[FEATURE]: Add safety_identifier parameter support for per-user isolation with GPT-5.3-Codex

[nulluserid]

Problem

When using GPT-5.3-Codex through Oh My Opencode with OpenAI provider, I received this error in the OpenCode TUI:

I got this error: {"type":"error","sequence_number":2,"error":{"type":"invalid_request","code":"cyber_policy_violation","message":"This user's access to gpt-5.3-codex-premium-1p-codexswic-ev3 has been temporarily limited for potentially suspicious activity related to cybersecurity. Learn more about our safety mitigations: https://platform.openai.com/docs/guides/safety-checks/cybersecurity","param":"safety_identifier"}}

Note: This error shows the internal OpenAI model name. In Oh My Opencode config, the model is referenced as gpt-5.3-codex (which appears in the plugin's model-requirements.ts for the ultrabrain and deep categories).

My Environment

• OpenCode version: 1.2.15
• Oh My Opencode plugin: Using model gpt-5.3-codex (from ultrabrain or deep category)
• Provider: OpenAI direct

Verification

• I have searched for existing issues before submitting this feature request

Feature Request

Add support for passing the optional safety_identifier parameter to OpenAI API calls for per-user isolation of safety enforcement.

Why This Matters

Per OpenAI's cybersecurity documentation:

"If your organization has not implemented a per-user safety_identifier, access may be temporarily revoked for the entire organization. If your organization provides a unique safety_identifier per end user, access may be temporarily revoked for the specific affected user rather than the entire organization."

Important clarification: The safety_identifier parameter is optional — its absence does not cause the cyber_policy_violation error. The restriction is applied by OpenAI's safety systems based on usage patterns. However, without safety_identifier:

• One user's restricted activity can affect the entire organization
• All users lose GPT-5.3-Codex access when any user triggers safeguards

With safety_identifier:

• Only the specific affected user is restricted
• Other users in the organization can continue using the model

Implementation Request

Since Oh My Opencode wraps the base OpenCode CLI, this requires coordination:

1. Base OpenCode support: The underlying anomalyco/opencode needs to support safety_identifier first (tracked in [FEATURE]: Add safety_identifier parameter support for OpenAI GPT-5.3-Codex to prevent cyber_policy_violation errors anomalyco/opencode#15776)
2. Plugin exposure: Once base CLI supports it, Oh My Opencode should:
   • Allow safetyIdentifier in plugin configuration
   • Pass it through to the underlying OpenCode provider config
   • Optionally auto-generate from hostname+username hash if not explicitly configured

Related

• Base OpenCode issue: [FEATURE]: Add safety_identifier parameter support for OpenAI GPT-5.3-Codex to prevent cyber_policy_violation errors anomalyco/opencode#15776
• I am also pursuing access restoration separately via OpenAI support