fishdan

How I F-ed up the OpenClaw/Codex install (again)

by

dan

I’ve been a ChatGPT Plus user for about two years. I’m a developer, and I use Codex constantly—it’s easily my preferred AI for coding.

Most of my work happens over Remote SSH on a headless Ubuntu box I run called NATHAN. It sits quietly on my local subnet behind a firewall, doing real work.

This post is about a mistake I made there—and one that’s very easy to make if you don’t fully understand how OpenAI auth works.

The Setup

I was setting up OpenClaw on NATHAN.

I’d done this once before, using Codex as the “brain” behind OpenClaw. But something weird happened the first time: within about a week, I got a notice that I had burned through all my tokens. Everything stopped—both my coding and OpenClaw.

That’s not just annoying—that’s a full stop on productivity.

So I tore it down and left it alone for a while.

Background: My API Usage

Separately, I use the OpenAI API in some of my own software projects. Occasionally I need AI level intuition on some problem.

I’ve always been disciplined about it:

  • One API key per project
  • Pay-as-you-go billing
  • Very light usage

Over the last year, I spent about $5 total.

So naturally, I didn’t think much about API costs. They were basically noise.

Round Two: “Let’s Do It Properly”

This week, I decided to try OpenClaw again.

This time I was more intentional:

  • Use Codex to help install it
  • Keep the model lightweight
  • Limit costs

Since I only needed OpenClaw for:

  • email
  • calendar
  • WhatsApp communication

I chose gpt-4.1-mini, which is dramatically cheaper than the model I normally use for coding (think GPT-5.4).

Pricing comparison (rough intuition)

ModelProper Use CaseRelative Cost
GPT-5.4Coding / heavy reasoning$$$$
GPT-4.1-miniAssistants / automation$

That decision was correct. What happened next was not.

The Critical Mistake

During setup, Codex told me to put an API key in my .bashrc:

export OPENAI_API_KEY=sk-...

That makes sense for OpenClaw—it needs a key.

At first, I used one of my existing keys. Then I realized that was too broad, so I:

  • Created a new API project
  • Generated a dedicated key
  • Scoped OpenClaw to that key

All good so far.

What I Didn’t Realize

Here’s the part that got me:

When you export OPENAI_API_KEY globally, everything in that shell environment can use it.

Including:
👉 VS Code running over Remote SSH
👉 Codex inside VS Code

So without realizing it, I had just done this:

  • ❌ Switched Codex from ChatGPT billing
  • ✅ Over to API pay-as-you-go billing

And I didn’t notice. But OpenAI billing did…

The Bigger Misunderstanding

I also had a mental model that turned out to be wrong:

“ChatGPT and OpenAI API are the same thing, just with different keys.”

They are not.

They are completely separate billing systems, even if:

  • you use the same email
  • you log into both
  • they feel unified

Reality:

SystemBilling Model
ChatGPT PlusSubscription
OpenAI APIPay-as-you-go

That distinction matters. A lot.

The $30 Lesson

For about 30 hours, I was coding like normal—using Codex heavily.

Except now I was doing it through the API.

End result:
👉 $30 in charges

That’s not catastrophic, but it’s also not nothing—especially when I already pay for ChatGPT Plus.

Fixing It

Once I understood what happened, the fix was straightforward.

I made sure my Codex auth file looked like this:

{
  "auth_mode": "chatgpt",
  "OPENAI_API_KEY": null
}

And more importantly:

  • Removed OPENAI_API_KEY from .bashrc
  • Ensured it wasn’t exported globally
  • Restarted my remote shell

Now:

  • Codex → uses ChatGPT billing ✅
  • OpenClaw → uses its own API key ✅

Clean separation.

The Good News

Once everything was configured properly:

👉 OpenClaw running on GPT-4.1-mini costs about $0.25/day

That’s right:

  • one quarter aka two bits (couldn’t resist the double entendre).

And that’s exactly what I wanted from the beginning.

The Takeaway

If you’re using Codex + VS Code + Remote SSH:

1. Environment variables are global

If you export an API key in .bashrc, you are affecting:

  • your tools
  • your editor
  • your AI

Not just the app you intended.

2. ChatGPT ≠ API billing

They are separate systems.

Even if they feel unified, they are not interchangeable. Both can power Codex as a coding assistant.

3. Codex will silently switch

If an API key is available, Codex may use it.

No warning. No prompt. Just billing.

4. Be explicit about auth

If you want ChatGPT billing for codex, lock it in to your .codex/auth.json

{
  "auth_mode": "chatgpt"
  "OPENAI_API_KEY": null,
  <other keys> 
}

And make sure any place you WANT to call an API key, you call it specifically and deliberately.

Final Thought

This wasn’t a technical failure—it was a mental model failure — and a CLASSIC AI mistake. Codex as my assistant could have given two shits about the billing issue. It just knew that OpenClaw needed an API key and this was an easy way to get it. I’m going to give codex 20% of the blame — but I deserve a hefty part too.

I assumed:

“This is all one billing system.”

That just ain’t so.

This post formatted and lightly edited by AI

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *