Skip to content

[codex] Add MCP integration#134

Merged
guima-why merged 1 commit into
mainfrom
codex/feature-mcp
Jun 30, 2026
Merged

[codex] Add MCP integration#134
guima-why merged 1 commit into
mainfrom
codex/feature-mcp

Conversation

@guima-why

Copy link
Copy Markdown
Collaborator

Summary

This PR adds full Model Context Protocol (MCP) integration to iac-code across the interactive CLI, headless mode, ACP, A2A, and pipeline flows.

The implementation introduces a new iac_code.mcp package that can load MCP server configuration, connect to local and remote MCP servers, expose MCP tools/resources/prompts/skills to the agent runtime, handle OAuth authentication, persist MCP auth state, and surface connection/configuration warnings without blocking otherwise usable servers.

What Changed

MCP runtime and configuration

  • Added MCP server configuration support with user/local/project scopes.
  • Added project MCP approval handling so .mcp.json servers must be trusted before use.
  • Added environment-variable expansion for MCP config values, including warnings for missing env vars.
  • Added validation for server names, transports, OAuth config, unsupported fields, and plaintext secret risks.
  • Added duplicate-content detection so higher-precedence MCP servers win cleanly.
  • Added keyring-backed MCP auth storage with an environment override for test/non-keyring environments.

Transports, tools, resources, prompts, and skills

  • Added MCP client/manager support for stdio, streamable HTTP, and SSE transports.
  • Added dynamic MCP tool registration using stable mcp__server__tool names.
  • Added built-in list_mcp_resources, read_mcp_resource, and MCP auth helper tools.
  • Added MCP resource rendering, artifact handling, structured content rendering, and base64 artifact storage.
  • Added MCP prompt command registration and argument parsing.
  • Added remote MCP skills exposed through skill://... resources and $mcp__server__skill commands.
  • Added list-changed callback handling for MCP tools/resources/prompts.

OAuth and security

  • Added OAuth metadata discovery, authorization-code flow, loopback callback handling, token refresh, and auth reset support.
  • Added public output sanitization for MCP-derived ACP progress messages so untrusted MCP progress cannot leak local paths or secrets.
  • Rejected unsupported dynamic headersHelper execution and plaintext oauth.clientSecret usage.
  • Added warning paths for unsupported MCP elicitation requests instead of allowing unsafe interactive prompts.

Runtime integrations

  • Integrated MCP runtime setup into AgentFactory so tools/resources/prompts/skills are available to normal chat and pipeline runs.
  • Added MCP warning/progress events to the shared stream event model.
  • Integrated MCP progress/warnings in:
    • REPL
    • headless mode
    • ACP sessions
    • A2A normal mode
    • A2A pipeline mode
  • Ensured session cleanup closes MCP managers for REPL, ACP, A2A, and pipeline runtime paths.
  • Preserved compatibility with recent A2A metadata redaction, image/artifact handling, task persistence, and session recovery changes from main.

CLI and docs

  • Added iac-code mcp commands for adding/removing/listing servers, approving/rejecting project servers, authenticating, and resetting auth state.
  • Added complete website documentation for MCP:
    • Overview
    • Configuration
    • Tools, Resources, Prompts, and Skills
    • OAuth and Security
    • Troubleshooting
  • Added full localized MCP docs for zh-Hans, ja, fr, de, es, and pt.
  • Added website sidebar entries and localized sidebar category labels.

Internationalization

  • Wrapped MCP user-facing runtime strings in _() without using f-strings inside translation calls.
  • Ran make translate and filled real translations for MCP strings in all supported locales.
  • Verified MCP-related PO entries have no empty translations, no fuzzy markers, and no placeholder mismatches.

Why

iac-code previously had no MCP support, which prevented users from connecting external tool/resource/prompt providers in the same way they can in MCP-capable coding assistants. This PR adds that capability while preserving existing execution surfaces and safety requirements:

  • project-level MCP servers are approval-gated,
  • secrets are discouraged from plaintext config,
  • OAuth state is stored separately,
  • warnings are surfaced without taking down unrelated usable servers,
  • untrusted MCP progress/output paths are sanitized before public protocol emission.

Compatibility Notes

I rebased this branch onto the latest origin/main before opening the PR.

During rebase there was one code conflict in src/iac_code/a2a/events.py; the resolution keeps both sides:

  • main's A2A metadata echo redaction import and behavior,
  • this branch's MCP i18n/progress/warning integration.

A follow-up compatibility review compared origin/main..HEAD against the code added on main while this feature was in development. The review found one issue: ACP MCP progress messages were not sanitized before being sent to ACP clients. That has been fixed by applying sanitize_public_text() in _format_mcp_progress_text(), with a regression test covering API-key and local-path redaction.

No remaining required MCP/main compatibility issues were found in the review.

Validation

Ran after rebasing onto origin/main:

make translate
make lint
uv run pytest tests/mcp tests/cli/test_mcp_command.py tests/cli/test_headless.py tests/acp/test_convert.py tests/acp/test_mcp.py tests/acp/test_protocol_lifecycle.py tests/acp/test_scenarios.py tests/acp/test_server_coverage.py tests/a2a/test_events.py tests/a2a/test_executor.py tests/a2a/test_pipeline_events.py tests/a2a/test_pipeline_executor.py tests/a2a/test_task_store.py tests/ui/test_stream_accumulator.py tests/ui/test_repl_integration.py -q
npm run typecheck
npm test
npm run build
git diff --check

Results:

  • make translate: passed
  • make lint: passed
  • targeted pytest suite: 711 passed, 3 warnings
    • warnings are from MCP SDK deprecation notices for streamable_http_client
  • npm run typecheck: passed
  • npm test: passed (6 passed)
  • npm run build: passed for all configured locales (en, zh-Hans, ja, fr, de, es, pt)
  • git diff --check: passed

Review Notes

This is intentionally opened as a draft because the diff is large and touches multiple runtime surfaces. The most important areas to review carefully are:

  • MCP server config precedence and project approval behavior,
  • OAuth auth/refresh/reset flow,
  • ACP/A2A warning and progress event conversion,
  • session/runtime cleanup paths,
  • localized runtime strings and website documentation.

Comment thread src/iac_code/mcp/types.py Fixed
Comment thread tests/cli/test_mcp_command.py Fixed
@guima-why guima-why force-pushed the codex/feature-mcp branch 4 times, most recently from 04ec57f to 55650d7 Compare June 29, 2026 13:19
Comment thread src/iac_code/mcp/types.py Fixed
@guima-why guima-why force-pushed the codex/feature-mcp branch from 55650d7 to e7dbd91 Compare June 29, 2026 13:22
Comment thread src/iac_code/mcp/types.py Fixed
@guima-why guima-why force-pushed the codex/feature-mcp branch from e7dbd91 to 4831eb3 Compare June 29, 2026 13:25
@guima-why guima-why force-pushed the codex/feature-mcp branch from 4831eb3 to 3f0f806 Compare June 29, 2026 13:35
@guima-why guima-why marked this pull request as ready for review June 30, 2026 02:01
@guima-why guima-why merged commit dce7082 into main Jun 30, 2026
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants