惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threatpost
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
S
Security Affairs
N
News and Events Feed by Topic
T
Tenable Blog
P
Proofpoint News Feed
W
WeLiveSecurity
Simon Willison's Weblog
Simon Willison's Weblog
Google DeepMind News
Google DeepMind News
C
CERT Recently Published Vulnerability Notes
Help Net Security
Help Net Security
I
Intezer
T
Threat Research - Cisco Blogs
S
Secure Thoughts
C
Cyber Attacks, Cyber Crime and Cyber Security
L
Lohrmann on Cybersecurity
AWS News Blog
AWS News Blog
Google Online Security Blog
Google Online Security Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Know Your Adversary
Know Your Adversary
Project Zero
Project Zero
The Hacker News
The Hacker News
Security Archives - TechRepublic
Security Archives - TechRepublic
T
Tor Project blog
N
News | PayPal Newsroom
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Hacker News - Newest:
Hacker News - Newest: "LLM"
A
Arctic Wolf
Forbes - Security
Forbes - Security
O
OpenAI News
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Security Latest
Security Latest
P
Palo Alto Networks Blog
S
Schneier on Security
S
Securelist
C
Cybersecurity and Infrastructure Security Agency CISA
H
Heimdal Security Blog
V
Vulnerabilities – Threatpost
www.infosecurity-magazine.com
www.infosecurity-magazine.com
博客园_首页
T
Troy Hunt's Blog
Latest news
Latest news
Recent Announcements
Recent Announcements
MyScale Blog
MyScale Blog
人人都是产品经理
人人都是产品经理
L
LINUX DO - 热门话题
M
MIT News - Artificial intelligence
N
Netflix TechBlog - Medium
V
Visual Studio Blog
H
Hacker News: Front Page

Recent Commits to openclaw:main

test: merge chat side-result checks · openclaw/openclaw@ddd2c2a test: merge cron history checks · openclaw/openclaw@f7eb746 test: merge responsive navigation shell checks · openclaw/openclaw@c2e4b47 docs(changelog): add codex oauth fixes · openclaw/openclaw@628e6cd test: merge navigation routing cases · openclaw/openclaw@5d8cecb Tests: mock channel registry bundled fallback · openclaw/openclaw@2b08233 Secrets: avoid broad web search discovery for single plugin config · openclaw/openclaw@a464f59 test: merge config view browser checks · openclaw/openclaw@20cf511 fix(status): align oauth health with runtime · openclaw/openclaw@eed7116 feat: add macOS screen snapshots for monitor preview (#67954) thanks … · openclaw/openclaw@f377db1 fix: report shared auth scopes in hello-ok (#67810) thanks @BunsDev · openclaw/openclaw@0b6c39b Auto-reply: avoid eager bundled route fallback · openclaw/openclaw@3ea1bf4 Tests: narrow session binding contract setup · openclaw/openclaw@54e4e16 fix(macOS): enable undo/redo in webchat composer text input (#34962) · openclaw/openclaw@00951dc Tests: speed up channel setup promotion · openclaw/openclaw@82b529a Docs: refresh agent instructions · openclaw/openclaw@5775fe2 fix(auth): serialize OAuth refresh across agents to fix #26322 (#67876) · openclaw/openclaw@8e79080 test: allow ollama public surface boundary test · openclaw/openclaw@7d4f1a6 Docs: add test performance guardrails · openclaw/openclaw@89706d3 Tests: restore context-engine usage proof · openclaw/openclaw@e4c4f95 Tests: slim context engine runtime coverage · openclaw/openclaw@74c198f ci: retry failed custom checkouts · openclaw/openclaw@0ee5baf test: trim duplicate provider auth onboarding cases · openclaw/openclaw@1ffc02e matrix: fix sessions_spawn --thread subagent session spawning (#67643) · openclaw/openclaw@1ce2596 test: reduce auth choice fixture churn · openclaw/openclaw@857b9cd test: mock health status config boundaries · openclaw/openclaw@9d5ab4a test: mock onboard config io boundary · openclaw/openclaw@299694d test: mock legacy state plugin boundaries · openclaw/openclaw@2713089 test: mock channel install boundaries · openclaw/openclaw@b945248 test: mock doctor preview channel boundaries · openclaw/openclaw@b1a3ad4 test: trim doctor command hotspots · openclaw/openclaw@c66f16a test: isolate agent auth and spawn hotspots · openclaw/openclaw@9285935 test: stabilize MCP startup disposal race · openclaw/openclaw@dd9d2eb test: merge browser contract server suites · openclaw/openclaw@5817a76 test: narrow ollama provider discovery setup · openclaw/openclaw@a0d9598 build: declare qa-lab aimock runtime dependency · openclaw/openclaw@24431e5 test: speed up safe-bins exec harness · openclaw/openclaw@ee856ab test: preserve tool helpers in embedded runner mocks · openclaw/openclaw@acd86a0 refactor: move memory embeddings into provider plugins · openclaw/openclaw@77e6e4c test: reuse system-run temp fixtures · openclaw/openclaw@7e9ff0f test: trim hotspot wait overhead · openclaw/openclaw@12a59b0 Check: avoid duplicate boundary prep · openclaw/openclaw@baf11b8 test: reduce hotspot fixture overhead · openclaw/openclaw@3a59edd feat(ui): overhaul settings and slash command UX (#67819) thanks @Bun… · openclaw/openclaw@2cfb660 QA Matrix: exit cleanly on failure · openclaw/openclaw@42805d2 QA Matrix: isolate scenario coverage · openclaw/openclaw@7e659e1 Matrix: refresh crypto bootstrap state · openclaw/openclaw@94081d8 QA Lab: add provider registry · openclaw/openclaw@bb7e982 Matrix: add plugin changelog · openclaw/openclaw@4acab55 test: trim more hotspot overhead · openclaw/openclaw@f485311 test: trim remaining hotspot tests · openclaw/openclaw@6ba8626 test: narrow hotspot mocks · openclaw/openclaw@dbc8179 test: isolate gemini embedding request helpers · openclaw/openclaw@cd330f5 test: trim memory and mcp hotspots · openclaw/openclaw@fd48dfa test: slim provider registry mocks · openclaw/openclaw@2e08c77 test: harden Parallels update smoke · openclaw/openclaw@1a98090 feat: default Anthropic to Opus 4.7 · openclaw/openclaw@628b454 fix: harden node-host shell payload mutability checks · openclaw/openclaw@75c551e fix: land node-host approval binding for native binaries (#66731) (th… · openclaw/openclaw@29919bb CI: add daily schedule to CodeQL workflow (#67645) · openclaw/openclaw@69d25f5 fix(gateway): capture config hash after plugin auto-enable to prevent… · openclaw/openclaw@8c11210 fix: repair sanitized replay tool results before send (#67620) (thank… · openclaw/openclaw@c3c7a99 fix: restrict HTML timeout short-circuit to transient statuses · openclaw/openclaw@de129a6 fix: keep TUI watchdog bound to active run (#67401) (thanks @xantorres) · openclaw/openclaw@3525273 Gateway/skills: dedupe skills prefix-match + drop dead fallback on log · openclaw/openclaw@d7f489f Extensions/lmstudio: back off inference preload after consecutive fai… · openclaw/openclaw@b555214 TUI/streaming: add watchdog that resets the activity indicator after … · openclaw/openclaw@f44ab20 Agents/tool-loop: enable unknown-tool stream guard by default · openclaw/openclaw@36ed367 Gateway/skills: invalidate session skills snapshot on config write · openclaw/openclaw@b23d59a fix: classify HTML provider error pages correctly (#67642) (thanks @s… · openclaw/openclaw@e588e90 fix(skills): remove unused model-usage import (#67641) · openclaw/openclaw@55f05df docs(changelog): credit codex fix superseded PRs · openclaw/openclaw@e485f24 fix(openai-codex): normalize stale transport metadata in resolution a… · openclaw/openclaw@90801ba CI: pin Docker-related GitHub Actions (#67632) · openclaw/openclaw@f697b01 Android: modernize WebView and discovery API usage (#67627) · openclaw/openclaw@44a6e50 fix(deps): bump hono to 4.12.14 and @hono/node-server to 1.19.14 (GHS… · openclaw/openclaw@fbccc18 fix(deps): bump dompurify to 3.4.0 (#67614) · openclaw/openclaw@2c2dc00 CI: add explicit permissions to all workflow jobs (fixes code-scannin… · openclaw/openclaw@01b7516 fix: register bundled TTS providers and route overrides correctly (#6… · openclaw/openclaw@6ea3cdd fix: align host tilde paths with OS home (#62804) (thanks @stainlu) · openclaw/openclaw@ecfaf64 fix: flush creds queue before reconnect socket open (#67464) (thanks … · openclaw/openclaw@405c63f fix: strip standalone <function> tool call tags from visible text (#6… · openclaw/openclaw@78df859 fix(agents): preserve cli session metadata before transcript persist … · openclaw/openclaw@898fd04 docs(changelog): move cli transcript entry · openclaw/openclaw@c1817c6 fix(agents): normalize cli transcript api field · openclaw/openclaw@3a3fae0 docs(changelog): note cli transcript persistence · openclaw/openclaw@6c343f1 fix(agents): persist cli transcript turns · openclaw/openclaw@b8ef507 fix(msteams): harden security-sensitive flows (#65841) · openclaw/openclaw@c56b56e [Dashboard] Fix exec approval modal overflow for long command content… · openclaw/openclaw@053c5b0 Docs: remove QA changelog entry · openclaw/openclaw@7fd5771 QA: fix private runtime source loading (#67428) · openclaw/openclaw@d5933af docs(gateway): correct protocol.md schema path, hello-ok example, aut… · openclaw/openclaw@489404d CI: pin Node 22 runners to 22.18.0 · openclaw/openclaw@4ffa621 models.authStatus: normalize provider ids + tighten env-backed escape… · openclaw/openclaw@f2fdb9d Update CHANGELOG.md · openclaw/openclaw@7694a92 test(parallels): clean up npm update guard jobs · openclaw/openclaw@045ea7b Plugins: prefer scanDir override paths · openclaw/openclaw@b2974da fix(dreaming): default storage.mode to "separate" so phase blocks sto… · openclaw/openclaw@8c392f0 fix(memory-core): skip dreaming transcript ingestion via session stor… · openclaw/openclaw@a1b01f0 fix: dedupe replayed exec.finished node events (#67281) · openclaw/openclaw@5dcf526
fix(doctor): repair legacy Codex route config · openclaw/openclaw@bca6709
vincentkoc · 2026-05-06 · via Recent Commits to openclaw:main

@@ -87,9 +87,10 @@ If your config uses `plugins.allow`, include `codex` there too:

8787

}

8888

```

898990-

Do not use `openai-codex/gpt-*` when you mean native Codex runtime. That prefix

91-

is the explicit "Codex OAuth through PI" route. Config changes apply to new or

92-

reset sessions; existing sessions keep their recorded runtime.

90+

Do not use `openai-codex/gpt-*` in config. That prefix is a legacy route that

91+

`openclaw doctor --fix` rewrites to `openai/gpt-*` across primary models,

92+

fallbacks, heartbeat/subagent/compaction overrides, hooks, channel overrides,

93+

and stale persisted session route pins.

93949495

## What this plugin changes

9596

@@ -106,7 +107,9 @@ The bundled `codex` plugin contributes several separate capabilities:

106107

Enabling the plugin makes those capabilities available. It does **not**:

107108108109

- start using Codex for every OpenAI model

109-

- convert `openai-codex/*` model refs into the native runtime

110+

- convert `openai-codex/*` model refs into the native runtime without doctor

111+

verifying that Codex is installed, enabled, contributes the `codex` harness,

112+

and is OAuth-ready

110113

- make ACP/acpx the default Codex path

111114

- hot-switch existing sessions that already recorded a PI runtime

112115

- replace OpenClaw channel delivery, session files, auth-profile storage, or

@@ -145,10 +148,10 @@ want native app-server execution. Legacy `codex/*` model refs still auto-select

145148

the harness for compatibility, but runtime-backed legacy provider prefixes are

146149

not shown as normal model/provider choices.

147150148-

If the `codex` plugin is enabled but the primary model is still

149-

`openai-codex/*`, `openclaw doctor` warns instead of changing the route. That is

150-

intentional: `openai-codex/*` remains the PI Codex OAuth/subscription path, and

151-

native app-server execution stays an explicit runtime choice.

151+

If any configured model route is still `openai-codex/*`, `openclaw doctor --fix`

152+

rewrites it to `openai/*`. For matching agent routes, it sets the agent runtime

153+

to `codex` only when the Codex plugin is installed, enabled, contributes the

154+

`codex` harness, and has usable OAuth; otherwise it sets the runtime to `pi`.

152155153156

## Route map

154157

@@ -158,15 +161,18 @@ Use this table before changing config:

158161

| ---------------------------------------------------- | -------------------------- | -------------------------------------- | ---------------------------- | ------------------------------ |

159162

| ChatGPT/Codex subscription with native Codex runtime | `openai/gpt-*` | `agentRuntime.id: "codex"` | Codex OAuth or Codex account | `Runtime: OpenAI Codex` |

160163

| OpenAI API through normal OpenClaw runner | `openai/gpt-*` | omitted or `runtime: "pi"` | OpenAI API key | `Runtime: OpenClaw Pi Default` |

161-

| ChatGPT/Codex subscription through PI | `openai-codex/gpt-*` | omitted or `runtime: "pi"` | OpenAI Codex OAuth provider | `Runtime: OpenClaw Pi Default` |

164+

| Legacy config that needs doctor repair | `openai-codex/gpt-*` | repaired to `codex` or `pi` | Existing configured auth | Recheck after `doctor --fix` |

162165

| Mixed providers with conservative auto mode | provider-specific refs | `agentRuntime.id: "auto"` | Per selected provider | Depends on selected runtime |

163166

| Explicit Codex ACP adapter session | ACP prompt/model dependent | `sessions_spawn` with `runtime: "acp"` | ACP backend auth | ACP task/session status |

164167165168

The important split is provider versus runtime:

166169167-

- `openai-codex/*` answers "which provider/auth route should PI use?"

168-

- `agentRuntime.id: "codex"` answers "which loop should execute this

169-

embedded turn?"

170+

- `openai-codex/*` is a legacy route that doctor rewrites.

171+

- `agentRuntime.id: "codex"` requires the Codex harness and fails closed if it

172+

is unavailable.

173+

- `agentRuntime.id: "auto"` lets registered harnesses claim matching provider

174+

routes, but canonical OpenAI refs are still PI-owned unless a harness supports

175+

that provider/model pair.

170176

- `/codex ...` answers "which native Codex conversation should this chat bind

171177

or control?"

172178

- ACP answers "which external harness process should acpx launch?"

@@ -175,33 +181,30 @@ The important split is provider versus runtime:

175181176182

OpenAI-family routes are prefix-specific. For the common subscription plus

177183

native Codex runtime setup, use `openai/*` with `agentRuntime.id: "codex"`.

178-

Use `openai-codex/*` only when you intentionally want Codex OAuth through PI:

184+

Treat `openai-codex/*` as legacy config that doctor should rewrite:

179185180186

| Model ref | Runtime path | Use when |

181187

| --------------------------------------------- | -------------------------------------------- | ------------------------------------------------------------------------- |

182188

| `openai/gpt-5.4` | OpenAI provider through OpenClaw/PI plumbing | You want current direct OpenAI Platform API access with `OPENAI_API_KEY`. |

183-

| `openai-codex/gpt-5.5` | OpenAI Codex OAuth through OpenClaw/PI | You want ChatGPT/Codex subscription auth with the default PI runner. |

189+

| `openai-codex/gpt-5.5` | Legacy route repaired by doctor | You are on old config; run `openclaw doctor --fix` to rewrite it. |

184190

| `openai/gpt-5.5` + `agentRuntime.id: "codex"` | Codex app-server harness | You want ChatGPT/Codex subscription auth with native Codex execution. |

185191186192

GPT-5.5 can appear on both direct OpenAI API-key and Codex subscription routes

187193

when your account exposes them. Use `openai/gpt-5.5` with the Codex app-server

188-

harness for native Codex runtime, `openai-codex/gpt-5.5` for PI OAuth, or

189-

`openai/gpt-5.5` without a Codex runtime override for direct API-key traffic.

194+

harness for native Codex runtime, or `openai/gpt-5.5` without a Codex runtime

195+

override for direct API-key traffic.

190196191197

Legacy `codex/gpt-*` refs remain accepted as compatibility aliases. Doctor

192-

compatibility migration rewrites legacy primary runtime refs to canonical model

193-

refs and records the runtime policy separately, while fallback-only legacy refs

194-

are left unchanged because runtime is configured for the whole agent container.

195-

New PI Codex OAuth configs should use `openai-codex/gpt-*`; new native

196-

app-server harness configs should use `openai/gpt-*` plus

197-

`agentRuntime.id: "codex"`.

198+

compatibility migration rewrites legacy runtime refs to canonical model refs

199+

and records the runtime policy separately. New native app-server harness configs

200+

should use `openai/gpt-*` plus `agentRuntime.id: "codex"`.

198201199202

`agents.defaults.imageModel` follows the same prefix split. Use

200-

`openai-codex/gpt-*` when image understanding should run through the OpenAI

201-

Codex OAuth provider path. Use `codex/gpt-*` when image understanding should run

202-

through a bounded Codex app-server turn. The Codex app-server model must

203-

advertise image input support; text-only Codex models fail before the media turn

204-

starts.

203+

`openai/gpt-*` for the normal OpenAI route and `codex/gpt-*` when image

204+

understanding should run through a bounded Codex app-server turn. Do not use

205+

`openai-codex/gpt-*`; doctor rewrites that legacy prefix to `openai/gpt-*`. The

206+

Codex app-server model must advertise image input support; text-only Codex

207+

models fail before the media turn starts.

205208206209

Use `/status` to confirm the effective harness for the current session. If the

207210

selection is surprising, enable debug logging for the `agents/harness` subsystem

@@ -211,22 +214,20 @@ in `auto` mode, each plugin candidate's support result.

211214212215

### What doctor warnings mean

213216214-

`openclaw doctor` warns when all of these are true:

217+

`openclaw doctor` warns when configured model refs or persisted session route

218+

state still use `openai-codex/*`. `openclaw doctor --fix` rewrites those routes

219+

to:

215220216-

- the bundled `codex` plugin is enabled or allowed

217-

- an agent's primary model is `openai-codex/*`

218-

- that agent's effective runtime is not `codex`

221+

- `openai/<model>`

222+

- `agentRuntime.id: "codex"` when Codex is installed, enabled, contributes the

223+

`codex` harness, and has usable OAuth

224+

- `agentRuntime.id: "pi"` otherwise

219225220-

That warning exists because users often expect "Codex plugin enabled" to imply

221-

"native Codex app-server runtime." OpenClaw does not make that leap. The warning

222-

means:

223-224-

- **No change is required** if you intended ChatGPT/Codex OAuth through PI.

225-

- Change the model to `openai/<model>` and set

226-

`agentRuntime.id: "codex"` if you intended native app-server

227-

execution.

228-

- Existing sessions still need `/new` or `/reset` after a runtime change,

229-

because session runtime pins are sticky.

226+

The `codex` route forces the native Codex harness. The `pi` route keeps the

227+

agent on the default OpenClaw runner instead of enabling or installing Codex as

228+

a side effect of legacy-route cleanup.

229+

Doctor also repairs stale persisted session pins across discovered agent session

230+

stores so old conversations do not stay wedged on the removed route.

230231231232

Harness selection is not a live session control. When an embedded turn runs,

232233

OpenClaw records the selected harness id on that session and keeps using it for

@@ -349,7 +350,7 @@ Agents should route user requests by intent, not by the word "Codex" alone:

349350

| "File a support report for a bad Codex run" | `/diagnostics [note]` |

350351

| "Only send Codex feedback for this attached thread" | `/codex diagnostics [note]` |

351352

| "Use my ChatGPT/Codex subscription with Codex runtime" | `openai/*` plus `agentRuntime.id: "codex"` |

352-

| "Use my ChatGPT/Codex subscription through PI" | `openai-codex/*` model refs |

353+

| "Repair old `openai-codex/*` config/session pins" | `openclaw doctor --fix` |

353354

| "Run Codex through ACP/acpx" | ACP `sessions_spawn({ runtime: "acp", ... })` |

354355

| "Start Claude Code/Gemini/OpenCode/Cursor in a thread" | ACP/acpx, not `/codex` and not native sub-agents |

355356