Description
The Codex CLI and codex_apps currently depend on rmcp = "0.15.0".
As reported in multiple issues (e.g., #16485, #12859, #13852), this older version of the RMCP client lacks support for injecting custom HTTP headers (such as User-Agent or specific Auth headers) into Streamable HTTP and WebSocket handshakes. This causes MCP connections to fail behind Cloudflare, strict corporate proxies, or services like Supabase that require specific headers or constant re-authentication.
Proposed Solution
The rmcp crate has seen significant development and the 1.4.0 release introduces critical fixes for these exact problems:
StreamableHttpClient trait methods (post_message, delete_session, get_stream) now accept a headers parameter.- Extensive stability improvements to
PaginatedRequestParams and the OAuthState machine.
We strongly recommend upgrading the rmcp dependency across the workspace to ^1.4.0.
Migration Effort
We have already successfully performed this migration in our downstream fork. Upgrading requires adapting to the new #[non_exhaustive] struct builders in rmcp::model::* (such as InitializeRequestParams, CallToolResult, ServerCapabilities, Implementation) and updating the StreamableHttpClient trait signatures in codex-rmcp-client.
If the maintainers are open to this upgrade, we would be happy to submit a Pull Request with the complete rmcp 1.4.0 migration to help close the aforementioned connection and auth issues.
Description
The Codex CLI and
codex_appscurrently depend onrmcp = "0.15.0".As reported in multiple issues (e.g., #16485, #12859, #13852), this older version of the RMCP client lacks support for injecting custom HTTP headers (such as
User-Agentor specific Auth headers) into Streamable HTTP and WebSocket handshakes. This causes MCP connections to fail behind Cloudflare, strict corporate proxies, or services like Supabase that require specific headers or constant re-authentication.Proposed Solution
The
rmcpcrate has seen significant development and the1.4.0release introduces critical fixes for these exact problems:StreamableHttpClienttrait methods (post_message,delete_session,get_stream) now accept aheadersparameter.PaginatedRequestParamsand theOAuthStatemachine.We strongly recommend upgrading the
rmcpdependency across the workspace to^1.4.0.Migration Effort
We have already successfully performed this migration in our downstream fork. Upgrading requires adapting to the new
#[non_exhaustive]struct builders inrmcp::model::*(such asInitializeRequestParams,CallToolResult,ServerCapabilities,Implementation) and updating theStreamableHttpClienttrait signatures incodex-rmcp-client.If the maintainers are open to this upgrade, we would be happy to submit a Pull Request with the complete
rmcp 1.4.0migration to help close the aforementioned connection and auth issues.