From 0ed1d183d44240abe8e74f49cb3155eb69fa4cd2 Mon Sep 17 00:00:00 2001
From: qwertystars <62981066+qwertystars@users.noreply.github.com>
Date: Sat, 17 Jan 2026 16:36:23 +0530
Subject: [PATCH] fix(mcp): disable OAuth auto-detection for built-in MCPs

OpenCode's OAuth auto-detection was causing context7 and grep_app MCPs
to be disabled despite having enabled: true. Only websearch was working.

Root cause: Remote MCP servers trigger OAuth detection by default in
OpenCode, which can mark MCPs as 'needs_auth' or 'disabled' status
even when they don't require OAuth.

Fix: Add oauth: false to all 3 built-in MCP configs to explicitly
disable OAuth auto-detection. These MCPs either:
- Use no auth (context7, grep_app)
- Use API key header auth (websearch with EXA_API_KEY)
---
 src/mcp/context7.ts  | 1 +
 src/mcp/grep-app.ts  | 1 +
 src/mcp/index.ts     | 1 +
 src/mcp/websearch.ts | 2 ++
 4 files changed, 5 insertions(+)

diff --git a/src/mcp/context7.ts b/src/mcp/context7.ts
index bc85800f..e0649137 100644
--- a/src/mcp/context7.ts
+++ b/src/mcp/context7.ts
@@ -2,4 +2,5 @@ export const context7 = {
   type: "remote" as const,
   url: "https://mcp.context7.com/mcp",
   enabled: true,
+  oauth: false as const,
 }
diff --git a/src/mcp/grep-app.ts b/src/mcp/grep-app.ts
index 2c5db6d4..2ede9576 100644
--- a/src/mcp/grep-app.ts
+++ b/src/mcp/grep-app.ts
@@ -2,4 +2,5 @@ export const grep_app = {
   type: "remote" as const,
   url: "https://mcp.grep.app",
   enabled: true,
+  oauth: false as const,
 }
diff --git a/src/mcp/index.ts b/src/mcp/index.ts
index a887d8d3..db6f0537 100644
--- a/src/mcp/index.ts
+++ b/src/mcp/index.ts
@@ -10,6 +10,7 @@ type RemoteMcpConfig = {
   url: string
   enabled: boolean
   headers?: Record<string, string>
+  oauth?: false
 }
 
 const allBuiltinMcps: Record<McpName, RemoteMcpConfig> = {
diff --git a/src/mcp/websearch.ts b/src/mcp/websearch.ts
index afc4d2b1..cc267406 100644
--- a/src/mcp/websearch.ts
+++ b/src/mcp/websearch.ts
@@ -5,4 +5,6 @@ export const websearch = {
   headers: process.env.EXA_API_KEY
     ? { "x-api-key": process.env.EXA_API_KEY }
     : undefined,
+  // Disable OAuth auto-detection - Exa uses API key header, not OAuth
+  oauth: false as const,
 }