ClaudeBar can trigger Codex RPC probing without explicit user action, for example on app startup, background refresh, or when opening Settings while Codex is configured in RPC mode.
Since Codex RPC mode uses the local Codex CLI / codex app-server, this is not a passive status check. If the local Codex CLI session is not authenticated or requires re-authentication, the probe may start the ChatGPT browser login flow automatically.
This creates a surprising UX: simply opening ClaudeBar can launch a browser login flow even though the user did not click Connect, Refresh, or otherwise ask ClaudeBar to start Codex.
Observed behavior
- Open ClaudeBar.
- ClaudeBar starts refreshing/probing enabled providers.
- Codex is configured in RPC mode.
- ClaudeBar starts Codex RPC probing.
- Codex CLI may open the ChatGPT browser login flow.
- Opening Settings shows Codex on the RPC tab/mode, even though the user did not explicitly start a connection attempt.
Expected behavior
Opening ClaudeBar should not launch the ChatGPT browser login flow.
Opening Settings should not launch the ChatGPT browser login flow.
Viewing or selecting Codex RPC mode should not start codex app-server automatically.
ClaudeBar should only run Codex RPC probing after explicit user intent, such as:
- clicking a Connect button;
- clicking Refresh / Test connection;
- background refresh after Codex was already explicitly connected and verified.
Actual behavior
Codex RPC probing may run automatically as part of startup/background refresh/settings lifecycle. Because RPC mode starts the local Codex CLI, this can indirectly trigger the ChatGPT browser login flow.
Why this matters
RPC probing is an active operation with side effects. It can launch a subprocess and may trigger authentication UI outside ClaudeBar.
A provider being available or enabled in ClaudeBar should not automatically mean ClaudeBar is allowed to start an auth-capable CLI flow.
This is related to previous Codex process-spawning issues such as #126 and #113, but the problem here is slightly different: even if process cleanup works correctly, the app should still avoid starting Codex login automatically without explicit user action.
Suggested direction
Separate these states:
- Codex provider exists in ClaudeBar;
- Codex provider is enabled in the UI;
- ClaudeBar is allowed to actively probe Codex via RPC.
For Codex RPC mode, startup/background refresh should stay passive unless Codex was already explicitly connected/verified.
If Codex is not connected or not yet checked, the UI could show a passive state such as:
Codex CLI session not checked. Click Refresh or Connect to check Codex status.
RPC mode copy could also clarify:
RPC mode uses the local Codex CLI. ClaudeBar will not start Codex login automatically.
The expected fix can be small: prevent automatic Codex RPC probing from launching Codex unless the user explicitly requested it.
Environment
- ClaudeBar version:
- macOS version:
- Codex CLI version:
- Codex probe mode: RPC
- Codex auth state: not authenticated / expired / unknown
ClaudeBar can trigger Codex RPC probing without explicit user action, for example on app startup, background refresh, or when opening Settings while Codex is configured in RPC mode.
Since Codex RPC mode uses the local Codex CLI /
codex app-server, this is not a passive status check. If the local Codex CLI session is not authenticated or requires re-authentication, the probe may start the ChatGPT browser login flow automatically.This creates a surprising UX: simply opening ClaudeBar can launch a browser login flow even though the user did not click Connect, Refresh, or otherwise ask ClaudeBar to start Codex.
Observed behavior
Expected behavior
Opening ClaudeBar should not launch the ChatGPT browser login flow.
Opening Settings should not launch the ChatGPT browser login flow.
Viewing or selecting Codex RPC mode should not start
codex app-serverautomatically.ClaudeBar should only run Codex RPC probing after explicit user intent, such as:
Actual behavior
Codex RPC probing may run automatically as part of startup/background refresh/settings lifecycle. Because RPC mode starts the local Codex CLI, this can indirectly trigger the ChatGPT browser login flow.
Why this matters
RPC probing is an active operation with side effects. It can launch a subprocess and may trigger authentication UI outside ClaudeBar.
A provider being available or enabled in ClaudeBar should not automatically mean ClaudeBar is allowed to start an auth-capable CLI flow.
This is related to previous Codex process-spawning issues such as #126 and #113, but the problem here is slightly different: even if process cleanup works correctly, the app should still avoid starting Codex login automatically without explicit user action.
Suggested direction
Separate these states:
For Codex RPC mode, startup/background refresh should stay passive unless Codex was already explicitly connected/verified.
If Codex is not connected or not yet checked, the UI could show a passive state such as:
RPC mode copy could also clarify:
The expected fix can be small: prevent automatic Codex RPC probing from launching Codex unless the user explicitly requested it.
Environment