Gabriel Peal

This commit **upgrades the `rmcp` dependency to version 0.15**, addressing a **critical bug** in `rmcp` 0.14 that broke **MCP OAuth functionality** for integrations like Linear. The upgrade necessitates extensive **refactoring** across the `codex-rs/core`, `exec-server`, and `mcp-server` modules to align with the updated `rmcp` model. Specifically, it modifies **elicitation request handling**, updates client capabilities, and adjusts **tool specifications** by adding an `execution` field to `Tool` structs and a `description` to `Implementation` structs. This ensures **compatibility** with the latest protocol and **restores stable MCP OAuth operations**.

This commit introduces a **new feature** to the **MCP connection manager** (`mcp_connection_manager.rs`) by implementing a **tool name sanitization** process. It adds the `sanitize_responses_api_tool_name` function, which ensures that **MCP tool names** conform to the `^[a-zA-Z0-9_-]+$` regex required by the **Responses API** by replacing non-conforming characters with underscores. This critical update is integrated into the `qualify_tools` process, resolving compatibility issues and enabling seamless registration and usage of **MCP tools** with the **Responses API**. Additionally, a `sha1_hex` helper function is introduced for general utility.

This commit introduces a **new feature** enabling users, particularly **enterprise administrators**, to disable automatic update checks and messages within the application. It adds a `check_for_update_on_startup` field to the **core configuration** (`Config` struct) in `codex-rs/core`, defaulting to `true`. The **TUI's update checking mechanism** in `codex-rs/tui/src/updates.rs` is modified to respect this setting, preventing `get_upgrade_version` and `get_upgrade_version_for_popup` from executing if disabled. This provides crucial control for centrally managed environments by allowing administrators to prevent `codex-rs` from performing self-update checks. The new configuration option is also documented in `docs/config.md`.

This commit **re-adds the `--log-level warn` argument to the Prettier command** within the **TypeScript generation process** for the `codex-rs/app-server-protocol` module. This is a **maintenance fix** to restore a previously intended configuration that was inadvertently removed due to a bad diamond merge. The change ensures that Prettier's output during the `generate_ts` operation is less verbose, only displaying warnings and errors, thereby improving the readability of build logs and reducing unnecessary noise.

This commit **reduces the verbosity** of Prettier's output during **TypeScript protocol generation**. Specifically, it modifies the `generate_ts` function within `codex-rs/protocol-ts/src/lib.rs` to pass `--log-level warn` to the Prettier command. This **maintenance** change prevents the excessive logging of every formatted file, thereby **improving the readability** of downstream script outputs and enhancing the overall developer experience.

This commit introduces a **new capability** by **adding comprehensive session metadata** to the `listConversations` API. The **`app-server-protocol`**'s `ConversationSummary` struct is extended with new fields, and a `ConversationGitInfo` struct is defined to encapsulate details like CWD, CLI version, source, and Git information. The **`app-server`**'s `codex_message_processor.rs` is updated to extract and populate this additional context during conversation summary generation, specifically within the `list_conversations` and `extract_conversation_summary` logic. This **enhancement** provides richer contextual data for each conversation, unlocking new product experiences for app server consumers.

This commit **updates the `rmcp` dependency to version `0.8.5`**, specifically targeting the **Model Context Protocol (MCP) integration**. This **dependency update** incorporates a crucial fix for **OAuth authentication issues** affecting various MCP servers. It is expected to resolve problems with services like **Todoist** and potentially address broader authentication challenges within the `openai/codex` ecosystem. This **bug fix** improves overall stability and reliability for MCP server interactions requiring OAuth.

This commit performs a **dependency upgrade** for the `rmcp` library, advancing it to version `0.8.4`. This update is a **maintenance task** that incorporates a critical **bug fix** from the `modelcontextprotocol/rust-sdk` project. Specifically, it **resolves issue #6164** which impacted the `openai/codex` system, ensuring improved stability and correctness in interactions with the Model Context Protocol. The upgrade primarily affects the **core communication and data handling layer** that relies on `rmcp`, enhancing the reliability of protocol operations.

This commit introduces a **new capability** to the **App Server**, enabling the fetching and resuming of conversation summaries using only a conversation ID, thereby removing the previous requirement for a `rollout_path`. This **feature enhancement** updates the `app-server-protocol` by modifying `GetConversationSummaryParams` and `ResumeConversationParams` to support ID-based lookups, with the core logic implemented in `codex_message_processor`'s `handle_get_conversation_summary` and `handle_resume_conversation` functions. The change significantly **simplifies client-side integration** by abstracting away the need for clients to store and manage platform-specific `rollout_path` details, improving developer convenience and reducing complexity in conversation management.

This commit introduces a **critical new capability** by enabling the model to **semantically process image content returned from Multi-Content Protocol (MCP) tool calls**, effectively **fixing bug #4819**. It enhances the **chat completions** (`stream_chat_completions`) to support multimodal outputs and refactors core data structures like `FunctionCallOutputPayload` and `ToolOutput::Function` within `codex-rs/protocol/src/models.rs` to correctly propagate image data. This allows the model to accurately interpret visual information from tools, making **visual MCP servers** (e.g., Chrome, Figma) fully functional and significantly improving the system's overall intelligence and utility.

This commit provides **minor documentation clarifications** within the **configuration guide** for `stdio` tokens. It specifically updates the example bearer token environment variable name from a generic placeholder to `ENV_VAR` in `docs/config.md`. This **documentation update** is a **maintenance** task that enhances user understanding, ensuring correct implementation of environment variables for token configuration.

This commit introduces a **bug fix** and **maintenance** improvement within the **`codex-rs/cli`** module, specifically affecting the `mcp add` command. It properly **gates the OAuth login process** that occurs after `mcp add` by adding a conditional check within the `run_add` function. This ensures that the login flow is only triggered when the `experimental_use_rmcp_client` feature flag is active, preventing unintended login prompts. The change aligns the behavior of `mcp add` with other parts of the system that already incorporate this conditional logic, ensuring consistent and correct execution based on experimental feature enablement.

This commit introduces a **security enhancement** by implementing **redaction of sensitive environment variable values and HTTP headers** across the `codex-rs` application. It modifies the **CLI commands** `mcp list` and `mcp get` to mask sensitive data in their output, and extends this redaction to the **TUI display** via `new_mcp_tools_output`. The core redaction logic is handled by updating the `format_env_display` utility to replace sensitive values with `*****`. This **prevents accidental exposure of confidential information** when inspecting system or command outputs, significantly improving data privacy for users.

This commit **improves error handling** within the **MCP initialization process** to provide clearer feedback to users. It specifically **enhances startup timeout error messages** in `codex-rs/core/src/codex.rs` to help users self-serve and **clarifies GitHub Personal Access Token (PAT) requirements** when authentication fails. This **maintenance** work aims to **reduce user confusion** and **improve the developer experience** by making common startup issues easier to diagnose. Additionally, the `DEFAULT_STARTUP_TIMEOUT` constant in `codex-rs/core/src/mcp_connection_manager.rs` has been **refactored** to be public, allowing broader use.

[MCP] Update rmcp to 0.8.3 (#5542)

This commit **refactors** the **Message Control Protocol (MCP) client implementation** by **removing the legacy stdio client** and making the `RmcpClient` the **default and sole client** for all MCP connections. The `McpConnectionManager` in `codex-rs/core` has been updated to exclusively use `RmcpClient`, eliminating the `McpClientAdapter`. This **maintenance** task streamlines the codebase and **removes deprecated functionality** without introducing any functional changes for users. Additionally, documentation for the `RmcpClient` feature and the `experimental_use_rmcp_client` configuration flag has been updated to reflect this new default behavior and the flag's revised purpose.

This commit **introduces a new feature** that allows users to specify OAuth scopes when authenticating with the Managed Cloud Platform (MCP) via the command-line interface. The **`codex-rs/cli`**'s `mcp login` command now supports a `--scopes` argument, enabling explicit control over requested permissions. These specified scopes are then passed to the **`codex-rs/rmcp-client`**'s `perform_oauth_login` function, which integrates them into the OAuth authorization flow. This enhancement provides greater flexibility and security by allowing fine-grained permission management during **MCP authentication**.

This commit **fixes flaky authentication tests** within the **`codex-rs/core` module** by ensuring their serial execution. Specifically, it applies `#[serial(codex_api_key)]` attributes to relevant test functions in `codex-rs/core/src/auth.rs`. This **maintenance fix** prevents race conditions and shared state issues, significantly improving the reliability and stability of the **authentication test suite**. The change addresses intermittent failures, making the CI/CD pipeline more robust.

[MCP] Bump rmcp to 0.8.2 (#5423)

This commit introduces a **dedicated error message** for **GitHub MCPs** when a Personal Access Token (PAT) is missing, significantly improving user guidance. A new helper function, `mcp_init_error_display`, is added to the **`codex-rs/core`** module and integrated into `Session::start_mcp_clients` to provide specific instructions during client initialization failures. This **enhancement** is supported by **refactoring** in **`codex-rs/core/src/mcp/auth.rs`** to define `McpAuthStatusEntry` and update `compute_auth_statuses`, with the `codex-rs/cli` module adapting to this new structure. This change directly addresses user confusion by providing actionable feedback for a common GitHub MCP setup issue, making the system appear less "broken" to users.