Chatgpt Codex Onboarding

Name: Chatgpt Codex Onboarding
Author: starchild-ai-agent

starchild-ai-agent/official-skills

Link a ChatGPT or Codex subscription to your agent via OAuth device login so you can use gpt-5-codex and related models without bringing your own API key.

Overview

ChatGPT Codex Onboarding is an agent skill for the Build phase that connects a ChatGPT or Codex subscription through OAuth device-code login instead of an API key.

Install

npx skills add https://github.com/starchild-ai-agent/official-skills --skill chatgpt-codex-onboarding

What is this skill?

Script-mode skill (v2.0.2)—no MCP tools; run documented exports from bash blocks
OAuth device-code flow for ChatGPT Plus, Pro, Team, or Enterprise—not OpenAI API-key BYOK
Explicit guardrails: only when user asks to sign in, login, or use Codex/ChatGPT subscription
Points to byok-custom-model for API-key vendors and model-onboarding reference for the wider landscape
Targets gpt-5-codex, gpt-5, and gpt-5-mini via subscription routing
Script-mode skill version 2.0.2
OAuth device-code flow—not BYOK

Compatible agents: Codex, Claude Code, any compatible agent

Adoption & trust: 1.3k installs on skills.sh; 13 GitHub stars; 2/3 security scanners passed (skills.sh audits).

What problem does it solve?

You have a ChatGPT or Codex subscription but your agent keeps asking for an OpenAI API key you do not want to manage.

Who is it for?

Solo builders who explicitly want to sign in with ChatGPT or Codex and use subscription-backed models in Starchild-style agent environments.

Skip if: OpenAI API-key BYOK, Anthropic or Gemini setup, or fuzzy requests to add OpenAI without confirming subscription versus API key.

When should I use this skill?

User explicitly says sign in with ChatGPT, use Codex subscription, connect ChatGPT Plus/Pro/Team/Enterprise, or login with OpenAI/ChatGPT for subscription access.

What do I get? / Deliverables

Your agent completes subscription OAuth so gpt-5-codex, gpt-5, and gpt-5-mini routes through your plan—then you continue normal coding tasks without BYOK setup.

Completed OAuth device-code login and subscription-backed model routing

Recommended Skills

Microsoft Foundrymicrosoft/azure-skills

Microsoft Foundry skill guides agents through the full Azure AI Foundry lifecycle—containerizing agents, pushing to ACR,…377k installs·1.2k stars

Azure Aimicrosoft/azure-skills

azure-ai is a Prism-oriented quick reference for Microsoft Azure AI work, with the published body centered on the Azure …375k installs·1.2k stars

Azure Hosted Copilot Sdkmicrosoft/azure-skills

Azure Hosted Copilot SDK is Microsoft's entry skill for repos using @github/copilot-sdk—it detects CopilotClient usage, …346k installs·1.2k stars

Lark Eventlarksuite/cli

Lark real-time subscription skill via lark-cli event consume for building bots and streaming webhook-style agent workers…208k installs·13.7k stars

Running Claude Code Via Litellm Copilotxixu-me/skills

Running Claude Code via LiteLLM Copilot walks through pointing Claude Code at a local LiteLLM proxy that forwards Anthro…200k installs·61 stars

Setup Matt Pocock Skillsmattpocock/skills

One-time per-repo setup so Matt Pocock engineering skills share correct issue tracker, triage strings, and domain docume…180k installs·121k stars

Journey fit

Primary fit

BuildAgent skills & templates

Model onboarding is environment setup that happens while you wire the coding agent—canonical shelf is build → agent-tooling before day-to-day implementation. OAuth device-code login is agent-runtime configuration, not application feature code; it belongs beside other Claude Code / Codex connection skills.

How it compares

Subscription OAuth onboarding—not the byok-custom-model path for vendor API keys.

Common Questions / FAQ

Who is chatgpt-codex-onboarding for?

Developers using agent stacks that support Starchild official skills and want ChatGPT/Codex subscription access without storing an OpenAI API key.

When should I use chatgpt-codex-onboarding?

Only when you clearly ask to sign in with ChatGPT, use your Codex subscription, or login with OpenAI for subscription models—not when you mean API-key BYOK.

Is chatgpt-codex-onboarding safe to install?

It is marked protected and runs OAuth via scripted bash; check this page’s Security Audits panel and treat OAuth tokens like credentials—do not commit session artifacts to git.

Workflow Chain

Then invoke: byok custom model

SKILL.md

READMESKILL.md - Chatgpt Codex Onboarding

# 🔐 ChatGPT / Codex OAuth Onboarding

Use the user's existing **ChatGPT or Codex subscription** for `gpt-5-codex`, `gpt-5`, `gpt-5-mini` access — without an API key.

This is a **script-mode skill** — no tools registered. Read this file, then call the exports from a `bash` block.

## See also
- `byok-custom-model` skill — for vendor-key BYOK setup (DIFFERENT mechanism, NOT OAuth)
- `config/context/references/model-onboarding.md` — overall model-selection landscape

---

## When to use this skill

✅ **Use** when the user EXPLICITLY says one of:
- "Sign in with my ChatGPT account"
- "Use my Codex subscription"
- "Connect my ChatGPT Plus / Pro / Team / Enterprise"
- "Login with OpenAI / ChatGPT"

❌ **Do NOT use** for:
- BYOK / API-key-based setup ("Add OpenAI API key", "I have an OpenAI key")
- Other vendors that sound similar (Anthropic, Gemini, Qwen, etc.) → use `byok-custom-model`
- "Add the OpenAI model" without subscription context — ASK first whether they want OAuth (subscription) or BYOK (API key)

⚠️ Vendor names that sound similar (Codex, OpenAI, GPT) are **NOT a signal** to start OAuth on their own. Only an explicit user mention of "subscription / sign in / login with ChatGPT" qualifies.

---

## Onboarding flow

1. **status** — check if a credential already exists (resume vs fresh).
2. **start** — get a verification URL + user code from OpenAI; persisted to disk.
3. Tell the user: open the URL in a browser, log in to their ChatGPT / Codex account, and enter the code. Do NOT auto-poll.
4. Wait for the user to confirm they approved the device.
5. **poll** — finalize the OAuth handshake; on success, the new model becomes available.

If poll returns `status='pending'`, the user hasn't finished yet — wait for them, then poll again. Don't loop poll automatically.

---

## Script usage

```bash
python3 - <<'EOF'
import sys, json
sys.path.insert(0, "/data/workspace/skills/chatgpt-codex-onboarding")
from exports import status, start, poll, logout, refresh, models, usage

# Check current state
print(json.dumps(status(), indent=2))

# Start a flow
result = start()
print(f"Open: {result['verification_url']}\nCode: {result['user_code']}")
EOF
```

After the user approves:

```bash
python3 - <<'EOF'
import sys, json
sys.path.insert(0, "/data/workspace/skills/chatgpt-codex-onboarding")
from exports import poll
print(json.dumps(poll(), indent=2))
EOF
```

---

## Functions

| Function | Required args | Purpose |
|---|---|---|
| `status()` | — | Inspect current OAuth state, expiry, model list |
| `start()` | — | Begin device-code flow → verification_url + user_code |
| `poll(pending_id=None)` | — | Check authorization (call after user confirms approval) |
| `logout()` | — | Disconnect + remove credentials |
| `refresh()` | — | Force-refresh access token (debug; normally automatic) |
| `models(force=False)` | — | List available models from the OAuth endpoint |
| `usage(force=False)` | — | Subscription usage stats |

`force=True` on `models` / `usage` bypasses the cache TTL.

All functions return a dict with `ok: True` on success or `ok: False, error: "..."` on failure.

---

## After connecting

Models appear with the `openai-codex/` prefix:
- `openai-codex/gpt-5-codex` — primary
- `openai-codex/gpt-5` — full GPT-5
- `openai-codex/gpt-5-mini` — smaller / faster

User switches via `/model openai-codex/gpt-5-codex` or the model picker UI.

Subsequent calls hit OpenAI directly using the OAuth token — bypasses the platform proxy. Subscription usage limits apply (not the platform's credit balance).

---

## Reauth

Tokens auto-refresh via `refresh_token`. If a 401 surfaces:
1. `refresh()` — try the manual refresh path.
2. If still failing, `logout()` + restart from `start()`.

---

What is this skill?

Script-mode skill (v2.0.2)—no MCP tools; run documented exports from bash blocks

OAuth device-code flow for ChatGPT Plus, Pro, Team, or Enterprise—not OpenAI API-key BYOK

Explicit guardrails: only when user asks to sign in, login, or use Codex/ChatGPT subscription

Points to byok-custom-model for API-key vendors and model-onboarding reference for the wider landscape

Targets gpt-5-codex, gpt-5, and gpt-5-mini via subscription routing

Script-mode skill version 2.0.2

OAuth device-code flow—not BYOK

Compatible agents: Codex, Claude Code, any compatible agent

Adoption & trust: 1.3k installs on skills.sh; 13 GitHub stars; 2/3 security scanners passed (skills.sh audits).

Journey fit

Primary fit

BuildAgent skills & templates

SKILL.md

READMESKILL.md - Chatgpt Codex Onboarding

# 🔐 ChatGPT / Codex OAuth Onboarding

Use the user's existing **ChatGPT or Codex subscription** for `gpt-5-codex`, `gpt-5`, `gpt-5-mini` access — without an API key.

This is a **script-mode skill** — no tools registered. Read this file, then call the exports from a `bash` block.

## See also
- `byok-custom-model` skill — for vendor-key BYOK setup (DIFFERENT mechanism, NOT OAuth)
- `config/context/references/model-onboarding.md` — overall model-selection landscape

---

## When to use this skill

✅ **Use** when the user EXPLICITLY says one of:
- "Sign in with my ChatGPT account"
- "Use my Codex subscription"
- "Connect my ChatGPT Plus / Pro / Team / Enterprise"
- "Login with OpenAI / ChatGPT"

❌ **Do NOT use** for:
- BYOK / API-key-based setup ("Add OpenAI API key", "I have an OpenAI key")
- Other vendors that sound similar (Anthropic, Gemini, Qwen, etc.) → use `byok-custom-model`
- "Add the OpenAI model" without subscription context — ASK first whether they want OAuth (subscription) or BYOK (API key)

⚠️ Vendor names that sound similar (Codex, OpenAI, GPT) are **NOT a signal** to start OAuth on their own. Only an explicit user mention of "subscription / sign in / login with ChatGPT" qualifies.

---

## Onboarding flow

1. **status** — check if a credential already exists (resume vs fresh).
2. **start** — get a verification URL + user code from OpenAI; persisted to disk.
3. Tell the user: open the URL in a browser, log in to their ChatGPT / Codex account, and enter the code. Do NOT auto-poll.
4. Wait for the user to confirm they approved the device.
5. **poll** — finalize the OAuth handshake; on success, the new model becomes available.

If poll returns `status='pending'`, the user hasn't finished yet — wait for them, then poll again. Don't loop poll automatically.

---

## Script usage

```bash
python3 - <<'EOF'
import sys, json
sys.path.insert(0, "/data/workspace/skills/chatgpt-codex-onboarding")
from exports import status, start, poll, logout, refresh, models, usage

# Check current state
print(json.dumps(status(), indent=2))

# Start a flow
result = start()
print(f"Open: {result['verification_url']}\nCode: {result['user_code']}")
EOF
```

After the user approves:

```bash
python3 - <<'EOF'
import sys, json
sys.path.insert(0, "/data/workspace/skills/chatgpt-codex-onboarding")
from exports import poll
print(json.dumps(poll(), indent=2))
EOF
```

---

## Functions

| Function | Required args | Purpose |
|---|---|---|
| `status()` | — | Inspect current OAuth state, expiry, model list |
| `start()` | — | Begin device-code flow → verification_url + user_code |
| `poll(pending_id=None)` | — | Check authorization (call after user confirms approval) |
| `logout()` | — | Disconnect + remove credentials |
| `refresh()` | — | Force-refresh access token (debug; normally automatic) |
| `models(force=False)` | — | List available models from the OAuth endpoint |
| `usage(force=False)` | — | Subscription usage stats |

`force=True` on `models` / `usage` bypasses the cache TTL.

All functions return a dict with `ok: True` on success or `ok: False, error: "..."` on failure.

---

## After connecting

Models appear with the `openai-codex/` prefix:
- `openai-codex/gpt-5-codex` — primary
- `openai-codex/gpt-5` — full GPT-5
- `openai-codex/gpt-5-mini` — smaller / faster

User switches via `/model openai-codex/gpt-5-codex` or the model picker UI.

Subsequent calls hit OpenAI directly using the OAuth token — bypasses the platform proxy. Subscription usage limits apply (not the platform's credit balance).

---

## Reauth

Tokens auto-refresh via `refresh_token`. If a 401 surfaces:
1. `refresh()` — try the manual refresh path.
2. If still failing, `logout()` + restart from `start()`.

---

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is chatgpt-codex-onboarding for?

When should I use chatgpt-codex-onboarding?

Is chatgpt-codex-onboarding safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is chatgpt-codex-onboarding for?

When should I use chatgpt-codex-onboarding?

Is chatgpt-codex-onboarding safe to install?

SKILL.md