Executive Summary
6-hour window analysis (2026-04-20T13:09–19:09 UTC) surfaced 3 distinct failure modes across 31 total runs. Two are already tracked; one new failure pattern (chatgpt.com firewall block in the Codex AI Moderator) has no existing coverage and is tracked in sub-issue #27412 .
Failure Clusters
Cluster
Runs
Engine
Root Cause
Tracked?
Priority
AI Moderator — OpenAI 401 Unauthorized
§24680519515 Codex
Missing bearer auth header for api.openai.com
✅ #27404
P1
AI Moderator — chatgpt.com firewall block
§24681803841 Codex
1 blocked egress to chatgpt.com:443
❌ #27412
P1
Design Decision Gate — safeoutputs MCP drop
§24680939211 Claude Code
HTTP connection to safeoutputs MCP dropped after 63s
✅ #27405
P1
Smoke CI cancellations
24681457679, 24680574781, 24680545696
—
Superseded by newer pushes on main
✗ (expected)
—
Evidence
AI Moderator — chatgpt.com firewall block (run 24681803841)
Engine: Codex v0.121.0 (auto model)
Trigger: issues event, actor: verkyyi
Firewall: api.openai.com:443 — 13 allowed; chatgpt.com:443 — 1 blocked ; github.com:443 — 2 allowed
0 agent turns recorded despite agent job running 1.4 minutes
No auth errors; OpenAI credentials functional for the 13 allowed calls
Log file: 1 MB of agent stdio recorded despite 0 parsed turns
Different failure mode from issue [aw] AI Moderator failed #27404
AI Moderator — OpenAI 401 (run 24680519515)
Engine: Codex, trigger: issues event, actor: Daidanny008
Error: unexpected status 401 Unauthorized: Missing bearer or basic authentication in header
URL: api.openai.com/v1/responses
Reconnect loop: 5 retries before terminal failure
Already tracked in [aw] AI Moderator failed #27404
Design Decision Gate — safeoutputs MCP drop (run 24680939211)
Engine: Claude Code, trigger: PR copilot/add-codemod-for-serena-conversion
Agent completed 6 turns; wrote ADR file; attempted git add docs/adr/274...
safeoutputs MCP: HTTP connection dropped after 63s uptime
detection and safe_outputs jobs were skipped as a result0/12 network requests blocked (not a firewall issue — MCP-layer timeout)
Already tracked in [aw] Design Decision Gate 🏗️ failed #27405
Existing Issue Correlation
Issue
Status
Assessment
#27404 — AI Moderator OpenAI 401Open
Still active; run 24680519515 confirms recurrence
#27405 — Design Decision Gate safeoutputs MCP dropOpen
Transient or recurring; run 24680939211 confirms occurrence
#27396 — No-Op Runs trackerOpen
Normal operation tracker, no action needed
No issues to close — all open issues reflect genuinely unresolved failure modes.
Fix Roadmap
Priority
Issue
Action
P1
#27412 (new)Investigate why Codex v0.121.0 calls chatgpt.com; add to allowlist or fix agent behavior
P1
#27404 Investigate intermittent OpenAI API 401 auth failures for Codex engine
P1
#27405 Fix safeoutputs MCP connection stability (timeout threshold or retry logic)
Sub-Issues Created
References:
Executive Summary
6-hour window analysis (2026-04-20T13:09–19:09 UTC) surfaced 3 distinct failure modes across 31 total runs. Two are already tracked; one new failure pattern (chatgpt.com firewall block in the Codex AI Moderator) has no existing coverage and is tracked in sub-issue #27412.
Failure Clusters
api.openai.comchatgpt.com:443safeoutputsMCP dropped after 63sEvidence
AI Moderator — chatgpt.com firewall block (run 24681803841)
automodel)issuesevent, actor: verkyyiapi.openai.com:443— 13 allowed;chatgpt.com:443— 1 blocked;github.com:443— 2 allowedAI Moderator — OpenAI 401 (run 24680519515)
issuesevent, actor: Daidanny008unexpected status 401 Unauthorized: Missing bearer or basic authentication in headerapi.openai.com/v1/responsesDesign Decision Gate — safeoutputs MCP drop (run 24680939211)
copilot/add-codemod-for-serena-conversiongit add docs/adr/274...HTTP connection dropped after 63s uptimedetectionandsafe_outputsjobs were skipped as a resultExisting Issue Correlation
No issues to close — all open issues reflect genuinely unresolved failure modes.
Fix Roadmap
chatgpt.com; add to allowlist or fix agent behaviorSub-Issues Created
chatgpt.comblocked by firewallReferences: