Skip to content

fix: add integration tests for codex-exec-mcp-server with execpolicy #7617

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bolinfest merged 1 commit into from
Dec 7, 2025
Merged

fix: add integration tests for codex-exec-mcp-server with execpolicy #7617

bolinfest merged 1 commit into from
Dec 7, 2025
+516 −1

Conversation

@bolinfest
Copy link
Collaborator

@bolinfest bolinfest commented Dec 5, 2025
edited
Loading

This PR introduces integration tests that run codex-shell-tool-mcp as a user would. Note that this requires running our fork of Bash, so we introduce a DotSlash file for bash so that we can run the integration tests on multiple platforms without having to check the binaries into the repository. (As noted in the DotSlash file, it is slightly more heavyweight than necessary, which may be worth addressing as disk space in CI is limited: #7678.)

To start, this PR adds two tests:

  • list_tools() makes the list_tools request to the MCP server and verifies we get the expected response
  • accept_elicitation_for_prompt_rule() defines a prefix_rule() with decision="prompt" and verifies the elicitation flow works as expected

Though the accept_elicitation_for_prompt_rule() test only works on Linux, as this PR reveals that there are currently issues when running the Bash fork in a read-only sandbox on Linux. This will have to be fixed in a follow-up PR.

Incidentally, getting this test run to correctly on macOS also requires a recent fix we made to brew that hasn't hit a mainline release yet, so getting CI green in this PR required #7680.

@bolinfest bolinfest force-pushed the pr7617 branch 2 times, most recently from 8eae627 to 73c4d19 Compare December 5, 2025 00:41
@bolinfest bolinfest force-pushed the pr7617 branch 4 times, most recently from 28c11b6 to ce279a3 Compare December 5, 2025 08:19
@bolinfest bolinfest changed the title fix: add test that verifies that codex-exec-mcp-server starts up fix: add integration tests for codex-exec-mcp-server with execpolicy Dec 5, 2025
@bolinfest bolinfest force-pushed the pr7617 branch 7 times, most recently from 11082c5 to b54a7c5 Compare December 5, 2025 18:36
bolinfest added a commit that referenced this pull request Dec 5, 2025
@bolinfest
fix: exec-server should drop oversized env vars when escalating
e2f0cbf 
When trying to introduce an integration test for the `codex-shell-tool-mcp` in
#7617, macOS CI hit serde decode errors in
the escalation pipe when huge env vars inflated the `EscalateRequest` payload
past the stream frame, corrupting JSON. (I'm pretty sure `$GITHUB_EVENT` was the
offending env var.)

This PR updates `exec-server` to filter out oversized env entries and skip
reserved vars before serialization.

It also updates the code to avoid attaching empty `SCM_RIGHTS` control messages
so frames stay lean when no FDs are sent.
@bolinfest bolinfest mentioned this pull request Dec 5, 2025
Closed
bolinfest added a commit that referenced this pull request Dec 5, 2025
@bolinfest
fix: exec-server should drop oversized env vars when escalating
cce0d19 
When trying to introduce an integration test for the `codex-shell-tool-mcp` in
#7617, macOS CI hit serde decode errors in
the escalation pipe when huge env vars inflated the `EscalateRequest` payload
past the stream frame, corrupting JSON. (I'm pretty sure `$GITHUB_EVENT` was the
offending env var.)

This PR updates `exec-server` to filter out oversized env entries and skip
reserved vars before serialization.

It also updates the code to avoid attaching empty `SCM_RIGHTS` control messages
so frames stay lean when no FDs are sent.
@bolinfest bolinfest force-pushed the pr7617 branch 10 times, most recently from e0cdb7a to 657d5e0 Compare December 7, 2025 04:44
@bolinfest bolinfest mentioned this pull request Dec 7, 2025
Merged
bolinfest added a commit that referenced this pull request Dec 7, 2025
@bolinfest
fix: clear out space on ubuntu runners before running Rust tests (#7678)
7386e2e 
When I put up #7617 for review,
initially I started seeing failures on the `ubuntu-24.04` runner used
for Rust test runs for the `x86_64-unknown-linux-gnu` architecture. Chat
suggested a number of things that could be removed to save space, which
seems to help.
@bolinfest bolinfest mentioned this pull request Dec 7, 2025
Merged
bolinfest added a commit that referenced this pull request Dec 7, 2025
@bolinfest
fix: ensure macOS CI runners for Rust tests include recent Homebrew f…
3c087e8 
…ixes (#7680)

As noted in the code comment, we introduced a key fix for `brew` in
Homebrew/brew#21157 that Codex needs, but it has
not hit stable yet, so we update our CI job to use latest `brew` from
`origin/main`.

This is necessary for the new integration tests introduced in
#7617.
@bolinfest bolinfest enabled auto-merge (squash) December 7, 2025 06:37
@bolinfest bolinfest merged commit 3c3d3d1 into main Dec 7, 2025
51 checks passed
@bolinfest bolinfest deleted the pr7617 branch December 7, 2025 06:39
@github-actions github-actions bot locked and limited conversation to collaborators Dec 7, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@zhao-oai zhao-oai zhao-oai approved these changes

@nornagon-openai nornagon-openai Awaiting requested review from nornagon-openai

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bolinfest @zhao-oai