarding wizard crash.

I would be cautious about the “downgrade to 2026.4.12” advice though, I wouldn’t treat that as proven yet unless someone has logs showing 2026.4.12 actually fixes this exact Codex path problem.

Is this person issue similar to ours too??

After updating to OpenClaw 2026.4.14 (and also persists after downgrade to 2026.4.12), the agent stops executing tool calls. It verbally acknowledges the request ("I will write the file"), but never invokes the actual tool (e.g., Write, Exec). The issue occurs with a custom OpenAI-compatible provider (TimeWeb Cloud AI).

Environment:

• OpenClaw Version: 2026.4.14 (and 2026.4.12)
• OS: Ubuntu 24.04
• Node.js: 22.22.2
• Provider: Custom (twc-agent/twc-agent), OpenAI-compatible (/v1/chat/completions)

Steps to Reproduce:

1. Start a new session (/new).
2. Send a command requiring a tool: Write "hello" to test.txt
3. Agent responds: "I am writing the file."
4. No file is created. No error in logs. Tool is not invoked.

Expected Behavior:
The Write tool should be executed, and the file should be created.

Actual Behavior:
Agent only provides a text response, no tool call. Session logs show no incomplete turn errors.

Additional Context:

• openclaw infer model run --model twc-agent/twc-agent --prompt "Say OK" works (model returns OK).
• openclaw config get tools.exec.host → gateway
• openclaw config get agents.defaults.sandbox.mode → off
• Approvals policy: openclaw exec-policy preset yolo applied.
• Direct !pwd command (shell execution) also fails.
• Suspected regression from changes in tool call handling (e.g., PRs #66145, #66167).

No, that one looks different.

Their issue

• custom OpenAI-compatible provider
• model replies in plain text
• never emits tool calls at all
• no file write, no exec, no shell action

That’s basically a tool-calling/model-compatibility problem.

Your issue

• openai-codex/gpt-5.4
• request goes out
• upstream chatgpt.com/backend-api returns challenge/HTML/rate-limit-ish response
• OpenClaw surfaces it badly and may fall back

That’s an upstream Codex route / edge challenge problem.