@vellumai/assistant 0.7.0 → 0.7.2

package/src/runtime/routes/inbound-stages/acl-enforcement.ts

@@ -12,7 +12,6 @@ import {
   findContactChannel,
   findGuardianForChannel,
 } from "../../../contacts/contact-store.js";
-import { touchChannelLastSeen } from "../../../contacts/contacts-write.js";
 import type {
   ChannelStatus,
   ContactChannel,
@@ -104,40 +103,6 @@ export interface AclResult {
   resolvedMember: ResolvedMember | null;
   /** When set, the caller must return this response immediately. */
   earlyResponse?: Record<string, unknown>;
-  /**
-   * Parsed guardian verification code from the message content, if any.
-   * Surfaced here so downstream verification intercept logic can use it
-   * without re-parsing.
-   */
-  guardianVerifyCode: string | undefined;
-}
-
-/**
- * Strip Slack/Telegram mrkdwn formatting wrappers from a raw message.
- * When users copy-paste a verification code from the desktop app with
- * rich-text formatting (e.g. bold), Slack preserves it as `*code*` in
- * the message text, which would otherwise fail the strict bare-code regex.
- */
-function stripMrkdwnFormatting(text: string): string {
-  // Bold (*…*), italic (_…_), strikethrough (~…~), inline code (`…`)
-  return text.replace(/^[*_~`]+/, "").replace(/[*_~`]+$/, "");
-}
-
-/**
- * Parse a guardian verification code from message content.
- * Accepts a bare code as the entire message: 6-digit numeric OR 64-char hex
- * (hex is retained for compatibility with unbound inbound/bootstrap sessions
- * that intentionally use high-entropy secrets).
- *
- * Strips surrounding mrkdwn formatting characters first so that codes
- * pasted with bold/italic/code formatting are still recognized.
- */
-function parseGuardianVerifyCode(content: string): string | undefined {
-  const stripped = stripMrkdwnFormatting(content);
-  const bareMatch = stripped.match(/^([0-9a-fA-F]{64}|\d{6})$/);
-  if (bareMatch) return bareMatch[1];
-
-  return undefined;
 }
 
 /** Map ChannelStatus to the API-facing member status (excludes "unverified"). */
@@ -174,11 +139,6 @@ export async function enforceIngressAcl(
 
   let resolvedMember: ResolvedMember | null = null;
 
-  // Verification codes must bypass the ACL membership check — users without a
-  // member record need to verify before they can be recognized as members.
-  const guardianVerifyCode = parseGuardianVerifyCode(trimmedContent);
-  const isGuardianVerifyCode = guardianVerifyCode !== undefined;
-
   // /start gv_<token> bootstrap commands must also bypass ACL — the user
   // hasn't been verified yet and needs to complete the bootstrap handshake.
   const rawCommandIntentForAcl = sourceMetadata?.commandIntent;
@@ -228,27 +188,7 @@ export async function enforceIngressAcl(
     }
 
     if (!resolvedMember) {
-      // Determine whether a verification-code bypass is warranted: only allow
-      // when there is a pending (unconsumed, unexpired) challenge AND no
-      // active guardian binding for this (assistantId, channel).
       let denyNonMember = true;
-      if (isGuardianVerifyCode) {
-        // Allow bypass when there is any consumable challenge or active
-        // outbound session.  The !hasActiveBinding guard is intentionally
-        // omitted: rebind sessions create a consumable challenge while a
-        // binding already exists, and the identity check inside
-        // validateAndConsumeVerification prevents unauthorized takeovers.
-        const hasPendingChallenge = !!getPendingSession(sourceChannel);
-        const hasActiveOutboundSession = !!findActiveSession(sourceChannel);
-        if (hasPendingChallenge || hasActiveOutboundSession) {
-          denyNonMember = false;
-        } else {
-          log.info(
-            { sourceChannel, hasPendingChallenge, hasActiveOutboundSession },
-            "Ingress ACL: guardian verification bypass denied",
-          );
-        }
-      }
 
       // Bootstrap deep-link commands bypass ACL only when the token
       // resolves to a real pending_bootstrap session. Without this check,
@@ -297,7 +237,6 @@ export async function enforceIngressAcl(
           return {
             resolvedMember: null,
             earlyResponse: inviteResult,
-            guardianVerifyCode,
           };
       }
 
@@ -322,7 +261,6 @@ export async function enforceIngressAcl(
           return {
             resolvedMember: null,
             earlyResponse: codeInterceptResult,
-            guardianVerifyCode,
           };
       }
 
@@ -400,7 +338,6 @@ export async function enforceIngressAcl(
                 reason: "verification_challenge_sent",
                 verificationSessionId: slackVerifyResult.sessionId,
               }),
-              guardianVerifyCode,
             };
           }
         }
@@ -466,7 +403,6 @@ export async function enforceIngressAcl(
             // callback delivery failed (e.g. signing-key mismatch → 401).
             ...(!replyDelivered && { replyText }),
           }),
-          guardianVerifyCode,
         };
       }
     }
@@ -474,27 +410,9 @@ export async function enforceIngressAcl(
     if (resolvedMember) {
       if (resolvedMember.channel.status !== "active") {
         const isBlockedMember = resolvedMember.channel.status === "blocked";
-        // Same bypass logic as the no-member branch: verification codes and
-        // bootstrap commands must pass through for re-verifiable states
+        // Bootstrap commands must pass through for re-verifiable states
         // (pending/revoked), but never for blocked members.
         let denyInactiveMember = true;
-        if (!isBlockedMember && isGuardianVerifyCode) {
-          const hasPendingChallenge = !!getPendingSession(sourceChannel);
-          const hasActiveOutboundSession = !!findActiveSession(sourceChannel);
-          if (hasPendingChallenge || hasActiveOutboundSession) {
-            denyInactiveMember = false;
-          } else {
-            log.info(
-              {
-                sourceChannel,
-                channelId: resolvedMember.channel.id,
-                hasPendingChallenge,
-                hasActiveOutboundSession,
-              },
-              "Ingress ACL: inactive member verification bypass denied",
-            );
-          }
-        }
         if (!isBlockedMember && isBootstrapCommand) {
           const bootstrapPayload = (
             rawCommandIntentForAcl as Record<string, unknown>
@@ -543,7 +461,6 @@ export async function enforceIngressAcl(
             return {
               resolvedMember: null,
               earlyResponse: inviteResult,
-              guardianVerifyCode,
             };
         }
 
@@ -573,7 +490,6 @@ export async function enforceIngressAcl(
             return {
               resolvedMember: null,
               earlyResponse: codeInterceptResult,
-              guardianVerifyCode,
             };
         }
 
@@ -657,7 +573,6 @@ export async function enforceIngressAcl(
                   reason: "verification_challenge_sent",
                   verificationSessionId: slackVerifyResult.sessionId,
                 }),
-                guardianVerifyCode,
               };
             }
           }
@@ -730,7 +645,6 @@ export async function enforceIngressAcl(
               reason: `member_${channelStatusToMemberStatus(resolvedMember.channel.status)}`,
               ...(!inactiveReplyDelivered && { replyText: inactiveReplyText }),
             }),
-            guardianVerifyCode,
           };
         }
       }
@@ -771,20 +685,13 @@ export async function enforceIngressAcl(
             reason: "policy_deny",
             ...(!denyReplyDelivered && { replyText: denyReplyText }),
           }),
-          guardianVerifyCode,
         };
       }
 
-      // 'allow' or 'escalate' — update last seen timestamp.
-      // touchContactInteraction is intentionally NOT called here because
-      // duplicate detection hasn't run yet. It's called in
-      // inbound-message-handler.ts after dedup so webhook retries don't
-      // inflate interaction counts.
-      touchChannelLastSeen(resolvedMember.channel.id);
     }
   }
 
-  return { resolvedMember, guardianVerifyCode };
+  return { resolvedMember };
 }
 
 // ---------------------------------------------------------------------------

package/src/runtime/routes/inbound-stages/background-dispatch.ts

@@ -74,6 +74,7 @@ export interface BackgroundProcessingParams {
   externalChatId: string;
   trustCtx: TrustContext;
   metadataHints: string[];
+  slackRuntimeContextNotice?: string;
   metadataUxBrief?: string;
   replyCallbackUrl?: string;
   assistantId?: string;
@@ -108,6 +109,7 @@ export function processChannelMessageInBackground(
     externalChatId,
     trustCtx,
     metadataHints,
+    slackRuntimeContextNotice,
     metadataUxBrief,
     replyCallbackUrl,
     assistantId,
@@ -222,6 +224,7 @@ export function processChannelMessageInBackground(
           trustContext: trustCtx,
           isInteractive: resolveRoutingState(trustCtx).promptWaitingAllowed,
           ...(cmdIntent ? { commandIntent: cmdIntent } : {}),
+          ...(slackRuntimeContextNotice ? { slackRuntimeContextNotice } : {}),
           ...(slackInbound ? { slackInbound } : {}),
         },
         sourceChannel,

package/src/runtime/routes/inbound-stages/edit-intercept.ts

@@ -15,7 +15,6 @@
  * focused on orchestration.
  */
 import type { ChannelId } from "../../../channels/types.js";
-import { touchContactInteraction } from "../../../contacts/contacts-write.js";
 import {
   getMessageById,
   updateMessageContent,
@@ -65,7 +64,6 @@ export async function handleEditIntercept(
     canonicalAssistantId,
     assistantId,
     content,
-    channelId,
   } = params;
 
   // Dedup the edit event itself (retried edited_message webhooks)
@@ -84,12 +82,6 @@ export async function handleEditIntercept(
     });
   }
 
-  // Track contact interaction only for genuinely new edit events (not webhook
-  // retries), matching the pattern used for the normal message path.
-  if (channelId) {
-    touchContactInteraction(channelId);
-  }
-
   // Retry lookup a few times -- the original message may still be processing
   // (linkMessage hasn't been called yet). Short backoff avoids losing edits
   // that arrive while the original agent loop is in progress.

package/src/runtime/routes/inbound-stages/transcribe-audio.test.ts

@@ -7,7 +7,6 @@ import { SttError } from "../../../stt/types.js";
 // Mocks — must be set up before importing the module under test
 // ---------------------------------------------------------------------------
 
-let mockFeatureFlagEnabled = true;
 let mockAttachments: Array<{
   id: string;
   mimeType: string;
@@ -20,14 +19,6 @@ let mockAttachments: Array<{
 }> = [];
 let mockTranscriber: BatchTranscriber | null = null;
 
-mock.module("../../../config/assistant-feature-flags.js", () => ({
-  isAssistantFeatureFlagEnabled: () => mockFeatureFlagEnabled,
-}));
-
-mock.module("../../../config/loader.js", () => ({
-  getConfig: () => ({}),
-}));
-
 mock.module("../../../memory/attachments-store.js", () => ({
   getAttachmentsByIds: (ids: string[]) =>
     mockAttachments.filter((a) => ids.includes(a.id)),
@@ -115,7 +106,6 @@ function makeImageAttachment(id: string) {
 
 describe("tryTranscribeAudioAttachments", () => {
   beforeEach(() => {
-    mockFeatureFlagEnabled = true;
     mockAttachments = [];
     mockTranscriber = null;
   });
@@ -189,16 +179,6 @@ describe("tryTranscribeAudioAttachments", () => {
     );
   });
 
-  test("feature flag disabled returns disabled", async () => {
-    mockFeatureFlagEnabled = false;
-    const audio = makeAudioAttachment("a1");
-    mockAttachments = [audio];
-
-    const result = await tryTranscribeAudioAttachments(["a1"]);
-
-    expect(result).toEqual({ status: "disabled" });
-  });
-
   test("30-second timeout fires and returns error without blocking", async () => {
     const audio = makeAudioAttachment("a1");
     mockAttachments = [audio];

package/src/runtime/routes/inbound-stages/transcribe-audio.ts

@@ -2,22 +2,21 @@
  * Auto-transcribe audio attachments from channel inbound messages.
  *
  * Returns a discriminated result type so callers can handle each outcome
- * (transcribed, no audio, disabled, no provider, error) without exceptions.
+ * (transcribed, no audio, no provider, error) without exceptions.
  * Never throws — failures are represented as result variants so that message
  * delivery is never blocked by transcription issues.
  */
 
-import { isAssistantFeatureFlagEnabled } from "../../../config/assistant-feature-flags.js";
-import { getConfig } from "../../../config/loader.js";
-import { getAttachmentById, getAttachmentsByIds } from "../../../memory/attachments-store.js";
+import {
+  getAttachmentById,
+  getAttachmentsByIds,
+} from "../../../memory/attachments-store.js";
 import { resolveBatchTranscriber } from "../../../providers/speech-to-text/resolve.js";
 import { normalizeSttError } from "../../../stt/daemon-batch-transcriber.js";
 import { getLogger } from "../../../util/logger.js";
 
 const log = getLogger("transcribe-audio");
 
-const VOICE_TRANSCRIPTION_FLAG_KEY = "channel-voice-transcription" as const;
-
 /** Timeout for the entire transcription pipeline (all attachments). */
 const TRANSCRIPTION_TIMEOUT_MS = 30_000;
 
@@ -28,7 +27,6 @@ const TRANSCRIPTION_TIMEOUT_MS = 30_000;
 export type TranscribeResult =
   | { status: "transcribed"; text: string }
   | { status: "no_audio" }
-  | { status: "disabled" }
   | { status: "no_provider"; reason: string }
   | { status: "error"; reason: string };
 
@@ -40,12 +38,6 @@ export async function tryTranscribeAudioAttachments(
   attachmentIds: string[],
 ): Promise<TranscribeResult> {
   try {
-    // Check feature flag
-    const config = getConfig();
-    if (!isAssistantFeatureFlagEnabled(VOICE_TRANSCRIPTION_FLAG_KEY, config)) {
-      return { status: "disabled" };
-    }
-
     // Look up attachments and filter to audio MIME types
     const resolved = getAttachmentsByIds(attachmentIds);
     const audioAttachments = resolved.filter((a) =>

package/src/runtime/routes/index.ts

@@ -26,6 +26,8 @@ import { ROUTES as CHANNEL_READINESS_ROUTES } from "./channel-readiness-routes.j
 import { CHANNEL_ROUTES } from "./channel-route-definitions.js";
 import { ROUTES as CHANNEL_VERIFICATION_ROUTES } from "./channel-verification-routes.js";
 import { ROUTES as CLIENT_ROUTES } from "./client-routes.js";
+import { ROUTES as CONSOLIDATION_ROUTES } from "./consolidation-routes.js";
+import { CONTACT_PROMPT_ROUTES } from "./contact-prompt-routes.js";
 import { ROUTES as CONTACT_ROUTES } from "./contact-routes.js";
 import { ROUTES as CONVERSATION_ANALYSIS_ROUTES } from "./conversation-analysis-routes.js";
 import { ROUTES as CONVERSATION_ATTENTION_ROUTES } from "./conversation-attention-routes.js";
@@ -41,12 +43,14 @@ import { ROUTES as DIAGNOSTICS_ROUTES } from "./diagnostics-routes.js";
 import { ROUTES as DOCUMENT_ROUTES } from "./documents-routes.js";
 import { ROUTES as EVENTS_ROUTES } from "./events-routes.js";
 import { ROUTES as FILING_ROUTES } from "./filing-routes.js";
+import { ROUTES as GATEWAY_LOG_ROUTES } from "./gateway-log-routes.js";
 import { ROUTES as GLOBAL_SEARCH_ROUTES } from "./global-search-routes.js";
 import { ROUTES as GROUP_ROUTES } from "./group-routes.js";
 import { ROUTES as GUARDIAN_ACTION_ROUTES } from "./guardian-action-routes.js";
 import { ROUTES as HEARTBEAT_ROUTES } from "./heartbeat-routes.js";
 import { ROUTES as HOME_FEED_ROUTES } from "./home-feed-routes.js";
 import { ROUTES as HOME_STATE_ROUTES } from "./home-state-routes.js";
+import { ROUTES as HOST_APP_CONTROL_ROUTES } from "./host-app-control-routes.js";
 import { ROUTES as HOST_BASH_ROUTES } from "./host-bash-routes.js";
 import { ROUTES as HOST_BROWSER_ROUTES } from "./host-browser-routes.js";
 import { ROUTES as HOST_CU_ROUTES } from "./host-cu-routes.js";
@@ -61,7 +65,9 @@ import { ROUTES as VERCEL_ROUTES } from "./integrations/vercel.js";
 import { ROUTES as INTERFACE_ROUTES } from "./interface-routes.js";
 import { ROUTES as INTERNAL_OAUTH_ROUTES } from "./internal-oauth-routes.js";
 import { ROUTES as INTERNAL_TWILIO_ROUTES } from "./internal-twilio-routes.js";
+import { ROUTES as LLM_CALL_SITES_ROUTES } from "./llm-call-sites-routes.js";
 import { ROUTES as LOG_EXPORT_ROUTES } from "./log-export-routes.js";
+import { ROUTES as MCP_AUTH_ROUTES } from "./mcp-auth-routes.js";
 import { ROUTES as MEMORY_ITEM_ROUTES } from "./memory-item-routes.js";
 import { ROUTES as MEMORY_V2_ROUTES } from "./memory-v2-routes.js";
 import { ROUTES as MIGRATION_ROLLBACK_ROUTES } from "./migration-rollback-routes.js";
@@ -119,12 +125,14 @@ export const ROUTES: RouteDefinition[] = [
   ...BTW_ROUTES,
   ...BRAIN_GRAPH_ROUTES,
   ...CLIENT_ROUTES,
+  ...CONTACT_PROMPT_ROUTES,
   ...CONTACT_ROUTES,
   ...CONVERSATION_ANALYSIS_ROUTES,
   ...CONVERSATION_ATTENTION_ROUTES,
   ...CONVERSATION_LIST_ROUTES,
   ...CONVERSATION_MANAGEMENT_ROUTES,
   ...CONVERSATION_MESSAGE_ROUTES,
+  ...CONSOLIDATION_ROUTES,
   ...CREDENTIAL_PROMPT_ROUTES,
   ...DEFER_ROUTES,
   ...CONVERSATION_QUERY_ROUTES,
@@ -134,12 +142,14 @@ export const ROUTES: RouteDefinition[] = [
   ...DOCUMENT_ROUTES,
   ...EVENTS_ROUTES,
   ...FILING_ROUTES,
+  ...GATEWAY_LOG_ROUTES,
   ...GLOBAL_SEARCH_ROUTES,
   ...GROUP_ROUTES,
   ...GUARDIAN_ACTION_ROUTES,
   ...HEARTBEAT_ROUTES,
   ...HOME_FEED_ROUTES,
   ...HOME_STATE_ROUTES,
+  ...HOST_APP_CONTROL_ROUTES,
   ...HOST_BASH_ROUTES,
   ...HOST_BROWSER_ROUTES,
   ...HOST_CU_ROUTES,
@@ -148,8 +158,10 @@ export const ROUTES: RouteDefinition[] = [
   ...IDENTITY_ROUTES,
   ...INTERFACE_ROUTES,
   ...INTERNAL_OAUTH_ROUTES,
+  ...MCP_AUTH_ROUTES,
   ...INTERNAL_TWILIO_ROUTES,
   ...LOG_EXPORT_ROUTES,
+  ...LLM_CALL_SITES_ROUTES,
   ...MEMORY_ITEM_ROUTES,
   ...MEMORY_V2_ROUTES,
   ...MIGRATION_ROLLBACK_ROUTES,

package/src/runtime/routes/integrations/slack/channel.ts

@@ -4,7 +4,6 @@
  * GET    /v1/integrations/slack/channel/config        — get current config status
  * POST   /v1/integrations/slack/channel/config        — validate and store credentials
  * DELETE /v1/integrations/slack/channel/config        — clear credentials
- * POST   /v1/integrations/slack/channel/oauth-install — run OAuth loopback to capture bot+user tokens
  */
 
 import {
@@ -12,7 +11,6 @@ import {
   getSlackChannelConfig,
   setSlackChannelConfig,
 } from "../../../../daemon/handlers/config-slack-channel.js";
-import { runSlackChannelOAuthInstall } from "../../../../daemon/handlers/slack-channel-oauth-install.js";
 import { BadRequestError } from "../../errors.js";
 import type { RouteDefinition, RouteHandlerArgs } from "../../types.js";
 
@@ -45,17 +43,6 @@ async function handleClearSlackChannelConfig() {
   return clearSlackChannelConfig();
 }
 
-async function handleSlackChannelOAuthInstall() {
-  const result = await runSlackChannelOAuthInstall();
-  if (!result.success) {
-    throw new BadRequestError(
-      (result as { error?: string }).error ??
-        "Slack OAuth install failed",
-    );
-  }
-  return result;
-}
-
 // ---------------------------------------------------------------------------
 // Route definitions
 // ---------------------------------------------------------------------------
@@ -91,15 +78,4 @@ export const ROUTES: RouteDefinition[] = [
     requirePolicyEnforcement: true,
     handler: () => handleClearSlackChannelConfig(),
   },
-  {
-    operationId: "integrations_slack_channel_oauth_install_post",
-    endpoint: "integrations/slack/channel/oauth-install",
-    method: "POST",
-    summary: "Run Slack OAuth install",
-    description:
-      "Run an OAuth2 loopback flow to install the Slack app and capture bot + user tokens.",
-    tags: ["integrations"],
-    requirePolicyEnforcement: true,
-    handler: () => handleSlackChannelOAuthInstall(),
-  },
 ];

package/src/runtime/routes/llm-call-sites-routes.ts

@@ -0,0 +1,22 @@
+import { CALL_SITE_CATALOG, CALL_SITE_DOMAINS } from "../../config/schemas/call-site-catalog.js";
+import type { RouteDefinition } from "./types.js";
+
+async function handleGetCallSites() {
+  return {
+    domains: CALL_SITE_DOMAINS,
+    callSites: CALL_SITE_CATALOG,
+  };
+}
+
+export const ROUTES: RouteDefinition[] = [
+  {
+    operationId: "llm_call_sites_list",
+    method: "GET",
+    endpoint: "config/llm/call-sites",
+    handler: handleGetCallSites,
+    summary: "List LLM call sites",
+    description:
+      "Returns the full catalog of LLM call sites with display names, descriptions, and domain groupings. Used by clients to render the per-call-site override settings UI.",
+    tags: ["config"],
+  },
+];

package/src/runtime/routes/mcp-auth-routes.ts

@@ -0,0 +1,132 @@
+/**
+ * Internal routes for daemon-owned MCP OAuth flows.
+ *
+ * POST internal/mcp/auth/start   — kicks off the OAuth flow in the daemon
+ *                                  and returns the authorization URL
+ * GET  internal/mcp/auth/status/:serverId — polls current flow status
+ */
+
+import { z } from "zod";
+
+import { loadRawConfig } from "../../config/loader.js";
+import type { McpConfig } from "../../config/schemas/mcp.js";
+import { reloadMcpServers } from "../../daemon/mcp-reload-service.js";
+import { orchestrateMcpOAuthConnect } from "../../mcp/mcp-auth-orchestrator.js";
+import { getMcpAuthState } from "../../mcp/mcp-auth-state.js";
+import { getLogger } from "../../util/logger.js";
+import { BadRequestError, InternalError, NotFoundError } from "./errors.js";
+import type { RouteDefinition } from "./types.js";
+
+const log = getLogger("mcp-auth-routes");
+
+async function handleMcpAuthStart({
+  body,
+}: {
+  body?: Record<string, unknown>;
+}): Promise<{ auth_url: string; state: string; already_authenticated?: boolean }> {
+  const { serverId } = body as { serverId: string };
+
+  const raw = loadRawConfig();
+  const servers =
+    (raw.mcp as Partial<McpConfig> | undefined)?.servers ?? {};
+  const serverConfig = servers[serverId];
+
+  if (!serverConfig) {
+    throw new BadRequestError(`MCP server "${serverId}" not configured`);
+  }
+
+  const transport = serverConfig.transport;
+  if (transport.type !== "sse" && transport.type !== "streamable-http") {
+    throw new BadRequestError(
+      `OAuth only supported for sse/streamable-http transports (server "${serverId}" uses ${transport.type})`,
+    );
+  }
+
+  let result: { auth_url: string; already_authenticated?: boolean };
+  try {
+    result = await orchestrateMcpOAuthConnect({
+      serverId,
+      transport: {
+        url: transport.url,
+        type: transport.type,
+        headers: transport.headers,
+      },
+    });
+  } catch (err) {
+    throw new InternalError(err instanceof Error ? err.message : String(err));
+  }
+
+  return { auth_url: result.auth_url, state: serverId, already_authenticated: result.already_authenticated };
+}
+
+function handleMcpAuthStatus({
+  pathParams,
+}: {
+  pathParams?: Record<string, string>;
+}):
+  | { status: "pending"; auth_url: string }
+  | { status: "complete" }
+  | { status: "error"; error: string } {
+  const { serverId } = pathParams as { serverId: string };
+  const state = getMcpAuthState(serverId);
+
+  if (state === null) {
+    throw new NotFoundError(`No active OAuth flow for server "${serverId}"`);
+  }
+
+  if (state.status === "pending") return { status: "pending", auth_url: state.authUrl };
+  if (state.status === "complete") return { status: "complete" };
+  return { status: "error", error: state.error };
+}
+
+function handleMcpReload(_args: {
+  body?: Record<string, unknown>;
+}): { ok: true } {
+  // Fire-and-forget: reloadMcpServers() has its own reloadInProgress mutex,
+  // so concurrent calls coalesce.
+  void reloadMcpServers().catch((err) => {
+    log.warn(
+      { err: err instanceof Error ? err.message : String(err) },
+      "internal_mcp_reload background reload failed",
+    );
+  });
+  return { ok: true };
+}
+
+export const ROUTES: RouteDefinition[] = [
+  {
+    operationId: "internal_mcp_auth_start",
+    endpoint: "internal/mcp/auth/start",
+    method: "POST",
+    summary: "Start MCP OAuth flow",
+    description:
+      "Starts a daemon-owned MCP OAuth flow and returns the authorization URL for the CLI to open in the browser.",
+    tags: ["internal"],
+    requestBody: z.object({ serverId: z.string() }),
+    handler: handleMcpAuthStart,
+  },
+  {
+    operationId: "internal_mcp_auth_status",
+    endpoint: "internal/mcp/auth/status/:serverId",
+    method: "GET",
+    summary: "Poll MCP OAuth flow status",
+    description:
+      "Returns the current status of an in-flight MCP OAuth flow (pending/complete/error).",
+    tags: ["internal"],
+    pathParams: [{ name: "serverId" }],
+    additionalResponses: {
+      "404": { description: "No active OAuth flow for the given serverId" },
+    },
+    handler: handleMcpAuthStatus,
+  },
+  {
+    operationId: "internal_mcp_reload",
+    endpoint: "internal/mcp/reload",
+    method: "POST",
+    summary: "Trigger MCP server reload",
+    description:
+      "Kicks off reloadMcpServers() async on the daemon. Returns immediately.",
+    tags: ["internal"],
+    handler: handleMcpReload,
+  },
+];