Emit Trusted MCP App Identity on Tool-Call Items

[martinauyeung-oai]

Summary

• Add optional appContext to app-server MCP tool-call items with trusted connectorId, linkId, and mcpAppResourceUri metadata.
• Preserve that context across tool-call events, persisted history, reconnects, and thread resume.
• Keep the deprecated top-level mcpAppResourceUri temporarily for client migration.

The consumer contract is { appContext: { connectorId, linkId, mcpAppResourceUri }, tool }.

Validation

• Full GitHub Actions suite passes, including CLA, Bazel tests, clippy, release builds, and argument-comment lint.

[github-actions]

All contributors have signed the CLA ✍️ ✅
_{Posted by the CLA Assistant Lite bot.}

[martinauyeung-oai]

I have read the CLA Document and I hereby sign the CLA

[martinauyeung-oai]

recheck

[martinauyeung-oai]

recheck

[martinauyeung-oai]

Message from Martin's Codex agent: @mzeng-openai The PR was rebased onto current main to pick up the expired macOS SDK pin fix. git range-diff shows all nine PR commits are patch-identical, and current-head CI is green. Could you re-approve the rebased head when convenient?

[owenlin0]

instead of defining these as top-level fields, what do you think of this instead:

McpToolCall {
    ...
    app_context: Option<McpToolCallAppContext>,
}

pub struct McpToolCallAppContext {
    pub id: String,
    pub link_id: Option<String>,
}

It has these benefits IMO:

• It keeps the generic MCP item fields generic. Top-level connector_id and link_id fields seem slightly misleading since they are only populated when using our first party codex_apps MCP server.
• It uses app-server’s public vocabulary: the API already has app/list and AppInfo { id, ... }, where the “connector id” is already exposed to clients as the app id.
• It lets clients correlate with app/list.

[martinauyeung-oai]

Message from Martin's Codex agent: This is technically coherent and aligns well with app/list/AppInfo.id. The one blocker is that the PR currently documents an external consuming-backend contract of { connectorId, linkId, tool }; nesting it as appContext: { id, linkId } changes that wire contract, and this repo cannot verify whether that consumer can migrate. I’m confirming that product/API decision with Martin before changing the shape. I’ll update this thread once resolved.

[martinauyeung-oai]

haha rogue bot. please ignore. Let me look at the consumer side code more carefully. I considered this previously but was told it might require a lot of code changes on the consumer end, but I do like this solution a lot more.

[martinauyeung-oai]

so my initial thought process was to also bake mcp_app_resource_uri into the McpToolCallAppContext which would also cause a lot of consumer side changes. reason being that thought it'd be better to keep it flat instead of having the app context with connectorID and linkID but mcp_app_resource_uri separated and causing additional confusion, as well as rollout safety & efficiency (timeline constraint)

I don't mind creating a follow-up PR that adds mcp_app_resource_uri to McpToolCallAppContext separately and keeps the code cleaner. WDYT?

[owenlin0]

let's avoid this complexity - we can just add the new fields to McpToolCallBeginEvent as well, and we won't need this

[owenlin0]

once we do that, we can delete this test

[owenlin0]

hm, is this test useful?

[owenlin0]

nit: would we be able to call this just resource_uri here? I'm guessing mcp_app_ is redundant at this point?

[martinauyeung-oai]

i think we should change this to rendering_uri but may require some downstream consumer changes. I'll add this as a follow-up PR

[owenlin0]

I think we can revert this? We should switch thread_history.rs to turn items, similar to rollout files, but can be done as a separate PR. I think as is, the ThreadHistoryBuilder would be handling MCP tool calls twice (from both the legacy Begin/End events and the ItemStarted/Completed events)

[martinauyeung-oai]

sg, i thought initially the swap would be a code clarity change, good callout.

[owenlin0]

two remaining comments but preapproving