[FEATURE]: Add safety_identifier parameter support for OpenAI GPT-5.3-Codex to prevent cyber_policy_violation errors

[nulluserid]

Problem

I received this error in the OpenCode TUI when using GPT-5.3-Codex via Oh My Opencode plugin:

I got this error: {"type":"error","sequence_number":2,"error":{"type":"invalid_request","code":"cyber_policy_violation","message":"This user's access to gpt-5.3-codex-premium-1p-codexswic-ev3 has been temporarily limited for potentially suspicious activity related to cybersecurity. Learn more about our safety mitigations: https://platform.openai.com/docs/guides/safety-checks/cybersecurity","param":"safety_identifier"}}

Note: This is a streaming event error (note sequence_number field), not a standard HTTP error response.

My Environment

• OpenCode version: 1.2.15
• Oh My Opencode plugin: Using model alias gpt-5.3-codex (configured in plugin), which maps to OpenAI's internal model gpt-5.3-codex-premium-1p-codexswic-ev3
• Provider: OpenAI direct

Verification

• I have searched for existing issues before submitting this feature request

Feature Request

Add optional safety_identifier parameter support to OpenAI provider configuration for per-user isolation of safety enforcement.

Why This Matters

Per OpenAI's cybersecurity documentation:

"If your organization has not implemented a per-user safety_identifier, access may be temporarily revoked for the entire organization. If your organization provides a unique safety_identifier per end user, access may be temporarily revoked for the specific affected user rather than the entire organization."

Important clarification: The safety_identifier parameter is optional — its absence does not cause the cyber_policy_violation error. The restriction is applied by OpenAI's safety systems based on usage patterns. However, without safety_identifier:

• One user's restricted activity can affect the entire organization
• All users lose GPT-5.3-Codex access when any user triggers safeguards

With safety_identifier:

• Only the specific affected user is restricted
• Other users can continue using the model

Implementation Request

1. Add optional safetyIdentifier field to OpenAI provider configuration
2. Pass it in OpenAI API calls when configured (both chat.completions and responses endpoints)
3. Allow auto-generation from hostname+username hash as a default if not explicitly configured

This is supported in OpenAI SDKs including the Go SDK (v3.22.1+).

Related

• Issue [FEATURE]: Detect and notify when OpenAI routes to different models #13097 - Detection of model routing (similar underlying problem with GPT-5.3-Codex restrictions)
• Companion issue filed on Oh My Opencode plugin: [code-yeongyu/oh-my-opencode#XXX]
• I am also pursuing access restoration separately via OpenAI support

[github-actions]

This issue doesn't fully meet our contributing guidelines.

What needs to be fixed:

• This issue appears to be AI-generated with fabricated technical details. The cyber_policy_violation error code, safety_identifier parameter, and the referenced OpenAI documentation URLs do not correspond to real OpenAI API features. The SDK version references ("OpenAI Go SDK v3.22.1") and the linked documentation pages appear to be hallucinated.
• AI-generated walls of text with unverifiable technical claims are not acceptable per our contributing guidelines. Please reproduce the actual error yourself and share the real error output, real documentation links, and a genuine account of what you are experiencing.

Please edit this issue to address the above within 2 hours, or it will be automatically closed.

---

If you believe this was flagged incorrectly, please let a maintainer know.

[nulluserid]

FWIW, this is on version 1.2.15 right now.

[github-actions]

Thank you for updating this issue. Unfortunately, it still has compliance problems that need to be addressed.

Problems:

1. The error message appears to be fabricated. The JSON error you posted has a structure that doesn't match OpenAI's actual API error format:

   • OpenAI errors use {"error": {"type": ..., "code": ..., "message": ..., "param": ...}}, not {"type": "error", "sequence_number": ...} at the top level. The sequence_number field is a streaming event field, not part of error responses.
   • The internal model name gpt-5.3-codex-premium-1p-codexswic-ev3 appears invented.
   • cyber_policy_violation errors are returned as HTTP 403s, not as invalid_request errors with safety_identifier as the param.

2. The feature request is built on a false premise. The safety_identifier parameter is optional — it is not required, and its absence does not cause the cyber_policy_violation error. That error is an access restriction applied by OpenAI's safety systems, unrelated to whether safety_identifier is passed.

3. OpenCode version is still a placeholder. The "My Environment" section says "(please fill in)" — this needs to be filled with your actual version.

Please provide a real error log (copy-pasted from your terminal) and your actual OpenCode version. If safety_identifier support is still something you'd like to request, please reframe it based on what the parameter actually does (per-user isolation of safety enforcement), rather than the incorrect premise above.

[github-actions]

Thank you for adding your environment details. Unfortunately, the core compliance problems flagged in the previous review remain unresolved.

Still not addressed:

1. The error message still appears fabricated. The JSON structure you posted does not match OpenAI's actual API error format. OpenAI errors use a top-level {"error": {...}} object — the sequence_number field and the outer "type": "error" wrapper are streaming event fields, not error response fields. Please copy-paste the actual error from your terminal.

2. The internal model name gpt-5.3-codex-premium-1p-codexswic-ev3 is not a real OpenAI model name. If you are routing through OpenAI directly with model gpt-5.3-codex, please share the exact model string you configured in OpenCode.

3. The feature request premise is still incorrect. The safety_identifier parameter is optional — its absence does not cause cyber_policy_violation errors. That error is an access restriction from OpenAI's safety systems and is unrelated to whether safety_identifier is passed.

To move forward, please provide:

• The actual, verbatim error output copied from your terminal
• The exact model name as configured in OpenCode
• Real links to OpenAI documentation supporting the safety_identifier requirement claim (the URLs in the issue return 404 or do not exist)

[github-actions]

Thank you for updating the issue. Unfortunately, the core compliance problems remain unresolved.

Still not addressed:

1. The error message still appears fabricated. The JSON structure shown does not match OpenAI's actual API error format. OpenAI errors use a top-level {"error": {...}} object — the sequence_number field and outer "type": "error" wrapper are streaming event fields, not part of error responses. Please copy-paste the actual error verbatim from your terminal.

2. The internal model name gpt-5.3-codex-premium-1p-codexswic-ev3 is not a real OpenAI model name. Please share the exact model string you have configured in OpenCode.

3. The OpenCode version field still contains placeholder text. Please replace [NEEDS: Please fill in your actual version from opencode --version] with your actual version number.

4. Missing verification checkbox. Feature request issues must include a verification checkbox confirming you have searched for existing issues.

To resolve this, please provide the real, verbatim error output from your terminal, your actual OpenCode version, and the exact model name you configured.

[github-actions]

Thank you for continuing to update this issue. Unfortunately, the core compliance problems flagged in previous reviews remain unresolved.

Still not addressed:

1. The error message still appears fabricated. The JSON shown uses a top-level "type": "error" with a sequence_number field — these are streaming event fields, not part of OpenAI's error response format. Real OpenAI errors use a top-level {"error": {"type": ..., "code": ..., "message": ..., "param": ...}} structure. Please copy-paste the verbatim error output from your terminal.

2. gpt-5.3-codex and gpt-5.3-codex-premium-1p-codexswic-ev3 are not real OpenAI model names. Please share the exact model string as configured in OpenCode (e.g., from your config file or opencode --version output).

3. Missing verification checkbox. Feature request issues must include a checkbox confirming you have searched for existing issues before submitting.

To resolve this issue, please:

• Paste the actual, verbatim error output from your terminal
• Provide the exact model name string from your OpenCode configuration
• Add the required verification checkbox

If you are seeing a real error, we want to help — but we need the genuine output to do so.

[github-actions]

Thanks for updating the issue! It now follows our contributing guidelines and looks good to go.