Support Always Allow for MCP app messages

[leoshimo-oai]

Adds config support for “Always allow” on MCP App follow-up messages, scoped to the tool that produced the MCP App interface.

This is modeled after the existing approval_mode flag for "Always Allow" tool calls. It also exposes MCP server provider metadata over app-server status so clients can distinguish Codex Apps, standalone MCP servers, and plugin-owned MCP servers when writing approval config.

mcp_app_message_approval_mode = "auto" keeps the default approval prompt behavior. "approve_in_thread" skips the follow-up approval speed bump when the MCP app sends a message to the current thread.

Config examples

# Codex Apps:
[apps.<app_id>.tools.<tool_name>]
mcp_app_message_approval_mode = "approve_in_thread"

# Standalone MCP server:
[mcp_servers.<server_name>.tools.<tool_name>]
mcp_app_message_approval_mode = "approve_in_thread"

# Plugin-owned MCP server:
[plugins."<plugin_id>".mcp_servers.<server_name>.tools.<tool_name>]
mcp_app_message_approval_mode = "approve_in_thread"

Testing

just write-config-schema
just write-app-server-schema
just fmt
just fix -p codex-config -p codex-core -p codex-app-server-protocol -p codex-app-server
cargo test -p codex-config
cargo test -p codex-core blocking_replace_mcp_servers_serializes_tool_approval_overrides
cargo test -p codex-app-server write_value_supports_custom_mcp_server_message_approval_mode
cargo test -p codex-app-server-protocol schema_fixtures
cargo test -p codex-tui --no-run
env HOME=/private/tmp/codex-bazel-home just argument-comment-lint

Validated against the Codex app branch in openai/openai#890933 using local standalone and plugin MCP servers.

[chatgpt-codex-connector]

💡 Codex Review

codex/codex-rs/core/src/config/edit.rs

Lines 348 to 354 in 9f74246

	if let Some(approval_mode) = config.approval_mode {
	entry["approval_mode"] = value(match approval_mode {
	AppToolApproval::Auto => "auto",
	AppToolApproval::Prompt => "prompt",
	AppToolApproval::Approve => "approve",
	});
	}

Serialize mcp_app_message_approval_mode in MCP tool config

ConfigEdit::ReplaceMcpServers drops the new per-tool message-approval setting. serialize_mcp_server_tool only emits approval_mode, so rewrites of [mcp_servers] strip mcp_app_message_approval_mode from config.toml. This loses persisted “Always allow” message approvals after subsequent config edits/reloads.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[mzeng-openai]

💡 Codex Review

codex/codex-rs/core/src/config/edit.rs

Lines 348 to 354 in 9f74246

	if let Some(approval_mode) = config.approval_mode {
	entry["approval_mode"] = value(match approval_mode {
	AppToolApproval::Auto => "auto",
	AppToolApproval::Prompt => "prompt",
	AppToolApproval::Approve => "approve",
	});
	}

Serialize mcp_app_message_approval_mode in MCP tool config
ConfigEdit::ReplaceMcpServers drops the new per-tool message-approval setting. serialize_mcp_server_tool only emits approval_mode, so rewrites of [mcp_servers] strip mcp_app_message_approval_mode from config.toml. This loses persisted “Always allow” message approvals after subsequent config edits/reloads.

ℹ️ About Codex in GitHub

Seems legit @leoshimo-oai

[leoshimo-oai]

@mzeng - updated.

I also added McpServerProvider to McpServerStatus since you last saw - it allows clients to differentiate where the running MCP came to target config edits correctly.

lmkwyt

[mzeng-openai]

This tech debt is on me, but we really shouldn't be doing hardcoded server name check anymore, I'm getting #20649 in to stop this so hopefully you can rebase and remove this check.

[leoshimo-oai]

that's great - lmk once it's in 👍

[leoshimo-oai]

Noticed McpServerProvenance in the other PR, which reminds me of McpServerProvider. Maybe some dots to connected there.