#Can the new default codex harness work with the old openai-codex Auth method?

Previously

openclaw models auth login --provider openai-codex + used the model name openai-codex/gpt-5.5 with the pi harness

Now I want to use the default codex harness (do I have to do anything or only upgrade?) and I will change the model name to OpenAI/gpt-5.5

But my question is since my original auth was with openclaw models auth login --provider openai-codex, do I have to login again?

Because openclaw models auth login --provider openai is the onboard in the new blog (openclaw models auth login --provider openai)

Or will the new openclaw doctor move the Auth? What thoughts?

Take your time, read everything relevant, docs and GitHub issues and such and let me know

Fyi this is for the new version 2026.5.12

Also lmk your opinion on whether I should upgrade or wait

I checked the current docs/source around the OpenAI/Codex rename/migration path.

Short version: you should not need to log in again just because you originally used --provider openai-codex. That old auth profile is still the Codex subscription/OAuth credential namespace, and the new openai/gpt-5.5 model route is expected to consume it.

The confusing bit is that the names now split by layer:

• openai/gpt-5.5 = canonical model ref for the native Codex app-server harness
• openai-codex:* = existing Codex OAuth auth/profile id, still supported
• openai-codex/gpt-5.5 = legacy model ref that Doctor repairs to openai/gpt-5.5
• openclaw models auth login --provider openai now starts the ChatGPT/Codex login by default; --method api-key is the explicit OpenAI API-key path

So for your case, I’d do this after upgrading:

openclaw doctor --fix
openclaw config validate

openclaw models status
openclaw models auth list --provider openai-codex
openclaw config get agents.defaults.model --json

If your openai-codex profile shows up and is usable, don’t re-login. If it’s missing/expired/refresh-failed, then re-auth with either spelling; the docs still show the explicit Codex one:

openclaw models auth login --provider openai-codex

For the model config, use lowercase:

openclaw config set agents.defaults.model.primary openai/gpt-5.5

No extra runtime config should be needed for the default route. OpenAI agent turns select the native Codex harness by default now; Doctor also repairs stale openai-codex/*, old PI pins, and session route state where it can. It does not really “move” your auth in the sense of replacing openai-codex:*; it preserves/uses those profiles and rewrites the model/runtime routing around them.

My opinion: upgrade, but do it with a small safety ritual. This migration path is exactly what 2026.5.12+ is trying to clean up, and staying on the legacy PI route is more likely to accumulate weirdness. Before upgrading, back up ~/.openclaw, then upgrade, run openclaw doctor --fix, restart the gateway, and verify /status shows the Codex runtime. If this is a mission-critical box and you can’t babysit it for 15 minutes, wait until you can.

Docs I checked:
https://docs.openclaw.ai/providers/openai
https://docs.openclaw.ai/concepts/agent-runtimes
https://docs.openclaw.ai/gateway/doctor
https://docs.openclaw.ai/cli/models

Are other people complaining about this on discord or GitHub yet? Or so far all good?

Yeah — there were real complaints, but mostly around the earlier 2026.5.5 migration, not a fresh flood on 2026.5.12.

What I found:

• GitHub had a cluster of issues about doctor --fix rewriting openai-codex/* → openai/* and then breaking Codex OAuth routing / requiring OPENAI_API_KEY:
  • https://github.com/openclaw/openclaw/issues/78407
  • https://github.com/openclaw/openclaw/issues/78509
  • https://github.com/openclaw/openclaw/issues/78499
  • related/session variant: https://github.com/openclaw/openclaw/issues/78484
• Those are now closed. A lot of the newer docs/Doctor behavior I quoted looks like it was written specifically to address that mess.
• There was also a newer relevant one today: https://github.com/openclaw/openclaw/issues/81888 — Codex harness receives openai:default auth profile while status shows openai-codex OAuth. That one is also closed/completed.
• Discord has definitely had confusion/questions about the split between openai/gpt-5.5 model route vs openai-codex auth/profile. I found a couple threads, including yours/adjacent ones, and one “burning OpenAI credits” type thread that smells related to wrong auth route / API-key fallback risk.

So my read is: not “all good, zero complaints,” but also not “5.12 is currently on fire for everyone.” The dangerous historical failure mode is known: silently ending up on direct OpenAI API-key billing instead of Codex subscription OAuth. That’s why I’d upgrade only with verification right after:

openclaw models status
openclaw models auth list --provider openai-codex
openclaw config get agents.defaults.model --json

Then check /status in a fresh session and make sure it says the Codex runtime/auth you expect before doing heavy work.

I will be migrating from 2026.5.7

Any issues I'll have? Check again but take your time

I’ll check this against the current docs/source and the 2026.5.7 → 2026.5.12 path specifically. The auth provider rename/migration is the part I want to verify carefully before giving you a yes/no.

Checked 2026.5.12 docs/source/changelog against the 2026.5.7 → 2026.5.12 path.

Short version: I’d upgrade if your goal is the new default Codex harness. 2026.5.12 contains a lot of Codex-specific fixes after 5.7: auth refresh handling, app-server auth failures, selectable OpenAI/Codex model loading, MCP projection into Codex threads, message-tool replies from Codex, and route repair for old openai-codex/* state.

For your exact auth question: you should not need to log in again just because you originally used:

openclaw models auth login --provider openai-codex

In 2026.5.12, docs say --provider openai now defaults to ChatGPT/Codex account login for OpenAI models, and the old --provider openai-codex spelling still works for existing scripts. The stored OAuth profile may still be named like openai-codex:default; that is expected.

The important migration is model refs/runtime, not reauth:

• old PI-style ref: openai-codex/gpt-5.5
• new default Codex harness ref: openai/gpt-5.5 lower-case openai

Run this after updating:

openclaw doctor --fix
openclaw models auth list --provider openai-codex
openclaw models auth list --provider openai
openclaw models status
openclaw gateway restart
openclaw status

What doctor --fix should do: rewrite legacy openai-codex/* model refs to openai/*, clean stale session route pins, remove old whole-agent runtime pins, and preserve the Codex auth route via provider/model runtime policy. So it should migrate the route/config, not require a fresh OAuth login.

Possible gotchas from 5.7:

• If you manually pinned PI runtime somewhere, doctor may remove or rewrite that. Good if you want default Codex; surprising only if you intentionally wanted PI compatibility.
• Existing sessions can have stale openai-codex route state; doctor specifically scans session stores for that.
• If you have direct OpenAI API-key usage too, keep it as a backup profile. Docs support auth.order.openai: ["openai-codex:...", "openai:api-key-backup"].
• If you use custom models.providers.openai.baseUrl, that is treated differently; the default Codex route is for official OpenAI provider refs, not arbitrary OpenAI-compatible proxies.
• I’d avoid beta unless you need a specific beta fix. For this migration, 2026.5.12 stable looks like the right target over staying on 2026.5.7.

Docs I checked:
https://docs.openclaw.ai/concepts/agent-runtimes
https://docs.openclaw.ai/concepts/model-providers
https://docs.openclaw.ai/cli/models
https://docs.openclaw.ai/gateway/doctor
https://docs.openclaw.ai/install/updating

Can you check GitHub issue 81955

Can you check GitHub issue 81955