Warning
Historical product-path hardening note. This is not the current v0.3 local/self-host RC release contract. Use README, MCP Integrations, and MCP Gateway Model for current guidance.
Status: post-beta publishability/use hardening contract
Last audited: 2026-04-28
This document freezes the narrow product-facing path for cloud planners that use Codencer to drive local Codex. It does not reopen the beta support contract and it does not claim universal ChatGPT, Claude, or generic MCP-client compatibility.
Codencer remains the bridge and resource server. The planner decides the next step. Codencer authenticates, routes, executes one submitted task, records evidence, and returns structured state.
Use one of these remote MCP endpoints:
| Surface | Canonical MCP endpoint | OAuth protected-resource metadata | Compatibility alias |
|---|---|---|---|
| Self-host relay | https://<relay-host>/mcp |
https://<relay-host>/.well-known/oauth-protected-resource/mcp |
POST /mcp/call only |
| Self-host cloud, composed runtime | https://<cloud-host>/api/cloud/v1/mcp |
https://<cloud-host>/.well-known/oauth-protected-resource/api/cloud/v1/mcp |
POST /api/cloud/v1/mcp/call only |
The alias routes are for simple POST callers. They are not the primary session endpoint and are not long-lived SSE session paths.
Do not expose or target the local daemon /mcp/call path from a cloud planner.
For composed cloud runtime mode, the relay config loaded by cloud must advertise the public cloud origin as its public_base_url when connectors enroll through cloud ingress. Otherwise the connector can attach to a separate relay process while cloud sees only stored instance records and cannot proxy live runtime calls through its in-process bridge.
Bearer-token mode is the proven private/self-host execution mode.
- Relay uses
Authorization: Bearer <planner-token>. - Cloud uses
Authorization: Bearer <cloud-token>. - This mode is covered by relay/cloud MCP tests, the official Go SDK smoke helper,
scripts/self_host_smoke.sh,scripts/cloud_smoke.sh, andscripts/flagship_planner_loop_smoke.sh. - This mode is appropriate for private scripts, direct HTTP clients, direct SDK clients, and Claude Code-style configs that support headers.
Codencer exposes OAuth protected-resource metadata and WWW-Authenticate challenges, but it is not an OAuth authorization server.
For product-facing remote MCP clients, the deployable pattern is:
- Publish the Codencer MCP URL over HTTPS.
- Configure
public_base_urlto that public origin. - Configure
oauth_authorization_serversto an operator-owned OAuth/OIDC issuer or gateway. - Have the issuer/gateway handle authorization-code, PKCE, refresh-token, and policy requirements for the product client.
- Have the gateway validate the product OAuth access token and forward a Codencer bearer token, or mint a token that Codencer already accepts.
- Keep Codencer scoped by relay planner-token scopes or cloud API-token scopes.
Concrete front-door setup is documented in OAuth Front Door.
Publishable/operator-usable target:
- ChatGPT custom MCP connector/app workflow on Business, Enterprise, and Edu for write/modify-capable use.
- Remote MCP only.
- OAuth front-door mode for product setup.
- Canonical endpoint: relay
/mcpor cloud/api/cloud/v1/mcp.
Narrow testing/adjacent paths:
- OpenAI Responses API remote MCP can be used with a public
server_urland an authorization token where appropriate; this is an API/client path, not the ChatGPT workspace app publish path. - Pro/Plus availability and read/fetch-only behavior are product-plan details outside repo proof. Do not use them as the publishability baseline for write-capable Codencer operation.
Unsupported/uncounted:
- ChatGPT Agent Mode as a write-capable custom connector target.
- Local MCP servers in ChatGPT.
- Consumer-plan parity claims.
- Marketplace/public app approval.
Repo-proven boundary:
- Codencer proves the relay/cloud MCP protocol, bearer execution, OAuth protected-resource metadata/challenges, CORS-readable auth challenges, session-bound relay/cloud behavior, and local Codex loop through the flagship smoke.
- The repo does not click through ChatGPT's hosted UI or certify an OpenAI publication review.
Publishable/operator-usable targets:
- Claude Code remote HTTP MCP with bearer headers.
- Anthropic Messages API MCP connector with a public remote HTTP MCP URL and
authorization_token. - Claude Desktop/claude.ai remote custom connector setup through Anthropic's connector UI, using OAuth front-door mode where the product flow requires OAuth.
Canonical endpoint:
- Relay:
https://<relay-host>/mcp - Cloud:
https://<cloud-host>/api/cloud/v1/mcp
Auth:
- Claude Code private/operator path: bearer header.
- Anthropic Messages API path:
authorization_tokencarrying the OAuth/bearer token accepted by the front door. - Claude Desktop/claude.ai remote connector path: OAuth front door when the product flow requires OAuth client settings.
Repo-proven boundary:
- Claude Code-style bearer config is packaged and Codencer-side MCP behavior is proven.
- Anthropic Messages API request shape is packaged from official docs, but not executed against Anthropic's API in this repo.
- Claude Desktop/claude.ai UI setup remains product-side compatibility until the operator exercises that product flow.
- This planner path is separate from Codencer's local
claudeexecutor adapter.
The external planner loop is:
- Initialize MCP session on the canonical endpoint.
- Call
codencer.list_instances. - Select one explicit
instance_id. - Call
codencer.get_instanceto confirm the target. - Call
codencer.start_run. - Call
codencer.submit_taskwithadapter_profile: "codex". - Call
codencer.wait_step. - Call
codencer.get_step_result,codencer.get_step_validations,codencer.get_step_logs, andcodencer.list_step_artifacts. - If
needs_decisionis true, callcodencer.list_run_gates, ask the human, then callcodencer.approve_gateorcodencer.reject_gate. - The planner decides the next task externally and repeats until the phase is done.
Success states:
completedcompleted_with_warnings
Planner decision states:
needs_approvalneeds_manual_attention
Failure states:
failed_validationfailed_adapterfailed_bridgefailed_retryablefailed_terminaltimeoutcancelled
Codencer never decides that a planner phase is complete.
| Claim | Label | Evidence |
|---|---|---|
Relay MCP /mcp with bearer auth |
proven |
relay MCP tests, self-host smoke, flagship smoke |
Cloud MCP /api/cloud/v1/mcp with bearer auth |
proven |
cloud MCP/runtime tests, cloud smoke |
| OAuth protected-resource metadata and challenges | proven |
relay/cloud MCP auth tests and smoke |
| Browser-readable MCP auth challenge headers | proven |
relay/cloud MCP CORS tests |
| Relay/cloud MCP session ownership | proven |
cloud token-bound sessions and relay token-bound session test |
| Local Codex selected behind the bridge | proven with simulation and fake-binary live shape |
adapter tests and flagship smoke |
| Live authenticated Codex service run | operator-environment proof |
FLAGSHIP_LIVE_CODEX=1 make flagship-planner-smoke |
| ChatGPT custom MCP connector write-capable product path | operator-packaged |
docs/config plus Codencer-side proof; product UI not repo-clicked |
| Claude Code remote HTTP MCP bearer path | operator-packaged |
checked-in config and Codencer-side proof |
| Anthropic Messages API MCP connector shape | operator-packaged expected |
docs/examples aligned to official API docs; not externally executed |
| Claude Desktop/claude.ai remote connector UI | compatibility-only until exercised |
endpoint/auth docs only |
| Generic private bearer HTTP/MCP clients | proven |
curl/smoke/SDK |
| Universal MCP client compatibility | expected-only |
not product-executed |
| Local daemon as cloud planner target | unsupported |
use relay/cloud only |
- Codencer does not issue OAuth authorization-code tokens.
- ChatGPT workspace publication and Anthropic product UI setup must be exercised by the operator in those products.
- Live Codex proof depends on the operator's installed and authenticated
codexCLI. - Generic MCP clients outside the checked Go SDK and documented product paths are not individually certified.