fix: codex MCP env vars use --env args instead of nested TOML section

[khaliqgant]

User description

Summary

• Codex expects env vars as --env KEY=VALUE args appended to the args array, not as a nested [mcp_servers.name.env] TOML section
• Updated toCodexServerConfig in mcp.ts to convert env entries into --env KEY=VALUE args
• Before: [mcp_servers.relaycast.env] with RELAY_BASE_URL = "https://api.relaycast.dev"
• After: args = ["-y", "@relaycast/mcp", "--env", "RELAY_BASE_URL=https://api.relaycast.dev"]

Test plan

• Updated existing test to verify no [env] section in TOML output
• Added test for single env var as --env arg
• Added test for multiple env vars as multiple --env args
• Added test for env vars when args array is empty
• All 121 existing tests still pass

🤖 Generated with Claude Code

---

CodeAnt-AI Description

Pass MCP server environment variables to Codex as --env args, not a nested TOML env section

What Changed

• When a server defines env vars, they are converted into "--env KEY=VALUE" entries appended to the server's args array in the generated Codex config instead of creating a nested [mcp_servers..env] TOML section
• Supports combining existing args with env-derived --env entries and handles cases where args are empty (args created solely from env vars)
• Added tests verifying single env var, multiple env vars, and env-only scenarios and asserting no nested env section appears in the TOML output

Impact

✅ Correct env propagation to Codex MCP servers
✅ Fewer Codex config parsing errors due to unexpected nested env sections
✅ More predictable MCP startup when environment variables are required

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

[codeant-ai]

CodeAnt AI is reviewing your PR.

---

Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X ·
Reddit ·
LinkedIn

[my-senior-dev-pr-review]

🤖 My Senior Dev — Analysis Complete

👤 For @khaliqgant

📁 Expert in packages/ (215 edits) • ⚡ 9th PR this month

View your contributor analytics →

---

📊 2 files reviewed • 3 need attention

⚠️ Needs Attention:

• packages/cli/src/core/mcp.ts — Changes how environment variables are processed, impacting downstream usage and API compatibility.

---

🚀 Open Interactive Review →

The full interface unlocks features not available in GitHub:

• 💬 AI Chat — Ask questions on any file, get context-aware answers
• 🔍 Smart Hovers — See symbol definitions and usage without leaving the diff
• 📚 Code Archeology — Understand how files evolved over time (/archeology)
• 🎯 Learning Insights — See how this PR compares to similar changes

---

💬 Chat here: @my-senior-dev explain this change — or try @chaos-monkey @security-auditor @optimizer @skeptic @junior-dev

📖 View all 12 personas & slash commands

You can interact with me by mentioning @my-senior-dev in any comment:

In PR comments or on any line of code:

• Ask questions about the code or PR
• Request explanations of specific changes
• Get suggestions for improvements

Slash commands:

• /help — Show all available commands
• /archeology — See the history and evolution of changed files
• /profile — Performance analysis and suggestions
• /expertise — Find who knows this code best
• /personas — List all available AI personas

AI Personas (mention to get their perspective):

Persona	Focus
@chaos-monkey 🐵	Edge cases & failure scenarios
@skeptic 🤨	Challenge assumptions
@optimizer ⚡	Performance & efficiency
@security-auditor 🔒	Security vulnerabilities
@accessibility-advocate ♿	Inclusive design
@junior-dev 🌱	Simple explanations
@tech-debt-collector 💳	Code quality & shortcuts
@ux-champion 🎨	User experience
@devops-engineer 🚀	Deployment & scaling
@documentation-nazi 📚	Documentation gaps
@legacy-whisperer 🏛️	Working with existing code
@test-driven-purist ✅	Testing & TDD

For the best experience, view this PR on myseniordev.com — includes AI chat, file annotations, and interactive reviews.

[codeant-ai]

Sequence Diagram

This PR changes MCP server serialization so environment variables are emitted as repeated --env KEY=VALUE entries in the args array. The flow removes the nested env TOML section and writes a Codex-compatible command configuration.

sequenceDiagram
    participant CLI
    participant MergeFlow
    participant ConfigMapper
    participant TomlConfig
    participant Codex

    CLI->>MergeFlow: Merge MCP servers into codex config
    MergeFlow->>ConfigMapper: Convert server with command args and env
    ConfigMapper->>ConfigMapper: Append --env and KEY=VALUE to args
    ConfigMapper-->>MergeFlow: Return server config without nested env object
    MergeFlow->>TomlConfig: Write mcp server command and args array
    TomlConfig-->>Codex: Codex reads args and applies env values

Loading

---

Generated by CodeAnt AI

[cubic-dev-ai]

No issues found across 2 files

[codeant-ai]

Nitpicks 🔍

🔒 No security issues identified

⚡ Recommended areas for review Deterministic ordering The code iterates server.env with Object.entries(server.env) which preserves insertion order but can vary depending on how the object was constructed. This affects the ordering of generated --env args and can break deterministic config generation and equality checks (used during removal). Consider sorting keys to produce stable output. Potential duplicates If server.args already contains --env entries the new logic will append additional --env KEY=VALUE pairs, possibly duplicating environment variables. Consider detecting and avoiding duplicates or documenting that existing --env args will be preserved and new ones appended. Test fragility The new tests assert string containment on the generated TOML output (e.g. checking for '--env' and key=value substrings). These assertions can produce false positives (matching unrelated text) — the tests should validate the TOML structure (args array) rather than raw substrings. Args ordering / preservation The added test that verifies env flags are appended when args already exists checks for presence but not ordering or duplication. Confirm that original args are preserved and env flags are appended in a deterministic place and order. Multiple env handling The multiple-env test checks only for presence of individual KEY=VALUE strings. It does not verify there is a --env flag for each env entry, nor the count/order. Ensure each env entry maps to its own --env argument and consider testing ordering/determinism.

[codeant-ai]

CodeAnt AI finished reviewing your PR.