mirror of
https://github.com/mark3labs/kit.git
synced 2026-06-14 03:30:26 +00:00
Ed Zynda
7ef99ac60f
Strip user-facing I/O out of the SDK's OAuth surface so library, daemon, and web-app embedders are not surprised by port binds or browser opens. - DefaultMCPAuthHandler no longer calls openBrowser; it exposes an OnAuthURL(serverName, authURL) hook and performs no presentation I/O. - kit.New no longer auto-constructs a default handler when Options.MCPAuthHandler is nil. OAuth is opt-in; remote MCP servers requiring authorization fail with a clear error if no handler is set. - CLIMCPAuthHandler owns the CLI policy (browser open + stderr prints) by wiring an OnAuthURL closure on the inner DefaultMCPAuthHandler. - openBrowser is now unexported and colocated with its sole caller; no new exported helper is added to the SDK surface. BREAKING CHANGE: SDK consumers relying on implicit OAuth with a nil MCPAuthHandler must now pass kit.NewCLIMCPAuthHandler() (or a custom implementation) explicitly. The kit CLI is unaffected — cmd/root.go already constructs the handler explicitly.