feat(mcp): support env-backed HTTP headers for Codex remotes#1761
Open
dijdzv wants to merge 1 commit into
Open
feat(mcp): support env-backed HTTP headers for Codex remotes#1761dijdzv wants to merge 1 commit into
dijdzv wants to merge 1 commit into
Conversation
dijdzv
requested review from
danielmeppiel and
sergio-sisternes-epam
as code owners
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Adds support for “env-backed HTTP headers” (env_headers) across the MCP dependency model, integrator overlays, and Codex target output so secrets can be provided at runtime via environment variables instead of being written into config.
Changes:
- Introduces
MCPDependency.env_headerswith validation and (de)serialization support. - Propagates
env_headersthroughMCPIntegratorremote info and overlay merging. - Maps remote
env_headersto Codexenv_http_headers, with unit + E2E tests and documentation updates.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/unit/test_mcp_overlays.py | Adds unit coverage for env_headers parsing/serialization, validation, and overlay behavior. |
| tests/unit/test_codex_adapter_phase3.py | Verifies Codex adapter maps remote env_headers into env_http_headers (list + dict shapes). |
| tests/integration/test_mcp_targets_gating_e2e.py | Adds E2E coverage ensuring Codex writes env_http_headers into .codex/config.toml. |
| src/apm_cli/models/dependency/mcp.py | Adds env_headers field, validation for CRLF + env var name format, and dict roundtripping. |
| src/apm_cli/integration/mcp_integrator.py | Emits env_headers into remotes and merges overlays into cached server info. |
| src/apm_cli/adapters/client/codex.py | Converts remote env_headers to Codex env_http_headers. |
| docs/src/content/docs/reference/manifest-schema.md | Documents env_headers schema and expected Codex output. |
| docs/src/content/docs/producer/author-primitives/mcp-as-primitive.md | Adds producer-facing docs + examples for env_headers. |
| docs/src/content/docs/consumer/install-mcp-servers.md | Adds consumer install docs describing native env-header binding usage. |
dijdzv
changed the title
Author
|
@microsoft-github-policy-service agree |
dijdzv
force-pushed
the
codex/env-http-headers
branch
from
60c1efe to
58aeebf
Compare
dijdzv
force-pushed
the
codex/env-http-headers
branch
from
58aeebf to
222016a
Compare
Codex supports remote MCP headers whose values are read from environment variables at runtime, but APM only emitted static HTTP headers. This forced secret-bearing headers to be resolved or stored during install. Add an env_headers MCP manifest field and map it to Codex env_http_headers while preserving existing static header behavior. Cover self-defined remotes, overlay merging, Codex formatting for list and dict shapes, and the end-to-end Codex config write path.
dijdzv
force-pushed
the
codex/env-http-headers
branch
from
222016a to
a2412fb
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
TL;DR
Add
env_headerssupport for remote MCP dependencies and map it to Codex CLI'senv_http_headers.This lets APM generate Codex remote MCP config that references environment variables for HTTP header values, instead of writing secret values into
.codex/config.toml. Existing staticheadersbehavior is preserved as Codexhttp_headers.Problem
APM already supports static HTTP headers for remote MCP servers, but Codex has a separate runtime-env header surface:
http_headersenv_http_headersWithout an APM manifest field for the second shape, package authors cannot express "write this header name, but read its value from this environment variable at runtime" for Codex remotes.
Approach
Introduce a generic MCP dependency field:
Then map it to Codex config:
Static
headerscontinue to map to Codexhttp_headers.Implementation
MCPDependencynow parses, serializes, displays, and validatesenv_headers.MCPIntegratorcarriesenv_headersthrough self-defined remote generation and overlay merging.env_http_headersfor remote MCP config.Validation
Result:
283 passed in 1.63sResult:
All checks passed!Result:
1256 files already formattedSmoke tested this branch's APM against a temporary project with a streamable HTTP MCP entry using
env_headers:The generated Codex config contained:
codex execloaded the generated config and successfully called the remote MCP tool.How to test
env_headers.apm install --target codex --only mcp..codex/config.tomlcontainsenv_http_headers.codex execwith that Codex config.