fix(codex): approve MCP tools with PreToolUse hooks#2984
Conversation
|
React Doctor found no issues in the changed files. 🎉 Reviewed by React Doctor for commit |
|
| function readRequestBody(req: http.IncomingMessage): Promise<string> { | ||
| return new Promise((resolve, reject) => { | ||
| const chunks: Buffer[] = []; | ||
| req.on("data", (chunk: Buffer) => chunks.push(chunk)); | ||
| req.on("end", () => resolve(Buffer.concat(chunks).toString("utf8"))); | ||
| req.on("error", reject); | ||
| }); | ||
| } |
There was a problem hiding this comment.
readRequestBody accumulates the entire payload into memory with no upper bound. Codex passes the full tool_input in the hook payload, so a tool with a large input (file content, search results, etc.) would buffer it all before the bridge processes it. On localhost with a bearer token the risk of deliberate abuse is low, but a Codex bug producing an outsized payload could cause OOM or excessive latency. A simple MAX_BODY_BYTES guard (e.g. 4 MB) and an early rejection keeps the bridge robust without changing any semantics.
Summary
Stacked on #2954. That base PR contains the shared MCP approval plumbing; this PR is the Codex parity layer.
Testing
(cd packages/agent && ../../node_modules/.bin/vitest run --config vitest.config.ts src/adapters/codex/mcp-approval-hook.test.ts src/adapters/codex/spawn.test.ts src/server/agent-server.test.ts)(cd packages/workspace-server && ./node_modules/.bin/vitest run --config vitest.config.ts src/services/agent/codex-home.test.ts src/services/agent/agent.test.ts src/services/agent/auth-adapter.test.ts src/services/mcp-proxy/mcp-proxy.test.ts)./node_modules/.bin/vitest run apps/code/scripts/download-binaries.test.mjs(cd packages/agent && ../../node_modules/.bin/tsc --noEmit -p tsconfig.json)(cd packages/workspace-server && ../../node_modules/.bin/tsc --noEmit -p tsconfig.json)./node_modules/.bin/biome lint <changed files>git diff --check(cd packages/agent && node ../../scripts/rimraf.mjs dist && ../../node_modules/.bin/tsup)