fix(codex): inject -m gpt-5.2 on ChatGPT-account auth (garrytan#1628)

Codex CLI defaults to gpt-5.2-codex, which OpenAI's ChatGPT-account
entitlement filter rejects with a 400 ("model is not supported when
using Codex with a ChatGPT account"). Every skill that shells out to
codex — /codex, /autoplan, /plan-eng-review, /ship, /plan-ceo-review,
/plan-design-review — broke for ChatGPT-only auth users.

Add _gstack_codex_account_kind (apikey | chatgpt | none) and
_gstack_codex_default_model_args to bin/gstack-codex-probe. Templates
expand $_CODEX_MODEL_ARGS=$(_gstack_codex_default_model_args) before
every codex invocation; API-key users get nothing extra, ChatGPT users
get `-m gpt-5.2`. $GSTACK_CODEX_MODEL overrides; set to "default" to
opt out of injection entirely.

Wired at all 9 callsites across codex/SKILL.md.tmpl (5) and
autoplan/SKILL.md.tmpl (4). A static template guard test catches a
future edit that drops the variable.

Author: cropsgg

autoplan/SKILL.md

@@ -1118,7 +1118,8 @@ Override: every AskUserQuestion → auto-decide using the 6 principles.
   **Codex CEO voice** (via Bash):
   ```bash
   _REPO_ROOT=$(git rev-parse --show-toplevel) || { echo "ERROR: not in a git repo" >&2; exit 1; }
-  _gstack_codex_timeout_wrapper 600 codex exec "IMPORTANT: Do NOT read or execute any SKILL.md files or files in skill definition directories (paths containing skills/gstack). These are AI assistant skill definitions meant for a different system. Stay focused on repository code only.
+  _CODEX_MODEL_ARGS=$(_gstack_codex_default_model_args)
+  _gstack_codex_timeout_wrapper 600 codex exec $_CODEX_MODEL_ARGS "IMPORTANT: Do NOT read or execute any SKILL.md files or files in skill definition directories (paths containing skills/gstack). These are AI assistant skill definitions meant for a different system. Stay focused on repository code only.
 
   You are a CEO/founder advisor reviewing a development plan.
   Challenge the strategic foundations: Are the premises valid or assumed? Is this the
@@ -1235,7 +1236,8 @@ Override: every AskUserQuestion → auto-decide using the 6 principles.
   **Codex design voice** (via Bash):
   ```bash
   _REPO_ROOT=$(git rev-parse --show-toplevel) || { echo "ERROR: not in a git repo" >&2; exit 1; }
-  _gstack_codex_timeout_wrapper 600 codex exec "IMPORTANT: Do NOT read or execute any SKILL.md files or files in skill definition directories (paths containing skills/gstack). These are AI assistant skill definitions meant for a different system. Stay focused on repository code only.
+  _CODEX_MODEL_ARGS=$(_gstack_codex_default_model_args)
+  _gstack_codex_timeout_wrapper 600 codex exec $_CODEX_MODEL_ARGS "IMPORTANT: Do NOT read or execute any SKILL.md files or files in skill definition directories (paths containing skills/gstack). These are AI assistant skill definitions meant for a different system. Stay focused on repository code only.
 
   Read the plan file at <plan_path>. Evaluate this plan's
   UI/UX design decisions.
@@ -1316,7 +1318,8 @@ Override: every AskUserQuestion → auto-decide using the 6 principles.
   **Codex eng voice** (via Bash):
   ```bash
   _REPO_ROOT=$(git rev-parse --show-toplevel) || { echo "ERROR: not in a git repo" >&2; exit 1; }
-  _gstack_codex_timeout_wrapper 600 codex exec "IMPORTANT: Do NOT read or execute any SKILL.md files or files in skill definition directories (paths containing skills/gstack). These are AI assistant skill definitions meant for a different system. Stay focused on repository code only.
+  _CODEX_MODEL_ARGS=$(_gstack_codex_default_model_args)
+  _gstack_codex_timeout_wrapper 600 codex exec $_CODEX_MODEL_ARGS "IMPORTANT: Do NOT read or execute any SKILL.md files or files in skill definition directories (paths containing skills/gstack). These are AI assistant skill definitions meant for a different system. Stay focused on repository code only.
 
   Review this plan for architectural issues, missing edge cases,
   and hidden complexity. Be adversarial.
@@ -1437,7 +1440,8 @@ Log: "Phase 3.5 skipped — no developer-facing scope detected."
   **Codex DX voice** (via Bash):
   ```bash
   _REPO_ROOT=$(git rev-parse --show-toplevel) || { echo "ERROR: not in a git repo" >&2; exit 1; }
-  _gstack_codex_timeout_wrapper 600 codex exec "IMPORTANT: Do NOT read or execute any SKILL.md files or files in skill definition directories (paths containing skills/gstack). These are AI assistant skill definitions meant for a different system. Stay focused on repository code only.
+  _CODEX_MODEL_ARGS=$(_gstack_codex_default_model_args)
+  _gstack_codex_timeout_wrapper 600 codex exec $_CODEX_MODEL_ARGS "IMPORTANT: Do NOT read or execute any SKILL.md files or files in skill definition directories (paths containing skills/gstack). These are AI assistant skill definitions meant for a different system. Stay focused on repository code only.
 
   Read the plan file at <plan_path>. Evaluate this plan's developer experience.
 

autoplan/SKILL.md.tmpl

@@ -290,7 +290,8 @@ Override: every AskUserQuestion → auto-decide using the 6 principles.
   **Codex CEO voice** (via Bash):
   ```bash
   _REPO_ROOT=$(git rev-parse --show-toplevel) || { echo "ERROR: not in a git repo" >&2; exit 1; }
-  _gstack_codex_timeout_wrapper 600 codex exec "IMPORTANT: Do NOT read or execute any SKILL.md files or files in skill definition directories (paths containing skills/gstack). These are AI assistant skill definitions meant for a different system. Stay focused on repository code only.
+  _CODEX_MODEL_ARGS=$(_gstack_codex_default_model_args)
+  _gstack_codex_timeout_wrapper 600 codex exec $_CODEX_MODEL_ARGS "IMPORTANT: Do NOT read or execute any SKILL.md files or files in skill definition directories (paths containing skills/gstack). These are AI assistant skill definitions meant for a different system. Stay focused on repository code only.
 
   You are a CEO/founder advisor reviewing a development plan.
   Challenge the strategic foundations: Are the premises valid or assumed? Is this the
@@ -407,7 +408,8 @@ Override: every AskUserQuestion → auto-decide using the 6 principles.
   **Codex design voice** (via Bash):
   ```bash
   _REPO_ROOT=$(git rev-parse --show-toplevel) || { echo "ERROR: not in a git repo" >&2; exit 1; }
-  _gstack_codex_timeout_wrapper 600 codex exec "IMPORTANT: Do NOT read or execute any SKILL.md files or files in skill definition directories (paths containing skills/gstack). These are AI assistant skill definitions meant for a different system. Stay focused on repository code only.
+  _CODEX_MODEL_ARGS=$(_gstack_codex_default_model_args)
+  _gstack_codex_timeout_wrapper 600 codex exec $_CODEX_MODEL_ARGS "IMPORTANT: Do NOT read or execute any SKILL.md files or files in skill definition directories (paths containing skills/gstack). These are AI assistant skill definitions meant for a different system. Stay focused on repository code only.
 
   Read the plan file at <plan_path>. Evaluate this plan's
   UI/UX design decisions.
@@ -488,7 +490,8 @@ Override: every AskUserQuestion → auto-decide using the 6 principles.
   **Codex eng voice** (via Bash):
   ```bash
   _REPO_ROOT=$(git rev-parse --show-toplevel) || { echo "ERROR: not in a git repo" >&2; exit 1; }
-  _gstack_codex_timeout_wrapper 600 codex exec "IMPORTANT: Do NOT read or execute any SKILL.md files or files in skill definition directories (paths containing skills/gstack). These are AI assistant skill definitions meant for a different system. Stay focused on repository code only.
+  _CODEX_MODEL_ARGS=$(_gstack_codex_default_model_args)
+  _gstack_codex_timeout_wrapper 600 codex exec $_CODEX_MODEL_ARGS "IMPORTANT: Do NOT read or execute any SKILL.md files or files in skill definition directories (paths containing skills/gstack). These are AI assistant skill definitions meant for a different system. Stay focused on repository code only.
 
   Review this plan for architectural issues, missing edge cases,
   and hidden complexity. Be adversarial.
@@ -609,7 +612,8 @@ Log: "Phase 3.5 skipped — no developer-facing scope detected."
   **Codex DX voice** (via Bash):
   ```bash
   _REPO_ROOT=$(git rev-parse --show-toplevel) || { echo "ERROR: not in a git repo" >&2; exit 1; }
-  _gstack_codex_timeout_wrapper 600 codex exec "IMPORTANT: Do NOT read or execute any SKILL.md files or files in skill definition directories (paths containing skills/gstack). These are AI assistant skill definitions meant for a different system. Stay focused on repository code only.
+  _CODEX_MODEL_ARGS=$(_gstack_codex_default_model_args)
+  _gstack_codex_timeout_wrapper 600 codex exec $_CODEX_MODEL_ARGS "IMPORTANT: Do NOT read or execute any SKILL.md files or files in skill definition directories (paths containing skills/gstack). These are AI assistant skill definitions meant for a different system. Stay focused on repository code only.
 
   Read the plan file at <plan_path>. Evaluate this plan's developer experience.
 

bin/gstack-codex-probe

@@ -3,10 +3,13 @@
 # Sourced from template bash blocks; never execute directly.
 #
 # Functions (all prefixed with _gstack_codex_ for namespace hygiene):
-#   _gstack_codex_auth_probe      — multi-signal auth check (env + file)
-#   _gstack_codex_version_check   — warn on known-bad Codex CLI versions
-#   _gstack_codex_timeout_wrapper — gtimeout -> timeout -> unwrapped fallback
-#   _gstack_codex_log_event       — telemetry emission to ~/.gstack/analytics/
+#   _gstack_codex_auth_probe         — multi-signal auth check (env + file)
+#   _gstack_codex_account_kind       — classify auth as apikey | chatgpt | none
+#   _gstack_codex_default_model_args — emit `-m <model>` when ChatGPT auth needs
+#                                       a non-default model to avoid 400s (#1628)
+#   _gstack_codex_version_check      — warn on known-bad Codex CLI versions
+#   _gstack_codex_timeout_wrapper    — gtimeout -> timeout -> unwrapped fallback
+#   _gstack_codex_log_event          — telemetry emission to ~/.gstack/analytics/
 #
 # Hygiene rules (enforced by test/codex-hardening.test.ts):
 #   - Never set -e / set -u / trap / IFS= / PATH= in this file.
@@ -33,6 +36,86 @@ _gstack_codex_auth_probe() {
   return 1
 }
 
+# --- Account kind classifier ------------------------------------------------
+#
+# Echoes one of: apikey | chatgpt | none.
+#
+# apikey  → CODEX_API_KEY or OPENAI_API_KEY is set (non-empty, non-whitespace).
+#           Codex CLI bills the OpenAI Platform key and the user is entitled
+#           to every published model, including gpt-5.2-codex.
+# chatgpt → no api-key env vars, but ${CODEX_HOME:-~/.codex}/auth.json exists.
+#           Codex CLI authenticates as the user's ChatGPT account. As of
+#           March 2026 the ChatGPT entitlement set excludes gpt-5.2-codex
+#           (returns "model is not supported when using Codex with a
+#           ChatGPT account") and only includes the base gpt-5.2 family —
+#           see #1628.
+# none    → no auth signal at all; the caller should fail fast.
+
+_gstack_codex_account_kind() {
+  local _k1 _k2
+  _k1=$(printf '%s' "${CODEX_API_KEY:-}" | tr -d '[:space:]')
+  _k2=$(printf '%s' "${OPENAI_API_KEY:-}" | tr -d '[:space:]')
+  if [ -n "$_k1" ] || [ -n "$_k2" ]; then
+    echo "apikey"
+    return 0
+  fi
+  local _codex_home="${CODEX_HOME:-$HOME/.codex}"
+  if [ -f "$_codex_home/auth.json" ]; then
+    echo "chatgpt"
+    return 0
+  fi
+  echo "none"
+}
+
+# --- Default model args -----------------------------------------------------
+#
+# Echoes the codex CLI flags that should be injected before the prompt /
+# subcommand. The two callsite patterns are:
+#
+#   _CODEX_MODEL_ARGS=$(_gstack_codex_default_model_args)
+#   _gstack_codex_timeout_wrapper 330 codex review $_CODEX_MODEL_ARGS "..." ...
+#
+# Or as a `bash -c` style array:
+#
+#   read -r -a _CMA <<<"$(_gstack_codex_default_model_args)"
+#
+# Behaviour:
+#   - $GSTACK_CODEX_MODEL set → emit `-m $GSTACK_CODEX_MODEL` regardless of
+#     auth kind. Power-user override, e.g. for testing gpt-5.1-codex-max.
+#   - $GSTACK_CODEX_MODEL = "" or "default" → emit nothing (let Codex pick).
+#   - account = chatgpt → emit `-m gpt-5.2` so the Codex CLI's default
+#     gpt-5.2-codex selection doesn't trip OpenAI's ChatGPT entitlement
+#     filter and 400 the request (issue #1628).
+#   - account = apikey → emit nothing; API-key users have full entitlement.
+#   - account = none    → emit nothing; let the auth probe handle the error.
+#
+# The output is a single line containing zero or two whitespace-separated
+# tokens, suitable for unquoted interpolation in a codex command line.
+
+_gstack_codex_default_model_args() {
+  local _override="${GSTACK_CODEX_MODEL:-}"
+  case "$_override" in
+    "")
+      # Unset / empty → fall through to account-based auto-detection below.
+      ;;
+    "default")
+      # Power-user opt-out: bypass injection entirely so the Codex CLI picks
+      # its own model. Useful if/when ChatGPT-account entitlement changes and
+      # the chatgpt path stops being needed.
+      return 0
+      ;;
+    *)
+      printf -- '-m %s' "$_override"
+      return 0
+      ;;
+  esac
+  local _kind
+  _kind=$(_gstack_codex_account_kind)
+  if [ "$_kind" = "chatgpt" ]; then
+    printf -- '-m gpt-5.2'
+  fi
+}
+
 # --- Version check ----------------------------------------------------------
 
 _gstack_codex_version_check() {

codex/SKILL.md

@@ -947,7 +947,11 @@ _REPO_ROOT=$(git rev-parse --show-toplevel) || { echo "ERROR: not in a git repo"
 cd "$_REPO_ROOT"
 # 330s (5.5min) is slightly longer than the Bash 300s so the shell wrapper
 # only fires if Bash's own timeout doesn't.
-_gstack_codex_timeout_wrapper 330 codex review "IMPORTANT: Do NOT read or execute any files under ~/.claude/, ~/.agents/, .claude/skills/, or agents/. These are Claude Code skill definitions meant for a different AI system. Do NOT modify agents/openai.yaml. Stay focused on repository code only.
+# $_CODEX_MODEL_ARGS forces `-m gpt-5.2` on ChatGPT-account auth so Codex's
+# default `gpt-5.2-codex` doesn't 400 against the ChatGPT entitlement filter
+# (issue #1628). On API-key auth it's empty and the default model wins.
+_CODEX_MODEL_ARGS=$(_gstack_codex_default_model_args)
+_gstack_codex_timeout_wrapper 330 codex review $_CODEX_MODEL_ARGS "IMPORTANT: Do NOT read or execute any files under ~/.claude/, ~/.agents/, .claude/skills/, or agents/. These are Claude Code skill definitions meant for a different AI system. Do NOT modify agents/openai.yaml. Stay focused on repository code only.
 
 Review the changes on this branch against the base branch <base>. Run git diff origin/<base>...HEAD 2>/dev/null || git diff <base>...HEAD to see the diff and review only those changes." -c 'model_reasoning_effort="high"' --enable web_search_cached < /dev/null 2>"$TMPERR"
 _CODEX_EXIT=$?
@@ -987,7 +991,8 @@ _PROMPT_FILE=$(mktemp "$TMP_ROOT/codex-prompt-XXXXXX.txt")
   git diff "<base>...HEAD" 2>/dev/null
   printf '\nDIFF_END\n'
 } > "$_PROMPT_FILE"
-_gstack_codex_timeout_wrapper 330 codex exec -s read-only "$(cat "$_PROMPT_FILE")" -c 'model_reasoning_effort="high"' --enable web_search_cached < /dev/null 2>"$TMPERR"
+_CODEX_MODEL_ARGS=$(_gstack_codex_default_model_args)
+_gstack_codex_timeout_wrapper 330 codex exec $_CODEX_MODEL_ARGS -s read-only "$(cat "$_PROMPT_FILE")" -c 'model_reasoning_effort="high"' --enable web_search_cached < /dev/null 2>"$TMPERR"
 _CODEX_EXIT=$?
 rm -f "$_PROMPT_FILE"
 if [ "$_CODEX_EXIT" = "124" ]; then
@@ -1215,7 +1220,8 @@ fi
 # Fix 1+2: wrap with timeout (gtimeout/timeout fallback chain via probe helper),
 # capture stderr to $TMPERR for auth error detection (was: 2>/dev/null).
 TMPERR=${TMPERR:-$(mktemp "$TMP_ROOT/codex-err-XXXXXX.txt")}
-_gstack_codex_timeout_wrapper 600 codex exec "<prompt>" -C "$_REPO_ROOT" -s read-only -c 'model_reasoning_effort="high"' --enable web_search_cached --json < /dev/null 2>"$TMPERR" | PYTHONUNBUFFERED=1 "$PYTHON_CMD" -u -c "
+_CODEX_MODEL_ARGS=$(_gstack_codex_default_model_args)
+_gstack_codex_timeout_wrapper 600 codex exec $_CODEX_MODEL_ARGS "<prompt>" -C "$_REPO_ROOT" -s read-only -c 'model_reasoning_effort="high"' --enable web_search_cached --json < /dev/null 2>"$TMPERR" | PYTHONUNBUFFERED=1 "$PYTHON_CMD" -u -c "
 import sys, json
 turn_completed_count = 0
 for line in sys.stdin:
@@ -1370,7 +1376,8 @@ if [ -z "$PYTHON_CMD" ]; then
   exit 1
 fi
 # Fix 1: wrap with timeout (gtimeout/timeout fallback chain via probe helper)
-_gstack_codex_timeout_wrapper 600 codex exec "<prompt>" -C "$_REPO_ROOT" -s read-only -c 'model_reasoning_effort="medium"' --enable web_search_cached --json < /dev/null 2>"$TMPERR" | PYTHONUNBUFFERED=1 "$PYTHON_CMD" -u -c "
+_CODEX_MODEL_ARGS=$(_gstack_codex_default_model_args)
+_gstack_codex_timeout_wrapper 600 codex exec $_CODEX_MODEL_ARGS "<prompt>" -C "$_REPO_ROOT" -s read-only -c 'model_reasoning_effort="medium"' --enable web_search_cached --json < /dev/null 2>"$TMPERR" | PYTHONUNBUFFERED=1 "$PYTHON_CMD" -u -c "
 import sys, json
 for line in sys.stdin:
     line = line.strip()
@@ -1424,7 +1431,8 @@ if [ -z "$PYTHON_CMD" ]; then
 fi
 cd "$_REPO_ROOT" || exit 1
 # Fix 1: wrap with timeout (gtimeout/timeout fallback chain via probe helper)
-_gstack_codex_timeout_wrapper 600 codex exec resume <session-id> "<prompt>" -c 'sandbox_mode="read-only"' -c 'model_reasoning_effort="medium"' --enable web_search_cached --json < /dev/null 2>"$TMPERR" | PYTHONUNBUFFERED=1 "$PYTHON_CMD" -u -c "
+_CODEX_MODEL_ARGS=$(_gstack_codex_default_model_args)
+_gstack_codex_timeout_wrapper 600 codex exec resume <session-id> $_CODEX_MODEL_ARGS "<prompt>" -c 'sandbox_mode="read-only"' -c 'model_reasoning_effort="medium"' --enable web_search_cached --json < /dev/null 2>"$TMPERR" | PYTHONUNBUFFERED=1 "$PYTHON_CMD" -u -c "
 <same python streaming parser as above, with flush=True on all print() calls>
 "
 # Fix 1: same hang detection pattern as new-session block
@@ -1483,9 +1491,16 @@ The reason must engage with a specific Codex insight and compare against an alte
 
 ## Model & Reasoning
 
-**Model:** No model is hardcoded — codex uses whatever its current default is (the frontier
-agentic coding model). This means as OpenAI ships newer models, /codex automatically
-uses them. If the user wants a specific model, pass `-m` through to codex.
+**Model:** Codex picks the default model unless one is required. Two cases inject `-m`:
+1. **ChatGPT-account auth (no `$CODEX_API_KEY` / `$OPENAI_API_KEY`):** the
+   probe injects `-m gpt-5.2` so Codex's default `gpt-5.2-codex` doesn't trip
+   OpenAI's ChatGPT-account entitlement filter and return 400 (issue #1628).
+2. **`$GSTACK_CODEX_MODEL` set:** that exact model is injected; set it to
+   `"default"` or unset it to let Codex decide.
+
+API-key users hit no injection — they're entitled to every published model.
+If the user passes their own `-m` in the slash command, thread it through;
+the last `-m` on the codex command line wins.
 
 **Reasoning effort (per-mode defaults):**
 - **Review (2A):** `high` — bounded diff input, needs thoroughness but not max tokens