#openai codex oath?

Am I still able to use my codex subscription with openclaw?

Yes, assuming you mean OpenAI Codex OAuth / ChatGPT sign-in. OpenClaw supports using a Codex subscription via the openai-codex provider, separate from an OPENAI_API_KEY.

Fast path:

openclaw onboard --auth-choice openai-codex

If you already have OpenClaw set up:

openclaw models auth login --provider openai-codex --set-default

If you are on a headless/remote box, add --device-code.

Docs:
https://docs.openclaw.ai/providers/openai
https://docs.openclaw.ai/concepts/oauth

Tiny naming trap: openai-codex is the Codex OAuth provider/profile route. Regular openai is API-key style OpenAI access. If it still acts weird, first thing to paste is openclaw --version.

Things changed in the latest beta developement are you sure this is still a thing?

You’re right to question it. I checked current origin/main docs, and the beta wording did change.

Correct current shape:

• Yes, Codex subscription auth is still supported.
• The auth provider is still openai-codex.
• The model route is now the canonical openai/* route, usually openai/gpt-5.5.
• Old openai-codex/* model refs are considered legacy and openclaw doctor --fix repairs them to openai/* plus Codex runtime.

Current setup:

openclaw models auth login --provider openai-codex
openclaw config set agents.defaults.model.primary openai/gpt-5.5

Headless:

openclaw models auth login --provider openai-codex --device-code

Then verify:

openclaw models list --provider openai-codex
openclaw doctor

Docs: https://docs.openclaw.ai/providers/openai

So: my earlier answer was half-stale. The subscription path is still real; the model ref I gave should be openai/gpt-5.5 for the latest beta/dev path.

Model Input Ctx Local Auth Tags
openai-codex/gpt-5.4 text 266k/195k no yes
openai-codex/gpt-5.4-mini text+image 266k/391k no yes
openai-codex/gpt-5.5 text+image 266k/391k no yes
openai-codex/gpt-5.4-pro text+image 1025k no yes
openai-codex/gpt-5.5-pro text+image 977k no yes
loze@bunbox:~$

so in the config do I call them as openai/gpt-5.4 or openai-codex/gpt-5.4?

For latest beta/dev config, use:

{
  agents: {
    defaults: {
      model: {
        primary: "openai/gpt-5.4"
      }
    }
  }
}

So: openai/gpt-5.4, not openai-codex/gpt-5.4, for the default model route.

The confusing bit: openai-codex can still show up in models list --provider openai-codex because that’s the Codex OAuth auth/provider namespace. But the newer config path canonicalizes agent model refs to openai/*; openai-codex/* is legacy and openclaw doctor --fix should repair it.

If your installed beta still only accepts openai-codex/*, paste openclaw --version because that means you’re on the transition edge.

OpenClaw 2026.5.16-beta.4 (38c3a8d)

Yep, for 2026.5.16-beta.4 (38c3a8d) specifically, config should use the canonical route:

openclaw config set agents.defaults.model.primary openai/gpt-5.4

or for 5.5:

openclaw config set agents.defaults.model.primary openai/gpt-5.5

The openai-codex/gpt-5.4 rows you’re seeing are the Codex OAuth provider/catalog side. In that beta, docs/source say legacy openai-codex/* config refs should be rewritten to openai/*.

Recommended cleanup after setting it:

openclaw doctor --fix
openclaw doctor

So the short answer: call it openai/gpt-5.4 in config; keep openai-codex only for auth/login/listing commands.

Okay well I did all that and when openclaw runs and I check status its always using the fallback model and not the openai gpt-5.4

That usually means OpenClaw tried the configured primary, got an auth/rate-limit/timeout/billing-style failure, then persisted an auto fallback override for the session. In this beta that fallback can stay sticky for later turns and only probes the primary periodically; /new or /reset clears it immediately.

I’d check these in order:

openclaw models status --probe --probe-provider openai-codex
openclaw models status --probe --probe-provider openai
openclaw doctor

Then in the chat/session where you’re testing:

/reset
/status

If you want it to fail loudly instead of silently using fallback while debugging, temporarily clear fallbacks:

openclaw models fallbacks list
openclaw models fallbacks clear

Then try one message again. If openai/gpt-5.4 is broken, it should show the real reason instead of falling through.

Also check auth routing: for Codex subscription on the new openai/* route, the docs for your exact beta say the profile can still be openai-codex:..., but new config should prefer ordering it under auth.order.openai, e.g.:

{
  auth: {
    order: {
      openai: ["openai-codex:your-profile-id"]

    }
  }
}

Paste the output of openclaw models status --probe --probe-provider openai-codex and the fallback notice/reason from /status if it still sticks. That should tell us whether it’s quota/cooldown, bad auth ordering, or the Codex runtime path itself failing.

That output narrows it down nicely: your Codex OAuth is not the blocker. Both profiles are being found, quota looks available, and the failure is:

codex app-server startup timed out
codex app-server connection closed during startup

So this is the native Codex runtime/app-server path, not the model name.

Check these on the gateway host:

openclaw plugins list --enabled | rg codex
openclaw plugins inspect codex --runtime
openclaw doctor --fix
openclaw gateway restart

If your config has a plugin allowlist, make sure it includes codex:

{
  plugins: {
    allow: ["codex"],
    entries: {
      codex: { enabled: true }
    }
  }
}

After restart, test from the chat/session: