[MCP] Add support for streamable HTTP MCP servers

[gpeal]

This PR adds support for streamable HTTP MCP servers when the experimental_use_rmcp_client is enabled.

To set one up, simply add a new mcp server config with the url:

[mcp_servers.figma]
url = "http://127.0.0.1:3845/mcp"

It also supports an optional bearer_token which will be provided in an authorization header. The full oauth flow is not supported yet.

The config parsing will throw if it detects that the user mixed and matched config fields (like command + bearer token or url + env).

The best way to review it is to review core/src and then rmcp-client/src/rmcp_client.rs first. The rest is tests and propagating the Transport struct around the codebase.

Example with the Figma MCP:

[chatgpt-codex-connector]

💡 Codex Review

codex/codex-rs/core/src/mcp_connection_manager.rs

Line 191 in 50fcc9a

tracing::error!("new mcp_servers: {mcp_servers:?} use_rmcp_client: {use_rmcp_client}");

[P1] Stop logging full MCP configuration at error level

The new call to tracing::error!("new mcp_servers: {mcp_servers:?} …) emits the entire MCP server configuration – including bearer_token values – every time the connection manager starts. Because error logs are typically collected in production, this effectively dumps secrets to log files and may trigger noisy alerting even when everything succeeds. Consider removing the log or downgrading it to a non‑sensitive, lower‑level message that redacts credentials.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting

• @codex fix this CI failure
• @codex address that feedback

[gpeal]

@codex review it again

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Keep them coming!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting

• @codex fix this CI failure
• @codex address that feedback

[bolinfest]

I don't love that we encourage storing this in plaintext, but I admit we don't have a great alternative for people just yet.

[bolinfest]

We should consider https://docs.rs/secrecy/latest/secrecy/

[gpeal]

And also https://crates.io/crates/keyring

I don't love that this is plain text either and we'll be able to provide better options over time. I just want to get the simplest thing in now and we can build upon it.

[bolinfest]

Why is this not a straight clone? Does it have to be a BTreeMap? Isn't there a .from() or into() you can use instead here?

[gpeal]

This is just indented from the original impl (view the PR without whitespace). I didn't want to make other modifications here

[bolinfest]

Why match &cfg.transport twice? You only use the env in the Stdio case.

[gpeal]

Oh this whole env block can be removed because it's embedded in transport

[bolinfest]

We really need to move all this TOML editing stuff to a separate file.

[bolinfest]

What's going on here? What happens when we drop(listener)?

[gpeal]

Binding 0 us bind to a port that we know will work so but then we release it so the mcp http server can bind to it

[bolinfest]

Pull out these constants somewhere?

[gpeal]

MCP_STREAMABLE_HTTP_BIND_ADDR is shared between this test and the test server in another crate and they intentionally don't depend on each other. The other is internal to this test so I think it's fine.

[bolinfest]

Note the other Cargo.toml files have been updated to use { workspace = true }

[bolinfest]

Is this basically copy/pasted from the previous file? What's the difference?