Skip to content

[tools] Restrict hosted threads to server-registered tools#31526

Draft
richardc-oai wants to merge 3 commits into
mainfrom
richardc/codex/server-registered-tools-only
Draft

[tools] Restrict hosted threads to server-registered tools#31526
richardc-oai wants to merge 3 commits into
mainfrom
richardc/codex/server-registered-tools-only

Conversation

@richardc-oai

Copy link
Copy Markdown
Why/Context/Summary
  • Hosted app-server clients can register a fixed tool inventory, but Codex still adds native, hosted, extension, collaboration, and discovery tools to each turn.
    • Add the structured server_registered_tools_only feature with an exact raw MCP allowlist.
    • When enabled, Codex registers only allowlisted MCP actions and dynamic tools supplied by the app-server client.
    • Disable web/tool search and plugin suggestions before tool exposure is computed.
    • Treat a missing or empty MCP allowlist as deny-all while preserving ordinary tool behavior when the feature is disabled.
  • Preserve the structured policy through config merging and config-lock materialization, and publish its generated config schema.
  • Add unit and request-level integration coverage that compares the complete visible and executable tool inventories.
Test plan
  • just fmt
  • just fix -p codex-features
  • just fix -p codex-config
  • just fix -p codex-core
  • just fix -p codex-thread-manager-sample
  • just argument-comment-lint
  • just write-config-schema
  • just test -p codex-features (54 passed)
  • just test -p codex-config (201 passed)
  • just test -p codex-core (all server-only tests passed; package-only fixture failures passed once the full workspace built the shared test binaries)
  • just test --test-threads 8 outside the outer Seatbelt (11,854 passed, 31 skipped, 8 local-only failures)
    • Both load-sensitive unified-exec failures passed in a focused one-thread rerun (6 passed; one retry).
    • Four Codex-exec tests require danger-full-access, which this laptop's managed /etc/codex/requirements.toml forbids; the package rerun passed the other 124 tests.
    • The two remaining TUI failures reproduced unchanged on the exact f1affbac5 base commit.

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor


Thank you for your submission, we really appreciate it. Like many open-source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution. You can sign the CLA by just posting a Pull Request Comment same as the below format.


I have read the CLA Document and I hereby sign the CLA


You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot.

@richardc-oai

Copy link
Copy Markdown
Author

@codex reviews

@richardc-oai richardc-oai force-pushed the richardc/codex/server-registered-tools-only branch from a166b6e to 0385fbc Compare July 8, 2026 05:38
@richardc-oai

Copy link
Copy Markdown
Author

@codex reviews

@chatgpt-codex-connector

Copy link
Copy Markdown
Contributor

Codex Review: Didn't find any major issues. 🎉

Reviewed commit: 0385fbce60

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant