Upgrade glob to version 10.5.0 (#485)

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: samanhappy <2755122+samanhappy@users.noreply.github.com>

Dockerfile

@@ -2,7 +2,7 @@ FROM python:3.13-slim-bookworm AS base
 
 COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
 
-RUN apt-get update && apt-get install -y curl gnupg git \
+RUN apt-get update && apt-get install -y curl gnupg git build-essential \
   && curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
   && apt-get install -y nodejs \
   && apt-get clean && rm -rf /var/lib/apt/lists/*

frontend/src/App.tsx

@@ -4,6 +4,7 @@ import { AuthProvider } from './contexts/AuthContext';
 import { ToastProvider } from './contexts/ToastContext';
 import { ThemeProvider } from './contexts/ThemeContext';
 import { ServerProvider } from './contexts/ServerContext';
+import { SettingsProvider } from './contexts/SettingsContext';
 import MainLayout from './layouts/MainLayout';
 import ProtectedRoute from './components/ProtectedRoute';
 import LoginPage from './pages/LoginPage';
@@ -29,6 +30,7 @@ function App() {
       <AuthProvider>
         <ServerProvider>
           <ToastProvider>
+            <SettingsProvider>
               <Router basename={basename}>
                 <Routes>
                   {/* 公共路由 */}
@@ -45,10 +47,7 @@ function App() {
                       <Route path="/market/:serverName" element={<MarketPage />} />
                       {/* Legacy cloud routes redirect to market with cloud tab */}
                       <Route path="/cloud" element={<Navigate to="/market?tab=cloud" replace />} />
-                  <Route
+                      <Route path="/cloud/:serverName" element={<CloudRedirect />} />
-                    path="/cloud/:serverName"
-                    element={<CloudRedirect />}
-                  />
                       <Route path="/logs" element={<LogsPage />} />
                       <Route path="/settings" element={<SettingsPage />} />
                     </Route>
@@ -58,6 +57,7 @@ function App() {
                   <Route path="*" element={<Navigate to="/" />} />
                 </Routes>
               </Router>
+            </SettingsProvider>
           </ToastProvider>
         </ServerProvider>
       </AuthProvider>

frontend/src/components/ServerCard.tsx

@@ -15,14 +15,16 @@ interface ServerCardProps {
   onEdit: (server: Server) => void;
   onToggle?: (server: Server, enabled: boolean) => Promise<boolean>;
   onRefresh?: () => void;
+  onReload?: (server: Server) => Promise<boolean>;
 }
 
-const ServerCard = ({ server, onRemove, onEdit, onToggle, onRefresh }: ServerCardProps) => {
+const ServerCard = ({ server, onRemove, onEdit, onToggle, onRefresh, onReload }: ServerCardProps) => {
   const { t } = useTranslation();
   const { showToast } = useToast();
   const [isExpanded, setIsExpanded] = useState(false);
   const [showDeleteDialog, setShowDeleteDialog] = useState(false);
   const [isToggling, setIsToggling] = useState(false);
+  const [isReloading, setIsReloading] = useState(false);
   const [showErrorPopover, setShowErrorPopover] = useState(false);
   const [copied, setCopied] = useState(false);
   const errorPopoverRef = useRef<HTMLDivElement>(null);
@@ -64,6 +66,26 @@ const ServerCard = ({ server, onRemove, onEdit, onToggle, onRefresh }: ServerCar
     }
   };
 
+  const handleReload = async (e: React.MouseEvent) => {
+    e.stopPropagation();
+    if (isReloading || !onReload) return;
+
+    setIsReloading(true);
+    try {
+      const success = await onReload(server);
+      if (success) {
+        showToast(t('server.reloadSuccess') || 'Server reloaded successfully', 'success');
+      } else {
+        showToast(
+          t('server.reloadError', { serverName: server.name }) || 'Failed to reload server',
+          'error',
+        );
+      }
+    } finally {
+      setIsReloading(false);
+    }
+  };
+
   const handleErrorIconClick = (e: React.MouseEvent) => {
     e.stopPropagation();
     setShowErrorPopover(!showErrorPopover);
@@ -106,6 +128,10 @@ const ServerCard = ({ server, onRemove, onEdit, onToggle, onRefresh }: ServerCar
     e.stopPropagation();
     try {
       const result = await exportMCPSettings(server.name);
+      if (!result || !result.success || !result.data) {
+        showToast(result?.message || t('common.copyFailed') || 'Copy failed', 'error');
+        return;
+      }
       const configJson = JSON.stringify(result.data, null, 2);
 
       if (navigator.clipboard && window.isSecureContext) {
@@ -326,7 +352,7 @@ const ServerCard = ({ server, onRemove, onEdit, onToggle, onRefresh }: ServerCar
                       ? 'bg-green-100 text-green-800 hover:bg-green-200 btn-secondary'
                       : 'bg-gray-100 text-gray-800 hover:bg-gray-200 btn-primary'
                 }`}
-                disabled={isToggling}
+                disabled={isToggling || isReloading}
               >
                 {isToggling
                   ? t('common.processing')
@@ -335,6 +361,15 @@ const ServerCard = ({ server, onRemove, onEdit, onToggle, onRefresh }: ServerCar
                     : t('server.enable')}
               </button>
             </div>
+            {server.enabled !== false && onReload && (
+              <button
+                onClick={handleReload}
+                className="px-3 py-1 bg-purple-100 text-purple-800 rounded hover:bg-purple-200 text-sm btn-secondary disabled:opacity-70 disabled:cursor-not-allowed"
+                disabled={isReloading || isToggling}
+              >
+                {isReloading ? t('common.processing') : t('server.reload')}
+              </button>
+            )}
             <button
               onClick={handleRemove}
               className="px-3 py-1 bg-red-100 text-red-800 rounded hover:bg-red-200 text-sm btn-danger"

frontend/src/components/ui/PromptCard.tsx

@@ -1,152 +1,174 @@
-import { useState, useCallback, useRef, useEffect } from 'react'
+import { useState, useCallback, useRef, useEffect } from 'react';
-import { useTranslation } from 'react-i18next'
+import { useTranslation } from 'react-i18next';
-import { Prompt } from '@/types'
+import { Prompt } from '@/types';
-import { ChevronDown, ChevronRight, Play, Loader, Edit, Check } from '@/components/icons/LucideIcons'
+import {
-import { Switch } from './ToggleGroup'
+  ChevronDown,
-import { getPrompt, PromptCallResult } from '@/services/promptService'
+  ChevronRight,
-import { useSettingsData } from '@/hooks/useSettingsData'
+  Play,
-import DynamicForm from './DynamicForm'
+  Loader,
-import PromptResult from './PromptResult'
+  Edit,
+  Check,
+} from '@/components/icons/LucideIcons';
+import { Switch } from './ToggleGroup';
+import { getPrompt, updatePromptDescription, PromptCallResult } from '@/services/promptService';
+import { useSettingsData } from '@/hooks/useSettingsData';
+import DynamicForm from './DynamicForm';
+import PromptResult from './PromptResult';
+import { useToast } from '@/contexts/ToastContext';
 
 interface PromptCardProps {
-  server: string
+  server: string;
-  prompt: Prompt
+  prompt: Prompt;
-  onToggle?: (promptName: string, enabled: boolean) => void
+  onToggle?: (promptName: string, enabled: boolean) => void;
-  onDescriptionUpdate?: (promptName: string, description: string) => void
+  onDescriptionUpdate?: (promptName: string, description: string) => void;
 }
 
 const PromptCard = ({ prompt, server, onToggle, onDescriptionUpdate }: PromptCardProps) => {
-  const { t } = useTranslation()
+  const { t } = useTranslation();
-  const { nameSeparator } = useSettingsData()
+  const { showToast } = useToast();
-  const [isExpanded, setIsExpanded] = useState(false)
+  const { nameSeparator } = useSettingsData();
-  const [showRunForm, setShowRunForm] = useState(false)
+  const [isExpanded, setIsExpanded] = useState(false);
-  const [isRunning, setIsRunning] = useState(false)
+  const [showRunForm, setShowRunForm] = useState(false);
-  const [result, setResult] = useState<PromptCallResult | null>(null)
+  const [isRunning, setIsRunning] = useState(false);
-  const [isEditingDescription, setIsEditingDescription] = useState(false)
+  const [result, setResult] = useState<PromptCallResult | null>(null);
-  const [customDescription, setCustomDescription] = useState(prompt.description || '')
+  const [isEditingDescription, setIsEditingDescription] = useState(false);
-  const descriptionInputRef = useRef<HTMLInputElement>(null)
+  const [customDescription, setCustomDescription] = useState(prompt.description || '');
-  const descriptionTextRef = useRef<HTMLSpanElement>(null)
+  const descriptionInputRef = useRef<HTMLInputElement>(null);
-  const [textWidth, setTextWidth] = useState<number>(0)
+  const descriptionTextRef = useRef<HTMLSpanElement>(null);
+  const [textWidth, setTextWidth] = useState<number>(0);
 
   // Focus the input when editing mode is activated
   useEffect(() => {
     if (isEditingDescription && descriptionInputRef.current) {
-      descriptionInputRef.current.focus()
+      descriptionInputRef.current.focus();
       // Set input width to match text width
       if (textWidth > 0) {
-        descriptionInputRef.current.style.width = `${textWidth + 20}px` // Add some padding
+        descriptionInputRef.current.style.width = `${textWidth + 20}px`; // Add some padding
       }
     }
-  }, [isEditingDescription, textWidth])
+  }, [isEditingDescription, textWidth]);
 
   // Measure text width when not editing
   useEffect(() => {
     if (!isEditingDescription && descriptionTextRef.current) {
-      setTextWidth(descriptionTextRef.current.offsetWidth)
+      setTextWidth(descriptionTextRef.current.offsetWidth);
     }
-  }, [isEditingDescription, customDescription])
+  }, [isEditingDescription, customDescription]);
 
   // Generate a unique key for localStorage based on prompt name and server
   const getStorageKey = useCallback(() => {
-    return `mcphub_prompt_form_${server ? `${server}_` : ''}${prompt.name}`
+    return `mcphub_prompt_form_${server ? `${server}_` : ''}${prompt.name}`;
-  }, [prompt.name, server])
+  }, [prompt.name, server]);
 
   // Clear form data from localStorage
   const clearStoredFormData = useCallback(() => {
-    localStorage.removeItem(getStorageKey())
+    localStorage.removeItem(getStorageKey());
-  }, [getStorageKey])
+  }, [getStorageKey]);
 
   const handleToggle = (enabled: boolean) => {
     if (onToggle) {
-      onToggle(prompt.name, enabled)
+      onToggle(prompt.name, enabled);
-    }
     }
+  };
 
   const handleDescriptionEdit = () => {
-    setIsEditingDescription(true)
+    setIsEditingDescription(true);
-  }
+  };
 
   const handleDescriptionSave = async () => {
-    // For now, we'll just update the local state
+    setIsEditingDescription(false);
-    // In a real implementation, you would call an API to update the description
+    try {
-    setIsEditingDescription(false)
+      const result = await updatePromptDescription(server, prompt.name, customDescription);
+      if (result.success) {
+        showToast(t('prompt.descriptionUpdateSuccess'), 'success');
         if (onDescriptionUpdate) {
-      onDescriptionUpdate(prompt.name, customDescription)
+          onDescriptionUpdate(prompt.name, customDescription);
         }
+      } else {
+        showToast(result.error || t('prompt.descriptionUpdateFailed'), 'error');
+        // Revert to original description on failure
+        setCustomDescription(prompt.description || '');
       }
+    } catch (error) {
+      console.error('Error updating prompt description:', error);
+      showToast(t('prompt.descriptionUpdateFailed'), 'error');
+      // Revert to original description on failure
+      setCustomDescription(prompt.description || '');
+    }
+  };
 
   const handleDescriptionChange = (e: React.ChangeEvent<HTMLInputElement>) => {
-    setCustomDescription(e.target.value)
+    setCustomDescription(e.target.value);
-  }
+  };
 
   const handleDescriptionKeyDown = (e: React.KeyboardEvent<HTMLInputElement>) => {
     if (e.key === 'Enter') {
-      handleDescriptionSave()
+      handleDescriptionSave();
     } else if (e.key === 'Escape') {
-      setCustomDescription(prompt.description || '')
+      setCustomDescription(prompt.description || '');
-      setIsEditingDescription(false)
+      setIsEditingDescription(false);
-    }
     }
+  };
 
   const handleGetPrompt = async (arguments_: Record<string, any>) => {
-    setIsRunning(true)
+    setIsRunning(true);
     try {
-      const result = await getPrompt({ promptName: prompt.name, arguments: arguments_ }, server)
+      const result = await getPrompt({ promptName: prompt.name, arguments: arguments_ }, server);
-      console.log('GetPrompt result:', result)
+      console.log('GetPrompt result:', result);
       setResult({
         success: result.success,
         data: result.data,
-        error: result.error
+        error: result.error,
-      })
+      });
       // Clear form data on successful submission
       // clearStoredFormData()
     } catch (error) {
       setResult({
         success: false,
         error: error instanceof Error ? error.message : 'Unknown error occurred',
-      })
+      });
     } finally {
-      setIsRunning(false)
+      setIsRunning(false);
-    }
     }
+  };
 
   const handleCancelRun = () => {
-    setShowRunForm(false)
+    setShowRunForm(false);
     // Clear form data when cancelled
-    clearStoredFormData()
+    clearStoredFormData();
-    setResult(null)
+    setResult(null);
-  }
+  };
 
   const handleCloseResult = () => {
-    setResult(null)
+    setResult(null);
-  }
+  };
 
   // Convert prompt arguments to ToolInputSchema format for DynamicForm
   const convertToSchema = () => {
     if (!prompt.arguments || prompt.arguments.length === 0) {
-      return { type: 'object', properties: {}, required: [] }
+      return { type: 'object', properties: {}, required: [] };
     }
 
-    const properties: Record<string, any> = {}
+    const properties: Record<string, any> = {};
-    const required: string[] = []
+    const required: string[] = [];
 
-    prompt.arguments.forEach(arg => {
+    prompt.arguments.forEach((arg) => {
       properties[arg.name] = {
         type: 'string', // Default to string for prompts
-        description: arg.description || ''
+        description: arg.description || '',
-      }
+      };
 
       if (arg.required) {
-        required.push(arg.name)
+        required.push(arg.name);
       }
-    })
+    });
 
     return {
       type: 'object',
       properties,
-      required
+      required,
-    }
+    };
-  }
+  };
 
   return (
     <div className="bg-white border border-gray-200 shadow rounded-lg p-4 mb-4">
@@ -158,9 +180,7 @@ const PromptCard = ({ prompt, server, onToggle, onDescriptionUpdate }: PromptCar
           <h3 className="text-lg font-medium text-gray-900">
             {prompt.name.replace(server + nameSeparator, '')}
             {prompt.title && (
-              <span className="ml-2 text-sm font-normal text-gray-600">
+              <span className="ml-2 text-sm font-normal text-gray-600">{prompt.title}</span>
-                {prompt.title}
-              </span>
             )}
             <span className="ml-2 text-sm font-normal text-gray-500 inline-flex items-center">
               {isEditingDescription ? (
@@ -175,14 +195,14 @@ const PromptCard = ({ prompt, server, onToggle, onDescriptionUpdate }: PromptCar
                     onClick={(e) => e.stopPropagation()}
                     style={{
                       minWidth: '100px',
-                      width: textWidth > 0 ? `${textWidth + 20}px` : 'auto'
+                      width: textWidth > 0 ? `${textWidth + 20}px` : 'auto',
                     }}
                   />
                   <button
                     className="ml-2 p-1 text-green-600 hover:text-green-800 cursor-pointer transition-colors"
                     onClick={(e) => {
-                      e.stopPropagation()
+                      e.stopPropagation();
-                      handleDescriptionSave()
+                      handleDescriptionSave();
                     }}
                   >
                     <Check size={16} />
@@ -190,12 +210,14 @@ const PromptCard = ({ prompt, server, onToggle, onDescriptionUpdate }: PromptCar
                 </>
               ) : (
                 <>
-                  <span ref={descriptionTextRef}>{customDescription || t('tool.noDescription')}</span>
+                  <span ref={descriptionTextRef}>
+                    {customDescription || t('tool.noDescription')}
+                  </span>
                   <button
                     className="ml-2 p-1 text-gray-500 hover:text-blue-600 cursor-pointer transition-colors"
                     onClick={(e) => {
-                      e.stopPropagation()
+                      e.stopPropagation();
-                      handleDescriptionEdit()
+                      handleDescriptionEdit();
                     }}
                   >
                     <Edit size={14} />
@@ -206,10 +228,7 @@ const PromptCard = ({ prompt, server, onToggle, onDescriptionUpdate }: PromptCar
           </h3>
         </div>
         <div className="flex items-center space-x-2">
-          <div
+          <div className="flex items-center space-x-2" onClick={(e) => e.stopPropagation()}>
-            className="flex items-center space-x-2"
-            onClick={(e) => e.stopPropagation()}
-          >
             {prompt.enabled !== undefined && (
               <Switch
                 checked={prompt.enabled}
@@ -220,18 +239,14 @@ const PromptCard = ({ prompt, server, onToggle, onDescriptionUpdate }: PromptCar
           </div>
           <button
             onClick={(e) => {
-              e.stopPropagation()
+              e.stopPropagation();
-              setIsExpanded(true) // Ensure card is expanded when showing run form
+              setIsExpanded(true); // Ensure card is expanded when showing run form
-              setShowRunForm(true)
+              setShowRunForm(true);
             }}
             className="flex items-center space-x-1 px-3 py-1 text-sm text-blue-600 bg-blue-50 hover:bg-blue-100 rounded-md transition-colors btn-primary"
             disabled={isRunning || !prompt.enabled}
           >
-            {isRunning ? (
+            {isRunning ? <Loader size={14} className="animate-spin" /> : <Play size={14} />}
-              <Loader size={14} className="animate-spin" />
-            ) : (
-              <Play size={14} />
-            )}
             <span>{isRunning ? t('tool.running') : t('tool.run')}</span>
           </button>
           <button className="text-gray-400 hover:text-gray-600">
@@ -251,7 +266,9 @@ const PromptCard = ({ prompt, server, onToggle, onDescriptionUpdate }: PromptCar
                 onCancel={handleCancelRun}
                 loading={isRunning}
                 storageKey={getStorageKey()}
-                title={t('prompt.runPromptWithName', { name: prompt.name.replace(server + nameSeparator, '') })}
+                title={t('prompt.runPromptWithName', {
+                  name: prompt.name.replace(server + nameSeparator, ''),
+                })}
               />
               {/* Prompt Result */}
               {result && (
@@ -278,9 +295,7 @@ const PromptCard = ({ prompt, server, onToggle, onDescriptionUpdate }: PromptCar
                         <p className="text-sm text-gray-600 mt-1">{arg.description}</p>
                       )}
                     </div>
-                    <div className="text-xs text-gray-500 ml-2">
+                    <div className="text-xs text-gray-500 ml-2">{arg.title || ''}</div>
-                      {arg.title || ''}
-                    </div>
                   </div>
                 ))}
               </div>
@@ -296,7 +311,7 @@ const PromptCard = ({ prompt, server, onToggle, onDescriptionUpdate }: PromptCar
         </div>
       )}
     </div>
-  )
+  );
-}
+};
 
-export default PromptCard
+export default PromptCard;

frontend/src/contexts/ServerContext.tsx

@@ -30,6 +30,7 @@ interface ServerContextType {
   handleServerEdit: (server: Server) => Promise<any>;
   handleServerRemove: (serverName: string) => Promise<boolean>;
   handleServerToggle: (server: Server, enabled: boolean) => Promise<boolean>;
+  handleServerReload: (server: Server) => Promise<boolean>;
 }
 
 // Create Context
@@ -358,6 +359,30 @@ export const ServerProvider: React.FC<{ children: React.ReactNode }> = ({ childr
     [t],
   );
 
+  const handleServerReload = useCallback(
+    async (server: Server) => {
+      try {
+        const encodedServerName = encodeURIComponent(server.name);
+        const result = await apiPost(`/servers/${encodedServerName}/reload`, {});
+
+        if (!result || !result.success) {
+          console.error('Failed to reload server:', result);
+          setError(t('server.reloadError', { serverName: server.name }));
+          return false;
+        }
+
+        // Refresh server list after successful reload
+        triggerRefresh();
+        return true;
+      } catch (err) {
+        console.error('Error reloading server:', err);
+        setError(err instanceof Error ? err.message : String(err));
+        return false;
+      }
+    },
+    [t, triggerRefresh],
+  );
+
   const value: ServerContextType = {
     servers,
     error,
@@ -370,6 +395,7 @@ export const ServerProvider: React.FC<{ children: React.ReactNode }> = ({ childr
     handleServerEdit,
     handleServerRemove,
     handleServerToggle,
+    handleServerReload,
   };
 
   return <ServerContext.Provider value={value}>{children}</ServerContext.Provider>;

frontend/src/contexts/SettingsContext.tsx

@@ -0,0 +1,705 @@
+import React, {
+  createContext,
+  useContext,
+  useState,
+  useCallback,
+  useEffect,
+  ReactNode,
+} from 'react';
+import { useTranslation } from 'react-i18next';
+import { ApiResponse } from '@/types';
+import { useToast } from '@/contexts/ToastContext';
+import { apiGet, apiPut } from '@/utils/fetchInterceptor';
+
+// Define types for the settings data
+interface RoutingConfig {
+  enableGlobalRoute: boolean;
+  enableGroupNameRoute: boolean;
+  enableBearerAuth: boolean;
+  bearerAuthKey: string;
+  skipAuth: boolean;
+}
+
+interface InstallConfig {
+  pythonIndexUrl: string;
+  npmRegistry: string;
+  baseUrl: string;
+}
+
+interface SmartRoutingConfig {
+  enabled: boolean;
+  dbUrl: string;
+  openaiApiBaseUrl: string;
+  openaiApiKey: string;
+  openaiApiEmbeddingModel: string;
+}
+
+interface MCPRouterConfig {
+  apiKey: string;
+  referer: string;
+  title: string;
+  baseUrl: string;
+}
+
+interface OAuthServerConfig {
+  enabled: boolean;
+  accessTokenLifetime: number;
+  refreshTokenLifetime: number;
+  authorizationCodeLifetime: number;
+  requireClientSecret: boolean;
+  allowedScopes: string[];
+  requireState: boolean;
+  dynamicRegistration: {
+    enabled: boolean;
+    allowedGrantTypes: string[];
+    requiresAuthentication: boolean;
+  };
+}
+
+interface SystemSettings {
+  systemConfig?: {
+    routing?: RoutingConfig;
+    install?: InstallConfig;
+    smartRouting?: SmartRoutingConfig;
+    mcpRouter?: MCPRouterConfig;
+    nameSeparator?: string;
+    oauthServer?: OAuthServerConfig;
+    enableSessionRebuild?: boolean;
+  };
+}
+
+interface TempRoutingConfig {
+  bearerAuthKey: string;
+}
+
+interface SettingsContextValue {
+  routingConfig: RoutingConfig;
+  tempRoutingConfig: TempRoutingConfig;
+  setTempRoutingConfig: React.Dispatch<React.SetStateAction<TempRoutingConfig>>;
+  installConfig: InstallConfig;
+  smartRoutingConfig: SmartRoutingConfig;
+  mcpRouterConfig: MCPRouterConfig;
+  oauthServerConfig: OAuthServerConfig;
+  nameSeparator: string;
+  enableSessionRebuild: boolean;
+  loading: boolean;
+  error: string | null;
+  setError: React.Dispatch<React.SetStateAction<string | null>>;
+  triggerRefresh: () => void;
+  fetchSettings: () => Promise<void>;
+  updateRoutingConfig: (key: keyof RoutingConfig, value: any) => Promise<boolean | undefined>;
+  updateInstallConfig: (key: keyof InstallConfig, value: any) => Promise<boolean | undefined>;
+  updateSmartRoutingConfig: (
+    key: keyof SmartRoutingConfig,
+    value: any,
+  ) => Promise<boolean | undefined>;
+  updateSmartRoutingConfigBatch: (
+    updates: Partial<SmartRoutingConfig>,
+  ) => Promise<boolean | undefined>;
+  updateRoutingConfigBatch: (updates: Partial<RoutingConfig>) => Promise<boolean | undefined>;
+  updateMCPRouterConfig: (key: keyof MCPRouterConfig, value: any) => Promise<boolean | undefined>;
+  updateMCPRouterConfigBatch: (updates: Partial<MCPRouterConfig>) => Promise<boolean | undefined>;
+  updateOAuthServerConfig: (
+    key: keyof OAuthServerConfig,
+    value: any,
+  ) => Promise<boolean | undefined>;
+  updateOAuthServerConfigBatch: (
+    updates: Partial<OAuthServerConfig>,
+  ) => Promise<boolean | undefined>;
+  updateNameSeparator: (value: string) => Promise<boolean | undefined>;
+  updateSessionRebuild: (value: boolean) => Promise<boolean | undefined>;
+  exportMCPSettings: (serverName?: string) => Promise<any>;
+}
+
+const getDefaultOAuthServerConfig = (): OAuthServerConfig => ({
+  enabled: true,
+  accessTokenLifetime: 3600,
+  refreshTokenLifetime: 1209600,
+  authorizationCodeLifetime: 300,
+  requireClientSecret: false,
+  allowedScopes: ['read', 'write'],
+  requireState: false,
+  dynamicRegistration: {
+    enabled: true,
+    allowedGrantTypes: ['authorization_code', 'refresh_token'],
+    requiresAuthentication: false,
+  },
+});
+
+const SettingsContext = createContext<SettingsContextValue | undefined>(undefined);
+
+export const useSettings = () => {
+  const context = useContext(SettingsContext);
+  if (!context) {
+    throw new Error('useSettings must be used within a SettingsProvider');
+  }
+  return context;
+};
+
+interface SettingsProviderProps {
+  children: ReactNode;
+}
+
+export const SettingsProvider: React.FC<SettingsProviderProps> = ({ children }) => {
+  const { t } = useTranslation();
+  const { showToast } = useToast();
+
+  const [routingConfig, setRoutingConfig] = useState<RoutingConfig>({
+    enableGlobalRoute: true,
+    enableGroupNameRoute: true,
+    enableBearerAuth: false,
+    bearerAuthKey: '',
+    skipAuth: false,
+  });
+
+  const [tempRoutingConfig, setTempRoutingConfig] = useState<TempRoutingConfig>({
+    bearerAuthKey: '',
+  });
+
+  const [installConfig, setInstallConfig] = useState<InstallConfig>({
+    pythonIndexUrl: '',
+    npmRegistry: '',
+    baseUrl: 'http://localhost:3000',
+  });
+
+  const [smartRoutingConfig, setSmartRoutingConfig] = useState<SmartRoutingConfig>({
+    enabled: false,
+    dbUrl: '',
+    openaiApiBaseUrl: '',
+    openaiApiKey: '',
+    openaiApiEmbeddingModel: '',
+  });
+
+  const [mcpRouterConfig, setMCPRouterConfig] = useState<MCPRouterConfig>({
+    apiKey: '',
+    referer: 'https://www.mcphubx.com',
+    title: 'MCPHub',
+    baseUrl: 'https://api.mcprouter.to/v1',
+  });
+
+  const [oauthServerConfig, setOAuthServerConfig] = useState<OAuthServerConfig>(
+    getDefaultOAuthServerConfig(),
+  );
+
+  const [nameSeparator, setNameSeparator] = useState<string>('-');
+  const [enableSessionRebuild, setEnableSessionRebuild] = useState<boolean>(false);
+
+  const [loading, setLoading] = useState(false);
+  const [error, setError] = useState<string | null>(null);
+  const [refreshKey, setRefreshKey] = useState(0);
+
+  // Trigger a refresh of the settings data
+  const triggerRefresh = useCallback(() => {
+    setRefreshKey((prev) => prev + 1);
+  }, []);
+
+  // Fetch current settings
+  const fetchSettings = useCallback(async () => {
+    setLoading(true);
+    setError(null);
+
+    try {
+      const data: ApiResponse<SystemSettings> = await apiGet('/settings');
+
+      if (data.success && data.data?.systemConfig?.routing) {
+        setRoutingConfig({
+          enableGlobalRoute: data.data.systemConfig.routing.enableGlobalRoute ?? true,
+          enableGroupNameRoute: data.data.systemConfig.routing.enableGroupNameRoute ?? true,
+          enableBearerAuth: data.data.systemConfig.routing.enableBearerAuth ?? false,
+          bearerAuthKey: data.data.systemConfig.routing.bearerAuthKey || '',
+          skipAuth: data.data.systemConfig.routing.skipAuth ?? false,
+        });
+      }
+      if (data.success && data.data?.systemConfig?.install) {
+        setInstallConfig({
+          pythonIndexUrl: data.data.systemConfig.install.pythonIndexUrl || '',
+          npmRegistry: data.data.systemConfig.install.npmRegistry || '',
+          baseUrl: data.data.systemConfig.install.baseUrl || 'http://localhost:3000',
+        });
+      }
+      if (data.success && data.data?.systemConfig?.smartRouting) {
+        setSmartRoutingConfig({
+          enabled: data.data.systemConfig.smartRouting.enabled ?? false,
+          dbUrl: data.data.systemConfig.smartRouting.dbUrl || '',
+          openaiApiBaseUrl: data.data.systemConfig.smartRouting.openaiApiBaseUrl || '',
+          openaiApiKey: data.data.systemConfig.smartRouting.openaiApiKey || '',
+          openaiApiEmbeddingModel:
+            data.data.systemConfig.smartRouting.openaiApiEmbeddingModel || '',
+        });
+      }
+      if (data.success && data.data?.systemConfig?.mcpRouter) {
+        setMCPRouterConfig({
+          apiKey: data.data.systemConfig.mcpRouter.apiKey || '',
+          referer: data.data.systemConfig.mcpRouter.referer || 'https://www.mcphubx.com',
+          title: data.data.systemConfig.mcpRouter.title || 'MCPHub',
+          baseUrl: data.data.systemConfig.mcpRouter.baseUrl || 'https://api.mcprouter.to/v1',
+        });
+      }
+      if (data.success) {
+        if (data.data?.systemConfig?.oauthServer) {
+          const oauth = data.data.systemConfig.oauthServer;
+          const defaultOauthConfig = getDefaultOAuthServerConfig();
+          const defaultDynamic = defaultOauthConfig.dynamicRegistration;
+          const allowedScopes = Array.isArray(oauth.allowedScopes)
+            ? [...oauth.allowedScopes]
+            : [...defaultOauthConfig.allowedScopes];
+          const dynamicAllowedGrantTypes = Array.isArray(
+            oauth.dynamicRegistration?.allowedGrantTypes,
+          )
+            ? [...oauth.dynamicRegistration!.allowedGrantTypes!]
+            : [...defaultDynamic.allowedGrantTypes];
+
+          setOAuthServerConfig({
+            enabled: oauth.enabled ?? defaultOauthConfig.enabled,
+            accessTokenLifetime:
+              oauth.accessTokenLifetime ?? defaultOauthConfig.accessTokenLifetime,
+            refreshTokenLifetime:
+              oauth.refreshTokenLifetime ?? defaultOauthConfig.refreshTokenLifetime,
+            authorizationCodeLifetime:
+              oauth.authorizationCodeLifetime ?? defaultOauthConfig.authorizationCodeLifetime,
+            requireClientSecret:
+              oauth.requireClientSecret ?? defaultOauthConfig.requireClientSecret,
+            requireState: oauth.requireState ?? defaultOauthConfig.requireState,
+            allowedScopes,
+            dynamicRegistration: {
+              enabled: oauth.dynamicRegistration?.enabled ?? defaultDynamic.enabled,
+              allowedGrantTypes: dynamicAllowedGrantTypes,
+              requiresAuthentication:
+                oauth.dynamicRegistration?.requiresAuthentication ??
+                defaultDynamic.requiresAuthentication,
+            },
+          });
+        } else {
+          setOAuthServerConfig(getDefaultOAuthServerConfig());
+        }
+      }
+      if (data.success && data.data?.systemConfig?.nameSeparator !== undefined) {
+        setNameSeparator(data.data.systemConfig.nameSeparator);
+      }
+      if (data.success && data.data?.systemConfig?.enableSessionRebuild !== undefined) {
+        setEnableSessionRebuild(data.data.systemConfig.enableSessionRebuild);
+      }
+    } catch (error) {
+      console.error('Failed to fetch settings:', error);
+      setError(error instanceof Error ? error.message : 'Failed to fetch settings');
+      showToast(t('errors.failedToFetchSettings'));
+    } finally {
+      setLoading(false);
+    }
+  }, [t, showToast]);
+
+  // Update routing configuration
+  const updateRoutingConfig = async (key: keyof RoutingConfig, value: any) => {
+    setLoading(true);
+    setError(null);
+
+    try {
+      const data = await apiPut('/system-config', {
+        routing: {
+          [key]: value,
+        },
+      });
+
+      if (data.success) {
+        setRoutingConfig({
+          ...routingConfig,
+          [key]: value,
+        });
+        showToast(t('settings.systemConfigUpdated'));
+        return true;
+      } else {
+        setError(data.error || 'Failed to update routing config');
+        showToast(data.error || t('errors.failedToUpdateRoutingConfig'));
+        return false;
+      }
+    } catch (error) {
+      console.error('Failed to update routing config:', error);
+      setError(error instanceof Error ? error.message : 'Failed to update routing config');
+      showToast(t('errors.failedToUpdateRoutingConfig'));
+      return false;
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  // Update install configuration
+  const updateInstallConfig = async (key: keyof InstallConfig, value: any) => {
+    setLoading(true);
+    setError(null);
+
+    try {
+      const data = await apiPut('/system-config', {
+        install: {
+          [key]: value,
+        },
+      });
+
+      if (data.success) {
+        setInstallConfig({
+          ...installConfig,
+          [key]: value,
+        });
+        showToast(t('settings.systemConfigUpdated'));
+        return true;
+      } else {
+        setError(data.error || 'Failed to update install config');
+        showToast(data.error || t('errors.failedToUpdateInstallConfig'));
+        return false;
+      }
+    } catch (error) {
+      console.error('Failed to update install config:', error);
+      setError(error instanceof Error ? error.message : 'Failed to update install config');
+      showToast(t('errors.failedToUpdateInstallConfig'));
+      return false;
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  // Update smart routing configuration
+  const updateSmartRoutingConfig = async (key: keyof SmartRoutingConfig, value: any) => {
+    setLoading(true);
+    setError(null);
+
+    try {
+      const data = await apiPut('/system-config', {
+        smartRouting: {
+          [key]: value,
+        },
+      });
+
+      if (data.success) {
+        setSmartRoutingConfig({
+          ...smartRoutingConfig,
+          [key]: value,
+        });
+        showToast(t('settings.systemConfigUpdated'));
+        return true;
+      } else {
+        setError(data.error || 'Failed to update smart routing config');
+        showToast(data.error || t('errors.failedToUpdateSmartRoutingConfig'));
+        return false;
+      }
+    } catch (error) {
+      console.error('Failed to update smart routing config:', error);
+      setError(error instanceof Error ? error.message : 'Failed to update smart routing config');
+      showToast(t('errors.failedToUpdateSmartRoutingConfig'));
+      return false;
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  // Batch update smart routing configuration
+  const updateSmartRoutingConfigBatch = async (updates: Partial<SmartRoutingConfig>) => {
+    setLoading(true);
+    setError(null);
+
+    try {
+      const data = await apiPut('/system-config', {
+        smartRouting: updates,
+      });
+
+      if (data.success) {
+        setSmartRoutingConfig({
+          ...smartRoutingConfig,
+          ...updates,
+        });
+        showToast(t('settings.systemConfigUpdated'));
+        return true;
+      } else {
+        setError(data.error || 'Failed to update smart routing config');
+        showToast(data.error || t('errors.failedToUpdateSmartRoutingConfig'));
+        return false;
+      }
+    } catch (error) {
+      console.error('Failed to update smart routing config:', error);
+      setError(error instanceof Error ? error.message : 'Failed to update smart routing config');
+      showToast(t('errors.failedToUpdateSmartRoutingConfig'));
+      return false;
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  // Batch update routing configuration
+  const updateRoutingConfigBatch = async (updates: Partial<RoutingConfig>) => {
+    setLoading(true);
+    setError(null);
+
+    try {
+      const data = await apiPut('/system-config', {
+        routing: updates,
+      });
+
+      if (data.success) {
+        setRoutingConfig({
+          ...routingConfig,
+          ...updates,
+        });
+        showToast(t('settings.systemConfigUpdated'));
+        return true;
+      } else {
+        setError(data.error || 'Failed to update routing config');
+        showToast(data.error || t('errors.failedToUpdateRoutingConfig'));
+        return false;
+      }
+    } catch (error) {
+      console.error('Failed to update routing config:', error);
+      setError(error instanceof Error ? error.message : 'Failed to update routing config');
+      showToast(t('errors.failedToUpdateRoutingConfig'));
+      return false;
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  // Update MCP Router configuration
+  const updateMCPRouterConfig = async (key: keyof MCPRouterConfig, value: any) => {
+    setLoading(true);
+    setError(null);
+
+    try {
+      const data = await apiPut('/system-config', {
+        mcpRouter: {
+          [key]: value,
+        },
+      });
+
+      if (data.success) {
+        setMCPRouterConfig({
+          ...mcpRouterConfig,
+          [key]: value,
+        });
+        showToast(t('settings.systemConfigUpdated'));
+        return true;
+      } else {
+        setError(data.error || 'Failed to update MCP Router config');
+        showToast(data.error || t('errors.failedToUpdateMCPRouterConfig'));
+        return false;
+      }
+    } catch (error) {
+      console.error('Failed to update MCP Router config:', error);
+      setError(error instanceof Error ? error.message : 'Failed to update MCP Router config');
+      showToast(t('errors.failedToUpdateMCPRouterConfig'));
+      return false;
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  // Batch update MCP Router configuration
+  const updateMCPRouterConfigBatch = async (updates: Partial<MCPRouterConfig>) => {
+    setLoading(true);
+    setError(null);
+
+    try {
+      const data = await apiPut('/system-config', {
+        mcpRouter: updates,
+      });
+
+      if (data.success) {
+        setMCPRouterConfig({
+          ...mcpRouterConfig,
+          ...updates,
+        });
+        showToast(t('settings.systemConfigUpdated'));
+        return true;
+      } else {
+        setError(data.error || 'Failed to update MCP Router config');
+        showToast(data.error || t('errors.failedToUpdateMCPRouterConfig'));
+        return false;
+      }
+    } catch (error) {
+      console.error('Failed to update MCP Router config:', error);
+      setError(error instanceof Error ? error.message : 'Failed to update MCP Router config');
+      showToast(t('errors.failedToUpdateMCPRouterConfig'));
+      return false;
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  // Update OAuth server configuration
+  const updateOAuthServerConfig = async (key: keyof OAuthServerConfig, value: any) => {
+    setLoading(true);
+    setError(null);
+
+    try {
+      const data = await apiPut('/system-config', {
+        oauthServer: {
+          [key]: value,
+        },
+      });
+
+      if (data.success) {
+        setOAuthServerConfig({
+          ...oauthServerConfig,
+          [key]: value,
+        });
+        showToast(t('settings.systemConfigUpdated'));
+        return true;
+      } else {
+        setError(data.error || 'Failed to update OAuth server config');
+        showToast(data.error || t('errors.failedToUpdateOAuthServerConfig'));
+        return false;
+      }
+    } catch (error) {
+      console.error('Failed to update OAuth server config:', error);
+      setError(error instanceof Error ? error.message : 'Failed to update OAuth server config');
+      showToast(t('errors.failedToUpdateOAuthServerConfig'));
+      return false;
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  // Batch update OAuth server configuration
+  const updateOAuthServerConfigBatch = async (updates: Partial<OAuthServerConfig>) => {
+    setLoading(true);
+    setError(null);
+
+    try {
+      const data = await apiPut('/system-config', {
+        oauthServer: updates,
+      });
+
+      if (data.success) {
+        setOAuthServerConfig({
+          ...oauthServerConfig,
+          ...updates,
+        });
+        showToast(t('settings.systemConfigUpdated'));
+        return true;
+      } else {
+        setError(data.error || 'Failed to update OAuth server config');
+        showToast(data.error || t('errors.failedToUpdateOAuthServerConfig'));
+        return false;
+      }
+    } catch (error) {
+      console.error('Failed to update OAuth server config:', error);
+      setError(error instanceof Error ? error.message : 'Failed to update OAuth server config');
+      showToast(t('errors.failedToUpdateOAuthServerConfig'));
+      return false;
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  // Update name separator
+  const updateNameSeparator = async (value: string) => {
+    setLoading(true);
+    setError(null);
+
+    try {
+      const data = await apiPut('/system-config', {
+        nameSeparator: value,
+      });
+
+      if (data.success) {
+        setNameSeparator(value);
+        showToast(t('settings.systemConfigUpdated'));
+        return true;
+      } else {
+        setError(data.error || 'Failed to update name separator');
+        showToast(data.error || t('errors.failedToUpdateNameSeparator'));
+        return false;
+      }
+    } catch (error) {
+      console.error('Failed to update name separator:', error);
+      setError(error instanceof Error ? error.message : 'Failed to update name separator');
+      showToast(t('errors.failedToUpdateNameSeparator'));
+      return false;
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  // Update session rebuild flag
+  const updateSessionRebuild = async (value: boolean) => {
+    setLoading(true);
+    setError(null);
+
+    try {
+      const data = await apiPut('/system-config', {
+        enableSessionRebuild: value,
+      });
+
+      if (data.success) {
+        setEnableSessionRebuild(value);
+        showToast(t('settings.systemConfigUpdated'));
+        return true;
+      } else {
+        setError(data.error || 'Failed to update session rebuild setting');
+        showToast(data.error || t('errors.failedToUpdateSessionRebuild'));
+        return false;
+      }
+    } catch (error) {
+      console.error('Failed to update session rebuild setting:', error);
+      setError(error instanceof Error ? error.message : 'Failed to update session rebuild setting');
+      showToast(t('errors.failedToUpdateSessionRebuild'));
+      return false;
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  const exportMCPSettings = async (serverName?: string) => {
+    setLoading(true);
+    setError(null);
+    try {
+      return await apiGet(`/mcp-settings/export?serverName=${serverName ? serverName : ''}`);
+    } catch (error) {
+      console.error('Failed to export MCP settings:', error);
+      const errorMessage = error instanceof Error ? error.message : 'Failed to export MCP settings';
+      setError(errorMessage);
+      showToast(errorMessage);
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  // Fetch settings when the component mounts or refreshKey changes
+  useEffect(() => {
+    fetchSettings();
+  }, [fetchSettings, refreshKey]);
+
+  useEffect(() => {
+    if (routingConfig) {
+      setTempRoutingConfig({
+        bearerAuthKey: routingConfig.bearerAuthKey,
+      });
+    }
+  }, [routingConfig]);
+
+  const value: SettingsContextValue = {
+    routingConfig,
+    tempRoutingConfig,
+    setTempRoutingConfig,
+    installConfig,
+    smartRoutingConfig,
+    mcpRouterConfig,
+    oauthServerConfig,
+    nameSeparator,
+    enableSessionRebuild,
+    loading,
+    error,
+    setError,
+    triggerRefresh,
+    fetchSettings,
+    updateRoutingConfig,
+    updateInstallConfig,
+    updateSmartRoutingConfig,
+    updateSmartRoutingConfigBatch,
+    updateRoutingConfigBatch,
+    updateMCPRouterConfig,
+    updateMCPRouterConfigBatch,
+    updateOAuthServerConfig,
+    updateOAuthServerConfigBatch,
+    updateNameSeparator,
+    updateSessionRebuild,
+    exportMCPSettings,
+  };
+
+  return <SettingsContext.Provider value={value}>{children}</SettingsContext.Provider>;
+};

frontend/src/hooks/useSettingsData.ts

@@ -1,658 +1,10 @@
-import { useState, useCallback, useEffect } from 'react';
+import { useSettings } from '@/contexts/SettingsContext';
-import { useTranslation } from 'react-i18next';
-import { ApiResponse } from '@/types';
-import { useToast } from '@/contexts/ToastContext';
-import { apiGet, apiPut } from '../utils/fetchInterceptor';
-
-// Define types for the settings data
-interface RoutingConfig {
-  enableGlobalRoute: boolean;
-  enableGroupNameRoute: boolean;
-  enableBearerAuth: boolean;
-  bearerAuthKey: string;
-  skipAuth: boolean;
-}
-
-interface InstallConfig {
-  pythonIndexUrl: string;
-  npmRegistry: string;
-  baseUrl: string;
-}
-
-interface SmartRoutingConfig {
-  enabled: boolean;
-  dbUrl: string;
-  openaiApiBaseUrl: string;
-  openaiApiKey: string;
-  openaiApiEmbeddingModel: string;
-}
-
-interface MCPRouterConfig {
-  apiKey: string;
-  referer: string;
-  title: string;
-  baseUrl: string;
-}
-
-interface OAuthServerConfig {
-  enabled: boolean;
-  accessTokenLifetime: number;
-  refreshTokenLifetime: number;
-  authorizationCodeLifetime: number;
-  requireClientSecret: boolean;
-  allowedScopes: string[];
-  requireState: boolean;
-  dynamicRegistration: {
-    enabled: boolean;
-    allowedGrantTypes: string[];
-    requiresAuthentication: boolean;
-  };
-}
-
-interface SystemSettings {
-  systemConfig?: {
-    routing?: RoutingConfig;
-    install?: InstallConfig;
-    smartRouting?: SmartRoutingConfig;
-    mcpRouter?: MCPRouterConfig;
-    nameSeparator?: string;
-    oauthServer?: OAuthServerConfig;
-    enableSessionRebuild?: boolean;
-  };
-}
-
-interface TempRoutingConfig {
-  bearerAuthKey: string;
-}
-
-const getDefaultOAuthServerConfig = (): OAuthServerConfig => ({
-  enabled: true,
-  accessTokenLifetime: 3600,
-  refreshTokenLifetime: 1209600,
-  authorizationCodeLifetime: 300,
-  requireClientSecret: false,
-  allowedScopes: ['read', 'write'],
-  requireState: false,
-  dynamicRegistration: {
-    enabled: true,
-    allowedGrantTypes: ['authorization_code', 'refresh_token'],
-    requiresAuthentication: false,
-  },
-});
 
+/**
+ * Hook that provides access to settings data via SettingsContext.
+ * This hook is a thin wrapper around useSettings to maintain backward compatibility.
+ * The actual data fetching happens once in SettingsProvider, avoiding duplicate API calls.
+ */
 export const useSettingsData = () => {
-  const { t } = useTranslation();
+  return useSettings();
-  const { showToast } = useToast();
-
-  const [routingConfig, setRoutingConfig] = useState<RoutingConfig>({
-    enableGlobalRoute: true,
-    enableGroupNameRoute: true,
-    enableBearerAuth: false,
-    bearerAuthKey: '',
-    skipAuth: false,
-  });
-
-  const [tempRoutingConfig, setTempRoutingConfig] = useState<TempRoutingConfig>({
-    bearerAuthKey: '',
-  });
-
-  const [installConfig, setInstallConfig] = useState<InstallConfig>({
-    pythonIndexUrl: '',
-    npmRegistry: '',
-    baseUrl: 'http://localhost:3000',
-  });
-
-  const [smartRoutingConfig, setSmartRoutingConfig] = useState<SmartRoutingConfig>({
-    enabled: false,
-    dbUrl: '',
-    openaiApiBaseUrl: '',
-    openaiApiKey: '',
-    openaiApiEmbeddingModel: '',
-  });
-
-  const [mcpRouterConfig, setMCPRouterConfig] = useState<MCPRouterConfig>({
-    apiKey: '',
-    referer: 'https://www.mcphubx.com',
-    title: 'MCPHub',
-    baseUrl: 'https://api.mcprouter.to/v1',
-  });
-
-  const [oauthServerConfig, setOAuthServerConfig] = useState<OAuthServerConfig>(
-    getDefaultOAuthServerConfig(),
-  );
-
-  const [nameSeparator, setNameSeparator] = useState<string>('-');
-  const [enableSessionRebuild, setEnableSessionRebuild] = useState<boolean>(false);
-
-  const [loading, setLoading] = useState(false);
-  const [error, setError] = useState<string | null>(null);
-  const [refreshKey, setRefreshKey] = useState(0);
-
-  // Trigger a refresh of the settings data
-  const triggerRefresh = useCallback(() => {
-    setRefreshKey((prev) => prev + 1);
-  }, []);
-
-  // Fetch current settings
-  const fetchSettings = useCallback(async () => {
-    setLoading(true);
-    setError(null);
-
-    try {
-      const data: ApiResponse<SystemSettings> = await apiGet('/settings');
-
-      if (data.success && data.data?.systemConfig?.routing) {
-        setRoutingConfig({
-          enableGlobalRoute: data.data.systemConfig.routing.enableGlobalRoute ?? true,
-          enableGroupNameRoute: data.data.systemConfig.routing.enableGroupNameRoute ?? true,
-          enableBearerAuth: data.data.systemConfig.routing.enableBearerAuth ?? false,
-          bearerAuthKey: data.data.systemConfig.routing.bearerAuthKey || '',
-          skipAuth: data.data.systemConfig.routing.skipAuth ?? false,
-        });
-      }
-      if (data.success && data.data?.systemConfig?.install) {
-        setInstallConfig({
-          pythonIndexUrl: data.data.systemConfig.install.pythonIndexUrl || '',
-          npmRegistry: data.data.systemConfig.install.npmRegistry || '',
-          baseUrl: data.data.systemConfig.install.baseUrl || 'http://localhost:3000',
-        });
-      }
-      if (data.success && data.data?.systemConfig?.smartRouting) {
-        setSmartRoutingConfig({
-          enabled: data.data.systemConfig.smartRouting.enabled ?? false,
-          dbUrl: data.data.systemConfig.smartRouting.dbUrl || '',
-          openaiApiBaseUrl: data.data.systemConfig.smartRouting.openaiApiBaseUrl || '',
-          openaiApiKey: data.data.systemConfig.smartRouting.openaiApiKey || '',
-          openaiApiEmbeddingModel:
-            data.data.systemConfig.smartRouting.openaiApiEmbeddingModel || '',
-        });
-      }
-      if (data.success && data.data?.systemConfig?.mcpRouter) {
-        setMCPRouterConfig({
-          apiKey: data.data.systemConfig.mcpRouter.apiKey || '',
-          referer: data.data.systemConfig.mcpRouter.referer || 'https://www.mcphubx.com',
-          title: data.data.systemConfig.mcpRouter.title || 'MCPHub',
-          baseUrl: data.data.systemConfig.mcpRouter.baseUrl || 'https://api.mcprouter.to/v1',
-        });
-      }
-      if (data.success) {
-        if (data.data?.systemConfig?.oauthServer) {
-          const oauth = data.data.systemConfig.oauthServer;
-          const defaultOauthConfig = getDefaultOAuthServerConfig();
-          const defaultDynamic = defaultOauthConfig.dynamicRegistration;
-          const allowedScopes = Array.isArray(oauth.allowedScopes)
-            ? [...oauth.allowedScopes]
-            : [...defaultOauthConfig.allowedScopes];
-          const dynamicAllowedGrantTypes = Array.isArray(
-            oauth.dynamicRegistration?.allowedGrantTypes,
-          )
-            ? [...oauth.dynamicRegistration!.allowedGrantTypes!]
-            : [...defaultDynamic.allowedGrantTypes];
-
-          setOAuthServerConfig({
-            enabled: oauth.enabled ?? defaultOauthConfig.enabled,
-            accessTokenLifetime:
-              oauth.accessTokenLifetime ?? defaultOauthConfig.accessTokenLifetime,
-            refreshTokenLifetime:
-              oauth.refreshTokenLifetime ?? defaultOauthConfig.refreshTokenLifetime,
-            authorizationCodeLifetime:
-              oauth.authorizationCodeLifetime ?? defaultOauthConfig.authorizationCodeLifetime,
-            requireClientSecret:
-              oauth.requireClientSecret ?? defaultOauthConfig.requireClientSecret,
-            requireState: oauth.requireState ?? defaultOauthConfig.requireState,
-            allowedScopes,
-            dynamicRegistration: {
-              enabled: oauth.dynamicRegistration?.enabled ?? defaultDynamic.enabled,
-              allowedGrantTypes: dynamicAllowedGrantTypes,
-              requiresAuthentication:
-                oauth.dynamicRegistration?.requiresAuthentication ??
-                defaultDynamic.requiresAuthentication,
-            },
-          });
-        } else {
-          setOAuthServerConfig(getDefaultOAuthServerConfig());
-        }
-      }
-      if (data.success && data.data?.systemConfig?.nameSeparator !== undefined) {
-        setNameSeparator(data.data.systemConfig.nameSeparator);
-      }
-      if (data.success && data.data?.systemConfig?.enableSessionRebuild !== undefined) {
-        setEnableSessionRebuild(data.data.systemConfig.enableSessionRebuild);
-      }
-    } catch (error) {
-      console.error('Failed to fetch settings:', error);
-      setError(error instanceof Error ? error.message : 'Failed to fetch settings');
-      // 使用一个稳定的 showToast 引用，避免将其加入依赖数组
-      showToast(t('errors.failedToFetchSettings'));
-    } finally {
-      setLoading(false);
-    }
-  }, [t]); // 移除 showToast 依赖
-
-  // Update routing configuration
-  const updateRoutingConfig = async (key: keyof RoutingConfig, value: any) => {
-    setLoading(true);
-    setError(null);
-
-    try {
-      const data = await apiPut('/system-config', {
-        routing: {
-          [key]: value,
-        },
-      });
-
-      if (data.success) {
-        setRoutingConfig({
-          ...routingConfig,
-          [key]: value,
-        });
-        showToast(t('settings.systemConfigUpdated'));
-        return true;
-      } else {
-        showToast(data.message || t('errors.failedToUpdateRouteConfig'));
-        return false;
-      }
-    } catch (error) {
-      console.error('Failed to update routing config:', error);
-      setError(error instanceof Error ? error.message : 'Failed to update routing config');
-      showToast(t('errors.failedToUpdateRouteConfig'));
-      return false;
-    } finally {
-      setLoading(false);
-    }
-  };
-
-  // Update install configuration
-  const updateInstallConfig = async (key: keyof InstallConfig, value: string) => {
-    setLoading(true);
-    setError(null);
-
-    try {
-      const data = await apiPut('/system-config', {
-        install: {
-          [key]: value,
-        },
-      });
-
-      if (data.success) {
-        setInstallConfig({
-          ...installConfig,
-          [key]: value,
-        });
-        showToast(t('settings.systemConfigUpdated'));
-        return true;
-      } else {
-        showToast(data.message || t('errors.failedToUpdateSystemConfig'));
-        return false;
-      }
-    } catch (error) {
-      console.error('Failed to update system config:', error);
-      setError(error instanceof Error ? error.message : 'Failed to update system config');
-      showToast(t('errors.failedToUpdateSystemConfig'));
-      return false;
-    } finally {
-      setLoading(false);
-    }
-  };
-
-  // Update smart routing configuration
-  const updateSmartRoutingConfig = async <T extends keyof SmartRoutingConfig>(
-    key: T,
-    value: SmartRoutingConfig[T],
-  ) => {
-    setLoading(true);
-    setError(null);
-
-    try {
-      const data = await apiPut('/system-config', {
-        smartRouting: {
-          [key]: value,
-        },
-      });
-
-      if (data.success) {
-        setSmartRoutingConfig({
-          ...smartRoutingConfig,
-          [key]: value,
-        });
-        showToast(t('settings.systemConfigUpdated'));
-        return true;
-      } else {
-        showToast(data.message || t('errors.failedToUpdateSmartRoutingConfig'));
-        return false;
-      }
-    } catch (error) {
-      console.error('Failed to update smart routing config:', error);
-      const errorMessage =
-        error instanceof Error ? error.message : 'Failed to update smart routing config';
-      setError(errorMessage);
-      showToast(errorMessage);
-      return false;
-    } finally {
-      setLoading(false);
-    }
-  };
-
-  // Update multiple smart routing configuration fields at once
-  const updateSmartRoutingConfigBatch = async (updates: Partial<SmartRoutingConfig>) => {
-    setLoading(true);
-    setError(null);
-
-    try {
-      const data = await apiPut('/system-config', {
-        smartRouting: updates,
-      });
-
-      if (data.success) {
-        setSmartRoutingConfig({
-          ...smartRoutingConfig,
-          ...updates,
-        });
-        showToast(t('settings.systemConfigUpdated'));
-        return true;
-      } else {
-        showToast(data.message || t('errors.failedToUpdateSmartRoutingConfig'));
-        return false;
-      }
-    } catch (error) {
-      console.error('Failed to update smart routing config:', error);
-      const errorMessage =
-        error instanceof Error ? error.message : 'Failed to update smart routing config';
-      setError(errorMessage);
-      showToast(errorMessage);
-      return false;
-    } finally {
-      setLoading(false);
-    }
-  };
-
-  // Update multiple routing configuration fields at once
-  const updateRoutingConfigBatch = async (updates: Partial<RoutingConfig>) => {
-    setLoading(true);
-    setError(null);
-
-    try {
-      const data = await apiPut('/system-config', {
-        routing: updates,
-      });
-
-      if (data.success) {
-        setRoutingConfig({
-          ...routingConfig,
-          ...updates,
-        });
-        showToast(t('settings.systemConfigUpdated'));
-        return true;
-      } else {
-        showToast(data.message || t('errors.failedToUpdateRouteConfig'));
-        return false;
-      }
-    } catch (error) {
-      console.error('Failed to update routing config:', error);
-      setError(error instanceof Error ? error.message : 'Failed to update routing config');
-      showToast(t('errors.failedToUpdateRouteConfig'));
-      return false;
-    } finally {
-      setLoading(false);
-    }
-  };
-
-  // Update MCPRouter configuration
-  const updateMCPRouterConfig = async <T extends keyof MCPRouterConfig>(
-    key: T,
-    value: MCPRouterConfig[T],
-  ) => {
-    setLoading(true);
-    setError(null);
-
-    try {
-      const data = await apiPut('/system-config', {
-        mcpRouter: {
-          [key]: value,
-        },
-      });
-
-      if (data.success) {
-        setMCPRouterConfig({
-          ...mcpRouterConfig,
-          [key]: value,
-        });
-        showToast(t('settings.systemConfigUpdated'));
-        return true;
-      } else {
-        showToast(data.message || t('errors.failedToUpdateSystemConfig'));
-        return false;
-      }
-    } catch (error) {
-      console.error('Failed to update MCPRouter config:', error);
-      const errorMessage =
-        error instanceof Error ? error.message : 'Failed to update MCPRouter config';
-      setError(errorMessage);
-      showToast(errorMessage);
-      return false;
-    } finally {
-      setLoading(false);
-    }
-  };
-
-  // Update multiple MCPRouter configuration fields at once
-  const updateMCPRouterConfigBatch = async (updates: Partial<MCPRouterConfig>) => {
-    setLoading(true);
-    setError(null);
-
-    try {
-      const data = await apiPut('/system-config', {
-        mcpRouter: updates,
-      });
-
-      if (data.success) {
-        setMCPRouterConfig({
-          ...mcpRouterConfig,
-          ...updates,
-        });
-        showToast(t('settings.systemConfigUpdated'));
-        return true;
-      } else {
-        showToast(data.message || t('errors.failedToUpdateSystemConfig'));
-        return false;
-      }
-    } catch (error) {
-      console.error('Failed to update MCPRouter config:', error);
-      const errorMessage =
-        error instanceof Error ? error.message : 'Failed to update MCPRouter config';
-      setError(errorMessage);
-      showToast(errorMessage);
-      return false;
-    } finally {
-      setLoading(false);
-    }
-  };
-
-  // Update OAuth server configuration
-  const updateOAuthServerConfig = async <T extends keyof OAuthServerConfig>(
-    key: T,
-    value: OAuthServerConfig[T],
-  ) => {
-    setLoading(true);
-    setError(null);
-
-    try {
-      const data = await apiPut('/system-config', {
-        oauthServer: {
-          [key]: value,
-        },
-      });
-
-      if (data.success) {
-        setOAuthServerConfig((prev) => ({
-          ...prev,
-          [key]: value,
-        }));
-        showToast(t('settings.systemConfigUpdated'));
-        return true;
-      } else {
-        showToast(data.message || t('errors.failedToUpdateSystemConfig'));
-        return false;
-      }
-    } catch (error) {
-      console.error('Failed to update OAuth server config:', error);
-      const errorMessage =
-        error instanceof Error ? error.message : 'Failed to update OAuth server config';
-      setError(errorMessage);
-      showToast(errorMessage);
-      return false;
-    } finally {
-      setLoading(false);
-    }
-  };
-
-  // Update multiple OAuth server config fields
-  const updateOAuthServerConfigBatch = async (updates: Partial<OAuthServerConfig>) => {
-    setLoading(true);
-    setError(null);
-
-    try {
-      const data = await apiPut('/system-config', {
-        oauthServer: updates,
-      });
-
-      if (data.success) {
-        setOAuthServerConfig((prev) => ({
-          ...prev,
-          ...updates,
-        }));
-        showToast(t('settings.systemConfigUpdated'));
-        return true;
-      } else {
-        showToast(data.message || t('errors.failedToUpdateSystemConfig'));
-        return false;
-      }
-    } catch (error) {
-      console.error('Failed to update OAuth server config:', error);
-      const errorMessage =
-        error instanceof Error ? error.message : 'Failed to update OAuth server config';
-      setError(errorMessage);
-      showToast(errorMessage);
-      return false;
-    } finally {
-      setLoading(false);
-    }
-  };
-
-  // Update name separator
-  const updateNameSeparator = async (value: string) => {
-    setLoading(true);
-    setError(null);
-
-    try {
-      const data = await apiPut('/system-config', {
-        nameSeparator: value,
-      });
-
-      if (data.success) {
-        setNameSeparator(value);
-        showToast(t('settings.restartRequired'), 'info');
-        return true;
-      } else {
-        showToast(data.message || t('errors.failedToUpdateSystemConfig'));
-        return false;
-      }
-    } catch (error) {
-      console.error('Failed to update name separator:', error);
-      const errorMessage =
-        error instanceof Error ? error.message : 'Failed to update name separator';
-      setError(errorMessage);
-      showToast(errorMessage);
-      return false;
-    } finally {
-      setLoading(false);
-    }
-  };
-
-  // Update session rebuild setting
-  const updateSessionRebuild = async (value: boolean) => {
-    setLoading(true);
-    setError(null);
-
-    try {
-      const data = await apiPut('/system-config', {
-        enableSessionRebuild: value,
-      });
-
-      if (data.success) {
-        setEnableSessionRebuild(value);
-        showToast(t('settings.restartRequired'), 'info');
-        return true;
-      } else {
-        showToast(data.message || t('errors.failedToUpdateSystemConfig'));
-        return false;
-      }
-    } catch (error) {
-      console.error('Failed to update session rebuild setting:', error);
-      const errorMessage =
-        error instanceof Error ? error.message : 'Failed to update session rebuild setting';
-      setError(errorMessage);
-      showToast(errorMessage);
-      return false;
-    } finally {
-      setLoading(false);
-    }
-  };
-
-  const exportMCPSettings = async (serverName?: string) => {
-    setLoading(true);
-    setError(null);
-    try {
-      return await apiGet(`/mcp-settings/export?serverName=${serverName ? serverName : ''}`);
-    } catch (error) {
-      console.error('Failed to export MCP settings:', error);
-      const errorMessage = error instanceof Error ? error.message : 'Failed to export MCP settings';
-      setError(errorMessage);
-      showToast(errorMessage);
-    } finally {
-      setLoading(false);
-    }
-  };
-
-  // Fetch settings when the component mounts or refreshKey changes
-  useEffect(() => {
-    fetchSettings();
-  }, [fetchSettings, refreshKey]);
-
-  useEffect(() => {
-    if (routingConfig) {
-      setTempRoutingConfig({
-        bearerAuthKey: routingConfig.bearerAuthKey,
-      });
-    }
-  }, [routingConfig]);
-
-  return {
-    routingConfig,
-    tempRoutingConfig,
-    setTempRoutingConfig,
-    installConfig,
-    smartRoutingConfig,
-    mcpRouterConfig,
-    oauthServerConfig,
-    nameSeparator,
-    enableSessionRebuild,
-    loading,
-    error,
-    setError,
-    triggerRefresh,
-    fetchSettings,
-    updateRoutingConfig,
-    updateInstallConfig,
-    updateSmartRoutingConfig,
-    updateSmartRoutingConfigBatch,
-    updateRoutingConfigBatch,
-    updateMCPRouterConfig,
-    updateMCPRouterConfigBatch,
-    updateOAuthServerConfig,
-    updateOAuthServerConfigBatch,
-    updateNameSeparator,
-    updateSessionRebuild,
-    exportMCPSettings,
-  };
 };

frontend/src/pages/ServersPage.tsx

@@ -21,6 +21,7 @@ const ServersPage: React.FC = () => {
     handleServerEdit,
     handleServerRemove,
     handleServerToggle,
+    handleServerReload,
     triggerRefresh
   } = useServerData({ refreshOnMount: true });
   const [editingServer, setEditingServer] = useState<Server | null>(null);
@@ -159,6 +160,7 @@ const ServersPage: React.FC = () => {
               onEdit={handleEditClick}
               onToggle={handleServerToggle}
               onRefresh={triggerRefresh}
+              onReload={handleServerReload}
             />
           ))}
         </div>

frontend/src/services/promptService.ts

@@ -126,10 +126,14 @@ export const updatePromptDescription = async (
 ): Promise<{ success: boolean; error?: string }> => {
   try {
     // URL-encode server and prompt names to handle slashes (e.g., "com.atlassian/atlassian-mcp-server")
-    // Auth header is automatically added by the interceptor
     const response = await apiPut<any>(
       `/servers/${encodeURIComponent(serverName)}/prompts/${encodeURIComponent(promptName)}/description`,
       { description },
+      {
+        headers: {
+          Authorization: `Bearer ${localStorage.getItem('mcphub_token')}`,
+        },
+      },
     );
 
     return {

frontend/src/services/toolService.ts

@@ -30,8 +30,11 @@ export const callTool = async (
       ? `/tools/${encodeURIComponent(server)}/${encodeURIComponent(request.toolName)}`
       : '/tools/call';
 
-    // Auth header is automatically added by the interceptor
+    const response = await apiPost<any>(url, request.arguments, {
-    const response = await apiPost<any>(url, request.arguments);
+      headers: {
+        Authorization: `Bearer ${localStorage.getItem('mcphub_token')}`, // Add bearer auth for MCP routing
+      },
+    });
 
     if (response.success === false) {
       return {
@@ -63,10 +66,14 @@ export const toggleTool = async (
 ): Promise<{ success: boolean; error?: string }> => {
   try {
     // URL-encode server and tool names to handle slashes (e.g., "com.atlassian/atlassian-mcp-server")
-    // Auth header is automatically added by the interceptor
     const response = await apiPost<any>(
       `/servers/${encodeURIComponent(serverName)}/tools/${encodeURIComponent(toolName)}/toggle`,
       { enabled },
+      {
+        headers: {
+          Authorization: `Bearer ${localStorage.getItem('mcphub_token')}`,
+        },
+      },
     );
 
     return {
@@ -92,10 +99,14 @@ export const updateToolDescription = async (
 ): Promise<{ success: boolean; error?: string }> => {
   try {
     // URL-encode server and tool names to handle slashes (e.g., "com.atlassian/atlassian-mcp-server")
-    // Auth header is automatically added by the interceptor
     const response = await apiPut<any>(
       `/servers/${encodeURIComponent(serverName)}/tools/${encodeURIComponent(toolName)}/description`,
       { description },
+      {
+        headers: {
+          Authorization: `Bearer ${localStorage.getItem('mcphub_token')}`,
+        },
+      },
     );
 
     return {

locales/en.json

@@ -116,6 +116,9 @@
     "enabled": "Enabled",
     "enable": "Enable",
     "disable": "Disable",
+    "reload": "Reload",
+    "reloadSuccess": "Server reloaded successfully",
+    "reloadError": "Failed to reload server {{serverName}}",
     "requestOptions": "Connection Configuration",
     "timeout": "Request Timeout",
     "timeoutDescription": "Timeout for requests to the MCP server (ms)",
@@ -536,7 +539,9 @@
     "description": "Description",
     "messages": "Messages",
     "noDescription": "No description available",
-    "runPromptWithName": "Get Prompt: {{name}}"
+    "runPromptWithName": "Get Prompt: {{name}}",
+    "descriptionUpdateSuccess": "Prompt description updated successfully",
+    "descriptionUpdateFailed": "Failed to update prompt description"
   },
   "settings": {
     "enableGlobalRoute": "Enable Global Route",
@@ -723,6 +728,7 @@
       "failedToRemoveServer": "Server not found or failed to remove",
       "internalServerError": "Internal server error",
       "failedToGetServers": "Failed to get servers information",
+      "failedToReloadServer": "Failed to reload server",
       "failedToGetServerSettings": "Failed to get server settings",
       "failedToGetServerConfig": "Failed to get server configuration",
       "failedToSaveSettings": "Failed to save settings",

locales/fr.json

@@ -116,6 +116,9 @@
     "enabled": "Activé",
     "enable": "Activer",
     "disable": "Désactiver",
+    "reload": "Recharger",
+    "reloadSuccess": "Serveur rechargé avec succès",
+    "reloadError": "Échec du rechargement du serveur {{serverName}}",
     "requestOptions": "Configuration de la connexion",
     "timeout": "Délai d'attente de la requête",
     "timeoutDescription": "Délai d'attente pour les requêtes vers le serveur MCP (ms)",
@@ -208,6 +211,7 @@
     "serverAdd": "Échec de l'ajout du serveur. Veuillez vérifier l'état du serveur",
     "serverUpdate": "Échec de la modification du serveur {{serverName}}. Veuillez vérifier l'état du serveur",
     "serverFetch": "Échec de la récupération des données du serveur. Veuillez réessayer plus tard",
+    "failedToReloadServer": "Échec du rechargement du serveur",
     "initialStartup": "Le serveur est peut-être en cours de démarrage. Veuillez patienter un instant car ce processus peut prendre du temps au premier lancement...",
     "serverInstall": "Échec de l'installation du serveur",
     "failedToFetchSettings": "Échec de la récupération des paramètres",
@@ -536,7 +540,9 @@
     "description": "Description",
     "messages": "Messages",
     "noDescription": "Aucune description disponible",
-    "runPromptWithName": "Obtenir l'invite : {{name}}"
+    "runPromptWithName": "Obtenir l'invite : {{name}}",
+    "descriptionUpdateSuccess": "Description de l'invite mise à jour avec succès",
+    "descriptionUpdateFailed": "Échec de la mise à jour de la description de l'invite"
   },
   "settings": {
     "enableGlobalRoute": "Activer la route globale",

locales/tr.json

@@ -116,6 +116,9 @@
     "enabled": "Etkin",
     "enable": "Etkinleştir",
     "disable": "Devre Dışı Bırak",
+    "reload": "Yeniden Yükle",
+    "reloadSuccess": "Sunucu başarıyla yeniden yüklendi",
+    "reloadError": "Sunucu {{serverName}} yeniden yüklenemedi",
     "requestOptions": "Bağlantı Yapılandırması",
     "timeout": "İstek Zaman Aşımı",
     "timeoutDescription": "MCP sunucusuna yapılan istekler için zaman aşımı (ms)",
@@ -208,6 +211,7 @@
     "serverAdd": "Sunucu eklenemedi. Lütfen sunucu durumunu kontrol edin",
     "serverUpdate": "{{serverName}} sunucusu düzenlenemedi. Lütfen sunucu durumunu kontrol edin",
     "serverFetch": "Sunucu verileri alınamadı. Lütfen daha sonra tekrar deneyin",
+    "failedToReloadServer": "Sunucu yeniden yüklenemedi",
     "initialStartup": "Sunucu başlatılıyor olabilir. İlk başlatmada bu işlem biraz zaman alabileceğinden lütfen bekleyin...",
     "serverInstall": "Sunucu yüklenemedi",
     "failedToFetchSettings": "Ayarlar getirilemedi",
@@ -536,7 +540,9 @@
     "description": "Açıklama",
     "messages": "Mesajlar",
     "noDescription": "Kullanılabilir açıklama yok",
-    "runPromptWithName": "İsteği Getir: {{name}}"
+    "runPromptWithName": "İsteği Getir: {{name}}",
+    "descriptionUpdateSuccess": "İstek açıklaması başarıyla güncellendi",
+    "descriptionUpdateFailed": "İstek açıklaması güncellenemedi"
   },
   "settings": {
     "enableGlobalRoute": "Global Yönlendirmeyi Etkinleştir",

locales/zh.json

@@ -116,6 +116,9 @@
     "enabled": "已启用",
     "enable": "启用",
     "disable": "禁用",
+    "reload": "重载",
+    "reloadSuccess": "服务器重载成功",
+    "reloadError": "重载服务器 {{serverName}} 失败",
     "requestOptions": "连接配置",
     "timeout": "请求超时",
     "timeoutDescription": "请求超时时间（毫秒）",
@@ -208,6 +211,7 @@
     "serverAdd": "添加服务器失败，请检查服务器状态",
     "serverUpdate": "编辑服务器 {{serverName}} 失败，请检查服务器状态",
     "serverFetch": "获取服务器数据失败，请稍后重试",
+    "failedToReloadServer": "重载服务器失败",
     "initialStartup": "服务器可能正在启动中。首次启动可能需要一些时间，请耐心等候...",
     "serverInstall": "安装服务器失败",
     "failedToFetchSettings": "获取设置失败",
@@ -537,7 +541,9 @@
     "description": "描述",
     "messages": "消息",
     "noDescription": "无描述信息",
-    "runPromptWithName": "获取提示词: {{name}}"
+    "runPromptWithName": "获取提示词: {{name}}",
+    "descriptionUpdateSuccess": "提示词描述更新成功",
+    "descriptionUpdateFailed": "更新提示词描述失败"
   },
   "settings": {
     "enableGlobalRoute": "启用全局路由",

mcp_settings.json

@@ -8,12 +8,6 @@
       ],
       "env": {
         "AMAP_MAPS_API_KEY": "your-api-key"
-      },
-      "tools": {
-        "amap-maps_regeocode": {
-          "enabled": true,
-          "description": "Updated via UI test"
-        }
       }
     },
     "playwright": {

package.json

@@ -60,7 +60,7 @@
     "dotenv": "^16.6.1",
     "dotenv-expand": "^12.0.2",
     "express": "^4.21.2",
-    "express-validator": "^7.2.1",
+    "express-validator": "^7.3.1",
     "i18next": "^25.5.0",
     "i18next-fs-backend": "^2.6.0",
     "jsonwebtoken": "^9.0.2",
@@ -110,8 +110,8 @@
     "next": "^15.5.0",
     "postcss": "^8.5.6",
     "prettier": "^3.6.2",
-    "react": "19.1.1",
+    "react": "19.2.0",
-    "react-dom": "19.1.1",
+    "react-dom": "19.2.0",
     "react-i18next": "^15.7.2",
     "react-router-dom": "^7.8.2",
     "supertest": "^7.1.4",
@@ -132,7 +132,9 @@
   "pnpm": {
     "overrides": {
       "brace-expansion@1.1.11": "1.1.12",
-      "brace-expansion@2.0.1": "2.0.2"
+      "brace-expansion@2.0.1": "2.0.2",
+      "glob@10.4.5": "10.5.0",
+      "jws@3.2.2": "4.0.1"
     }
   }
 }

src/controllers/configController.ts

@@ -4,6 +4,7 @@ import { loadSettings, loadOriginalSettings } from '../config/index.js';
 import { getDataService } from '../services/services.js';
 import { DataService } from '../services/dataService.js';
 import { IUser } from '../types/index.js';
+import { getServerDao } from '../dao/DaoFactory.js';
 
 const dataService: DataService = getDataService();
 
@@ -73,17 +74,39 @@ export const getPublicConfig = (req: Request, res: Response): void => {
   }
 };
 
+/**
+ * Recursively remove null values from an object
+ */
+const removeNullValues = <T>(obj: T): T => {
+  if (obj === null || obj === undefined) {
+    return obj;
+  }
+  if (Array.isArray(obj)) {
+    return obj.map((item) => removeNullValues(item)) as T;
+  }
+  if (typeof obj === 'object') {
+    const result: Record<string, unknown> = {};
+    for (const [key, value] of Object.entries(obj)) {
+      if (value !== null) {
+        result[key] = removeNullValues(value);
+      }
+    }
+    return result as T;
+  }
+  return obj;
+};
+
 /**
  * Get MCP settings in JSON format for export/copy
  * Supports both full settings and individual server configuration
  */
-export const getMcpSettingsJson = (req: Request, res: Response): void => {
+export const getMcpSettingsJson = async (req: Request, res: Response): Promise<void> => {
   try {
     const { serverName } = req.query;
-    const settings = loadOriginalSettings();
     if (serverName && typeof serverName === 'string') {
-      // Return individual server configuration
+      // Return individual server configuration using DAO
-      const serverConfig = settings.mcpServers[serverName];
+      const serverDao = getServerDao();
+      const serverConfig = await serverDao.findById(serverName);
       if (!serverConfig) {
         res.status(404).json({
           success: false,
@@ -92,16 +115,21 @@ export const getMcpSettingsJson = (req: Request, res: Response): void => {
         return;
       }
 
+      // Remove the 'name' field from config as it's used as the key
+      const { name, ...configWithoutName } = serverConfig;
+      // Remove null values from the config
+      const cleanedConfig = removeNullValues(configWithoutName);
       res.json({
         success: true,
         data: {
           mcpServers: {
-            [serverName]: serverConfig,
+            [name]: cleanedConfig,
           },
         },
       });
     } else {
       // Return full settings
+      const settings = loadOriginalSettings();
       res.json({
         success: true,
         data: settings,

src/controllers/oauthClientController.ts

@@ -14,9 +14,9 @@ import { IOAuthClient } from '../types/index.js';
  * GET /api/oauth/clients
  * Get all OAuth clients
  */
-export const getAllClients = (req: Request, res: Response): void => {
+export const getAllClients = async (req: Request, res: Response): Promise<void> => {
   try {
-    const clients = getOAuthClients();
+    const clients = await getOAuthClients();
 
     // Don't expose client secrets in the list
     const sanitizedClients = clients.map((client) => ({
@@ -45,10 +45,10 @@ export const getAllClients = (req: Request, res: Response): void => {
  * GET /api/oauth/clients/:clientId
  * Get a specific OAuth client
  */
-export const getClient = (req: Request, res: Response): void => {
+export const getClient = async (req: Request, res: Response): Promise<void> => {
   try {
     const { clientId } = req.params;
-    const client = findOAuthClientById(clientId);
+    const client = await findOAuthClientById(clientId);
 
     if (!client) {
       res.status(404).json({
@@ -85,7 +85,7 @@ export const getClient = (req: Request, res: Response): void => {
  * POST /api/oauth/clients
  * Create a new OAuth client
  */
-export const createClient = (req: Request, res: Response): void => {
+export const createClient = async (req: Request, res: Response): Promise<void> => {
   try {
     // Validate request
     const errors = validationResult(req);
@@ -105,7 +105,8 @@ export const createClient = (req: Request, res: Response): void => {
     const clientId = crypto.randomBytes(16).toString('hex');
 
     // Generate client secret if required
-    const clientSecret = requireSecret !== false ? crypto.randomBytes(32).toString('hex') : undefined;
+    const clientSecret =
+      requireSecret !== false ? crypto.randomBytes(32).toString('hex') : undefined;
 
     // Create client
     const client: IOAuthClient = {
@@ -118,7 +119,7 @@ export const createClient = (req: Request, res: Response): void => {
       owner: user?.username || 'admin',
     };
 
-    const createdClient = createOAuthClient(client);
+    const createdClient = await createOAuthClient(client);
 
     // Return client with secret (only shown once)
     res.status(201).json({
@@ -158,18 +159,19 @@ export const createClient = (req: Request, res: Response): void => {
  * PUT /api/oauth/clients/:clientId
  * Update an OAuth client
  */
-export const updateClient = (req: Request, res: Response): void => {
+export const updateClient = async (req: Request, res: Response): Promise<void> => {
   try {
     const { clientId } = req.params;
     const { name, redirectUris, grants, scopes } = req.body;
 
     const updates: Partial<IOAuthClient> = {};
     if (name) updates.name = name;
-    if (redirectUris) updates.redirectUris = Array.isArray(redirectUris) ? redirectUris : [redirectUris];
+    if (redirectUris)
+      updates.redirectUris = Array.isArray(redirectUris) ? redirectUris : [redirectUris];
     if (grants) updates.grants = grants;
     if (scopes) updates.scopes = scopes;
 
-    const updatedClient = updateOAuthClient(clientId, updates);
+    const updatedClient = await updateOAuthClient(clientId, updates);
 
     if (!updatedClient) {
       res.status(404).json({
@@ -205,10 +207,10 @@ export const updateClient = (req: Request, res: Response): void => {
  * DELETE /api/oauth/clients/:clientId
  * Delete an OAuth client
  */
-export const deleteClient = (req: Request, res: Response): void => {
+export const deleteClient = async (req: Request, res: Response): Promise<void> => {
   try {
     const { clientId } = req.params;
-    const deleted = deleteOAuthClient(clientId);
+    const deleted = await deleteOAuthClient(clientId);
 
     if (!deleted) {
       res.status(404).json({
@@ -235,10 +237,10 @@ export const deleteClient = (req: Request, res: Response): void => {
  * POST /api/oauth/clients/:clientId/regenerate-secret
  * Regenerate client secret
  */
-export const regenerateSecret = (req: Request, res: Response): void => {
+export const regenerateSecret = async (req: Request, res: Response): Promise<void> => {
   try {
     const { clientId } = req.params;
-    const client = findOAuthClientById(clientId);
+    const client = await findOAuthClientById(clientId);
 
     if (!client) {
       res.status(404).json({
@@ -250,7 +252,7 @@ export const regenerateSecret = (req: Request, res: Response): void => {
 
     // Generate new secret
     const newSecret = crypto.randomBytes(32).toString('hex');
-    const updatedClient = updateOAuthClient(clientId, { clientSecret: newSecret });
+    const updatedClient = await updateOAuthClient(clientId, { clientSecret: newSecret });
 
     if (!updatedClient) {
       res.status(500).json({

src/controllers/oauthDynamicRegistrationController.ts

@@ -48,7 +48,7 @@ const verifyRegistrationToken = (token: string): string | null => {
  * RFC 7591 Dynamic Client Registration
  * Public endpoint for registering new OAuth clients
  */
-export const registerClient = (req: Request, res: Response): void => {
+export const registerClient = async (req: Request, res: Response): Promise<void> => {
   try {
     const settings = loadSettings();
     const oauthConfig = settings.systemConfig?.oauthServer;
@@ -183,7 +183,7 @@ export const registerClient = (req: Request, res: Response): void => {
       },
     };
 
-    const createdClient = createOAuthClient(client);
+    const createdClient = await createOAuthClient(client);
 
     // Build response according to RFC 7591
     const response: any = {
@@ -238,7 +238,7 @@ export const registerClient = (req: Request, res: Response): void => {
  * RFC 7591 Client Configuration Endpoint
  * Read client configuration
  */
-export const getClientConfiguration = (req: Request, res: Response): void => {
+export const getClientConfiguration = async (req: Request, res: Response): Promise<void> => {
   try {
     const { clientId } = req.params;
     const authHeader = req.headers.authorization;
@@ -262,7 +262,7 @@ export const getClientConfiguration = (req: Request, res: Response): void => {
       return;
     }
 
-    const client = findOAuthClientById(clientId);
+    const client = await findOAuthClientById(clientId);
     if (!client) {
       res.status(404).json({
         error: 'invalid_client',
@@ -311,7 +311,7 @@ export const getClientConfiguration = (req: Request, res: Response): void => {
  * RFC 7591 Client Update Endpoint
  * Update client configuration
  */
-export const updateClientConfiguration = (req: Request, res: Response): void => {
+export const updateClientConfiguration = async (req: Request, res: Response): Promise<void> => {
   try {
     const { clientId } = req.params;
     const authHeader = req.headers.authorization;
@@ -335,7 +335,7 @@ export const updateClientConfiguration = (req: Request, res: Response): void =>
       return;
     }
 
-    const client = findOAuthClientById(clientId);
+    const client = await findOAuthClientById(clientId);
     if (!client) {
       res.status(404).json({
         error: 'invalid_client',
@@ -443,7 +443,7 @@ export const updateClientConfiguration = (req: Request, res: Response): void =>
       };
     }
 
-    const updatedClient = updateOAuthClient(clientId, updates);
+    const updatedClient = await updateOAuthClient(clientId, updates);
 
     if (!updatedClient) {
       res.status(500).json({
@@ -495,7 +495,7 @@ export const updateClientConfiguration = (req: Request, res: Response): void =>
  * RFC 7591 Client Delete Endpoint
  * Delete client registration
  */
-export const deleteClientRegistration = (req: Request, res: Response): void => {
+export const deleteClientRegistration = async (req: Request, res: Response): Promise<void> => {
   try {
     const { clientId } = req.params;
     const authHeader = req.headers.authorization;
@@ -519,7 +519,7 @@ export const deleteClientRegistration = (req: Request, res: Response): void => {
       return;
     }
 
-    const deleted = deleteOAuthClient(clientId);
+    const deleted = await deleteOAuthClient(clientId);
 
     if (!deleted) {
       res.status(404).json({

src/controllers/oauthServerController.ts

@@ -212,7 +212,7 @@ export const getAuthorize = async (req: Request, res: Response): Promise<void> =
     }
 
     // Verify client
-    const client = findOAuthClientById(client_id as string);
+    const client = await findOAuthClientById(client_id as string);
     if (!client) {
       res.status(400).json({ error: 'invalid_client', error_description: 'Client not found' });
       return;

src/controllers/serverController.ts

@@ -8,8 +8,9 @@ import {
   notifyToolChanged,
   syncToolEmbedding,
   toggleServerStatus,
+  reconnectServer,
 } from '../services/mcpService.js';
-import { loadSettings, saveSettings } from '../config/index.js';
+import { loadSettings } from '../config/index.js';
 import { syncAllServerToolsEmbeddings } from '../services/vectorSearchService.js';
 import { createSafeJSON } from '../utils/serialization.js';
 import { cloneDefaultOAuthServerConfig } from '../constants/oauthServerDefaults.js';
@@ -415,6 +416,32 @@ export const toggleServer = async (req: Request, res: Response): Promise<void> =
   }
 };
 
+export const reloadServer = async (req: Request, res: Response): Promise<void> => {
+  try {
+    const { name } = req.params;
+    if (!name) {
+      res.status(400).json({
+        success: false,
+        message: 'Server name is required',
+      });
+      return;
+    }
+
+    await reconnectServer(name);
+
+    res.json({
+      success: true,
+      message: `Server ${name} reloaded successfully`,
+    });
+  } catch (error) {
+    console.error('Failed to reload server:', error);
+    res.status(500).json({
+      success: false,
+      message: 'Failed to reload server',
+    });
+  }
+};
+
 // Toggle tool status for a specific server
 export const toggleTool = async (req: Request, res: Response): Promise<void> => {
   try {
@@ -439,8 +466,10 @@ export const toggleTool = async (req: Request, res: Response): Promise<void> =>
       return;
     }
 
-    const settings = loadSettings();
+    const serverDao = getServerDao();
-    if (!settings.mcpServers[serverName]) {
+    const server = await serverDao.findById(serverName);
+
+    if (!server) {
       res.status(404).json({
         success: false,
         message: 'Server not found',
@@ -449,14 +478,15 @@ export const toggleTool = async (req: Request, res: Response): Promise<void> =>
     }
 
     // Initialize tools config if it doesn't exist
-    if (!settings.mcpServers[serverName].tools) {
+    const tools = server.tools || {};
-      settings.mcpServers[serverName].tools = {};
-    }
 
-    // Set the tool's enabled state
+    // Set the tool's enabled state (preserve existing description if any)
-    settings.mcpServers[serverName].tools![toolName] = { enabled };
+    tools[toolName] = { ...tools[toolName], enabled };
 
-    if (!saveSettings(settings)) {
+    // Update via DAO (supports both file and database modes)
+    const result = await serverDao.updateTools(serverName, tools);
+
+    if (!result) {
       res.status(500).json({
         success: false,
         message: 'Failed to save settings',
@@ -503,8 +533,10 @@ export const updateToolDescription = async (req: Request, res: Response): Promis
       return;
     }
 
-    const settings = loadSettings();
+    const serverDao = getServerDao();
-    if (!settings.mcpServers[serverName]) {
+    const server = await serverDao.findById(serverName);
+
+    if (!server) {
       res.status(404).json({
         success: false,
         message: 'Server not found',
@@ -513,18 +545,18 @@ export const updateToolDescription = async (req: Request, res: Response): Promis
     }
 
     // Initialize tools config if it doesn't exist
-    if (!settings.mcpServers[serverName].tools) {
+    const tools = server.tools || {};
-      settings.mcpServers[serverName].tools = {};
-    }
 
     // Set the tool's description
-    if (!settings.mcpServers[serverName].tools![toolName]) {
+    if (!tools[toolName]) {
-      settings.mcpServers[serverName].tools![toolName] = { enabled: true };
+      tools[toolName] = { enabled: true };
     }
+    tools[toolName].description = description;
 
-    settings.mcpServers[serverName].tools![toolName].description = description;
+    // Update via DAO (supports both file and database modes)
+    const result = await serverDao.updateTools(serverName, tools);
 
-    if (!saveSettings(settings)) {
+    if (!result) {
       res.status(500).json({
         success: false,
         message: 'Failed to save settings',
@@ -939,8 +971,10 @@ export const togglePrompt = async (req: Request, res: Response): Promise<void> =
       return;
     }
 
-    const settings = loadSettings();
+    const serverDao = getServerDao();
-    if (!settings.mcpServers[serverName]) {
+    const server = await serverDao.findById(serverName);
+
+    if (!server) {
       res.status(404).json({
         success: false,
         message: 'Server not found',
@@ -949,14 +983,15 @@ export const togglePrompt = async (req: Request, res: Response): Promise<void> =
     }
 
     // Initialize prompts config if it doesn't exist
-    if (!settings.mcpServers[serverName].prompts) {
+    const prompts = server.prompts || {};
-      settings.mcpServers[serverName].prompts = {};
-    }
 
-    // Set the prompt's enabled state
+    // Set the prompt's enabled state (preserve existing description if any)
-    settings.mcpServers[serverName].prompts![promptName] = { enabled };
+    prompts[promptName] = { ...prompts[promptName], enabled };
 
-    if (!saveSettings(settings)) {
+    // Update via DAO (supports both file and database modes)
+    const result = await serverDao.updatePrompts(serverName, prompts);
+
+    if (!result) {
       res.status(500).json({
         success: false,
         message: 'Failed to save settings',
@@ -1003,8 +1038,10 @@ export const updatePromptDescription = async (req: Request, res: Response): Prom
       return;
     }
 
-    const settings = loadSettings();
+    const serverDao = getServerDao();
-    if (!settings.mcpServers[serverName]) {
+    const server = await serverDao.findById(serverName);
+
+    if (!server) {
       res.status(404).json({
         success: false,
         message: 'Server not found',
@@ -1013,18 +1050,18 @@ export const updatePromptDescription = async (req: Request, res: Response): Prom
     }
 
     // Initialize prompts config if it doesn't exist
-    if (!settings.mcpServers[serverName].prompts) {
+    const prompts = server.prompts || {};
-      settings.mcpServers[serverName].prompts = {};
-    }
 
     // Set the prompt's description
-    if (!settings.mcpServers[serverName].prompts![promptName]) {
+    if (!prompts[promptName]) {
-      settings.mcpServers[serverName].prompts![promptName] = { enabled: true };
+      prompts[promptName] = { enabled: true };
     }
+    prompts[promptName].description = description;
 
-    settings.mcpServers[serverName].prompts![promptName].description = description;
+    // Update via DAO (supports both file and database modes)
+    const result = await serverDao.updatePrompts(serverName, prompts);
 
-    if (!saveSettings(settings)) {
+    if (!result) {
       res.status(500).json({
         success: false,
         message: 'Failed to save settings',

src/dao/DaoFactory.ts

@@ -3,6 +3,8 @@ import { ServerDao, ServerDaoImpl } from './ServerDao.js';
 import { GroupDao, GroupDaoImpl } from './GroupDao.js';
 import { SystemConfigDao, SystemConfigDaoImpl } from './SystemConfigDao.js';
 import { UserConfigDao, UserConfigDaoImpl } from './UserConfigDao.js';
+import { OAuthClientDao, OAuthClientDaoImpl } from './OAuthClientDao.js';
+import { OAuthTokenDao, OAuthTokenDaoImpl } from './OAuthTokenDao.js';
 
 /**
  * DAO Factory interface for creating DAO instances
@@ -13,6 +15,8 @@ export interface DaoFactory {
   getGroupDao(): GroupDao;
   getSystemConfigDao(): SystemConfigDao;
   getUserConfigDao(): UserConfigDao;
+  getOAuthClientDao(): OAuthClientDao;
+  getOAuthTokenDao(): OAuthTokenDao;
 }
 
 /**
@@ -26,6 +30,8 @@ export class JsonFileDaoFactory implements DaoFactory {
   private groupDao: GroupDao | null = null;
   private systemConfigDao: SystemConfigDao | null = null;
   private userConfigDao: UserConfigDao | null = null;
+  private oauthClientDao: OAuthClientDao | null = null;
+  private oauthTokenDao: OAuthTokenDao | null = null;
 
   /**
    * Get singleton instance
@@ -76,6 +82,20 @@ export class JsonFileDaoFactory implements DaoFactory {
     return this.userConfigDao;
   }
 
+  getOAuthClientDao(): OAuthClientDao {
+    if (!this.oauthClientDao) {
+      this.oauthClientDao = new OAuthClientDaoImpl();
+    }
+    return this.oauthClientDao;
+  }
+
+  getOAuthTokenDao(): OAuthTokenDao {
+    if (!this.oauthTokenDao) {
+      this.oauthTokenDao = new OAuthTokenDaoImpl();
+    }
+    return this.oauthTokenDao;
+  }
+
   /**
    * Reset all cached DAO instances (useful for testing)
    */
@@ -85,6 +105,8 @@ export class JsonFileDaoFactory implements DaoFactory {
     this.groupDao = null;
     this.systemConfigDao = null;
     this.userConfigDao = null;
+    this.oauthClientDao = null;
+    this.oauthTokenDao = null;
   }
 }
 
@@ -149,3 +171,11 @@ export function getSystemConfigDao(): SystemConfigDao {
 export function getUserConfigDao(): UserConfigDao {
   return getDaoFactory().getUserConfigDao();
 }
+
+export function getOAuthClientDao(): OAuthClientDao {
+  return getDaoFactory().getOAuthClientDao();
+}
+
+export function getOAuthTokenDao(): OAuthTokenDao {
+  return getDaoFactory().getOAuthTokenDao();
+}

src/dao/DatabaseDaoFactory.ts

@@ -1,9 +1,20 @@
-import { DaoFactory, UserDao, ServerDao, GroupDao, SystemConfigDao, UserConfigDao } from './index.js';
+import {
+  DaoFactory,
+  UserDao,
+  ServerDao,
+  GroupDao,
+  SystemConfigDao,
+  UserConfigDao,
+  OAuthClientDao,
+  OAuthTokenDao,
+} from './index.js';
 import { UserDaoDbImpl } from './UserDaoDbImpl.js';
 import { ServerDaoDbImpl } from './ServerDaoDbImpl.js';
 import { GroupDaoDbImpl } from './GroupDaoDbImpl.js';
 import { SystemConfigDaoDbImpl } from './SystemConfigDaoDbImpl.js';
 import { UserConfigDaoDbImpl } from './UserConfigDaoDbImpl.js';
+import { OAuthClientDaoDbImpl } from './OAuthClientDaoDbImpl.js';
+import { OAuthTokenDaoDbImpl } from './OAuthTokenDaoDbImpl.js';
 
 /**
  * Database-backed DAO factory implementation
@@ -16,6 +27,8 @@ export class DatabaseDaoFactory implements DaoFactory {
   private groupDao: GroupDao | null = null;
   private systemConfigDao: SystemConfigDao | null = null;
   private userConfigDao: UserConfigDao | null = null;
+  private oauthClientDao: OAuthClientDao | null = null;
+  private oauthTokenDao: OAuthTokenDao | null = null;
 
   /**
    * Get singleton instance
@@ -66,6 +79,20 @@ export class DatabaseDaoFactory implements DaoFactory {
     return this.userConfigDao!;
   }
 
+  getOAuthClientDao(): OAuthClientDao {
+    if (!this.oauthClientDao) {
+      this.oauthClientDao = new OAuthClientDaoDbImpl();
+    }
+    return this.oauthClientDao!;
+  }
+
+  getOAuthTokenDao(): OAuthTokenDao {
+    if (!this.oauthTokenDao) {
+      this.oauthTokenDao = new OAuthTokenDaoDbImpl();
+    }
+    return this.oauthTokenDao!;
+  }
+
   /**
    * Reset all cached DAO instances (useful for testing)
    */
@@ -75,5 +102,7 @@ export class DatabaseDaoFactory implements DaoFactory {
     this.groupDao = null;
     this.systemConfigDao = null;
     this.userConfigDao = null;
+    this.oauthClientDao = null;
+    this.oauthTokenDao = null;
   }
 }

src/dao/OAuthClientDao.ts

@@ -0,0 +1,146 @@
+import { IOAuthClient } from '../types/index.js';
+import { BaseDao } from './base/BaseDao.js';
+import { JsonFileBaseDao } from './base/JsonFileBaseDao.js';
+
+/**
+ * OAuth Client DAO interface with OAuth client-specific operations
+ */
+export interface OAuthClientDao extends BaseDao<IOAuthClient, string> {
+  /**
+   * Find OAuth client by client ID
+   */
+  findByClientId(clientId: string): Promise<IOAuthClient | null>;
+
+  /**
+   * Find OAuth clients by owner
+   */
+  findByOwner(owner: string): Promise<IOAuthClient[]>;
+
+  /**
+   * Validate client credentials
+   */
+  validateCredentials(clientId: string, clientSecret?: string): Promise<boolean>;
+}
+
+/**
+ * JSON file-based OAuth Client DAO implementation
+ */
+export class OAuthClientDaoImpl extends JsonFileBaseDao implements OAuthClientDao {
+  protected async getAll(): Promise<IOAuthClient[]> {
+    const settings = await this.loadSettings();
+    return settings.oauthClients || [];
+  }
+
+  protected async saveAll(clients: IOAuthClient[]): Promise<void> {
+    const settings = await this.loadSettings();
+    settings.oauthClients = clients;
+    await this.saveSettings(settings);
+  }
+
+  protected getEntityId(client: IOAuthClient): string {
+    return client.clientId;
+  }
+
+  protected createEntity(_data: Omit<IOAuthClient, 'clientId'>): IOAuthClient {
+    throw new Error('clientId must be provided');
+  }
+
+  protected updateEntity(existing: IOAuthClient, updates: Partial<IOAuthClient>): IOAuthClient {
+    return {
+      ...existing,
+      ...updates,
+      clientId: existing.clientId, // clientId should not be updated
+    };
+  }
+
+  async findAll(): Promise<IOAuthClient[]> {
+    return this.getAll();
+  }
+
+  async findById(clientId: string): Promise<IOAuthClient | null> {
+    return this.findByClientId(clientId);
+  }
+
+  async findByClientId(clientId: string): Promise<IOAuthClient | null> {
+    const clients = await this.getAll();
+    return clients.find((client) => client.clientId === clientId) || null;
+  }
+
+  async findByOwner(owner: string): Promise<IOAuthClient[]> {
+    const clients = await this.getAll();
+    return clients.filter((client) => client.owner === owner);
+  }
+
+  async create(data: IOAuthClient): Promise<IOAuthClient> {
+    const clients = await this.getAll();
+
+    // Check if client already exists
+    if (clients.find((client) => client.clientId === data.clientId)) {
+      throw new Error(`OAuth client ${data.clientId} already exists`);
+    }
+
+    const newClient: IOAuthClient = {
+      ...data,
+      owner: data.owner || 'admin',
+    };
+
+    clients.push(newClient);
+    await this.saveAll(clients);
+
+    return newClient;
+  }
+
+  async update(clientId: string, updates: Partial<IOAuthClient>): Promise<IOAuthClient | null> {
+    const clients = await this.getAll();
+    const index = clients.findIndex((client) => client.clientId === clientId);
+
+    if (index === -1) {
+      return null;
+    }
+
+    // Don't allow clientId changes
+    const { clientId: _, ...allowedUpdates } = updates;
+    const updatedClient = this.updateEntity(clients[index], allowedUpdates);
+    clients[index] = updatedClient;
+
+    await this.saveAll(clients);
+    return updatedClient;
+  }
+
+  async delete(clientId: string): Promise<boolean> {
+    const clients = await this.getAll();
+    const index = clients.findIndex((client) => client.clientId === clientId);
+    if (index === -1) {
+      return false;
+    }
+
+    clients.splice(index, 1);
+    await this.saveAll(clients);
+    return true;
+  }
+
+  async exists(clientId: string): Promise<boolean> {
+    const client = await this.findByClientId(clientId);
+    return client !== null;
+  }
+
+  async count(): Promise<number> {
+    const clients = await this.getAll();
+    return clients.length;
+  }
+
+  async validateCredentials(clientId: string, clientSecret?: string): Promise<boolean> {
+    const client = await this.findByClientId(clientId);
+    if (!client) {
+      return false;
+    }
+
+    // If client has no secret (public client), accept if no secret provided
+    if (!client.clientSecret) {
+      return !clientSecret;
+    }
+
+    // If client has a secret, it must match
+    return client.clientSecret === clientSecret;
+  }
+}

src/dao/OAuthClientDaoDbImpl.ts

@@ -0,0 +1,109 @@
+import { OAuthClientDao } from './OAuthClientDao.js';
+import { OAuthClientRepository } from '../db/repositories/OAuthClientRepository.js';
+import { IOAuthClient } from '../types/index.js';
+
+/**
+ * Database-backed implementation of OAuthClientDao
+ */
+export class OAuthClientDaoDbImpl implements OAuthClientDao {
+  private repository: OAuthClientRepository;
+
+  constructor() {
+    this.repository = new OAuthClientRepository();
+  }
+
+  async findAll(): Promise<IOAuthClient[]> {
+    const clients = await this.repository.findAll();
+    return clients.map((c) => this.mapToOAuthClient(c));
+  }
+
+  async findById(clientId: string): Promise<IOAuthClient | null> {
+    const client = await this.repository.findByClientId(clientId);
+    return client ? this.mapToOAuthClient(client) : null;
+  }
+
+  async findByClientId(clientId: string): Promise<IOAuthClient | null> {
+    return this.findById(clientId);
+  }
+
+  async findByOwner(owner: string): Promise<IOAuthClient[]> {
+    const clients = await this.repository.findByOwner(owner);
+    return clients.map((c) => this.mapToOAuthClient(c));
+  }
+
+  async create(entity: IOAuthClient): Promise<IOAuthClient> {
+    const client = await this.repository.create({
+      clientId: entity.clientId,
+      clientSecret: entity.clientSecret,
+      name: entity.name,
+      redirectUris: entity.redirectUris,
+      grants: entity.grants,
+      scopes: entity.scopes,
+      owner: entity.owner || 'admin',
+      metadata: entity.metadata,
+    });
+    return this.mapToOAuthClient(client);
+  }
+
+  async update(clientId: string, entity: Partial<IOAuthClient>): Promise<IOAuthClient | null> {
+    const client = await this.repository.update(clientId, {
+      clientSecret: entity.clientSecret,
+      name: entity.name,
+      redirectUris: entity.redirectUris,
+      grants: entity.grants,
+      scopes: entity.scopes,
+      owner: entity.owner,
+      metadata: entity.metadata,
+    });
+    return client ? this.mapToOAuthClient(client) : null;
+  }
+
+  async delete(clientId: string): Promise<boolean> {
+    return await this.repository.delete(clientId);
+  }
+
+  async exists(clientId: string): Promise<boolean> {
+    return await this.repository.exists(clientId);
+  }
+
+  async count(): Promise<number> {
+    return await this.repository.count();
+  }
+
+  async validateCredentials(clientId: string, clientSecret?: string): Promise<boolean> {
+    const client = await this.findByClientId(clientId);
+    if (!client) {
+      return false;
+    }
+
+    // If client has no secret (public client), accept if no secret provided
+    if (!client.clientSecret) {
+      return !clientSecret;
+    }
+
+    // If client has a secret, it must match
+    return client.clientSecret === clientSecret;
+  }
+
+  private mapToOAuthClient(client: {
+    clientId: string;
+    clientSecret?: string;
+    name: string;
+    redirectUris: string[];
+    grants: string[];
+    scopes?: string[];
+    owner?: string;
+    metadata?: Record<string, any>;
+  }): IOAuthClient {
+    return {
+      clientId: client.clientId,
+      clientSecret: client.clientSecret,
+      name: client.name,
+      redirectUris: client.redirectUris,
+      grants: client.grants,
+      scopes: client.scopes,
+      owner: client.owner,
+      metadata: client.metadata as IOAuthClient['metadata'],
+    };
+  }
+}

src/dao/OAuthTokenDao.ts

@@ -0,0 +1,259 @@
+import { IOAuthToken } from '../types/index.js';
+import { BaseDao } from './base/BaseDao.js';
+import { JsonFileBaseDao } from './base/JsonFileBaseDao.js';
+
+/**
+ * OAuth Token DAO interface with OAuth token-specific operations
+ */
+export interface OAuthTokenDao extends BaseDao<IOAuthToken, string> {
+  /**
+   * Find token by access token
+   */
+  findByAccessToken(accessToken: string): Promise<IOAuthToken | null>;
+
+  /**
+   * Find token by refresh token
+   */
+  findByRefreshToken(refreshToken: string): Promise<IOAuthToken | null>;
+
+  /**
+   * Find tokens by client ID
+   */
+  findByClientId(clientId: string): Promise<IOAuthToken[]>;
+
+  /**
+   * Find tokens by username
+   */
+  findByUsername(username: string): Promise<IOAuthToken[]>;
+
+  /**
+   * Revoke token (delete by access token or refresh token)
+   */
+  revokeToken(token: string): Promise<boolean>;
+
+  /**
+   * Revoke all tokens for a user
+   */
+  revokeUserTokens(username: string): Promise<number>;
+
+  /**
+   * Revoke all tokens for a client
+   */
+  revokeClientTokens(clientId: string): Promise<number>;
+
+  /**
+   * Clean up expired tokens
+   */
+  cleanupExpired(): Promise<number>;
+
+  /**
+   * Check if access token is valid (exists and not expired)
+   */
+  isAccessTokenValid(accessToken: string): Promise<boolean>;
+
+  /**
+   * Check if refresh token is valid (exists and not expired)
+   */
+  isRefreshTokenValid(refreshToken: string): Promise<boolean>;
+}
+
+/**
+ * JSON file-based OAuth Token DAO implementation
+ */
+export class OAuthTokenDaoImpl extends JsonFileBaseDao implements OAuthTokenDao {
+  protected async getAll(): Promise<IOAuthToken[]> {
+    const settings = await this.loadSettings();
+    // Convert stored dates back to Date objects
+    return (settings.oauthTokens || []).map((token) => ({
+      ...token,
+      accessTokenExpiresAt: new Date(token.accessTokenExpiresAt),
+      refreshTokenExpiresAt: token.refreshTokenExpiresAt
+        ? new Date(token.refreshTokenExpiresAt)
+        : undefined,
+    }));
+  }
+
+  protected async saveAll(tokens: IOAuthToken[]): Promise<void> {
+    const settings = await this.loadSettings();
+    settings.oauthTokens = tokens;
+    await this.saveSettings(settings);
+  }
+
+  protected getEntityId(token: IOAuthToken): string {
+    return token.accessToken;
+  }
+
+  protected createEntity(_data: Omit<IOAuthToken, 'accessToken'>): IOAuthToken {
+    throw new Error('accessToken must be provided');
+  }
+
+  protected updateEntity(existing: IOAuthToken, updates: Partial<IOAuthToken>): IOAuthToken {
+    return {
+      ...existing,
+      ...updates,
+      accessToken: existing.accessToken, // accessToken should not be updated
+    };
+  }
+
+  async findAll(): Promise<IOAuthToken[]> {
+    return this.getAll();
+  }
+
+  async findById(accessToken: string): Promise<IOAuthToken | null> {
+    return this.findByAccessToken(accessToken);
+  }
+
+  async findByAccessToken(accessToken: string): Promise<IOAuthToken | null> {
+    const tokens = await this.getAll();
+    return tokens.find((token) => token.accessToken === accessToken) || null;
+  }
+
+  async findByRefreshToken(refreshToken: string): Promise<IOAuthToken | null> {
+    const tokens = await this.getAll();
+    return tokens.find((token) => token.refreshToken === refreshToken) || null;
+  }
+
+  async findByClientId(clientId: string): Promise<IOAuthToken[]> {
+    const tokens = await this.getAll();
+    return tokens.filter((token) => token.clientId === clientId);
+  }
+
+  async findByUsername(username: string): Promise<IOAuthToken[]> {
+    const tokens = await this.getAll();
+    return tokens.filter((token) => token.username === username);
+  }
+
+  async create(data: IOAuthToken): Promise<IOAuthToken> {
+    const tokens = await this.getAll();
+
+    // Remove any existing tokens with the same access token or refresh token
+    const filteredTokens = tokens.filter(
+      (t) => t.accessToken !== data.accessToken && t.refreshToken !== data.refreshToken,
+    );
+
+    const newToken: IOAuthToken = {
+      ...data,
+    };
+
+    filteredTokens.push(newToken);
+    await this.saveAll(filteredTokens);
+
+    return newToken;
+  }
+
+  async update(accessToken: string, updates: Partial<IOAuthToken>): Promise<IOAuthToken | null> {
+    const tokens = await this.getAll();
+    const index = tokens.findIndex((token) => token.accessToken === accessToken);
+
+    if (index === -1) {
+      return null;
+    }
+
+    // Don't allow accessToken changes
+    const { accessToken: _, ...allowedUpdates } = updates;
+    const updatedToken = this.updateEntity(tokens[index], allowedUpdates);
+    tokens[index] = updatedToken;
+
+    await this.saveAll(tokens);
+    return updatedToken;
+  }
+
+  async delete(accessToken: string): Promise<boolean> {
+    const tokens = await this.getAll();
+    const index = tokens.findIndex((token) => token.accessToken === accessToken);
+    if (index === -1) {
+      return false;
+    }
+
+    tokens.splice(index, 1);
+    await this.saveAll(tokens);
+    return true;
+  }
+
+  async exists(accessToken: string): Promise<boolean> {
+    const token = await this.findByAccessToken(accessToken);
+    return token !== null;
+  }
+
+  async count(): Promise<number> {
+    const tokens = await this.getAll();
+    return tokens.length;
+  }
+
+  async revokeToken(token: string): Promise<boolean> {
+    const tokens = await this.getAll();
+    const tokenData = tokens.find((t) => t.accessToken === token || t.refreshToken === token);
+
+    if (!tokenData) {
+      return false;
+    }
+
+    const filteredTokens = tokens.filter(
+      (t) => t.accessToken !== tokenData.accessToken && t.refreshToken !== tokenData.refreshToken,
+    );
+
+    await this.saveAll(filteredTokens);
+    return true;
+  }
+
+  async revokeUserTokens(username: string): Promise<number> {
+    const tokens = await this.getAll();
+    const userTokens = tokens.filter((token) => token.username === username);
+    const remainingTokens = tokens.filter((token) => token.username !== username);
+
+    await this.saveAll(remainingTokens);
+    return userTokens.length;
+  }
+
+  async revokeClientTokens(clientId: string): Promise<number> {
+    const tokens = await this.getAll();
+    const clientTokens = tokens.filter((token) => token.clientId === clientId);
+    const remainingTokens = tokens.filter((token) => token.clientId !== clientId);
+
+    await this.saveAll(remainingTokens);
+    return clientTokens.length;
+  }
+
+  async cleanupExpired(): Promise<number> {
+    const tokens = await this.getAll();
+    const now = new Date();
+
+    const validTokens = tokens.filter((token) => {
+      // Keep if access token is still valid
+      if (token.accessTokenExpiresAt > now) {
+        return true;
+      }
+      // Or if refresh token exists and is still valid
+      if (token.refreshToken && token.refreshTokenExpiresAt && token.refreshTokenExpiresAt > now) {
+        return true;
+      }
+      return false;
+    });
+
+    const expiredCount = tokens.length - validTokens.length;
+    if (expiredCount > 0) {
+      await this.saveAll(validTokens);
+    }
+
+    return expiredCount;
+  }
+
+  async isAccessTokenValid(accessToken: string): Promise<boolean> {
+    const token = await this.findByAccessToken(accessToken);
+    if (!token) {
+      return false;
+    }
+    return token.accessTokenExpiresAt > new Date();
+  }
+
+  async isRefreshTokenValid(refreshToken: string): Promise<boolean> {
+    const token = await this.findByRefreshToken(refreshToken);
+    if (!token) {
+      return false;
+    }
+    if (!token.refreshTokenExpiresAt) {
+      return true; // No expiration means always valid
+    }
+    return token.refreshTokenExpiresAt > new Date();
+  }
+}

src/dao/OAuthTokenDaoDbImpl.ts

@@ -0,0 +1,122 @@
+import { OAuthTokenDao } from './OAuthTokenDao.js';
+import { OAuthTokenRepository } from '../db/repositories/OAuthTokenRepository.js';
+import { IOAuthToken } from '../types/index.js';
+
+/**
+ * Database-backed implementation of OAuthTokenDao
+ */
+export class OAuthTokenDaoDbImpl implements OAuthTokenDao {
+  private repository: OAuthTokenRepository;
+
+  constructor() {
+    this.repository = new OAuthTokenRepository();
+  }
+
+  async findAll(): Promise<IOAuthToken[]> {
+    const tokens = await this.repository.findAll();
+    return tokens.map((t) => this.mapToOAuthToken(t));
+  }
+
+  async findById(accessToken: string): Promise<IOAuthToken | null> {
+    const token = await this.repository.findByAccessToken(accessToken);
+    return token ? this.mapToOAuthToken(token) : null;
+  }
+
+  async findByAccessToken(accessToken: string): Promise<IOAuthToken | null> {
+    return this.findById(accessToken);
+  }
+
+  async findByRefreshToken(refreshToken: string): Promise<IOAuthToken | null> {
+    const token = await this.repository.findByRefreshToken(refreshToken);
+    return token ? this.mapToOAuthToken(token) : null;
+  }
+
+  async findByClientId(clientId: string): Promise<IOAuthToken[]> {
+    const tokens = await this.repository.findByClientId(clientId);
+    return tokens.map((t) => this.mapToOAuthToken(t));
+  }
+
+  async findByUsername(username: string): Promise<IOAuthToken[]> {
+    const tokens = await this.repository.findByUsername(username);
+    return tokens.map((t) => this.mapToOAuthToken(t));
+  }
+
+  async create(entity: IOAuthToken): Promise<IOAuthToken> {
+    const token = await this.repository.create({
+      accessToken: entity.accessToken,
+      accessTokenExpiresAt: entity.accessTokenExpiresAt,
+      refreshToken: entity.refreshToken,
+      refreshTokenExpiresAt: entity.refreshTokenExpiresAt,
+      scope: entity.scope,
+      clientId: entity.clientId,
+      username: entity.username,
+    });
+    return this.mapToOAuthToken(token);
+  }
+
+  async update(accessToken: string, entity: Partial<IOAuthToken>): Promise<IOAuthToken | null> {
+    const token = await this.repository.update(accessToken, {
+      accessTokenExpiresAt: entity.accessTokenExpiresAt,
+      refreshToken: entity.refreshToken,
+      refreshTokenExpiresAt: entity.refreshTokenExpiresAt,
+      scope: entity.scope,
+    });
+    return token ? this.mapToOAuthToken(token) : null;
+  }
+
+  async delete(accessToken: string): Promise<boolean> {
+    return await this.repository.delete(accessToken);
+  }
+
+  async exists(accessToken: string): Promise<boolean> {
+    return await this.repository.exists(accessToken);
+  }
+
+  async count(): Promise<number> {
+    return await this.repository.count();
+  }
+
+  async revokeToken(token: string): Promise<boolean> {
+    return await this.repository.revokeToken(token);
+  }
+
+  async revokeUserTokens(username: string): Promise<number> {
+    return await this.repository.revokeUserTokens(username);
+  }
+
+  async revokeClientTokens(clientId: string): Promise<number> {
+    return await this.repository.revokeClientTokens(clientId);
+  }
+
+  async cleanupExpired(): Promise<number> {
+    return await this.repository.cleanupExpired();
+  }
+
+  async isAccessTokenValid(accessToken: string): Promise<boolean> {
+    return await this.repository.isAccessTokenValid(accessToken);
+  }
+
+  async isRefreshTokenValid(refreshToken: string): Promise<boolean> {
+    return await this.repository.isRefreshTokenValid(refreshToken);
+  }
+
+  private mapToOAuthToken(token: {
+    accessToken: string;
+    accessTokenExpiresAt: Date;
+    refreshToken?: string;
+    refreshTokenExpiresAt?: Date;
+    scope?: string;
+    clientId: string;
+    username: string;
+  }): IOAuthToken {
+    return {
+      accessToken: token.accessToken,
+      accessTokenExpiresAt: token.accessTokenExpiresAt,
+      refreshToken: token.refreshToken,
+      refreshTokenExpiresAt: token.refreshTokenExpiresAt,
+      scope: token.scope,
+      clientId: token.clientId,
+      username: token.username,
+    };
+  }
+}

src/dao/index.ts

@@ -6,6 +6,8 @@ export * from './ServerDao.js';
 export * from './GroupDao.js';
 export * from './SystemConfigDao.js';
 export * from './UserConfigDao.js';
+export * from './OAuthClientDao.js';
+export * from './OAuthTokenDao.js';
 
 // Export database implementations
 export * from './UserDaoDbImpl.js';
@@ -13,6 +15,8 @@ export * from './ServerDaoDbImpl.js';
 export * from './GroupDaoDbImpl.js';
 export * from './SystemConfigDaoDbImpl.js';
 export * from './UserConfigDaoDbImpl.js';
+export * from './OAuthClientDaoDbImpl.js';
+export * from './OAuthTokenDaoDbImpl.js';
 
 // Export the DAO factory and convenience functions
 export * from './DaoFactory.js';

src/db/entities/OAuthClient.ts

@@ -0,0 +1,60 @@
+import {
+  Entity,
+  Column,
+  PrimaryGeneratedColumn,
+  CreateDateColumn,
+  UpdateDateColumn,
+} from 'typeorm';
+
+/**
+ * OAuth Client entity for database storage
+ * Represents OAuth clients registered with MCPHub's authorization server
+ */
+@Entity({ name: 'oauth_clients' })
+export class OAuthClient {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Column({ name: 'client_id', type: 'varchar', length: 255, unique: true })
+  clientId: string;
+
+  @Column({ name: 'client_secret', type: 'varchar', length: 255, nullable: true })
+  clientSecret?: string;
+
+  @Column({ type: 'varchar', length: 255 })
+  name: string;
+
+  @Column({ name: 'redirect_uris', type: 'simple-json' })
+  redirectUris: string[];
+
+  @Column({ type: 'simple-json' })
+  grants: string[];
+
+  @Column({ type: 'simple-json', nullable: true })
+  scopes?: string[];
+
+  @Column({ type: 'varchar', length: 255, nullable: true })
+  owner?: string;
+
+  @Column({ type: 'simple-json', nullable: true })
+  metadata?: {
+    application_type?: 'web' | 'native';
+    response_types?: string[];
+    token_endpoint_auth_method?: string;
+    contacts?: string[];
+    logo_uri?: string;
+    client_uri?: string;
+    policy_uri?: string;
+    tos_uri?: string;
+    jwks_uri?: string;
+    jwks?: object;
+  };
+
+  @CreateDateColumn({ name: 'created_at', type: 'timestamp' })
+  createdAt: Date;
+
+  @UpdateDateColumn({ name: 'updated_at', type: 'timestamp' })
+  updatedAt: Date;
+}
+
+export default OAuthClient;

src/db/entities/OAuthToken.ts

@@ -0,0 +1,51 @@
+import {
+  Entity,
+  Column,
+  PrimaryGeneratedColumn,
+  CreateDateColumn,
+  UpdateDateColumn,
+  Index,
+} from 'typeorm';
+
+/**
+ * OAuth Token entity for database storage
+ * Represents OAuth tokens issued by MCPHub's authorization server
+ */
+@Entity({ name: 'oauth_tokens' })
+export class OAuthToken {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Index()
+  @Column({ name: 'access_token', type: 'varchar', length: 512, unique: true })
+  accessToken: string;
+
+  @Column({ name: 'access_token_expires_at', type: 'timestamp' })
+  accessTokenExpiresAt: Date;
+
+  @Index()
+  @Column({ name: 'refresh_token', type: 'varchar', length: 512, nullable: true, unique: true })
+  refreshToken?: string;
+
+  @Column({ name: 'refresh_token_expires_at', type: 'timestamp', nullable: true })
+  refreshTokenExpiresAt?: Date;
+
+  @Column({ type: 'varchar', length: 512, nullable: true })
+  scope?: string;
+
+  @Index()
+  @Column({ name: 'client_id', type: 'varchar', length: 255 })
+  clientId: string;
+
+  @Index()
+  @Column({ type: 'varchar', length: 255 })
+  username: string;
+
+  @CreateDateColumn({ name: 'created_at', type: 'timestamp' })
+  createdAt: Date;
+
+  @UpdateDateColumn({ name: 'updated_at', type: 'timestamp' })
+  updatedAt: Date;
+}
+
+export default OAuthToken;

src/db/entities/index.ts

@@ -4,9 +4,20 @@ import Server from './Server.js';
 import Group from './Group.js';
 import SystemConfig from './SystemConfig.js';
 import UserConfig from './UserConfig.js';
+import OAuthClient from './OAuthClient.js';
+import OAuthToken from './OAuthToken.js';
 
 // Export all entities
-export default [VectorEmbedding, User, Server, Group, SystemConfig, UserConfig];
+export default [
+  VectorEmbedding,
+  User,
+  Server,
+  Group,
+  SystemConfig,
+  UserConfig,
+  OAuthClient,
+  OAuthToken,
+];
 
 // Export individual entities for direct use
-export { VectorEmbedding, User, Server, Group, SystemConfig, UserConfig };
+export { VectorEmbedding, User, Server, Group, SystemConfig, UserConfig, OAuthClient, OAuthToken };

src/db/repositories/GroupRepository.ts

@@ -16,7 +16,7 @@ export class GroupRepository {
    * Find all groups
    */
   async findAll(): Promise<Group[]> {
-    return await this.repository.find();
+    return await this.repository.find({ order: { createdAt: 'ASC' } });
   }
 
   /**
@@ -88,7 +88,7 @@ export class GroupRepository {
    * Find groups by owner
    */
   async findByOwner(owner: string): Promise<Group[]> {
-    return await this.repository.find({ where: { owner } });
+    return await this.repository.find({ where: { owner }, order: { createdAt: 'ASC' } });
   }
 }
 

src/db/repositories/OAuthClientRepository.ts

@@ -0,0 +1,80 @@
+import { Repository } from 'typeorm';
+import { OAuthClient } from '../entities/OAuthClient.js';
+import { getAppDataSource } from '../connection.js';
+
+/**
+ * Repository for OAuthClient entity
+ */
+export class OAuthClientRepository {
+  private repository: Repository<OAuthClient>;
+
+  constructor() {
+    this.repository = getAppDataSource().getRepository(OAuthClient);
+  }
+
+  /**
+   * Find all OAuth clients
+   */
+  async findAll(): Promise<OAuthClient[]> {
+    return await this.repository.find();
+  }
+
+  /**
+   * Find OAuth client by client ID
+   */
+  async findByClientId(clientId: string): Promise<OAuthClient | null> {
+    return await this.repository.findOne({ where: { clientId } });
+  }
+
+  /**
+   * Find OAuth clients by owner
+   */
+  async findByOwner(owner: string): Promise<OAuthClient[]> {
+    return await this.repository.find({ where: { owner } });
+  }
+
+  /**
+   * Create a new OAuth client
+   */
+  async create(client: Omit<OAuthClient, 'id' | 'createdAt' | 'updatedAt'>): Promise<OAuthClient> {
+    const newClient = this.repository.create(client);
+    return await this.repository.save(newClient);
+  }
+
+  /**
+   * Update an existing OAuth client
+   */
+  async update(clientId: string, clientData: Partial<OAuthClient>): Promise<OAuthClient | null> {
+    const client = await this.findByClientId(clientId);
+    if (!client) {
+      return null;
+    }
+    const updated = this.repository.merge(client, clientData);
+    return await this.repository.save(updated);
+  }
+
+  /**
+   * Delete an OAuth client
+   */
+  async delete(clientId: string): Promise<boolean> {
+    const result = await this.repository.delete({ clientId });
+    return (result.affected ?? 0) > 0;
+  }
+
+  /**
+   * Check if OAuth client exists
+   */
+  async exists(clientId: string): Promise<boolean> {
+    const count = await this.repository.count({ where: { clientId } });
+    return count > 0;
+  }
+
+  /**
+   * Count total OAuth clients
+   */
+  async count(): Promise<number> {
+    return await this.repository.count();
+  }
+}
+
+export default OAuthClientRepository;

src/db/repositories/OAuthTokenRepository.ts

@@ -0,0 +1,183 @@
+import { Repository, MoreThan } from 'typeorm';
+import { OAuthToken } from '../entities/OAuthToken.js';
+import { getAppDataSource } from '../connection.js';
+
+/**
+ * Repository for OAuthToken entity
+ */
+export class OAuthTokenRepository {
+  private repository: Repository<OAuthToken>;
+
+  constructor() {
+    this.repository = getAppDataSource().getRepository(OAuthToken);
+  }
+
+  /**
+   * Find all OAuth tokens
+   */
+  async findAll(): Promise<OAuthToken[]> {
+    return await this.repository.find();
+  }
+
+  /**
+   * Find OAuth token by access token
+   */
+  async findByAccessToken(accessToken: string): Promise<OAuthToken | null> {
+    return await this.repository.findOne({ where: { accessToken } });
+  }
+
+  /**
+   * Find OAuth token by refresh token
+   */
+  async findByRefreshToken(refreshToken: string): Promise<OAuthToken | null> {
+    return await this.repository.findOne({ where: { refreshToken } });
+  }
+
+  /**
+   * Find OAuth tokens by client ID
+   */
+  async findByClientId(clientId: string): Promise<OAuthToken[]> {
+    return await this.repository.find({ where: { clientId } });
+  }
+
+  /**
+   * Find OAuth tokens by username
+   */
+  async findByUsername(username: string): Promise<OAuthToken[]> {
+    return await this.repository.find({ where: { username } });
+  }
+
+  /**
+   * Create a new OAuth token
+   */
+  async create(token: Omit<OAuthToken, 'id' | 'createdAt' | 'updatedAt'>): Promise<OAuthToken> {
+    // Remove any existing tokens with the same access token or refresh token
+    if (token.accessToken) {
+      await this.repository.delete({ accessToken: token.accessToken });
+    }
+    if (token.refreshToken) {
+      await this.repository.delete({ refreshToken: token.refreshToken });
+    }
+
+    const newToken = this.repository.create(token);
+    return await this.repository.save(newToken);
+  }
+
+  /**
+   * Update an existing OAuth token
+   */
+  async update(accessToken: string, tokenData: Partial<OAuthToken>): Promise<OAuthToken | null> {
+    const token = await this.findByAccessToken(accessToken);
+    if (!token) {
+      return null;
+    }
+    const updated = this.repository.merge(token, tokenData);
+    return await this.repository.save(updated);
+  }
+
+  /**
+   * Delete an OAuth token by access token
+   */
+  async delete(accessToken: string): Promise<boolean> {
+    const result = await this.repository.delete({ accessToken });
+    return (result.affected ?? 0) > 0;
+  }
+
+  /**
+   * Check if OAuth token exists by access token
+   */
+  async exists(accessToken: string): Promise<boolean> {
+    const count = await this.repository.count({ where: { accessToken } });
+    return count > 0;
+  }
+
+  /**
+   * Count total OAuth tokens
+   */
+  async count(): Promise<number> {
+    return await this.repository.count();
+  }
+
+  /**
+   * Revoke token by access token or refresh token
+   */
+  async revokeToken(token: string): Promise<boolean> {
+    // Try to find by access token first
+    let tokenEntity = await this.findByAccessToken(token);
+    if (!tokenEntity) {
+      // Try to find by refresh token
+      tokenEntity = await this.findByRefreshToken(token);
+    }
+
+    if (!tokenEntity) {
+      return false;
+    }
+
+    const result = await this.repository.delete({ id: tokenEntity.id });
+    return (result.affected ?? 0) > 0;
+  }
+
+  /**
+   * Revoke all tokens for a user
+   */
+  async revokeUserTokens(username: string): Promise<number> {
+    const result = await this.repository.delete({ username });
+    return result.affected ?? 0;
+  }
+
+  /**
+   * Revoke all tokens for a client
+   */
+  async revokeClientTokens(clientId: string): Promise<number> {
+    const result = await this.repository.delete({ clientId });
+    return result.affected ?? 0;
+  }
+
+  /**
+   * Clean up expired tokens
+   */
+  async cleanupExpired(): Promise<number> {
+    const now = new Date();
+
+    // Delete tokens where both access token and refresh token are expired
+    // (or refresh token doesn't exist)
+    const result = await this.repository
+      .createQueryBuilder()
+      .delete()
+      .from(OAuthToken)
+      .where('access_token_expires_at < :now', { now })
+      .andWhere('(refresh_token_expires_at IS NULL OR refresh_token_expires_at < :now)', { now })
+      .execute();
+
+    return result.affected ?? 0;
+  }
+
+  /**
+   * Check if access token is valid (exists and not expired)
+   */
+  async isAccessTokenValid(accessToken: string): Promise<boolean> {
+    const count = await this.repository.count({
+      where: {
+        accessToken,
+        accessTokenExpiresAt: MoreThan(new Date()),
+      },
+    });
+    return count > 0;
+  }
+
+  /**
+   * Check if refresh token is valid (exists and not expired)
+   */
+  async isRefreshTokenValid(refreshToken: string): Promise<boolean> {
+    const token = await this.findByRefreshToken(refreshToken);
+    if (!token) {
+      return false;
+    }
+    if (!token.refreshTokenExpiresAt) {
+      return true; // No expiration means always valid
+    }
+    return token.refreshTokenExpiresAt > new Date();
+  }
+}
+
+export default OAuthTokenRepository;

src/db/repositories/ServerRepository.ts

@@ -16,7 +16,7 @@ export class ServerRepository {
    * Find all servers
    */
   async findAll(): Promise<Server[]> {
-    return await this.repository.find();
+    return await this.repository.find({ order: { createdAt: 'ASC' } });
   }
 
   /**
@@ -73,14 +73,14 @@ export class ServerRepository {
    * Find servers by owner
    */
   async findByOwner(owner: string): Promise<Server[]> {
-    return await this.repository.find({ where: { owner } });
+    return await this.repository.find({ where: { owner }, order: { createdAt: 'ASC' } });
   }
 
   /**
    * Find enabled servers
    */
   async findEnabled(): Promise<Server[]> {
-    return await this.repository.find({ where: { enabled: true } });
+    return await this.repository.find({ where: { enabled: true }, order: { createdAt: 'ASC' } });
   }
 
   /**

src/db/repositories/UserRepository.ts

@@ -16,7 +16,7 @@ export class UserRepository {
    * Find all users
    */
   async findAll(): Promise<User[]> {
-    return await this.repository.find();
+    return await this.repository.find({ order: { createdAt: 'ASC' } });
   }
 
   /**
@@ -73,7 +73,7 @@ export class UserRepository {
    * Find all admin users
    */
   async findAdmins(): Promise<User[]> {
-    return await this.repository.find({ where: { isAdmin: true } });
+    return await this.repository.find({ where: { isAdmin: true }, order: { createdAt: 'ASC' } });
   }
 }
 

src/db/repositories/index.ts

@@ -4,6 +4,8 @@ import { ServerRepository } from './ServerRepository.js';
 import { GroupRepository } from './GroupRepository.js';
 import { SystemConfigRepository } from './SystemConfigRepository.js';
 import { UserConfigRepository } from './UserConfigRepository.js';
+import { OAuthClientRepository } from './OAuthClientRepository.js';
+import { OAuthTokenRepository } from './OAuthTokenRepository.js';
 
 // Export all repositories
 export {
@@ -13,4 +15,6 @@ export {
   GroupRepository,
   SystemConfigRepository,
   UserConfigRepository,
+  OAuthClientRepository,
+  OAuthTokenRepository,
 };

src/middlewares/auth.ts

@@ -67,7 +67,7 @@ export const auth = async (req: Request, res: Response, next: NextFunction): Pro
   const authHeader = req.headers.authorization;
   if (authHeader && authHeader.startsWith('Bearer ') && isOAuthServerEnabled()) {
     const accessToken = authHeader.substring(7);
-    const oauthToken = getToken(accessToken);
+    const oauthToken = await getToken(accessToken);
 
     if (oauthToken && oauthToken.accessToken === accessToken) {
       // Valid OAuth token - look up user to get admin status

src/models/OAuth.ts

@@ -1,112 +1,89 @@
 import crypto from 'crypto';
-import { loadSettings, saveSettings } from '../config/index.js';
+import { getOAuthClientDao, getOAuthTokenDao } from '../dao/index.js';
 import { IOAuthClient, IOAuthAuthorizationCode, IOAuthToken } from '../types/index.js';
 
-// In-memory storage for authorization codes and tokens
+// In-memory storage for authorization codes (short-lived, no persistence needed)
-// Authorization codes are short-lived and kept in memory only.
-// Tokens are mirrored to settings (mcp_settings.json) for persistence.
 const authorizationCodes = new Map<string, IOAuthAuthorizationCode>();
-const tokens = new Map<string, IOAuthToken>();
 
-// Initialize token store from settings on first import
+// In-memory cache for tokens (also persisted via DAO)
-(() => {
+const tokensCache = new Map<string, IOAuthToken>();
+
+// Flag to track if we've initialized from DAO
+let initialized = false;
+
+/**
+ * Initialize token cache from DAO (async)
+ */
+const initializeTokenCache = async (): Promise<void> => {
+  if (initialized) return;
+  initialized = true;
+
   try {
-    const settings = loadSettings();
+    const tokenDao = getOAuthTokenDao();
-    if (Array.isArray(settings.oauthTokens)) {
+    const allTokens = await tokenDao.findAll();
-      for (const stored of settings.oauthTokens) {
+    for (const token of allTokens) {
-        const token: IOAuthToken = {
+      tokensCache.set(token.accessToken, token);
-          ...stored,
-          accessTokenExpiresAt: new Date(stored.accessTokenExpiresAt),
-          refreshTokenExpiresAt: stored.refreshTokenExpiresAt
-            ? new Date(stored.refreshTokenExpiresAt)
-            : undefined,
-        };
-        tokens.set(token.accessToken, token);
       if (token.refreshToken) {
-          tokens.set(token.refreshToken, token);
+        tokensCache.set(token.refreshToken, token);
-        }
       }
     }
   } catch (error) {
-    console.error('Failed to initialize OAuth tokens from settings:', error);
+    console.error('Failed to initialize OAuth tokens from DAO:', error);
   }
-})();
+};
+
+// Initialize on module load (fire and forget for backward compatibility)
+initializeTokenCache().catch(console.error);
 
 /**
  * Get all OAuth clients from configuration
  */
-export const getOAuthClients = (): IOAuthClient[] => {
+export const getOAuthClients = async (): Promise<IOAuthClient[]> => {
-  const settings = loadSettings();
+  const clientDao = getOAuthClientDao();
-  return settings.oauthClients || [];
+  return clientDao.findAll();
 };
 
 /**
  * Find OAuth client by client ID
  */
-export const findOAuthClientById = (clientId: string): IOAuthClient | undefined => {
+export const findOAuthClientById = async (clientId: string): Promise<IOAuthClient | undefined> => {
-  const clients = getOAuthClients();
+  const clientDao = getOAuthClientDao();
-  return clients.find((c) => c.clientId === clientId);
+  const client = await clientDao.findByClientId(clientId);
+  return client || undefined;
 };
 
 /**
  * Create a new OAuth client
  */
-export const createOAuthClient = (client: IOAuthClient): IOAuthClient => {
+export const createOAuthClient = async (client: IOAuthClient): Promise<IOAuthClient> => {
-  const settings = loadSettings();
+  const clientDao = getOAuthClientDao();
-  if (!settings.oauthClients) {
-    settings.oauthClients = [];
-  }
 
   // Check if client already exists
-  const existing = settings.oauthClients.find((c) => c.clientId === client.clientId);
+  const existing = await clientDao.findByClientId(client.clientId);
   if (existing) {
     throw new Error(`OAuth client with ID ${client.clientId} already exists`);
   }
 
-  settings.oauthClients.push(client);
+  return clientDao.create(client);
-  saveSettings(settings);
-  return client;
 };
 
 /**
  * Update an existing OAuth client
  */
-export const updateOAuthClient = (
+export const updateOAuthClient = async (
   clientId: string,
   updates: Partial<IOAuthClient>,
-): IOAuthClient | null => {
+): Promise<IOAuthClient | null> => {
-  const settings = loadSettings();
+  const clientDao = getOAuthClientDao();
-  if (!settings.oauthClients) {
+  return clientDao.update(clientId, updates);
-    return null;
-  }
-
-  const index = settings.oauthClients.findIndex((c) => c.clientId === clientId);
-  if (index === -1) {
-    return null;
-  }
-
-  settings.oauthClients[index] = { ...settings.oauthClients[index], ...updates };
-  saveSettings(settings);
-  return settings.oauthClients[index];
 };
 
 /**
  * Delete an OAuth client
  */
-export const deleteOAuthClient = (clientId: string): boolean => {
+export const deleteOAuthClient = async (clientId: string): Promise<boolean> => {
-  const settings = loadSettings();
+  const clientDao = getOAuthClientDao();
-  if (!settings.oauthClients) {
+  return clientDao.delete(clientId);
-    return false;
-  }
-
-  const index = settings.oauthClients.findIndex((c) => c.clientId === clientId);
-  if (index === -1) {
-    return false;
-  }
-
-  settings.oauthClients.splice(index, 1);
-  saveSettings(settings);
-  return true;
 };
 
 /**
@@ -163,11 +140,11 @@ export const revokeAuthorizationCode = (code: string): void => {
 /**
  * Save access token and optionally refresh token
  */
-export const saveToken = (
+export const saveToken = async (
   tokenData: Omit<IOAuthToken, 'accessToken' | 'accessTokenExpiresAt'>,
   accessTokenLifetime: number = 3600,
   refreshTokenLifetime?: number,
-): IOAuthToken => {
+): Promise<IOAuthToken> => {
   const accessToken = generateToken();
   const accessTokenExpiresAt = new Date(Date.now() + accessTokenLifetime * 1000);
 
@@ -187,30 +164,18 @@ export const saveToken = (
     ...tokenData,
   };
 
-  tokens.set(accessToken, token);
+  // Update cache
+  tokensCache.set(accessToken, token);
   if (refreshToken) {
-    tokens.set(refreshToken, token);
+    tokensCache.set(refreshToken, token);
   }
 
-  // Persist tokens to settings
+  // Persist to DAO
   try {
-    const settings = loadSettings();
+    const tokenDao = getOAuthTokenDao();
-    const existing = settings.oauthTokens || [];
+    await tokenDao.create(token);
-    const filtered = existing.filter(
-      (t) => t.accessToken !== token.accessToken && t.refreshToken !== token.refreshToken,
-    );
-    const updated = [
-      ...filtered,
-      {
-        ...token,
-        accessTokenExpiresAt: token.accessTokenExpiresAt,
-        refreshTokenExpiresAt: token.refreshTokenExpiresAt,
-      },
-    ];
-    settings.oauthTokens = updated;
-    saveSettings(settings);
   } catch (error) {
-    console.error('Failed to persist OAuth token to settings:', error);
+    console.error('Failed to persist OAuth token to DAO:', error);
   }
 
   return token;
@@ -219,8 +184,27 @@ export const saveToken = (
 /**
  * Get token by access token or refresh token
  */
-export const getToken = (token: string): IOAuthToken | undefined => {
+export const getToken = async (token: string): Promise<IOAuthToken | undefined> => {
-  const tokenData = tokens.get(token);
+  // First check cache
+  let tokenData = tokensCache.get(token);
+
+  // If not in cache, try DAO
+  if (!tokenData) {
+    const tokenDao = getOAuthTokenDao();
+    tokenData =
+      (await tokenDao.findByAccessToken(token)) ||
+      (await tokenDao.findByRefreshToken(token)) ||
+      undefined;
+
+    // Update cache if found
+    if (tokenData) {
+      tokensCache.set(tokenData.accessToken, tokenData);
+      if (tokenData.refreshToken) {
+        tokensCache.set(tokenData.refreshToken, tokenData);
+      }
+    }
+  }
+
   if (!tokenData) {
     return undefined;
   }
@@ -245,34 +229,28 @@ export const getToken = (token: string): IOAuthToken | undefined => {
 /**
  * Revoke token (both access and refresh tokens)
  */
-export const revokeToken = (token: string): void => {
+export const revokeToken = async (token: string): Promise<void> => {
-  const tokenData = tokens.get(token);
+  const tokenData = tokensCache.get(token);
   if (tokenData) {
-    tokens.delete(tokenData.accessToken);
+    tokensCache.delete(tokenData.accessToken);
     if (tokenData.refreshToken) {
-      tokens.delete(tokenData.refreshToken);
+      tokensCache.delete(tokenData.refreshToken);
+    }
   }
 
-    // Also remove from persisted settings
+  // Also remove from DAO
   try {
-      const settings = loadSettings();
+    const tokenDao = getOAuthTokenDao();
-      if (Array.isArray(settings.oauthTokens)) {
+    await tokenDao.revokeToken(token);
-        settings.oauthTokens = settings.oauthTokens.filter(
-          (t) =>
-            t.accessToken !== tokenData.accessToken && t.refreshToken !== tokenData.refreshToken,
-        );
-        saveSettings(settings);
-      }
   } catch (error) {
-      console.error('Failed to remove OAuth token from settings:', error);
+    console.error('Failed to remove OAuth token from DAO:', error);
-    }
   }
 };
 
 /**
  * Clean up expired codes and tokens (should be called periodically)
  */
-export const cleanupExpired = (): void => {
+export const cleanupExpired = async (): Promise<void> => {
   const now = new Date();
 
   // Clean up expired authorization codes
@@ -282,9 +260,9 @@ export const cleanupExpired = (): void => {
     }
   }
 
-  // Clean up expired tokens
+  // Clean up expired tokens from cache
   const processedTokens = new Set<string>();
-  for (const [_key, token] of tokens.entries()) {
+  for (const [_key, token] of tokensCache.entries()) {
     // Skip if we've already processed this token
     if (processedTokens.has(token.accessToken)) {
       continue;
@@ -294,35 +272,19 @@ export const cleanupExpired = (): void => {
     const accessExpired = token.accessTokenExpiresAt < now;
     const refreshExpired = token.refreshTokenExpiresAt && token.refreshTokenExpiresAt < now;
 
-    // If both are expired, remove the token
+    // If both are expired, remove from cache
     if (accessExpired && (!token.refreshToken || refreshExpired)) {
-      tokens.delete(token.accessToken);
+      tokensCache.delete(token.accessToken);
       if (token.refreshToken) {
-        tokens.delete(token.refreshToken);
+        tokensCache.delete(token.refreshToken);
       }
     }
   }
 
-  // Sync persisted tokens: keep only non-expired ones
+  // Clean up expired tokens from DAO
   try {
-    const settings = loadSettings();
+    const tokenDao = getOAuthTokenDao();
-    if (Array.isArray(settings.oauthTokens)) {
+    await tokenDao.cleanupExpired();
-      const validTokens: IOAuthToken[] = [];
-      for (const stored of settings.oauthTokens) {
-        const accessExpiresAt = new Date(stored.accessTokenExpiresAt);
-        const refreshExpiresAt = stored.refreshTokenExpiresAt
-          ? new Date(stored.refreshTokenExpiresAt)
-          : undefined;
-        const accessExpired = accessExpiresAt < now;
-        const refreshExpired = refreshExpiresAt && refreshExpiresAt < now;
-
-        if (!accessExpired || (stored.refreshToken && !refreshExpired)) {
-          validTokens.push(stored);
-        }
-      }
-      settings.oauthTokens = validTokens;
-      saveSettings(settings);
-    }
   } catch (error) {
     console.error('Failed to cleanup persisted OAuth tokens:', error);
   }
@@ -331,7 +293,12 @@ export const cleanupExpired = (): void => {
 // Run cleanup every 5 minutes in production
 let cleanupIntervalId: NodeJS.Timeout | null = null;
 if (process.env.NODE_ENV !== 'test') {
-  cleanupIntervalId = setInterval(cleanupExpired, 5 * 60 * 1000);
+  cleanupIntervalId = setInterval(
+    () => {
+      cleanupExpired().catch(console.error);
+    },
+    5 * 60 * 1000,
+  );
   // Allow the interval to not keep the process alive
   cleanupIntervalId.unref();
 }

src/routes/index.ts

@@ -9,6 +9,7 @@ import {
   updateServer,
   deleteServer,
   toggleServer,
+  reloadServer,
   toggleTool,
   updateToolDescription,
   togglePrompt,
@@ -136,6 +137,7 @@ export const initRoutes = (app: express.Application): void => {
   router.put('/servers/:name', updateServer);
   router.delete('/servers/:name', deleteServer);
   router.post('/servers/:name/toggle', toggleServer);
+  router.post('/servers/:name/reload', reloadServer);
   router.post('/servers/:serverName/tools/:toolName/toggle', toggleTool);
   router.put('/servers/:serverName/tools/:toolName/description', updateToolDescription);
   router.post('/servers/:serverName/prompts/:promptName/toggle', togglePrompt);

src/services/mcpService.ts

@@ -277,11 +277,7 @@ const callToolWithReconnect = async (
               version: '1.0.0',
             },
             {
-              capabilities: {
+              capabilities: {},
-                prompts: {},
-                resources: {},
-                tools: {},
-              },
             },
           );
 
@@ -463,11 +459,7 @@ export const initializeClientsFromSettings = async (
           version: '1.0.0',
         },
         {
-          capabilities: {
+          capabilities: {},
-            prompts: {},
-            resources: {},
-            tools: {},
-          },
         },
       );
 
@@ -964,23 +956,14 @@ Available servers: ${serversList}`,
   for (const serverInfo of filteredServerInfos) {
     if (serverInfo.tools && serverInfo.tools.length > 0) {
       // Filter tools based on server configuration
-      let enabledTools = await filterToolsByConfig(serverInfo.name, serverInfo.tools);
+      let tools = await filterToolsByConfig(serverInfo.name, serverInfo.tools);
 
       // If this is a group request, apply group-level tool filtering
-      if (group) {
+      tools = await filterToolsByGroup(group, serverInfo.name, tools);
-        const serverConfig = await getServerConfigInGroup(group, serverInfo.name);
-        if (serverConfig && serverConfig.tools !== 'all' && Array.isArray(serverConfig.tools)) {
-          // Filter tools based on group configuration
-          const allowedToolNames = serverConfig.tools.map(
-            (toolName: string) => `${serverInfo.name}${getNameSeparator()}${toolName}`,
-          );
-          enabledTools = enabledTools.filter((tool) => allowedToolNames.includes(tool.name));
-        }
-      }
 
       // Apply custom descriptions from server configuration
       const serverConfig = await getServerDao().findById(serverInfo.name);
-      const toolsWithCustomDescriptions = enabledTools.map((tool) => {
+      const toolsWithCustomDescriptions = tools.map((tool) => {
         const toolConfig = serverConfig?.tools?.[tool.name];
         return {
           ...tool,
@@ -1027,12 +1010,15 @@ export const handleCallToolRequest = async (request: any, extra: any) => {
 
       // Determine server filtering based on group
       const sessionId = extra.sessionId || '';
-      const group = getGroup(sessionId);
+      let group = getGroup(sessionId);
       let servers: string[] | undefined = undefined; // No server filtering by default
 
       // If group is in format $smart/{group}, filter servers to that group
       if (group?.startsWith('$smart/')) {
         const targetGroup = group.substring(7);
+        if (targetGroup) {
+          group = targetGroup;
+        }
         const serversInGroup = await getServersInGroup(targetGroup);
         if (serversInGroup !== undefined && serversInGroup !== null) {
           servers = serversInGroup;
@@ -1064,8 +1050,8 @@ export const handleCallToolRequest = async (request: any, extra: any) => {
             const actualTool = server.tools.find((tool) => tool.name === result.toolName);
             if (actualTool) {
               // Check if the tool is enabled in configuration
-              const enabledTools = await filterToolsByConfig(server.name, [actualTool]);
+              const tools = await filterToolsByConfig(server.name, [actualTool]);
-              if (enabledTools.length > 0) {
+              if (tools.length > 0) {
                 // Apply custom description from configuration
                 const serverConfig = await getServerDao().findById(server.name);
                 const toolConfig = serverConfig?.tools?.[actualTool.name];
@@ -1091,19 +1077,24 @@ export const handleCallToolRequest = async (request: any, extra: any) => {
       );
 
       // Now filter the resolved tools
-      const tools = await Promise.all(
+      const filterResults = await Promise.all(
-        resolvedTools.filter(async (tool) => {
+        resolvedTools.map(async (tool) => {
-          // Additional filter to remove tools that are disabled
           if (tool.name) {
             const serverName = tool.serverName;
             if (serverName) {
-              const enabledTools = await filterToolsByConfig(serverName, [tool as Tool]);
+              let tools = await filterToolsByConfig(serverName, [tool as Tool]);
-              return enabledTools.length > 0;
+              if (tools.length === 0) {
+                return false;
+              }
+
+              tools = await filterToolsByGroup(group, serverName, tools);
+              return tools.length > 0;
             }
           }
-          return true; // Keep fallback results
+          return true;
         }),
       );
+      const tools = resolvedTools.filter((_, i) => filterResults[i]);
 
       // Add usage guidance to the response
       const response = {
@@ -1495,3 +1486,18 @@ export const createMcpServer = (name: string, version: string, group?: string):
   server.setRequestHandler(ListPromptsRequestSchema, handleListPromptsRequest);
   return server;
 };
+
+// Filter tools based on group configuration
+async function filterToolsByGroup(group: string | undefined, serverName: string, tools: Tool[]) {
+  if (group) {
+    const serverConfig = await getServerConfigInGroup(group, serverName);
+    if (serverConfig && serverConfig.tools !== 'all' && Array.isArray(serverConfig.tools)) {
+      // Filter tools based on group configuration
+      const allowedToolNames = serverConfig.tools.map(
+        (toolName: string) => `${serverName}${getNameSeparator()}${toolName}`,
+      );
+      tools = tools.filter((tool) => allowedToolNames.includes(tool.name));
+    }
+  }
+  return tools;
+}

src/services/oauthServerService.ts

@@ -21,7 +21,7 @@ const oauthModel: OAuth2Server.AuthorizationCodeModel & OAuth2Server.RefreshToke
    * Get client by client ID
    */
   getClient: async (clientId: string, clientSecret?: string) => {
-    const client = findOAuthClientById(clientId);
+    const client = await findOAuthClientById(clientId);
     if (!client) {
       return false;
     }
@@ -92,7 +92,7 @@ const oauthModel: OAuth2Server.AuthorizationCodeModel & OAuth2Server.RefreshToke
       return false;
     }
 
-    const client = findOAuthClientById(code.clientId);
+    const client = await findOAuthClientById(code.clientId);
     if (!client) {
       return false;
     }
@@ -143,7 +143,7 @@ const oauthModel: OAuth2Server.AuthorizationCodeModel & OAuth2Server.RefreshToke
 
     const scopeString = Array.isArray(token.scope) ? token.scope.join(' ') : token.scope;
 
-    const savedToken = saveToken(
+    const savedToken = await saveToken(
       {
         scope: scopeString,
         clientId: client.id,
@@ -172,12 +172,12 @@ const oauthModel: OAuth2Server.AuthorizationCodeModel & OAuth2Server.RefreshToke
    * Get access token
    */
   getAccessToken: async (accessToken: string) => {
-    const token = getToken(accessToken);
+    const token = await getToken(accessToken);
     if (!token) {
       return false;
     }
 
-    const client = findOAuthClientById(token.clientId);
+    const client = await findOAuthClientById(token.clientId);
     if (!client) {
       return false;
     }
@@ -205,12 +205,12 @@ const oauthModel: OAuth2Server.AuthorizationCodeModel & OAuth2Server.RefreshToke
    * Get refresh token
    */
   getRefreshToken: async (refreshToken: string) => {
-    const token = getToken(refreshToken);
+    const token = await getToken(refreshToken);
     if (!token || token.refreshToken !== refreshToken) {
       return false;
     }
 
-    const client = findOAuthClientById(token.clientId);
+    const client = await findOAuthClientById(token.clientId);
     if (!client) {
       return false;
     }
@@ -240,7 +240,7 @@ const oauthModel: OAuth2Server.AuthorizationCodeModel & OAuth2Server.RefreshToke
   revokeToken: async (token: OAuth2Server.Token | OAuth2Server.RefreshToken) => {
     const refreshToken = 'refreshToken' in token ? token.refreshToken : undefined;
     if (refreshToken) {
-      revokeToken(refreshToken);
+      await revokeToken(refreshToken);
     }
     return true;
   },

src/utils/migration.ts

@@ -7,6 +7,8 @@ import { ServerRepository } from '../db/repositories/ServerRepository.js';
 import { GroupRepository } from '../db/repositories/GroupRepository.js';
 import { SystemConfigRepository } from '../db/repositories/SystemConfigRepository.js';
 import { UserConfigRepository } from '../db/repositories/UserConfigRepository.js';
+import { OAuthClientRepository } from '../db/repositories/OAuthClientRepository.js';
+import { OAuthTokenRepository } from '../db/repositories/OAuthTokenRepository.js';
 
 /**
  * Migrate from file-based configuration to database
@@ -29,6 +31,8 @@ export async function migrateToDatabase(): Promise<boolean> {
     const groupRepo = new GroupRepository();
     const systemConfigRepo = new SystemConfigRepository();
     const userConfigRepo = new UserConfigRepository();
+    const oauthClientRepo = new OAuthClientRepository();
+    const oauthTokenRepo = new OAuthTokenRepository();
 
     // Migrate users
     if (settings.users && settings.users.length > 0) {
@@ -129,6 +133,53 @@ export async function migrateToDatabase(): Promise<boolean> {
       }
     }
 
+    // Migrate OAuth clients
+    if (settings.oauthClients && settings.oauthClients.length > 0) {
+      console.log(`Migrating ${settings.oauthClients.length} OAuth clients...`);
+      for (const client of settings.oauthClients) {
+        const exists = await oauthClientRepo.exists(client.clientId);
+        if (!exists) {
+          await oauthClientRepo.create({
+            clientId: client.clientId,
+            clientSecret: client.clientSecret,
+            name: client.name,
+            redirectUris: client.redirectUris,
+            grants: client.grants,
+            scopes: client.scopes,
+            owner: client.owner,
+            metadata: client.metadata,
+          });
+          console.log(`  - Created OAuth client: ${client.clientId}`);
+        } else {
+          console.log(`  - OAuth client already exists: ${client.clientId}`);
+        }
+      }
+    }
+
+    // Migrate OAuth tokens
+    if (settings.oauthTokens && settings.oauthTokens.length > 0) {
+      console.log(`Migrating ${settings.oauthTokens.length} OAuth tokens...`);
+      for (const token of settings.oauthTokens) {
+        const exists = await oauthTokenRepo.exists(token.accessToken);
+        if (!exists) {
+          await oauthTokenRepo.create({
+            accessToken: token.accessToken,
+            refreshToken: token.refreshToken,
+            accessTokenExpiresAt: new Date(token.accessTokenExpiresAt),
+            refreshTokenExpiresAt: token.refreshTokenExpiresAt
+              ? new Date(token.refreshTokenExpiresAt)
+              : undefined,
+            scope: token.scope,
+            clientId: token.clientId,
+            username: token.username,
+          });
+          console.log(`  - Created OAuth token for client: ${token.clientId}`);
+        } else {
+          console.log(`  - OAuth token already exists: ${token.accessToken.substring(0, 8)}...`);
+        }
+      }
+    }
+
     console.log('✅ Migration completed successfully');
     return true;
   } catch (error) {

src/utils/oauthBearer.ts

@@ -11,7 +11,7 @@ export const resolveOAuthUserFromToken = async (token?: string): Promise<IUser |
     return null;
   }
 
-  const oauthToken = getOAuthStoredToken(token);
+  const oauthToken = await getOAuthStoredToken(token);
   if (!oauthToken || oauthToken.accessToken !== token) {
     return null;
   }

tests/controllers/configController.test.ts

@@ -1,33 +1,43 @@
-import { getMcpSettingsJson } from '../../src/controllers/configController.js'
+import { getMcpSettingsJson } from '../../src/controllers/configController.js';
-import * as config from '../../src/config/index.js'
+import * as config from '../../src/config/index.js';
-import { Request, Response } from 'express'
+import * as DaoFactory from '../../src/dao/DaoFactory.js';
+import { Request, Response } from 'express';
 
 // Mock the config module
-jest.mock('../../src/config/index.js')
+jest.mock('../../src/config/index.js');
+// Mock the DaoFactory module
+jest.mock('../../src/dao/DaoFactory.js');
 
 describe('ConfigController - getMcpSettingsJson', () => {
-  let mockRequest: Partial<Request>
+  let mockRequest: Partial<Request>;
-  let mockResponse: Partial<Response>
+  let mockResponse: Partial<Response>;
-  let mockJson: jest.Mock
+  let mockJson: jest.Mock;
-  let mockStatus: jest.Mock
+  let mockStatus: jest.Mock;
+  let mockServerDao: { findById: jest.Mock };
 
   beforeEach(() => {
-    mockJson = jest.fn()
+    mockJson = jest.fn();
-    mockStatus = jest.fn().mockReturnThis()
+    mockStatus = jest.fn().mockReturnThis();
     mockRequest = {
       query: {},
-    }
+    };
     mockResponse = {
       json: mockJson,
       status: mockStatus,
-    }
+    };
+    mockServerDao = {
+      findById: jest.fn(),
+    };
+
+    // Setup ServerDao mock
+    (DaoFactory.getServerDao as jest.Mock).mockReturnValue(mockServerDao);
 
     // Reset mocks
-    jest.clearAllMocks()
+    jest.clearAllMocks();
-  })
+  });
 
   describe('Full Settings Export', () => {
-    it('should handle settings without users array', () => {
+    it('should handle settings without users array', async () => {
       const mockSettings = {
         mcpServers: {
           'test-server': {
@@ -35,11 +45,11 @@ describe('ConfigController - getMcpSettingsJson', () => {
             args: ['--test'],
           },
         },
-      }
+      };
 
-      ;(config.loadOriginalSettings as jest.Mock).mockReturnValue(mockSettings)
+      (config.loadOriginalSettings as jest.Mock).mockReturnValue(mockSettings);
 
-      getMcpSettingsJson(mockRequest as Request, mockResponse as Response)
+      await getMcpSettingsJson(mockRequest as Request, mockResponse as Response);
 
       expect(mockJson).toHaveBeenCalledWith({
         success: true,
@@ -47,40 +57,27 @@ describe('ConfigController - getMcpSettingsJson', () => {
           mcpServers: mockSettings.mcpServers,
           users: undefined,
         },
-      })
+      });
-    })
+    });
-  })
+  });
 
   describe('Individual Server Export', () => {
-    it('should return individual server configuration when serverName is specified', () => {
+    it('should return individual server configuration when serverName is specified', async () => {
-      const mockSettings = {
+      const serverConfig = {
-        mcpServers: {
+        name: 'test-server',
-          'test-server': {
         command: 'test',
         args: ['--test'],
         env: {
           TEST_VAR: 'test-value',
         },
-          },
+      };
-          'another-server': {
-            command: 'another',
-            args: ['--another'],
-          },
-        },
-        users: [
-          {
-            username: 'admin',
-            password: '$2b$10$hashedpassword',
-            isAdmin: true,
-          },
-        ],
-      }
 
-      mockRequest.query = { serverName: 'test-server' }
+      mockRequest.query = { serverName: 'test-server' };
-      ;(config.loadOriginalSettings as jest.Mock).mockReturnValue(mockSettings)
+      mockServerDao.findById.mockResolvedValue(serverConfig);
 
-      getMcpSettingsJson(mockRequest as Request, mockResponse as Response)
+      await getMcpSettingsJson(mockRequest as Request, mockResponse as Response);
 
+      expect(mockServerDao.findById).toHaveBeenCalledWith('test-server');
       expect(mockJson).toHaveBeenCalledWith({
         success: true,
         data: {
@@ -94,46 +91,73 @@ describe('ConfigController - getMcpSettingsJson', () => {
             },
           },
         },
-      })
+      });
-    })
+    });
 
-    it('should return 404 when server does not exist', () => {
+    it('should return 404 when server does not exist', async () => {
-      const mockSettings = {
+      mockRequest.query = { serverName: 'non-existent-server' };
+      mockServerDao.findById.mockResolvedValue(null);
+
+      await getMcpSettingsJson(mockRequest as Request, mockResponse as Response);
+
+      expect(mockServerDao.findById).toHaveBeenCalledWith('non-existent-server');
+      expect(mockStatus).toHaveBeenCalledWith(404);
+      expect(mockJson).toHaveBeenCalledWith({
+        success: false,
+        message: "Server 'non-existent-server' not found",
+      });
+    });
+
+    it('should remove null values from server configuration', async () => {
+      const serverConfig = {
+        name: 'test-server',
+        command: 'test',
+        args: ['--test'],
+        url: null,
+        env: null,
+        headers: null,
+        options: {
+          timeout: 30,
+          retries: null,
+        },
+      };
+
+      mockRequest.query = { serverName: 'test-server' };
+      mockServerDao.findById.mockResolvedValue(serverConfig);
+
+      await getMcpSettingsJson(mockRequest as Request, mockResponse as Response);
+
+      expect(mockJson).toHaveBeenCalledWith({
+        success: true,
+        data: {
           mcpServers: {
             'test-server': {
               command: 'test',
               args: ['--test'],
+              options: {
+                timeout: 30,
               },
             },
-      }
+          },
-
+        },
-      mockRequest.query = { serverName: 'non-existent-server' }
+      });
-      ;(config.loadOriginalSettings as jest.Mock).mockReturnValue(mockSettings)
+    });
-
+  });
-      getMcpSettingsJson(mockRequest as Request, mockResponse as Response)
-
-      expect(mockStatus).toHaveBeenCalledWith(404)
-      expect(mockJson).toHaveBeenCalledWith({
-        success: false,
-        message: "Server 'non-existent-server' not found",
-      })
-    })
-  })
 
   describe('Error Handling', () => {
-    it('should handle errors gracefully and return 500', () => {
+    it('should handle errors gracefully and return 500', async () => {
-      const errorMessage = 'Failed to load settings'
+      const errorMessage = 'Failed to load settings';
-      ;(config.loadOriginalSettings as jest.Mock).mockImplementation(() => {
+      (config.loadOriginalSettings as jest.Mock).mockImplementation(() => {
-        throw new Error(errorMessage)
+        throw new Error(errorMessage);
-      })
+      });
 
-      getMcpSettingsJson(mockRequest as Request, mockResponse as Response)
+      await getMcpSettingsJson(mockRequest as Request, mockResponse as Response);
 
-      expect(mockStatus).toHaveBeenCalledWith(500)
+      expect(mockStatus).toHaveBeenCalledWith(500);
       expect(mockJson).toHaveBeenCalledWith({
         success: false,
         message: 'Failed to get MCP settings',
-      })
+      });
-    })
+    });
-  })
+  });
-})
+});

tests/models/oauth.test.ts

@@ -10,29 +10,86 @@ import {
   getToken,
   revokeToken,
 } from '../../src/models/OAuth.js';
+import { IOAuthClient, IOAuthToken } from '../../src/types/index.js';
 
-// Mock the config module to use in-memory storage for tests
+// Mock in-memory storage for OAuth clients and tokens
-let mockSettings = { mcpServers: {}, users: [], oauthClients: [] };
+let mockOAuthClients: IOAuthClient[] = [];
+let mockOAuthTokens: IOAuthToken[] = [];
 
-jest.mock('../../src/config/index.js', () => ({
+// Mock the DAO factory to use in-memory storage for tests
-  loadSettings: jest.fn(() => ({ ...mockSettings })),
+jest.mock('../../src/dao/index.js', () => {
-  saveSettings: jest.fn((settings: any) => {
+  const originalModule = jest.requireActual('../../src/dao/index.js');
-    mockSettings = { ...settings };
+
+  return {
+    ...originalModule,
+    getOAuthClientDao: jest.fn(() => ({
+      findAll: jest.fn(async () => [...mockOAuthClients]),
+      findByClientId: jest.fn(
+        async (clientId: string) => mockOAuthClients.find((c) => c.clientId === clientId) || null,
+      ),
+      create: jest.fn(async (client: IOAuthClient) => {
+        mockOAuthClients.push(client);
+        return client;
+      }),
+      update: jest.fn(async (clientId: string, updates: Partial<IOAuthClient>) => {
+        const index = mockOAuthClients.findIndex((c) => c.clientId === clientId);
+        if (index === -1) return null;
+        mockOAuthClients[index] = { ...mockOAuthClients[index], ...updates };
+        return mockOAuthClients[index];
+      }),
+      delete: jest.fn(async (clientId: string) => {
+        const index = mockOAuthClients.findIndex((c) => c.clientId === clientId);
+        if (index === -1) return false;
+        mockOAuthClients.splice(index, 1);
         return true;
       }),
-  loadOriginalSettings: jest.fn(() => ({ ...mockSettings })),
+    })),
-}));
+    getOAuthTokenDao: jest.fn(() => ({
+      findAll: jest.fn(async () => [...mockOAuthTokens]),
+      findByAccessToken: jest.fn(
+        async (accessToken: string) =>
+          mockOAuthTokens.find((t) => t.accessToken === accessToken) || null,
+      ),
+      findByRefreshToken: jest.fn(
+        async (refreshToken: string) =>
+          mockOAuthTokens.find((t) => t.refreshToken === refreshToken) || null,
+      ),
+      create: jest.fn(async (token: IOAuthToken) => {
+        mockOAuthTokens.push(token);
+        return token;
+      }),
+      revokeToken: jest.fn(async (token: string) => {
+        const index = mockOAuthTokens.findIndex(
+          (t) => t.accessToken === token || t.refreshToken === token,
+        );
+        if (index === -1) return false;
+        mockOAuthTokens.splice(index, 1);
+        return true;
+      }),
+      cleanupExpired: jest.fn(async () => {
+        const now = new Date();
+        mockOAuthTokens = mockOAuthTokens.filter((t) => {
+          const accessExpired = t.accessTokenExpiresAt < now;
+          const refreshExpired =
+            !t.refreshToken || (t.refreshTokenExpiresAt && t.refreshTokenExpiresAt < now);
+          return !accessExpired || !refreshExpired;
+        });
+      }),
+    })),
+  };
+});
 
 describe('OAuth Model', () => {
   beforeEach(() => {
     jest.clearAllMocks();
-    // Reset mock settings before each test
+    // Reset mock storage before each test
-    mockSettings = { mcpServers: {}, users: [], oauthClients: [] };
+    mockOAuthClients = [];
+    mockOAuthTokens = [];
   });
 
   describe('OAuth Client Management', () => {
-    test('should create a new OAuth client', () => {
+    test('should create a new OAuth client', async () => {
-      const client = {
+      const client: IOAuthClient = {
         clientId: 'test-client',
         clientSecret: 'test-secret',
         name: 'Test Client',
@@ -41,15 +98,15 @@ describe('OAuth Model', () => {
         scopes: ['read', 'write'],
       };
 
-      const created = createOAuthClient(client);
+      const created = await createOAuthClient(client);
       expect(created).toEqual(client);
 
-      const found = findOAuthClientById('test-client');
+      const found = await findOAuthClientById('test-client');
       expect(found).toEqual(client);
     });
 
-    test('should not create duplicate OAuth client', () => {
+    test('should not create duplicate OAuth client', async () => {
-      const client = {
+      const client: IOAuthClient = {
         clientId: 'test-client',
         clientSecret: 'test-secret',
         name: 'Test Client',
@@ -58,12 +115,12 @@ describe('OAuth Model', () => {
         scopes: ['read'],
       };
 
-      createOAuthClient(client);
+      await createOAuthClient(client);
-      expect(() => createOAuthClient(client)).toThrow();
+      await expect(createOAuthClient(client)).rejects.toThrow();
     });
 
-    test('should update an OAuth client', () => {
+    test('should update an OAuth client', async () => {
-      const client = {
+      const client: IOAuthClient = {
         clientId: 'test-client',
         clientSecret: 'test-secret',
         name: 'Test Client',
@@ -72,9 +129,9 @@ describe('OAuth Model', () => {
         scopes: ['read'],
       };
 
-      createOAuthClient(client);
+      await createOAuthClient(client);
 
-      const updated = updateOAuthClient('test-client', {
+      const updated = await updateOAuthClient('test-client', {
         name: 'Updated Client',
         scopes: ['read', 'write'],
       });
@@ -83,8 +140,8 @@ describe('OAuth Model', () => {
       expect(updated?.scopes).toEqual(['read', 'write']);
     });
 
-    test('should delete an OAuth client', () => {
+    test('should delete an OAuth client', async () => {
-      const client = {
+      const client: IOAuthClient = {
         clientId: 'test-client',
         clientSecret: 'test-secret',
         name: 'Test Client',
@@ -93,12 +150,12 @@ describe('OAuth Model', () => {
         scopes: ['read'],
       };
 
-      createOAuthClient(client);
+      await createOAuthClient(client);
-      expect(findOAuthClientById('test-client')).toBeDefined();
+      expect(await findOAuthClientById('test-client')).toBeDefined();
 
-      const deleted = deleteOAuthClient('test-client');
+      const deleted = await deleteOAuthClient('test-client');
       expect(deleted).toBe(true);
-      expect(findOAuthClientById('test-client')).toBeUndefined();
+      expect(await findOAuthClientById('test-client')).toBeUndefined();
     });
   });
 
@@ -157,8 +214,8 @@ describe('OAuth Model', () => {
   });
 
   describe('Token Management', () => {
-    test('should save and retrieve token', () => {
+    test('should save and retrieve token', async () => {
-      const token = saveToken(
+      const token = await saveToken(
         {
           scope: 'read write',
           clientId: 'test-client',
@@ -172,14 +229,14 @@ describe('OAuth Model', () => {
       expect(token.refreshToken).toBeDefined();
       expect(token.accessTokenExpiresAt).toBeInstanceOf(Date);
 
-      const retrieved = getToken(token.accessToken);
+      const retrieved = await getToken(token.accessToken);
       expect(retrieved).toBeDefined();
       expect(retrieved?.clientId).toBe('test-client');
       expect(retrieved?.username).toBe('testuser');
     });
 
-    test('should retrieve token by refresh token', () => {
+    test('should retrieve token by refresh token', async () => {
-      const token = saveToken(
+      const token = await saveToken(
         {
           scope: 'read',
           clientId: 'test-client',
@@ -191,13 +248,13 @@ describe('OAuth Model', () => {
 
       expect(token.refreshToken).toBeDefined();
 
-      const retrieved = getToken(token.refreshToken!);
+      const retrieved = await getToken(token.refreshToken!);
       expect(retrieved).toBeDefined();
       expect(retrieved?.accessToken).toBe(token.accessToken);
     });
 
     test('should not retrieve expired access token', async () => {
-      const token = saveToken(
+      const token = await saveToken(
         {
           scope: 'read',
           clientId: 'test-client',
@@ -208,12 +265,12 @@ describe('OAuth Model', () => {
 
       await new Promise((resolve) => setTimeout(resolve, 100));
 
-      const retrieved = getToken(token.accessToken);
+      const retrieved = await getToken(token.accessToken);
       expect(retrieved).toBeUndefined();
     });
 
-    test('should revoke token', () => {
+    test('should revoke token', async () => {
-      const token = saveToken(
+      const token = await saveToken(
         {
           scope: 'read',
           clientId: 'test-client',
@@ -223,13 +280,13 @@ describe('OAuth Model', () => {
         86400,
       );
 
-      expect(getToken(token.accessToken)).toBeDefined();
+      expect(await getToken(token.accessToken)).toBeDefined();
 
-      revokeToken(token.accessToken);
+      await revokeToken(token.accessToken);
-      expect(getToken(token.accessToken)).toBeUndefined();
+      expect(await getToken(token.accessToken)).toBeUndefined();
 
       if (token.refreshToken) {
-        expect(getToken(token.refreshToken)).toBeUndefined();
+        expect(await getToken(token.refreshToken)).toBeUndefined();
       }
     });
   });