hotfix: pass correct default model per pack (fixes codex-cli 400)#14
Merged
royosherove merged 1 commit intomainfrom Apr 16, 2026
Merged
hotfix: pass correct default model per pack (fixes codex-cli 400)#14royosherove merged 1 commit intomainfrom
royosherove merged 1 commit intomainfrom
Conversation
Bug: codex-cli installed by 'curl | install.lowkey.run' received the
CFN template's Bedrock DefaultModel ('us.anthropic.claude-opus-4-6-v1')
because install.sh never overrode DefaultModel per-pack. OpenAI's API
rejects Bedrock IDs with HTTP 400:
{"type":"error","status":400,"error":{
"message":"The 'us.anthropic.claude-opus-4-6-v1' model is
not supported when using Codex with a ChatGPT account."}}
Two-layer fix:
1. install.sh: add DefaultModel to PARAM_CFN_NAMES/PARAM_TF_NAMES and
populate from new pack_default_model() dispatch:
codex-cli → gpt-5.4
openclaw/claude-code/kiro-cli/nemoclaw/pi/ironclaw → Claude Opus (Bedrock)
hermes → Hermes-3-Llama-3.1-8B
User override via env DEFAULT_MODEL still honored.
2. packs/codex-cli/install.sh: defense-in-depth guard that rejects any
model id starting with a Bedrock provider prefix (us./eu./ap./
anthropic./amazon./meta./mistral./cohere./ai21.) and falls back to
gpt-5.4 with a warning. This catches the case where users upgrade
only the pack or run the pack directly against a stale CFN template.
Both layers tested:
- pack contracts 177/0
- registry sync clean
- codex-cli pack test 28/0
- manual: bash packs/codex-cli/install.sh --model 'us.anthropic.claude-opus-4-6-v1'
correctly warns and writes model='gpt-5.4' to config.toml
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 28181da839
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| codex-cli) echo "gpt-5.4" ;; | ||
| openclaw|claude-code|kiro-cli) echo "us.anthropic.claude-opus-4-6-v1" ;; | ||
| nemoclaw) echo "us.anthropic.claude-opus-4-6-v1" ;; | ||
| hermes) echo "NousResearch/Hermes-3-Llama-3.1-8B" ;; |
There was a problem hiding this comment.
The new Hermes branch returns NousResearch/Hermes-3-Llama-3.1-8B, but this value is propagated as the shared model field for dependency installs; deploy/bootstrap.sh writes one pack config for both deps and the target pack, then runs deps first, and packs/bedrockify/install.sh passes that model directly into bedrockify install-daemon --model (which is documented/defaulted as a Bedrock model ID). This means Hermes deployments can now configure bedrockify with a non-Bedrock model string, leading to failed startup or model-not-found errors when the proxy is used.
Useful? React with 👍 / 👎.
royosherove
added a commit
that referenced
this pull request
Apr 16, 2026
5 findings flagged by chatgpt-codex-connector across 3 PRs. All addressed here. PR #14 — P1: Hermes default model was wrong --------------------------------------------- pack_default_model(hermes) returned 'NousResearch/Hermes-3-Llama-3.1-8B' which then flowed through CFN DefaultModel → bootstrap.sh --model → PACK_CONFIG.model. Because hermes depends on bedrockify and dependencies read the same PACK_CONFIG, bedrockify's install-daemon got the Hermes-specific ID as its --model — but bedrockify expects a Bedrock model ID. This would have broken hermes deploys (bedrockify fails with model-not-found). The correct split: 'model' = Bedrock id (for bedrockify proxy), 'hermes-model' = the OpenAI-style id bedrockify exposes to Hermes. The pack manifest's 'hermes-model' param was already correct; we only had the shared 'model' pointed at the wrong layer. Fix: pack_default_model(hermes) now returns 'us.anthropic.claude-opus-4-6-v1' (matches other bedrockify-dependent packs like pi, ironclaw, nemoclaw). PR #16 — P1: headless auth params unreachable via CFN/TF --------------------------------------------------------- Already fixed in PR #17 / v0.5.98. No action needed. PR #16 — P2: --kiro-api-key accepted flag-like values ------------------------------------------------------ Already fixed in PR #17 / v0.5.98. No action needed. PR #18 — P1: Terraform mode actually runs apply -auto-approve -------------------------------------------------------------- docs/reference/terraform.mdx and docs/reference/cli.mdx both claimed the installer 'prints terraform init/apply commands for manual execution'. That's wrong — deploy_terraform() calls terraform_init → validate → apply (with -auto-approve in terraform_apply()). Users expecting to review a plan would hit immediate infra changes. Fix: - terraform.mdx now describes two paths: installer-driven (auto-apply) and direct Terraform (plan-first loop). - cli.mdx paragraph corrected to match. PR #18 — P2: --help flag documented but not implemented -------------------------------------------------------- docs/reference/cli.mdx listed --help/-h but install.sh's top-level parser fell through to *) shift ;; — --help was silently swallowed and the installer proceeded to run. Fix: install.sh now has a real --help|-h case that prints a usage block and exits 0. The docs row was already accurate after this; kept as-is. PR #18 — P2: Terraform profile_name default was incorrect ---------------------------------------------------------- docs claimed profile_name defaults to 'builder'. It doesn't — variables.tf has no default ('# No default — must be explicitly specified'). Users following the doc would have hit interactive prompts or failed non-interactive applies. Fix: terraform.mdx table now marks profile_name as '(required)' (same treatment as environment_name, which also has no default). Verification ------------ - bash -n install.sh: OK - bash install.sh --help: prints usage + exits 0 - bash install.sh -h: prints usage + exits 0 - pack_default_model hermes → us.anthropic.claude-opus-4-6-v1 - tests/test-pack-contracts.sh: 177/0 - scripts/sync-registry --check: clean - packs/codex-cli/test.sh: 28/0 (no regression) - packs/kiro-cli/test.sh: 53/0 (no regression)
royosherove
added a commit
that referenced
this pull request
Apr 17, 2026
* docs: add Mintlify-powered docs site (docs/) Adds a full Mintlify docs structure under docs/ so we can publish https://docs.lowkey.run (or similar). Structure --------- docs/ ├── docs.json # Mintlify config (Guide + Reference tabs) ├── index.mdx # Landing ├── quickstart.mdx # ~10-min deploy walkthrough ├── concepts.mdx # Pack / profile / mode / deploy-method ├── profiles/ │ ├── overview.mdx │ ├── builder.mdx # AdministratorAccess profile │ ├── account-assistant.mdx # ReadOnlyAccess + targeted writes │ └── personal-assistant.mdx # Bedrock only, no AWS surface ├── agents/ │ ├── overview.mdx # Pick-a-pack comparison table │ ├── openclaw.mdx # stable, gateway + memory │ ├── claude-code.mdx # stable, Anthropic via Bedrock │ ├── codex-cli.mdx # experimental, OpenAI │ ├── kiro-cli.mdx # experimental, Kiro cloud + headless mode │ ├── nemoclaw.mdx # experimental, OpenShell-sandboxed OpenClaw │ ├── hermes.mdx # experimental, NousResearch via bedrockify │ ├── pi.mdx # experimental, minimal harness │ └── ironclaw.mdx # experimental, Rust, via bedrockify └── reference/ ├── cli.mdx # Full top-level flag reference ├── simple-mode-defaults.mdx # Everything auto-picked per (pack, profile) ├── environment-variables.mdx # Installer + instance + per-pack env ├── cloudformation.mdx # Direct template usage ├── terraform.mdx # Module usage ├── security-services.mdx # What the 5 security services do + cost └── secrets-manager.mdx # Pattern for secrets (--from-secret canonical) Each agent page covers: - When to use it - What the pack installs - Non-interactive install commands (tabbed per profile) - Pack parameters table (flag, default, description) - Resource requirements per profile - First-run / post-install steps - Tear-down Each profile page covers: - What it is (IAM policy summary) - Simple-mode defaults (instance size, volumes, security services) - Install examples (tabbed across top packs) - When to use / when NOT to use Validation ---------- All 23 pages referenced from docs.json exist. JSON schema validated. README.md in docs/ explains structure + local preview via 'mintlify dev'. Follow-ups (separate PRs welcome) -------------------------------- - Wire up a CNAME for docs.lowkey.run - Connect the repo to Mintlify's hosted service or self-host - Add screenshots where they'd help - Add a translations workflow if we want i18n (pattern from openclaw/openclaw) * fix: address codex PR review feedback (PRs #14, #16 aux, #18) 5 findings flagged by chatgpt-codex-connector across 3 PRs. All addressed here. PR #14 — P1: Hermes default model was wrong --------------------------------------------- pack_default_model(hermes) returned 'NousResearch/Hermes-3-Llama-3.1-8B' which then flowed through CFN DefaultModel → bootstrap.sh --model → PACK_CONFIG.model. Because hermes depends on bedrockify and dependencies read the same PACK_CONFIG, bedrockify's install-daemon got the Hermes-specific ID as its --model — but bedrockify expects a Bedrock model ID. This would have broken hermes deploys (bedrockify fails with model-not-found). The correct split: 'model' = Bedrock id (for bedrockify proxy), 'hermes-model' = the OpenAI-style id bedrockify exposes to Hermes. The pack manifest's 'hermes-model' param was already correct; we only had the shared 'model' pointed at the wrong layer. Fix: pack_default_model(hermes) now returns 'us.anthropic.claude-opus-4-6-v1' (matches other bedrockify-dependent packs like pi, ironclaw, nemoclaw). PR #16 — P1: headless auth params unreachable via CFN/TF --------------------------------------------------------- Already fixed in PR #17 / v0.5.98. No action needed. PR #16 — P2: --kiro-api-key accepted flag-like values ------------------------------------------------------ Already fixed in PR #17 / v0.5.98. No action needed. PR #18 — P1: Terraform mode actually runs apply -auto-approve -------------------------------------------------------------- docs/reference/terraform.mdx and docs/reference/cli.mdx both claimed the installer 'prints terraform init/apply commands for manual execution'. That's wrong — deploy_terraform() calls terraform_init → validate → apply (with -auto-approve in terraform_apply()). Users expecting to review a plan would hit immediate infra changes. Fix: - terraform.mdx now describes two paths: installer-driven (auto-apply) and direct Terraform (plan-first loop). - cli.mdx paragraph corrected to match. PR #18 — P2: --help flag documented but not implemented -------------------------------------------------------- docs/reference/cli.mdx listed --help/-h but install.sh's top-level parser fell through to *) shift ;; — --help was silently swallowed and the installer proceeded to run. Fix: install.sh now has a real --help|-h case that prints a usage block and exits 0. The docs row was already accurate after this; kept as-is. PR #18 — P2: Terraform profile_name default was incorrect ---------------------------------------------------------- docs claimed profile_name defaults to 'builder'. It doesn't — variables.tf has no default ('# No default — must be explicitly specified'). Users following the doc would have hit interactive prompts or failed non-interactive applies. Fix: terraform.mdx table now marks profile_name as '(required)' (same treatment as environment_name, which also has no default). Verification ------------ - bash -n install.sh: OK - bash install.sh --help: prints usage + exits 0 - bash install.sh -h: prints usage + exits 0 - pack_default_model hermes → us.anthropic.claude-opus-4-6-v1 - tests/test-pack-contracts.sh: 177/0 - scripts/sync-registry --check: clean - packs/codex-cli/test.sh: 28/0 (no regression) - packs/kiro-cli/test.sh: 53/0 (no regression) * fix: address PR #19 codex review feedback (round 2) Two P2 findings from chatgpt-codex-connector on PR #19. Finding 1: claude-code default model was wrong (P2) ---------------------------------------------------- pack_default_model() had 'openclaw|claude-code)' returning Opus 4.6. Claude Code's standard default is Sonnet (cheaper, faster, good for coding). Opus would triple costs and needs broader model access. Fix: split into separate cases: openclaw) → us.anthropic.claude-opus-4-6-v1 (unchanged) claude-code) → us.anthropic.claude-sonnet-4-6 (correct default) Docs (claude-code.mdx, simple-mode-defaults.mdx) already said Sonnet — now the code matches. Finding 2: --kiro-api-key advertised but not parsed (P2) --------------------------------------------------------- kiro-cli.mdx Warning block claimed the top-level installer accepts '--kiro-api-key KEY' for back-compat. It doesn't — install.sh's parser only has --kiro-from-secret; unknown flags fall through to *) shift ;;. Users following the docs would get silently broken headless installs. Fix: replaced the Warning with a Note that clarifies: only --kiro-from-secret is supported at the top level. The pack-level script (packs/kiro-cli/install.sh) still accepts --kiro-api-key with a deprecation warning, but it's not threaded through CFN/TF. Verification: bash -n install.sh: OK pack_default_model openclaw → us.anthropic.claude-opus-4-6-v1 pack_default_model claude-code → us.anthropic.claude-sonnet-4-6 test-pack-contracts.sh: 177/0 codex-cli/test.sh: 28/0 kiro-cli/test.sh: 53/0 --------- Co-authored-by: Roy Osherove <575051+royosherove@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bug
Users installing codex-cli via
curl -sfL install.lowkey.run | bashon v0.5.95 get HTTP 400 on first message:Root cause: CFN template has a single
DefaultModelhardcoded tous.anthropic.claude-opus-4-6-v1(a Bedrock ID).install.shnever overrides it per-pack. codex-cli pack writes the Bedrock ID to~/.codex/config.toml, and OpenAI rejects it.Fix (two layers)
install.sh — add
DefaultModelto the param arrays, populate from newpack_default_model()dispatch that returns:gpt-5.4for codex-clipacks/codex-cli/install.sh — defense-in-depth: reject any model ID starting with a Bedrock provider prefix (
us.,eu.,anthropic., etc.) and fall back togpt-5.4with a warning.Test
Cut v0.5.96 after merge.