docs/plugins/codex-native-plugins.md
Native Codex plugin support lets a Codex-mode OpenClaw agent use Codex
app-server's own app and plugin capabilities inside the same Codex thread that
handles the OpenClaw turn. Plugin calls stay in the native Codex transcript;
Codex app-server owns app-backed MCP execution. OpenClaw does not translate
Codex plugins into synthetic codex_plugin_* OpenClaw dynamic tools.
Use this page after the base Codex harness is working.
plugins.entries.codex.enabled is true.plugins.entries.codex.config.codexPlugins.enabled is true.openai-curated plugins that migration observed as
source-installed in the source Codex home.codexPlugins has no effect on OpenClaw-provider runs, ACP conversation
bindings, or other harnesses, because those paths never create Codex
app-server threads with native apps config.
OpenAI-side Codex account, app availability, and workspace app/plugin controls come from the signed-in Codex account. See Using Codex with your ChatGPT plan for the OpenAI account and admin model.
Preview migration from the source Codex home:
openclaw migrate codex --dry-run
Add --verify-plugin-apps to make migration call source app/list and
require every owned app to be present, enabled, and accessible before
planning native activation:
openclaw migrate codex --dry-run --verify-plugin-apps
Apply the migration when the plan looks right:
openclaw migrate apply codex --yes
Migration writes explicit codexPlugins entries for eligible plugins and
calls Codex app-server plugin/install for selected plugins. A migrated
config looks like this:
{
plugins: {
entries: {
codex: {
enabled: true,
config: {
codexPlugins: {
enabled: true,
allow_destructive_actions: true,
plugins: {
"google-calendar": {
enabled: true,
marketplaceName: "openai-curated",
pluginName: "google-calendar",
},
},
},
},
},
},
},
}
After a codexPlugins change, new Codex conversations pick up the updated
app set automatically. Run /new or /reset to refresh the current
conversation. A gateway restart is not required for plugin enable/disable
changes.
/codex plugins inspects or changes configured native Codex plugins from the
same chat where you operate the Codex harness:
/codex plugins
/codex plugins list
/codex plugins disable google-calendar
/codex plugins enable google-calendar
/codex plugins is an alias for /codex plugins list. The list shows each
configured plugin's key, on/off state, Codex plugin name, and marketplace
from plugins.entries.codex.config.codexPlugins.plugins.
enable/disable write only to ~/.openclaw/openclaw.json; they never edit
~/.codex/config.toml or install new Codex plugins. Only the owner or a
gateway client with the operator.admin scope can run them.
Enabling a configured plugin also turns on the global codexPlugins.enabled
switch. If the plugin was written disabled because migration returned
auth_required, reauthorize the app in Codex before enabling it in OpenClaw.
The integration tracks three states:
| State | Meaning |
|---|---|
| Installed | Codex has the local plugin bundle in the target app-server runtime. |
| Enabled | OpenClaw config allows the plugin for Codex harness turns. |
| Accessible | Codex app-server confirms the plugin's app entries are available for the active account and map to the migrated plugin identity. |
Migration is the durable install/eligibility step:
plugin/read details and
checks that the source Codex app-server account is a ChatGPT subscription
account. A non-ChatGPT or missing account response skips app-backed
plugins with codex_subscription_required.app/list call: app-backed source
plugins that pass the account gate are planned without source app
accessibility verification, and account-lookup transport failures skip
with codex_account_unavailable.--verify-plugin-apps, migration takes a fresh source app/list
snapshot and requires every owned app to be present, enabled, and
accessible before planning native activation. Account-lookup transport
failures then fall through to the source app-inventory gate instead of
skipping outright.Runtime app inventory is the target-session accessibility check that runs
after migration. Codex harness session setup computes a restrictive thread
app config from the enabled and accessible plugin apps; it is not
recomputed on every turn, so /codex plugins enable/disable only affect
new Codex conversations. Use /new or /reset to pick up the change in the
current conversation.
openai-curated plugins already installed in the source Codex
app-server inventory are migration-eligible.--verify-plugin-apps adds the source app-inventory gate. Subscription-gated
accounts, and in verification mode inaccessible/disabled/missing source
apps or app-inventory refresh failures, are reported as skipped manual
items instead of enabled config entries. Unreadable plugin details are
skipped before the app-inventory gate.marketplaceName and
pluginName); it does not write local marketplacePath cache paths.codexPlugins.enabled is the only global enablement switch; there is no
plugins["*"] wildcard or config key that grants arbitrary install
authority.OpenClaw reads Codex app inventory through app-server app/list, caches it
in memory for one hour, and refreshes stale or missing entries
asynchronously. The cache is process-local; restarting the CLI or gateway
drops it, and OpenClaw rebuilds it from the next app/list read.
Migration and runtime use separate cache keys:
--verify-plugin-apps and forces a fresh
source app/list traversal for that planning run.plugin/install.A plugin app is exposed only when OpenClaw can map it back to the migrated plugin through stable ownership: an exact app id from plugin detail, a known MCP server name, or unique stable metadata. Display-name-only or ambiguous ownership is excluded until the next inventory refresh proves ownership.
Owner-operated agents can opt into every app already connected to their Codex account without requiring a matching plugin package:
{
plugins: {
entries: {
codex: {
enabled: true,
config: {
codexPlugins: {
enabled: true,
allow_all_plugins: true,
allow_destructive_actions: "auto",
},
},
},
},
},
}
allow_all_plugins: true takes a complete app/list snapshot when a new native
Codex thread is established and admits only apps marked accessible for that
account. It does not install, authenticate, or enable apps globally. Existing
threads keep their persisted app set; use /new, /reset, or restart the
gateway to pick up newly connected or revoked apps.
Account apps inherit the global codexPlugins.allow_destructive_actions value,
which accepts true, false, "auto", or "ask". Explicit per-plugin policy
overrides the global policy for overlapping app ids. Inventory failures fail
closed instead of falling back to an unrestricted default.
OpenClaw injects a restrictive config.apps patch for the Codex thread:
_default is disabled, and only apps owned by enabled migrated plugins or
accessible account apps admitted by allow_all_plugins are enabled.
destructive_enabled on each app comes from the effective global or
per-plugin allow_destructive_actions policy; true, "auto", and "ask"
all set destructive_enabled: true, and false sets it false. Codex still
enforces destructive tool metadata from its native app tool annotations.
_default is disabled with open_world_enabled: false; enabled plugin apps
get open_world_enabled: true. OpenClaw does not expose a separate
plugin-level open-world policy knob and does not maintain per-plugin
destructive tool-name deny lists.
Tool approval mode defaults to automatic for admitted apps, so non-destructive
read tools run without a same-thread approval prompt. Destructive tools stay
controlled by each app's destructive_enabled policy.
Destructive plugin elicitations are allowed by default for migrated Codex plugins, while unsafe schemas and ambiguous ownership fail closed:
allow_destructive_actions defaults to true.allow_destructive_actions overrides the global policy for
that plugin.false: OpenClaw returns a deterministic decline.true: OpenClaw auto-accepts only safe schemas it can map to an approval
response, such as a boolean approve field."auto": OpenClaw exposes destructive plugin actions to Codex, then
turns ownership-proven MCP approval elicitations into OpenClaw plugin
approvals before returning the Codex approval response."ask": OpenClaw uses the same Codex write/destructive gating as
"auto", clears durable Codex per-tool approval overrides for the app
before the thread starts, and offers only one-shot approval or denial so
durable approvals cannot suppress later write-action prompts. For each
admitted app using "ask", OpenClaw selects Codex's human approvals
reviewer for that app so Codex sends its approval elicitations to
OpenClaw; other apps and non-app thread approvals keep their configured
reviewer and policy.| Code | Meaning | Fix |
|---|---|---|
auth_required | Migration installed the plugin, but one of its apps still needs authentication. The entry is written disabled until you reauthorize. | Reauthorize the app in Codex, then enable the plugin in OpenClaw. |
app_inaccessible, app_disabled, app_missing | With --verify-plugin-apps, the source Codex app inventory did not show all owned apps as present, enabled, and accessible. | Reauthorize or enable the app in Codex, then rerun migration with --verify-plugin-apps. |
app_inventory_unavailable | Strict source app verification was requested but the source Codex app inventory refresh failed. | Fix source Codex app-server access, or retry without --verify-plugin-apps to accept the faster account-gated plan. |
codex_subscription_required | The source Codex app-server account was not a ChatGPT subscription account. | Log in to the Codex app with subscription auth, then rerun migration. |
codex_account_unavailable | The source Codex app-server account could not be read. | Fix source Codex app-server auth, or rerun with --verify-plugin-apps to let source app inventory decide eligibility. |
marketplace_missing, plugin_missing | The target Codex app-server cannot see the expected openai-curated marketplace or plugin. | Rerun migration against the target runtime, or inspect Codex app-server plugin status. |
app_inventory_missing, app_inventory_stale | App readiness came from an empty or stale cache. | OpenClaw schedules an async refresh automatically; plugin apps stay excluded until ownership and readiness are known. |
app_ownership_ambiguous | App inventory only matched by display name. | The app stays hidden from the Codex thread until a later refresh proves ownership. |
Config changed but the agent cannot see the plugin: run /codex plugins list to confirm the configured state, then /new or /reset. Existing
Codex thread bindings keep the app config they started with until OpenClaw
establishes a new harness session or replaces a stale binding.
Destructive action is declined: check the global and per-plugin
allow_destructive_actions values. Even with true, "auto", or "ask",
unsafe elicitation schemas and ambiguous plugin identity still fail closed.