When using Codex with the GitHub connector, GitHub write actions appear to use the GitHub account connected through the active ChatGPT/OpenAI cloud account, not the locally authenticated gh CLI account.
This is surprising and risky because the active GitHub identity is not clearly surfaced before public write actions.
Observed behavior:
- Local
gh auth status showed a different active GitHub account than the account used by the Codex GitHub connector.
- A Codex GitHub connector write action created a public GitHub issue under the connector's cloud-linked GitHub account.
- Disabling the local GitHub plugin and removing local GitHub connector caches did not change the connector identity exposed to the running Codex session.
- A read-only connector check still returned the cloud-linked GitHub account, confirming the connector identity is independent from local
gh.
Expected behavior:
- Before any GitHub write action, Codex should clearly show the exact GitHub account that will be used.
- If local
gh and cloud connector GitHub identities differ, Codex should warn and require explicit confirmation.
- Codex should provide a visible path to disconnect or switch the cloud GitHub connector account.
- Ideally, issue/PR creation should not proceed unless the active GitHub identity is displayed in the approval prompt.
Why this matters:
Users may switch between multiple ChatGPT/OpenAI accounts in Codex. Each account may have different cloud app/connector state. A user can reasonably assume GitHub actions use local gh, especially when local gh is authenticated and the local GitHub plugin appears disabled. Without an explicit identity check, Codex can perform public GitHub writes under an unexpected GitHub account.
Environment:
- Codex App
- macOS
- Local
gh authenticated
- Codex auth mode: ChatGPT
- GitHub connector available through Codex Apps / cloud connector state
Notes:
This report is not claiming proven cross-account credential leakage. The confirmed issue is that Codex uses cloud connector GitHub identity independently from local CLI identity and does not make that identity obvious before write actions.
When using Codex with the GitHub connector, GitHub write actions appear to use the GitHub account connected through the active ChatGPT/OpenAI cloud account, not the locally authenticated
ghCLI account.This is surprising and risky because the active GitHub identity is not clearly surfaced before public write actions.
Observed behavior:
gh auth statusshowed a different active GitHub account than the account used by the Codex GitHub connector.gh.Expected behavior:
ghand cloud connector GitHub identities differ, Codex should warn and require explicit confirmation.Why this matters:
Users may switch between multiple ChatGPT/OpenAI accounts in Codex. Each account may have different cloud app/connector state. A user can reasonably assume GitHub actions use local
gh, especially when localghis authenticated and the local GitHub plugin appears disabled. Without an explicit identity check, Codex can perform public GitHub writes under an unexpected GitHub account.Environment:
ghauthenticatedNotes:
This report is not claiming proven cross-account credential leakage. The confirmed issue is that Codex uses cloud connector GitHub identity independently from local CLI identity and does not make that identity obvious before write actions.