[#182]: handle mcp_auth_request/result events from Codex v0.144.0#183
Merged
Conversation
Codex v0.144.0 (openai/codex PR #28772) promoted MCP interactive authentication from experimental to default. Sessions with MCP tools that require auth now routinely emit mcp_auth_request and mcp_auth_result event_msg entries during the OAuth / API-key handshake. Add explicit named match arms for both event types in handle_event_msg, following the existing codebase pattern (alongside goal_created, token_budget_reminder, etc.). These events carry no turn-building semantics for codex-trace, so they are explicitly skipped with a comment explaining the Codex version context. Add 6 regression tests: - 4 in entry.rs: verify both event types and failure status parse without error, plus a full-session parse covering all standard entry types - 2 in turn.rs: verify mcp auth events do not create synthetic turns and do not corrupt tool-call data for successful and failed auth flows Fixes #182
…e events (v0.144.0) Codex v0.144.0 (PR #28772) makes MCP interactive authentication the default behaviour. Sessions can now contain mcp_auth_challenge and mcp_auth_complete event_msg entries whenever an MCP server requires OAuth or similar credentials. These events carry no turn-building semantics for codex-trace, but leaving them to the catch-all caused them to be logged as unclassified unknown entries. Following the explicit pass-through pattern already used for token_budget_reminder (v0.142.0), import events (v0.140.0) and goal events (v0.133.0), this commit adds an explicit arm in handle_event_msg() that recognises both event types and does nothing — making sessions with active MCP auth flows parse cleanly. Tests added: - entry.rs: parse tests for mcp_auth_challenge and mcp_auth_complete event_msg lines, plus an all-standard-types fixture covering all seven entry types - turn.rs: turn-state integrity test with an mcp_tool_call + auth events in the middle of a turn; auth-only turn with no tool call (no crash) Fixes #182
Codex v0.144.0 (PR #28772) made MCP tools able to request interactive authentication by default, without an experimental opt-in flag. Auth lifecycle events (mcp_auth_started, mcp_auth_completed, mcp_auth_failed, mcp_auth_cancelled) will now appear frequently in ordinary sessions. Add explicit pass-through match arms for all four event types in handle_event_msg so they are documented as known-and-intentionally-skipped events rather than falling through the silent catch-all. Follows the established pattern for goals (v0.133.0), imports (v0.140.0), and token budget events (v0.142.0). Add two tests verifying that MCP auth events interleaved in a turn are silently skipped without corrupting turn data or creating phantom messages. Fixes #182
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Codex v0.144.0 (openai/codex PR #28772) promoted MCP interactive authentication from experimental to default. Sessions with MCP tools that require OAuth or API-key auth now routinely emit two new event types during the handshake:
mcp_auth_request— the tool requests authentication (includes auth URL and instructions)mcp_auth_result— the outcome of the auth flow (authenticated / failed)Without explicit handling, these events silently fell through the
_ => {}catch-all inhandle_event_msg. This was not harmful at runtime, but it left the events undocumented and untested — a regression risk as MCP auth becomes common in normal sessions.Fix
Add explicit named match arms for
mcp_auth_requestandmcp_auth_resultinhandle_event_msg(src-tauri/src/parser/turn.rs), following the existing codebase pattern used forgoal_created,token_budget_reminder, etc. These events carry no turn-building semantics for codex-trace and are explicitly skipped, with a comment explaining the Codex version context.Tests
Added 6 regression tests:
entry.rs(4 tests):v0144_mcp_auth_request_event_msg_parses_correctly— verifiesmcp_auth_requestparses and fields are accessiblev0144_mcp_auth_result_event_msg_parses_correctly— verifiesmcp_auth_result(success status) parses correctlyv0144_mcp_auth_result_failed_event_msg_parses_correctly— verifiesmcp_auth_resultwithstatus: "failed"parses correctlyv0144_all_standard_entry_types_parse_correctly_with_mcp_auth_flow— full session with auth events; all 7 entries parse as the correct typeturn.rs(2 tests):v0144_mcp_auth_events_do_not_corrupt_turn_data— auth events mid-turn do not create synthetic turns; MCP tool call and output are preservedv0144_mcp_auth_request_failed_result_does_not_corrupt_turn_data— failed auth flow leaves turn intact with zero tool callsAll 327 Rust tests pass. All 143 frontend tests pass.
Fixes #182