[Bug] VS Code Codex extension cannot run tasks reliably: connector logo overload, plugin manifest warnings, and repeated Cloudflare/telemetry 403 for non-browser clients

[nhkhanhyn0410]

Description

The Codex VS Code extension is currently unreliable on my Windows machine. Browser access to Codex works, and codex login status reports that I am logged in with ChatGPT, but the VS Code extension cannot reliably run tasks.

The issue appears to involve three recurring error classes in the VS Code Output panel:

1. connector logo fetch failures with Server overloaded; retry later;
2. repeated plugin/skill manifest validation warnings surfaced through [CodexMcpConnection];
3. repeated 403 Forbidden requests to https://chatgpt.com/ces/v1/rgstr....

In addition, I reproduced a strong Cloudflare / User-Agent pattern against https://auth.openai.com:

• default curl User-Agent returns 403 Forbidden with Cf-Mitigated: challenge;
• Chrome-like User-Agent returns 200 OK;
• reqwest/0.12.0 User-Agent returns 403 Forbidden with Cf-Mitigated: challenge.

This suggests that at least part of the issue may be caused by non-browser HTTP clients, possibly reqwest-based clients, being challenged by Cloudflare, while browser-like traffic is allowed.

Environment

OS: Windows x64
IDE: VS Code
Shell: PowerShell
Codex CLI version: codex-cli 0.129.0
Auth mode: Logged in using ChatGPT

Codex command path:
  C:\nvm4w\nodejs\codex.ps1
  C:\nvm4w\nodejs\codex.cmd
  C:\nvm4w\nodejs\codex

Get-AppxPackage *Codex*:
  no Codex Appx package found

Observed Cloudflare edges:
  SIN and HKG in CF-RAY values

Current Codex CLI status

PS C:\Users\admin\.codex> codex --version
codex-cli 0.129.0

PS C:\Users\admin\.codex> codex login status
Logged in using ChatGPT

PS C:\Users\admin\.codex> Get-Command codex -All

CommandType     Name          Source
-----------     ----          ------
ExternalScript  codex.ps1     C:\nvm4w\nodejs\codex.ps1
Application     codex.cmd     C:\nvm4w\nodejs\codex.cmd
Application     codex         C:\nvm4w\nodejs\codex

Local proxy checks

No local proxy appears to be configured.

PS C:\Users\admin> Get-ChildItem Env:*proxy*
# no output

PS C:\Users\admin> netsh winhttp show proxy

Current WinHTTP proxy settings:

    Direct access (no proxy server).

PS C:\Users\admin> npm config get proxy
null

PS C:\Users\admin> npm config get https-proxy
null

PS C:\Users\admin> git config --global --get http.proxy
# no output

PS C:\Users\admin> git config --global --get https.proxy
# no output

VS Code Output errors

1. Connector logo fetch overload

2026-05-08 19:17:29.735 [error] Error fetching error={"code":-32001,"message":"Server overloaded; retry later."} url=/aip/connectors/asdk_app_69b754303dec8191a9661710f5ff60f4/logo?theme=dark

This looks like a background connector/logo fetch failure. It should not make task execution unreliable, and it should probably be cached, throttled, or retried with backoff.

2. Plugin / skill manifest warnings surfaced as [CodexMcpConnection] errors

2026-05-08 19:17:29.979 [error] [CodexMcpConnection] cli: message="
2026-05-08T12:17:29.682171Z  WARN codex_core_plugins::manifest: ignoring interface.defaultPrompt: prompt must be at most 128 characters path=C:\\Users\\admin\\.codex\\.tmp\\plugins\\plugins\\build-ios-apps\\.codex-plugin/plugin.json
2026-05-08T12:17:29.682904Z  WARN codex_core_plugins::manifest: ignoring interface.defaultPrompt: maximum of 3 prompts is supported path=C:\\Users\\admin\\.codex\\.tmp\\plugins\\plugins\\plugin-eval\\.codex-plugin/plugin.json
2026-05-08T12:17:29.687512Z  WARN codex_core_plugins::manifest: ignoring interface.defaultPrompt: maximum of 3 prompts is supported path=C:\\Users\\admin\\.codex\\.tmp\\plugins\\plugins\\twilio-developer-kit\\.codex-plugin/plugin.json
2026-05-08T12:17:29.726083Z  WARN codex_core_skills::loader: ignoring interface.icon_small: icon path must not contain '..'
2026-05-08T12:17:29.726118Z  WARN codex_core_skills::loader: ignoring interface.icon_large: icon path must not contain '..'
..."

These look like plugin/skill manifest validation warnings rather than the primary task execution failure. However, they are repeatedly surfaced through [CodexMcpConnection] and add significant noise to the Output panel.

If these manifests are from bundled or remotely downloaded registry/plugin metadata, the extension should either sanitize them before loading or deduplicate/downgrade these warnings.

3. Repeated telemetry / CES 403

2026-05-08 19:17:53.023 [error] Error fetching httpStatus=403 requestId=9f8867eb5bea40fc-SIN statusText=Forbidden url=https://chatgpt.com/ces/v1/rgstr?k=client-sYWqzCYMRkUg4DqqiZcR5DGTNl2iD7zNJY0HoeDLzxR&st=javascript-client-react&sv=3.32.6&t=1778242672580&sid=a88e1687-a19b-4d23-b9f8-09853b7ca2db&ec=10&gz=1

This looks like a telemetry/analytics endpoint failure. It should not prevent task execution, spam Output indefinitely, or degrade prompt/task responsiveness. A failed telemetry request should use backoff or be disabled for the session after repeated failures.

Cloudflare / User-Agent reproduction

I ran these direct checks against https://auth.openai.com.

Default curl User-Agent: blocked

Command:

curl.exe -I https://auth.openai.com 2>&1 | Select-String -Pattern "HTTP|cf-mitigated|server|location|cf-ray" -CaseSensitive:$false

Result:

HTTP/1.1 403 Forbidden
Cf-Mitigated: challenge
Server: cloudflare
CF-RAY: 9f88286d3f8f2f2a-SIN

A later run produced:

HTTP/1.1 403 Forbidden
Cf-Mitigated: challenge
Server: cloudflare
CF-RAY: 9f885f468e946e52-HKG

Chrome-like User-Agent: succeeds

Command:

curl.exe -I -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" https://auth.openai.com 2>&1 | Select-String -Pattern "HTTP|cf-mitigated|server|location|cf-ray" -CaseSensitive:$false

Result:

HTTP/1.1 200 OK
Server: cloudflare
CF-RAY: 9f8828878843c4af-SIN

A later run produced:

HTTP/1.1 200 OK
Server: cloudflare
CF-RAY: 9f885f47fbb3b419-HKG

reqwest-like User-Agent: blocked

Command:

curl.exe -I -A "reqwest/0.12.0" https://auth.openai.com 2>&1 | Select-String -Pattern "HTTP|cf-mitigated|server|location|cf-ray" -CaseSensitive:$false

Result:

HTTP/1.1 403 Forbidden
Cf-Mitigated: challenge
Server: cloudflare
CF-RAY: 9f8828b34b59811b-SIN

A later run produced:

HTTP/1.1 403 Forbidden
Cf-Mitigated: challenge
Server: cloudflare
CF-RAY: 9f885f541eecb852-HKG

This pattern suggests that Cloudflare may be challenging or blocking non-browser HTTP clients, especially reqwest-like clients, while browser-like traffic succeeds.

Expected behavior

The VS Code Codex extension should be able to run tasks reliably after ChatGPT login.

More specifically:

• connector logo fetch failures should be cached, throttled, retried with backoff, or treated as non-fatal;
• plugin/skill manifest validation warnings should not repeatedly surface as extension errors;
• telemetry /ces/v1/rgstr failures should not spam Output or affect task execution;
• if Cloudflare returns Cf-Mitigated: challenge, the extension should detect it and show a clear diagnostic;
• internal non-browser HTTP clients should use a supported User-Agent / request path so they are not repeatedly challenged;
• VS Code task execution should be isolated from background connector/logo/telemetry/plugin loading failures.

Actual behavior

The VS Code extension repeatedly logs:

• Server overloaded; retry later for connector logo fetches;
• plugin/skill manifest validation warnings through [CodexMcpConnection];
• 403 Forbidden for https://chatgpt.com/ces/v1/rgstr;
• Cloudflare challenge responses for non-browser requests to auth.openai.com.

As a result, the VS Code extension cannot reliably run tasks on this machine.

Troubleshooting already performed

• Browser access to Codex works.
• codex login status reports Logged in using ChatGPT.
• Another machine works normally.
• Switching networks did not fix this affected machine.
• Local Cloudflare/WARP was removed.
• Multiple resets/reinstalls were attempted.
• No environment proxy is configured.
• WinHTTP reports direct access.
• npm proxy is null.
• git proxy is empty.
• curl with Chrome-like User-Agent returns 200 OK.
• curl with default User-Agent returns 403 Forbidden with Cf-Mitigated: challenge.
• curl with reqwest/0.12.0 User-Agent returns 403 Forbidden with Cf-Mitigated: challenge.

Related issues

Possibly related:

• VS Code extension repeatedly fetches connector logos, causing "Server overloaded; retry later" errors #19366 — VS Code extension repeatedly fetches connector logos and logs Server overloaded; retry later
• VS Code extension repeatedly logs telemetry 403 errors for /ces/v1/rgstr and prompt is lagging #19371 — VS Code extension repeatedly logs telemetry 403 errors for /ces/v1/rgstr
• [Bug] reqwest HTTP clients missing User-Agent override → Cloudflare 403 from HKG edge on Codex Desktop 26.422.x #18456 — reqwest HTTP clients missing User-Agent override, Cloudflare 403 from HKG edge
• codex login fails: Cloudflare challenge blocks CLI token exchange (Australia/Linux) #16052 — codex login fails because Cloudflare challenge blocks CLI auth flow
• VS Code Codex extension receives Cloudflare challenge HTML (403) instead of JSON, causing authentication failure and unstable state #16341 — VS Code extension receives Cloudflare challenge HTML 403 instead of JSON
• Linux/WSL2: Cloudflare 403 blocks all chatgpt.com API requests — rustls TLS fingerprint detected as bot while macOS native-tls works fine on same network #17860 — WSL/Linux Codex blocked by Cloudflare 403 for ChatGPT-auth path

Request

Could the Codex team check whether the VS Code extension and bundled CLI are making some internal requests with default curl/reqwest-like User-Agent or non-browser HTTP fingerprints?

In particular:

1. Are all internal Rust/reqwest HTTP clients consistently overriding User-Agent?
2. Can connector logo requests be cached/throttled/backed off when the server returns -32001 Server overloaded?
3. Can telemetry /ces/v1/rgstr failures be disabled or backed off after repeated 403?
4. Can Cf-Mitigated: challenge be detected explicitly and shown as a clear diagnostic?
5. Can plugin/skill manifest validation warnings be downgraded or deduplicated if they come from bundled/remote registry metadata?
6. Can task execution be isolated from background connector/logo/telemetry/plugin loading failures?

Redaction note

I intentionally omitted cookies, auth tokens, and full set-cookie values from this report.

[github-actions]

Potential duplicates detected. Please review them and close your issue if it is a duplicate.

• mcp-search fails after clean reinstall on Windows: ChatGPT backend plugin/connectors requests return Cloudflare 403, Settings UI also breaks #20673
• ChatGPT auth mode: Cloudflare challenge on connectors/directory/list blocks all MCP tool calls from CLI #21346
• Chrome/browser-use setupAtlasRuntime can hang when ambient /backend-api/me probe does not complete #21704

Powered by Codex Action