fix(windows-path): preserve PATH order; include core env vars

[cpjet64]

Preserve PATH precedence & fix Windows MCP env propagation

Problem & intent

Preserve user PATH precedence and reduce Windows setup friction for MCP servers by avoiding PATH reordering and ensuring Windows child processes receive essential env vars.

• Addresses: MCP servers fail to start on Windows due to missing inherited environment variables #4180 prepend_path_entry_for_apply_patch mangles $PATH and interferes with python virtualenv behavior #5225 MCP client for playwright failed to start: program not found #2945 Windows can not launch MCP servers using PNPM #3245 The solution for encountering the Error "Error creating local task: Error: Timeout" when using "startup_timeout_ms" under windows #3385 Unable to execute shell commands #2892 Playwright mcp fails on windows : program not found #3310 Vs Code Extension MCP timed out and program not found #3457 Documentation for Docker Desktop MCP Gateway #4370
• Supersedes: fix(mcp): preserve Windows env vars for MCP servers (#4180) #4182, fix(mcp): resolve Windows MCP startup timeout by adding essential environment variables #3866, fix: resolve Windows MCP server execution for script-based tools #3828 (overlapping/inferior once this merges)
• Notes: [apply-patch] Add binary to path #2626 / feat: use the arg0 trick with apply_patch #2646 are the original PATH-mutation sources being corrected.

---

Before / After

Before

• PATH was prepended with an apply_patch helper dir (Rust + Node wrapper), reordering tools and breaking virtualenvs/shims on macOS/Linux.
• On Windows, MCP servers missed core env vars and often failed to start without explicit per-server env blocks.

After

• Helper dir is appended to PATH (preserves user/tool precedence).
• Windows MCP child env now includes common core variables and mirrors PATH → Path, so typical CLIs/plugins work without per-server env blocks.

---

Scope of change

codex-rs/arg0/src/lib.rs

• Append temp/helper dir to PATH instead of prepending.

codex-cli/bin/codex.js

• Mirror the same append behavior for the Node wrapper.

codex-rs/rmcp-client/src/utils.rs

• Expand Windows DEFAULT_ENV_VARS (e.g., COMSPEC, SYSTEMROOT, PROGRAMFILES*, APPDATA, etc.).
• Mirror PATH → Path for Windows child processes.
• Small unit test; conditional mut + clippy cleanup.

---

Security effects

No broadened privileges. Only environment propagation for well-known Windows keys on stdio MCP child processes. No sandbox policy changes and no network additions.

---

Testing evidence

Static

• cargo fmt
• cargo clippy -p codex-arg0 -D warnings → clean
• cargo clippy -p codex-rmcp-client -D warnings → clean
• cargo test -p codex-rmcp-client → 13 passed

Manual

• Local verification on Windows PowerShell 5/7 and WSL (no unused_mut warnings on non-Windows targets).

---

Checklist

• Append (not prepend) helper dir to PATH in Rust and Node wrappers
• Windows MCP child inherits core env vars; PATH mirrored to Path
• cargo fmt / clippy clean across touched crates
• Unit tests updated/passing where applicable
• Cross-platform behavior preserved (macOS/Linux PATH precedence intact)

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[dylan-hurd-oai]

Commenting to say that this change feels reasonable to me, but am going to test this before approving

[cpjet64]

Commenting to say that this change feels reasonable to me, but am going to test this before approving

I have good availability today so if there are adjustments you want let me know and I can work on them ASAP. I want to get Windows up to where it needs to be. This goes for all of my PRs.

[dylan-hurd-oai]

@cpjet64 if we separate these changes, i'm happy to stamp the DEFAULT_ENV_VARS change and merge it

[cpjet64]

@dylan-hurd-oai Happy to do so but was hoping it would pass since my next PR for this issue is virtual shells like Python venv and such and the non-PATH fix is the foundation.

I will make this PR into a dedicated path fix in the meantime.

Thank you!

[dylan-hurd-oai]

I'm not opposed to switching to appending here, but the impacts of the path change are just more subtle, and might impact the success rate of apply_patch calls. Adding env vars to unblock better MCP support on windows feels much lower risk, so let's get that improvement in and we can focus on this PATH change here.

[cpjet64]

@dylan-hurd-oai Understood and I agree the env var change is definitely more low risk because I didn't consider the apply-patch impact in that manner. I'll split them now and get you a new commit in a few minutes! Later I'll dig more into apply_patch to make sure before I push a new PR for it. Thanks for that!

[cpjet64]

Update: Split the changes as requested.

• Kept this PR focused on Windows env passthrough only: expanded DEFAULT_ENV_VARS in codex-rs/rmcp-client/src/utils.rs. Removed the PATH/Path aliasing and reverted PATH ordering changes.
• Moved PATH precedence changes to a new PR: Windows: append helper dir to PATH (split from #5579; no env var changes) #5898 (append helper dir to PATH in arg0 + Node wrapper).

This should make #5579 low‑risk and ready for review/merge. If you’d like the PATH<->Path mirroring pursued as a separate follow‑up as well, I can open a dedicated PR for that too.

[cpjet64]

Update: Split the changes as requested.

• Kept this PR focused on Windows env passthrough only: expanded DEFAULT_ENV_VARS in codex-rs/rmcp-client/src/utils.rs. Removed the PATH/Path aliasing and reverted PATH ordering changes.
• Moved PATH precedence changes to a new PR: Windows: append helper dir to PATH (split from #5579; no env var changes) #5898 (append helper dir to PATH in arg0 + Node wrapper).

This should make #5579 low‑risk and ready for review/merge. If you’d like the PATH<->Path mirroring pursued as a separate follow‑up as well, I can open a dedicated PR for that too.

@dylan-hurd-oai my local bugged out do not merge that. Not everything was committed. Fixing now.

[cpjet64]

Update: Split the changes as requested.

• Kept this PR focused on Windows env passthrough only: expanded DEFAULT_ENV_VARS in codex-rs/rmcp-client/src/utils.rs. Removed the PATH/Path aliasing and reverted PATH ordering changes.
• Moved PATH precedence changes to a new PR: Windows: append helper dir to PATH (split from #5579; no env var changes) #5898 (append helper dir to PATH in arg0 + Node wrapper).

This should make #5579 low‑risk and ready for review/merge. If you’d like the PATH<->Path mirroring pursued as a separate follow‑up as well, I can open a dedicated PR for that too.

@dylan-hurd-oai my local bugged out do not merge that. Not everything was committed. Fixing now.

OK. BLUF. It was a browser cache issue and everything did actually commit properly GH just wasnt showing me the correct diff. We are good to go pending CI. Terrifying and embarrassing moment for me 😨 !