Route MCP OAuth recovery through Codex#30294
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e4527fd978
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
stevenlee-oai
force-pushed
the
dev/stevenlee/mcp-oauth-independent-2-refresh-transaction
branch
from
c432fcd to
38b9e10
Compare
stevenlee-oai
force-pushed
the
dev/stevenlee/mcp-oauth-independent-3-transport-recovery
branch
from
e4527fd to
0135226
Compare
stevenlee-oai
force-pushed
the
dev/stevenlee/mcp-oauth-independent-2-refresh-transaction
branch
from
38b9e10 to
c003752
Compare
stevenlee-oai
force-pushed
the
dev/stevenlee/mcp-oauth-independent-3-transport-recovery
branch
from
0135226 to
fc3ba8b
Compare
stevenlee-oai
force-pushed
the
dev/stevenlee/mcp-oauth-independent-2-refresh-transaction
branch
from
c003752 to
c93f236
Compare
stevenlee-oai
force-pushed
the
dev/stevenlee/mcp-oauth-independent-3-transport-recovery
branch
from
fc3ba8b to
5eaa4d4
Compare
|
@codex review |
|
Codex Review: Didn't find any major issues. Hooray! Reviewed commit: ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
|
@codex review |
|
Codex Review: Didn't find any major issues. Breezy! Reviewed commit: ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
|
@codex review [from Codex] Test-only follow-up: the timeout test now explicitly accepts the two valid request-count outcomes around completion of the owned refresh task, while retaining exact one-provider-refresh and refreshed-token expectations. |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 8d9e34b357
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
…on' into dev/stevenlee/mcp-oauth-independent-3-transport-recovery # Conflicts: # codex-rs/rmcp-client/src/oauth.rs # codex-rs/rmcp-client/src/oauth/refresh_transaction.rs # codex-rs/rmcp-client/src/rmcp_client.rs # codex-rs/rmcp-client/src/streamable_http_retry.rs
stevenlee-oai
changed the base branch from
dev/stevenlee/mcp-oauth-independent-2-refresh-transaction
to
dev/stevenlee/mcp-oauth-independent-3-refresh-transaction
|
@codex review — Codex |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a0c55f29f1
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
…on' into dev/stevenlee/mcp-oauth-independent-3-transport-recovery
|
@codex review — Codex |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 73e4bbcd7c
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
@codex review — Codex |
|
Codex Review: Didn't find any major issues. What shall we delve into next? Reviewed commit: ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
1 participant
Codex Thread 019edd6d-6f14-74e2-853c-345d1803d4a6
Stack
Review and merge in order. Every layer is independently correct and documents its safe stopping point.
This PR is layer 4.
Why
Serializing preflight refresh is not enough if RMCP can refresh independently or if RMCP-owned HTTP traffic bypasses Codex recovery. SSE reconnect GETs, session DELETEs, and responses to server-initiated requests need the same Codex-owned policy as public MCP operations.
What this PR does
RmcpClient, where caller deadlines and replay decisions are known.Explicit decisions
Safe stopping point
After this PR, Codex owns refresh and one-shot 401 recovery for every Streamable HTTP path. Login and logout can still race with refresh until layer 5.
Validation
just test -p codex-rmcp-client(112 passed; expected environment skips)