Bug Description
We are using GJC with a Codex-compatible proxy backend and the openai-codex-responses WebSocket transport.
Example provider config:
providers:
custom-codex-proxy:
baseUrl: http://127.0.0.1:2455/backend-api/codex
api: openai-codex-responses
auth: apiKey
apiKeyEnv: CUSTOM_CODEX_PROXY_API_KEYCUSTOM_CODEX_PROXY_API_KEY is an opaque proxy API key, not an official ChatGPT/Codex JWT.
Actual Behavior
GJC fails locally before the request reaches the proxy:
Failed to extract accountId from token
The reason is that openai-codex-responses tries to decode chatgpt_account_id from the bearer token and requires it.
Expected Behavior
When auth: apiKey is used with a custom Codex-compatible baseUrl, GJC should pass the bearer token through to the backend.
The client should not require or send chatgpt-account-id unless it can actually decode one from an official ChatGPT/Codex token.
Use Case
We want GJC to connect to a Codex-compatible proxy through the Codex WebSocket endpoint:
ws://127.0.0.1:2455/backend-api/codex/responses
The proxy authenticates the opaque bearer token itself and handles upstream account routing.
Area
Provider / Model support
Suggested Fix
We solved this locally with a small patch to openai-codex-responses.ts:
- Make
accountId optional.
- Change
getAccountId(accessToken) so it returns getCodexAccountId(accessToken) directly instead of throwing when no account id is found.
- In
createCodexHeaders(...), always set Authorization: Bearer <token>.
- Only set
chatgpt-account-id when accountId exists.
- If
accountId is missing, delete/omit chatgpt-account-id.
- Use a stable fallback namespace for WebSocket session keys, e.g.
opaque.
After this patch, GJC successfully connects to the proxy via WebSocket using an opaque proxy key, and the proxy logs show the WebSocket endpoint being accepted.
A minimal behavior change would be:
function getAccountId(accessToken: string): string | undefined {
return getCodexAccountId(accessToken);
}and:
headers.set("Authorization", `Bearer ${accessToken}`);
if (accountId) {
headers.set(OPENAI_HEADERS.ACCOUNT_ID, accountId);
} else {
headers.delete(OPENAI_HEADERS.ACCOUNT_ID);
}
Bug Description
We are using GJC with a Codex-compatible proxy backend and the
openai-codex-responsesWebSocket transport.Example provider config:
CUSTOM_CODEX_PROXY_API_KEYis an opaque proxy API key, not an official ChatGPT/Codex JWT.Actual Behavior
GJC fails locally before the request reaches the proxy:
The reason is that
openai-codex-responsestries to decodechatgpt_account_idfrom the bearer token and requires it.Expected Behavior
When
auth: apiKeyis used with a custom Codex-compatiblebaseUrl, GJC should pass the bearer token through to the backend.The client should not require or send
chatgpt-account-idunless it can actually decode one from an official ChatGPT/Codex token.Use Case
We want GJC to connect to a Codex-compatible proxy through the Codex WebSocket endpoint:
The proxy authenticates the opaque bearer token itself and handles upstream account routing.
Area
Provider / Model support
Suggested Fix
We solved this locally with a small patch to
openai-codex-responses.ts:accountIdoptional.getAccountId(accessToken)so it returnsgetCodexAccountId(accessToken)directly instead of throwing when no account id is found.createCodexHeaders(...), always setAuthorization: Bearer <token>.chatgpt-account-idwhenaccountIdexists.accountIdis missing, delete/omitchatgpt-account-id.opaque.After this patch, GJC successfully connects to the proxy via WebSocket using an opaque proxy key, and the proxy logs show the WebSocket endpoint being accepted.
A minimal behavior change would be:
and: