chore: clarify token refresh comments

Co-authored-by: samanhappy <2755122+samanhappy@users.noreply.github.com>
chore: simplify oauth token expiry helpers
2025-12-30 05:30:06 -05:00 · 2025-12-13 14:50:55 +00:00 · 2025-12-13 14:49:15 +00:00 · 2025-12-13 14:46:49 +00:00 · 2025-12-13 14:45:20 +00:00 · 2025-12-13 14:38:07 +00:00
49 changed files with 760 additions and 1441 deletions
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -0,0 +1,272 @@
+# MCPHub Coding Instructions
+
+**ALWAYS follow these instructions first and only fallback to additional search and context gathering if the information here is incomplete or found to be in error.**
+
+## Project Overview
+
+MCPHub is a TypeScript/Node.js MCP (Model Context Protocol) server management hub that provides unified access through HTTP endpoints. It serves as a centralized dashboard for managing multiple MCP servers with real-time monitoring, authentication, and flexible routing.
+
+**Core Components:**
+
+- **Backend**: Express.js + TypeScript + ESM (`src/server.ts`)
+- **Frontend**: React/Vite + Tailwind CSS (`frontend/`)
+- **MCP Integration**: Connects multiple MCP servers (`src/services/mcpService.ts`)
+- **Authentication**: JWT-based with bcrypt password hashing
+- **Configuration**: JSON-based MCP server definitions (`mcp_settings.json`)
+- **Documentation**: API docs and usage instructions(`docs/`)
+
+## Working Effectively
+
+### Bootstrap and Setup (CRITICAL - Follow Exact Steps)
+
+```bash
+# Install pnpm if not available
+npm install -g pnpm
+
+# Install dependencies - takes ~30 seconds
+pnpm install
+
+# Setup environment (optional)
+cp .env.example .env
+
+# Build and test to verify setup
+pnpm lint                    # ~3 seconds - NEVER CANCEL
+pnpm backend:build          # ~5 seconds - NEVER CANCEL
+pnpm test:ci                # ~16 seconds - NEVER CANCEL. Set timeout to 60+ seconds
+pnpm frontend:build         # ~5 seconds - NEVER CANCEL
+pnpm build                  # ~10 seconds total - NEVER CANCEL. Set timeout to 60+ seconds
+```
+
+**CRITICAL TIMING**: These commands are fast but NEVER CANCEL them. Always wait for completion.
+
+### Development Environment
+
+```bash
+# Start both backend and frontend (recommended for most development)
+pnpm dev                    # Backend on :3001, Frontend on :5173
+
+# OR start separately (required on Windows, optional on Linux/macOS)
+# Terminal 1: Backend only
+pnpm backend:dev            # Runs on port 3000 (or PORT env var)
+
+# Terminal 2: Frontend only
+pnpm frontend:dev           # Runs on port 5173, proxies API to backend
+```
+
+**NEVER CANCEL**: Development servers may take 10-15 seconds to fully initialize all MCP servers.
+
+### Build Commands (Production)
+
+```bash
+# Full production build - takes ~10 seconds total
+pnpm build                  # NEVER CANCEL - Set timeout to 60+ seconds
+
+# Individual builds
+pnpm backend:build          # TypeScript compilation - ~5 seconds
+pnpm frontend:build         # Vite build - ~5 seconds
+
+# Start production server
+pnpm start                  # Requires dist/ and frontend/dist/ to exist
+```
+
+### Testing and Validation
+
+```bash
+# Run all tests - takes ~16 seconds with 73 tests
+pnpm test:ci                # NEVER CANCEL - Set timeout to 60+ seconds
+
+# Development testing
+pnpm test                   # Interactive mode
+pnpm test:watch             # Watch mode for development
+pnpm test:coverage          # With coverage report
+
+# Code quality
+pnpm lint                   # ESLint - ~3 seconds
+pnpm format                 # Prettier formatting - ~3 seconds
+```
+
+**CRITICAL**: All tests MUST pass before committing. Do not modify tests to make them pass unless specifically required for your changes.
+
+## Manual Validation Requirements
+
+**ALWAYS perform these validation steps after making changes:**
+
+### 1. Basic Application Functionality
+
+```bash
+# Start the application
+pnpm dev
+
+# Verify backend responds (in another terminal)
+curl http://localhost:3000/api/health
+# Expected: Should return health status
+
+# Verify frontend serves
+curl -I http://localhost:3000/
+# Expected: HTTP 200 OK with HTML content
+```
+
+### 2. MCP Server Integration Test
+
+```bash
+# Check MCP servers are loading (look for log messages)
+# Expected log output should include:
+# - "Successfully connected client for server: [name]"
+# - "Successfully listed [N] tools for server: [name]"
+# - Some servers may fail due to missing API keys (normal in dev)
+```
+
+### 3. Build Verification
+
+```bash
+# Verify production build works
+pnpm build
+node scripts/verify-dist.js
+# Expected: "✅ Verification passed! Frontend and backend dist files are present."
+```
+
+**NEVER skip these validation steps**. If any fail, debug and fix before proceeding.
+
+## Project Structure and Key Files
+
+### Critical Backend Files
+
+- `src/index.ts` - Application entry point
+- `src/server.ts` - Express server setup and middleware
+- `src/services/mcpService.ts` - **Core MCP server management logic**
+- `src/config/index.ts` - Configuration management
+- `src/routes/` - HTTP route definitions
+- `src/controllers/` - HTTP request handlers
+- `src/dao/` - Data access layer (supports JSON file & PostgreSQL)
+- `src/db/` - TypeORM entities & repositories (for PostgreSQL mode)
+- `src/types/index.ts` - TypeScript type definitions
+
+### DAO Layer (Dual Data Source)
+
+MCPHub supports **JSON file** (default) and **PostgreSQL** storage:
+
+- Set `USE_DB=true` + `DB_URL=postgresql://...` to use database
+- When modifying data structures, update: `src/types/`, `src/dao/`, `src/db/entities/`, `src/db/repositories/`, `src/utils/migration.ts`
+- See `AGENTS.md` for detailed DAO modification checklist
+
+### Critical Frontend Files
+
+- `frontend/src/` - React application source
+- `frontend/src/pages/` - Page components (development entry point)
+- `frontend/src/components/` - Reusable UI components
+- `frontend/src/utils/fetchInterceptor.js` - Backend API interaction
+
+### Configuration Files
+
+- `mcp_settings.json` - **MCP server definitions and user accounts**
+- `package.json` - Dependencies and scripts
+- `tsconfig.json` - TypeScript configuration
+- `jest.config.cjs` - Test configuration
+- `.eslintrc.json` - Linting rules
+
+### Docker and Deployment
+
+- `Dockerfile` - Multi-stage build with Python base + Node.js
+- `entrypoint.sh` - Docker startup script
+- `bin/cli.js` - NPM package CLI entry point
+
+## Development Process and Conventions
+
+### Code Style Requirements
+
+- **ESM modules**: Always use `.js` extensions in imports, not `.ts`
+- **English only**: All code comments must be written in English
+- **TypeScript strict**: Follow strict type checking rules
+- **Import style**: `import { something } from './file.js'` (note .js extension)
+
+### Key Configuration Notes
+
+- **MCP servers**: Defined in `mcp_settings.json` with command/args
+- **Endpoints**: `/mcp/{group|server}` and `/mcp/$smart` for routing
+- **i18n**: Frontend uses react-i18next with files in `locales/` folder
+- **Authentication**: JWT tokens with bcrypt password hashing
+- **Default credentials**: admin/admin123 (configured in mcp_settings.json)
+
+### Development Entry Points
+
+- **Add MCP server**: Modify `mcp_settings.json` and restart
+- **New API endpoint**: Add route in `src/routes/`, controller in `src/controllers/`
+- **Frontend feature**: Start from `frontend/src/pages/` or `frontend/src/components/`
+- **Add tests**: Follow patterns in `tests/` directory
+
+### Common Development Tasks
+
+#### Adding a new MCP server:
+
+1. Add server definition to `mcp_settings.json`
+2. Restart backend to load new server
+3. Check logs for successful connection
+4. Test via dashboard or API endpoints
+
+#### API development:
+
+1. Define route in `src/routes/`
+2. Implement controller in `src/controllers/`
+3. Add types in `src/types/index.ts` if needed
+4. Write tests in `tests/controllers/`
+
+#### Frontend development:
+
+1. Create/modify components in `frontend/src/components/`
+2. Add pages in `frontend/src/pages/`
+3. Update routing if needed
+4. Test in development mode with `pnpm frontend:dev`
+
+#### Documentation:
+
+1. Update or add docs in `docs/` folder
+2. Ensure README.md reflects any major changes
+
+## Validation and CI Requirements
+
+### Before Committing - ALWAYS Run:
+
+```bash
+pnpm lint                   # Must pass - ~3 seconds
+pnpm backend:build          # Must compile - ~5 seconds
+pnpm test:ci                # All tests must pass - ~16 seconds
+pnpm build                  # Full build must work - ~10 seconds
+```
+
+**CRITICAL**: CI will fail if any of these commands fail. Fix issues locally first.
+
+### CI Pipeline (.github/workflows/ci.yml)
+
+- Runs on Node.js 20.x
+- Tests: linting, type checking, unit tests with coverage
+- **NEVER CANCEL**: CI builds may take 2-3 minutes total
+
+## Troubleshooting
+
+### Common Issues
+
+- **"uvx command not found"**: Some MCP servers require `uvx` (Python package manager) - this is expected in development
+- **Port already in use**: Change PORT environment variable or kill existing processes
+- **Frontend not loading**: Ensure frontend was built with `pnpm frontend:build`
+- **MCP server connection failed**: Check server command/args in `mcp_settings.json`
+
+### Build Failures
+
+- **TypeScript errors**: Run `pnpm backend:build` to see compilation errors
+- **Test failures**: Run `pnpm test:verbose` for detailed test output
+- **Lint errors**: Run `pnpm lint` and fix reported issues
+
+### Development Issues
+
+- **Backend not starting**: Check for port conflicts, verify `mcp_settings.json` syntax
+- **Frontend proxy errors**: Ensure backend is running before starting frontend
+- **Hot reload not working**: Restart development server
+
+## Performance Notes
+
+- **Install time**: pnpm install takes ~30 seconds
+- **Build time**: Full build takes ~10 seconds
+- **Test time**: Complete test suite takes ~16 seconds
+- **Startup time**: Backend initialization takes 10-15 seconds (MCP server connections)
+
+**Remember**: NEVER CANCEL any build or test commands. Always wait for completion even if they seem slow.
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -76,7 +76,7 @@ jobs:

  #   services:
  #     postgres:
-  #       image: pgvector/pgvector:pg17
+  #       image: postgres:15
  #       env:
  #         POSTGRES_PASSWORD: postgres
  #         POSTGRES_DB: mcphub_test
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -1,214 +1,26 @@
-# MCPHub Development Guide & Agent Instructions
+# Repository Guidelines

-**ALWAYS follow these instructions first and only fallback to additional search and context gathering if the information here is incomplete or found to be in error.**
-
-This document serves as the primary reference for all contributors and AI agents working on `@samanhappy/mcphub`. It provides comprehensive guidance on code organization, development workflow, and project conventions.
-
-## Project Overview
-
-MCPHub is a TypeScript/Node.js MCP (Model Context Protocol) server management hub that provides unified access through HTTP endpoints. It serves as a centralized dashboard for managing multiple MCP servers with real-time monitoring, authentication, and flexible routing.
-
-**Core Components:**
-
- **Backend**: Express.js + TypeScript + ESM (`src/server.ts`)
- **Frontend**: React/Vite + Tailwind CSS (`frontend/`)
- **MCP Integration**: Connects multiple MCP servers (`src/services/mcpService.ts`)
- **Authentication**: JWT-based with bcrypt password hashing
- **Configuration**: JSON-based MCP server definitions (`mcp_settings.json`)
- **Documentation**: API docs and usage instructions(`docs/`)
-
-## Bootstrap and Setup (CRITICAL - Follow Exact Steps)
-
-```bash
-# Install pnpm if not available
-npm install -g pnpm
-
-# Install dependencies - takes ~30 seconds
-pnpm install
-
-# Setup environment (optional)
-cp .env.example .env
-
-# Build and test to verify setup
-pnpm lint                    # ~3 seconds - NEVER CANCEL
-pnpm backend:build          # ~5 seconds - NEVER CANCEL
-pnpm test:ci                # ~16 seconds - NEVER CANCEL. Set timeout to 60+ seconds
-pnpm frontend:build         # ~5 seconds - NEVER CANCEL
-pnpm build                  # ~10 seconds total - NEVER CANCEL. Set timeout to 60+ seconds
-```
-
-**CRITICAL TIMING**: These commands are fast but NEVER CANCEL them. Always wait for completion.
-
-## Manual Validation Requirements
-
-**ALWAYS perform these validation steps after making changes:**
-
-### 1. Basic Application Functionality
-
-```bash
-# Start the application
-pnpm dev
-
-# Verify backend responds (in another terminal)
-curl http://localhost:3000/api/health
-# Expected: Should return health status
-
-# Verify frontend serves
-curl -I http://localhost:3000/
-# Expected: HTTP 200 OK with HTML content
-```
-
-### 2. MCP Server Integration Test
-
-```bash
-# Check MCP servers are loading (look for log messages)
-# Expected log output should include:
-# - "Successfully connected client for server: [name]"
-# - "Successfully listed [N] tools for server: [name]"
-# - Some servers may fail due to missing API keys (normal in dev)
-```
-
-### 3. Build Verification
-
-```bash
-# Verify production build works
-pnpm build
-node scripts/verify-dist.js
-# Expected: "✅ Verification passed! Frontend and backend dist files are present."
-```
-
-**NEVER skip these validation steps**. If any fail, debug and fix before proceeding.
+These notes align current contributors around the code layout, daily commands, and collaboration habits that keep `@samanhappy/mcphub` moving quickly.

 ## Project Structure & Module Organization

-### Critical Backend Files
-
- `src/index.ts` - Application entry point
- `src/server.ts` - Express server setup and middleware (orchestrating HTTP bootstrap)
- `src/services/mcpService.ts` - **Core MCP server management logic**
- `src/config/index.ts` - Configuration management
- `src/routes/` - HTTP route definitions
- `src/controllers/` - HTTP request handlers
- `src/dao/` - Data access layer (supports JSON file & PostgreSQL)
- `src/db/` - TypeORM entities & repositories (for PostgreSQL mode)
- `src/types/index.ts` - TypeScript type definitions and shared DTOs
- `src/utils/` - Utility functions and helpers
-
-### Critical Frontend Files
-
- `frontend/src/` - React application source (Vite + React dashboard)
- `frontend/src/pages/` - Page components (development entry point)
- `frontend/src/components/` - Reusable UI components
- `frontend/src/utils/fetchInterceptor.js` - Backend API interaction
- `frontend/public/` - Static assets
-
-### Configuration Files
-
- `mcp_settings.json` - **MCP server definitions and user accounts**
- `package.json` - Dependencies and scripts
- `tsconfig.json` - TypeScript configuration
- `jest.config.cjs` - Test configuration
- `.eslintrc.json` - Linting rules
-
-### Test Organization
-
- Jest-aware test code is split between colocated specs (`src/**/*.{test,spec}.ts`) and higher-level suites in `tests/`
- Use `tests/utils/` helpers when exercising the CLI or SSE flows
- Mirror production directory names when adding new suites
- End filenames with `.test.ts` or `.spec.ts` for automatic discovery
-
-### Build Artifacts
-
- `dist/` - Backend build output (TypeScript compilation)
- `frontend/dist/` - Frontend build output (Vite bundle)
- `coverage/` - Test coverage reports
- **Never edit these manually**
-
-### Localization
-
- Translations sit in `locales/` (en.json, fr.json, tr.json, zh.json)
- Frontend uses react-i18next
-
-### Docker and Deployment
-
- `Dockerfile` - Multi-stage build with Python base + Node.js
- `entrypoint.sh` - Docker startup script
- `bin/cli.js` - NPM package CLI entry point
+- Backend services live in `src`, grouped by responsibility (`controllers/`, `services/`, `dao/`, `routes/`, `utils/`), with `server.ts` orchestrating HTTP bootstrap.
+- `frontend/src` contains the Vite + React dashboard; `frontend/public` hosts static assets and translations sit in `locales/`.
+- Jest-aware test code is split between colocated specs (`src/**/*.{test,spec}.ts`) and higher-level suites in `tests/`; use `tests/utils/` helpers when exercising the CLI or SSE flows.
+- Build artifacts and bundles are generated into `dist/`, `frontend/dist/`, and `coverage/`; never edit these manually.

 ## Build, Test, and Development Commands

-### Development Environment
-
-```bash
-# Start both backend and frontend (recommended for most development)
-pnpm dev                    # Backend on :3001, Frontend on :5173
-
-# OR start separately (required on Windows, optional on Linux/macOS)
-# Terminal 1: Backend only
-pnpm backend:dev            # Runs on port 3000 (or PORT env var)
-
-# Terminal 2: Frontend only
-pnpm frontend:dev           # Runs on port 5173, proxies API to backend
-
-# Frontend preview (production build)
-pnpm frontend:preview       # Preview production build
-```
-
-**NEVER CANCEL**: Development servers may take 10-15 seconds to fully initialize all MCP servers.
-
-### Production Build
-
-```bash
-# Full production build - takes ~10 seconds total
-pnpm build                  # NEVER CANCEL - Set timeout to 60+ seconds
-
-# Individual builds
-pnpm backend:build          # TypeScript compilation to dist/ - ~5 seconds
-pnpm frontend:build         # Vite build to frontend/dist/ - ~5 seconds
-
-# Start production server
-pnpm start                  # Requires dist/ and frontend/dist/ to exist
-```
-
-Run `pnpm build` before release or publishing.
-
-### Testing and Validation
-
-```bash
-# Run all tests - takes ~16 seconds with 73 tests
-pnpm test:ci                # NEVER CANCEL - Set timeout to 60+ seconds
-
-# Development testing
-pnpm test                   # Interactive mode
-pnpm test:watch             # Watch mode for development
-pnpm test:coverage          # With coverage report
-
-# Code quality
-pnpm lint                   # ESLint - ~3 seconds
-pnpm format                 # Prettier formatting - ~3 seconds
-```
-
-**CRITICAL**: All tests MUST pass before committing. Do not modify tests to make them pass unless specifically required for your changes.
-
-### Performance Notes
-
- **Install time**: pnpm install takes ~30 seconds
- **Build time**: Full build takes ~10 seconds
- **Test time**: Complete test suite takes ~16 seconds
- **Startup time**: Backend initialization takes 10-15 seconds (MCP server connections)
+- `pnpm dev` runs backend (`tsx watch src/index.ts`) and frontend (`vite`) together for local iteration.
+- `pnpm backend:dev`, `pnpm frontend:dev`, and `pnpm frontend:preview` target each surface independently; prefer them when debugging one stack.
+- `pnpm build` executes `pnpm backend:build` (TypeScript to `dist/`) and `pnpm frontend:build`; run before release or publishing.
+- `pnpm test`, `pnpm test:watch`, and `pnpm test:coverage` drive Jest; `pnpm lint` and `pnpm format` enforce style via ESLint and Prettier.

 ## Coding Style & Naming Conventions

- **TypeScript everywhere**: Default to 2-space indentation and single quotes, letting Prettier settle formatting
- **ESM modules**: Always use `.js` extensions in imports, not `.ts` (e.g., `import { something } from './file.js'`)
- **English only**: All code comments must be written in English
- **TypeScript strict**: Follow strict type checking rules
- **Naming conventions**:
-  - Services and data access layers: Use suffixes (`UserService`, `AuthDao`)
-  - React components and files: `PascalCase`
-  - Utility modules: `camelCase`
- **Types and DTOs**: Keep in `src/types` to avoid duplication; re-export through index files only when it clarifies imports
- **ESLint configuration**: Assumes ES modules
+- TypeScript everywhere; default to 2-space indentation and single quotes, letting Prettier settle formatting. ESLint configuration assumes ES modules.
+- Name services and data access layers with suffixes (`UserService`, `AuthDao`), React components and files in `PascalCase`, and utility modules in `camelCase`.
+- Keep DTOs and shared types in `src/types` to avoid duplication; re-export through index files only when it clarifies imports.

 ## Testing Guidelines

@@ -216,86 +28,12 @@ pnpm format                 # Prettier formatting - ~3 seconds
 - Mirror production directory names when adding new suites and end filenames with `.test.ts` or `.spec.ts` for automatic discovery.
 - Aim to maintain or raise coverage when touching critical flows (auth, OAuth, SSE); add integration tests under `tests/integration/` when touching cross-service logic.

-## Key Configuration Notes
-
- **MCP servers**: Defined in `mcp_settings.json` with command/args
- **Endpoints**: `/mcp/{group|server}` and `/mcp/$smart` for routing
- **i18n**: Frontend uses react-i18next with files in `locales/` folder
- **Authentication**: JWT tokens with bcrypt password hashing
- **Default credentials**: admin/admin123 (configured in mcp_settings.json)
-
-## Development Entry Points
-
-### Adding a new MCP server
-
-1. Add server definition to `mcp_settings.json`
-2. Restart backend to load new server
-3. Check logs for successful connection
-4. Test via dashboard or API endpoints
-
-### API development
-
-1. Define route in `src/routes/`
-2. Implement controller in `src/controllers/`
-3. Add types in `src/types/index.ts` if needed
-4. Write tests in `tests/controllers/`
-
-### Frontend development
-
-1. Create/modify components in `frontend/src/components/`
-2. Add pages in `frontend/src/pages/`
-3. Update routing if needed
-4. Test in development mode with `pnpm frontend:dev`
-
-### Documentation
-
-1. Update or add docs in `docs/` folder
-2. Ensure README.md reflects any major changes
-
 ## Commit & Pull Request Guidelines

 - Follow the existing Conventional Commit pattern (`feat:`, `fix:`, `chore:`, etc.) with imperative, present-tense summaries and optional multi-line context.
 - Each PR should describe the behavior change, list testing performed, and link issues; include before/after screenshots or GIFs for frontend tweaks.
 - Re-run `pnpm build` and `pnpm test` before requesting review, and ensure generated artifacts stay out of the diff.

-### Before Committing - ALWAYS Run
-
-```bash
-pnpm lint                   # Must pass - ~3 seconds
-pnpm backend:build          # Must compile - ~5 seconds
-pnpm test:ci                # All tests must pass - ~16 seconds
-pnpm build                  # Full build must work - ~10 seconds
-```
-
-**CRITICAL**: CI will fail if any of these commands fail. Fix issues locally first.
-
-### CI Pipeline (.github/workflows/ci.yml)
-
- Runs on Node.js 20.x
- Tests: linting, type checking, unit tests with coverage
- **NEVER CANCEL**: CI builds may take 2-3 minutes total
-
-## Troubleshooting
-
-### Common Issues
-
- **"uvx command not found"**: Some MCP servers require `uvx` (Python package manager) - this is expected in development
- **Port already in use**: Change PORT environment variable or kill existing processes
- **Frontend not loading**: Ensure frontend was built with `pnpm frontend:build`
- **MCP server connection failed**: Check server command/args in `mcp_settings.json`
-
-### Build Failures
-
- **TypeScript errors**: Run `pnpm backend:build` to see compilation errors
- **Test failures**: Run `pnpm test:verbose` for detailed test output
- **Lint errors**: Run `pnpm lint` and fix reported issues
-
-### Development Issues
-
- **Backend not starting**: Check for port conflicts, verify `mcp_settings.json` syntax
- **Frontend proxy errors**: Ensure backend is running before starting frontend
- **Hot reload not working**: Restart development server
-
 ## DAO Layer & Dual Data Source

 MCPHub supports **JSON file** (default) and **PostgreSQL** storage. Set `USE_DB=true` + `DB_URL` to switch.
@@ -325,100 +63,16 @@ When adding/changing fields, update **ALL** these files:

 ### Data Type Mapping

-| Model          | DAO               | DB Entity      | JSON Path                 |
-| -------------- | ----------------- | -------------- | ------------------------- |
-| `IUser`        | `UserDao`         | `User`         | `settings.users[]`        |
-| `ServerConfig` | `ServerDao`       | `Server`       | `settings.mcpServers{}`   |
-| `IGroup`       | `GroupDao`        | `Group`        | `settings.groups[]`       |
-| `SystemConfig` | `SystemConfigDao` | `SystemConfig` | `settings.systemConfig`   |
-| `UserConfig`   | `UserConfigDao`   | `UserConfig`   | `settings.userConfigs{}`  |
-| `BearerKey`    | `BearerKeyDao`    | `BearerKey`    | `settings.bearerKeys[]`   |
-| `IOAuthClient` | `OAuthClientDao`  | `OAuthClient`  | `settings.oauthClients[]` |
-| `IOAuthToken`  | `OAuthTokenDao`   | `OAuthToken`   | `settings.oauthTokens[]`  |
+| Model          | DAO               | DB Entity      | JSON Path                |
+| -------------- | ----------------- | -------------- | ------------------------ |
+| `IUser`        | `UserDao`         | `User`         | `settings.users[]`       |
+| `ServerConfig` | `ServerDao`       | `Server`       | `settings.mcpServers{}`  |
+| `IGroup`       | `GroupDao`        | `Group`        | `settings.groups[]`      |
+| `SystemConfig` | `SystemConfigDao` | `SystemConfig` | `settings.systemConfig`  |
+| `UserConfig`   | `UserConfigDao`   | `UserConfig`   | `settings.userConfigs{}` |

 ### Common Pitfalls

 - Forgetting migration script → fields won't migrate to DB
 - Optional fields need `nullable: true` in entity
 - Complex objects need `simple-json` column type
-
-## Auto-Evolution Guidelines for AI Agents
-
-**This section provides guidelines for AI agents to automatically maintain and improve this document.**
-
-### When to Update AGENTS.md
-
-AI agents MUST update this document in the following situations:
-
-#### 1. Code-Documentation Mismatch Detected
-
-When executing tasks, if you discover that:
-
- The actual code structure differs from descriptions in this document
- File paths, imports, or module organization has changed
- New critical files or directories exist that aren't documented
- Documented files or patterns no longer exist
-
-**Action**: Immediately update the relevant section to reflect the current codebase state.
-
-**Example scenarios**:
-
- A controller is now in `src/api/controllers/` instead of `src/controllers/`
- New middleware files exist that should be documented
- The DAO implementation has been refactored with a different structure
- Build output directories have changed
-
-#### 2. User Preferences and Requirements
-
-During conversation, if the user expresses:
-
- **Coding preferences**: Indentation style, naming conventions, code organization patterns
- **Workflow requirements**: Required validation steps, commit procedures, testing expectations
- **Tool preferences**: Preferred libraries, frameworks, or development tools
- **Quality standards**: Code review criteria, documentation requirements, error handling patterns
- **Development principles**: Architecture decisions, design patterns, best practices
-
-**Action**: Add or update the relevant section to capture these preferences for future reference.
-
-**Example scenarios**:
-
- User prefers async/await over promises → Update coding style section
- User requires specific test coverage thresholds → Update testing guidelines
- User has strong opinions about error handling → Add to development process section
- User establishes new deployment procedures → Update deployment section
-
-### How to Update AGENTS.md
-
-1. **Identify the Section**: Determine which section needs updating based on the type of change
-2. **Make Precise Changes**: Update only the relevant content, maintaining the document structure
-3. **Preserve Format**: Keep the existing markdown formatting and organization
-4. **Add Context**: If adding new content, ensure it fits logically within existing sections
-5. **Verify Accuracy**: After updating, ensure the new information is accurate and complete
-
-### Update Principles
-
- **Accuracy First**: Documentation must reflect the actual current state
- **Clarity**: Use clear, concise language; avoid ambiguity
- **Completeness**: Include sufficient detail for agents to work effectively
- **Consistency**: Maintain consistent terminology and formatting throughout
- **Actionability**: Focus on concrete, actionable guidance rather than vague descriptions
-
-### Self-Correction Process
-
-Before completing any task:
-
-1. Review relevant sections of AGENTS.md
-2. During execution, note any discrepancies between documentation and reality
-3. Update AGENTS.md to correct discrepancies
-4. Verify the update doesn't conflict with other sections
-5. Proceed with the original task using the updated information
-
-### Meta-Update Rule
-
-If this auto-evolution section itself needs improvement based on experience:
-
- Update it to better serve future agents
- Add new scenarios or principles as they emerge
- Refine the update process based on what works well
-
-**Remember**: This document is a living guide. Keeping it accurate and current is as important as following it.
--- a/docker-compose.db.yml
+++ b/docker-compose.db.yml
@@ -3,7 +3,7 @@ version: "3.8"
 services:
  # PostgreSQL database for MCPHub configuration
  postgres:
-    image: pgvector/pgvector:pg17-alpine
+    image: postgres:16-alpine
    container_name: mcphub-postgres
    environment:
      POSTGRES_DB: mcphub
--- a/docs/configuration/database-configuration.mdx
+++ b/docs/configuration/database-configuration.mdx
@@ -59,7 +59,7 @@ version: '3.8'

 services:
  postgres:
-    image: pgvector/pgvector:pg17
+    image: postgres:16
    environment:
      POSTGRES_DB: mcphub
      POSTGRES_USER: mcphub
--- a/docs/configuration/docker-setup.mdx
+++ b/docs/configuration/docker-setup.mdx
@@ -119,7 +119,7 @@ services:
      - mcphub-network

  postgres:
-    image: pgvector/pgvector:pg17
+    image: postgres:15-alpine
    container_name: mcphub-postgres
    environment:
      - POSTGRES_DB=mcphub
@@ -203,7 +203,7 @@ services:
      retries: 3

  postgres:
-    image: pgvector/pgvector:pg17
+    image: postgres:15-alpine
    container_name: mcphub-postgres
    environment:
      - POSTGRES_DB=mcphub
@@ -305,7 +305,7 @@ services:
      - mcphub-dev

  postgres:
-    image: pgvector/pgvector:pg17
+    image: postgres:15-alpine
    container_name: mcphub-postgres-dev
    environment:
      - POSTGRES_DB=mcphub
@@ -445,7 +445,7 @@ Add backup service to your `docker-compose.yml`:
 ```yaml
 services:
  backup:
-    image: pgvector/pgvector:pg17
+    image: postgres:15-alpine
    container_name: mcphub-backup
    environment:
      - PGPASSWORD=${POSTGRES_PASSWORD}
--- a/docs/features/smart-routing.mdx
+++ b/docs/features/smart-routing.mdx
@@ -78,7 +78,7 @@ Smart Routing requires additional setup compared to basic MCPHub usage:
          - ./mcp_settings.json:/app/mcp_settings.json

      postgres:
-        image: pgvector/pgvector:pg17
+        image: pgvector/pgvector:pg16
        environment:
          - POSTGRES_DB=mcphub
          - POSTGRES_USER=mcphub
@@ -146,7 +146,7 @@ Smart Routing requires additional setup compared to basic MCPHub usage:
        spec:
          containers:
          - name: postgres
-            image: pgvector/pgvector:pg17
+            image: pgvector/pgvector:pg16
            env:
            - name: POSTGRES_DB
              value: mcphub
--- a/docs/installation.mdx
+++ b/docs/installation.mdx
@@ -96,7 +96,7 @@ Optional for Smart Routing:

      # Optional: PostgreSQL for Smart Routing
      postgres:
-        image: pgvector/pgvector:pg17
+        image: pgvector/pgvector:pg16
        environment:
          POSTGRES_DB: mcphub
          POSTGRES_USER: mcphub
--- a/docs/zh/configuration/database-configuration.mdx
+++ b/docs/zh/configuration/database-configuration.mdx
@@ -59,7 +59,7 @@ version: '3.8'

 services:
  postgres:
-    image: pgvector/pgvector:pg17
+    image: postgres:16
    environment:
      POSTGRES_DB: mcphub
      POSTGRES_USER: mcphub
--- a/docs/zh/configuration/docker-setup.mdx
+++ b/docs/zh/configuration/docker-setup.mdx
@@ -119,7 +119,7 @@ services:
      - mcphub-network

  postgres:
-    image: pgvector/pgvector:pg17
+    image: postgres:15-alpine
    container_name: mcphub-postgres
    environment:
      - POSTGRES_DB=mcphub
@@ -203,7 +203,7 @@ services:
      retries: 3

  postgres:
-    image: pgvector/pgvector:pg17
+    image: postgres:15-alpine
    container_name: mcphub-postgres
    environment:
      - POSTGRES_DB=mcphub
@@ -305,7 +305,7 @@ services:
      - mcphub-dev

  postgres:
-    image: pgvector/pgvector:pg17
+    image: postgres:15-alpine
    container_name: mcphub-postgres-dev
    environment:
      - POSTGRES_DB=mcphub
@@ -445,7 +445,7 @@ secrets:
 ```yaml
 services:
  backup:
-    image: pgvector/pgvector:pg17
+    image: postgres:15-alpine
    container_name: mcphub-backup
    environment:
      - PGPASSWORD=${POSTGRES_PASSWORD}
--- a/docs/zh/installation.mdx
+++ b/docs/zh/installation.mdx
@@ -96,7 +96,7 @@ description: '各种平台的详细安装说明'

      # 可选：用于智能路由的 PostgreSQL
      postgres:
-        image: pgvector/pgvector:pg17
+        image: pgvector/pgvector:pg16
        environment:
          POSTGRES_DB: mcphub
          POSTGRES_USER: mcphub
--- a/frontend/src/components/EditServerForm.tsx
+++ b/frontend/src/components/EditServerForm.tsx
@@ -18,17 +18,7 @@ const EditServerForm = ({ server, onEdit, onCancel }: EditServerFormProps) => {
    try {
      setError(null);
      const encodedServerName = encodeURIComponent(server.name);
-
-      // Check if name is being changed
-      const isRenaming = payload.name && payload.name !== server.name;
-
-      // Build the request body
-      const requestBody = {
-        config: payload.config,
-        ...(isRenaming ? { newName: payload.name } : {}),
-      };
-
-      const result = await apiPut(`/servers/${encodedServerName}`, requestBody);
+      const result = await apiPut(`/servers/${encodedServerName}`, payload);

      if (!result.success) {
        // Use specific error message from the response if available
--- a/frontend/src/components/ServerForm.tsx
+++ b/frontend/src/components/ServerForm.tsx
@@ -375,7 +375,6 @@ const ServerForm = ({
              ? {
                  url: formData.url,
                  ...(Object.keys(headers).length > 0 ? { headers } : {}),
-                  ...(Object.keys(env).length > 0 ? { env } : {}),
                  ...(oauthConfig ? { oauth: oauthConfig } : {}),
                }
              : {
@@ -429,6 +428,7 @@ const ServerForm = ({
            className="shadow appearance-none border rounded w-full py-2 px-3 text-gray-700 leading-tight focus:outline-none focus:shadow-outline form-input"
            placeholder="e.g.: time-mcp"
            required
+            disabled={isEdit}
          />
        </div>

@@ -978,49 +978,6 @@ const ServerForm = ({
              ))}
            </div>

-            <div className="mb-4">
-              <div className="flex justify-between items-center mb-2">
-                <label className="block text-gray-700 text-sm font-bold">
-                  {t('server.envVars')}
-                </label>
-                <button
-                  type="button"
-                  onClick={addEnvVar}
-                  className="bg-gray-200 hover:bg-gray-300 text-gray-700 font-medium py-1 px-2 rounded text-sm flex items-center justify-center min-w-[30px] min-h-[30px] btn-primary"
-                >
-                  +
-                </button>
-              </div>
-              {envVars.map((envVar, index) => (
-                <div key={index} className="flex items-center mb-2">
-                  <div className="flex items-center space-x-2 flex-grow">
-                    <input
-                      type="text"
-                      value={envVar.key}
-                      onChange={(e) => handleEnvVarChange(index, 'key', e.target.value)}
-                      className="shadow appearance-none border rounded py-2 px-3 text-gray-700 leading-tight focus:outline-none focus:shadow-outline w-1/2 form-input"
-                      placeholder={t('server.key')}
-                    />
-                    <span className="flex items-center">:</span>
-                    <input
-                      type="text"
-                      value={envVar.value}
-                      onChange={(e) => handleEnvVarChange(index, 'value', e.target.value)}
-                      className="shadow appearance-none border rounded py-2 px-3 text-gray-700 leading-tight focus:outline-none focus:shadow-outline w-1/2 form-input"
-                      placeholder={t('server.value')}
-                    />
-                  </div>
-                  <button
-                    type="button"
-                    onClick={() => removeEnvVar(index)}
-                    className="bg-gray-200 hover:bg-gray-300 text-gray-700 font-medium py-1 px-2 rounded text-sm flex items-center justify-center min-w-[30px] min-h-[30px] ml-2 btn-danger"
-                  >
-                    -
-                  </button>
-                </div>
-              ))}
-            </div>
-
            <div className="mb-4">
              <div
                className="flex items-center justify-between cursor-pointer bg-gray-50 hover:bg-gray-100 p-3 rounded border border-gray-200"
--- a/frontend/src/contexts/AuthContext.tsx
+++ b/frontend/src/contexts/AuthContext.tsx
@@ -14,17 +14,14 @@ const initialState: AuthState = {
 // Create auth context
 const AuthContext = createContext<{
  auth: AuthState;
-  login: (
-    username: string,
-    password: string,
-  ) => Promise<{ success: boolean; isUsingDefaultPassword?: boolean; message?: string }>;
+  login: (username: string, password: string) => Promise<{ success: boolean; isUsingDefaultPassword?: boolean }>;
  register: (username: string, password: string, isAdmin?: boolean) => Promise<boolean>;
  logout: () => void;
 }>({
  auth: initialState,
  login: async () => ({ success: false }),
  register: async () => false,
-  logout: () => {},
+  logout: () => { },
 });

 // Auth provider component
@@ -93,10 +90,7 @@ export const AuthProvider: React.FC<{ children: ReactNode }> = ({ children }) =>
  }, []);

  // Login function
-  const login = async (
-    username: string,
-    password: string,
-  ): Promise<{ success: boolean; isUsingDefaultPassword?: boolean; message?: string }> => {
+  const login = async (username: string, password: string): Promise<{ success: boolean; isUsingDefaultPassword?: boolean }> => {
    try {
      const response = await authService.login({ username, password });

@@ -117,7 +111,7 @@ export const AuthProvider: React.FC<{ children: ReactNode }> = ({ children }) =>
          loading: false,
          error: response.message || 'Authentication failed',
        });
-        return { success: false, message: response.message };
+        return { success: false };
      }
    } catch (error) {
      setAuth({
@@ -125,7 +119,7 @@ export const AuthProvider: React.FC<{ children: ReactNode }> = ({ children }) =>
        loading: false,
        error: 'Authentication failed',
      });
-      return { success: false, message: error instanceof Error ? error.message : undefined };
+      return { success: false };
    }
  };

@@ -133,7 +127,7 @@ export const AuthProvider: React.FC<{ children: ReactNode }> = ({ children }) =>
  const register = async (
    username: string,
    password: string,
-    isAdmin = false,
+    isAdmin = false
  ): Promise<boolean> => {
    try {
      const response = await authService.register({ username, password, isAdmin });
@@ -181,4 +175,4 @@ export const AuthProvider: React.FC<{ children: ReactNode }> = ({ children }) =>
 };

 // Custom hook to use auth context
-export const useAuth = () => useContext(AuthContext);
+export const useAuth = () => useContext(AuthContext);
--- a/frontend/src/contexts/SettingsContext.tsx
+++ b/frontend/src/contexts/SettingsContext.tsx
@@ -9,7 +9,6 @@ import React, {
 import { useTranslation } from 'react-i18next';
 import { ApiResponse, BearerKey } from '@/types';
 import { useToast } from '@/contexts/ToastContext';
-import { useAuth } from '@/contexts/AuthContext';
 import { apiGet, apiPut, apiPost, apiDelete } from '@/utils/fetchInterceptor';

 // Define types for the settings data
@@ -154,7 +153,6 @@ interface SettingsProviderProps {
 export const SettingsProvider: React.FC<SettingsProviderProps> = ({ children }) => {
  const { t } = useTranslation();
  const { showToast } = useToast();
-  const { auth } = useAuth();

  const [routingConfig, setRoutingConfig] = useState<RoutingConfig>({
    enableGlobalRoute: true,
@@ -748,15 +746,6 @@ export const SettingsProvider: React.FC<SettingsProviderProps> = ({ children })
    fetchSettings();
  }, [fetchSettings, refreshKey]);

-  // Watch for authentication status changes - refetch settings after login
-  useEffect(() => {
-    if (auth.isAuthenticated) {
-      console.log('[SettingsContext] User authenticated, triggering settings refresh');
-      // When user logs in, trigger a refresh to load settings
-      triggerRefresh();
-    }
-  }, [auth.isAuthenticated, triggerRefresh]);
-
  useEffect(() => {
    if (routingConfig) {
      setTempRoutingConfig({
--- a/frontend/src/pages/LoginPage.tsx
+++ b/frontend/src/pages/LoginPage.tsx
@@ -44,24 +44,6 @@ const LoginPage: React.FC = () => {
    return sanitizeReturnUrl(params.get('returnUrl'));
  }, [location.search]);

-  const isServerUnavailableError = useCallback((message?: string) => {
-    if (!message) return false;
-    const normalized = message.toLowerCase();
-
-    return (
-      normalized.includes('failed to fetch') ||
-      normalized.includes('networkerror') ||
-      normalized.includes('network error') ||
-      normalized.includes('connection refused') ||
-      normalized.includes('unable to connect') ||
-      normalized.includes('fetch error') ||
-      normalized.includes('econnrefused') ||
-      normalized.includes('http 500') ||
-      normalized.includes('internal server error') ||
-      normalized.includes('proxy error')
-    );
-  }, []);
-
  const buildRedirectTarget = useCallback(() => {
    if (!returnUrl) {
      return '/';
@@ -118,20 +100,10 @@ const LoginPage: React.FC = () => {
          redirectAfterLogin();
        }
      } else {
-        const message = result.message;
-        if (isServerUnavailableError(message)) {
-          setError(t('auth.serverUnavailable'));
-        } else {
-          setError(t('auth.loginFailed'));
-        }
+        setError(t('auth.loginFailed'));
      }
    } catch (err) {
-      const message = err instanceof Error ? err.message : undefined;
-      if (isServerUnavailableError(message)) {
-        setError(t('auth.serverUnavailable'));
-      } else {
-        setError(t('auth.loginError'));
-      }
+      setError(t('auth.loginError'));
    } finally {
      setLoading(false);
    }
@@ -159,21 +131,13 @@ const LoginPage: React.FC = () => {
        }}
      />
      <div className="pointer-events-none absolute inset-0 -z-10">
-        <svg
-          className="h-full w-full opacity-[0.08] dark:opacity-[0.12]"
-          xmlns="http://www.w3.org/2000/svg"
-        >
+        <svg className="h-full w-full opacity-[0.08] dark:opacity-[0.12]" xmlns="http://www.w3.org/2000/svg">
          <defs>
            <pattern id="grid" width="32" height="32" patternUnits="userSpaceOnUse">
              <path d="M 32 0 L 0 0 0 32" fill="none" stroke="currentColor" strokeWidth="0.5" />
            </pattern>
          </defs>
-          <rect
-            width="100%"
-            height="100%"
-            fill="url(#grid)"
-            className="text-gray-400 dark:text-gray-300"
-          />
+          <rect width="100%" height="100%" fill="url(#grid)" className="text-gray-400 dark:text-gray-300" />
        </svg>
      </div>

--- a/frontend/src/pages/SettingsPage.tsx
+++ b/frontend/src/pages/SettingsPage.tsx
@@ -25,7 +25,7 @@ interface BearerKeyRowProps {
      name: string;
      token: string;
      enabled: boolean;
-      accessType: 'all' | 'groups' | 'servers' | 'custom';
+      accessType: 'all' | 'groups' | 'servers';
      allowedGroups: string;
      allowedServers: string;
    },
@@ -47,7 +47,7 @@ const BearerKeyRow: React.FC<BearerKeyRowProps> = ({
  const [name, setName] = useState(keyData.name);
  const [token, setToken] = useState(keyData.token);
  const [enabled, setEnabled] = useState<boolean>(keyData.enabled);
-  const [accessType, setAccessType] = useState<'all' | 'groups' | 'servers' | 'custom'>(
+  const [accessType, setAccessType] = useState<'all' | 'groups' | 'servers'>(
    keyData.accessType || 'all',
  );
  const [selectedGroups, setSelectedGroups] = useState<string[]>(keyData.allowedGroups || []);
@@ -105,13 +105,6 @@ const BearerKeyRow: React.FC<BearerKeyRowProps> = ({
      );
      return;
    }
-    if (accessType === 'custom' && selectedGroups.length === 0 && selectedServers.length === 0) {
-      showToast(
-        t('settings.selectAtLeastOneGroupOrServer') || 'Please select at least one group or server',
-        'error',
-      );
-      return;
-    }

    setSaving(true);
    try {
@@ -142,31 +135,6 @@ const BearerKeyRow: React.FC<BearerKeyRowProps> = ({
  };

  const isGroupsMode = accessType === 'groups';
-  const isCustomMode = accessType === 'custom';
-
-  // Helper function to format access type display text
-  const formatAccessTypeDisplay = (key: BearerKey): string => {
-    if (key.accessType === 'all') {
-      return t('settings.bearerKeyAccessAll') || 'All Resources';
-    }
-    if (key.accessType === 'groups') {
-      return `${t('settings.bearerKeyAccessGroups') || 'Groups'}: ${key.allowedGroups}`;
-    }
-    if (key.accessType === 'servers') {
-      return `${t('settings.bearerKeyAccessServers') || 'Servers'}: ${key.allowedServers}`;
-    }
-    if (key.accessType === 'custom') {
-      const parts: string[] = [];
-      if (key.allowedGroups && key.allowedGroups.length > 0) {
-        parts.push(`${t('settings.bearerKeyAccessGroups') || 'Groups'}: ${key.allowedGroups}`);
-      }
-      if (key.allowedServers && key.allowedServers.length > 0) {
-        parts.push(`${t('settings.bearerKeyAccessServers') || 'Servers'}: ${key.allowedServers}`);
-      }
-      return `${t('settings.bearerKeyAccessCustom') || 'Custom'}: ${parts.join('; ')}`;
-    }
-    return '';
-  };

  if (isEditing) {
    return (
@@ -226,9 +194,7 @@ const BearerKeyRow: React.FC<BearerKeyRowProps> = ({
                <select
                  className="block w-full py-2 px-3 border border-gray-300 bg-white rounded-md shadow-sm focus:outline-none focus:ring-blue-500 focus:border-blue-500 sm:text-sm form-select transition-shadow duration-200"
                  value={accessType}
-                  onChange={(e) =>
-                    setAccessType(e.target.value as 'all' | 'groups' | 'servers' | 'custom')
-                  }
+                  onChange={(e) => setAccessType(e.target.value as 'all' | 'groups' | 'servers')}
                  disabled={loading}
                >
                  <option value="all">{t('settings.bearerKeyAccessAll') || 'All Resources'}</option>
@@ -238,65 +204,29 @@ const BearerKeyRow: React.FC<BearerKeyRowProps> = ({
                  <option value="servers">
                    {t('settings.bearerKeyAccessServers') || 'Specific Servers'}
                  </option>
-                  <option value="custom">
-                    {t('settings.bearerKeyAccessCustom') || 'Custom (Groups & Servers)'}
-                  </option>
                </select>
              </div>

-              {/* Show single selector for groups or servers mode */}
-              {!isCustomMode && (
-                <div className="flex-1 min-w-[200px]">
-                  <label
-                    className={`block text-sm font-medium mb-1 ${accessType === 'all' ? 'text-gray-400' : 'text-gray-700'}`}
-                  >
-                    {isGroupsMode
-                      ? t('settings.bearerKeyAllowedGroups') || 'Allowed groups'
-                      : t('settings.bearerKeyAllowedServers') || 'Allowed servers'}
-                  </label>
-                  <MultiSelect
-                    options={isGroupsMode ? availableGroups : availableServers}
-                    selected={isGroupsMode ? selectedGroups : selectedServers}
-                    onChange={isGroupsMode ? setSelectedGroups : setSelectedServers}
-                    placeholder={
-                      isGroupsMode
-                        ? t('settings.selectGroups') || 'Select groups...'
-                        : t('settings.selectServers') || 'Select servers...'
-                    }
-                    disabled={loading || accessType === 'all'}
-                  />
-                </div>
-              )}
-
-              {/* Show both selectors for custom mode */}
-              {isCustomMode && (
-                <>
-                  <div className="flex-1 min-w-[200px]">
-                    <label className="block text-sm font-medium text-gray-700 mb-1">
-                      {t('settings.bearerKeyAllowedGroups') || 'Allowed groups'}
-                    </label>
-                    <MultiSelect
-                      options={availableGroups}
-                      selected={selectedGroups}
-                      onChange={setSelectedGroups}
-                      placeholder={t('settings.selectGroups') || 'Select groups...'}
-                      disabled={loading}
-                    />
-                  </div>
-                  <div className="flex-1 min-w-[200px]">
-                    <label className="block text-sm font-medium text-gray-700 mb-1">
-                      {t('settings.bearerKeyAllowedServers') || 'Allowed servers'}
-                    </label>
-                    <MultiSelect
-                      options={availableServers}
-                      selected={selectedServers}
-                      onChange={setSelectedServers}
-                      placeholder={t('settings.selectServers') || 'Select servers...'}
-                      disabled={loading}
-                    />
-                  </div>
-                </>
-              )}
+              <div className="flex-1 min-w-[200px]">
+                <label
+                  className={`block text-sm font-medium mb-1 ${accessType === 'all' ? 'text-gray-400' : 'text-gray-700'}`}
+                >
+                  {isGroupsMode
+                    ? t('settings.bearerKeyAllowedGroups') || 'Allowed groups'
+                    : t('settings.bearerKeyAllowedServers') || 'Allowed servers'}
+                </label>
+                <MultiSelect
+                  options={isGroupsMode ? availableGroups : availableServers}
+                  selected={isGroupsMode ? selectedGroups : selectedServers}
+                  onChange={isGroupsMode ? setSelectedGroups : setSelectedServers}
+                  placeholder={
+                    isGroupsMode
+                      ? t('settings.selectGroups') || 'Select groups...'
+                      : t('settings.selectServers') || 'Select servers...'
+                  }
+                  disabled={loading || accessType === 'all'}
+                />
+              </div>

              <div className="flex justify-end gap-2">
                <button
@@ -351,7 +281,11 @@ const BearerKeyRow: React.FC<BearerKeyRowProps> = ({
        </span>
      </td>
      <td className="px-6 py-4 whitespace-nowrap text-sm text-gray-500">
-        {formatAccessTypeDisplay(keyData)}
+        {keyData.accessType === 'all'
+          ? t('settings.bearerKeyAccessAll') || 'All Resources'
+          : keyData.accessType === 'groups'
+            ? `${t('settings.bearerKeyAccessGroups') || 'Groups'}: ${keyData.allowedGroups}`
+            : `${t('settings.bearerKeyAccessServers') || 'Servers'}: ${keyData.allowedServers}`}
      </td>
      <td className="px-6 py-4 whitespace-nowrap text-right text-sm font-medium">
        <button
@@ -624,6 +558,12 @@ const SettingsPage: React.FC = () => {
    });
  };

+  const saveSmartRoutingConfig = async (
+    key: 'dbUrl' | 'openaiApiBaseUrl' | 'openaiApiKey' | 'openaiApiEmbeddingModel',
+  ) => {
+    await updateSmartRoutingConfig(key, tempSmartRoutingConfig[key]);
+  };
+
  const handleMCPRouterConfigChange = (
    key: 'apiKey' | 'referer' | 'title' | 'baseUrl',
    value: string,
@@ -765,31 +705,6 @@ const SettingsPage: React.FC = () => {
    }
  };

-  const handleSaveSmartRoutingConfig = async () => {
-    const updates: any = {};
-
-    if (tempSmartRoutingConfig.dbUrl !== smartRoutingConfig.dbUrl) {
-      updates.dbUrl = tempSmartRoutingConfig.dbUrl;
-    }
-    if (tempSmartRoutingConfig.openaiApiBaseUrl !== smartRoutingConfig.openaiApiBaseUrl) {
-      updates.openaiApiBaseUrl = tempSmartRoutingConfig.openaiApiBaseUrl;
-    }
-    if (tempSmartRoutingConfig.openaiApiKey !== smartRoutingConfig.openaiApiKey) {
-      updates.openaiApiKey = tempSmartRoutingConfig.openaiApiKey;
-    }
-    if (
-      tempSmartRoutingConfig.openaiApiEmbeddingModel !== smartRoutingConfig.openaiApiEmbeddingModel
-    ) {
-      updates.openaiApiEmbeddingModel = tempSmartRoutingConfig.openaiApiEmbeddingModel;
-    }
-
-    if (Object.keys(updates).length > 0) {
-      await updateSmartRoutingConfigBatch(updates);
-    } else {
-      showToast(t('settings.noChanges') || 'No changes to save', 'info');
-    }
-  };
-
  const handlePasswordChangeSuccess = () => {
    setTimeout(() => {
      navigate('/');
@@ -803,7 +718,7 @@ const SettingsPage: React.FC = () => {
    name: string;
    token: string;
    enabled: boolean;
-    accessType: 'all' | 'groups' | 'servers' | 'custom';
+    accessType: 'all' | 'groups' | 'servers';
    allowedGroups: string;
    allowedServers: string;
  }>({
@@ -831,10 +746,10 @@ const SettingsPage: React.FC = () => {

  // Reset selected arrays when accessType changes
  useEffect(() => {
-    if (newBearerKey.accessType !== 'groups' && newBearerKey.accessType !== 'custom') {
+    if (newBearerKey.accessType !== 'groups') {
      setNewSelectedGroups([]);
    }
-    if (newBearerKey.accessType !== 'servers' && newBearerKey.accessType !== 'custom') {
+    if (newBearerKey.accessType !== 'servers') {
      setNewSelectedServers([]);
    }
  }, [newBearerKey.accessType]);
@@ -932,17 +847,6 @@ const SettingsPage: React.FC = () => {
      );
      return;
    }
-    if (
-      newBearerKey.accessType === 'custom' &&
-      newSelectedGroups.length === 0 &&
-      newSelectedServers.length === 0
-    ) {
-      showToast(
-        t('settings.selectAtLeastOneGroupOrServer') || 'Please select at least one group or server',
-        'error',
-      );
-      return;
-    }

    await createBearerKey({
      name: newBearerKey.name,
@@ -950,13 +854,11 @@ const SettingsPage: React.FC = () => {
      enabled: newBearerKey.enabled,
      accessType: newBearerKey.accessType,
      allowedGroups:
-        (newBearerKey.accessType === 'groups' || newBearerKey.accessType === 'custom') &&
-        newSelectedGroups.length > 0
+        newBearerKey.accessType === 'groups' && newSelectedGroups.length > 0
          ? newSelectedGroups
          : undefined,
      allowedServers:
-        (newBearerKey.accessType === 'servers' || newBearerKey.accessType === 'custom') &&
-        newSelectedServers.length > 0
+        newBearerKey.accessType === 'servers' && newSelectedServers.length > 0
          ? newSelectedServers
          : undefined,
    } as any);
@@ -980,7 +882,7 @@ const SettingsPage: React.FC = () => {
      name: string;
      token: string;
      enabled: boolean;
-      accessType: 'all' | 'groups' | 'servers' | 'custom';
+      accessType: 'all' | 'groups' | 'servers';
      allowedGroups: string;
      allowedServers: string;
    },
@@ -1207,7 +1109,7 @@ const SettingsPage: React.FC = () => {
                          onChange={(e) =>
                            setNewBearerKey((prev) => ({
                              ...prev,
-                              accessType: e.target.value as 'all' | 'groups' | 'servers' | 'custom',
+                              accessType: e.target.value as 'all' | 'groups' | 'servers',
                            }))
                          }
                          disabled={loading}
@@ -1221,75 +1123,41 @@ const SettingsPage: React.FC = () => {
                          <option value="servers">
                            {t('settings.bearerKeyAccessServers') || 'Specific Servers'}
                          </option>
-                          <option value="custom">
-                            {t('settings.bearerKeyAccessCustom') || 'Custom (Groups & Servers)'}
-                          </option>
                        </select>
                      </div>

-                      {newBearerKey.accessType !== 'custom' && (
-                        <div className="flex-1 min-w-[200px]">
-                          <label
-                            className={`block text-sm font-medium mb-1 ${newBearerKey.accessType === 'all' ? 'text-gray-400' : 'text-gray-700'}`}
-                          >
-                            {newBearerKey.accessType === 'groups'
-                              ? t('settings.bearerKeyAllowedGroups') || 'Allowed groups'
-                              : t('settings.bearerKeyAllowedServers') || 'Allowed servers'}
-                          </label>
-                          <MultiSelect
-                            options={
-                              newBearerKey.accessType === 'groups'
-                                ? availableGroups
-                                : availableServers
-                            }
-                            selected={
-                              newBearerKey.accessType === 'groups'
-                                ? newSelectedGroups
-                                : newSelectedServers
-                            }
-                            onChange={
-                              newBearerKey.accessType === 'groups'
-                                ? setNewSelectedGroups
-                                : setNewSelectedServers
-                            }
-                            placeholder={
-                              newBearerKey.accessType === 'groups'
-                                ? t('settings.selectGroups') || 'Select groups...'
-                                : t('settings.selectServers') || 'Select servers...'
-                            }
-                            disabled={loading || newBearerKey.accessType === 'all'}
-                          />
-                        </div>
-                      )}
-
-                      {newBearerKey.accessType === 'custom' && (
-                        <>
-                          <div className="flex-1 min-w-[200px]">
-                            <label className="block text-sm font-medium text-gray-700 mb-1">
-                              {t('settings.bearerKeyAllowedGroups') || 'Allowed groups'}
-                            </label>
-                            <MultiSelect
-                              options={availableGroups}
-                              selected={newSelectedGroups}
-                              onChange={setNewSelectedGroups}
-                              placeholder={t('settings.selectGroups') || 'Select groups...'}
-                              disabled={loading}
-                            />
-                          </div>
-                          <div className="flex-1 min-w-[200px]">
-                            <label className="block text-sm font-medium text-gray-700 mb-1">
-                              {t('settings.bearerKeyAllowedServers') || 'Allowed servers'}
-                            </label>
-                            <MultiSelect
-                              options={availableServers}
-                              selected={newSelectedServers}
-                              onChange={setNewSelectedServers}
-                              placeholder={t('settings.selectServers') || 'Select servers...'}
-                              disabled={loading}
-                            />
-                          </div>
-                        </>
-                      )}
+                      <div className="flex-1 min-w-[200px]">
+                        <label
+                          className={`block text-sm font-medium mb-1 ${newBearerKey.accessType === 'all' ? 'text-gray-400' : 'text-gray-700'}`}
+                        >
+                          {newBearerKey.accessType === 'groups'
+                            ? t('settings.bearerKeyAllowedGroups') || 'Allowed groups'
+                            : t('settings.bearerKeyAllowedServers') || 'Allowed servers'}
+                        </label>
+                        <MultiSelect
+                          options={
+                            newBearerKey.accessType === 'groups'
+                              ? availableGroups
+                              : availableServers
+                          }
+                          selected={
+                            newBearerKey.accessType === 'groups'
+                              ? newSelectedGroups
+                              : newSelectedServers
+                          }
+                          onChange={
+                            newBearerKey.accessType === 'groups'
+                              ? setNewSelectedGroups
+                              : setNewSelectedServers
+                          }
+                          placeholder={
+                            newBearerKey.accessType === 'groups'
+                              ? t('settings.selectGroups') || 'Select groups...'
+                              : t('settings.selectServers') || 'Select servers...'
+                          }
+                          disabled={loading || newBearerKey.accessType === 'all'}
+                        />
+                      </div>

                      <div className="flex justify-end gap-2">
                        <button
@@ -1346,27 +1214,31 @@ const SettingsPage: React.FC = () => {
                />
              </div>

-              {/* hide when DB_URL env is set */}
-              {smartRoutingConfig.dbUrl !== '${DB_URL}' && (
-                <div className="p-3 bg-gray-50 rounded-md">
-                  <div className="mb-2">
-                    <h3 className="font-medium text-gray-700">
-                      <span className="text-red-500 px-1">*</span>
-                      {t('settings.dbUrl')}
-                    </h3>
-                  </div>
-                  <div className="flex items-center gap-3">
-                    <input
-                      type="text"
-                      value={tempSmartRoutingConfig.dbUrl}
-                      onChange={(e) => handleSmartRoutingConfigChange('dbUrl', e.target.value)}
-                      placeholder={t('settings.dbUrlPlaceholder')}
-                      className="flex-1 mt-1 block w-full py-2 px-3 border rounded-md shadow-sm focus:outline-none focus:ring-blue-500 focus:border-blue-500 sm:text-sm border-gray-300 form-input"
-                      disabled={loading}
-                    />
-                  </div>
+              <div className="p-3 bg-gray-50 rounded-md">
+                <div className="mb-2">
+                  <h3 className="font-medium text-gray-700">
+                    <span className="text-red-500 px-1">*</span>
+                    {t('settings.dbUrl')}
+                  </h3>
                </div>
-              )}
+                <div className="flex items-center gap-3">
+                  <input
+                    type="text"
+                    value={tempSmartRoutingConfig.dbUrl}
+                    onChange={(e) => handleSmartRoutingConfigChange('dbUrl', e.target.value)}
+                    placeholder={t('settings.dbUrlPlaceholder')}
+                    className="flex-1 mt-1 block w-full py-2 px-3 border rounded-md shadow-sm focus:outline-none focus:ring-blue-500 focus:border-blue-500 sm:text-sm border-gray-300 form-input"
+                    disabled={loading}
+                  />
+                  <button
+                    onClick={() => saveSmartRoutingConfig('dbUrl')}
+                    disabled={loading}
+                    className="mt-1 px-4 py-2 bg-blue-600 hover:bg-blue-700 text-white rounded-md text-sm font-medium disabled:opacity-50 btn-primary"
+                  >
+                    {t('common.save')}
+                  </button>
+                </div>
+              </div>

              <div className="p-3 bg-gray-50 rounded-md">
                <div className="mb-2">
@@ -1384,6 +1256,13 @@ const SettingsPage: React.FC = () => {
                    className="flex-1 mt-1 block w-full py-2 px-3 border rounded-md shadow-sm focus:outline-none focus:ring-blue-500 focus:border-blue-500 sm:text-sm border-gray-300"
                    disabled={loading}
                  />
+                  <button
+                    onClick={() => saveSmartRoutingConfig('openaiApiKey')}
+                    disabled={loading}
+                    className="mt-1 px-4 py-2 bg-blue-600 hover:bg-blue-700 text-white rounded-md text-sm font-medium disabled:opacity-50 btn-primary"
+                  >
+                    {t('common.save')}
+                  </button>
                </div>
              </div>

@@ -1402,6 +1281,13 @@ const SettingsPage: React.FC = () => {
                    className="flex-1 mt-1 block w-full py-2 px-3 border border-gray-300 rounded-md shadow-sm focus:outline-none focus:ring-blue-500 focus:border-blue-500 sm:text-sm form-input"
                    disabled={loading}
                  />
+                  <button
+                    onClick={() => saveSmartRoutingConfig('openaiApiBaseUrl')}
+                    disabled={loading}
+                    className="mt-1 px-4 py-2 bg-blue-600 hover:bg-blue-700 text-white rounded-md text-sm font-medium disabled:opacity-50 btn-primary"
+                  >
+                    {t('common.save')}
+                  </button>
                </div>
              </div>

@@ -1422,18 +1308,15 @@ const SettingsPage: React.FC = () => {
                    className="flex-1 mt-1 block w-full py-2 px-3 border border-gray-300 rounded-md shadow-sm focus:outline-none focus:ring-blue-500 focus:border-blue-500 sm:text-sm form-input"
                    disabled={loading}
                  />
+                  <button
+                    onClick={() => saveSmartRoutingConfig('openaiApiEmbeddingModel')}
+                    disabled={loading}
+                    className="mt-1 px-4 py-2 bg-blue-600 hover:bg-blue-700 text-white rounded-md text-sm font-medium disabled:opacity-50 btn-primary"
+                  >
+                    {t('common.save')}
+                  </button>
                </div>
              </div>
-
-              <div className="flex justify-end pt-2">
-                <button
-                  onClick={handleSaveSmartRoutingConfig}
-                  disabled={loading}
-                  className="px-4 py-2 bg-blue-600 hover:bg-blue-700 text-white rounded-md text-sm font-medium disabled:opacity-50 btn-primary"
-                >
-                  {t('common.save')}
-                </button>
-              </div>
            </div>
          )}
        </div>
--- a/frontend/src/services/authService.ts
+++ b/frontend/src/services/authService.ts
@@ -29,7 +29,7 @@ export const login = async (credentials: LoginCredentials): Promise<AuthResponse
    console.error('Login error:', error);
    return {
      success: false,
-      message: error instanceof Error ? error.message : 'An error occurred during login',
+      message: 'An error occurred during login',
    };
  }
 };
--- a/frontend/src/types/index.ts
+++ b/frontend/src/types/index.ts
@@ -310,7 +310,7 @@ export interface ApiResponse<T = any> {
 }

 // Bearer authentication key configuration (frontend view model)
-export type BearerKeyAccessType = 'all' | 'groups' | 'servers' | 'custom';
+export type BearerKeyAccessType = 'all' | 'groups' | 'servers';

 export interface BearerKey {
  id: string;
--- a/locales/en.json
+++ b/locales/en.json
@@ -61,7 +61,6 @@
    "emptyFields": "Username and password cannot be empty",
    "loginFailed": "Login failed, please check your username and password",
    "loginError": "An error occurred during login",
-    "serverUnavailable": "Unable to connect to the server. Please check your network connection or try again later",
    "currentPassword": "Current Password",
    "newPassword": "New Password",
    "confirmPassword": "Confirm Password",
@@ -568,7 +567,6 @@
    "bearerKeyAccessAll": "All",
    "bearerKeyAccessGroups": "Groups",
    "bearerKeyAccessServers": "Servers",
-    "bearerKeyAccessCustom": "Custom",
    "bearerKeyAllowedGroups": "Allowed groups",
    "bearerKeyAllowedServers": "Allowed servers",
    "addBearerKey": "Add key",
--- a/locales/fr.json
+++ b/locales/fr.json
@@ -61,7 +61,6 @@
    "emptyFields": "Le nom d'utilisateur et le mot de passe ne peuvent pas être vides",
    "loginFailed": "Échec de la connexion, veuillez vérifier votre nom d'utilisateur et votre mot de passe",
    "loginError": "Une erreur est survenue lors de la connexion",
-    "serverUnavailable": "Impossible de se connecter au serveur. Veuillez vérifier votre connexion réseau ou réessayer plus tard",
    "currentPassword": "Mot de passe actuel",
    "newPassword": "Nouveau mot de passe",
    "confirmPassword": "Confirmer le mot de passe",
@@ -569,7 +568,6 @@
    "bearerKeyAccessAll": "Toutes",
    "bearerKeyAccessGroups": "Groupes",
    "bearerKeyAccessServers": "Serveurs",
-    "bearerKeyAccessCustom": "Personnalisée",
    "bearerKeyAllowedGroups": "Groupes autorisés",
    "bearerKeyAllowedServers": "Serveurs autorisés",
    "addBearerKey": "Ajouter une clé",
--- a/locales/tr.json
+++ b/locales/tr.json
@@ -61,7 +61,6 @@
    "emptyFields": "Kullanıcı adı ve şifre boş olamaz",
    "loginFailed": "Giriş başarısız, lütfen kullanıcı adınızı ve şifrenizi kontrol edin",
    "loginError": "Giriş sırasında bir hata oluştu",
-    "serverUnavailable": "Sunucuya bağlanılamıyor. Lütfen ağ bağlantınızı kontrol edin veya daha sonra tekrar deneyin",
    "currentPassword": "Mevcut Şifre",
    "newPassword": "Yeni Şifre",
    "confirmPassword": "Şifreyi Onayla",
@@ -569,7 +568,6 @@
    "bearerKeyAccessAll": "Tümü",
    "bearerKeyAccessGroups": "Gruplar",
    "bearerKeyAccessServers": "Sunucular",
-    "bearerKeyAccessCustom": "Özel",
    "bearerKeyAllowedGroups": "İzin verilen gruplar",
    "bearerKeyAllowedServers": "İzin verilen sunucular",
    "addBearerKey": "Anahtar ekle",
--- a/locales/zh.json
+++ b/locales/zh.json
@@ -61,7 +61,6 @@
    "emptyFields": "用户名和密码不能为空",
    "loginFailed": "登录失败，请检查用户名和密码",
    "loginError": "登录过程中出现错误",
-    "serverUnavailable": "无法连接到服务器，请检查网络连接或稍后再试",
    "currentPassword": "当前密码",
    "newPassword": "新密码",
    "confirmPassword": "确认密码",
@@ -570,7 +569,6 @@
    "bearerKeyAccessAll": "全部",
    "bearerKeyAccessGroups": "指定分组",
    "bearerKeyAccessServers": "指定服务器",
-    "bearerKeyAccessCustom": "自定义",
    "bearerKeyAllowedGroups": "允许访问的分组",
    "bearerKeyAllowedServers": "允许访问的服务器",
    "addBearerKey": "新增密钥",
--- a/mcp_settings.json
+++ b/mcp_settings.json
@@ -63,6 +63,5 @@
        "requiresAuthentication": false
      }
    }
-  },
-  "bearerKeys": []
+  }
 }
--- a/package.json
+++ b/package.json
@@ -73,7 +73,6 @@
    "postgres": "^3.4.7",
    "reflect-metadata": "^0.2.2",
    "typeorm": "^0.3.26",
-    "undici": "^7.16.0",
    "uuid": "^11.1.0"
  },
  "devDependencies": {
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -99,9 +99,6 @@ importers:
      typeorm:
        specifier: ^0.3.26
        version: 0.3.27(pg@8.16.3)(reflect-metadata@0.2.2)(ts-node@10.9.2(@swc/core@1.15.3)(@types/node@24.6.2)(typescript@5.9.2))
-      undici:
-        specifier: ^7.16.0
-        version: 7.16.0
      uuid:
        specifier: ^11.1.0
        version: 11.1.0
@@ -4434,10 +4431,6 @@ packages:
  undici-types@7.13.0:
    resolution: {integrity: sha512-Ov2Rr9Sx+fRgagJ5AX0qvItZG/JKKoBRAVITs1zk7IqZGTJUwgUr7qoYBpWwakpWilTZFM98rG/AFRocu10iIQ==}

-  undici@7.16.0:
-    resolution: {integrity: sha512-QEg3HPMll0o3t2ourKwOeUAZ159Kn9mx5pnzHRQO8+Wixmh88YdZRiIwat0iNzNNXn0yoEtXJqFpyW7eM8BV7g==}
-    engines: {node: '>=20.18.1'}
-
  universalify@2.0.1:
    resolution: {integrity: sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw==}
    engines: {node: '>= 10.0.0'}
@@ -8953,8 +8946,6 @@ snapshots:

  undici-types@7.13.0: {}

-  undici@7.16.0: {}
-
  universalify@2.0.1: {}

  unpipe@1.0.0: {}
--- a/src/controllers/bearerKeyController.ts
+++ b/src/controllers/bearerKeyController.ts
@@ -57,7 +57,7 @@ export const createBearerKey = async (req: Request, res: Response): Promise<void
      return;
    }

-    if (!accessType || !['all', 'groups', 'servers', 'custom'].includes(accessType)) {
+    if (!accessType || !['all', 'groups', 'servers'].includes(accessType)) {
      res.status(400).json({ success: false, message: 'Invalid accessType' });
      return;
    }
@@ -104,7 +104,7 @@ export const updateBearerKey = async (req: Request, res: Response): Promise<void
    if (token !== undefined) updates.token = token;
    if (enabled !== undefined) updates.enabled = enabled;
    if (accessType !== undefined) {
-      if (!['all', 'groups', 'servers', 'custom'].includes(accessType)) {
+      if (!['all', 'groups', 'servers'].includes(accessType)) {
        res.status(400).json({ success: false, message: 'Invalid accessType' });
        return;
      }
--- a/src/controllers/serverController.ts
+++ b/src/controllers/serverController.ts
@@ -66,20 +66,6 @@ export const getAllSettings = async (_: Request, res: Response): Promise<void> =
    const systemConfigDao = getSystemConfigDao();
    const systemConfig = await systemConfigDao.get();

-    // Ensure smart routing config has DB URL set if environment variable is present
-    const dbUrlEnv = process.env.DB_URL || '';
-    if (!systemConfig.smartRouting) {
-      systemConfig.smartRouting = {
-        enabled: false,
-        dbUrl: dbUrlEnv ? '${DB_URL}' : '',
-        openaiApiBaseUrl: '',
-        openaiApiKey: '',
-        openaiApiEmbeddingModel: '',
-      };
-    } else if (!systemConfig.smartRouting.dbUrl) {
-      systemConfig.smartRouting.dbUrl = dbUrlEnv ? '${DB_URL}' : '';
-    }
-
    // Get bearer auth keys from DAO
    const bearerKeyDao = getBearerKeyDao();
    const bearerKeys = await bearerKeyDao.findAll();
@@ -423,7 +409,7 @@ export const deleteServer = async (req: Request, res: Response): Promise<void> =
 export const updateServer = async (req: Request, res: Response): Promise<void> => {
  try {
    const { name } = req.params;
-    const { config, newName } = req.body;
+    const { config } = req.body;
    if (!name) {
      res.status(400).json({
        success: false,
@@ -510,52 +496,12 @@ export const updateServer = async (req: Request, res: Response): Promise<void> =
      config.owner = currentUser?.username || 'admin';
    }

-    // Check if server name is being changed
-    const isRenaming = newName && newName !== name;
-
-    // If renaming, validate the new name and update references
-    if (isRenaming) {
-      const serverDao = getServerDao();
-
-      // Check if new name already exists
-      if (await serverDao.exists(newName)) {
-        res.status(400).json({
-          success: false,
-          message: `Server name '${newName}' already exists`,
-        });
-        return;
-      }
-
-      // Rename the server
-      const renamed = await serverDao.rename(name, newName);
-      if (!renamed) {
-        res.status(404).json({
-          success: false,
-          message: 'Server not found',
-        });
-        return;
-      }
-
-      // Update references in groups
-      const groupDao = getGroupDao();
-      await groupDao.updateServerName(name, newName);
-
-      // Update references in bearer keys
-      const bearerKeyDao = getBearerKeyDao();
-      await bearerKeyDao.updateServerName(name, newName);
-    }
-
-    // Use the final server name (new name if renaming, otherwise original name)
-    const finalName = isRenaming ? newName : name;
-
-    const result = await addOrUpdateServer(finalName, config, true); // Allow override for updates
+    const result = await addOrUpdateServer(name, config, true); // Allow override for updates
    if (result.success) {
-      notifyToolChanged(finalName);
+      notifyToolChanged(name);
      res.json({
        success: true,
-        message: isRenaming
-          ? `Server renamed and updated successfully`
-          : 'Server updated successfully',
+        message: 'Server updated successfully',
      });
    } else {
      res.status(404).json({
@@ -564,10 +510,9 @@ export const updateServer = async (req: Request, res: Response): Promise<void> =
      });
    }
  } catch (error) {
-    console.error('Failed to update server:', error);
    res.status(500).json({
      success: false,
-      message: error instanceof Error ? error.message : 'Internal server error',
+      message: 'Internal server error',
    });
  }
 };
@@ -1033,8 +978,7 @@ export const updateSystemConfig = async (req: Request, res: Response): Promise<v
      if (typeof smartRouting.enabled === 'boolean') {
        // If enabling Smart Routing, validate required fields
        if (smartRouting.enabled) {
-          const currentDbUrl =
-            process.env.DB_URL || smartRouting.dbUrl || systemConfig.smartRouting.dbUrl;
+          const currentDbUrl = smartRouting.dbUrl || systemConfig.smartRouting.dbUrl;
          const currentOpenaiApiKey =
            smartRouting.openaiApiKey || systemConfig.smartRouting.openaiApiKey;

--- a/src/dao/BearerKeyDao.ts
+++ b/src/dao/BearerKeyDao.ts
@@ -13,10 +13,6 @@ export interface BearerKeyDao {
  create(data: Omit<BearerKey, 'id'>): Promise<BearerKey>;
  update(id: string, data: Partial<Omit<BearerKey, 'id'>>): Promise<BearerKey | null>;
  delete(id: string): Promise<boolean>;
-  /**
-   * Update server name in all bearer keys (when server is renamed)
-   */
-  updateServerName(oldName: string, newName: string): Promise<number>;
 }

 /**
@@ -28,10 +24,7 @@ export class BearerKeyDaoImpl extends JsonFileBaseDao implements BearerKeyDao {
  private async loadKeysWithMigration(): Promise<BearerKey[]> {
    const settings = await this.loadSettings();

-    // Treat an existing array (including an empty array) as already migrated.
-    // Otherwise, when there are no configured keys, we'd rewrite mcp_settings.json
-    // on every request, which also clears the global settings cache.
-    if (Array.isArray(settings.bearerKeys)) {
+    if (Array.isArray(settings.bearerKeys) && settings.bearerKeys.length > 0) {
      return settings.bearerKeys;
    }

@@ -126,34 +119,4 @@ export class BearerKeyDaoImpl extends JsonFileBaseDao implements BearerKeyDao {
    await this.saveKeys(next);
    return true;
  }
-
-  async updateServerName(oldName: string, newName: string): Promise<number> {
-    const keys = await this.loadKeysWithMigration();
-    let updatedCount = 0;
-
-    for (const key of keys) {
-      let updated = false;
-
-      if (key.allowedServers && key.allowedServers.length > 0) {
-        const newServers = key.allowedServers.map((server) => {
-          if (server === oldName) {
-            updated = true;
-            return newName;
-          }
-          return server;
-        });
-
-        if (updated) {
-          key.allowedServers = newServers;
-          updatedCount++;
-        }
-      }
-    }
-
-    if (updatedCount > 0) {
-      await this.saveKeys(keys);
-    }
-
-    return updatedCount;
-  }
 }
--- a/src/dao/BearerKeyDaoDbImpl.ts
+++ b/src/dao/BearerKeyDaoDbImpl.ts
@@ -74,30 +74,4 @@ export class BearerKeyDaoDbImpl implements BearerKeyDao {
  async delete(id: string): Promise<boolean> {
    return await this.repository.delete(id);
  }
-
-  async updateServerName(oldName: string, newName: string): Promise<number> {
-    const allKeys = await this.repository.findAll();
-    let updatedCount = 0;
-
-    for (const key of allKeys) {
-      let updated = false;
-
-      if (key.allowedServers && key.allowedServers.length > 0) {
-        const newServers = key.allowedServers.map((server) => {
-          if (server === oldName) {
-            updated = true;
-            return newName;
-          }
-          return server;
-        });
-
-        if (updated) {
-          await this.repository.update(key.id, { allowedServers: newServers });
-          updatedCount++;
-        }
-      }
-    }
-
-    return updatedCount;
-  }
 }
--- a/src/dao/GroupDao.ts
+++ b/src/dao/GroupDao.ts
@@ -36,11 +36,6 @@ export interface GroupDao extends BaseDao<IGroup, string> {
   * Find group by name
   */
  findByName(name: string): Promise<IGroup | null>;
-
-  /**
-   * Update server name in all groups (when server is renamed)
-   */
-  updateServerName(oldName: string, newName: string): Promise<number>;
 }

 /**
@@ -223,39 +218,4 @@ export class GroupDaoImpl extends JsonFileBaseDao implements GroupDao {
    const groups = await this.getAll();
    return groups.find((group) => group.name === name) || null;
  }
-
-  async updateServerName(oldName: string, newName: string): Promise<number> {
-    const groups = await this.getAll();
-    let updatedCount = 0;
-
-    for (const group of groups) {
-      let updated = false;
-      const newServers = group.servers.map((server) => {
-        if (typeof server === 'string') {
-          if (server === oldName) {
-            updated = true;
-            return newName;
-          }
-          return server;
-        } else {
-          if (server.name === oldName) {
-            updated = true;
-            return { ...server, name: newName };
-          }
-          return server;
-        }
-      }) as IGroup['servers'];
-
-      if (updated) {
-        group.servers = newServers;
-        updatedCount++;
-      }
-    }
-
-    if (updatedCount > 0) {
-      await this.saveAll(groups);
-    }
-
-    return updatedCount;
-  }
 }
--- a/src/dao/GroupDaoDbImpl.ts
+++ b/src/dao/GroupDaoDbImpl.ts
@@ -151,35 +151,4 @@ export class GroupDaoDbImpl implements GroupDao {
      owner: group.owner,
    };
  }
-
-  async updateServerName(oldName: string, newName: string): Promise<number> {
-    const allGroups = await this.repository.findAll();
-    let updatedCount = 0;
-
-    for (const group of allGroups) {
-      let updated = false;
-      const newServers = group.servers.map((server) => {
-        if (typeof server === 'string') {
-          if (server === oldName) {
-            updated = true;
-            return newName;
-          }
-          return server;
-        } else {
-          if (server.name === oldName) {
-            updated = true;
-            return { ...server, name: newName };
-          }
-          return server;
-        }
-      });
-
-      if (updated) {
-        await this.update(group.id, { servers: newServers as any });
-        updatedCount++;
-      }
-    }
-
-    return updatedCount;
-  }
 }
--- a/src/dao/ServerDao.ts
+++ b/src/dao/ServerDao.ts
@@ -41,11 +41,6 @@ export interface ServerDao extends BaseDao<ServerConfigWithName, string> {
    name: string,
    prompts: Record<string, { enabled: boolean; description?: string }>,
  ): Promise<boolean>;
-
-  /**
-   * Rename a server (change its name/key)
-   */
-  rename(oldName: string, newName: string): Promise<boolean>;
 }

 /**
@@ -100,8 +95,7 @@ export class ServerDaoImpl extends JsonFileBaseDao implements ServerDao {
    return {
      ...existing,
      ...updates,
-      // Keep the existing name unless explicitly updating via rename
-      name: updates.name ?? existing.name,
+      name: existing.name, // Name should not be updated
    };
  }

@@ -147,7 +141,9 @@ export class ServerDaoImpl extends JsonFileBaseDao implements ServerDao {
      return null;
    }

-    const updatedServer = this.updateEntity(servers[index], updates);
+    // Don't allow name changes
+    const { name: _, ...allowedUpdates } = updates;
+    const updatedServer = this.updateEntity(servers[index], allowedUpdates);
    servers[index] = updatedServer;

    await this.saveAll(servers);
@@ -211,22 +207,4 @@ export class ServerDaoImpl extends JsonFileBaseDao implements ServerDao {
    const result = await this.update(name, { prompts });
    return result !== null;
  }
-
-  async rename(oldName: string, newName: string): Promise<boolean> {
-    const servers = await this.getAll();
-    const index = servers.findIndex((server) => server.name === oldName);
-
-    if (index === -1) {
-      return false;
-    }
-
-    // Check if newName already exists
-    if (servers.find((server) => server.name === newName)) {
-      throw new Error(`Server ${newName} already exists`);
-    }
-
-    servers[index] = { ...servers[index], name: newName };
-    await this.saveAll(servers);
-    return true;
-  }
 }
--- a/src/dao/ServerDaoDbImpl.ts
+++ b/src/dao/ServerDaoDbImpl.ts
@@ -115,15 +115,6 @@ export class ServerDaoDbImpl implements ServerDao {
    return result !== null;
  }

-  async rename(oldName: string, newName: string): Promise<boolean> {
-    // Check if newName already exists
-    if (await this.repository.exists(newName)) {
-      throw new Error(`Server ${newName} already exists`);
-    }
-
-    return await this.repository.rename(oldName, newName);
-  }
-
  private mapToServerConfig(server: {
    name: string;
    type?: string;
--- a/src/db/connection.ts
+++ b/src/db/connection.ts
@@ -25,44 +25,39 @@ const createRequiredExtensions = async (dataSource: DataSource): Promise<void> =
 };

 // Get database URL from smart routing config or fallback to environment variable
-const getDatabaseUrl = async (): Promise<string> => {
-  return (await getSmartRoutingConfig()).dbUrl;
+const getDatabaseUrl = (): string => {
+  return getSmartRoutingConfig().dbUrl;
 };

-// Default database configuration (without URL - will be set during initialization)
-const getDefaultConfig = async (): Promise<DataSourceOptions> => {
-  return {
-    type: 'postgres',
-    url: await getDatabaseUrl(),
-    synchronize: true,
-    entities: entities,
-    subscribers: [VectorEmbeddingSubscriber],
-  };
+// Default database configuration
+const defaultConfig: DataSourceOptions = {
+  type: 'postgres',
+  url: getDatabaseUrl(),
+  synchronize: true,
+  entities: entities,
+  subscribers: [VectorEmbeddingSubscriber],
 };

-// AppDataSource is the TypeORM data source (initialized with empty config, will be updated)
-let appDataSource: DataSource | null = null;
+// AppDataSource is the TypeORM data source
+let appDataSource = new DataSource(defaultConfig);

 // Global promise to track initialization status
 let initializationPromise: Promise<DataSource> | null = null;

 // Function to create a new DataSource with updated configuration
-export const updateDataSourceConfig = async (): Promise<DataSource> => {
-  const newConfig = await getDefaultConfig();
+export const updateDataSourceConfig = (): DataSource => {
+  const newConfig: DataSourceOptions = {
+    ...defaultConfig,
+    url: getDatabaseUrl(),
+  };

  // If the configuration has changed, we need to create a new DataSource
-  if (appDataSource) {
-    const currentUrl = (appDataSource.options as any).url;
-    const newUrl = (newConfig as any).url;
-    if (currentUrl !== newUrl) {
-      console.log('Database URL configuration changed, updating DataSource...');
-      appDataSource = new DataSource(newConfig);
-      // Reset initialization promise when configuration changes
-      initializationPromise = null;
-    }
-  } else {
-    // First time initialization
+  const currentUrl = (appDataSource.options as any).url;
+  if (currentUrl !== newConfig.url) {
+    console.log('Database URL configuration changed, updating DataSource...');
    appDataSource = new DataSource(newConfig);
+    // Reset initialization promise when configuration changes
+    initializationPromise = null;
  }

  return appDataSource;
@@ -70,9 +65,6 @@ export const updateDataSourceConfig = async (): Promise<DataSource> => {

 // Get the current AppDataSource instance
 export const getAppDataSource = (): DataSource => {
-  if (!appDataSource) {
-    throw new Error('Database not initialized. Call initializeDatabase() first.');
-  }
  return appDataSource;
 };

@@ -80,7 +72,7 @@ export const getAppDataSource = (): DataSource => {
 export const reconnectDatabase = async (): Promise<DataSource> => {
  try {
    // Close existing connection if it exists
-    if (appDataSource && appDataSource.isInitialized) {
+    if (appDataSource.isInitialized) {
      console.log('Closing existing database connection...');
      await appDataSource.destroy();
    }
@@ -89,7 +81,7 @@ export const reconnectDatabase = async (): Promise<DataSource> => {
    initializationPromise = null;

    // Update configuration and reconnect
-    appDataSource = await updateDataSourceConfig();
+    appDataSource = updateDataSourceConfig();
    return await initializeDatabase();
  } catch (error) {
    console.error('Error during database reconnection:', error);
@@ -106,7 +98,7 @@ export const initializeDatabase = async (): Promise<DataSource> => {
  }

  // If already initialized, return the existing instance
-  if (appDataSource && appDataSource.isInitialized) {
+  if (appDataSource.isInitialized) {
    console.log('Database already initialized, returning existing instance');
    return Promise.resolve(appDataSource);
  }
@@ -130,7 +122,7 @@ export const initializeDatabase = async (): Promise<DataSource> => {
 const performDatabaseInitialization = async (): Promise<DataSource> => {
  try {
    // Update configuration before initializing
-    appDataSource = await updateDataSourceConfig();
+    appDataSource = updateDataSourceConfig();

    if (!appDataSource.isInitialized) {
      console.log('Initializing database connection...');
@@ -258,8 +250,7 @@ const performDatabaseInitialization = async (): Promise<DataSource> => {
      console.log('Database connection established successfully.');

      // Run one final setup check after schema synchronization is done
-      const config = await getDefaultConfig();
-      if (config.synchronize) {
+      if (defaultConfig.synchronize) {
        try {
          console.log('Running final vector configuration check...');

@@ -334,12 +325,12 @@ const performDatabaseInitialization = async (): Promise<DataSource> => {

 // Get database connection status
 export const isDatabaseConnected = (): boolean => {
-  return appDataSource ? appDataSource.isInitialized : false;
+  return appDataSource.isInitialized;
 };

 // Close database connection
 export const closeDatabase = async (): Promise<void> => {
-  if (appDataSource && appDataSource.isInitialized) {
+  if (appDataSource.isInitialized) {
    await appDataSource.destroy();
    console.log('Database connection closed.');
  }
--- a/src/db/entities/BearerKey.ts
+++ b/src/db/entities/BearerKey.ts
@@ -25,7 +25,7 @@ export class BearerKey {
  enabled: boolean;

  @Column({ type: 'varchar', length: 20, default: 'all' })
-  accessType: 'all' | 'groups' | 'servers' | 'custom';
+  accessType: 'all' | 'groups' | 'servers';

  @Column({ type: 'simple-json', nullable: true })
  allowedGroups?: string[];
--- a/src/db/repositories/ServerRepository.ts
+++ b/src/db/repositories/ServerRepository.ts
@@ -89,19 +89,6 @@ export class ServerRepository {
  async setEnabled(name: string, enabled: boolean): Promise<Server | null> {
    return await this.update(name, { enabled });
  }
-
-  /**
-   * Rename a server
-   */
-  async rename(oldName: string, newName: string): Promise<boolean> {
-    const server = await this.findByName(oldName);
-    if (!server) {
-      return false;
-    }
-    server.name = newName;
-    await this.repository.save(server);
-    return true;
-  }
 }

 export default ServerRepository;
--- a/src/services/keepAliveService.ts
+++ b/src/services/keepAliveService.ts
@@ -48,9 +48,7 @@ export const setupClientKeepAlive = async (
          await (serverInfo.client as any).ping();
          console.log(`Keep-alive ping successful for server: ${serverInfo.name}`);
        } else {
-          await serverInfo.client
-            .listTools({}, { ...(serverInfo.options || {}), timeout: 5000 })
-            .catch(() => void 0);
+          await serverInfo.client.listTools({ timeout: 5000 }).catch(() => void 0);
        }
      }
    } catch (error) {
--- a/src/services/mcpOAuthProvider.ts
+++ b/src/services/mcpOAuthProvider.ts
@@ -26,6 +26,7 @@ import {
  getRegisteredClient,
  removeRegisteredClient,
  fetchScopesFromServer,
+  refreshAccessToken,
 } from './oauthClientRegistration.js';
 import {
  clearOAuthData,
@@ -40,6 +41,9 @@ import {
 // Import getServerByName to access ServerInfo
 import { getServerByName } from './mcpService.js';

+// Refresh tokens one minute before expiry to avoid sending requests with stale credentials.
+const ACCESS_TOKEN_REFRESH_THRESHOLD_MS = 60_000;
+
 /**
 * MCPHub OAuth Provider for server-side OAuth flows
 *
@@ -292,21 +296,8 @@ export class MCPHubOAuthProvider implements OAuthClientProvider {
  /**
   * Get stored OAuth tokens
   */
-  tokens(): OAuthTokens | undefined {
-    // Use cached config only (tokens are updated via saveTokens which updates cache)
-    const serverConfig = this.serverConfig;
-
-    if (!serverConfig?.oauth?.accessToken) {
-      return undefined;
-    }
-
-    return {
-      access_token: serverConfig.oauth.accessToken,
-      token_type: 'Bearer',
-      refresh_token: serverConfig.oauth.refreshToken,
-      // Note: expires_in is not typically stored, only the token itself
-      // The SDK will handle token refresh when needed
-    };
+  async tokens(): Promise<OAuthTokens | undefined> {
+    return this.getValidTokens();
  }

  /**
@@ -325,11 +316,12 @@ export class MCPHubOAuthProvider implements OAuthClientProvider {
      return;
    }

-    console.log(`Saving OAuth tokens: ${JSON.stringify(tokens)} for server: ${this.serverName}`);
+    console.log(`Saving OAuth tokens for server: ${this.serverName}`);

    const updatedConfig = await persistTokens(this.serverName, {
      accessToken: tokens.access_token,
      refreshToken: refreshTokenProvided ? (tokens.refresh_token ?? null) : undefined,
+      expiresIn: tokens.expires_in,
      clearPendingAuthorization: hadPending,
    });

@@ -348,6 +340,89 @@ export class MCPHubOAuthProvider implements OAuthClientProvider {
    console.log(`Saved OAuth tokens for server: ${this.serverName}`);
  }

+  /**
+   * Returns tokens refreshed when expired or close to expiring.
+   * When an access token already exists and refresh fails, the existing token is returned.
+   */
+  private async getValidTokens(): Promise<OAuthTokens | undefined> {
+    const oauth = this.serverConfig.oauth;
+    if (!oauth) {
+      return undefined;
+    }
+
+    if (!oauth.accessToken) {
+      return this.refreshAccessTokenIfNeeded(oauth.refreshToken);
+    }
+
+    // Refresh if token is expired or about to expire
+    const expiresAt = this.getAccessTokenExpiryMs(oauth);
+    const now = Date.now();
+    if (expiresAt && expiresAt - now <= ACCESS_TOKEN_REFRESH_THRESHOLD_MS) {
+      const refreshed = await this.refreshAccessTokenIfNeeded(oauth.refreshToken);
+      if (refreshed) {
+        return refreshed;
+      }
+    }
+
+    return {
+      access_token: oauth.accessToken,
+      token_type: 'Bearer',
+      refresh_token: oauth.refreshToken,
+    };
+  }
+
+  private getAccessTokenExpiryMs(oauth: NonNullable<ServerConfig['oauth']>): number | undefined {
+    return oauth.accessTokenExpiresAt;
+  }
+
+  private async refreshAccessTokenIfNeeded(
+    refreshToken?: string | null,
+  ): Promise<OAuthTokens | undefined> {
+    if (!refreshToken) {
+      return undefined;
+    }
+
+    try {
+      const clientInfo = await initializeOAuthForServer(this.serverName, this.serverConfig);
+      if (!clientInfo) {
+        return undefined;
+      }
+
+      const tokens = await refreshAccessToken(
+        this.serverName,
+        this.serverConfig,
+        clientInfo,
+        refreshToken,
+      );
+
+      // Reload latest config to sync updated tokens/expiry
+      const updatedConfig = await loadServerConfig(this.serverName);
+      if (updatedConfig) {
+        this.serverConfig = updatedConfig;
+      }
+
+      const nextRefreshToken = tokens.refreshToken ?? refreshToken;
+      if (tokens.refreshToken === undefined) {
+        console.warn(
+          `Refresh response missing refresh_token for ${this.serverName}; reusing existing refresh token (some providers omit refresh_token on refresh)`,
+        );
+      }
+
+      return {
+        access_token: tokens.accessToken,
+        refresh_token: nextRefreshToken,
+        token_type: 'Bearer',
+        expires_in: tokens.expiresIn,
+      };
+    } catch (error) {
+      console.warn(
+        `Failed to auto-refresh OAuth token for server ${this.serverName}:`,
+        error instanceof Error ? error.message : error,
+      );
+      return undefined;
+    }
+  }
+
  /**
   * Redirect to authorization URL
   * In a server environment, we can't directly redirect the user
--- a/src/services/mcpService.ts
+++ b/src/services/mcpService.ts
@@ -14,7 +14,6 @@ import {
  StreamableHTTPClientTransport,
  StreamableHTTPClientTransportOptions,
 } from '@modelcontextprotocol/sdk/client/streamableHttp.js';
-import { createFetchWithProxy, getProxyConfigFromEnv } from './proxy.js';
 import { ServerInfo, ServerConfig, Tool } from '../types/index.js';
 import { expandEnvVars, replaceEnvVars, getNameSeparator } from '../config/index.js';
 import config from '../config/index.js';
@@ -135,10 +134,6 @@ export const cleanupAllServers = (): void => {
 // Helper function to create transport based on server configuration
 export const createTransportFromConfig = async (name: string, conf: ServerConfig): Promise<any> => {
  let transport;
-  const env: Record<string, string> = {
-    ...(process.env as Record<string, string>),
-    ...replaceEnvVars(conf.env || {}),
-  };

  if (conf.type === 'streamable-http') {
    const options: StreamableHTTPClientTransportOptions = {};
@@ -157,8 +152,6 @@ export const createTransportFromConfig = async (name: string, conf: ServerConfig
      console.log(`OAuth provider configured for server: ${name}`);
    }

-    options.fetch = createFetchWithProxy(getProxyConfigFromEnv(env));
-
    transport = new StreamableHTTPClientTransport(new URL(conf.url || ''), options);
  } else if (conf.url) {
    // SSE transport
@@ -181,11 +174,13 @@ export const createTransportFromConfig = async (name: string, conf: ServerConfig
      console.log(`OAuth provider configured for server: ${name}`);
    }

-    options.fetch = createFetchWithProxy(getProxyConfigFromEnv(env));
-
    transport = new SSEClientTransport(new URL(conf.url), options);
  } else if (conf.command && conf.args) {
    // Stdio transport
+    const env: Record<string, string> = {
+      ...(process.env as Record<string, string>),
+      ...replaceEnvVars(conf.env || {}),
+    };
    env['PATH'] = expandEnvVars(process.env.PATH as string) || '';

    const systemConfigDao = getSystemConfigDao();
@@ -241,8 +236,6 @@ const callToolWithReconnect = async (
  for (let attempt = 0; attempt <= maxRetries; attempt++) {
    try {
      const result = await serverInfo.client.callTool(toolParams, undefined, options || {});
-      // Check auth error
-      checkAuthError(result);
      return result;
    } catch (error: any) {
      // Check if error message starts with "Error POSTing to endpoint (HTTP 40"
@@ -832,25 +825,6 @@ export const addOrUpdateServer = async (
  }
 };

-// Check for authentication error in tool call result
-function checkAuthError(result: any) {
-  if (Array.isArray(result.content) && result.content.length > 0) {
-    const text = result.content[0]?.text;
-    if (typeof text === 'string') {
-      let errorContent;
-      try {
-        errorContent = JSON.parse(text);
-      } catch (e) {
-        // Ignore JSON parse errors and continue
-        return;
-      }
-      if (errorContent.code === 401) {
-        throw new Error('Error POSTing to endpoint (HTTP 401 Unauthorized)');
-      }
-    }
-  }
-}
-
 // Close server client and transport
 function closeServer(name: string) {
  const serverInfo = serverInfos.find((serverInfo) => serverInfo.name === name);
--- a/src/services/oauthClientRegistration.ts
+++ b/src/services/oauthClientRegistration.ts
@@ -397,6 +397,7 @@ export const exchangeCodeForToken = async (
    await persistTokens(serverName, {
      accessToken: tokens.access_token,
      refreshToken: tokens.refresh_token ?? undefined,
+      expiresIn: tokens.expires_in,
    });

    return {
@@ -437,6 +438,7 @@ export const refreshAccessToken = async (
    await persistTokens(serverName, {
      accessToken: tokens.access_token,
      refreshToken: tokens.refresh_token ?? undefined,
+      expiresIn: tokens.expires_in,
    });

    return {
--- a/src/services/oauthSettingsStore.ts
+++ b/src/services/oauthSettingsStore.ts
@@ -100,12 +100,17 @@ export const persistTokens = async (
  tokens: {
    accessToken: string;
    refreshToken?: string | null;
+    expiresIn?: number;
    clearPendingAuthorization?: boolean;
  },
 ): Promise<ServerConfigWithOAuth | undefined> => {
  return mutateOAuthSettings(serverName, ({ oauth }) => {
    oauth.accessToken = tokens.accessToken;

+    if (tokens.expiresIn !== undefined) {
+      oauth.accessTokenExpiresAt = Date.now() + tokens.expiresIn * 1000;
+    }
+
    if (tokens.refreshToken !== undefined) {
      if (tokens.refreshToken) {
        oauth.refreshToken = tokens.refreshToken;
@@ -147,6 +152,7 @@ export const clearOAuthData = async (
    if (scope === 'tokens' || scope === 'all') {
      delete oauth.accessToken;
      delete oauth.refreshToken;
+      delete oauth.accessTokenExpiresAt;
    }

    if (scope === 'client' || scope === 'all') {
--- a/src/services/proxy.ts
+++ b/src/services/proxy.ts
@@ -1,167 +0,0 @@
-/**
- * HTTP/HTTPS proxy configuration utilities for MCP client transports.
- *
- * This module provides utilities to configure HTTP and HTTPS proxies when
- * connecting to MCP servers. Proxies are configured by providing a custom
- * fetch implementation that uses Node.js http/https agents with proxy support.
- *
- */
-
-import { FetchLike } from '@modelcontextprotocol/sdk/shared/transport.js';
-
-/**
- * Configuration options for HTTP/HTTPS proxy settings.
- */
-export interface ProxyConfig {
-  /**
-   * HTTP proxy URL (e.g., 'http://proxy.example.com:8080')
-   * Can include authentication: 'http://user:pass@proxy.example.com:8080'
-   */
-  httpProxy?: string;
-
-  /**
-   * HTTPS proxy URL (e.g., 'https://proxy.example.com:8443')
-   * Can include authentication: 'https://user:pass@proxy.example.com:8443'
-   */
-  httpsProxy?: string;
-
-  /**
-   * Comma-separated list of hosts that should bypass the proxy
-   * (e.g., 'localhost,127.0.0.1,.example.com')
-   */
-  noProxy?: string;
-}
-
-/**
- * Creates a fetch function that uses the specified proxy configuration.
- *
- * This function returns a fetch implementation that routes requests through
- * the configured HTTP/HTTPS proxies using undici's ProxyAgent.
- *
- * Note: This function requires the 'undici' package to be installed.
- * Install it with: npm install undici
- *
- * @param config - Proxy configuration options
- * @returns A fetch-compatible function configured to use the specified proxies
- *
- */
-export function createFetchWithProxy(config: ProxyConfig): FetchLike {
-  // If no proxy is configured, return the default fetch
-  if (!config.httpProxy && !config.httpsProxy) {
-    return fetch;
-  }
-
-  // Parse no_proxy list
-  const noProxyList = parseNoProxy(config.noProxy);
-
-  return async (url: string | URL, init?: RequestInit): Promise<Response> => {
-    const targetUrl = typeof url === 'string' ? new URL(url) : url;
-
-    // Check if host should bypass proxy
-    if (shouldBypassProxy(targetUrl.hostname, noProxyList)) {
-      return fetch(url, init);
-    }
-
-    // Determine which proxy to use based on protocol
-    const proxyUrl = targetUrl.protocol === 'https:' ? config.httpsProxy : config.httpProxy;
-
-    if (!proxyUrl) {
-      // No proxy configured for this protocol
-      return fetch(url, init);
-    }
-
-    // Use undici for proxy support if available
-    try {
-      // Dynamic import - undici is an optional peer dependency
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      const undici = await import('undici' as any);
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      const ProxyAgent = (undici as any).ProxyAgent;
-      const dispatcher = new ProxyAgent(proxyUrl);
-
-      return fetch(url, {
-        ...init,
-        // @ts-expect-error - dispatcher is undici-specific
-        dispatcher,
-      });
-    } catch (error) {
-      // undici not available - throw error requiring installation
-      throw new Error(
-        'Proxy support requires the "undici" package. ' +
-          'Install it with: npm install undici\n' +
-          `Original error: ${error instanceof Error ? error.message : String(error)}`,
-      );
-    }
-  };
-}
-
-/**
- * Parses a NO_PROXY environment variable value into a list of patterns.
- */
-function parseNoProxy(noProxy?: string): string[] {
-  if (!noProxy) {
-    return [];
-  }
-
-  return noProxy
-    .split(',')
-    .map((item) => item.trim())
-    .filter((item) => item.length > 0);
-}
-
-/**
- * Checks if a hostname should bypass the proxy based on NO_PROXY patterns.
- */
-function shouldBypassProxy(hostname: string, noProxyList: string[]): boolean {
-  if (noProxyList.length === 0) {
-    return false;
-  }
-
-  const hostnameLower = hostname.toLowerCase();
-
-  for (const pattern of noProxyList) {
-    const patternLower = pattern.toLowerCase();
-
-    // Exact match
-    if (hostnameLower === patternLower) {
-      return true;
-    }
-
-    // Domain suffix match (e.g., .example.com matches sub.example.com)
-    if (patternLower.startsWith('.') && hostnameLower.endsWith(patternLower)) {
-      return true;
-    }
-
-    // Domain suffix match without leading dot
-    if (!patternLower.startsWith('.') && hostnameLower.endsWith('.' + patternLower)) {
-      return true;
-    }
-
-    // Special case: "*" matches everything
-    if (patternLower === '*') {
-      return true;
-    }
-  }
-
-  return false;
-}
-
-/**
- * Creates a ProxyConfig from environment variables.
- *
- * This function reads standard proxy environment variables:
- * - HTTP_PROXY, http_proxy
- * - HTTPS_PROXY, https_proxy
- * - NO_PROXY, no_proxy
- *
- * Lowercase versions take precedence over uppercase versions.
- *
- * @returns A ProxyConfig object populated from environment variables
- */
-export function getProxyConfigFromEnv(env: Record<string, string>): ProxyConfig {
-  return {
-    httpProxy: env.http_proxy || env.HTTP_PROXY,
-    httpsProxy: env.https_proxy || env.HTTPS_PROXY,
-    noProxy: env.no_proxy || env.NO_PROXY,
-  };
-}
--- a/src/services/sseService.ts
+++ b/src/services/sseService.ts
@@ -88,29 +88,6 @@ const isBearerKeyAllowedForRequest = async (req: Request, key: BearerKey): Promi
        return groupServerNames.some((name) => allowedServers.includes(name));
      }

-      if (key.accessType === 'custom') {
-        // For custom-scoped keys, check if the group is allowed OR if any server in the group is allowed
-        const allowedGroups = key.allowedGroups || [];
-        const allowedServers = key.allowedServers || [];
-
-        // Check if the group itself is allowed
-        const groupAllowed =
-          allowedGroups.includes(matchedGroup.name) || allowedGroups.includes(matchedGroup.id);
-        if (groupAllowed) {
-          return true;
-        }
-
-        // Check if any server in the group is allowed
-        if (allowedServers.length > 0 && Array.isArray(matchedGroup.servers)) {
-          const groupServerNames = matchedGroup.servers.map((server) =>
-            typeof server === 'string' ? server : server.name,
-          );
-          return groupServerNames.some((name) => allowedServers.includes(name));
-        }
-
-        return false;
-      }
-
      // Unknown accessType with matched group
      return false;
    }
@@ -125,8 +102,8 @@ const isBearerKeyAllowedForRequest = async (req: Request, key: BearerKey): Promi
        return false;
      }

-      if (key.accessType === 'servers' || key.accessType === 'custom') {
-        // For server-scoped or custom-scoped keys, check if the server is in allowedServers
+      if (key.accessType === 'servers') {
+        // For server-scoped keys, check if the server is in allowedServers
        const allowedServers = key.allowedServers || [];
        return allowedServers.includes(matchedServer.name);
      }
--- a/src/services/vectorSearchService.ts
+++ b/src/services/vectorSearchService.ts
@@ -1,13 +1,13 @@
 import { getRepositoryFactory } from '../db/index.js';
 import { VectorEmbeddingRepository } from '../db/repositories/index.js';
 import { Tool } from '../types/index.js';
-import { getAppDataSource, isDatabaseConnected, initializeDatabase } from '../db/connection.js';
+import { getAppDataSource, initializeDatabase } from '../db/connection.js';
 import { getSmartRoutingConfig } from '../utils/smartRouting.js';
 import OpenAI from 'openai';

 // Get OpenAI configuration from smartRouting settings or fallback to environment variables
-const getOpenAIConfig = async () => {
-  const smartRoutingConfig = await getSmartRoutingConfig();
+const getOpenAIConfig = () => {
+  const smartRoutingConfig = getSmartRoutingConfig();
  return {
    apiKey: smartRoutingConfig.openaiApiKey,
    baseURL: smartRoutingConfig.openaiApiBaseUrl,
@@ -34,8 +34,8 @@ const getDimensionsForModel = (model: string): number => {
 };

 // Initialize the OpenAI client with smartRouting configuration
-const getOpenAIClient = async () => {
-  const config = await getOpenAIConfig();
+const getOpenAIClient = () => {
+  const config = getOpenAIConfig();
  return new OpenAI({
    apiKey: config.apiKey, // Get API key from smartRouting settings or environment variables
    baseURL: config.baseURL, // Get base URL from smartRouting settings or fallback to default
@@ -53,26 +53,32 @@ const getOpenAIClient = async () => {
 * @returns Promise with vector embedding as number array
 */
 async function generateEmbedding(text: string): Promise<number[]> {
-  const config = await getOpenAIConfig();
-  const openai = await getOpenAIClient();
+  try {
+    const config = getOpenAIConfig();
+    const openai = getOpenAIClient();

-  // Check if API key is configured
-  if (!openai.apiKey) {
-    console.warn('OpenAI API key is not configured. Using fallback embedding method.');
+    // Check if API key is configured
+    if (!openai.apiKey) {
+      console.warn('OpenAI API key is not configured. Using fallback embedding method.');
+      return generateFallbackEmbedding(text);
+    }
+
+    // Truncate text if it's too long (OpenAI has token limits)
+    const truncatedText = text.length > 8000 ? text.substring(0, 8000) : text;
+
+    // Call OpenAI's embeddings API
+    const response = await openai.embeddings.create({
+      model: config.embeddingModel, // Modern model with better performance
+      input: truncatedText,
+    });
+
+    // Return the embedding
+    return response.data[0].embedding;
+  } catch (error) {
+    console.error('Error generating embedding:', error);
+    console.warn('Falling back to simple embedding method');
    return generateFallbackEmbedding(text);
  }
-
-  // Truncate text if it's too long (OpenAI has token limits)
-  const truncatedText = text.length > 8000 ? text.substring(0, 8000) : text;
-
-  // Call OpenAI's embeddings API
-  const response = await openai.embeddings.create({
-    model: config.embeddingModel, // Modern model with better performance
-    input: truncatedText,
-  });
-
-  // Return the embedding
-  return response.data[0].embedding;
 }

 /**
@@ -192,18 +198,12 @@ export const saveToolsAsVectorEmbeddings = async (
      return;
    }

-    const smartRoutingConfig = await getSmartRoutingConfig();
+    const smartRoutingConfig = getSmartRoutingConfig();
    if (!smartRoutingConfig.enabled) {
      return;
    }

-    // Ensure database is initialized before using repository
-    if (!isDatabaseConnected()) {
-      console.info('Database not initialized, initializing...');
-      await initializeDatabase();
-    }
-
-    const config = await getOpenAIConfig();
+    const config = getOpenAIConfig();
    const vectorRepository = getRepositoryFactory(
      'vectorEmbeddings',
    )() as VectorEmbeddingRepository;
@@ -227,31 +227,36 @@ export const saveToolsAsVectorEmbeddings = async (
        .filter(Boolean)
        .join(' ');

-      // Generate embedding
-      const embedding = await generateEmbedding(searchableText);
+      try {
+        // Generate embedding
+        const embedding = await generateEmbedding(searchableText);

-      // Check database compatibility before saving
-      await checkDatabaseVectorDimensions(embedding.length);
+        // Check database compatibility before saving
+        await checkDatabaseVectorDimensions(embedding.length);

-      // Save embedding
-      await vectorRepository.saveEmbedding(
-        'tool',
-        `${serverName}:${tool.name}`,
-        searchableText,
-        embedding,
-        {
-          serverName,
-          toolName: tool.name,
-          description: tool.description,
-          inputSchema: tool.inputSchema,
-        },
-        config.embeddingModel, // Store the model used for this embedding
-      );
+        // Save embedding
+        await vectorRepository.saveEmbedding(
+          'tool',
+          `${serverName}:${tool.name}`,
+          searchableText,
+          embedding,
+          {
+            serverName,
+            toolName: tool.name,
+            description: tool.description,
+            inputSchema: tool.inputSchema,
+          },
+          config.embeddingModel, // Store the model used for this embedding
+        );
+      } catch (toolError) {
+        console.error(`Error processing tool ${tool.name} for server ${serverName}:`, toolError);
+        // Continue with the next tool rather than failing the whole batch
+      }
    }

    console.log(`Saved ${tools.length} tool embeddings for server: ${serverName}`);
  } catch (error) {
-    console.error(`Error saving tool embeddings for server ${serverName}:${error}`);
+    console.error(`Error saving tool embeddings for server ${serverName}:`, error);
  }
 };

@@ -376,7 +381,7 @@ export const getAllVectorizedTools = async (
  }>
 > => {
  try {
-    const config = await getOpenAIConfig();
+    const config = getOpenAIConfig();
    const vectorRepository = getRepositoryFactory(
      'vectorEmbeddings',
    )() as VectorEmbeddingRepository;
--- a/src/types/index.ts
+++ b/src/types/index.ts
@@ -244,7 +244,7 @@ export interface OAuthServerConfig {
 }

 // Bearer authentication key configuration
-export type BearerKeyAccessType = 'all' | 'groups' | 'servers' | 'custom';
+export type BearerKeyAccessType = 'all' | 'groups' | 'servers';

 export interface BearerKey {
  id: string; // Unique identifier for the key
@@ -252,8 +252,8 @@ export interface BearerKey {
  token: string; // Bearer token value
  enabled: boolean; // Whether this key is enabled
  accessType: BearerKeyAccessType; // Access scope type
-  allowedGroups?: string[]; // Allowed group names when accessType === 'groups' or 'custom'
-  allowedServers?: string[]; // Allowed server names when accessType === 'servers' or 'custom'
+  allowedGroups?: string[]; // Allowed group names when accessType === 'groups'
+  allowedServers?: string[]; // Allowed server names when accessType === 'servers'
 }

 // Represents the settings for MCP servers
@@ -293,6 +293,7 @@ export interface ServerConfig {
    scopes?: string[]; // Required OAuth scopes
    accessToken?: string; // Pre-obtained access token (if available)
    refreshToken?: string; // Refresh token for renewing access
+    accessTokenExpiresAt?: number; // Access token expiration timestamp (ms since epoch)

    // Dynamic client registration (RFC7591)
    // If not explicitly configured, will auto-detect via WWW-Authenticate header on 401 responses
--- a/src/utils/smartRouting.ts
+++ b/src/utils/smartRouting.ts
@@ -1,5 +1,4 @@
-import { expandEnvVars } from '../config/index.js';
-import { getSystemConfigDao } from '../dao/DaoFactory.js';
+import { loadSettings, expandEnvVars } from '../config/index.js';

 /**
 * Smart routing configuration interface
@@ -23,11 +22,10 @@ export interface SmartRoutingConfig {
 *
 * @returns {SmartRoutingConfig} Complete smart routing configuration
 */
-export async function getSmartRoutingConfig(): Promise<SmartRoutingConfig> {
-  // Get system config from DAO
-  const systemConfigDao = getSystemConfigDao();
-  const systemConfig = await systemConfigDao.get();
-  const smartRoutingSettings: Partial<SmartRoutingConfig> = systemConfig.smartRouting || {};
+export function getSmartRoutingConfig(): SmartRoutingConfig {
+  const settings = loadSettings();
+  const smartRoutingSettings: Partial<SmartRoutingConfig> =
+    settings.systemConfig?.smartRouting || {};

  return {
    // Enabled status - check multiple environment variables
--- a/tests/dao/bearerKeyDao.test.ts
+++ b/tests/dao/bearerKeyDao.test.ts
@@ -1,97 +0,0 @@
-import fs from 'fs';
-import os from 'os';
-import path from 'path';
-
-import { BearerKeyDaoImpl } from '../../src/dao/BearerKeyDao.js';
-
-const writeSettings = (settingsPath: string, settings: unknown): void => {
-  fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2), 'utf8');
-};
-
-describe('BearerKeyDaoImpl migration + settings caching behavior', () => {
-  let tmpDir: string;
-  let settingsPath: string;
-  let originalSettingsEnv: string | undefined;
-
-  beforeEach(() => {
-    tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'mcphub-bearer-keys-'));
-    settingsPath = path.join(tmpDir, 'mcp_settings.json');
-
-    originalSettingsEnv = process.env.MCPHUB_SETTING_PATH;
-    process.env.MCPHUB_SETTING_PATH = settingsPath;
-  });
-
-  afterEach(() => {
-    if (originalSettingsEnv === undefined) {
-      delete process.env.MCPHUB_SETTING_PATH;
-    } else {
-      process.env.MCPHUB_SETTING_PATH = originalSettingsEnv;
-    }
-
-    try {
-      fs.rmSync(tmpDir, { recursive: true, force: true });
-    } catch {
-      // ignore cleanup errors
-    }
-  });
-
-  it('does not rewrite settings when bearerKeys exists as an empty array', async () => {
-    writeSettings(settingsPath, {
-      mcpServers: {},
-      users: [],
-      systemConfig: {
-        routing: {
-          enableBearerAuth: false,
-          bearerAuthKey: '',
-        },
-      },
-      bearerKeys: [],
-    });
-
-    const writeSpy = jest.spyOn(fs, 'writeFileSync');
-
-    const dao = new BearerKeyDaoImpl();
-    const enabled1 = await dao.findEnabled();
-    const enabled2 = await dao.findEnabled();
-
-    expect(enabled1).toEqual([]);
-    expect(enabled2).toEqual([]);
-
-    // The DAO should NOT persist anything because bearerKeys already exists.
-    expect(writeSpy).not.toHaveBeenCalled();
-
-    writeSpy.mockRestore();
-  });
-
-  it('migrates legacy bearerAuthKey only once', async () => {
-    writeSettings(settingsPath, {
-      mcpServers: {},
-      users: [],
-      systemConfig: {
-        routing: {
-          enableBearerAuth: true,
-          bearerAuthKey: 'legacy-token',
-        },
-      },
-      // bearerKeys is intentionally missing to trigger migration
-    });
-
-    const writeSpy = jest.spyOn(fs, 'writeFileSync');
-
-    const dao = new BearerKeyDaoImpl();
-
-    const enabled1 = await dao.findEnabled();
-    expect(enabled1).toHaveLength(1);
-    expect(enabled1[0].token).toBe('legacy-token');
-    expect(enabled1[0].enabled).toBe(true);
-
-    const enabled2 = await dao.findEnabled();
-    expect(enabled2).toHaveLength(1);
-    expect(enabled2[0].token).toBe('legacy-token');
-
-    // One write for the migration, no further writes on subsequent reads.
-    expect(writeSpy).toHaveBeenCalledTimes(1);
-
-    writeSpy.mockRestore();
-  });
-});
--- a/tests/services/mcpOAuthProvider.test.ts
+++ b/tests/services/mcpOAuthProvider.test.ts
@@ -0,0 +1,106 @@
+jest.mock('../../src/services/oauthClientRegistration.js', () => ({
+  initializeOAuthForServer: jest.fn(),
+  getRegisteredClient: jest.fn(),
+  removeRegisteredClient: jest.fn(),
+  fetchScopesFromServer: jest.fn(),
+  refreshAccessToken: jest.fn(),
+}));
+
+jest.mock('../../src/services/oauthSettingsStore.js', () => ({
+  loadServerConfig: jest.fn(),
+  mutateOAuthSettings: jest.fn(),
+  persistTokens: jest.fn(),
+  updatePendingAuthorization: jest.fn(),
+}));
+
+jest.mock('../../src/services/mcpService.js', () => ({
+  getServerByName: jest.fn(),
+}));
+
+jest.mock('../../src/dao/index.js', () => ({
+  getSystemConfigDao: jest.fn(() => ({ get: jest.fn() })),
+}));
+
+import { MCPHubOAuthProvider } from '../../src/services/mcpOAuthProvider.js';
+import * as oauthRegistration from '../../src/services/oauthClientRegistration.js';
+import * as oauthSettingsStore from '../../src/services/oauthSettingsStore.js';
+import type { ServerConfig } from '../../src/types/index.js';
+
+describe('MCPHubOAuthProvider token refresh', () => {
+  const NOW = 1_700_000_000_000;
+  const TEN_MINUTES_MS = 10 * 60 * 1_000;
+  let nowSpy: jest.SpyInstance<number, []>;
+
+  beforeEach(() => {
+    nowSpy = jest.spyOn(Date, 'now').mockReturnValue(NOW);
+    jest.clearAllMocks();
+  });
+
+  afterEach(() => {
+    nowSpy.mockRestore();
+  });
+
+  const baseConfig: ServerConfig = {
+    url: 'https://example.com/v1/sse',
+    oauth: {
+      clientId: 'client-id',
+      accessToken: 'old-access',
+      refreshToken: 'refresh-token',
+    },
+  };
+
+  it('refreshes access token when expired', async () => {
+    const expiredConfig: ServerConfig = {
+      ...baseConfig,
+      oauth: {
+        ...baseConfig.oauth,
+        accessTokenExpiresAt: NOW - 1_000,
+      },
+    };
+
+    const refreshedConfig: ServerConfig = {
+      ...expiredConfig,
+      oauth: {
+        ...expiredConfig.oauth,
+        accessToken: 'new-access',
+        refreshToken: 'new-refresh',
+        accessTokenExpiresAt: NOW + 3_600_000,
+      },
+    };
+
+    (oauthRegistration.initializeOAuthForServer as jest.Mock).mockResolvedValue({
+      config: {},
+    });
+    (oauthRegistration.refreshAccessToken as jest.Mock).mockResolvedValue({
+      accessToken: 'new-access',
+      refreshToken: 'new-refresh',
+      expiresIn: 3600,
+    });
+    (oauthSettingsStore.loadServerConfig as jest.Mock).mockResolvedValue(refreshedConfig);
+
+    const provider = new MCPHubOAuthProvider('atlassian-work', expiredConfig);
+
+    const tokens = await provider.tokens();
+
+    expect(oauthRegistration.refreshAccessToken).toHaveBeenCalledTimes(1);
+    expect(oauthSettingsStore.loadServerConfig).toHaveBeenCalledTimes(1);
+    expect(tokens?.access_token).toBe('new-access');
+    expect(tokens?.refresh_token).toBe('new-refresh');
+  });
+
+  it('returns cached token when not expired', async () => {
+    const freshConfig: ServerConfig = {
+      ...baseConfig,
+      oauth: {
+        ...baseConfig.oauth,
+        accessTokenExpiresAt: NOW + TEN_MINUTES_MS,
+      },
+    };
+
+    const provider = new MCPHubOAuthProvider('atlassian-work', freshConfig);
+    const tokens = await provider.tokens();
+
+    expect(tokens?.access_token).toBe('old-access');
+    expect(oauthRegistration.refreshAccessToken).not.toHaveBeenCalled();
+  });
+});
Author	SHA1	Message	Date
copilot-swe-agent[bot]	1a7d8083ef	chore: clarify token refresh comments Co-authored-by: samanhappy <2755122+samanhappy@users.noreply.github.com>	2025-12-13 14:50:55 +00:00
copilot-swe-agent[bot]	58a73b6688	chore: simplify oauth token expiry helpers Co-authored-by: samanhappy <2755122+samanhappy@users.noreply.github.com>	2025-12-13 14:49:15 +00:00
copilot-swe-agent[bot]	6fc0bd6a49	chore: finalize oauth token refresh tweaks Co-authored-by: samanhappy <2755122+samanhappy@users.noreply.github.com>	2025-12-13 14:46:49 +00:00
copilot-swe-agent[bot]	375be863b8	chore: refine oauth token tests and warnings Co-authored-by: samanhappy <2755122+samanhappy@users.noreply.github.com>	2025-12-13 14:45:20 +00:00
copilot-swe-agent[bot]	a4a08d68b9	chore: apply review suggestions Co-authored-by: samanhappy <2755122+samanhappy@users.noreply.github.com>	2025-12-13 14:38:07 +00:00
copilot-swe-agent[bot]	914ac36f23	chore: address review feedback for oauth refresh Co-authored-by: samanhappy <2755122+samanhappy@users.noreply.github.com>	2025-12-13 14:36:16 +00:00
copilot-swe-agent[bot]	b98180c870	chore: refine oauth token expiry handling Co-authored-by: samanhappy <2755122+samanhappy@users.noreply.github.com>	2025-12-13 14:33:49 +00:00
copilot-swe-agent[bot]	2ab60bf7a9	feat: auto-refresh oauth tokens for upstream servers Co-authored-by: samanhappy <2755122+samanhappy@users.noreply.github.com>	2025-12-13 14:31:39 +00:00
copilot-swe-agent[bot]	af44eac40c	Initial plan	2025-12-13 14:17:13 +00:00