Skip to content

Comments

Adjust MCP tool approval handling for custom servers#11787

Merged
colby-oai merged 5 commits intomainfrom
dev/colby-oai/custom_mcp_approval_check
Feb 19, 2026
Merged

Adjust MCP tool approval handling for custom servers#11787
colby-oai merged 5 commits intomainfrom
dev/colby-oai/custom_mcp_approval_check

Conversation

@colby-oai
Copy link
Contributor

@colby-oai colby-oai commented Feb 13, 2026

Summary
This PR expands MCP client-side approval behavior beyond codex_apps and tightens elicitation capability signaling.

  • Removed the codex_apps-only gate in MCP tool approval checks, so local/custom MCP servers are now eligible for the same client-side approval prompt flow when tool annotations indicate side effects.
  • Updated approval memory keying to support tools without a connector ID (connector_id: Option), allowing “Approve this Session” to be remembered even when connector metadata is missing.
  • Updated prompt text for non-codex_apps tools to identify origin as The MCP server instead of This app.
  • Added MCP initialization capability policy so only codex_apps advertises MCP elicitation capability; other servers advertise no elicitation support.
  • Added regression tests for:
    server-specific prompt copy behavior
    codex-apps-only elicitation capability advertisement

Testing

  • Not run (not requested)

@github-actions
Copy link
Contributor

github-actions bot commented Feb 13, 2026

All contributors have signed the CLA ✍️ ✅
Posted by the CLA Assistant Lite bot.

@colby-oai
Copy link
Contributor Author

I have read the CLA Document and I hereby sign the CLA

github-actions bot added a commit that referenced this pull request Feb 13, 2026
@etraut-openai etraut-openai added the oai PRs contributed by OpenAI employees label Feb 14, 2026
@colby-oai colby-oai force-pushed the dev/colby-oai/custom_mcp_approval_check branch from 10089f1 to ecae922 Compare February 18, 2026 17:00
url: None,
})
} else {
None
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why dropping elicitation for custom MCPs? I do think we have support for custom MCPs that @nornagon-openai built.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mzeng-openai we do have support for server-driven elicitation for custom MCPs, yes. However we essentially need to make a choice between:

  • rely on custom/random mcp servers to elicit at proper times
  • rely on client-side annotations (+ CAM and other controls in the near future)

Otherwise, we risk the bad UX of double approvals. The choice we felt was better here was to not advertise that we support elicitation for custom mcps and instead look at annotations.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we restrict this to custom MCPs only? I don't think we want to just use clientside approval and bypass serverside elicitation all at once for Apps, since we have CAM and all other serverside monitors.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mzeng-openai
Absolutely! The only changes in this PR should be related to custom MCPs. Nothing in this PR touches how codex apps work

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My understanding is currently (before this PR), codex apps are also doing client-side annotation checks. I understand they won't/shouldn't in the very near future as we use connector gateway.

My change in this pr though, is simply extending the annotation checks that exist for codex apps to apply to custom MCPs as well

@colby-oai colby-oai merged commit f6fd4cb into main Feb 19, 2026
39 of 45 checks passed
@colby-oai colby-oai deleted the dev/colby-oai/custom_mcp_approval_check branch February 19, 2026 17:52
@github-actions github-actions bot locked and limited conversation to collaborators Feb 19, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

oai PRs contributed by OpenAI employees

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants