feat: add metadata-only app/read#31343
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 03433b693e
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| serialization: global("config"), | ||
| response: v2::PluginShareDeleteResponse, | ||
| }, | ||
| AppsRead => "app/read" { |
There was a problem hiding this comment.
Gate experimental app/read behind capability
Because the new AppsReadParams/response types are documented as EXPERIMENTAL, adding the variant here without #[experimental("app/read")] makes ClientRequest::experimental_reason() return None for app/read. The app-server will therefore accept this experimental surface from clients that did not initialize with experimentalApi, and it will be omitted from the experimental client-method metadata; add the method annotation here (or make the API explicitly stable).
AGENTS.md reference: AGENTS.md:L286-L287
Useful? React with 👍 / 👎.
Codex Thread 019f39de-e02c-79d0-9263-2447105cae69
Why
M3 needs a fast, fresh, consistent way for app-server clients to read metadata for selected connector IDs without rebuilding connector runtime state or reloading MCP tools. This adds that metadata-only seam while preserving existing app/list and app/list/updated behavior.
What changed
ConnectorMetadataStore, partitioned by ChatGPT backend base URL, account, ChatGPT user, and workspace classification, using the existing connector-directory TTL.app/read { appIds }->{ apps, missingAppIds }.include_actions=falseandinclude_model_descriptions=false.id,name,description,distributionChannel,branding,appMetadata,labels, and nullableinstallUrl; it excludes runtime state, MCP tools, actions, model descriptions, and icons.install_urlso mixed-version responses that omit it remain safe.Public backend dependency
Depends on openai/openai#1097857, commit
9593a5ca75201. That change leaves the existing internal/v2/connectors/batchsource, tests, and OpenAPI unchanged and adds only the authenticated public projection at/public/connectors/batch.Codex calls
POST https://chatgpt.com/backend-api/ps/connectors/batch. The ChatGPT gateway validates Identity Edgeapp_v2, injects the actor biscuit, and rewrites/ps/*to Plugin Service/public/*. Plugin Service requires an authenticated user, forces the trustedChatGPTAuthorizationSchema, and delegates to the existing resolver visibility logic. Codex continues sending the captured auth headers:Authorization,ChatGPT-Account-IDwhen applicable, optionalX-OpenAI-Fedramp,OAI-Product-Sku: codex, and JSON content type; no extra auth-schema field is added.The auth snapshot also defines the cache scope before the request is awaited, so late responses can commit only to the backend/account/workspace key under which they were requested.
Scope and non-goals
app/listorapp/list/updated.app/read.codex.apps.read.duration_msmetric; the current app-server metric seam appears to depend on M1 and is intentionally out of scope.Validation
just fmtjust test -p codex-connectorsjust test -p codex-app-server-protocoljust test -p codex-chatgptjust test -p codex-app-server app_readjust fix -p codex-connectors -p codex-chatgpt -p codex-app-server-protocol -p codex-app-servergit diff --check origin/main...HEAD