OpenClaw ≥5.27-beta.1
@openclaw/codex
GPT-5.5 Hands
OpenClaw GPT-5.5 Codex ACP — Silent Tool Failure
GPT-5.5 can chat but cannot use tools. No error, no warning. Silent fallback to a weaker model. Root cause: a plugin harness file ships with an incomplete provider allowlist. Follow-up: on 2 June 2026, WMIT Box 1 also hit a Codex OAuth credential/client-path failure after OpenClaw 2026.6.1-beta.1. This board now covers both the provider-ID repair and the OAuth recovery path.
🏗 Component: codex extension harness
⏱ Trace time: ~6 hours
🔧 Fix: 1 line
✅ 2 June 2026 Follow-up: Box 1 / WMIT Codex OAuth Repair
After the original 29 May provider-ID repair, a second OpenClaw beta issue appeared on WMIT Box 1 after updating to OpenClaw 2026.6.1-beta.1. This was not a separate lab machine. This was the same Box 1 Linux environment where Colet and Luna operate OpenClaw for WMIT work.
The team working the repair was Luna, Linda and Colet. We started around 10:00 and finished with accepted real proof around 14:47.
The symptom was different from the first bug: model routing and status checks looked partly alive, but real GPT/Codex calls failed with 401 or missing credential errors. The final root cause was a wrong Codex OAuth credential/client path.
Key recovery lesson
Before patching more auth code, first check the standalone Codex CLI credential source:
~/.codex/auth.json
Do not print token values. Do not paste auth JSON into chat. Do not run doctor --fix without human approval.
Correct Codex client ID was verified internally for this repair:
Correct Codex OAuth client ID verified internally — not published here.
Final proof was not a status check. It was real hands proof: GPT-5.4-mini and GPT-5.5 Codex answered, then created a file, read it back, and deleted it. That proves route + auth + runtime + tools together.
1 ❯ What Broke
OpenClaw routes AI model requests through a “harness” that decides whether a model gets tool access (shell execution, file access, browser control, etc.). The harness checks the model’s provider ID against an allowlist.
The Codex plugin (@openclaw/codex) ships its own copy of harness.js with a hardcoded allowlist containing only one provider ID: "codex".
Any request using openai-codex/gpt-5.5 or openai/gpt-5.5 silently fails because those provider IDs are not in the Set. The core OpenClaw harness has the full list — but the plugin’s copy overrides it.
⚠ Result: GPT-5.5 thinks but cannot act. No error. No log. Just silent fallback.
2 ❯ Symptoms
If you have this bug, you will see some or all of these:
| You ask GPT-5.5 to run a command or use a tool | Nothing happens. No tool call. No error. Just a text reply as if tools do not exist. |
| You check the model in OpenClaw status | Shows openai-codex/gpt-5.5 — correct. But it falls back silently. |
| You ask “list your tools” | Model lists them, claims it has them — but cannot actually use them. |
You try openai/gpt-5.5 |
401 “Missing scopes: api.responses.write” or harness rejection. |
| You patch the core harness file | Nothing changes. Plugin harness overrides core. |
Key indicator: If your model can chat but never makes a tool call, and openclaw status shows it as active — this is likely the bug. The model’s brain works. Its hands do not.
3 ❯ Root Cause
The file
~/.openclaw/extensions/codex/dist/harness.js
The broken line
// BROKEN — only one provider ID
const DEFAULT_CODEX_HARNESS_PROVIDER_IDS = new Set(["codex"]);
Missing
"openai-codex"— the actual provider ID used by GPT-5.5 via Codex"openai"— the standard OpenAI provider
Why patching the core did not work
The trace path through 5 layers of bundled JavaScript:
Layer 1: "provider is not one of: codex" error in runtime
Layer 2: runtime-plugin-Cfk1SXkA.js — fallback path rejects provider
Layer 3: harness-CyCnEyfS.js — has full Set but never loaded
Layer 4: Plugin system loads extension harness instead of core
Layer 5: ~/.openclaw/extensions/codex/dist/harness.js
└→ DEFAULT_CODEX_HARNESS_PROVIDER_IDS = new Set(["codex"])
└→ 🎯 ROOT CAUSE: Missing "openai-codex" and "openai"
Patching layers 2 and 3 had zero effect because the plugin system loaded the extension’s own copy at layer 5. We spent the first two hours fixing the wrong files.
4 ❯ Quick Test Commands
Run these in order. If any step fails, you likely have the bug.
# Step 1: Check which model is active
openclaw status
# Step 2: Test tool access — ask in your OpenClaw chat:
"List your available tools"
"Run: echo hello"
"Read a file from the workspace"
# Step 3: If tools are missing or commands fail silently,
# check the harness provider set:
grep -r "DEFAULT_CODEX_HARNESS_PROVIDER_IDS"
~/.openclaw/extensions/codex/dist/harness.js
# Step 4: If the Set only has "codex" — you have the bug.
# Apply the fix (see Patches section below).
# Step 5: After patching, clear cache and restart:
rm -rf /tmp/node-compile-cache/openclaw/
systemctl --user restart openclaw-gateway.service
# Step 6: Re-test — ask again:
"List your available tools"
"Run: echo hands-working"
✅ Pass: Model lists tools, executes commands, reads files.
❌ Fail: Model lists tools but never calls them, or falls back silently.
5 ❯ Copy-Paste Bug Report
Fill in the blanks. Paste into GitHub issues, Discord, OpenClaw support, or your internal tracker.
BUG REPORT — OpenClaw GPT-5.5 Hands / Codex ACP
System (untrusted — fill in your values):
- OpenClaw version: ___________
- Codex plugin version: ___________
- OS: ___________
- Install path: ___________
- Model selected: ___________
- Runtime shown: ___________
- Provider ID: ___________
Problem:
GPT-5.5 can chat but tools/subagents/file execution fail.
Expected:
openai-codex/gpt-5.5 should run with Codex ACP/tools.
Actual:
Tool route fails / provider rejected / harness mismatch / no hands.
Known suspicious files:
- ~/.openclaw/extensions/codex/dist/harness.js
- ~/.npm-global/lib/node_modules/openclaw/dist/runtime-ClyQRfts.js
- ~/.npm-global/lib/node_modules/openclaw/dist/harness-CyCnEyfS.js
- ~/.npm-global/lib/node_modules/openclaw/dist/runtime-plugin-Cfk1SXkA.js
Key check:
Does the Codex harness provider list include:
☐ codex
☐ openai-codex
☐ openai
Proof needed:
- [ ] openclaw version output
- [ ] sessions/runtime output
- [ ] failing tool test (exact prompt + result)
- [ ] passing tool test after patch
- [ ] grep output showing provider set before fix
📋 Click the box, select all, copy. Fill in your values. Submit where you need help.
6 ❯ Copy-Paste AI Investigation Prompt
Paste this into Claude, ChatGPT, Hermes, OpenClaw, or any coding agent. It gives the AI a structured investigation path — not a guess.
Please investigate this OpenClaw Codex ACP tool-routing issue.
Do not guess.
Check these specific things in order:
1. Provider IDs in the harness allowlist
2. Runtime harness selection logic
3. Plugin harness provider allowlists (check extension dirs FIRST, not core)
4. ACP command detection (does it recognise @agentclientprotocol/codex-acp?)
5. Compare the selected model provider with the harness provider filter
Look for cases where "openai-codex" is not treated
as a Codex-compatible provider.
Return:
1. Root cause
2. Affected files (with exact paths)
3. Minimal patch
4. Rollback plan
5. Test command
6. Proof checklist
📋 Copy the box above and paste it into your AI assistant along with your openclaw status output.
AI Can Test Itself
Before applying any patch, ask your AI agent to prove six things:
Before patching, prove:
1. Which model is active right now?
2. Which runtime is active?
3. Which provider ID is active?
4. Which harness accepted or rejected it?
5. Can you create/read/delete a harmless test file?
6. Can you show the exact path you changed?
⚠ This stops fake “done” replies. If the AI cannot answer all six, it did not actually fix anything.
7 ❯ Patch Notes / Affected Files
Patch 1 — THE FIX (required)
File: ~/.openclaw/extensions/codex/dist/harness.js
Find: new Set(["codex"])
Replace: new Set(["codex","openai-codex","openai"])
This is the only required patch. All others are defensive.
Patch 2 — ACP Detection Fix
File: ~/.npm-global/lib/node_modules/openclaw/dist/runtime-ClyQRfts.js
Find: @zed-industries/codex-acp (only)
Replace: also recognise @agentclientprotocol/codex-acp
The built-in Codex uses @agentclientprotocol/codex-acp but the detection function only checked for @zed-industries/codex-acp.
Patch 3 — Gemini CLI Flag
File: ~/.npm-global/lib/node_modules/openclaw/dist/cli-backend-*.js
Find: "--skip-trust"
Replace: "--yolo"
Gemini CLI v0.37.0 dropped --skip-trust. OpenClaw was still passing the old flag.
Defensive patches (optional but recommended)
File: dist/harness-CyCnEyfS.js — add openai/openai-codex to provider set
File: dist/runtime-plugin-Cfk1SXkA.js — add openai/openai-codex to fallback paths
⚠ All patches are local only. Every npm update -g openclaw or npm update -g @openclaw/codex will overwrite them.
After every update: re-apply all patches, clear V8 cache (rm -rf /tmp/node-compile-cache/openclaw/), restart OpenClaw, re-test.
8 ❯ Proof Checklist
After patching, verify every item. If any item fails, the fix is not complete.
| ☐ | Harness file now contains "openai-codex" and "openai" in the provider Set |
| ☐ | openclaw status shows correct model and runtime |
| ☐ | Model can list available tools |
| ☐ | Model can execute a shell command (echo hello) |
| ☐ | Model can read a file |
| ☐ | Model can write and then delete a test file |
| ☐ | No silent fallback to weaker model |
| ☐ | V8 compile cache cleared |
| ☐ | OpenClaw restarted after patch |
| ☐ | Rollback file exists (backup of original harness.js) |
Tip: Save the checklist result. Screenshot, text file, or chat log. If you report the bug, attach it. Proof beats claims.
9 ❯ What Not To Do
❌ Do not download and run a random patch blindly.
This page is a diagnostic and repair pattern. Back up first. Check your own version. Patch only if your file matches the same bug. Re-test after every update.
❌ Do not patch only the core harness.
The core file (dist/harness-CyCnEyfS.js) may look right. The plugin overrides it. Check ~/.openclaw/extensions/codex/dist/harness.js first.
❌ Do not assume “it works” after patching one file.
Run the full proof checklist. A model that can chat but not use tools is not fixed.
❌ Do not forget to re-apply after npm updates.
Every npm update -g openclaw or npm update -g @openclaw/codex overwrites patched files. Set a reminder.
❌ Do not skip the V8 cache clear.
Node.js caches compiled JS. Even if the file on disk is patched, the running process may still use the old version. rm -rf /tmp/node-compile-cache/openclaw/ then restart.
❌ Do not trust an AI “done” without proof.
If an AI agent says it fixed something but cannot answer the six proof questions (active model, runtime, provider, harness decision, file test, change path) — it did not actually fix it.
❌ Do not run openclaw doctor --fix casually.
It can break config. Use targeted checks instead.
10 ❯ Credits / Human Effort Note
This issue was found and repaired by a small three-person working team: Linda, Wim, and their local AI assistant. The work took many hours of testing across multiple days, but the final confirmed repair was completed in around six focused hours once the real fault path was found.
The first two hours went to patching the wrong files. The core harness looked right. The runtime plugin looked fixable. Neither patch worked. A second AI agent independently identified an ACP protocol mismatch — a different symptom of the same root cause — and that clue pushed the investigation to the extension plugin layer.
Hours three through five: reading bundled, minified JavaScript across five files, mapping call paths, and understanding how the extension system overrides the core harness.
Hour six: the one-line fix. Then two more hours of verification, defensive patching, and documentation. The actual fix was one line. Finding it took everything we had.
Bigger lesson: AI agents can help repair AI-agent systems — but only when humans force proof, boundaries, and rollback discipline.
Need Help With AI Debugging?
WM IT Solutions provides specialist AI operations support — from OpenClaw setup and debugging to custom AI agent deployment, cloud model integration, and hands-on troubleshooting.
Published 29 May 2026 | WM IT Solutions / Mismoosh Ltd | Category: Bug Report, Repair Board
OpenClaw is open-source software. This is a diagnostic and repair pattern. Back up first. Check your own version. Patch only if your file matches. Re-test after every update.