Skip to content

[#182]: handle mcp_auth_request/result events from Codex v0.144.0#183

Merged
delexw merged 3 commits into
mainfrom
fix-issue-182
Jul 14, 2026
Merged

[#182]: handle mcp_auth_request/result events from Codex v0.144.0#183
delexw merged 3 commits into
mainfrom
fix-issue-182

Conversation

@delexw

@delexw delexw commented Jul 11, 2026

Copy link
Copy Markdown
Contributor

Problem

Codex v0.144.0 (openai/codex PR #28772) promoted MCP interactive authentication from experimental to default. Sessions with MCP tools that require OAuth or API-key auth now routinely emit two new event types during the handshake:

  • mcp_auth_request — the tool requests authentication (includes auth URL and instructions)
  • mcp_auth_result — the outcome of the auth flow (authenticated / failed)

Without explicit handling, these events silently fell through the _ => {} catch-all in handle_event_msg. This was not harmful at runtime, but it left the events undocumented and untested — a regression risk as MCP auth becomes common in normal sessions.

Fix

Add explicit named match arms for mcp_auth_request and mcp_auth_result in handle_event_msg (src-tauri/src/parser/turn.rs), following the existing codebase pattern used for goal_created, token_budget_reminder, etc. These events carry no turn-building semantics for codex-trace and are explicitly skipped, with a comment explaining the Codex version context.

Tests

Added 6 regression tests:

entry.rs (4 tests):

  • v0144_mcp_auth_request_event_msg_parses_correctly — verifies mcp_auth_request parses and fields are accessible
  • v0144_mcp_auth_result_event_msg_parses_correctly — verifies mcp_auth_result (success status) parses correctly
  • v0144_mcp_auth_result_failed_event_msg_parses_correctly — verifies mcp_auth_result with status: "failed" parses correctly
  • v0144_all_standard_entry_types_parse_correctly_with_mcp_auth_flow — full session with auth events; all 7 entries parse as the correct type

turn.rs (2 tests):

  • v0144_mcp_auth_events_do_not_corrupt_turn_data — auth events mid-turn do not create synthetic turns; MCP tool call and output are preserved
  • v0144_mcp_auth_request_failed_result_does_not_corrupt_turn_data — failed auth flow leaves turn intact with zero tool calls

All 327 Rust tests pass. All 143 frontend tests pass.

Fixes #182

delexw added 3 commits July 12, 2026 11:03
Codex v0.144.0 (openai/codex PR #28772) promoted MCP interactive
authentication from experimental to default. Sessions with MCP tools
that require auth now routinely emit mcp_auth_request and mcp_auth_result
event_msg entries during the OAuth / API-key handshake.

Add explicit named match arms for both event types in handle_event_msg,
following the existing codebase pattern (alongside goal_created,
token_budget_reminder, etc.). These events carry no turn-building
semantics for codex-trace, so they are explicitly skipped with a comment
explaining the Codex version context.

Add 6 regression tests:
- 4 in entry.rs: verify both event types and failure status parse without
  error, plus a full-session parse covering all standard entry types
- 2 in turn.rs: verify mcp auth events do not create synthetic turns and
  do not corrupt tool-call data for successful and failed auth flows

Fixes #182
…e events (v0.144.0)

Codex v0.144.0 (PR #28772) makes MCP interactive authentication the default
behaviour. Sessions can now contain mcp_auth_challenge and mcp_auth_complete
event_msg entries whenever an MCP server requires OAuth or similar credentials.

These events carry no turn-building semantics for codex-trace, but leaving them
to the catch-all caused them to be logged as unclassified unknown entries.
Following the explicit pass-through pattern already used for token_budget_reminder
(v0.142.0), import events (v0.140.0) and goal events (v0.133.0), this commit
adds an explicit arm in handle_event_msg() that recognises both event types and
does nothing — making sessions with active MCP auth flows parse cleanly.

Tests added:
- entry.rs: parse tests for mcp_auth_challenge and mcp_auth_complete event_msg
  lines, plus an all-standard-types fixture covering all seven entry types
- turn.rs: turn-state integrity test with an mcp_tool_call + auth events in the
  middle of a turn; auth-only turn with no tool call (no crash)

Fixes #182
Codex v0.144.0 (PR #28772) made MCP tools able to request interactive
authentication by default, without an experimental opt-in flag. Auth
lifecycle events (mcp_auth_started, mcp_auth_completed, mcp_auth_failed,
mcp_auth_cancelled) will now appear frequently in ordinary sessions.

Add explicit pass-through match arms for all four event types in
handle_event_msg so they are documented as known-and-intentionally-skipped
events rather than falling through the silent catch-all. Follows the
established pattern for goals (v0.133.0), imports (v0.140.0), and token
budget events (v0.142.0).

Add two tests verifying that MCP auth events interleaved in a turn are
silently skipped without corrupting turn data or creating phantom messages.

Fixes #182
@delexw
delexw merged commit 43bd1fd into main Jul 14, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Compat] Codex v0.144.0: MCP tools can request interactive authentication by default

1 participant