chore: clarify token refresh comments

Co-authored-by: samanhappy <2755122+samanhappy@users.noreply.github.com>

.github/workflows/ci.yml

@@ -76,7 +76,7 @@ jobs:
 
   #   services:
   #     postgres:
-  #       image: pgvector/pgvector:pg17
+  #       image: postgres:15
   #       env:
   #         POSTGRES_PASSWORD: postgres
   #         POSTGRES_DB: mcphub_test

docker-compose.db.yml

@@ -3,7 +3,7 @@ version: "3.8"
 services:
   # PostgreSQL database for MCPHub configuration
   postgres:
-    image: pgvector/pgvector:pg17-alpine
+    image: postgres:16-alpine
     container_name: mcphub-postgres
     environment:
       POSTGRES_DB: mcphub

docs/configuration/database-configuration.mdx

@@ -59,7 +59,7 @@ version: '3.8'
 
 services:
   postgres:
-    image: pgvector/pgvector:pg17
+    image: postgres:16
     environment:
       POSTGRES_DB: mcphub
       POSTGRES_USER: mcphub

docs/configuration/docker-setup.mdx

@@ -119,7 +119,7 @@ services:
       - mcphub-network
 
   postgres:
-    image: pgvector/pgvector:pg17
+    image: postgres:15-alpine
     container_name: mcphub-postgres
     environment:
       - POSTGRES_DB=mcphub
@@ -203,7 +203,7 @@ services:
       retries: 3
 
   postgres:
-    image: pgvector/pgvector:pg17
+    image: postgres:15-alpine
     container_name: mcphub-postgres
     environment:
       - POSTGRES_DB=mcphub
@@ -305,7 +305,7 @@ services:
       - mcphub-dev
 
   postgres:
-    image: pgvector/pgvector:pg17
+    image: postgres:15-alpine
     container_name: mcphub-postgres-dev
     environment:
       - POSTGRES_DB=mcphub
@@ -445,7 +445,7 @@ Add backup service to your `docker-compose.yml`:
 ```yaml
 services:
   backup:
-    image: pgvector/pgvector:pg17
+    image: postgres:15-alpine
     container_name: mcphub-backup
     environment:
       - PGPASSWORD=${POSTGRES_PASSWORD}

docs/features/smart-routing.mdx

@@ -78,7 +78,7 @@ Smart Routing requires additional setup compared to basic MCPHub usage:
           - ./mcp_settings.json:/app/mcp_settings.json
 
       postgres:
-        image: pgvector/pgvector:pg17
+        image: pgvector/pgvector:pg16
         environment:
           - POSTGRES_DB=mcphub
           - POSTGRES_USER=mcphub
@@ -146,7 +146,7 @@ Smart Routing requires additional setup compared to basic MCPHub usage:
         spec:
           containers:
           - name: postgres
-            image: pgvector/pgvector:pg17
+            image: pgvector/pgvector:pg16
             env:
             - name: POSTGRES_DB
               value: mcphub

docs/installation.mdx

@@ -96,7 +96,7 @@ Optional for Smart Routing:
 
       # Optional: PostgreSQL for Smart Routing
       postgres:
-        image: pgvector/pgvector:pg17
+        image: pgvector/pgvector:pg16
         environment:
           POSTGRES_DB: mcphub
           POSTGRES_USER: mcphub

docs/zh/configuration/database-configuration.mdx

@@ -59,7 +59,7 @@ version: '3.8'
 
 services:
   postgres:
-    image: pgvector/pgvector:pg17
+    image: postgres:16
     environment:
       POSTGRES_DB: mcphub
       POSTGRES_USER: mcphub

docs/zh/configuration/docker-setup.mdx

@@ -119,7 +119,7 @@ services:
       - mcphub-network
 
   postgres:
-    image: pgvector/pgvector:pg17
+    image: postgres:15-alpine
     container_name: mcphub-postgres
     environment:
       - POSTGRES_DB=mcphub
@@ -203,7 +203,7 @@ services:
       retries: 3
 
   postgres:
-    image: pgvector/pgvector:pg17
+    image: postgres:15-alpine
     container_name: mcphub-postgres
     environment:
       - POSTGRES_DB=mcphub
@@ -305,7 +305,7 @@ services:
       - mcphub-dev
 
   postgres:
-    image: pgvector/pgvector:pg17
+    image: postgres:15-alpine
     container_name: mcphub-postgres-dev
     environment:
       - POSTGRES_DB=mcphub
@@ -445,7 +445,7 @@ secrets:
 ```yaml
 services:
   backup:
-    image: pgvector/pgvector:pg17
+    image: postgres:15-alpine
     container_name: mcphub-backup
     environment:
       - PGPASSWORD=${POSTGRES_PASSWORD}

docs/zh/installation.mdx

@@ -96,7 +96,7 @@ description: '各种平台的详细安装说明'
 
       # 可选：用于智能路由的 PostgreSQL
       postgres:
-        image: pgvector/pgvector:pg17
+        image: pgvector/pgvector:pg16
         environment:
           POSTGRES_DB: mcphub
           POSTGRES_USER: mcphub

frontend/src/components/ServerForm.tsx

@@ -375,7 +375,6 @@ const ServerForm = ({
               ? {
                   url: formData.url,
                   ...(Object.keys(headers).length > 0 ? { headers } : {}),
-                  ...(Object.keys(env).length > 0 ? { env } : {}),
                   ...(oauthConfig ? { oauth: oauthConfig } : {}),
                 }
               : {
@@ -979,49 +978,6 @@ const ServerForm = ({
               ))}
             </div>
 
-            <div className="mb-4">
-              <div className="flex justify-between items-center mb-2">
-                <label className="block text-gray-700 text-sm font-bold">
-                  {t('server.envVars')}
-                </label>
-                <button
-                  type="button"
-                  onClick={addEnvVar}
-                  className="bg-gray-200 hover:bg-gray-300 text-gray-700 font-medium py-1 px-2 rounded text-sm flex items-center justify-center min-w-[30px] min-h-[30px] btn-primary"
-                >
-                  +
-                </button>
-              </div>
-              {envVars.map((envVar, index) => (
-                <div key={index} className="flex items-center mb-2">
-                  <div className="flex items-center space-x-2 flex-grow">
-                    <input
-                      type="text"
-                      value={envVar.key}
-                      onChange={(e) => handleEnvVarChange(index, 'key', e.target.value)}
-                      className="shadow appearance-none border rounded py-2 px-3 text-gray-700 leading-tight focus:outline-none focus:shadow-outline w-1/2 form-input"
-                      placeholder={t('server.key')}
-                    />
-                    <span className="flex items-center">:</span>
-                    <input
-                      type="text"
-                      value={envVar.value}
-                      onChange={(e) => handleEnvVarChange(index, 'value', e.target.value)}
-                      className="shadow appearance-none border rounded py-2 px-3 text-gray-700 leading-tight focus:outline-none focus:shadow-outline w-1/2 form-input"
-                      placeholder={t('server.value')}
-                    />
-                  </div>
-                  <button
-                    type="button"
-                    onClick={() => removeEnvVar(index)}
-                    className="bg-gray-200 hover:bg-gray-300 text-gray-700 font-medium py-1 px-2 rounded text-sm flex items-center justify-center min-w-[30px] min-h-[30px] ml-2 btn-danger"
-                  >
-                    -
-                  </button>
-                </div>
-              ))}
-            </div>
-
             <div className="mb-4">
               <div
                 className="flex items-center justify-between cursor-pointer bg-gray-50 hover:bg-gray-100 p-3 rounded border border-gray-200"

frontend/src/contexts/AuthContext.tsx

@@ -14,17 +14,14 @@ const initialState: AuthState = {
 // Create auth context
 const AuthContext = createContext<{
   auth: AuthState;
-  login: (
-    username: string,
-    password: string,
-  ) => Promise<{ success: boolean; isUsingDefaultPassword?: boolean; message?: string }>;
+  login: (username: string, password: string) => Promise<{ success: boolean; isUsingDefaultPassword?: boolean }>;
   register: (username: string, password: string, isAdmin?: boolean) => Promise<boolean>;
   logout: () => void;
 }>({
   auth: initialState,
   login: async () => ({ success: false }),
   register: async () => false,
-  logout: () => {},
+  logout: () => { },
 });
 
 // Auth provider component
@@ -93,10 +90,7 @@ export const AuthProvider: React.FC<{ children: ReactNode }> = ({ children }) =>
   }, []);
 
   // Login function
-  const login = async (
-    username: string,
-    password: string,
-  ): Promise<{ success: boolean; isUsingDefaultPassword?: boolean; message?: string }> => {
+  const login = async (username: string, password: string): Promise<{ success: boolean; isUsingDefaultPassword?: boolean }> => {
     try {
       const response = await authService.login({ username, password });
 
@@ -117,7 +111,7 @@ export const AuthProvider: React.FC<{ children: ReactNode }> = ({ children }) =>
           loading: false,
           error: response.message || 'Authentication failed',
         });
-        return { success: false, message: response.message };
+        return { success: false };
       }
     } catch (error) {
       setAuth({
@@ -125,7 +119,7 @@ export const AuthProvider: React.FC<{ children: ReactNode }> = ({ children }) =>
         loading: false,
         error: 'Authentication failed',
       });
-      return { success: false, message: error instanceof Error ? error.message : undefined };
+      return { success: false };
     }
   };
 
@@ -133,7 +127,7 @@ export const AuthProvider: React.FC<{ children: ReactNode }> = ({ children }) =>
   const register = async (
     username: string,
     password: string,
-    isAdmin = false,
+    isAdmin = false
   ): Promise<boolean> => {
     try {
       const response = await authService.register({ username, password, isAdmin });
@@ -181,4 +175,4 @@ export const AuthProvider: React.FC<{ children: ReactNode }> = ({ children }) =>
 };
 
 // Custom hook to use auth context
-export const useAuth = () => useContext(AuthContext);
+export const useAuth = () => useContext(AuthContext);

frontend/src/contexts/SettingsContext.tsx

@@ -9,7 +9,6 @@ import React, {
 import { useTranslation } from 'react-i18next';
 import { ApiResponse, BearerKey } from '@/types';
 import { useToast } from '@/contexts/ToastContext';
-import { useAuth } from '@/contexts/AuthContext';
 import { apiGet, apiPut, apiPost, apiDelete } from '@/utils/fetchInterceptor';
 
 // Define types for the settings data
@@ -154,7 +153,6 @@ interface SettingsProviderProps {
 export const SettingsProvider: React.FC<SettingsProviderProps> = ({ children }) => {
   const { t } = useTranslation();
   const { showToast } = useToast();
-  const { auth } = useAuth();
 
   const [routingConfig, setRoutingConfig] = useState<RoutingConfig>({
     enableGlobalRoute: true,
@@ -748,15 +746,6 @@ export const SettingsProvider: React.FC<SettingsProviderProps> = ({ children })
     fetchSettings();
   }, [fetchSettings, refreshKey]);
 
-  // Watch for authentication status changes - refetch settings after login
-  useEffect(() => {
-    if (auth.isAuthenticated) {
-      console.log('[SettingsContext] User authenticated, triggering settings refresh');
-      // When user logs in, trigger a refresh to load settings
-      triggerRefresh();
-    }
-  }, [auth.isAuthenticated, triggerRefresh]);
-
   useEffect(() => {
     if (routingConfig) {
       setTempRoutingConfig({

frontend/src/pages/LoginPage.tsx

@@ -44,24 +44,6 @@ const LoginPage: React.FC = () => {
     return sanitizeReturnUrl(params.get('returnUrl'));
   }, [location.search]);
 
-  const isServerUnavailableError = useCallback((message?: string) => {
-    if (!message) return false;
-    const normalized = message.toLowerCase();
-
-    return (
-      normalized.includes('failed to fetch') ||
-      normalized.includes('networkerror') ||
-      normalized.includes('network error') ||
-      normalized.includes('connection refused') ||
-      normalized.includes('unable to connect') ||
-      normalized.includes('fetch error') ||
-      normalized.includes('econnrefused') ||
-      normalized.includes('http 500') ||
-      normalized.includes('internal server error') ||
-      normalized.includes('proxy error')
-    );
-  }, []);
-
   const buildRedirectTarget = useCallback(() => {
     if (!returnUrl) {
       return '/';
@@ -118,20 +100,10 @@ const LoginPage: React.FC = () => {
           redirectAfterLogin();
         }
       } else {
-        const message = result.message;
-        if (isServerUnavailableError(message)) {
-          setError(t('auth.serverUnavailable'));
-        } else {
-          setError(t('auth.loginFailed'));
-        }
+        setError(t('auth.loginFailed'));
       }
     } catch (err) {
-      const message = err instanceof Error ? err.message : undefined;
-      if (isServerUnavailableError(message)) {
-        setError(t('auth.serverUnavailable'));
-      } else {
-        setError(t('auth.loginError'));
-      }
+      setError(t('auth.loginError'));
     } finally {
       setLoading(false);
     }
@@ -159,21 +131,13 @@ const LoginPage: React.FC = () => {
         }}
       />
       <div className="pointer-events-none absolute inset-0 -z-10">
-        <svg
-          className="h-full w-full opacity-[0.08] dark:opacity-[0.12]"
-          xmlns="http://www.w3.org/2000/svg"
-        >
+        <svg className="h-full w-full opacity-[0.08] dark:opacity-[0.12]" xmlns="http://www.w3.org/2000/svg">
           <defs>
             <pattern id="grid" width="32" height="32" patternUnits="userSpaceOnUse">
               <path d="M 32 0 L 0 0 0 32" fill="none" stroke="currentColor" strokeWidth="0.5" />
             </pattern>
           </defs>
-          <rect
-            width="100%"
-            height="100%"
-            fill="url(#grid)"
-            className="text-gray-400 dark:text-gray-300"
-          />
+          <rect width="100%" height="100%" fill="url(#grid)" className="text-gray-400 dark:text-gray-300" />
         </svg>
       </div>
 

frontend/src/pages/SettingsPage.tsx

@@ -558,6 +558,12 @@ const SettingsPage: React.FC = () => {
     });
   };
 
+  const saveSmartRoutingConfig = async (
+    key: 'dbUrl' | 'openaiApiBaseUrl' | 'openaiApiKey' | 'openaiApiEmbeddingModel',
+  ) => {
+    await updateSmartRoutingConfig(key, tempSmartRoutingConfig[key]);
+  };
+
   const handleMCPRouterConfigChange = (
     key: 'apiKey' | 'referer' | 'title' | 'baseUrl',
     value: string,
@@ -699,31 +705,6 @@ const SettingsPage: React.FC = () => {
     }
   };
 
-  const handleSaveSmartRoutingConfig = async () => {
-    const updates: any = {};
-
-    if (tempSmartRoutingConfig.dbUrl !== smartRoutingConfig.dbUrl) {
-      updates.dbUrl = tempSmartRoutingConfig.dbUrl;
-    }
-    if (tempSmartRoutingConfig.openaiApiBaseUrl !== smartRoutingConfig.openaiApiBaseUrl) {
-      updates.openaiApiBaseUrl = tempSmartRoutingConfig.openaiApiBaseUrl;
-    }
-    if (tempSmartRoutingConfig.openaiApiKey !== smartRoutingConfig.openaiApiKey) {
-      updates.openaiApiKey = tempSmartRoutingConfig.openaiApiKey;
-    }
-    if (
-      tempSmartRoutingConfig.openaiApiEmbeddingModel !== smartRoutingConfig.openaiApiEmbeddingModel
-    ) {
-      updates.openaiApiEmbeddingModel = tempSmartRoutingConfig.openaiApiEmbeddingModel;
-    }
-
-    if (Object.keys(updates).length > 0) {
-      await updateSmartRoutingConfigBatch(updates);
-    } else {
-      showToast(t('settings.noChanges') || 'No changes to save', 'info');
-    }
-  };
-
   const handlePasswordChangeSuccess = () => {
     setTimeout(() => {
       navigate('/');
@@ -1233,27 +1214,31 @@ const SettingsPage: React.FC = () => {
                 />
               </div>
 
-              {/* hide when DB_URL env is set */}
-              {smartRoutingConfig.dbUrl !== '${DB_URL}' && (
-                <div className="p-3 bg-gray-50 rounded-md">
-                  <div className="mb-2">
-                    <h3 className="font-medium text-gray-700">
-                      <span className="text-red-500 px-1">*</span>
-                      {t('settings.dbUrl')}
-                    </h3>
-                  </div>
-                  <div className="flex items-center gap-3">
-                    <input
-                      type="text"
-                      value={tempSmartRoutingConfig.dbUrl}
-                      onChange={(e) => handleSmartRoutingConfigChange('dbUrl', e.target.value)}
-                      placeholder={t('settings.dbUrlPlaceholder')}
-                      className="flex-1 mt-1 block w-full py-2 px-3 border rounded-md shadow-sm focus:outline-none focus:ring-blue-500 focus:border-blue-500 sm:text-sm border-gray-300 form-input"
-                      disabled={loading}
-                    />
-                  </div>
+              <div className="p-3 bg-gray-50 rounded-md">
+                <div className="mb-2">
+                  <h3 className="font-medium text-gray-700">
+                    <span className="text-red-500 px-1">*</span>
+                    {t('settings.dbUrl')}
+                  </h3>
                 </div>
-              )}
+                <div className="flex items-center gap-3">
+                  <input
+                    type="text"
+                    value={tempSmartRoutingConfig.dbUrl}
+                    onChange={(e) => handleSmartRoutingConfigChange('dbUrl', e.target.value)}
+                    placeholder={t('settings.dbUrlPlaceholder')}
+                    className="flex-1 mt-1 block w-full py-2 px-3 border rounded-md shadow-sm focus:outline-none focus:ring-blue-500 focus:border-blue-500 sm:text-sm border-gray-300 form-input"
+                    disabled={loading}
+                  />
+                  <button
+                    onClick={() => saveSmartRoutingConfig('dbUrl')}
+                    disabled={loading}
+                    className="mt-1 px-4 py-2 bg-blue-600 hover:bg-blue-700 text-white rounded-md text-sm font-medium disabled:opacity-50 btn-primary"
+                  >
+                    {t('common.save')}
+                  </button>
+                </div>
+              </div>
 
               <div className="p-3 bg-gray-50 rounded-md">
                 <div className="mb-2">
@@ -1271,6 +1256,13 @@ const SettingsPage: React.FC = () => {
                     className="flex-1 mt-1 block w-full py-2 px-3 border rounded-md shadow-sm focus:outline-none focus:ring-blue-500 focus:border-blue-500 sm:text-sm border-gray-300"
                     disabled={loading}
                   />
+                  <button
+                    onClick={() => saveSmartRoutingConfig('openaiApiKey')}
+                    disabled={loading}
+                    className="mt-1 px-4 py-2 bg-blue-600 hover:bg-blue-700 text-white rounded-md text-sm font-medium disabled:opacity-50 btn-primary"
+                  >
+                    {t('common.save')}
+                  </button>
                 </div>
               </div>
 
@@ -1289,6 +1281,13 @@ const SettingsPage: React.FC = () => {
                     className="flex-1 mt-1 block w-full py-2 px-3 border border-gray-300 rounded-md shadow-sm focus:outline-none focus:ring-blue-500 focus:border-blue-500 sm:text-sm form-input"
                     disabled={loading}
                   />
+                  <button
+                    onClick={() => saveSmartRoutingConfig('openaiApiBaseUrl')}
+                    disabled={loading}
+                    className="mt-1 px-4 py-2 bg-blue-600 hover:bg-blue-700 text-white rounded-md text-sm font-medium disabled:opacity-50 btn-primary"
+                  >
+                    {t('common.save')}
+                  </button>
                 </div>
               </div>
 
@@ -1309,18 +1308,15 @@ const SettingsPage: React.FC = () => {
                     className="flex-1 mt-1 block w-full py-2 px-3 border border-gray-300 rounded-md shadow-sm focus:outline-none focus:ring-blue-500 focus:border-blue-500 sm:text-sm form-input"
                     disabled={loading}
                   />
+                  <button
+                    onClick={() => saveSmartRoutingConfig('openaiApiEmbeddingModel')}
+                    disabled={loading}
+                    className="mt-1 px-4 py-2 bg-blue-600 hover:bg-blue-700 text-white rounded-md text-sm font-medium disabled:opacity-50 btn-primary"
+                  >
+                    {t('common.save')}
+                  </button>
                 </div>
               </div>
-
-              <div className="flex justify-end pt-2">
-                <button
-                  onClick={handleSaveSmartRoutingConfig}
-                  disabled={loading}
-                  className="px-4 py-2 bg-blue-600 hover:bg-blue-700 text-white rounded-md text-sm font-medium disabled:opacity-50 btn-primary"
-                >
-                  {t('common.save')}
-                </button>
-              </div>
             </div>
           )}
         </div>

frontend/src/services/authService.ts

@@ -29,7 +29,7 @@ export const login = async (credentials: LoginCredentials): Promise<AuthResponse
     console.error('Login error:', error);
     return {
       success: false,
-      message: error instanceof Error ? error.message : 'An error occurred during login',
+      message: 'An error occurred during login',
     };
   }
 };

locales/en.json

@@ -61,7 +61,6 @@
     "emptyFields": "Username and password cannot be empty",
     "loginFailed": "Login failed, please check your username and password",
     "loginError": "An error occurred during login",
-    "serverUnavailable": "Unable to connect to the server. Please check your network connection or try again later",
     "currentPassword": "Current Password",
     "newPassword": "New Password",
     "confirmPassword": "Confirm Password",

locales/fr.json

@@ -61,7 +61,6 @@
     "emptyFields": "Le nom d'utilisateur et le mot de passe ne peuvent pas être vides",
     "loginFailed": "Échec de la connexion, veuillez vérifier votre nom d'utilisateur et votre mot de passe",
     "loginError": "Une erreur est survenue lors de la connexion",
-    "serverUnavailable": "Impossible de se connecter au serveur. Veuillez vérifier votre connexion réseau ou réessayer plus tard",
     "currentPassword": "Mot de passe actuel",
     "newPassword": "Nouveau mot de passe",
     "confirmPassword": "Confirmer le mot de passe",

locales/tr.json

@@ -61,7 +61,6 @@
     "emptyFields": "Kullanıcı adı ve şifre boş olamaz",
     "loginFailed": "Giriş başarısız, lütfen kullanıcı adınızı ve şifrenizi kontrol edin",
     "loginError": "Giriş sırasında bir hata oluştu",
-    "serverUnavailable": "Sunucuya bağlanılamıyor. Lütfen ağ bağlantınızı kontrol edin veya daha sonra tekrar deneyin",
     "currentPassword": "Mevcut Şifre",
     "newPassword": "Yeni Şifre",
     "confirmPassword": "Şifreyi Onayla",

locales/zh.json

@@ -61,7 +61,6 @@
     "emptyFields": "用户名和密码不能为空",
     "loginFailed": "登录失败，请检查用户名和密码",
     "loginError": "登录过程中出现错误",
-    "serverUnavailable": "无法连接到服务器，请检查网络连接或稍后再试",
     "currentPassword": "当前密码",
     "newPassword": "新密码",
     "confirmPassword": "确认密码",

package.json

@@ -73,7 +73,6 @@
     "postgres": "^3.4.7",
     "reflect-metadata": "^0.2.2",
     "typeorm": "^0.3.26",
-    "undici": "^7.16.0",
     "uuid": "^11.1.0"
   },
   "devDependencies": {

pnpm-lock.yaml

@@ -99,9 +99,6 @@ importers:
       typeorm:
         specifier: ^0.3.26
         version: 0.3.27(pg@8.16.3)(reflect-metadata@0.2.2)(ts-node@10.9.2(@swc/core@1.15.3)(@types/node@24.6.2)(typescript@5.9.2))
-      undici:
-        specifier: ^7.16.0
-        version: 7.16.0
       uuid:
         specifier: ^11.1.0
         version: 11.1.0
@@ -4434,10 +4431,6 @@ packages:
   undici-types@7.13.0:
     resolution: {integrity: sha512-Ov2Rr9Sx+fRgagJ5AX0qvItZG/JKKoBRAVITs1zk7IqZGTJUwgUr7qoYBpWwakpWilTZFM98rG/AFRocu10iIQ==}
 
-  undici@7.16.0:
-    resolution: {integrity: sha512-QEg3HPMll0o3t2ourKwOeUAZ159Kn9mx5pnzHRQO8+Wixmh88YdZRiIwat0iNzNNXn0yoEtXJqFpyW7eM8BV7g==}
-    engines: {node: '>=20.18.1'}
-
   universalify@2.0.1:
     resolution: {integrity: sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw==}
     engines: {node: '>= 10.0.0'}
@@ -8953,8 +8946,6 @@ snapshots:
 
   undici-types@7.13.0: {}
 
-  undici@7.16.0: {}
-
   universalify@2.0.1: {}
 
   unpipe@1.0.0: {}

src/controllers/serverController.ts

@@ -66,20 +66,6 @@ export const getAllSettings = async (_: Request, res: Response): Promise<void> =
     const systemConfigDao = getSystemConfigDao();
     const systemConfig = await systemConfigDao.get();
 
-    // Ensure smart routing config has DB URL set if environment variable is present
-    const dbUrlEnv = process.env.DB_URL || '';
-    if (!systemConfig.smartRouting) {
-      systemConfig.smartRouting = {
-        enabled: false,
-        dbUrl: dbUrlEnv ? '${DB_URL}' : '',
-        openaiApiBaseUrl: '',
-        openaiApiKey: '',
-        openaiApiEmbeddingModel: '',
-      };
-    } else if (!systemConfig.smartRouting.dbUrl) {
-      systemConfig.smartRouting.dbUrl = dbUrlEnv ? '${DB_URL}' : '';
-    }
-
     // Get bearer auth keys from DAO
     const bearerKeyDao = getBearerKeyDao();
     const bearerKeys = await bearerKeyDao.findAll();
@@ -992,8 +978,7 @@ export const updateSystemConfig = async (req: Request, res: Response): Promise<v
       if (typeof smartRouting.enabled === 'boolean') {
         // If enabling Smart Routing, validate required fields
         if (smartRouting.enabled) {
-          const currentDbUrl =
-            process.env.DB_URL || smartRouting.dbUrl || systemConfig.smartRouting.dbUrl;
+          const currentDbUrl = smartRouting.dbUrl || systemConfig.smartRouting.dbUrl;
           const currentOpenaiApiKey =
             smartRouting.openaiApiKey || systemConfig.smartRouting.openaiApiKey;
 

src/dao/BearerKeyDao.ts

@@ -24,10 +24,7 @@ export class BearerKeyDaoImpl extends JsonFileBaseDao implements BearerKeyDao {
   private async loadKeysWithMigration(): Promise<BearerKey[]> {
     const settings = await this.loadSettings();
 
-    // Treat an existing array (including an empty array) as already migrated.
-    // Otherwise, when there are no configured keys, we'd rewrite mcp_settings.json
-    // on every request, which also clears the global settings cache.
-    if (Array.isArray(settings.bearerKeys)) {
+    if (Array.isArray(settings.bearerKeys) && settings.bearerKeys.length > 0) {
       return settings.bearerKeys;
     }
 

src/db/connection.ts

@@ -25,44 +25,39 @@ const createRequiredExtensions = async (dataSource: DataSource): Promise<void> =
 };
 
 // Get database URL from smart routing config or fallback to environment variable
-const getDatabaseUrl = async (): Promise<string> => {
-  return (await getSmartRoutingConfig()).dbUrl;
+const getDatabaseUrl = (): string => {
+  return getSmartRoutingConfig().dbUrl;
 };
 
-// Default database configuration (without URL - will be set during initialization)
-const getDefaultConfig = async (): Promise<DataSourceOptions> => {
-  return {
-    type: 'postgres',
-    url: await getDatabaseUrl(),
-    synchronize: true,
-    entities: entities,
-    subscribers: [VectorEmbeddingSubscriber],
-  };
+// Default database configuration
+const defaultConfig: DataSourceOptions = {
+  type: 'postgres',
+  url: getDatabaseUrl(),
+  synchronize: true,
+  entities: entities,
+  subscribers: [VectorEmbeddingSubscriber],
 };
 
-// AppDataSource is the TypeORM data source (initialized with empty config, will be updated)
-let appDataSource: DataSource | null = null;
+// AppDataSource is the TypeORM data source
+let appDataSource = new DataSource(defaultConfig);
 
 // Global promise to track initialization status
 let initializationPromise: Promise<DataSource> | null = null;
 
 // Function to create a new DataSource with updated configuration
-export const updateDataSourceConfig = async (): Promise<DataSource> => {
-  const newConfig = await getDefaultConfig();
+export const updateDataSourceConfig = (): DataSource => {
+  const newConfig: DataSourceOptions = {
+    ...defaultConfig,
+    url: getDatabaseUrl(),
+  };
 
   // If the configuration has changed, we need to create a new DataSource
-  if (appDataSource) {
-    const currentUrl = (appDataSource.options as any).url;
-    const newUrl = (newConfig as any).url;
-    if (currentUrl !== newUrl) {
-      console.log('Database URL configuration changed, updating DataSource...');
-      appDataSource = new DataSource(newConfig);
-      // Reset initialization promise when configuration changes
-      initializationPromise = null;
-    }
-  } else {
-    // First time initialization
+  const currentUrl = (appDataSource.options as any).url;
+  if (currentUrl !== newConfig.url) {
+    console.log('Database URL configuration changed, updating DataSource...');
     appDataSource = new DataSource(newConfig);
+    // Reset initialization promise when configuration changes
+    initializationPromise = null;
   }
 
   return appDataSource;
@@ -70,9 +65,6 @@ export const updateDataSourceConfig = async (): Promise<DataSource> => {
 
 // Get the current AppDataSource instance
 export const getAppDataSource = (): DataSource => {
-  if (!appDataSource) {
-    throw new Error('Database not initialized. Call initializeDatabase() first.');
-  }
   return appDataSource;
 };
 
@@ -80,7 +72,7 @@ export const getAppDataSource = (): DataSource => {
 export const reconnectDatabase = async (): Promise<DataSource> => {
   try {
     // Close existing connection if it exists
-    if (appDataSource && appDataSource.isInitialized) {
+    if (appDataSource.isInitialized) {
       console.log('Closing existing database connection...');
       await appDataSource.destroy();
     }
@@ -89,7 +81,7 @@ export const reconnectDatabase = async (): Promise<DataSource> => {
     initializationPromise = null;
 
     // Update configuration and reconnect
-    appDataSource = await updateDataSourceConfig();
+    appDataSource = updateDataSourceConfig();
     return await initializeDatabase();
   } catch (error) {
     console.error('Error during database reconnection:', error);
@@ -106,7 +98,7 @@ export const initializeDatabase = async (): Promise<DataSource> => {
   }
 
   // If already initialized, return the existing instance
-  if (appDataSource && appDataSource.isInitialized) {
+  if (appDataSource.isInitialized) {
     console.log('Database already initialized, returning existing instance');
     return Promise.resolve(appDataSource);
   }
@@ -130,7 +122,7 @@ export const initializeDatabase = async (): Promise<DataSource> => {
 const performDatabaseInitialization = async (): Promise<DataSource> => {
   try {
     // Update configuration before initializing
-    appDataSource = await updateDataSourceConfig();
+    appDataSource = updateDataSourceConfig();
 
     if (!appDataSource.isInitialized) {
       console.log('Initializing database connection...');
@@ -258,8 +250,7 @@ const performDatabaseInitialization = async (): Promise<DataSource> => {
       console.log('Database connection established successfully.');
 
       // Run one final setup check after schema synchronization is done
-      const config = await getDefaultConfig();
-      if (config.synchronize) {
+      if (defaultConfig.synchronize) {
         try {
           console.log('Running final vector configuration check...');
 
@@ -334,12 +325,12 @@ const performDatabaseInitialization = async (): Promise<DataSource> => {
 
 // Get database connection status
 export const isDatabaseConnected = (): boolean => {
-  return appDataSource ? appDataSource.isInitialized : false;
+  return appDataSource.isInitialized;
 };
 
 // Close database connection
 export const closeDatabase = async (): Promise<void> => {
-  if (appDataSource && appDataSource.isInitialized) {
+  if (appDataSource.isInitialized) {
     await appDataSource.destroy();
     console.log('Database connection closed.');
   }

src/services/mcpOAuthProvider.ts

@@ -26,6 +26,7 @@ import {
   getRegisteredClient,
   removeRegisteredClient,
   fetchScopesFromServer,
+  refreshAccessToken,
 } from './oauthClientRegistration.js';
 import {
   clearOAuthData,
@@ -40,6 +41,9 @@ import {
 // Import getServerByName to access ServerInfo
 import { getServerByName } from './mcpService.js';
 
+// Refresh tokens one minute before expiry to avoid sending requests with stale credentials.
+const ACCESS_TOKEN_REFRESH_THRESHOLD_MS = 60_000;
+
 /**
  * MCPHub OAuth Provider for server-side OAuth flows
  *
@@ -292,21 +296,8 @@ export class MCPHubOAuthProvider implements OAuthClientProvider {
   /**
    * Get stored OAuth tokens
    */
-  tokens(): OAuthTokens | undefined {
-    // Use cached config only (tokens are updated via saveTokens which updates cache)
-    const serverConfig = this.serverConfig;
-
-    if (!serverConfig?.oauth?.accessToken) {
-      return undefined;
-    }
-
-    return {
-      access_token: serverConfig.oauth.accessToken,
-      token_type: 'Bearer',
-      refresh_token: serverConfig.oauth.refreshToken,
-      // Note: expires_in is not typically stored, only the token itself
-      // The SDK will handle token refresh when needed
-    };
+  async tokens(): Promise<OAuthTokens | undefined> {
+    return this.getValidTokens();
   }
 
   /**
@@ -325,11 +316,12 @@ export class MCPHubOAuthProvider implements OAuthClientProvider {
       return;
     }
 
-    console.log(`Saving OAuth tokens: ${JSON.stringify(tokens)} for server: ${this.serverName}`);
+    console.log(`Saving OAuth tokens for server: ${this.serverName}`);
 
     const updatedConfig = await persistTokens(this.serverName, {
       accessToken: tokens.access_token,
       refreshToken: refreshTokenProvided ? (tokens.refresh_token ?? null) : undefined,
+      expiresIn: tokens.expires_in,
       clearPendingAuthorization: hadPending,
     });
 
@@ -348,6 +340,89 @@ export class MCPHubOAuthProvider implements OAuthClientProvider {
     console.log(`Saved OAuth tokens for server: ${this.serverName}`);
   }
 
+  /**
+   * Returns tokens refreshed when expired or close to expiring.
+   * When an access token already exists and refresh fails, the existing token is returned.
+   */
+  private async getValidTokens(): Promise<OAuthTokens | undefined> {
+    const oauth = this.serverConfig.oauth;
+    if (!oauth) {
+      return undefined;
+    }
+
+    if (!oauth.accessToken) {
+      return this.refreshAccessTokenIfNeeded(oauth.refreshToken);
+    }
+
+    // Refresh if token is expired or about to expire
+    const expiresAt = this.getAccessTokenExpiryMs(oauth);
+    const now = Date.now();
+    if (expiresAt && expiresAt - now <= ACCESS_TOKEN_REFRESH_THRESHOLD_MS) {
+      const refreshed = await this.refreshAccessTokenIfNeeded(oauth.refreshToken);
+      if (refreshed) {
+        return refreshed;
+      }
+    }
+
+    return {
+      access_token: oauth.accessToken,
+      token_type: 'Bearer',
+      refresh_token: oauth.refreshToken,
+    };
+  }
+
+  private getAccessTokenExpiryMs(oauth: NonNullable<ServerConfig['oauth']>): number | undefined {
+    return oauth.accessTokenExpiresAt;
+  }
+
+  private async refreshAccessTokenIfNeeded(
+    refreshToken?: string | null,
+  ): Promise<OAuthTokens | undefined> {
+    if (!refreshToken) {
+      return undefined;
+    }
+
+    try {
+      const clientInfo = await initializeOAuthForServer(this.serverName, this.serverConfig);
+      if (!clientInfo) {
+        return undefined;
+      }
+
+      const tokens = await refreshAccessToken(
+        this.serverName,
+        this.serverConfig,
+        clientInfo,
+        refreshToken,
+      );
+
+      // Reload latest config to sync updated tokens/expiry
+      const updatedConfig = await loadServerConfig(this.serverName);
+      if (updatedConfig) {
+        this.serverConfig = updatedConfig;
+      }
+
+      const nextRefreshToken = tokens.refreshToken ?? refreshToken;
+      if (tokens.refreshToken === undefined) {
+        console.warn(
+          `Refresh response missing refresh_token for ${this.serverName}; reusing existing refresh token (some providers omit refresh_token on refresh)`,
+        );
+      }
+
+      return {
+        access_token: tokens.accessToken,
+        refresh_token: nextRefreshToken,
+        token_type: 'Bearer',
+        expires_in: tokens.expiresIn,
+      };
+    } catch (error) {
+      console.warn(
+        `Failed to auto-refresh OAuth token for server ${this.serverName}:`,
+        error instanceof Error ? error.message : error,
+      );
+      return undefined;
+    }
+  }
+
   /**
    * Redirect to authorization URL
    * In a server environment, we can't directly redirect the user

src/services/mcpService.ts

@@ -14,7 +14,6 @@ import {
   StreamableHTTPClientTransport,
   StreamableHTTPClientTransportOptions,
 } from '@modelcontextprotocol/sdk/client/streamableHttp.js';
-import { createFetchWithProxy, getProxyConfigFromEnv } from './proxy.js';
 import { ServerInfo, ServerConfig, Tool } from '../types/index.js';
 import { expandEnvVars, replaceEnvVars, getNameSeparator } from '../config/index.js';
 import config from '../config/index.js';
@@ -135,10 +134,6 @@ export const cleanupAllServers = (): void => {
 // Helper function to create transport based on server configuration
 export const createTransportFromConfig = async (name: string, conf: ServerConfig): Promise<any> => {
   let transport;
-  const env: Record<string, string> = {
-    ...(process.env as Record<string, string>),
-    ...replaceEnvVars(conf.env || {}),
-  };
 
   if (conf.type === 'streamable-http') {
     const options: StreamableHTTPClientTransportOptions = {};
@@ -157,8 +152,6 @@ export const createTransportFromConfig = async (name: string, conf: ServerConfig
       console.log(`OAuth provider configured for server: ${name}`);
     }
 
-    options.fetch = createFetchWithProxy(getProxyConfigFromEnv(env));
-
     transport = new StreamableHTTPClientTransport(new URL(conf.url || ''), options);
   } else if (conf.url) {
     // SSE transport
@@ -181,11 +174,13 @@ export const createTransportFromConfig = async (name: string, conf: ServerConfig
       console.log(`OAuth provider configured for server: ${name}`);
     }
 
-    options.fetch = createFetchWithProxy(getProxyConfigFromEnv(env));
-
     transport = new SSEClientTransport(new URL(conf.url), options);
   } else if (conf.command && conf.args) {
     // Stdio transport
+    const env: Record<string, string> = {
+      ...(process.env as Record<string, string>),
+      ...replaceEnvVars(conf.env || {}),
+    };
     env['PATH'] = expandEnvVars(process.env.PATH as string) || '';
 
     const systemConfigDao = getSystemConfigDao();
@@ -241,8 +236,6 @@ const callToolWithReconnect = async (
   for (let attempt = 0; attempt <= maxRetries; attempt++) {
     try {
       const result = await serverInfo.client.callTool(toolParams, undefined, options || {});
-      // Check auth error
-      checkAuthError(result);
       return result;
     } catch (error: any) {
       // Check if error message starts with "Error POSTing to endpoint (HTTP 40"
@@ -832,25 +825,6 @@ export const addOrUpdateServer = async (
   }
 };
 
-// Check for authentication error in tool call result
-function checkAuthError(result: any) {
-  if (Array.isArray(result.content) && result.content.length > 0) {
-    const text = result.content[0]?.text;
-    if (typeof text === 'string') {
-      let errorContent;
-      try {
-        errorContent = JSON.parse(text);
-      } catch (e) {
-        // Ignore JSON parse errors and continue
-        return;
-      }
-      if (errorContent.code === 401) {
-        throw new Error('Error POSTing to endpoint (HTTP 401 Unauthorized)');
-      }
-    }
-  }
-}
-
 // Close server client and transport
 function closeServer(name: string) {
   const serverInfo = serverInfos.find((serverInfo) => serverInfo.name === name);

src/services/oauthClientRegistration.ts

@@ -397,6 +397,7 @@ export const exchangeCodeForToken = async (
     await persistTokens(serverName, {
       accessToken: tokens.access_token,
       refreshToken: tokens.refresh_token ?? undefined,
+      expiresIn: tokens.expires_in,
     });
 
     return {
@@ -437,6 +438,7 @@ export const refreshAccessToken = async (
     await persistTokens(serverName, {
       accessToken: tokens.access_token,
       refreshToken: tokens.refresh_token ?? undefined,
+      expiresIn: tokens.expires_in,
     });
 
     return {

src/services/oauthSettingsStore.ts

@@ -100,12 +100,17 @@ export const persistTokens = async (
   tokens: {
     accessToken: string;
     refreshToken?: string | null;
+    expiresIn?: number;
     clearPendingAuthorization?: boolean;
   },
 ): Promise<ServerConfigWithOAuth | undefined> => {
   return mutateOAuthSettings(serverName, ({ oauth }) => {
     oauth.accessToken = tokens.accessToken;
 
+    if (tokens.expiresIn !== undefined) {
+      oauth.accessTokenExpiresAt = Date.now() + tokens.expiresIn * 1000;
+    }
+
     if (tokens.refreshToken !== undefined) {
       if (tokens.refreshToken) {
         oauth.refreshToken = tokens.refreshToken;
@@ -147,6 +152,7 @@ export const clearOAuthData = async (
     if (scope === 'tokens' || scope === 'all') {
       delete oauth.accessToken;
       delete oauth.refreshToken;
+      delete oauth.accessTokenExpiresAt;
     }
 
     if (scope === 'client' || scope === 'all') {

src/services/proxy.ts

@@ -1,167 +0,0 @@
-/**
- * HTTP/HTTPS proxy configuration utilities for MCP client transports.
- *
- * This module provides utilities to configure HTTP and HTTPS proxies when
- * connecting to MCP servers. Proxies are configured by providing a custom
- * fetch implementation that uses Node.js http/https agents with proxy support.
- *
- */
-
-import { FetchLike } from '@modelcontextprotocol/sdk/shared/transport.js';
-
-/**
- * Configuration options for HTTP/HTTPS proxy settings.
- */
-export interface ProxyConfig {
-  /**
-   * HTTP proxy URL (e.g., 'http://proxy.example.com:8080')
-   * Can include authentication: 'http://user:pass@proxy.example.com:8080'
-   */
-  httpProxy?: string;
-
-  /**
-   * HTTPS proxy URL (e.g., 'https://proxy.example.com:8443')
-   * Can include authentication: 'https://user:pass@proxy.example.com:8443'
-   */
-  httpsProxy?: string;
-
-  /**
-   * Comma-separated list of hosts that should bypass the proxy
-   * (e.g., 'localhost,127.0.0.1,.example.com')
-   */
-  noProxy?: string;
-}
-
-/**
- * Creates a fetch function that uses the specified proxy configuration.
- *
- * This function returns a fetch implementation that routes requests through
- * the configured HTTP/HTTPS proxies using undici's ProxyAgent.
- *
- * Note: This function requires the 'undici' package to be installed.
- * Install it with: npm install undici
- *
- * @param config - Proxy configuration options
- * @returns A fetch-compatible function configured to use the specified proxies
- *
- */
-export function createFetchWithProxy(config: ProxyConfig): FetchLike {
-  // If no proxy is configured, return the default fetch
-  if (!config.httpProxy && !config.httpsProxy) {
-    return fetch;
-  }
-
-  // Parse no_proxy list
-  const noProxyList = parseNoProxy(config.noProxy);
-
-  return async (url: string | URL, init?: RequestInit): Promise<Response> => {
-    const targetUrl = typeof url === 'string' ? new URL(url) : url;
-
-    // Check if host should bypass proxy
-    if (shouldBypassProxy(targetUrl.hostname, noProxyList)) {
-      return fetch(url, init);
-    }
-
-    // Determine which proxy to use based on protocol
-    const proxyUrl = targetUrl.protocol === 'https:' ? config.httpsProxy : config.httpProxy;
-
-    if (!proxyUrl) {
-      // No proxy configured for this protocol
-      return fetch(url, init);
-    }
-
-    // Use undici for proxy support if available
-    try {
-      // Dynamic import - undici is an optional peer dependency
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      const undici = await import('undici' as any);
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      const ProxyAgent = (undici as any).ProxyAgent;
-      const dispatcher = new ProxyAgent(proxyUrl);
-
-      return fetch(url, {
-        ...init,
-        // @ts-expect-error - dispatcher is undici-specific
-        dispatcher,
-      });
-    } catch (error) {
-      // undici not available - throw error requiring installation
-      throw new Error(
-        'Proxy support requires the "undici" package. ' +
-          'Install it with: npm install undici\n' +
-          `Original error: ${error instanceof Error ? error.message : String(error)}`,
-      );
-    }
-  };
-}
-
-/**
- * Parses a NO_PROXY environment variable value into a list of patterns.
- */
-function parseNoProxy(noProxy?: string): string[] {
-  if (!noProxy) {
-    return [];
-  }
-
-  return noProxy
-    .split(',')
-    .map((item) => item.trim())
-    .filter((item) => item.length > 0);
-}
-
-/**
- * Checks if a hostname should bypass the proxy based on NO_PROXY patterns.
- */
-function shouldBypassProxy(hostname: string, noProxyList: string[]): boolean {
-  if (noProxyList.length === 0) {
-    return false;
-  }
-
-  const hostnameLower = hostname.toLowerCase();
-
-  for (const pattern of noProxyList) {
-    const patternLower = pattern.toLowerCase();
-
-    // Exact match
-    if (hostnameLower === patternLower) {
-      return true;
-    }
-
-    // Domain suffix match (e.g., .example.com matches sub.example.com)
-    if (patternLower.startsWith('.') && hostnameLower.endsWith(patternLower)) {
-      return true;
-    }
-
-    // Domain suffix match without leading dot
-    if (!patternLower.startsWith('.') && hostnameLower.endsWith('.' + patternLower)) {
-      return true;
-    }
-
-    // Special case: "*" matches everything
-    if (patternLower === '*') {
-      return true;
-    }
-  }
-
-  return false;
-}
-
-/**
- * Creates a ProxyConfig from environment variables.
- *
- * This function reads standard proxy environment variables:
- * - HTTP_PROXY, http_proxy
- * - HTTPS_PROXY, https_proxy
- * - NO_PROXY, no_proxy
- *
- * Lowercase versions take precedence over uppercase versions.
- *
- * @returns A ProxyConfig object populated from environment variables
- */
-export function getProxyConfigFromEnv(env: Record<string, string>): ProxyConfig {
-  return {
-    httpProxy: env.http_proxy || env.HTTP_PROXY,
-    httpsProxy: env.https_proxy || env.HTTPS_PROXY,
-    noProxy: env.no_proxy || env.NO_PROXY,
-  };
-}

src/services/vectorSearchService.ts

@@ -6,8 +6,8 @@ import { getSmartRoutingConfig } from '../utils/smartRouting.js';
 import OpenAI from 'openai';
 
 // Get OpenAI configuration from smartRouting settings or fallback to environment variables
-const getOpenAIConfig = async () => {
-  const smartRoutingConfig = await getSmartRoutingConfig();
+const getOpenAIConfig = () => {
+  const smartRoutingConfig = getSmartRoutingConfig();
   return {
     apiKey: smartRoutingConfig.openaiApiKey,
     baseURL: smartRoutingConfig.openaiApiBaseUrl,
@@ -34,8 +34,8 @@ const getDimensionsForModel = (model: string): number => {
 };
 
 // Initialize the OpenAI client with smartRouting configuration
-const getOpenAIClient = async () => {
-  const config = await getOpenAIConfig();
+const getOpenAIClient = () => {
+  const config = getOpenAIConfig();
   return new OpenAI({
     apiKey: config.apiKey, // Get API key from smartRouting settings or environment variables
     baseURL: config.baseURL, // Get base URL from smartRouting settings or fallback to default
@@ -53,26 +53,32 @@ const getOpenAIClient = async () => {
  * @returns Promise with vector embedding as number array
  */
 async function generateEmbedding(text: string): Promise<number[]> {
-  const config = await getOpenAIConfig();
-  const openai = await getOpenAIClient();
+  try {
+    const config = getOpenAIConfig();
+    const openai = getOpenAIClient();
 
-  // Check if API key is configured
-  if (!openai.apiKey) {
-    console.warn('OpenAI API key is not configured. Using fallback embedding method.');
+    // Check if API key is configured
+    if (!openai.apiKey) {
+      console.warn('OpenAI API key is not configured. Using fallback embedding method.');
+      return generateFallbackEmbedding(text);
+    }
+
+    // Truncate text if it's too long (OpenAI has token limits)
+    const truncatedText = text.length > 8000 ? text.substring(0, 8000) : text;
+
+    // Call OpenAI's embeddings API
+    const response = await openai.embeddings.create({
+      model: config.embeddingModel, // Modern model with better performance
+      input: truncatedText,
+    });
+
+    // Return the embedding
+    return response.data[0].embedding;
+  } catch (error) {
+    console.error('Error generating embedding:', error);
+    console.warn('Falling back to simple embedding method');
     return generateFallbackEmbedding(text);
   }
-
-  // Truncate text if it's too long (OpenAI has token limits)
-  const truncatedText = text.length > 8000 ? text.substring(0, 8000) : text;
-
-  // Call OpenAI's embeddings API
-  const response = await openai.embeddings.create({
-    model: config.embeddingModel, // Modern model with better performance
-    input: truncatedText,
-  });
-
-  // Return the embedding
-  return response.data[0].embedding;
 }
 
 /**
@@ -192,12 +198,12 @@ export const saveToolsAsVectorEmbeddings = async (
       return;
     }
 
-    const smartRoutingConfig = await getSmartRoutingConfig();
+    const smartRoutingConfig = getSmartRoutingConfig();
     if (!smartRoutingConfig.enabled) {
       return;
     }
 
-    const config = await getOpenAIConfig();
+    const config = getOpenAIConfig();
     const vectorRepository = getRepositoryFactory(
       'vectorEmbeddings',
     )() as VectorEmbeddingRepository;
@@ -221,26 +227,31 @@ export const saveToolsAsVectorEmbeddings = async (
         .filter(Boolean)
         .join(' ');
 
-      // Generate embedding
-      const embedding = await generateEmbedding(searchableText);
+      try {
+        // Generate embedding
+        const embedding = await generateEmbedding(searchableText);
 
-      // Check database compatibility before saving
-      await checkDatabaseVectorDimensions(embedding.length);
+        // Check database compatibility before saving
+        await checkDatabaseVectorDimensions(embedding.length);
 
-      // Save embedding
-      await vectorRepository.saveEmbedding(
-        'tool',
-        `${serverName}:${tool.name}`,
-        searchableText,
-        embedding,
-        {
-          serverName,
-          toolName: tool.name,
-          description: tool.description,
-          inputSchema: tool.inputSchema,
-        },
-        config.embeddingModel, // Store the model used for this embedding
-      );
+        // Save embedding
+        await vectorRepository.saveEmbedding(
+          'tool',
+          `${serverName}:${tool.name}`,
+          searchableText,
+          embedding,
+          {
+            serverName,
+            toolName: tool.name,
+            description: tool.description,
+            inputSchema: tool.inputSchema,
+          },
+          config.embeddingModel, // Store the model used for this embedding
+        );
+      } catch (toolError) {
+        console.error(`Error processing tool ${tool.name} for server ${serverName}:`, toolError);
+        // Continue with the next tool rather than failing the whole batch
+      }
     }
 
     console.log(`Saved ${tools.length} tool embeddings for server: ${serverName}`);
@@ -370,7 +381,7 @@ export const getAllVectorizedTools = async (
   }>
 > => {
   try {
-    const config = await getOpenAIConfig();
+    const config = getOpenAIConfig();
     const vectorRepository = getRepositoryFactory(
       'vectorEmbeddings',
     )() as VectorEmbeddingRepository;

src/types/index.ts

@@ -293,6 +293,7 @@ export interface ServerConfig {
     scopes?: string[]; // Required OAuth scopes
     accessToken?: string; // Pre-obtained access token (if available)
     refreshToken?: string; // Refresh token for renewing access
+    accessTokenExpiresAt?: number; // Access token expiration timestamp (ms since epoch)
 
     // Dynamic client registration (RFC7591)
     // If not explicitly configured, will auto-detect via WWW-Authenticate header on 401 responses

src/utils/smartRouting.ts

@@ -1,5 +1,4 @@
-import { expandEnvVars } from '../config/index.js';
-import { getSystemConfigDao } from '../dao/DaoFactory.js';
+import { loadSettings, expandEnvVars } from '../config/index.js';
 
 /**
  * Smart routing configuration interface
@@ -23,11 +22,10 @@ export interface SmartRoutingConfig {
  *
  * @returns {SmartRoutingConfig} Complete smart routing configuration
  */
-export async function getSmartRoutingConfig(): Promise<SmartRoutingConfig> {
-  // Get system config from DAO
-  const systemConfigDao = getSystemConfigDao();
-  const systemConfig = await systemConfigDao.get();
-  const smartRoutingSettings: Partial<SmartRoutingConfig> = systemConfig.smartRouting || {};
+export function getSmartRoutingConfig(): SmartRoutingConfig {
+  const settings = loadSettings();
+  const smartRoutingSettings: Partial<SmartRoutingConfig> =
+    settings.systemConfig?.smartRouting || {};
 
   return {
     // Enabled status - check multiple environment variables

tests/dao/bearerKeyDao.test.ts

@@ -1,97 +0,0 @@
-import fs from 'fs';
-import os from 'os';
-import path from 'path';
-
-import { BearerKeyDaoImpl } from '../../src/dao/BearerKeyDao.js';
-
-const writeSettings = (settingsPath: string, settings: unknown): void => {
-  fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2), 'utf8');
-};
-
-describe('BearerKeyDaoImpl migration + settings caching behavior', () => {
-  let tmpDir: string;
-  let settingsPath: string;
-  let originalSettingsEnv: string | undefined;
-
-  beforeEach(() => {
-    tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'mcphub-bearer-keys-'));
-    settingsPath = path.join(tmpDir, 'mcp_settings.json');
-
-    originalSettingsEnv = process.env.MCPHUB_SETTING_PATH;
-    process.env.MCPHUB_SETTING_PATH = settingsPath;
-  });
-
-  afterEach(() => {
-    if (originalSettingsEnv === undefined) {
-      delete process.env.MCPHUB_SETTING_PATH;
-    } else {
-      process.env.MCPHUB_SETTING_PATH = originalSettingsEnv;
-    }
-
-    try {
-      fs.rmSync(tmpDir, { recursive: true, force: true });
-    } catch {
-      // ignore cleanup errors
-    }
-  });
-
-  it('does not rewrite settings when bearerKeys exists as an empty array', async () => {
-    writeSettings(settingsPath, {
-      mcpServers: {},
-      users: [],
-      systemConfig: {
-        routing: {
-          enableBearerAuth: false,
-          bearerAuthKey: '',
-        },
-      },
-      bearerKeys: [],
-    });
-
-    const writeSpy = jest.spyOn(fs, 'writeFileSync');
-
-    const dao = new BearerKeyDaoImpl();
-    const enabled1 = await dao.findEnabled();
-    const enabled2 = await dao.findEnabled();
-
-    expect(enabled1).toEqual([]);
-    expect(enabled2).toEqual([]);
-
-    // The DAO should NOT persist anything because bearerKeys already exists.
-    expect(writeSpy).not.toHaveBeenCalled();
-
-    writeSpy.mockRestore();
-  });
-
-  it('migrates legacy bearerAuthKey only once', async () => {
-    writeSettings(settingsPath, {
-      mcpServers: {},
-      users: [],
-      systemConfig: {
-        routing: {
-          enableBearerAuth: true,
-          bearerAuthKey: 'legacy-token',
-        },
-      },
-      // bearerKeys is intentionally missing to trigger migration
-    });
-
-    const writeSpy = jest.spyOn(fs, 'writeFileSync');
-
-    const dao = new BearerKeyDaoImpl();
-
-    const enabled1 = await dao.findEnabled();
-    expect(enabled1).toHaveLength(1);
-    expect(enabled1[0].token).toBe('legacy-token');
-    expect(enabled1[0].enabled).toBe(true);
-
-    const enabled2 = await dao.findEnabled();
-    expect(enabled2).toHaveLength(1);
-    expect(enabled2[0].token).toBe('legacy-token');
-
-    // One write for the migration, no further writes on subsequent reads.
-    expect(writeSpy).toHaveBeenCalledTimes(1);
-
-    writeSpy.mockRestore();
-  });
-});

tests/services/mcpOAuthProvider.test.ts

@@ -0,0 +1,106 @@
+jest.mock('../../src/services/oauthClientRegistration.js', () => ({
+  initializeOAuthForServer: jest.fn(),
+  getRegisteredClient: jest.fn(),
+  removeRegisteredClient: jest.fn(),
+  fetchScopesFromServer: jest.fn(),
+  refreshAccessToken: jest.fn(),
+}));
+
+jest.mock('../../src/services/oauthSettingsStore.js', () => ({
+  loadServerConfig: jest.fn(),
+  mutateOAuthSettings: jest.fn(),
+  persistTokens: jest.fn(),
+  updatePendingAuthorization: jest.fn(),
+}));
+
+jest.mock('../../src/services/mcpService.js', () => ({
+  getServerByName: jest.fn(),
+}));
+
+jest.mock('../../src/dao/index.js', () => ({
+  getSystemConfigDao: jest.fn(() => ({ get: jest.fn() })),
+}));
+
+import { MCPHubOAuthProvider } from '../../src/services/mcpOAuthProvider.js';
+import * as oauthRegistration from '../../src/services/oauthClientRegistration.js';
+import * as oauthSettingsStore from '../../src/services/oauthSettingsStore.js';
+import type { ServerConfig } from '../../src/types/index.js';
+
+describe('MCPHubOAuthProvider token refresh', () => {
+  const NOW = 1_700_000_000_000;
+  const TEN_MINUTES_MS = 10 * 60 * 1_000;
+  let nowSpy: jest.SpyInstance<number, []>;
+
+  beforeEach(() => {
+    nowSpy = jest.spyOn(Date, 'now').mockReturnValue(NOW);
+    jest.clearAllMocks();
+  });
+
+  afterEach(() => {
+    nowSpy.mockRestore();
+  });
+
+  const baseConfig: ServerConfig = {
+    url: 'https://example.com/v1/sse',
+    oauth: {
+      clientId: 'client-id',
+      accessToken: 'old-access',
+      refreshToken: 'refresh-token',
+    },
+  };
+
+  it('refreshes access token when expired', async () => {
+    const expiredConfig: ServerConfig = {
+      ...baseConfig,
+      oauth: {
+        ...baseConfig.oauth,
+        accessTokenExpiresAt: NOW - 1_000,
+      },
+    };
+
+    const refreshedConfig: ServerConfig = {
+      ...expiredConfig,
+      oauth: {
+        ...expiredConfig.oauth,
+        accessToken: 'new-access',
+        refreshToken: 'new-refresh',
+        accessTokenExpiresAt: NOW + 3_600_000,
+      },
+    };
+
+    (oauthRegistration.initializeOAuthForServer as jest.Mock).mockResolvedValue({
+      config: {},
+    });
+    (oauthRegistration.refreshAccessToken as jest.Mock).mockResolvedValue({
+      accessToken: 'new-access',
+      refreshToken: 'new-refresh',
+      expiresIn: 3600,
+    });
+    (oauthSettingsStore.loadServerConfig as jest.Mock).mockResolvedValue(refreshedConfig);
+
+    const provider = new MCPHubOAuthProvider('atlassian-work', expiredConfig);
+
+    const tokens = await provider.tokens();
+
+    expect(oauthRegistration.refreshAccessToken).toHaveBeenCalledTimes(1);
+    expect(oauthSettingsStore.loadServerConfig).toHaveBeenCalledTimes(1);
+    expect(tokens?.access_token).toBe('new-access');
+    expect(tokens?.refresh_token).toBe('new-refresh');
+  });
+
+  it('returns cached token when not expired', async () => {
+    const freshConfig: ServerConfig = {
+      ...baseConfig,
+      oauth: {
+        ...baseConfig.oauth,
+        accessTokenExpiresAt: NOW + TEN_MINUTES_MS,
+      },
+    };
+
+    const provider = new MCPHubOAuthProvider('atlassian-work', freshConfig);
+    const tokens = await provider.tokens();
+
+    expect(tokens?.access_token).toBe('old-access');
+    expect(oauthRegistration.refreshAccessToken).not.toHaveBeenCalled();
+  });
+});