OpenAI Codex provider

[hannesrudolph]

Closes #8049

---

Important

Adds OpenAI Codex provider with new models, UI components, and i18n support, integrating it into the existing system.

• Behavior:
  • Adds openai-native-codex provider to provider-settings.ts and index.ts.
  • Introduces openAiNativeCodexSchema for OAuth credentials in provider-settings.ts.
  • Implements OpenAiNativeCodexHandler in openai-native-codex.ts for handling API requests.
• Models:
  • Defines openAiNativeCodexModels in openai-codex.ts with models like gpt-5 and codex-mini-latest.
  • Sets default model to gpt-5.
• UI:
  • Adds OpenAiNativeCodex component in ApiOptions.tsx for UI settings.
  • Updates i18n files for multiple languages to include OpenAI Codex settings.
• Misc:
  • Updates providerSettingsSchemaDiscriminated and providerSettingsSchema to include openAiNativeCodexSchema.
  • Adds error handling and messages for OpenAI Codex in common.json across various locales.

^{This description was created by for 4275c92. You can customize this summary. It will automatically update as commits are pushed.}

[Copilot]

Pull Request Overview

This PR adds support for a new OpenAI Codex provider variant that uses ChatGPT web credentials instead of API keys. The implementation includes UI components, validation, and backend provider logic for the openai-native-codex provider.

Key Changes:

• Added new OpenAI Native Codex provider using local auth.json credentials
• Added UI components and validation for the optional OAuth credentials path
• Integrated the provider into settings, model selection, and request routing logic

Reviewed Changes

Copilot reviewed 14 out of 14 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
src/api/providers/openai-native-codex.ts	New provider implementation with auth.json credentials and Codex API integration
packages/types/src/providers/openai-codex.ts	Type definitions for Codex models (gpt-5, gpt-5-codex)
webview-ui/src/components/settings/providers/OpenAiNativeCodex.tsx	React component for Codex provider settings UI
webview-ui/src/i18n/locales/en/settings.json	Added validation text for optional auth path
webview-ui/src/components/settings/ApiOptions.tsx	Added provider URL mapping and settings integration
Multiple configuration files	Updated provider registrations, model mappings, and type definitions

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[RayBytes]

I saw that the model codex-mini-latest is missing here, might also want to add it as a option to be used if people wish too, its a tuned version of o4-mini iirc.

[hannesrudolph]

Implemented requested follow-ups: corrected comment to reflect 'medium' default, improved error guidance for auth.json read/parse failures, and added codex-mini-latest model.

[hannesrudolph]

I saw that the model codex-mini-latest is missing here, might also want to add it as a option to be used if people wish too, its a tuned version of o4-mini iirc.

done

[roomote]

The oauthFileTooLarge error path is currently being caught and re-thrown as oauthReadFailed, which hides the more specific user-facing message. Splitting the fs.stat failure handling from the explicit size check keeps the correct i18n key.

Suggested change

	// Guard file size before reading to prevent loading unexpectedly large files
	const MAX_OAUTH_SIZE = 1_000_000 // 1 MB
	try {
	const stat = await fs.stat(resolvedPath)
	if (stat.size > MAX_OAUTH_SIZE) {
	throw new Error(
	t("common:errors.openaiNativeCodex.oauthFileTooLarge", {
	path: resolvedPath,
	size: stat.size,
	max: MAX_OAUTH_SIZE,
	}),
	)
	}
	} catch (e: any) {
	// Surface read failure with localized error (e.g., file missing or inaccessible)
	const base = t("common:errors.openaiNativeCodex.oauthReadFailed", {
	path: resolvedPath,
	error: e?.message || String(e),
	})
	throw new Error(base)
	}
	// Guard file size before reading to prevent loading unexpectedly large files
	const MAX_OAUTH_SIZE = 1_000_000 // 1 MB
	let stat
	try {
	stat = await fs.stat(resolvedPath)
	} catch (e: any) {
	throw new Error(
	t("common:errors.openaiNativeCodex.oauthReadFailed", {
	path: resolvedPath,
	error: e?.message || String(e),
	}),
	)
	}
	if (stat.size > MAX_OAUTH_SIZE) {
	throw new Error(
	t("common:errors.openaiNativeCodex.oauthFileTooLarge", {
	path: resolvedPath,
	size: stat.size,
	max: MAX_OAUTH_SIZE,
	}),
	)
	}

_{Fix it with Roo Code or mention @roomote and request a fix.}

[roomote]

For openai-native-codex, modelIdKeysByProvider is set to apiModelId, but OpenAiNativeCodexHandler reads options.apiModelId and the UI writes apiModelId. Keeping this mapping as openAiModelId would likely make codex ignore the user's model selection (and could break org allowlist checks that read by modelIdKeysByProvider).

Suggested change

	ollama: "ollamaModelId",
	"openai-native-codex": "apiModelId",

_{Fix it with Roo Code or mention @roomote and request a fix.}

[roomote]

Oroocle   See task on Roo Cloud

Review complete. A few correctness/consistency issues remain that should be addressed before merge.

• Fix oauthFileTooLarge being masked by the oauthReadFailed catch path in src/api/providers/openai-native-codex.ts.
• Confirm modelIdKeysByProvider mapping for openai-native-codex aligns with the field the UI/provider actually use (avoid model-id-field mismatches in validation/allowlist).
• Remove or implement the empty if (parsed.response?.service_tier) {} block in the Codex SSE parser (src/api/providers/openai-native-codex.ts).

_{Mention @roomote in a comment to request specific changes to this pull request or fix all unresolved issues.}

[roomote]

oauthFileTooLarge is currently masked: the fs.stat() guard throws a size error, but the surrounding try/catch treats it like a read failure and rethrows oauthReadFailed, so users never see the size-specific message.

Suggested change

	try {
	const stat = await fs.stat(resolvedPath)
	if (stat.size > MAX_OAUTH_SIZE) {
	throw new Error(
	t("common:errors.openaiNativeCodex.oauthFileTooLarge", {
	path: resolvedPath,
	size: stat.size,
	max: MAX_OAUTH_SIZE,
	}),
	)
	}
	} catch (e: any) {
	// Surface read failure with localized error (e.g., file missing or inaccessible)
	const base = t("common:errors.openaiNativeCodex.oauthReadFailed", {
	path: resolvedPath,
	error: e?.message || String(e),
	})
	throw new Error(base)
	}
	let stat: { size: number }
	try {
	stat = await fs.stat(resolvedPath)
	} catch (e: any) {
	throw new Error(
	t("common:errors.openaiNativeCodex.oauthReadFailed", {
	path: resolvedPath,
	error: e?.message || String(e),
	}),
	)
	}
	if (stat.size > MAX_OAUTH_SIZE) {
	throw new Error(
	t("common:errors.openaiNativeCodex.oauthFileTooLarge", {
	path: resolvedPath,
	size: stat.size,
	max: MAX_OAUTH_SIZE,
	}),
	)
	}

_{Fix it with Roo Code or mention @roomote and request a fix.}

[roomote]

modelIdKeysByProvider maps openai-native-codex to apiModelId, but the UI also sets apiModelId on every model change for all providers (see ApiOptions), while some flows use provider-specific model id keys to read the selected model. This mismatch can cause allowlist validation to look at a different field than what the Codex provider actually uses, depending on the caller. Suggest aligning Codex with the existing OpenAI-native pattern: use a provider-specific key (e.g. openAiModelId) consistently, or change the UI so Codex does not rely on apiModelId being mirrored.

_{Fix it with Roo Code or mention @roomote and request a fix.}

[roomote]

This if (parsed.response?.service_tier) {} block is empty, so it is dead code and looks like an unfinished implementation. Either remove it or actually persist the tier (if it is meaningful for Codex), but leaving an empty conditional makes the SSE parser harder to reason about.

Suggested change

	}
	// (intentionally no service_tier handling for Codex)

_{Fix it with Roo Code or mention @roomote and request a fix.}