User-configurable MCP connectors with OAuth 2.1, built into Mike's chat
ZachLaik's Connectors feature lets users register their own MCP servers from a Settings tab - URL plus optional headers, or a full OAuth 2.1 flow for spec-conformant servers - with tools from each enabled connector automatically merged into the chat assistant's per-request tool list.
The backend adds a user_mcp_servers table (owner-scoped RLS, slug constrained to ^[a-z0-9_-]{1,24}$) and a McpHttpClient wrapper around @modelcontextprotocol/sdk 1.29.0. At chat time, any MCP tool call matching the mcp__<slug>__<tool> prefix is dispatched to the originating server. Tool schemas are converted from MCP inputSchema format into Mike's existing tool format, with a 64-character name guard to stay inside API limits.
The simpler auth path accepts a URL plus arbitrary headers - enough to cover self-hosted servers and most token-issuing services. The OAuth 2.1 path uses the MCP SDK's auth() helper to handle RFC 9728 metadata discovery, RFC 7591 dynamic client registration, PKCE, authorization-code exchange, and token refresh. State tokens are HMAC-signed using the existing DOWNLOAD_SIGNING_SECRET, expire after 5 minutes, and carry no server-side session. ZachLaik verified this path against legaldatahunter.com/mcp.
SSE observability is wired in: each MCP tool invocation emits a mcp_tool_result event with server name, tool name, success status, and previews of args and output (capped at 4 KB for persistence; the model receives the full payload). The frontend renders these as expandable blocks in assistant messages. Header values and OAuth tokens are redacted from GET responses. Per-row encryption at rest is flagged as a follow-up hardening item.
Spotted something wrong? Or know the PR text has fresher detail than the writeup above?