feat: re-forward live MCP servers per turn with OAuth mapping#19
Merged
justin-carper merged 1 commit intoJun 11, 2026
Merged
Conversation
The config hook only snapshots opencode's MCP set once at startup, so mid-session enable/disable never reached the Cursor agent. Re-forward the live set from chat.params using client.mcp.status() (runtime truth) + client.config.get() (launch specs), and force a fresh Agent.create when the forwarded set changes between turns (a resumed agent keeps its original servers). Map remote OAuth client registration (clientId/clientSecret/scope) onto the Cursor SDK's auth block so the agent runs its own OAuth flow. opencode's access token never lands in config.mcp, so servers needing OAuth without a shareable clientId (dynamic registration / needs_auth) are skipped and the user is notified via a one-time toast instead of forwarding a spec that 401s.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The plugin's
confighook snapshots opencode's MCP server set once at startup, bakes it into the provider options, and never re-reads it. opencode supports enabling/disabling MCP servers live mid-session, but those toggles never reached the Cursor agent — whatever was enabled at launch was frozen until restart.What changed
Dynamic per-turn re-forwarding (
chat.paramshook)client.mcp.status()(runtime truth: connected/disabled/needs_auth) +client.config.get()(launch specs)connectedservers, so mid-session enable/disable propagatesforwardMcp: false) and non-cursor models untouchedPool-aware change detection
TranscriptRecordgainsmcpHash;mcpServersFingerprint()hashes the forwarded set (order-independent)continuation, the pooled agent is resumed only if the MCP set is unchanged — otherwise a freshAgent.createruns (a resumed agent keeps its original servers)OAuth mapping
oauthclient registration (clientId/clientSecret/scope) → Cursor SDKauth { CLIENT_ID, CLIENT_SECRET?, scopes[] }, so the agent runs its own OAuth flow (and refreshes its own token)config.mcp, so servers needing OAuth with no shareableclientId(dynamic registration /needs_auth) are skipped and surfaced via a one-time warning toast instead of forwarding a spec that 401soauth:falseclientIdauth→ agent's own OAuth + refreshneeds_authw/o clientIdTests
+16 tests (174 total, all passing): status-filtered translation, OAuth clientId→auth mapping + scope splitting, dynamic-reg skip,
oauth:falsepassthrough,findUnshareableOAuthServers(config + live status), per-turn injection (connect/disconnect/non-cursor/opt-out), toast emission + once-only dedupe,mcpServersFingerprintstability, poolmcpHashround-trip.tsc --noEmitclean ·vitest run174/0 ·tsupbuild success.Note
Stacked on
feat/auto-session-reuse(#18) — the MCP change-detection reuses its fingerprint/pool machinery. Targeting that branch as base; rebase ontomainonce #18 merges.