[codex] Fix Codex custom provider env handling

[kitakitsune0x]

Summary

• validate custom Codex provider env_key requirements earlier so missing secrets fail with a clear provider error
• teach the dev/start runtime flows to use Turbo's loose env mode so shell secrets like CODEX_LB_API_KEY reach the t3 server task
• add regression coverage for Codex provider env parsing and the dev-runner Turbo args

Root cause

Turbo was launching the runtime tasks in strict environment mode, which filtered out provider secrets from the backend process even when they were present in the parent shell. That made custom Codex providers like codex-lb fail at runtime with a missing environment variable.

Validation

• bun fmt
• bun lint
• bun typecheck
• ./node_modules/.bin/vitest run scripts/dev-runner.test.ts

Note

Fix Codex custom provider env variable handling in checkCodexProviderStatus

• Adds readCodexConfigProviderSelection to parse config.toml once and return both the selected model_provider and a map of env_key values per provider section.
• Adds readCodexConfigModelProviderEnvKey to expose the env_key for the active custom provider.
• Updates checkCodexProviderStatus to return an error status with an explicit message when a custom non-OpenAI provider's env_key is defined in config but the corresponding environment variable is not set; returns ready (skipping OpenAI auth) when the env var is present.
• Adds --env-mode=loose to all turbo invocations in dev and start scripts so environment variables are passed through correctly.

^{Macroscope summarized 34fa4a2.}

---

Note

Medium Risk
Changes provider health-check logic and how turbo tasks inherit environment variables, which can affect runtime startup behavior for Codex and dev/start workflows.

Overview
Codex custom model provider detection now parses config.toml sections to capture both the active model_provider and any per-provider env_key, and checkCodexProviderStatus fails early with a clear error if the required env var for the selected custom provider is missing (skipping the OpenAI login probe only when properly configured).

Dev/start task execution is updated to run Turbo in --env-mode=loose (both package.json start scripts and scripts/dev-runner.ts MODE_ARGS), with new/updated tests covering TOML env_key parsing, scoped env var handling, and the presence of the loose env mode flags.

^{Reviewed by Cursor Bugbot for commit 34fa4a2. Bugbot is set up for automated code reviews on this repo. Configure here.}

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: bda98ee9-2575-477b-8a59-200c8d1e696b

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 82e7ab9. Configure here.}

[macroscopeapp]

Approvability

Verdict: Approved

This is a well-scoped bug fix that adds early detection for missing environment variables when using custom Codex providers. The changes involve TOML parsing enhancements and a defensive check that improves error messages. Comprehensive tests cover the new functionality, and the turbo config changes are minor development tooling adjustments.

^{You can customize Macroscope's approvability policy. Learn more.}