mirror of
https://github.com/pchuan98/codex.git
synced 2026-07-01 00:31:56 +08:00
b215961a56
## Why #28522 routes selected-plugin HTTP MCP traffic through the owning executor, but OAuth bootstrap and refresh still used host-local clients. Executor-only servers therefore cannot complete discovery or login through the same network boundary as the MCP connection. ## What changed - adapt `codex_exec_server::HttpClient` to RMCP 1.8's `OAuthHttpClient` contract - let RMCP own discovery, dynamic registration, PKCE, token exchange, and refresh - route auth status, persisted-token startup, and app-server login through the server runtime while preserving the existing local discovery path - add optional `threadId` to `mcpServer/oauth/login` and echo it in the completion notification - implement RMCP's redirect policy and 1 MiB OAuth response limit over executor HTTP - cover selected-thread OAuth discovery and login through an executor-only route Depends on #28522.
89 lines
2.4 KiB
TOML
89 lines
2.4 KiB
TOML
[package]
|
|
name = "codex-rmcp-client"
|
|
version.workspace = true
|
|
edition.workspace = true
|
|
license.workspace = true
|
|
|
|
[lints]
|
|
workspace = true
|
|
|
|
[dependencies]
|
|
anyhow = "1"
|
|
axum = { workspace = true, default-features = false, features = [
|
|
"http1",
|
|
"json",
|
|
"tokio",
|
|
] }
|
|
base64 = { workspace = true }
|
|
codex-api = { workspace = true }
|
|
codex-config = { workspace = true }
|
|
codex-exec-server = { workspace = true }
|
|
codex-keyring-store = { workspace = true }
|
|
codex-protocol = { workspace = true }
|
|
codex-secrets = { workspace = true }
|
|
codex-utils-path-uri = { workspace = true }
|
|
codex-utils-pty = { workspace = true }
|
|
codex-utils-home-dir = { workspace = true }
|
|
bytes = { workspace = true }
|
|
futures = { workspace = true, default-features = false, features = ["std"] }
|
|
keyring = { workspace = true, features = ["crypto-rust"] }
|
|
memchr = { workspace = true }
|
|
oauth2 = "5"
|
|
reqwest = { version = "0.13", default-features = false, features = [
|
|
"json",
|
|
"stream",
|
|
"rustls",
|
|
] }
|
|
rmcp = { workspace = true, default-features = false, features = [
|
|
"auth",
|
|
"base64",
|
|
"client",
|
|
"macros",
|
|
"schemars",
|
|
"server",
|
|
"transport-async-rw",
|
|
"transport-child-process",
|
|
"transport-streamable-http-client-reqwest",
|
|
"transport-streamable-http-server",
|
|
] }
|
|
serde = { workspace = true, features = ["derive"] }
|
|
serde_json = { workspace = true }
|
|
sha2 = { workspace = true }
|
|
sse-stream = "0.2.1"
|
|
thiserror = { workspace = true }
|
|
tiny_http = { workspace = true }
|
|
tokio = { workspace = true, features = [
|
|
"io-util",
|
|
"macros",
|
|
"process",
|
|
"rt-multi-thread",
|
|
"sync",
|
|
"io-std",
|
|
"time",
|
|
] }
|
|
tracing = { workspace = true, features = ["log"] }
|
|
urlencoding = { workspace = true }
|
|
webbrowser = { workspace = true }
|
|
which = { workspace = true }
|
|
|
|
[dev-dependencies]
|
|
codex-utils-cargo-bin = { workspace = true }
|
|
pretty_assertions = { workspace = true }
|
|
serial_test = { workspace = true }
|
|
tempfile = { workspace = true }
|
|
wiremock = { workspace = true }
|
|
[target.'cfg(target_os = "linux")'.dependencies]
|
|
keyring = { workspace = true, features = ["linux-native-async-persistent"] }
|
|
|
|
[target.'cfg(target_os = "macos")'.dependencies]
|
|
keyring = { workspace = true, features = ["apple-native"] }
|
|
|
|
[target.'cfg(target_os = "windows")'.dependencies]
|
|
keyring = { workspace = true, features = ["windows-native"] }
|
|
|
|
[target.'cfg(any(target_os = "freebsd", target_os = "openbsd"))'.dependencies]
|
|
keyring = { workspace = true, features = ["sync-secret-service"] }
|
|
|
|
[lib]
|
|
doctest = false
|