✅ Maintained path: use codex-profiler for all Codex profile operations.
Standalone codex-usage and codex-auth skills are deprecated.

This skill consolidates both scripts:

• - scripts/codex_usage.py (usage/limits)
• INLINECODE4 (OAuth helper for start/status)

For auth/profile mutation, this skill now standardizes on gateway-native openclaw models auth ... commands.

Safe defaults

• - Usage checks are read-only by default.
• Auth state is runtime-managed; one-shot direct file edits are unreliable and can be overwritten by in-memory/cooldown state.
• Treat auth-profiles.json as gateway-managed state. Never mutate it directly in normal operations.
• Prefer gateway-native auth mutation commands (openclaw models auth ..., openclaw models auth order ...) over script-level file writes.
• Use dry-run/read-only preflight first, then apply, then verify (strict anti-drift flow below).
• See RISK.md for allowed/denied operation boundaries.

Commands

Usage

• - /codex_usage → selector (default / all / discovered profiles)
• INLINECODE11

Auth

• - /codex_auth → selector (profiles)
• INLINECODE13
• INLINECODE14 (helper only; profile/order mutation must use gateway-native commands)

UX requirements (cross-channel)

For /codex_usage, send immediate progress message first as a separate message:

• - "Running Codex usage checks now…"

Delivery rule:

• - If progress is sent through channel message tool path, send final result through the same path (same target/session), then return NO_REPLY.
• Avoid mixed delivery (tool progress + plain reply final).

For auth/profile/order mutation, warn that writes are gateway-managed and enforce verify-after-apply:

• - "I will apply this via openclaw models auth ... and then verify with models status + auth order get."
• "I won’t hand-edit auth files directly because runtime state can drift/overwrite one-shot edits."

Interaction adapter

• - If inline buttons are supported: use selector buttons.
• If inline buttons are not supported: use text fallback prompts.
• Apply duplicate-request suppression per user for ~20s.
• Never echo full callback URLs in responses.

Profile removal policy (MANDATORY)

1. 1. Best method (default): operational retire, not hard delete

- Remove the target profile from active provider order (openclaw models auth order set ...) so it is never selected. - Keep profile data intact unless the user explicitly requests permanent deletion.

1. 2. Hard delete only on explicit user instruction

- Perform permanent profile deletion only when the user clearly asks to hard delete/remove permanently. - If gateway-native delete is unavailable in the installed OpenClaw version, do not improvise risky live edits; use a controlled maintenance window flow.

Strict anti-drift auth mutation flow (MANDATORY)

For auth/profile/order changes, use this exact 3-step flow:

1) Preflight (read-only)
CODEBLOCK0

2) Apply (gateway-native command)
CODEBLOCK1

3) Verify (post-apply, no assumptions)
CODEBLOCK2

Never skip verification. If results mismatch expectation, do not hand-edit files; diagnose and re-apply via gateway-native commands.

How to run

CODEBLOCK3

Safety posture

• - No remote shell execution (curl|bash, wget|sh) is allowed by this skill.
• No sudo/SSH/system-level host mutation commands are part of this skill path.
• Usage checks are restricted to trusted HTTPS endpoint host allowlist (chatgpt.com).
• Callback URLs and token material must be treated as sensitive and never echoed in full.

Multi-account rotation guidance

When asked about running multiple Codex accounts/profiles, rotation policy, or fallback strategy, read:

• - INLINECODE25

Use the short template for quick chat answers and the deep-dive template for setup/troubleshooting requests.

Notes

• - Uses auth profiles at ~/.openclaw/agents/main/agent/auth-profiles.json by default.
• Current source of truth is auth-profiles.json; auth.json is legacy compatibility and should not be used as primary state.
• If profile routing behaves unexpectedly, check for mixed state (missing/stale auth-profiles.json, leftover legacy files, or stale runtime cooldown) before assuming model fallback bugs.
• Same accountId across two profile labels is not automatically a defect. In this environment, multiple labels can map to the same workspace/account identity while still operating correctly. Treat it as healthy when both profiles are auth-valid and usable in /codex_usage; investigate only when auth failures or routing failures appear.
• Codex usage endpoint: https://chatgpt.com/backend-api/wham/usage.
• Usage script now surfaces 401 as auth_not_accepted_by_usage_endpoint with a clear hint, while still returning local profile health.
• Usage output now includes top-level summary, formatted_profiles, and suggested_user_message for cleaner slash-command formatting.
• Preferred strict output format for /codex_usage (single line per profile):

- 🟢 \%profile%\ — 5h **%5h_left%** | week **%week_left%** | r5 **%5h_reset%** | rw **%week_reset%** - Use 🟠 when limited and 🔴 when unusable/auth-invalid. - No preface, no table, no trailing summary unless explicitly requested.

• - OAuth flow: OpenAI auth endpoints + localhost callback on port 1455.
• Preferred mutation path is gateway-native (openclaw models auth ... / openclaw models auth order ...) with mandatory preflight + verify.
• INLINECODE45 remains useful for per-profile helper status checks.
• Keep temporary payload/token artifacts only until verification succeeds, then clean them up.
• Codex CLI installation is not required for usage endpoint reads in this skill path.