#⚠️ Something went wrong while processing your request. Please try again, or use /new to start a fres

hey there, i keep having this issue since 4.20 and even if i switched to 4.21 + did doctor (and doctor --fix) and reconnected codex and everything... It still doesn't work

Yeah, that banner is annoyingly generic.

A useful gotcha first: if by “reconnected codex” you mean the standalone Codex app/CLI, that alone won’t fix OpenClaw anymore. OpenClaw now keeps its own Codex OAuth auth, it does not import from ~/.codex.

Please try:

openclaw models auth login --provider openai-codex
# if browser callback is flaky:
openclaw models auth login --provider openai-codex --device-code

Then paste these:

openclaw --version

openclaw status
openclaw models status

And while reproducing it once:

openclaw logs --follow

I’m looking for lines like:

• OAuth token refresh failed for openai-codex
• invalid_grant
• refresh_contention
• LLM error server_error: An error occurred while processing your request.

One more targeted check: older manual models.providers.openai-codex overrides can shadow the built-in Codex OAuth path on newer versions. If you paste the relevant config snippet too, I can sanity-check that.

Docs:
https://docs.openclaw.ai/help/faq
https://docs.openclaw.ai/providers/openai
https://docs.openclaw.ai/gateway/doctor

If it only breaks in one chat/thread, try /new once too, because session-history desync can look very similar.

12:51:32+00:00 warn agent/embedded {"subsystem":"agent/embedded"} {"event":"embedded_run_failover_decision","tags":["error_handling","failover","prompt","fallback_model"],"runId":"44ec1276-27dc-4c94-8144-79fe75bff9fc","stage":"prompt","decision":"fallback_model","failoverReason":"auth","profileFailureReason":"auth","provider":"codex","model":"gpt-5.4","sourceProvider":"codex","sourceModel":"gpt-5.4","fallbackConfigured":true,"aborted":false,"status":401,"rawErrorPreview":"unexpected status 401 Unauthorized: Missing bearer or basic authentication in header, url: https://api.openai.com/v1/responses, cf-ray: 9f0d00108e5fe1a0-MRS, request id: sha256:6d561c59d619","rawErrorHash":"sha256:5ef5f8edb859","rawErrorFingerprint":"sha256:78c7d385d281","providerRuntimeFailureKind":"unknown","requestIdHash":"sha256:6d561c59d619"} embedded run failover decision

12:51:32+00:00 error diagnostic {"subsystem":"diagnostic"} lane task error: lane=main durationMs=28025 error="FailoverError: unexpected status 401 Unauthorized: Missing bearer or basic authentication in header, url: https://api.openai.com/v1/responses, cf-ray: 9f0d00108e5fe1a0-MRS, request id: req_618fee8600844fe190bf61feef77a3bc"
12:51:32+00:00 error diagnostic {"subsystem":"diagnostic"} lane task error: lane=session:agent:main:discord:channel:1473784864703647856 durationMs=28028 error="FailoverError: unexpected status 401 Unauthorized: Missing bearer or basic authentication in header, url: https://api.openai.com/v1/responses, cf-ray: 9f0d00108e5fe1a0-MRS, request id: req_618fee8600844fe190bf61feef77a3bc"

12:52:13+00:00 error diagnostic {"subsystem":"diagnostic"} lane task error: lane=main durationMs=40524 error="FailoverError: unexpected status 401 Unauthorized: Missing bearer or basic authentication in header, url: https://api.openai.com/v1/responses, cf-ray: 9f0d010f2e65fb6d-MRS, request id: req_c973b3b45adc42269975a57c940c96bc"
12:52:13+00:00 error diagnostic {"subsystem":"diagnostic"} lane task error: lane=session:agent:main:discord:channel:1473784864703647856 durationMs=40525 error="FailoverError: unexpected status 401 Unauthorized: Missing bearer or basic authentication in header, url: https://api.openai.com/v1/responses, cf-ray: 9f0d010f2e65fb6d-MRS, request id: req_c973b3b45adc42269975a57c940c96bc"

12:52:13+00:00 error Embedded agent failed before reply: All models failed (2): codex/gpt-5.4: unexpected status 401 Unauthorized: Missing bearer or basic authentication in header, url: https://api.openai.com/v1/responses, cf-ray: 9f0d00108e5fe1a0-MRS, request id: req_618fee8600844fe190bf61feef77a3bc (auth) | openai-codex/gpt-5.4: unexpected status 401 Unauthorized: Missing bearer or basic authentication in header, url: https://api.openai.com/v1/responses, cf-ray: 9f0d010f2e65fb6d-MRS, request id: req_c973b3b45adc42269975a57c940c96bc (auth) | unexpected status 401 Unauthorized: Missing bearer or basic authentication in header, url: https://api.openai.com/v1/responses, cf-ray: 9f0d010f2e65fb6d-MRS, request id: req_c973b3b45adc42269975a57c940c96bc

Ah, this log is the clue.

You’re not on openai-codex/* here, you’re on codex/gpt-5.4:

• provider:"codex"
• request goes to https://api.openai.com/v1/responses
• error is 401 Unauthorized: Missing bearer or basic authentication in header

That means the Codex app-server path is running, and it has no auth header at all.

So the likely issue is:

1. Wrong model route for the auth you want

   • codex/gpt-5.4 = Codex app-server harness
   • openai-codex/gpt-5.4 = OpenClaw-managed ChatGPT/Codex OAuth

2. Or, if you really want codex/*, the gateway/app-server process cannot see the same auth your shell/Codex CLI sees.

If you want ChatGPT/Codex OAuth, switch to this:

openclaw config set agents.defaults.model.primary openai-codex/gpt-5.4
openclaw models auth login --provider openai-codex
openclaw models status --probe

If you want to stay on codex/*, then the fix is making sure the service process has Codex/OpenAI auth available, not just your terminal session.

Please paste:

openclaw --version
openclaw models status --probe

and tell me which one your primary model is set to:

• codex/gpt-5.4
• or openai-codex/gpt-5.4

Docs:
https://docs.openclaw.ai/plugins/codex-harness
https://docs.openclaw.ai/help/faq

If you want, I can give you the exact config snippet for either route.

Yep, that confirms it.

This is not a bad thread or /new problem. Both lane=main and the session lane are failing the same way, so the shared model/provider layer is trying to call OpenAI with no Authorization header.

So the problem is basically:

• wrong model route, or
• the gateway service cannot see your auth

Most likely, from your earlier log, you’re on codex/*, not openai-codex/*.

If you want ChatGPT/Codex OAuth

Use the OpenClaw OAuth route instead:

openclaw config set agents.defaults.model.primary openai-codex/gpt-5.4

openclaw models auth login --provider openai-codex
openclaw gateway restart
openclaw models status --probe

If you want to stay on codex/*

Then the Codex app-server/gateway process needs auth, not just your shell.

Important gotcha: if OpenClaw is running as a service, codex login or shell OPENAI_API_KEY changes may not be visible to the service until you restart it, and sometimes the service user/env differs from your terminal.

So in that case:

• verify which model ref you’re using
• restart the gateway
• check openclaw models status --probe

Please paste:

openclaw --version
openclaw models status --probe

and tell me your primary model ref, specifically whether it is:

• codex/gpt-5.4
• or openai-codex/gpt-5.4

Docs:
https://docs.openclaw.ai/plugins/codex-harness
https://docs.openclaw.ai/help/faq

If you paste models status --probe, I can usually tell you the exact next step pretty fast.

Same root cause again.

The important part is:

401 Unauthorized: Missing bearer or basic authentication in header

So OpenClaw/Codex is reaching OpenAI with no auth at all. This is not a /new problem and not really a Doctor problem anymore. It’s an auth/model-route problem.

Quickest check

Run:

openclaw models status --plain

If that prints codex/gpt-5.4

Then you’re on the Codex app-server harness path.

If you actually wanted ChatGPT/Codex subscription auth, switch to the OpenClaw OAuth route:

openclaw config set agents.defaults.model.primary openai-codex/gpt-5.4
openclaw models auth login --provider openai-codex
openclaw gateway restart
openclaw models status --probe

If you intentionally want codex/gpt-5.4

Then the gateway/service process itself cannot see your auth.

Common gotcha: codex login in your shell does not guarantee the OpenClaw service sees that auth, especially with systemd/launchd or a different user/env. In that case, make sure the service has the same Codex/OpenAI auth available, then:

openclaw gateway restart

openclaw models status --probe

If you paste just the output of:

openclaw models status --plain

I can tell you immediately which fix path you need.

Docs:
https://docs.openclaw.ai/plugins/codex-harness
https://docs.openclaw.ai/help/faq

Okay, this finally makes it clear.

Both routes are failing:

• codex/gpt-5.4
• openai-codex/gpt-5.4

And both fail with the same thing:

401 Unauthorized: Missing bearer or basic authentication in header

So the gateway currently has no usable OpenAI/Codex auth on the machine actually running the gateway.

That means:

• /new won’t fix it
• Doctor probably won’t fix it

• upgrading versions won’t fix it by itself

Do this on the gateway host

openclaw --version
openclaw models status --probe
openclaw models auth order clear --provider openai-codex
openclaw models auth login --provider openai-codex
openclaw gateway restart
openclaw models status --probe

Important gotcha

If OpenClaw is running as a service, shell auth/env often does not carry over.

So if you’re using codex/gpt-5.4, the Codex app-server path also needs auth visible to the service process, usually via:

• OPENAI_API_KEY, or
• valid Codex auth files readable by that same user/service

If you only set env vars in your terminal, put them where the gateway actually loads them, for example ~/.openclaw/.env, then restart the gateway.

Paste the output of the first openclaw models status --probe and I can tell you exactly which auth leg is still missing.

Docs:
https://docs.openclaw.ai/gateway/authentication
https://docs.openclaw.ai/plugins/codex-harness

Basically, the only thing I want is to keep using my chatgpt subscription (and not the API) but i'm not sure i understand if it's best to use codex or openai-codex. I don't even get the differece

Yep, for “use my ChatGPT subscription, not API billing”, you want openai-codex, not codex.

Super short version

• openai-codex/gpt-5.4 = ChatGPT/Codex subscription OAuth

  • this is the one you want
  • OpenClaw manages the login itself

• codex/gpt-5.4 = native Codex app-server harness

  • more advanced/specialized
  • different runtime path
  • not the simplest “just use my subscription in OpenClaw” option

• openai/gpt-5.4 = direct OpenAI API key

  • this is the one you do not want

For your setup, I’d do this

openclaw config set agents.defaults.model.primary openai-codex/gpt-5.4
openclaw models auth login --provider openai-codex
openclaw gateway restart

And for now, I would stop using codex/* as a fallback until this is working cleanly, because it’s just adding noise to the auth/debugging.

So the recommendation is:

Use openai-codex/gpt-5.4 if your goal is ChatGPT subscription access inside OpenClaw.

Docs:
https://docs.openclaw.ai/help/faq
https://docs.openclaw.ai/plugins/codex-harness
https://docs.openclaw.ai/concepts/model-providers

If you want, I can give you the exact minimal config snippet for a subscription-only setup.

yes please. and regarding the fallback, i want to use my minimax subscription plan.
Could you please provide the right config and steps ?

Yep, for a subscription-only setup, I’d do this:

Use these model routes

• Primary: openai-codex/gpt-5.4
  your ChatGPT/Codex subscription

• Fallback: minimax-portal/MiniMax-M2.7
  your MiniMax Coding Plan / OAuth subscription

Important bit:

• openai-codex/* = OpenAI subscription route
• minimax-portal/* = MiniMax subscription route
• codex/* and minimax/* are not the subscription routes you want here

Exact steps

If you’re not on the China MiniMax plan, use the global OAuth path:

# 1) OpenAI subscription auth
openclaw models auth login --provider openai-codex

# 2) MiniMax subscription auth
openclaw onboard --auth-choice minimax-global-oauth

# 3) Set primary + clean fallbacks
openclaw models set openai-codex/gpt-5.4
openclaw models fallbacks clear
openclaw models fallbacks add minimax-portal/MiniMax-M2.7

# 4) Verify both providers are available
openclaw models list --provider openai-codex
openclaw models list --provider minimax-portal
openclaw models status --probe

# 5) Restart gateway if it is already running
openclaw gateway restart

If you use the China MiniMax plan, swap step 2 to:

openclaw onboard --auth-choice minimax-cn-oauth

Minimal config shape

{
  agents: {
    defaults: {
      model: {
        primary: "openai-codex/gpt-5.4",
        fallbacks: ["minimax-portal/MiniMax-M2.7"],
      },
      models: {
        "openai-codex/gpt-5.4": { alias: "gpt" },
        "minimax-portal/MiniMax-M2.7": { alias: "minimax" },
      },
    },
  },

}

Optional: faster MiniMax fallback

If you want the faster MiniMax tier instead:

openclaw models fallbacks clear
openclaw models fallbacks add minimax-portal/MiniMax-M2.7-highspeed

Docs

https://docs.openclaw.ai/providers/openai
https://docs.openclaw.ai/providers/minimax
https://docs.openclaw.ai/concepts/models

If you paste the output of openclaw models status --probe after this, I can sanity-check it for you.

i encountered this issue after the minimax auth : Error: Cannot find module '@larksuiteoapi/node-sdk'
Require stack:

• /opt/homebrew/lib/node_modules/openclaw/dist/extensions/feishu/client-yWGpoGkZ.js

That one is probably not MiniMax auth itself.

@larksuiteoapi/node-sdk is a Feishu bundled plugin dependency, so what you’re seeing is basically:

your OpenClaw install is missing a bundled runtime dep

The supported repair path is:

openclaw doctor --fix
openclaw gateway restart

Why this can show up “after MiniMax auth”: onboarding/auth can trigger plugin/provider loading paths, which can expose a missing bundled dependency that wasn’t noticed earlier.

A couple important notes:

• if you don’t even use Feishu, it can still show up if that bundled plugin is being checked/loaded
• don’t use openclaw update for this , that updates config shape, not the installed code

If openclaw doctor --fix still gives the same module error after restart, then your global install is incomplete/corrupted, and the next step is a clean reinstall of OpenClaw using the same install method you originally used, then run openclaw doctor --fix again.

If you want, paste these and I’ll tell you which branch you’re on:

openclaw --version
openclaw status --all

Docs:
https://docs.openclaw.ai/gateway/doctor

Ok, so I followed all these steps you mentionned and unfortunately i keep having the same error message : ⚠️ Something went wrong while processing your request. Please try again, or use /new to start a fresh session.

@plucky fable any suggestion here ?

Yeah, my best suggestion is to simplify hard and test one thing at a time.

For debugging, I would temporarily remove all fallbacks and use only the ChatGPT subscription route:

openclaw models set openai-codex/gpt-5.4
openclaw models fallbacks clear
openclaw models auth login --provider openai-codex
openclaw gateway restart

Then test again.

Why: right now there are too many moving parts, codex, openai-codex, minimax-portal, plus the earlier Feishu/module weirdness. One clean lane is much easier to diagnose.

If that works

Add MiniMax back after:

openclaw onboard --auth-choice minimax-global-oauth
openclaw models fallbacks add minimax-portal/MiniMax-M2.7

If that still fails

Then I really need the current outputs, especially:

openclaw models status --probe
openclaw logs --follow

I’m pretty sure the next win comes from isolating it to one model, one auth path first.

benbot@BENBOTs-iMac ~ % openclaw models status --probe

🦞 OpenClaw 2026.4.21 (f788c88) — Self-hosted, self-updating, self-aware (just kidding... unless?).

│
◇
Config : ~/.openclaw/openclaw.json
Agent dir : ~/.openclaw/agents/main/agent
Default : openai-codex/gpt-5.4
Fallbacks (0) : -
Image model : -
Image fallbacks (0): -
Aliases (0) : -
Configured models (1): openai-codex/gpt-5.4

Auth overview
Auth store : ~/.openclaw/agents/main/agent/auth-profiles.json
Shell env : off
Providers w/ OAuth/tokens (4): anthropic (2), kimi (1), minimax-portal (1), openai-codex (2)

• anthropic effective=profiles:~/.openclaw/agents/main/agent/auth-profiles.json | profiles=2 (oauth=0, token=2, api_key=0) | anthropic:default=token:sk-ant-o...ya4MzAAA, anthropic:manual=token:sk-ant-o..._q7DngAA
• google effective=models.json:AIzaSyCd...ah3aaVgo | models.json=AIzaSyCd...ah3aaVgo | source=models.json: ~/.openclaw/agents/main/agent/models.json
• kimi effective=profiles:~/.openclaw/agents/main/agent/auth-profiles.json | profiles=1 (oauth=0, token=1, api_key=0) | kimi-coding:manual=token:eyJhbGci...smEBbgRQ
• minimax-portal effective=profiles:~/.openclaw/agents/main/agent/auth-profiles.json | profiles=1 (oauth=1, token=0, api_key=0) | minimax-portal:default=OAuth
• openai-codex effective=profiles:~/.openclaw/agents/main/agent/auth-profiles.json | profiles=2 (oauth=2, token=0, api_key=0) | openai-codex:default=OAuth (benjamin@w3art.io), openai-codex:benjamin@w3art.io=OAuth (benjamin@w3art.io)

OAuth/token status

• anthropic
  • anthropic:default static
  • anthropic:manual static
• kimi
  • kimi-coding:manual static
• minimax-portal
  • minimax-portal:default ok expires in 365d
• openai-codex usage: 5h 100% left ⏱4h 59m · Week 100% left ⏱5d 4h
  • openai-codex:benjamin@w3art.io (benjamin@w3art.io) ok expires in 10d
  • openai-codex:default (benjamin@w3art.io) ok expires in 10d

Auth probes
┌─────────────────────┬──────────────────────────────────────────────┬──────────────────────────────────────────────────────────────────────────┐
│ Model │ Profile │ Status │
├─────────────────────┼──────────────────────────────────────────────┼──────────────────────────────────────────────────────────────────────────┤

│ anthropic/claude-3- │ anthropic:default (token) │ unknown · - │
│ haiku-20240307 │ │ ↳ Excluded by auth.order for this provider. │
│ anthropic/claude-3- │ anthropic:manual (token) │ unknown · 23s │
│ haiku-20240307 │ │ ↳ codex app-server client is closed │
│ google/gemini-1.5- │ models.json (api_key) │ unknown · 1.6s │
│ flash │ │ ↳ codex app-server client is closed │
│ kimi/kimi-code │ kimi-coding:manual (token) │ unknown · 1s │
│ │ │ ↳ codex app-server client is closed │

│ minimax-portal/ │ minimax-portal:default (oauth) │ unknown · 1s │
│ MiniMax-M2.7 │ │ ↳ failed to load configuration: Model provider minimax-portal not │
│ │ │ found │
│ openai-codex/gpt-5. │ openai-codex:benjamin@w3art.io │ unknown · 762ms │
│ 4 │ (benjamin@w3art.io) (oauth) │ ↳ codex app-server client is closed │
│ openai-codex/gpt-5. │ openai-codex:default (benjamin@w3art.io) │ unknown · 768ms │
│ 4 │ (oauth) │ ↳ codex app-server client is closed │
└─────────────────────┴──────────────────────────────────────────────┴──────────────────────────────────────────────────────────────────────────┘
Probed 6 targets in 32.6s

This is actually helpful, and honestly a bit encouraging.

Your CLI now shows:

• Default = openai-codex/gpt-5.4
• Fallbacks = 0
• openai-codex OAuth profiles exist
• MiniMax OAuth exists too

So the login/config side now looks sane. That means we’re probably no longer dealing with “you authenticated the wrong thing”.

The next likely issue is one of these:

1. the running gateway is not using the same config/agent dir the CLI is showing, or
2. there’s a live runtime/auth bug and we need the actual gateway error

Next two things I need

openclaw status --all
openclaw models auth order get --provider openai-codex

And then:

openclaw logs --follow

Reproduce the failure once, then paste the fresh error block.

What I’m checking now is:

• does the live gateway point at the same ~/.openclaw/agents/main/agent path?
• is openai-codex auth order excluding the usable profile?

• is the runtime still throwing the old 401 missing bearer/basic auth, or is it a new failure now?

If you paste those 3 outputs, I think we’re very close to the real cause.

Nice, this narrows it down a lot.

That output says your OpenAI Codex OAuth is valid and the usage window is visible, so this does not look like an expired login anymore.

At this point I’m most suspicious of one of these:

• the running gateway is not the same config/state the CLI is reading
• there’s a live runtime bug that only shows up when a real turn runs

Also, if that Auth probes table is really empty, that’s a bit weird by itself.

Please send just these two next

openclaw status --all

and then:

openclaw logs --follow

Reproduce the failure once, and paste the fresh error lines after that.

I think the auth side is now basically confirmed good, so the next clue is almost certainly in the live gateway/runtime path.

Aha, I think this is the real bug.

Those lines are the giveaway:

• Anthropic probe → codex app-server client is closed
• Google probe → codex app-server client is closed
• Kimi probe → codex app-server client is closed

Those providers should not be touching Codex app-server at all.

That usually means your gateway is still forcing the Codex harness globally, either via:

• agents.defaults.embeddedHarness.runtime: "codex"
• or OPENCLAW_AGENT_RUNTIME=codex

For your setup, that is wrong.
You want openai-codex/* through the normal OpenClaw path, not the Codex app-server harness.

What to change

Your config should look like this, at least for the relevant part:

{
  agents: {
    defaults: {
      model: {
        primary: "openai-codex/gpt-5.4",
        fallbacks: [],
      },
      embeddedHarness: {
        runtime: "auto",
        fallback: "pi",
      },

    },
  },
}

And make sure you do not have:

OPENCLAW_AGENT_RUNTIME=codex

in your shell, service env, or ~/.openclaw/.env.

Then restart

openclaw gateway restart

What should happen after that

When you rerun:

openclaw models status --probe

you should stop seeing codex app-server client is closed for Anthropic/Google/Kimi.

That message is the smoking gun here.

Docs:

https://docs.openclaw.ai/plugins/codex-harness
https://docs.openclaw.ai/gateway/configuration-reference

If you want, paste just your embeddedHarness block or your .env model/runtime lines, and I’ll sanity-check them.

Yep, this confirms it even more clearly.

You’ve got 2 separate issues right now:

1) openai-codex is still being routed through Codex app-server

That’s why you keep seeing:

codex app-server client is closed

For openai-codex/gpt-5.4, that should not happen.
So something is still forcing the Codex harness globally.

Please check and remove/reset both of these if present:

• agents.defaults.embeddedHarness.runtime: "codex" in ~/.openclaw/openclaw.json
• OPENCLAW_AGENT_RUNTIME=codex in ~/.openclaw/.env or your service env

For now, the safe setting is:

embeddedHarness: {
  runtime: "auto",
  fallback: "pi",
}

Then restart:

openclaw gateway restart

2) MiniMax auth exists, but the MiniMax provider is not loaded

This line says it:

Model provider minimax-portal not found

So your minimax-portal OAuth token is there, but the actual provider config is missing/not active.

For now, I would ignore MiniMax completely, clear fallbacks, and get openai-codex working first.

openclaw models set openai-codex/gpt-5.4
openclaw models fallbacks clear
openclaw gateway restart

Once openai-codex works cleanly, then re-add MiniMax by rerunning:

openclaw onboard --auth-choice minimax-global-oauth

and verify:

openclaw models list --provider minimax-portal

Recommended order now

1. remove forced Codex harness
2. restart gateway
3. test openai-codex alone