[6/8] Wire remote MCP stdio through executor

[aibrahim-oai]

Summary

• Use the MCP server environment setting to choose local or executor stdio at client startup.
• Keep remote streamable HTTP unsupported until the low-level network API lands.

Stack

o  #18027 [8/8] Fail exec client operations after disconnect
│
o  #18025 [7/8] Cover MCP stdio tests with executor placement
│
@  #17974 [6/8] Wire remote MCP stdio through executor
│
o  #17987 [5/8] Add executor process transport for MCP stdio
│
o  #17986 [4/8] Abstract MCP stdio server launching
│
o  #18020 [3/8] Add pushed exec process events
│
o  #17985 [2/8] Support piped stdin in exec process API
│
o  #17984 [1/8] Add MCP server environment config
│
o  main

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3fdfd5a3a1

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Resolve remote stdio command before invoking exec backend

The remote stdio path builds argv directly from program/args and never runs program_resolver::resolve. On Windows, Command::new("npx")-style invocations can fail without extension/PATHEXT resolution (the same case local stdio already handles). This makes MCP servers that work locally fail when environment = "remote".

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

💡 Codex Review

codex/codex-rs/rmcp-client/src/rmcp_client.rs

Lines 1263 to 1266 in 675e1ea

	Some(duration) => time::timeout(duration, transport)
	.await
	.map_err(|_| anyhow!("timed out handshaking with MCP server after {duration:?}"))?
	.map_err(|err| anyhow!("handshaking with MCP server failed: {err}"))?,

Terminate executor MCP process on handshake failure

The executor-backed stdio process is started before MCP initialization, but handshake is wrapped in time::timeout. On timeout/error, this path returns without calling ExecProcess::terminate, so the child can continue running orphaned on the executor for the rest of the session. The local stdio path has kill_on_drop semantics; this new remote path does not.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7e8dc3c3ba

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Terminate executor stdio process when client init fails

RmcpClient::connect_pending_transport keeps no cleanup guard for StdioTransportInner::Executor (process_group_guard is None). If service::serve_client(...) fails or times out during MCP initialize, rmcp drops the transport without invoking close(), so the executor-started MCP child is left running. Repeated startup retries can leak remote processes until the whole exec session is torn down.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e703917e5e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Pass executor environment into MCP snapshot startup

collect_mcp_snapshot_with_detail/collect_mcp_server_status_snapshot_with_detail now hard-code environment to None when creating McpConnectionManager. Any MCP server configured with environment = "remote" will always fail with “requires an executor environment” in snapshot/status APIs (including app-server status calls), even when an executor environment exists in the caller.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Enforce remote backend before using remote MCP runtime

The Remote branch only checks that exec_environment is Some, then uses get_exec_backend() directly. A local Environment (default case) still satisfies this and silently runs environment = "remote" MCP servers on the local backend, violating expected remote placement/isolation semantics. Validate Environment::is_remote() (or equivalent) before selecting the remote runtime.

Useful? React with 👍 / 👎.

[aibrahim-oai]

Recreated as #18089 from an openai/codex head branch so internal CI uses the normal credentials path.