core/core-agent-ide
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
core-agent-ide/codex-rs/cli/src
History
blevy-oai bdc4742bfc
Add MCP server scopes config and use it as fallback for OAuth login (#9647) 
### Motivation
- Allow MCP OAuth flows to request scopes defined in `config.toml`
instead of requiring users to always pass `--scopes` on the CLI.
CLI/remote parameters should still override config values.

### Description
- Add optional `scopes: Option<Vec<String>>` to `McpServerConfig` and
`RawMcpServerConfig`, and propagate it through deserialization and the
built config types.
- Serialize `scopes` into the MCP server TOML via
`serialize_mcp_server_table` in `core/src/config/edit.rs` and include
`scopes` in the generated config schema (`core/config.schema.json`).
- CLI: update `codex-rs/cli/src/mcp_cmd.rs` `run_login` to fall back to
`server.scopes` when the `--scopes` flag is empty, with explicit CLI
scopes still taking precedence.
- App server: update
`codex-rs/app-server/src/codex_message_processor.rs`
`mcp_server_oauth_login` to use `params.scopes.or_else(||
server.scopes.clone())` so the RPC path also respects configured scopes.
- Update many test fixtures to initialize the new `scopes` field (set to
`None`) so test code builds with the new struct field.

### Testing
- Ran config tooling and formatters: `just write-config-schema`
(succeeded), `just fmt` (succeeded), and `just fix -p codex-core`, `just
fix -p codex-cli`, `just fix -p codex-app-server` (succeeded where
applicable).
- Ran unit tests for the CLI: `cargo test -p codex-cli` (passed).
- Ran unit tests for core: `cargo test -p codex-core` (ran; many tests
passed but several failed, including model refresh/403-related tests,
shell snapshot/timeouts, and several `unified_exec` expectations).
- Ran app-server tests: `cargo test -p codex-app-server` (ran; many
integration-suite tests failed due to mocked/remote HTTP 401/403
responses and wiremock expectations).

If you want, I can split the tests into smaller focused runs or help
debug the failing integration tests (they appear to be unrelated to the
config change and stem from external HTTP/mocking behaviors encountered
during the test runs).

------
[Codex
Task](https://chatgpt.com/codex/tasks/task_i_69718f505914832ea1f334b3ba064553)
2026-01-26 14:13:04 -08:00
..
debug_sandbox add codex debug seatbelt --log-denials (#4098) 2025-11-10 22:48:14 +00:00
debug_sandbox.rs feat: support allowed_sandbox_modes in requirements.toml (#8298) 2025-12-19 21:09:20 +00:00
exit_status.rs feat: experimental env var: CODEX_SANDBOX_NETWORK_DISABLED (#879) 2025-05-09 18:29:34 -07:00
lib.rs add codex debug seatbelt --log-denials (#4098) 2025-11-10 22:48:14 +00:00
login.rs [device-auth] When headless environment is detected, show device login flow instead. (#8756) 2026-01-08 21:48:30 -08:00
main.rs Aligned feature stage names with public feature maturity stages (#9929) 2026-01-26 11:43:36 -08:00
mcp_cmd.rs Add MCP server scopes config and use it as fallback for OAuth login (#9647) 2026-01-26 14:13:04 -08:00
wsl_paths.rs Fix toasts on Windows under WSL 2 (#7137) 2025-12-11 15:09:00 -08:00