Summary
mcp_servers.<id>.default_tools_approval_mode is supported in config, but codex mcp add cannot set it. That leaves scripted/noninteractive setups hand-editing TOML, and JSON readbacks do not expose the server-level default.
Proposed change
Add:
codex mcp add <name> --default-tools-approval-mode <auto|prompt|approve> -- <command> [args...]
The flag would persist the existing default_tools_approval_mode field. codex mcp get --json and codex mcp list --json would include it so setup scripts can verify the result. Existing defaults and runtime approval precedence are unchanged.
Ready patch
I prepared and tested a minimal branch:
I tried to open this as a pull request, but GitHub shows: "An owner of this repository has limited the ability to open a pull request to users that are collaborators on this repository." Filing this issue so the tested patch is visible and easy to cherry-pick or recreate.
Tests run
PATH=/home/rage/.cargo/bin:$PATH just test -p codex-cli --test mcp_add_remove
PATH=/home/rage/.cargo/bin:$PATH just fix -p codex-cli
git diff --check
PATH=/home/rage/.cargo/bin:$PATH cargo fmt --check -- --config imports_granularity=Item
The targeted CLI integration test passed, including valid persistence/readback and invalid-mode rejection. cargo fmt --check exited 0, with stable rustfmt warning that imports_granularity = Item is nightly-only.
Note: just fmt completed the Rust formatting phase, then failed in the Python SDK ruff phase because openai-codex-cli-bin==0.132.0 has no Linux glibc wheel for this platform. No SDK files were changed.
Related: #24135 and #13476. This is a narrow CLI/config surface improvement, not a complete resolution of all runtime MCP approval behavior.
Summary
mcp_servers.<id>.default_tools_approval_modeis supported in config, butcodex mcp addcannot set it. That leaves scripted/noninteractive setups hand-editing TOML, and JSON readbacks do not expose the server-level default.Proposed change
Add:
The flag would persist the existing
default_tools_approval_modefield.codex mcp get --jsonandcodex mcp list --jsonwould include it so setup scripts can verify the result. Existing defaults and runtime approval precedence are unchanged.Ready patch
I prepared and tested a minimal branch:
I tried to open this as a pull request, but GitHub shows: "An owner of this repository has limited the ability to open a pull request to users that are collaborators on this repository." Filing this issue so the tested patch is visible and easy to cherry-pick or recreate.
Tests run
The targeted CLI integration test passed, including valid persistence/readback and invalid-mode rejection.
cargo fmt --checkexited 0, with stable rustfmt warning thatimports_granularity = Itemis nightly-only.Note:
just fmtcompleted the Rust formatting phase, then failed in the Python SDK ruff phase becauseopenai-codex-cli-bin==0.132.0has no Linux glibc wheel for this platform. No SDK files were changed.Related: #24135 and #13476. This is a narrow CLI/config surface improvement, not a complete resolution of all runtime MCP approval behavior.