[rmcp-client] Serialize MCP OAuth login and logout#29019
Open
stevenlee-oai wants to merge 1 commit into
Open
Conversation
This was referenced Jun 19, 2026
Contributor
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c81db4f9b3
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
3817102 to
f7e19d4
Compare
c81db4f to
b723a59
Compare
b723a59 to
0da283d
Compare
f7e19d4 to
0857761
Compare
0da283d to
50cbb47
Compare
0857761 to
2316f9d
Compare
2316f9d to
56d1bbb
Compare
50cbb47 to
4d5fa46
Compare
56d1bbb to
a3d15a8
Compare
4d5fa46 to
0c1a341
Compare
a3d15a8 to
588ddc8
Compare
0c1a341 to
8926a37
Compare
588ddc8 to
9b9cf8d
Compare
a548c67 to
e6aa44f
Compare
9b9cf8d to
1725fd0
Compare
e6aa44f to
e7cdf26
Compare
20c28a3 to
cce79ee
Compare
e7cdf26 to
f6102b4
Compare
This was referenced Jun 25, 2026
f6102b4 to
b614316
Compare
cce79ee to
8b83b05
Compare
b614316 to
349a7f4
Compare
349a7f4 to
a727719
Compare
349a7f4 to
674f690
Compare
a5f5c2c to
3202970
Compare
4c3d976 to
a6f054b
Compare
3202970 to
4f9dc56
Compare
a6f054b to
b60ae97
Compare
4f9dc56 to
4d4b956
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Codex Thread 019edd6d-6f14-74e2-853c-345d1803d4a6
Important
This PR belongs to the superseded MCP OAuth stack. Please review and merge the replacement stack beginning with openai/codex#30292. This PR remains available only as historical/reference context.
Replacement review order:
This is part 2 of a five-PR stack that prevents concurrent MCP OAuth refreshes from replaying a rotating refresh token or overwriting newer credentials.
Review order
Autoresolution driftWhy
Login, logout, and refresh all mutate the same credential identity. If login or logout bypasses the refresh transaction lock, an older in-flight refresh can overwrite a completed login or recreate credentials after logout.
What changes
Decisions encoded by this stack
compute_store_key(server_name, url)identity.Autoremains lifecycle-local; part 3 records only non-authoritative diagnostic history and does not add selector metadata or migration.Review focus
Review credential identity consistency and lock ordering across callback persistence, refresh, and CLI logout. Part 3 separately protects aggregate File/Secrets maps after a transaction reaches a store.
Non-goals
Autostore.Validation
just test -p codex-rmcp-client: 90 passed, 2 skipped.just test -p codex-cli: 292 passed.