On startup, Keen should simply try to connect using whatever credentials are already available.
If connection fails, Keen should notify the user in the REPL and suggest /mcp refresh <tool-name>.
OAuth tokens must be stored on disk and reused.
Reuse the existing OAuth flow in internal/auth/oauth.go and internal/auth/store.go.
Startup must not try to resolve auth or open the browser.
User-triggered refresh should initiate the full OAuth flow and open the browser.
Save a comprehensive phase 2 todo list in .ai-interactions/tasks/issue-43/output-2_mcp-phase-2.md, first describing what this phase is doing and then listing all tasks.
Implement phase 2.
Reuse existing OAuth code where possible. Explain what was missing if it is not reused directly.
/mcp refresh should not be only for OAuth. It should refresh the configured server using whatever auth mode applies.
mcpRuntime should be part of the REPL context or app state only if that matches existing architecture. Prefer declaring MCP runtime-related types in the mcp package, like config/providers patterns.
Put MCP-specific OAuth helpers in the mcp package and reuse generic pieces from internal/auth. Keep Keen provider OAuth and MCP OAuth separated.
The startup wait timeout is for the UI status command, not the underlying MCP connection attempts. Avoid making the REPL wait too long.
In handleMCPStartupStatus, wrap messages within the window and reuse existing wrapping helpers where sensible.
internal/cli/repl/mcp.go should not exist. Move those types into internal/mcp/types.go.
Remove premature synchronization from Manager.Start. Keen will not call Start twice inside the same process.
Remove manager-level wg; use local wait groups only.
Close() should sequentially close in-memory server sessions. Do not add locking unless it is needed.
Closing Streamable HTTP sessions on Keen shutdown is unnecessary and slows exit. Stop attempting to close Streamable HTTP on shutdown; still close stdio sessions.
Simplify closeSession after skipping Streamable HTTP in Close.
MCP can use its own logger; do not propagate the root logger into the MCP manager.
Since slog.Default() is the logger initialized in cmd/main.go, use slog.Default() directly in MCP.
Add proper MCP logs and review the latest log file to verify startup/connection visibility.
Add proper MCP logs and review the latest log file to verify startup/connection visibility.
/mcp status should use the same table style as the skills status table. Reuse existing table rendering where possible.
In /mcp status, disconnected should use ErrorStyle.
Startup should show failed MCPs early; do not wait for the full connection timeout before notifying the user.
Manual /mcp refresh needs enough time for OAuth browser authentication. Use a named refresh timeout constant and apply it to both the command context and refresh connect timeout.
Explain the MCP authentication flow from entry point to final authentication success.
Simplify MCP authentication:
Load OAuth tokens from auth.json once into manager memory.
API keys remain available from MCP config.
Startup goroutines read in-memory credentials.
/mcp refresh <server> opens browser for OAuth, saves the token to auth.json, and updates memory.
Remove unnecessary memory/disk token-store split.
Remove internal/mcp/doc.go.
In loadOAuthTokens, only load auth store entries with the mcp: prefix.
Simplify the MCP package by moving REPL-specific messages into internal/cli/repl/stream_msgs.go.
Remove runtimeSnapshot from Manager.
Remove local MCP tool argument schema validation and rely on server-side validation.
Remove unused Manager fields configPath and config.
Inspect the newly introduced serverRuntimeRWMutex, explain whether races are real, and identify every scenario where serverRuntime can be concurrently accessed.
Fix the unsynchronized rt.status read in discoverServer by moving it into the existing locked commit section.
Run race tests and confirm go test -race ./... passes.