Summary
After a thorough source code review of server.py, __init__.py, and pyproject.toml, I identified three technical issues.
Issue 1: Version mismatch between __init__.py and pyproject.toml
Severity: Low (maintenance)
| File |
Version |
src/codexmcp/__init__.py |
0.1.0 |
pyproject.toml |
0.7.4 |
__init__.py has never been updated since initial creation. Any code that reads codexmcp.__version__ will get the stale 0.1.0 instead of the actual 0.7.4.
Suggested fix: Either sync __init__.py manually, or use hatch-vcs / importlib.metadata to derive __version__ from pyproject.toml as the single source of truth.
Issue 2: Ambiguous success state — partial failure is treated as success
Severity: Medium
In server.py, both the "fail" and "error" handling paths use:
success = False if len(agent_messages) == 0 else success
This means: if Codex has already emitted some agent_message text before crashing or failing, the final result will still be {"success": True, ...} with potentially truncated or incomplete content.
The caller has no way to distinguish between:
- A fully completed response
- A response that was cut short mid-way due to an error
Suggested fix: Consider one of:
- Always set
success = False on fail/error, and include agent_messages in the error result so no data is lost.
- Add a
"partial": true flag to the result when errors occurred after some agent messages were already received.
- At minimum, always append
err_message to the result (even when success: true), so callers can detect issues.
Issue 3: windows_escape() is unnecessary and potentially harmful under shell=False
Severity: Medium
The codex tool applies windows_escape(PROMPT) when os.name == "nt":
if os.name == "nt":
PROMPT = windows_escape(PROMPT)However, the command is executed via:
process = subprocess.Popen(
popen_cmd,
shell=False, # <-- arguments passed directly, no shell interpretation
...
)With shell=False, the OS passes arguments directly to the child process without any shell parsing. The escape function is therefore unnecessary, and worse, it corrupts the prompt content:
- A literal newline
\n in the user's prompt becomes the two characters \n
- A literal quote
" becomes \\"
- Backslashes are doubled:
\ → \
This means Codex receives mangled prompts on Windows that differ from what the user intended.
Suggested fix: Remove the windows_escape() call entirely, or guard it behind shell=True (which is not recommended for security reasons). Since shell=False is the correct and safe approach, the escape function is not needed.
Environment
- Codex CLI: v0.115.0
- CodexMCP: v0.7.4 (from
pyproject.toml)
- Python: 3.12+
- Reviewed commit: latest on
main branch as of 2026-03-24
Thank you for this useful project! Happy to submit PRs for any of these if you'd like.
Summary
After a thorough source code review of
server.py,__init__.py, andpyproject.toml, I identified three technical issues.Issue 1: Version mismatch between
__init__.pyandpyproject.tomlSeverity: Low (maintenance)
src/codexmcp/__init__.py0.1.0pyproject.toml0.7.4__init__.pyhas never been updated since initial creation. Any code that readscodexmcp.__version__will get the stale0.1.0instead of the actual0.7.4.Suggested fix: Either sync
__init__.pymanually, or usehatch-vcs/importlib.metadatato derive__version__frompyproject.tomlas the single source of truth.Issue 2: Ambiguous
successstate — partial failure is treated as successSeverity: Medium
In
server.py, both the"fail"and"error"handling paths use:This means: if Codex has already emitted some
agent_messagetext before crashing or failing, the final result will still be{"success": True, ...}with potentially truncated or incomplete content.The caller has no way to distinguish between:
Suggested fix: Consider one of:
success = Falseon fail/error, and includeagent_messagesin the error result so no data is lost."partial": trueflag to the result when errors occurred after some agent messages were already received.err_messageto the result (even whensuccess: true), so callers can detect issues.Issue 3:
windows_escape()is unnecessary and potentially harmful undershell=FalseSeverity: Medium
The
codextool applieswindows_escape(PROMPT)whenos.name == "nt":However, the command is executed via:
With
shell=False, the OS passes arguments directly to the child process without any shell parsing. The escape function is therefore unnecessary, and worse, it corrupts the prompt content:\nin the user's prompt becomes the two characters\n"becomes\\"\→\This means Codex receives mangled prompts on Windows that differ from what the user intended.
Suggested fix: Remove the
windows_escape()call entirely, or guard it behindshell=True(which is not recommended for security reasons). Sinceshell=Falseis the correct and safe approach, the escape function is not needed.Environment
pyproject.toml)mainbranch as of 2026-03-24Thank you for this useful project! Happy to submit PRs for any of these if you'd like.