Skip to content

[codex] Add generated token auth to app-server WebSockets#30315

Draft
mikhail-oai wants to merge 1 commit into
mainfrom
codex/app-server-websocket-token
Draft

[codex] Add generated token auth to app-server WebSockets#30315
mikhail-oai wants to merge 1 commit into
mainfrom
codex/app-server-websocket-token

Conversation

@mikhail-oai

@mikhail-oai mikhail-oai commented Jun 27, 2026

Copy link
Copy Markdown

Summary

  • add QueryToken { token, enforce } as the default app-server WebSocket authentication mode
  • generate a 256-bit, URL-safe connection token and print it in the connection URL when QueryToken is selected
  • require the token query parameter by default
  • add --no-token-check, which keeps QueryToken selected but disables enforcement
  • preserve the existing capability-token and signed-bearer-token modes and their token-free listen URLs

Motivation

Loopback app-server WebSocket listeners previously accepted connections without a per-process secret. A generated capability in the connection URL prevents unrelated local clients from connecting by default while keeping startup and client configuration simple.

User impact

Starting codex app-server --listen ws://127.0.0.1:4500 uses QueryToken mode and prints a URL such as:

ws://127.0.0.1:4500/?token=<generated-token>

Clients must use that URL unless --no-token-check is set. When explicit --ws-auth capability-token or --ws-auth signed-bearer-token is configured, app-server prints the original token-free listen URL and enforces the selected bearer authentication mode.

Warning on connections accepted without a valid query token is intentionally deferred.

Validation

  • just test -p codex-app-server-transport transport::auth::tests (16 tests)
  • just test -p codex-app-server websocket_transport_no_token_check_accepts_invalid_tokens
  • just fix -p codex-app-server-transport -p codex-app-server
  • just fmt

@mikhail-oai mikhail-oai force-pushed the codex/app-server-websocket-token branch from a4e08f8 to d46eb76 Compare June 30, 2026 14:02

Copy link
Copy Markdown

The current head is the right shape: the generated query token is now connection authority, not only a startup hint.

I would keep the draft gate on five invariants:

  1. Default mode is fail-closed: a missing or wrong query token rejects on loopback and non-loopback listeners.
  2. no-token-check is an explicit degraded mode: it may still print a tokenized URL, but logs and operator output should make disabled enforcement visible.
  3. The token-bearing URL is operator bootstrap material only. It should not appear in structured logs, readiness or health output, error text, or durable test artifacts.
  4. Capability-token and signed-bearer modes stay a separate authority path: token-free listen URL, bearer-only upgrade check, and no accidental query-token fallback.
  5. Connection authority remains separate from downstream execution authority: a WebSocket client that can connect has not thereby earned tool or action permission.

That gives a clean acceptance contract for moving the PR out of draft: connection established, degraded, or rejected is always explainable from one authority mode and one auditable reason.

Boundary: implementation-review feedback only; no claim about running this branch, validating OpenAI, validating Codex, implementation correctness, production readiness, security review, partnership, customer interest, official alignment, conformance certification, or Neura usage.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants