@corbat-tech/coco 2.25.10 → 2.25.12

package/dist/cli/index.js

@@ -2568,7 +2568,11 @@ function getDefaultModel(provider) {
 function normalizeConfiguredModel(model) {
   if (typeof model !== "string") return void 0;
   const trimmed = model.trim();
-  return trimmed.length > 0 ? trimmed : void 0;
+  if (trimmed.length === 0) return void 0;
+  if (["default", "none", "null", "undefined"].includes(trimmed.toLowerCase())) {
+    return void 0;
+  }
+  return trimmed;
 }
 function getDefaultProvider() {
   const envProvider = process.env["COCO_PROVIDER"]?.toLowerCase();
@@ -4498,7 +4502,9 @@ var init_openai = __esm({
               input,
               instructions: instructions ?? void 0,
               max_output_tokens: options?.maxTokens ?? this.config.maxTokens ?? 8192,
-              ...supportsTemp && { temperature: options?.temperature ?? this.config.temperature ?? 0 },
+              ...supportsTemp && {
+                temperature: options?.temperature ?? this.config.temperature ?? 0
+              },
               store: false
             });
             return {
@@ -4533,7 +4539,9 @@ var init_openai = __esm({
               instructions: instructions ?? void 0,
               tools,
               max_output_tokens: options?.maxTokens ?? this.config.maxTokens ?? 8192,
-              ...supportsTemp && { temperature: options?.temperature ?? this.config.temperature ?? 0 },
+              ...supportsTemp && {
+                temperature: options?.temperature ?? this.config.temperature ?? 0
+              },
               store: false
             });
             let content = "";
@@ -10261,6 +10269,7 @@ Rules:
 - If you need real-time data, CALL web_search. NEVER say "I don't have access to real-time data."
 - If an MCP tool exists for a service (tool names like \`mcp_<service>_...\`), prefer that MCP tool over generic \`web_fetch\` or \`http_fetch\`.
 - Use \`mcp_list_servers\` to inspect configured or connected MCP services. Do NOT use \`bash_exec\` to run \`coco mcp ...\` unless the user explicitly asked for that CLI command.
+- If the user asks you to use an MCP service and it is configured but disconnected, call \`mcp_connect_server\` first. This built-in flow may open a browser for OAuth. Do NOT ask the user for raw tokens when MCP OAuth is supported.
 - Before answering "I can't do that", check your full tool catalog below \u2014 you likely have a tool for it.
 - NEVER claim you cannot run a command because you lack credentials, access, or connectivity. bash_exec runs in the user's own shell environment and inherits their full PATH, kubeconfig, gcloud auth, AWS profiles, SSH keys, and every other tool installed on their machine. kubectl, gcloud, aws, docker, and any other CLI available to the user are available to you. ALWAYS attempt the command with bash_exec; report failure only if it actually returns a non-zero exit code.
 
@@ -21252,7 +21261,9 @@ function createProtectedMetadataCandidates(resourceUrl, headerUrl) {
   candidates.push(`${origin}/.well-known/oauth-protected-resource`);
   if (pathPart && pathPart !== "/") {
     candidates.push(`${origin}/.well-known/oauth-protected-resource${pathPart}`);
-    candidates.push(`${origin}/.well-known/oauth-protected-resource/${pathPart.replace(/^\//, "")}`);
+    candidates.push(
+      `${origin}/.well-known/oauth-protected-resource/${pathPart.replace(/^\//, "")}`
+    );
   }
   return Array.from(new Set(candidates));
 }
@@ -21651,14 +21662,6 @@ var init_http = __esm({
           if (this.shouldAttemptOAuth()) {
             this.oauthToken = await getStoredMcpOAuthToken(this.config.url);
           }
-          const response = await this.sendRequestWithOAuthRetry(
-            "GET",
-            void 0,
-            this.abortController.signal
-          );
-          if (!response.ok && response.status !== 404) {
-            throw new Error(`HTTP ${response.status}: ${response.statusText}`);
-          }
           this.connected = true;
         } catch (error) {
           if (error instanceof MCPError) {
@@ -22367,6 +22370,263 @@ var init_full_power_risk_mode = __esm({
   }
 });
 
+// src/mcp/tools.ts
+var tools_exports = {};
+__export(tools_exports, {
+  createToolsFromMCPServer: () => createToolsFromMCPServer,
+  extractOriginalToolName: () => extractOriginalToolName,
+  getMCPToolInfo: () => getMCPToolInfo,
+  jsonSchemaToZod: () => jsonSchemaToZod,
+  registerMCPTools: () => registerMCPTools,
+  wrapMCPTool: () => wrapMCPTool,
+  wrapMCPTools: () => wrapMCPTools
+});
+function buildMcpToolDescription(serverName, tool) {
+  const base = tool.description || `Tool '${tool.name}' exposed by MCP server '${serverName}'`;
+  const lowerServer = serverName.toLowerCase();
+  if (lowerServer.includes("atlassian") || lowerServer.includes("jira") || lowerServer.includes("confluence")) {
+    return `${base}. Use this MCP tool for Atlassian/Jira/Confluence data. Prefer it over direct web_fetch or http_fetch for Atlassian content.`;
+  }
+  return `${base}. Exposed by MCP server '${serverName}'. Prefer this MCP tool over generic web/http fetch when accessing data from that connected service.`;
+}
+function jsonSchemaToZod(schema) {
+  if (schema.enum && Array.isArray(schema.enum)) {
+    const values = schema.enum;
+    if (values.length > 0 && values.every((v) => typeof v === "string")) {
+      return z.enum(values);
+    }
+    const literals = values.map((v) => z.literal(v));
+    if (literals.length < 2) {
+      return literals[0] ?? z.any();
+    }
+    return z.union(literals);
+  }
+  if (schema.const !== void 0) {
+    return z.literal(schema.const);
+  }
+  if (schema.oneOf && Array.isArray(schema.oneOf)) {
+    const schemas = schema.oneOf.map(jsonSchemaToZod);
+    if (schemas.length >= 2) {
+      return z.union(schemas);
+    }
+    return schemas[0] ?? z.unknown();
+  }
+  if (schema.anyOf && Array.isArray(schema.anyOf)) {
+    const schemas = schema.anyOf.map(jsonSchemaToZod);
+    if (schemas.length >= 2) {
+      return z.union(schemas);
+    }
+    return schemas[0] ?? z.unknown();
+  }
+  if (schema.allOf && Array.isArray(schema.allOf)) {
+    const schemas = schema.allOf.map(jsonSchemaToZod);
+    return schemas.reduce((acc, s) => z.intersection(acc, s));
+  }
+  const type = schema.type;
+  const makeNullable = (s) => {
+    if (schema.nullable === true) return s.nullable();
+    return s;
+  };
+  switch (type) {
+    case "string": {
+      let s = z.string();
+      if (schema.format) {
+        switch (schema.format) {
+          case "uri":
+          case "url":
+            s = z.string().url();
+            break;
+          case "email":
+            s = z.string().email();
+            break;
+          case "date-time":
+          case "datetime":
+            s = z.string().datetime();
+            break;
+        }
+      }
+      if (typeof schema.minLength === "number") s = s.min(schema.minLength);
+      if (typeof schema.maxLength === "number") s = s.max(schema.maxLength);
+      return makeNullable(s);
+    }
+    case "number": {
+      let n = z.number();
+      if (typeof schema.minimum === "number") n = n.min(schema.minimum);
+      if (typeof schema.maximum === "number") n = n.max(schema.maximum);
+      if (typeof schema.exclusiveMinimum === "number") n = n.gt(schema.exclusiveMinimum);
+      if (typeof schema.exclusiveMaximum === "number") n = n.lt(schema.exclusiveMaximum);
+      return makeNullable(n);
+    }
+    case "integer": {
+      let n = z.number().int();
+      if (typeof schema.minimum === "number") n = n.min(schema.minimum);
+      if (typeof schema.maximum === "number") n = n.max(schema.maximum);
+      return makeNullable(n);
+    }
+    case "boolean":
+      return makeNullable(z.boolean());
+    case "null":
+      return z.null();
+    case "array":
+      if (schema.items) {
+        const itemSchema = jsonSchemaToZod(schema.items);
+        let arr = z.array(itemSchema);
+        if (typeof schema.minItems === "number") arr = arr.min(schema.minItems);
+        if (typeof schema.maxItems === "number") arr = arr.max(schema.maxItems);
+        return makeNullable(arr);
+      }
+      return makeNullable(z.array(z.unknown()));
+    case "object": {
+      const properties = schema.properties;
+      const required = schema.required;
+      if (!properties) {
+        return makeNullable(z.record(z.string(), z.unknown()));
+      }
+      const shape = {};
+      for (const [key, propSchema] of Object.entries(properties)) {
+        let fieldSchema = jsonSchemaToZod(propSchema);
+        if (!required?.includes(key)) {
+          fieldSchema = fieldSchema.optional();
+        }
+        if (propSchema.description && typeof propSchema.description === "string") {
+          fieldSchema = fieldSchema.describe(propSchema.description);
+        }
+        shape[key] = fieldSchema;
+      }
+      return makeNullable(z.object(shape));
+    }
+    default:
+      if (Array.isArray(schema.type)) {
+        const types = schema.type;
+        if (types.includes("null")) {
+          const nonNullType = types.find((t) => t !== "null");
+          if (nonNullType) {
+            return jsonSchemaToZod({ ...schema, type: nonNullType }).nullable();
+          }
+        }
+      }
+      return z.unknown();
+  }
+}
+function createToolParametersSchema(tool) {
+  const schema = tool.inputSchema;
+  if (!schema || schema.type !== "object") {
+    return z.object({});
+  }
+  return jsonSchemaToZod(schema);
+}
+function formatToolResult(result) {
+  if (result.isError) {
+    throw new Error(result.content.map((c) => c.text || "").join("\n"));
+  }
+  return result.content.map((item) => {
+    switch (item.type) {
+      case "text":
+        return item.text || "";
+      case "image":
+        return `[Image: ${item.mimeType || "unknown"}]`;
+      case "resource":
+        return `[Resource: ${item.resource?.uri || "unknown"}]`;
+      default:
+        return "";
+    }
+  }).filter(Boolean).join("\n");
+}
+function createToolName(serverName, toolName, prefix) {
+  return `${prefix}_${serverName}_${toolName}`.replace(/[^a-zA-Z0-9_]/g, "_");
+}
+function wrapMCPTool(tool, serverName, client, options = {}) {
+  const opts = { ...DEFAULT_OPTIONS2, ...options };
+  const wrappedName = createToolName(serverName, tool.name, opts.namePrefix);
+  const parametersSchema = createToolParametersSchema(tool);
+  const cocoTool = {
+    name: wrappedName,
+    description: buildMcpToolDescription(serverName, tool),
+    category: opts.category,
+    parameters: parametersSchema,
+    execute: async (params) => {
+      const timeout = opts.requestTimeout;
+      try {
+        const result = await Promise.race([
+          client.callTool({
+            name: tool.name,
+            arguments: params
+          }),
+          new Promise((_, reject) => {
+            setTimeout(() => {
+              reject(new MCPTimeoutError(`Tool '${tool.name}' timed out after ${timeout}ms`));
+            }, timeout);
+          })
+        ]);
+        return formatToolResult(result);
+      } catch (error) {
+        if (error instanceof MCPError) {
+          throw error;
+        }
+        throw new MCPError(
+          -32603,
+          `Tool execution failed: ${error instanceof Error ? error.message : "Unknown error"}`
+        );
+      }
+    }
+  };
+  const wrapped = {
+    originalTool: tool,
+    serverName,
+    wrappedName
+  };
+  return { tool: cocoTool, wrapped };
+}
+function wrapMCPTools(tools, serverName, client, options = {}) {
+  const cocoTools = [];
+  const wrappedTools = [];
+  for (const tool of tools) {
+    const { tool: cocoTool, wrapped } = wrapMCPTool(tool, serverName, client, options);
+    cocoTools.push(cocoTool);
+    wrappedTools.push(wrapped);
+  }
+  return { tools: cocoTools, wrapped: wrappedTools };
+}
+async function createToolsFromMCPServer(serverName, client, options = {}) {
+  if (!client.isConnected()) {
+    await client.initialize({
+      protocolVersion: "2024-11-05",
+      capabilities: {},
+      clientInfo: { name: "coco-mcp-client", version: "0.2.0" }
+    });
+  }
+  const { tools } = await client.listTools();
+  return wrapMCPTools(tools, serverName, client, options);
+}
+async function registerMCPTools(registry, serverName, client, options = {}) {
+  const { tools, wrapped } = await createToolsFromMCPServer(serverName, client, options);
+  for (const tool of tools) {
+    registry.register(tool);
+  }
+  return wrapped;
+}
+function getMCPToolInfo(wrappedName, wrappedTools) {
+  return wrappedTools.find((t) => t.wrappedName === wrappedName);
+}
+function extractOriginalToolName(wrappedName, serverName, prefix = "mcp") {
+  const prefix_pattern = `${prefix}_${serverName}_`;
+  if (wrappedName.startsWith(prefix_pattern)) {
+    return wrappedName.slice(prefix_pattern.length);
+  }
+  return null;
+}
+var DEFAULT_OPTIONS2;
+var init_tools = __esm({
+  "src/mcp/tools.ts"() {
+    init_errors2();
+    DEFAULT_OPTIONS2 = {
+      namePrefix: "mcp",
+      category: "deploy",
+      requestTimeout: 6e4
+    };
+  }
+});
+
 // src/cli/repl/allow-path-prompt.ts
 var allow_path_prompt_exports = {};
 __export(allow_path_prompt_exports, {
@@ -22815,263 +23075,6 @@ var init_stack_detector = __esm({
   }
 });
 
-// src/mcp/tools.ts
-var tools_exports = {};
-__export(tools_exports, {
-  createToolsFromMCPServer: () => createToolsFromMCPServer,
-  extractOriginalToolName: () => extractOriginalToolName,
-  getMCPToolInfo: () => getMCPToolInfo,
-  jsonSchemaToZod: () => jsonSchemaToZod,
-  registerMCPTools: () => registerMCPTools,
-  wrapMCPTool: () => wrapMCPTool,
-  wrapMCPTools: () => wrapMCPTools
-});
-function buildMcpToolDescription(serverName, tool) {
-  const base = tool.description || `Tool '${tool.name}' exposed by MCP server '${serverName}'`;
-  const lowerServer = serverName.toLowerCase();
-  if (lowerServer.includes("atlassian") || lowerServer.includes("jira") || lowerServer.includes("confluence")) {
-    return `${base}. Use this MCP tool for Atlassian/Jira/Confluence data. Prefer it over direct web_fetch or http_fetch for Atlassian content.`;
-  }
-  return `${base}. Exposed by MCP server '${serverName}'. Prefer this MCP tool over generic web/http fetch when accessing data from that connected service.`;
-}
-function jsonSchemaToZod(schema) {
-  if (schema.enum && Array.isArray(schema.enum)) {
-    const values = schema.enum;
-    if (values.length > 0 && values.every((v) => typeof v === "string")) {
-      return z.enum(values);
-    }
-    const literals = values.map((v) => z.literal(v));
-    if (literals.length < 2) {
-      return literals[0] ?? z.any();
-    }
-    return z.union(literals);
-  }
-  if (schema.const !== void 0) {
-    return z.literal(schema.const);
-  }
-  if (schema.oneOf && Array.isArray(schema.oneOf)) {
-    const schemas = schema.oneOf.map(jsonSchemaToZod);
-    if (schemas.length >= 2) {
-      return z.union(schemas);
-    }
-    return schemas[0] ?? z.unknown();
-  }
-  if (schema.anyOf && Array.isArray(schema.anyOf)) {
-    const schemas = schema.anyOf.map(jsonSchemaToZod);
-    if (schemas.length >= 2) {
-      return z.union(schemas);
-    }
-    return schemas[0] ?? z.unknown();
-  }
-  if (schema.allOf && Array.isArray(schema.allOf)) {
-    const schemas = schema.allOf.map(jsonSchemaToZod);
-    return schemas.reduce((acc, s) => z.intersection(acc, s));
-  }
-  const type = schema.type;
-  const makeNullable = (s) => {
-    if (schema.nullable === true) return s.nullable();
-    return s;
-  };
-  switch (type) {
-    case "string": {
-      let s = z.string();
-      if (schema.format) {
-        switch (schema.format) {
-          case "uri":
-          case "url":
-            s = z.string().url();
-            break;
-          case "email":
-            s = z.string().email();
-            break;
-          case "date-time":
-          case "datetime":
-            s = z.string().datetime();
-            break;
-        }
-      }
-      if (typeof schema.minLength === "number") s = s.min(schema.minLength);
-      if (typeof schema.maxLength === "number") s = s.max(schema.maxLength);
-      return makeNullable(s);
-    }
-    case "number": {
-      let n = z.number();
-      if (typeof schema.minimum === "number") n = n.min(schema.minimum);
-      if (typeof schema.maximum === "number") n = n.max(schema.maximum);
-      if (typeof schema.exclusiveMinimum === "number") n = n.gt(schema.exclusiveMinimum);
-      if (typeof schema.exclusiveMaximum === "number") n = n.lt(schema.exclusiveMaximum);
-      return makeNullable(n);
-    }
-    case "integer": {
-      let n = z.number().int();
-      if (typeof schema.minimum === "number") n = n.min(schema.minimum);
-      if (typeof schema.maximum === "number") n = n.max(schema.maximum);
-      return makeNullable(n);
-    }
-    case "boolean":
-      return makeNullable(z.boolean());
-    case "null":
-      return z.null();
-    case "array":
-      if (schema.items) {
-        const itemSchema = jsonSchemaToZod(schema.items);
-        let arr = z.array(itemSchema);
-        if (typeof schema.minItems === "number") arr = arr.min(schema.minItems);
-        if (typeof schema.maxItems === "number") arr = arr.max(schema.maxItems);
-        return makeNullable(arr);
-      }
-      return makeNullable(z.array(z.unknown()));
-    case "object": {
-      const properties = schema.properties;
-      const required = schema.required;
-      if (!properties) {
-        return makeNullable(z.record(z.string(), z.unknown()));
-      }
-      const shape = {};
-      for (const [key, propSchema] of Object.entries(properties)) {
-        let fieldSchema = jsonSchemaToZod(propSchema);
-        if (!required?.includes(key)) {
-          fieldSchema = fieldSchema.optional();
-        }
-        if (propSchema.description && typeof propSchema.description === "string") {
-          fieldSchema = fieldSchema.describe(propSchema.description);
-        }
-        shape[key] = fieldSchema;
-      }
-      return makeNullable(z.object(shape));
-    }
-    default:
-      if (Array.isArray(schema.type)) {
-        const types = schema.type;
-        if (types.includes("null")) {
-          const nonNullType = types.find((t) => t !== "null");
-          if (nonNullType) {
-            return jsonSchemaToZod({ ...schema, type: nonNullType }).nullable();
-          }
-        }
-      }
-      return z.unknown();
-  }
-}
-function createToolParametersSchema(tool) {
-  const schema = tool.inputSchema;
-  if (!schema || schema.type !== "object") {
-    return z.object({});
-  }
-  return jsonSchemaToZod(schema);
-}
-function formatToolResult(result) {
-  if (result.isError) {
-    throw new Error(result.content.map((c) => c.text || "").join("\n"));
-  }
-  return result.content.map((item) => {
-    switch (item.type) {
-      case "text":
-        return item.text || "";
-      case "image":
-        return `[Image: ${item.mimeType || "unknown"}]`;
-      case "resource":
-        return `[Resource: ${item.resource?.uri || "unknown"}]`;
-      default:
-        return "";
-    }
-  }).filter(Boolean).join("\n");
-}
-function createToolName(serverName, toolName, prefix) {
-  return `${prefix}_${serverName}_${toolName}`.replace(/[^a-zA-Z0-9_]/g, "_");
-}
-function wrapMCPTool(tool, serverName, client, options = {}) {
-  const opts = { ...DEFAULT_OPTIONS2, ...options };
-  const wrappedName = createToolName(serverName, tool.name, opts.namePrefix);
-  const parametersSchema = createToolParametersSchema(tool);
-  const cocoTool = {
-    name: wrappedName,
-    description: buildMcpToolDescription(serverName, tool),
-    category: opts.category,
-    parameters: parametersSchema,
-    execute: async (params) => {
-      const timeout = opts.requestTimeout;
-      try {
-        const result = await Promise.race([
-          client.callTool({
-            name: tool.name,
-            arguments: params
-          }),
-          new Promise((_, reject) => {
-            setTimeout(() => {
-              reject(new MCPTimeoutError(`Tool '${tool.name}' timed out after ${timeout}ms`));
-            }, timeout);
-          })
-        ]);
-        return formatToolResult(result);
-      } catch (error) {
-        if (error instanceof MCPError) {
-          throw error;
-        }
-        throw new MCPError(
-          -32603,
-          `Tool execution failed: ${error instanceof Error ? error.message : "Unknown error"}`
-        );
-      }
-    }
-  };
-  const wrapped = {
-    originalTool: tool,
-    serverName,
-    wrappedName
-  };
-  return { tool: cocoTool, wrapped };
-}
-function wrapMCPTools(tools, serverName, client, options = {}) {
-  const cocoTools = [];
-  const wrappedTools = [];
-  for (const tool of tools) {
-    const { tool: cocoTool, wrapped } = wrapMCPTool(tool, serverName, client, options);
-    cocoTools.push(cocoTool);
-    wrappedTools.push(wrapped);
-  }
-  return { tools: cocoTools, wrapped: wrappedTools };
-}
-async function createToolsFromMCPServer(serverName, client, options = {}) {
-  if (!client.isConnected()) {
-    await client.initialize({
-      protocolVersion: "2024-11-05",
-      capabilities: {},
-      clientInfo: { name: "coco-mcp-client", version: "0.2.0" }
-    });
-  }
-  const { tools } = await client.listTools();
-  return wrapMCPTools(tools, serverName, client, options);
-}
-async function registerMCPTools(registry, serverName, client, options = {}) {
-  const { tools, wrapped } = await createToolsFromMCPServer(serverName, client, options);
-  for (const tool of tools) {
-    registry.register(tool);
-  }
-  return wrapped;
-}
-function getMCPToolInfo(wrappedName, wrappedTools) {
-  return wrappedTools.find((t) => t.wrappedName === wrappedName);
-}
-function extractOriginalToolName(wrappedName, serverName, prefix = "mcp") {
-  const prefix_pattern = `${prefix}_${serverName}_`;
-  if (wrappedName.startsWith(prefix_pattern)) {
-    return wrappedName.slice(prefix_pattern.length);
-  }
-  return null;
-}
-var DEFAULT_OPTIONS2;
-var init_tools = __esm({
-  "src/mcp/tools.ts"() {
-    init_errors2();
-    DEFAULT_OPTIONS2 = {
-      namePrefix: "mcp",
-      category: "deploy",
-      requestTimeout: 6e4
-    };
-  }
-});
-
 // src/cli/repl/hooks/types.ts
 function isHookEvent(value) {
   return typeof value === "string" && HOOK_EVENTS.includes(value);
@@ -38297,6 +38300,9 @@ var RECOMMENDED_DENY = [
   "bash:eval",
   "bash:source"
 ];
+function getProjectPreferenceKey(projectPath) {
+  return path39__default.resolve(projectPath);
+}
 async function loadPermissionPreferences() {
   try {
     const content = await fs35__default.readFile(CONFIG_PATHS.config, "utf-8");
@@ -38304,7 +38310,8 @@ async function loadPermissionPreferences() {
     return {
       recommendedAllowlistApplied: config.recommendedAllowlistApplied,
       recommendedAllowlistDismissed: config.recommendedAllowlistDismissed,
-      recommendedAllowlistPrompted: config.recommendedAllowlistPrompted
+      recommendedAllowlistPrompted: config.recommendedAllowlistPrompted,
+      recommendedAllowlistPromptedProjects: config.recommendedAllowlistPromptedProjects
     };
   } catch {
     return {};
@@ -38324,7 +38331,26 @@ async function savePermissionPreference(key, value) {
   } catch {
   }
 }
-async function shouldShowPermissionSuggestion() {
+async function markPermissionSuggestionShownForProject(projectPath) {
+  try {
+    let config = {};
+    try {
+      const content = await fs35__default.readFile(CONFIG_PATHS.config, "utf-8");
+      config = JSON.parse(content);
+    } catch {
+    }
+    const promptedProjects = {
+      ...config.recommendedAllowlistPromptedProjects,
+      [getProjectPreferenceKey(projectPath)]: true
+    };
+    config.recommendedAllowlistPromptedProjects = promptedProjects;
+    config.recommendedAllowlistPrompted = true;
+    await fs35__default.mkdir(path39__default.dirname(CONFIG_PATHS.config), { recursive: true });
+    await fs35__default.writeFile(CONFIG_PATHS.config, JSON.stringify(config, null, 2), "utf-8");
+  } catch {
+  }
+}
+async function shouldShowPermissionSuggestion(projectPath = process.cwd()) {
   const prefs = await loadPermissionPreferences();
   if (prefs.recommendedAllowlistDismissed) {
     return false;
@@ -38332,6 +38358,10 @@ async function shouldShowPermissionSuggestion() {
   if (prefs.recommendedAllowlistApplied) {
     return false;
   }
+  const projectKey = getProjectPreferenceKey(projectPath);
+  if (prefs.recommendedAllowlistPromptedProjects?.[projectKey]) {
+    return false;
+  }
   return true;
 }
 async function applyRecommendedPermissions() {
@@ -38340,7 +38370,8 @@ async function applyRecommendedPermissions() {
   }
   await savePermissionPreference("recommendedAllowlistApplied", true);
 }
-async function showPermissionSuggestion() {
+async function showPermissionSuggestion(projectPath = process.cwd()) {
+  await markPermissionSuggestionShownForProject(projectPath);
   console.log();
   console.log(chalk.magenta.bold("  \u{1F4CB} Recommended Permissions"));
   console.log();
@@ -47396,6 +47427,27 @@ init_registry4();
 init_registry();
 init_config_loader();
 init_lifecycle();
+init_tools();
+async function loadConfiguredServers(projectPath) {
+  const registry = new MCPRegistryImpl();
+  await registry.load();
+  const resolvedProjectPath = projectPath || process.cwd();
+  return mergeMCPConfigs(
+    registry.listServers(),
+    await loadMCPServersFromCOCOConfig(),
+    await loadProjectMCPFile(resolvedProjectPath)
+  );
+}
+function findConfiguredServer(servers, requestedServer) {
+  const normalized = requestedServer.trim().toLowerCase();
+  return servers.find((server) => {
+    const name = server.name.toLowerCase();
+    if (name === normalized) return true;
+    if (name.includes(normalized) || normalized.includes(name)) return true;
+    if (name.includes("atlassian") && /^(atlassian|jira|confluence)$/.test(normalized)) return true;
+    return false;
+  });
+}
 var mcpListServersTool = defineTool({
   name: "mcp_list_servers",
   description: `Inspect Coco's MCP configuration and current runtime connections.
@@ -47409,14 +47461,9 @@ when you need to know which MCP servers are configured, connected, healthy, or w
     projectPath: z.string().optional().describe("Project path whose .mcp.json should be merged. Defaults to process.cwd()")
   }),
   async execute({ includeDisabled, includeTools, projectPath }) {
-    const registry = new MCPRegistryImpl();
-    await registry.load();
-    const resolvedProjectPath = projectPath || process.cwd();
-    const configuredServers = mergeMCPConfigs(
-      registry.listServers(),
-      await loadMCPServersFromCOCOConfig(),
-      await loadProjectMCPFile(resolvedProjectPath)
-    ).filter((server) => includeDisabled || server.enabled !== false);
+    const configuredServers = (await loadConfiguredServers(projectPath)).filter(
+      (server) => includeDisabled || server.enabled !== false
+    );
     const manager = getMCPServerManager();
     const servers = [];
     for (const server of configuredServers) {
@@ -47447,7 +47494,59 @@ when you need to know which MCP servers are configured, connected, healthy, or w
     };
   }
 });
-var mcpTools = [mcpListServersTool];
+var mcpConnectServerTool = defineTool({
+  name: "mcp_connect_server",
+  description: `Connect or reconnect a configured MCP server in the current Coco session.
+
+Use this when mcp_list_servers shows a service as configured but disconnected, or when
+the user explicitly asks you to use a specific MCP service. This tool can trigger the
+built-in MCP OAuth browser login flow. Do not ask the user for raw tokens when this exists.`,
+  category: "config",
+  parameters: z.object({
+    server: z.string().describe("Configured MCP server name, or a common alias like 'jira' or 'atlassian'"),
+    includeTools: z.boolean().optional().default(true).describe("Include discovered MCP tool names after connecting"),
+    projectPath: z.string().optional().describe("Project path whose .mcp.json should be merged. Defaults to process.cwd()")
+  }),
+  async execute({ server, includeTools, projectPath }) {
+    const configuredServers = await loadConfiguredServers(projectPath);
+    const target = findConfiguredServer(
+      configuredServers.filter((configuredServer) => configuredServer.enabled !== false),
+      server
+    );
+    if (!target) {
+      throw new Error(`MCP server '${server}' is not configured`);
+    }
+    const manager = getMCPServerManager();
+    const existingConnection = manager.getConnection(target.name);
+    if (existingConnection && existingConnection.healthy === false) {
+      await manager.stopServer(target.name);
+    }
+    const connection = await manager.startServer(target);
+    const toolRegistry = getAgentToolRegistry();
+    if (toolRegistry) {
+      await registerMCPTools(toolRegistry, connection.name, connection.client);
+    }
+    let tools;
+    if (includeTools) {
+      try {
+        const listed = await connection.client.listTools();
+        tools = listed.tools.map((tool) => tool.name);
+      } catch {
+        tools = [];
+      }
+    }
+    return {
+      requestedServer: server,
+      connected: true,
+      healthy: true,
+      toolCount: connection.toolCount,
+      ...includeTools ? { tools: tools ?? [] } : {},
+      authTriggered: target.transport === "http",
+      message: `MCP server '${target.name}' is connected for this session.`
+    };
+  }
+});
+var mcpTools = [mcpListServersTool, mcpConnectServerTool];
 
 // src/tools/index.ts
 init_registry4();
@@ -53064,8 +53163,8 @@ async function startRepl(options = {}) {
   ]);
   session.projectContext = projectContext;
   await initializeSessionMemory(session);
-  if (await shouldShowPermissionSuggestion()) {
-    await showPermissionSuggestion();
+  if (await shouldShowPermissionSuggestion(projectPath)) {
+    await showPermissionSuggestion(projectPath);
     const updatedTrust = await loadTrustedTools(projectPath);
     for (const tool of updatedTrust) {
       session.trustedTools.add(tool);
@@ -53169,7 +53268,11 @@ async function startRepl(options = {}) {
     );
   }
   async function ensureRequestedMcpConnections(message) {
-    if (!mcpManager || configuredMcpServers.length === 0) return;
+    if (configuredMcpServers.length === 0) return;
+    if (!mcpManager) {
+      const { getMCPServerManager: getMCPServerManager2 } = await Promise.resolve().then(() => (init_lifecycle(), lifecycle_exports));
+      mcpManager = getMCPServerManager2();
+    }
     const normalizedMessage = message.toLowerCase();
     const explicitlyRequestsMcp = /\bmcp\b/.test(normalizedMessage) || /\b(use|using|usa|usar|utiliza|utilizar)\b.{0,24}\bmcp\b/.test(normalizedMessage);
     const matchingServers = configuredMcpServers.filter((server) => {
@@ -53184,13 +53287,13 @@ async function startRepl(options = {}) {
     });
     for (const server of matchingServers) {
       try {
+        const existingConnection = mcpManager.getConnection(server.name);
+        if (existingConnection?.healthy === false) {
+          await mcpManager.stopServer(server.name);
+        }
         const connection = await mcpManager.startServer(server);
         if (!registeredMcpServers.has(connection.name)) {
-          await (await Promise.resolve().then(() => (init_tools(), tools_exports))).registerMCPTools(
-            toolRegistry,
-            connection.name,
-            connection.client
-          );
+          await (await Promise.resolve().then(() => (init_tools(), tools_exports))).registerMCPTools(toolRegistry, connection.name, connection.client);
           registeredMcpServers.add(connection.name);
         }
       } catch (error) {