[rmcp-client] Route all MCP OAuth recovery through Codex

[stevenlee-oai]

Codex Thread 019edd6d-6f14-74e2-853c-345d1803d4a6

Important

This PR belongs to the superseded MCP OAuth stack. Please review and merge the replacement stack beginning with openai/codex#30292. This PR remains available only as historical/reference context.

Replacement review order:

1. openai/codex#30292 — shared File/Secrets store locking
2. openai/codex#30293 — authoritative serialized refresh
3. openai/codex#30294 — Codex-owned transport refresh and one-shot 401 recovery
4. openai/codex#30295 — login/logout transaction serialization
5. openai/codex#30296 — diagnostic-only Auto store drift reporting

This is part 4 of a five-PR stack that prevents concurrent MCP OAuth refreshes from replaying a rotating refresh token or overwriting newer credentials.

Review and merge as one stack. The five PRs are an atomic merge unit split only for reviewability. Each tip compiles and is testable, but implementation and regression tests are intentionally not duplicated across intermediate layers.

Review order

1. openai/codex#29017 — refresh ownership, authoritative reread, and lifecycle-local store pinning
2. openai/codex#29019 — serialize login and logout with refresh
3. openai/codex#29021 — lock aggregate stores and observe Auto resolution drift
4. openai/codex#29018 — route all OAuth recovery through Codex (this PR)
5. openai/codex#30089 — consolidated concurrency and transport regression tests

Why

Giving RMCP a refresh token creates a second, unsynchronized refresh owner. Simply removing it would leave RMCP-owned SSE reconnects, server-response POSTs, and session DELETEs unable to recover. This layer switches both sides together: RMCP receives request-only credentials while Codex owns proactive refresh and one-shot 401 recovery for every transport path.

What changes

• Give RMCP only the access token and token type during ordinary requests; withhold refresh token and expiry metadata so RMCP cannot refresh independently.
• Temporarily install full credentials only while Codex holds the serialized refresh transaction, then restore request-only credentials.
• Add a Codex-owned StreamableHttpClient wrapper around RMCP's authenticated client.
• Proactively refresh and recover once for RMCP-owned Response/Error POSTs, SSE GET/reconnects, and session DELETEs.
• Keep client-originated Request/Notification recovery in outer RmcpClient, which knows the caller deadline and whether replay is still allowed.
• Attribute a delayed 401 to the access token actually sent, so a request rejected for A adopts B instead of rotating B again.
• Refresh 60 seconds before expiry so normal requests do not race the boundary.

Decisions encoded by this stack

• OAuth policy belongs to Codex; RMCP remains the transport and bearer-injection layer.
• Public Request/Notification recovery stays outside the wrapper because wrapper-level retry could replay a request after its caller timed out.
• RMCP-generated Response/Error POSTs, GET/reconnect, and DELETE recover in the wrapper because no public outer operation owns them.
• Every rejected request gets at most one 401 recovery attempt.
• A provider timeout releases the lock with an unknown outcome and permits a later serialized retry.
• Refreshed B becomes request-authoritative only after the selected store accepts it. Persistence failure is logged at the failing transaction, restores the previous request-only credentials, returns an error, and is not retried automatically.
• Auto stays pinned to one source for the client lifecycle; part 3's durable record is diagnostic only.
• openai/codex#28647 and its branch remain untouched.

Review focus

Review the ownership handoff as one unit: request-only exposure, temporary full credentials inside the transaction, token-attributed delayed-401 handling, and exactly one owner for each POST/GET/DELETE category.

Non-goals

• Changing upstream RMCP.
• Persistence retries, provider-timeout quarantine, or durable backend authority.
• Changing caller-visible MCP timeout configuration.

Validation

• just test -p codex-rmcp-client: 90 passed, 2 skipped at this layer.
• Live transport and delayed-concurrency coverage is consolidated in part 5.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: dc25e7aae8

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".