Codex CLI: MCP Apps Gain File Uploads, Resource Reads & Custom Server Tool Search
CodexCodex CLI 0.119.0 significantly expands what MCP Apps and custom MCP servers can do inside Codex. The update adds support for resource reads, file-parameter uploads, custom-server tool search, tool-call metadata, and server-driven elicitations.
Key Takeaways
- Resource reads are now supported for MCP Apps, allowing Codex to consume persistent data from MCP servers β not just invoke tools β enabling richer context-aware integrations.
- File-parameter uploads replace awkward base64 text workarounds, letting Codex pass actual files to MCP tools that expect binary or structured file content natively.
- Custom-server tool search enables dynamic tool discovery at runtime, so large or frequently updated MCP tool catalogs don't need to be fully pre-declared in configuration.
- Server-driven elicitations allow MCP servers to pause a workflow and ask the user a clarifying question through Codex's TUI, enabling more interactive and context-aware multi-step integrations.
- Tool-call metadata enriches each MCP request with session context and intent signals, improving observability and enabling smarter server-side behavior without extra round trips.
- Plugin cache reliability improvements reduce silent failures caused by stale capability data after an MCP server update, making long-running Codex sessions more stable.
Sources & Mentions
5 external resources covering this update
MCP Apps Get a Major Capability Expansion
Codex CLI 0.119.0 ships a substantial set of improvements to the MCP (Model Context Protocol) Apps layer, the integration surface that connects Codex to external tools and services. These changes collectively move MCP Apps from a basic tool-calling mechanism to a richer, more bidirectional integration platform.
Resource Reads
MCP Apps can now read resources exposed by MCP servers β not just call tools. Resources in the MCP protocol represent persistent data (files, documents, database records, configuration) that a server makes available for consumption. With this capability, Codex can now ask an MCP server for a resource directly, enabling integrations that pull live context from connected systems rather than relying solely on tool outputs.
File-Parameter Uploads
MCP tool calls that accept file parameters can now receive actual file uploads from within a Codex session. Previously, file content had to be passed as raw text or base64 strings within the tool call payload, which was cumbersome for large files and incompatible with many MCP server implementations. Native file-parameter upload support aligns Codex's MCP behavior with how MCP servers expect to receive binary or structured file content.
Custom-Server Tool Search
When a custom MCP server is configured, Codex can now perform tool search against that server β discovering available tools dynamically rather than relying on a pre-declared static list. This is particularly valuable for MCP servers that expose a large or dynamic tool catalog, allowing Codex to find the right tool at runtime rather than requiring users to configure every available tool upfront.
Tool-Call Metadata
Tool calls made through MCP Apps now carry richer metadata in the request payload. This metadata can include session context, user intent signals, and Codex-specific identifiers that MCP servers can use to tailor their responses or log interactions more precisely. The change improves observability and enables more context-aware MCP server behavior.
Server-Driven Elicitations
MCP servers can now initiate elicitations β prompting Codex to ask the user for additional information mid-flow. This supports workflows where a tool needs clarification before proceeding (e.g., "Which environment should this deploy to?") without requiring the MCP server to handle the user interaction directly. Codex surfaces the elicitation in the TUI as a prompt, collects the response, and passes it back to the server.
Plugin Cache Reliability
This release also improves reliability of the plugin cache layer, which stores MCP server capabilities locally to reduce startup latency. Cache invalidation logic is more robust in 0.119.0, reducing cases where stale capability data caused tool calls to fail silently after a server update.