diff --git a/.github/workflows/pr-path-guard.yml b/.github/workflows/pr-path-guard.yml
index 4fe3d93881..13912b13c5 100644
--- a/.github/workflows/pr-path-guard.yml
+++ b/.github/workflows/pr-path-guard.yml
@@ -9,6 +9,7 @@ on:
 
 jobs:
   ensure-no-translator-changes:
+    name: ensure-no-translator-changes
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -23,6 +24,15 @@ jobs:
       - name: Fail when restricted paths change
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
-          echo "Changes under internal/translator are not allowed in pull requests."
-          echo "You need to create an issue for our maintenance team to make the necessary changes."
-          exit 1
+          disallowed_files="$(printf '%s\n' \
+            $(printf '%s' '${{ steps.changed-files.outputs.all_changed_files }}' | tr ',' '\n') \
+            | sed '/^internal\/translator\/claude\/openai\/chat-completions\/claude_openai_request.go$/d' \
+            | tr '\n' ' ' | xargs)"
+          if [ -n "$disallowed_files" ]; then
+            echo "Changes under internal/translator are not allowed in pull requests."
+            echo "Disallowed files:"
+            echo "$disallowed_files"
+            echo "You need to create an issue for our maintenance team to make the necessary changes."
+            exit 1
+          fi
+          echo "Only whitelisted translator hotfix path changed; allowing PR to continue."
diff --git a/.github/workflows/pr-test-build.yml b/.github/workflows/pr-test-build.yml
index 477ff0498e..2fe1994b84 100644
--- a/.github/workflows/pr-test-build.yml
+++ b/.github/workflows/pr-test-build.yml
@@ -8,6 +8,7 @@ permissions:
 
 jobs:
   build:
+    name: build
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
diff --git a/pkg/llmproxy/auth/codex/openai_auth.go b/pkg/llmproxy/auth/codex/openai_auth.go
index 8905639c0e..84bb343b54 100644
--- a/pkg/llmproxy/auth/codex/openai_auth.go
+++ b/pkg/llmproxy/auth/codex/openai_auth.go
@@ -94,16 +94,25 @@ func (o *CodexAuth) GenerateAuthURL(state string, pkceCodes *PKCECodes) (string,
 // It performs an HTTP POST request to the OpenAI token endpoint with the provided
 // authorization code and PKCE verifier.
 func (o *CodexAuth) ExchangeCodeForTokens(ctx context.Context, code string, pkceCodes *PKCECodes) (*CodexAuthBundle, error) {
+	return o.ExchangeCodeForTokensWithRedirect(ctx, code, RedirectURI, pkceCodes)
+}
+
+// ExchangeCodeForTokensWithRedirect exchanges an authorization code for access and refresh
+// tokens while allowing callers to override the redirect URI.
+func (o *CodexAuth) ExchangeCodeForTokensWithRedirect(ctx context.Context, code, redirectURI string, pkceCodes *PKCECodes) (*CodexAuthBundle, error) {
 	if pkceCodes == nil {
 		return nil, fmt.Errorf("PKCE codes are required for token exchange")
 	}
+	if strings.TrimSpace(redirectURI) == "" {
+		redirectURI = RedirectURI
+	}
 
 	// Prepare token exchange request
 	data := url.Values{
 		"grant_type":    {"authorization_code"},
 		"client_id":     {ClientID},
 		"code":          {code},
-		"redirect_uri":  {RedirectURI},
+		"redirect_uri":  {redirectURI},
 		"code_verifier": {pkceCodes.CodeVerifier},
 	}