Files
codex-oauth-plus-onboarding…/skill/codex-oauth-plus-onboarding/references/clawemail-quota-identity-gate-before-phone-verify-2026-05-10.md
T

2.7 KiB

ClawEmail quota and reusable-account gate before phone verification (2026-05-10)

Context: after the OpenAI/Codex OAuth flow was mostly proven, BOSS asked to continue using socks5://192.168.2.8:1085 and run the phone-verification part again. The current OpenAI account chickliu.hykolnqk@claw.163.com was already returning account_deactivated, so the expected path was to create a fresh ClawEmail sub-mailbox and reach add-phone again.

What happened

Creating a fresh 8-letter ClawEmail sub-mailbox failed:

OPEN_API_1004
邮箱数量已达上限

The existing sub-mailboxes listed under chickliu@claw.163.com were:

chickliu.ktqcxzux@claw.163.com
chickliu.zlajiqjc@claw.163.com
chickliu.gmmpioju@claw.163.com
chickliu.hykolnqk@claw.163.com

Known state:

  • chickliu.hykolnqk@claw.163.com: OpenAI returned account_deactivated after email-code submit.
  • chickliu.gmmpioju@claw.163.com: OpenAI recognized it as an existing account and showed password login; configured CUSTOM_PASSWORD returned Incorrect email address or password.
  • chickliu.zlajiqjc@claw.163.com: same password mismatch.
  • chickliu.ktqcxzux@claw.163.com: same password mismatch.

Result: no usable account reached add-phone, so no 5sim numbers were purchased. This avoided wasting SMS activations.

Operational lesson

Before running the phone-verification phase, add an identity gate:

  1. Check ClawEmail mailbox quota/list first.
  2. If the current account is account_deactivated, do not continue it.
  3. If a fresh sub-mailbox cannot be created because of quota, do not start 5sim.
  4. Existing sub-mailboxes are not automatically reusable. First verify either:
    • OpenAI login works with the configured password, or
    • the account is genuinely unregistered and can enter signup.
  5. If all existing sub-mailboxes are either deactivated or password-mismatch accounts, stop and ask BOSS to free quota/delete old sub-mailboxes, provide the correct password, or approve another mailbox provider.

Low-token event examples

{"phase":"identity_gate","result":"clawemail_quota_full","code":"OPEN_API_1004"}
{"phase":"identity_gate","email":"chickliu.gmmpioju@claw.163.com","result":"password_mismatch"}
{"phase":"identity_gate","result":"no_usable_mailbox","next":"free_clawemail_quota_or_provide_password"}

Runner impact

The token-lite runner should implement this gate before phone_verify:

  • clawemail list and parse data.mailbox.subMailboxes.
  • Attempt new sub-mailbox creation only if quota allows.
  • Maintain a local status file for each sub-mailbox with outcomes: deactivated, password_mismatch, usable, unknown.
  • Never buy a 5sim activation until the browser is confirmed to be on auth.openai.com/add-phone.