codex-rs/rmcp-client/src/bin/test_streamable_http_server.rs

use std::borrow::Cow;
use std::collections::HashMap;
use std::io::ErrorKind;
use std::net::SocketAddr;
use std::sync::Arc;

use axum::Router;
use axum::body::Body;
use axum::extract::State;
use axum::http::Request;
use axum::http::StatusCode;
use axum::http::header::AUTHORIZATION;
use axum::middleware;
use axum::middleware::Next;
use axum::response::Response;
use rmcp::ErrorData as McpError;
use rmcp::handler::server::ServerHandler;
use rmcp::model::CallToolRequestParam;
use rmcp::model::CallToolResult;
use rmcp::model::JsonObject;
use rmcp::model::ListToolsResult;
use rmcp::model::PaginatedRequestParam;
use rmcp::model::ServerCapabilities;
use rmcp::model::ServerInfo;
use rmcp::model::Tool;
use rmcp::transport::StreamableHttpServerConfig;
use rmcp::transport::StreamableHttpService;
use rmcp::transport::streamable_http_server::session::local::LocalSessionManager;
use serde::Deserialize;
use serde_json::json;
use tokio::task;

#[derive(Clone)]
struct TestToolServer {
    tools: Arc<Vec<Tool>>,
}

impl TestToolServer {
    fn new() -> Self {
        let tools = vec![Self::echo_tool()];
        Self {
            tools: Arc::new(tools),
        }
    }

    fn echo_tool() -> Tool {
        #[expect(clippy::expect_used)]
        let schema: JsonObject = serde_json::from_value(json!({
            "type": "object",
            "properties": {
                "message": { "type": "string" },
                "env_var": { "type": "string" }
            },
            "required": ["message"],
            "additionalProperties": false
        }))
        .expect("echo tool schema should deserialize");

        Tool::new(
            Cow::Borrowed("echo"),
            Cow::Borrowed("Echo back the provided message and include environment data."),
            Arc::new(schema),
        )
    }
}

#[derive(Deserialize)]
struct EchoArgs {
    message: String,
    #[allow(dead_code)]
    env_var: Option<String>,
}

impl ServerHandler for TestToolServer {
    fn get_info(&self) -> ServerInfo {
        ServerInfo {
            capabilities: ServerCapabilities::builder()
                .enable_tools()
                .enable_tool_list_changed()
                .build(),
            ..ServerInfo::default()
        }
    }

    fn list_tools(
        &self,
        _request: Option<PaginatedRequestParam>,
        _context: rmcp::service::RequestContext<rmcp::service::RoleServer>,
    ) -> impl std::future::Future<Output = Result<ListToolsResult, McpError>> + Send + '_ {
        let tools = self.tools.clone();
        async move {
            Ok(ListToolsResult {
                tools: (*tools).clone(),
                next_cursor: None,
            })
        }
    }

    async fn call_tool(
        &self,
        request: CallToolRequestParam,
        _context: rmcp::service::RequestContext<rmcp::service::RoleServer>,
    ) -> Result<CallToolResult, McpError> {
        match request.name.as_ref() {
            "echo" => {
                let args: EchoArgs = match request.arguments {
                    Some(arguments) => serde_json::from_value(serde_json::Value::Object(
                        arguments.into_iter().collect(),
                    ))
                    .map_err(|err| McpError::invalid_params(err.to_string(), None))?,
                    None => {
                        return Err(McpError::invalid_params(
                            "missing arguments for echo tool",
                            None,
                        ));
                    }
                };

                let env_snapshot: HashMap<String, String> = std::env::vars().collect();
                let structured_content = json!({
                    "echo": format!("ECHOING: {}", args.message),
                    "env": env_snapshot.get("MCP_TEST_VALUE"),
                });

                Ok(CallToolResult {
                    content: Vec::new(),
                    structured_content: Some(structured_content),
                    is_error: Some(false),
                    meta: None,
                })
            }
            other => Err(McpError::invalid_params(
                format!("unknown tool: {other}"),
                None,
            )),
        }
    }
}

fn parse_bind_addr() -> Result<SocketAddr, Box<dyn std::error::Error>> {
    let default_addr = "127.0.0.1:3920";
    let bind_addr = std::env::var("MCP_STREAMABLE_HTTP_BIND_ADDR")
        .or_else(|_| std::env::var("BIND_ADDR"))
        .unwrap_or_else(|_| default_addr.to_string());
    Ok(bind_addr.parse()?)
}

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let bind_addr = parse_bind_addr()?;
    let listener = match tokio::net::TcpListener::bind(&bind_addr).await {
        Ok(listener) => listener,
        Err(err) if err.kind() == ErrorKind::PermissionDenied => {
            eprintln!(
                "failed to bind to {bind_addr}: {err}. make sure the process has network access"
            );
            return Ok(());
        }
        Err(err) => return Err(err.into()),
    };
    eprintln!("starting rmcp streamable http test server on http://{bind_addr}/mcp");

    let router = Router::new().nest_service(
        "/mcp",
        StreamableHttpService::new(
            || Ok(TestToolServer::new()),
            Arc::new(LocalSessionManager::default()),
            StreamableHttpServerConfig::default(),
        ),
    );

    let router = if let Ok(token) = std::env::var("MCP_EXPECT_BEARER") {
        let expected = Arc::new(format!("Bearer {token}"));
        router.layer(middleware::from_fn_with_state(expected, require_bearer))
    } else {
        router
    };

    axum::serve(listener, router).await?;
    task::yield_now().await;
    Ok(())
}

async fn require_bearer(
    State(expected): State<Arc<String>>,
    request: Request<Body>,
    next: Next,
) -> Result<Response, StatusCode> {
    if request
        .headers()
        .get(AUTHORIZATION)
        .is_some_and(|value| value.as_bytes() == expected.as_bytes())
    {
        Ok(next.run(request).await)
    } else {
        Err(StatusCode::UNAUTHORIZED)
    }
}
[MCP] Add experimental support for streamable HTTP MCP servers (#4317) This PR adds support for streamable HTTP MCP servers when the `experimental_use_rmcp_client` is enabled. To set one up, simply add a new mcp server config with the url: ``` [mcp_servers.figma] url = "http://127.0.0.1:3845/mcp" ``` It also supports an optional `bearer_token` which will be provided in an authorization header. The full oauth flow is not supported yet. The config parsing will throw if it detects that the user mixed and matched config fields (like command + bearer token or url + env). The best way to review it is to review `core/src` and then `rmcp-client/src/rmcp_client.rs` first. The rest is tests and propagating the `Transport` struct around the codebase. Example with the Figma MCP: <img width="5084" height="1614" alt="CleanShot 2025-09-26 at 13 35 40" src="https://github.com/user-attachments/assets/eaf2771e-df3e-4300-816b-184d7dec5a28" /> 2025-09-26 18:24:01 -07:00			`use std::borrow::Cow;`
			`use std::collections::HashMap;`
			`use std::io::ErrorKind;`
			`use std::net::SocketAddr;`
			`use std::sync::Arc;`

			`use axum::Router;`
[MCP] Add support for MCP Oauth credentials (#4517) This PR adds oauth login support to streamable http servers when `experimental_use_rmcp_client` is enabled. This PR is large but represents the minimal amount of work required for this to work. To keep this PR smaller, login can only be done with `codex mcp login` and `codex mcp logout` but it doesn't appear in `/mcp` or `codex mcp list` yet. Fingers crossed that this is the last large MCP PR and that subsequent PRs can be smaller. Under the hood, credentials are stored using platform credential managers using the [keyring crate](https://crates.io/crates/keyring). When the keyring isn't available, it falls back to storing credentials in `CODEX_HOME/.credentials.json` which is consistent with how other coding agents handle authentication. I tested this on macOS, Windows, WSL (ubuntu), and Linux. I wasn't able to test the dbus store on linux but did verify that the fallback works. One quirk is that if you have credentials, during development, every build will have its own ad-hoc binary so the keyring won't recognize the reader as being the same as the write so it may ask for the user's password. I may add an override to disable this or allow users/enterprises to opt-out of the keyring storage if it causes issues. <img width="5064" height="686" alt="CleanShot 2025-09-30 at 19 31 40" src="https://github.com/user-attachments/assets/9573f9b4-07f1-4160-83b8-2920db287e2d" /> <img width="745" height="486" alt="image" src="https://github.com/user-attachments/assets/9562649b-ea5f-4f22-ace2-d0cb438b143e" /> 2025-10-03 10:43:12 -07:00			`use axum::body::Body;`
			`use axum::extract::State;`
			`use axum::http::Request;`
			`use axum::http::StatusCode;`
			`use axum::http::header::AUTHORIZATION;`
			`use axum::middleware;`
			`use axum::middleware::Next;`
			`use axum::response::Response;`
[MCP] Add experimental support for streamable HTTP MCP servers (#4317) This PR adds support for streamable HTTP MCP servers when the `experimental_use_rmcp_client` is enabled. To set one up, simply add a new mcp server config with the url: ``` [mcp_servers.figma] url = "http://127.0.0.1:3845/mcp" ``` It also supports an optional `bearer_token` which will be provided in an authorization header. The full oauth flow is not supported yet. The config parsing will throw if it detects that the user mixed and matched config fields (like command + bearer token or url + env). The best way to review it is to review `core/src` and then `rmcp-client/src/rmcp_client.rs` first. The rest is tests and propagating the `Transport` struct around the codebase. Example with the Figma MCP: <img width="5084" height="1614" alt="CleanShot 2025-09-26 at 13 35 40" src="https://github.com/user-attachments/assets/eaf2771e-df3e-4300-816b-184d7dec5a28" /> 2025-09-26 18:24:01 -07:00			`use rmcp::ErrorData as McpError;`
			`use rmcp::handler::server::ServerHandler;`
			`use rmcp::model::CallToolRequestParam;`
			`use rmcp::model::CallToolResult;`
			`use rmcp::model::JsonObject;`
			`use rmcp::model::ListToolsResult;`
			`use rmcp::model::PaginatedRequestParam;`
			`use rmcp::model::ServerCapabilities;`
			`use rmcp::model::ServerInfo;`
			`use rmcp::model::Tool;`
			`use rmcp::transport::StreamableHttpServerConfig;`
			`use rmcp::transport::StreamableHttpService;`
			`use rmcp::transport::streamable_http_server::session::local::LocalSessionManager;`
			`use serde::Deserialize;`
			`use serde_json::json;`
			`use tokio::task;`

			`#[derive(Clone)]`
			`struct TestToolServer {`
			`tools: Arc<Vec<Tool>>,`
			`}`

			`impl TestToolServer {`
			`fn new() -> Self {`
			`let tools = vec![Self::echo_tool()];`
			`Self {`
			`tools: Arc::new(tools),`
			`}`
			`}`

			`fn echo_tool() -> Tool {`
			`#[expect(clippy::expect_used)]`
			`let schema: JsonObject = serde_json::from_value(json!({`
			`"type": "object",`
			`"properties": {`
			`"message": { "type": "string" },`
			`"env_var": { "type": "string" }`
			`},`
			`"required": ["message"],`
			`"additionalProperties": false`
			`}))`
			`.expect("echo tool schema should deserialize");`

			`Tool::new(`
			`Cow::Borrowed("echo"),`
			`Cow::Borrowed("Echo back the provided message and include environment data."),`
			`Arc::new(schema),`
			`)`
			`}`
			`}`

			`#[derive(Deserialize)]`
			`struct EchoArgs {`
			`message: String,`
			`#[allow(dead_code)]`
			`env_var: Option<String>,`
			`}`

			`impl ServerHandler for TestToolServer {`
			`fn get_info(&self) -> ServerInfo {`
			`ServerInfo {`
			`capabilities: ServerCapabilities::builder()`
			`.enable_tools()`
			`.enable_tool_list_changed()`
			`.build(),`
			`..ServerInfo::default()`
			`}`
			`}`

			`fn list_tools(`
			`&self,`
			`_request: Option<PaginatedRequestParam>,`
			`_context: rmcp::service::RequestContext<rmcp::service::RoleServer>,`
			`) -> impl std::future::Future<Output = Result<ListToolsResult, McpError>> + Send + '_ {`
			`let tools = self.tools.clone();`
			`async move {`
			`Ok(ListToolsResult {`
			`tools: (*tools).clone(),`
			`next_cursor: None,`
			`})`
			`}`
			`}`

			`async fn call_tool(`
			`&self,`
			`request: CallToolRequestParam,`
			`_context: rmcp::service::RequestContext<rmcp::service::RoleServer>,`
			`) -> Result<CallToolResult, McpError> {`
			`match request.name.as_ref() {`
			`"echo" => {`
			`let args: EchoArgs = match request.arguments {`
			`Some(arguments) => serde_json::from_value(serde_json::Value::Object(`
			`arguments.into_iter().collect(),`
			`))`
			`.map_err(\|err\| McpError::invalid_params(err.to_string(), None))?,`
			`None => {`
			`return Err(McpError::invalid_params(`
			`"missing arguments for echo tool",`
			`None,`
			`));`
			`}`
			`};`

			`let env_snapshot: HashMap<String, String> = std::env::vars().collect();`
			`let structured_content = json!({`
			`"echo": format!("ECHOING: {}", args.message),`
			`"env": env_snapshot.get("MCP_TEST_VALUE"),`
			`});`

			`Ok(CallToolResult {`
			`content: Vec::new(),`
			`structured_content: Some(structured_content),`
			`is_error: Some(false),`
			`meta: None,`
			`})`
			`}`
			`other => Err(McpError::invalid_params(`
			`format!("unknown tool: {other}"),`
			`None,`
			`)),`
			`}`
			`}`
			`}`

			`fn parse_bind_addr() -> Result<SocketAddr, Box<dyn std::error::Error>> {`
			`let default_addr = "127.0.0.1:3920";`
			`let bind_addr = std::env::var("MCP_STREAMABLE_HTTP_BIND_ADDR")`
			`.or_else(\|_\| std::env::var("BIND_ADDR"))`
			`.unwrap_or_else(\|_\| default_addr.to_string());`
			`Ok(bind_addr.parse()?)`
			`}`

			`#[tokio::main]`
			`async fn main() -> Result<(), Box<dyn std::error::Error>> {`
			`let bind_addr = parse_bind_addr()?;`
			`let listener = match tokio::net::TcpListener::bind(&bind_addr).await {`
			`Ok(listener) => listener,`
			`Err(err) if err.kind() == ErrorKind::PermissionDenied => {`
			`eprintln!(`
			`"failed to bind to {bind_addr}: {err}. make sure the process has network access"`
			`);`
			`return Ok(());`
			`}`
			`Err(err) => return Err(err.into()),`
			`};`
			`eprintln!("starting rmcp streamable http test server on http://{bind_addr}/mcp");`

			`let router = Router::new().nest_service(`
			`"/mcp",`
			`StreamableHttpService::new(`
			`\|\| Ok(TestToolServer::new()),`
			`Arc::new(LocalSessionManager::default()),`
			`StreamableHttpServerConfig::default(),`
			`),`
			`);`

[MCP] Add support for MCP Oauth credentials (#4517) This PR adds oauth login support to streamable http servers when `experimental_use_rmcp_client` is enabled. This PR is large but represents the minimal amount of work required for this to work. To keep this PR smaller, login can only be done with `codex mcp login` and `codex mcp logout` but it doesn't appear in `/mcp` or `codex mcp list` yet. Fingers crossed that this is the last large MCP PR and that subsequent PRs can be smaller. Under the hood, credentials are stored using platform credential managers using the [keyring crate](https://crates.io/crates/keyring). When the keyring isn't available, it falls back to storing credentials in `CODEX_HOME/.credentials.json` which is consistent with how other coding agents handle authentication. I tested this on macOS, Windows, WSL (ubuntu), and Linux. I wasn't able to test the dbus store on linux but did verify that the fallback works. One quirk is that if you have credentials, during development, every build will have its own ad-hoc binary so the keyring won't recognize the reader as being the same as the write so it may ask for the user's password. I may add an override to disable this or allow users/enterprises to opt-out of the keyring storage if it causes issues. <img width="5064" height="686" alt="CleanShot 2025-09-30 at 19 31 40" src="https://github.com/user-attachments/assets/9573f9b4-07f1-4160-83b8-2920db287e2d" /> <img width="745" height="486" alt="image" src="https://github.com/user-attachments/assets/9562649b-ea5f-4f22-ace2-d0cb438b143e" /> 2025-10-03 10:43:12 -07:00			`let router = if let Ok(token) = std::env::var("MCP_EXPECT_BEARER") {`
			`let expected = Arc::new(format!("Bearer {token}"));`
			`router.layer(middleware::from_fn_with_state(expected, require_bearer))`
			`} else {`
			`router`
			`};`

[MCP] Add experimental support for streamable HTTP MCP servers (#4317) This PR adds support for streamable HTTP MCP servers when the `experimental_use_rmcp_client` is enabled. To set one up, simply add a new mcp server config with the url: ``` [mcp_servers.figma] url = "http://127.0.0.1:3845/mcp" ``` It also supports an optional `bearer_token` which will be provided in an authorization header. The full oauth flow is not supported yet. The config parsing will throw if it detects that the user mixed and matched config fields (like command + bearer token or url + env). The best way to review it is to review `core/src` and then `rmcp-client/src/rmcp_client.rs` first. The rest is tests and propagating the `Transport` struct around the codebase. Example with the Figma MCP: <img width="5084" height="1614" alt="CleanShot 2025-09-26 at 13 35 40" src="https://github.com/user-attachments/assets/eaf2771e-df3e-4300-816b-184d7dec5a28" /> 2025-09-26 18:24:01 -07:00			`axum::serve(listener, router).await?;`
			`task::yield_now().await;`
			`Ok(())`
			`}`
[MCP] Add support for MCP Oauth credentials (#4517) This PR adds oauth login support to streamable http servers when `experimental_use_rmcp_client` is enabled. This PR is large but represents the minimal amount of work required for this to work. To keep this PR smaller, login can only be done with `codex mcp login` and `codex mcp logout` but it doesn't appear in `/mcp` or `codex mcp list` yet. Fingers crossed that this is the last large MCP PR and that subsequent PRs can be smaller. Under the hood, credentials are stored using platform credential managers using the [keyring crate](https://crates.io/crates/keyring). When the keyring isn't available, it falls back to storing credentials in `CODEX_HOME/.credentials.json` which is consistent with how other coding agents handle authentication. I tested this on macOS, Windows, WSL (ubuntu), and Linux. I wasn't able to test the dbus store on linux but did verify that the fallback works. One quirk is that if you have credentials, during development, every build will have its own ad-hoc binary so the keyring won't recognize the reader as being the same as the write so it may ask for the user's password. I may add an override to disable this or allow users/enterprises to opt-out of the keyring storage if it causes issues. <img width="5064" height="686" alt="CleanShot 2025-09-30 at 19 31 40" src="https://github.com/user-attachments/assets/9573f9b4-07f1-4160-83b8-2920db287e2d" /> <img width="745" height="486" alt="image" src="https://github.com/user-attachments/assets/9562649b-ea5f-4f22-ace2-d0cb438b143e" /> 2025-10-03 10:43:12 -07:00
			`async fn require_bearer(`
			`State(expected): State<Arc<String>>,`
			`request: Request<Body>,`
			`next: Next,`
			`) -> Result<Response, StatusCode> {`
			`if request`
			`.headers()`
			`.get(AUTHORIZATION)`
			`.is_some_and(\|value\| value.as_bytes() == expected.as_bytes())`
			`{`
			`Ok(next.run(request).await)`
			`} else {`
			`Err(StatusCode::UNAUTHORIZED)`
			`}`
			`}`