open-edison 0.1.44__py3-none-any.whl → 0.1.64__py3-none-any.whl

{open_edison-0.1.44.dist-info → open_edison-0.1.64.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: open-edison
-Version: 0.1.44
+Version: 0.1.64
 Summary: Open-source MCP security, aggregation, and monitoring. Single-user, self-hosted MCP proxy.
 Author-email: Hugo Berg <hugo@edison.watch>
 License-File: LICENSE
@@ -72,13 +72,7 @@ curl -fsSL https://raw.githubusercontent.com/Edison-Watch/open-edison/main/curl_
 ```
 
 Run locally with uvx: `uvx open-edison`
-
-Optionally, run the setup wizard to import/configure MCP:
-
-```bash
-uv run python -m src.setup_tui.main
-# add --dry-run to preview without writing
-```
+That will run the setup wizard if necessary.
 
 <details>
 <summary>⬇️ Install Node.js/npm (optional for MCP tools)</summary>
@@ -129,19 +123,6 @@ OPEN_EDISON_CONFIG_DIR=~/edison-config open-edison run
 
 </details>
 
-<details>
-<summary>🔄 Import from Cursor/VS Code/Claude Code</summary>
-
-Run the interactive setup wizard to detect clients, import servers, and configure your editor:
-
-```bash
-uv run python -m src.setup_tui.main
-```
-
-Use `--dry-run` to preview without writing.
-
-</details>
-
 <details>
 <summary><img src="https://img.shields.io/badge/Docker-2CA5E0?style=for-the-badge&logo=docker&logoColor=white" alt="Docker"> Run with Docker</summary>
 

open_edison-0.1.64.dist-info/RECORD

@@ -0,0 +1,40 @@
+src/__init__.py,sha256=bEYMwBiuW9jzF07iWhas4Vb30EcpnqfpNfz_Q6yO1jU,209
+src/__main__.py,sha256=kQsaVyzRa_ESC57JpKDSQJAHExuXme0rM5beJsYxFeA,161
+src/cli.py,sha256=PH2qPLma0PO1L75OSK06IdPy8RB5gTBp2R1HkacCQ0Q,4736
+src/config.py,sha256=oO89omLCLoPfEGH6j4WSHQgZbhJZnYou-qdxY54VfDo,11037
+src/config.pyi,sha256=FgehEGli8ZXSjGlANBgMGv5497q4XskQciOc1fUcxqM,2033
+src/events.py,sha256=aFQrVXDIZwt55Dz6OtyoXu2yi9evqo-8jZzo3CR2Tto,4965
+src/oauth_manager.py,sha256=MJ1gHVKiu-pMbskSCxRlZ6xP4wJOr-ELydOdgdUBKKw,9969
+src/oauth_override.py,sha256=C7QS8sPA6JqJDiNZA0FGeXcB7jU-yYu-k8V56QVpsqU,393
+src/permissions.py,sha256=dERB8s40gDInsbXtu0pJYDDuZ3_kD8rxXyYYTfrG3qs,11621
+src/server.py,sha256=WseZks-r07tq7UGX0XFc0OUEzUrB9MGfDiHeYHa3NEE,46593
+src/single_user_mcp.py,sha256=2xQgrxqulTD_1HySoMNZD5AoADJS5pz41Gn-tEFgBHI,18760
+src/telemetry.py,sha256=-RZPIjpI53zbsKmp-63REeZ1JirWHV5WvpSRa2nqZEk,11321
+src/vulture_whitelist.py,sha256=CjBOSsarbzbQt_9ATWc8MbruBsYX3hJVa_ysbRD9ZYM,135
+src/frontend_dist/index.html,sha256=s95FMkH8VLisvawLH7bZxbLzRUFvMhHkH6ZMzpVBngs,673
+src/frontend_dist/sw.js,sha256=rihX1es-vWwjmtnXyaksJjs2dio6MVAOTAWwQPeJUYw,2164
+src/frontend_dist/assets/index-BUUcUfTt.js,sha256=awoyPI6u0v6ao2iarZdSkrSDUvyU8aNkMLqHMvgVgyY,257666
+src/frontend_dist/assets/index-o6_8mdM8.css,sha256=nwmX_6q55mB9463XN2JM8BdeihjkALpQK83Fc3_iGvE,15936
+src/mcp_importer/__init__.py,sha256=Mk59pVr7OMGfYGWeSYk8-URfhIcrs3SPLYS7fmJbMII,275
+src/mcp_importer/__main__.py,sha256=mFcxXFqJMC0SFEqIP-9WVEqLJSYqShC0x1Ht7PQZPm8,479
+src/mcp_importer/api.py,sha256=N5oVaTj3OMIROLx__UOSr60VMqXXX20JsOHmeHIGP48,17431
+src/mcp_importer/cli.py,sha256=Pe0GLWm1nMd1VuNXOSkxIrFZuGNFc9dNvfBsvf-bdBI,3487
+src/mcp_importer/export_cli.py,sha256=Fw0jDQCI8gGW4BDrJLzWjLUtV4q6v0h2QZ7HF1V2Jcg,6279
+src/mcp_importer/exporters.py,sha256=fSgl6seduoXFp7YnKH26UEaC1sFBnd4whSut7CJLBQs,11348
+src/mcp_importer/import_api.py,sha256=wD5yqxWwFfn1MQNKE79rEeyZODdmPgUDhsRYdCJYh4Q,59
+src/mcp_importer/importers.py,sha256=zGN8lT7qQJ95jDTd-ck09j_w5PSvH-uj33TILoHfHbs,2191
+src/mcp_importer/merge.py,sha256=KIGT7UgbAm07-LdyoUXEJ7ABSIiPTFlj_qjz669yFxg,1569
+src/mcp_importer/parsers.py,sha256=MDhzODsvX5t1U_CI8byBxCpx6rA4WkpqX4bJMiNE74s,6298
+src/mcp_importer/paths.py,sha256=4L-cPr7KCM9X9gAUP7Da6ictLNrPWuQ_IM419zqY-2I,2700
+src/mcp_importer/quick_cli.py,sha256=Vv2vjNzpSOaic0YHFbPAuX0nZByawS2kDw6KiCtEX3A,1798
+src/mcp_importer/types.py,sha256=nSaOLGqpCmA3R14QCO6wrpgX75VaLz9HfslUWzw_GPQ,102
+src/middleware/data_access_tracker.py,sha256=bArBffWgYmvxOx9z_pgXQhogvnWQcc1m6WvEblDD4gw,15039
+src/middleware/session_tracking.py,sha256=5W1VH9HNqIZeX0HNxDEm41U4GY6SqKSXtApDEeZK2qo,23084
+src/setup_tui/__init__.py,sha256=mDFrQoiOtQOHc0sFfGKrNXVLEDeB1S0O5aISBVzfxYo,184
+src/setup_tui/main.py,sha256=BM6t8YzWOSn2hDzVhp_nOol93NoHf6fiP4uFLOpx-BQ,11082
+src/tools/io.py,sha256=hhc4pv3eUzYWSZ7BbThclxSMwWBQaGMoGsItIPf_pco,1047
+open_edison-0.1.64.dist-info/METADATA,sha256=1X57SDfaooRExNvcCN-vHr1HH1QzbrVLWhJaNIaIEDI,11993
+open_edison-0.1.64.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+open_edison-0.1.64.dist-info/entry_points.txt,sha256=YiGNm9x2I00hgT10HDyB4gxC1LcaV_mu8bXFjolu0Yw,171
+open_edison-0.1.64.dist-info/licenses/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
+open_edison-0.1.64.dist-info/RECORD,,

src/cli.py

@@ -7,8 +7,6 @@ Provides `open-edison` executable when installed via pip/uvx/pipx.
 import argparse
 import asyncio
 import os
-import subprocess as _subprocess
-from contextlib import suppress
 from pathlib import Path
 from typing import Any, NoReturn
 
@@ -17,6 +15,7 @@ from loguru import logger as _log  # type: ignore[reportMissingImports]
 from src.config import Config, get_config_dir, get_config_json_path
 from src.mcp_importer.cli import run_cli
 from src.server import OpenEdisonProxy
+from src.setup_tui.main import run_import_tui
 
 log: Any = _log
 
@@ -37,6 +36,22 @@ def _parse_args(argv: list[str] | None = None) -> argparse.Namespace:
     parser.add_argument(
         "--port", type=int, help="Server port override (FastMCP on port, FastAPI on port+1)"
     )
+    # For the setup wizard
+    parser.add_argument(
+        "--wizard-dry-run",
+        action="store_true",
+        help="(For the setup wizard) Show changes without writing to config.json",
+    )
+    parser.add_argument(
+        "--wizard-skip-oauth",
+        action="store_true",
+        help="(For the setup wizard) Skip OAuth for remote servers (they will be omitted from import)",
+    )
+    parser.add_argument(
+        "--wizard-force",
+        action="store_true",
+        help="(For the setup wizard) Force running the setup wizard even if it has already been run",
+    )
     # Website runs from packaged assets by default; no extra website flags
 
     # Subcommands (extensible)
@@ -88,89 +103,7 @@ def _parse_args(argv: list[str] | None = None) -> argparse.Namespace:
     return parser.parse_args(argv)
 
 
-def _spawn_frontend_dev(  # noqa: C901 - pragmatic complexity for env probing
-    port: int,
-    override_dir: Path | None = None,
-    config_dir: Path | None = None,
-) -> tuple[int, _subprocess.Popen[bytes] | None]:
-    """Try to start the frontend dev server by running `npm run dev`.
-
-    Search order for working directory:
-    1) Packaged project path: <pkg_root>/frontend
-    2) Current working directory (if it contains a package.json)
-    """
-    candidates: list[Path] = []
-    # Prefer packaged static assets; if present, the backend serves /dashboard
-    static_candidates = [
-        Path(__file__).parent / "frontend_dist",  # inside package dir
-        Path(__file__).parent.parent / "frontend_dist",  # site-packages root
-    ]
-    static_dir = next((p for p in static_candidates if p.exists() and p.is_dir()), None)
-    if static_dir is not None:
-        log.info(
-            f"Packaged dashboard detected at {static_dir}. It will be served at /dashboard by the API server."
-        )
-        # No separate website process needed. Return sentinel port (-1) so caller knows not to warn.
-        return (-1, None)
-
-    if static_dir is None:
-        raise RuntimeError(
-            "No packaged dashboard detected. The website will be served from the frontend directory."
-        )
-
-    pkg_frontend_candidates = [
-        Path(__file__).parent / "frontend",  # inside package dir
-        Path(__file__).parent.parent / "frontend",  # site-packages root
-    ]
-    if override_dir is not None:
-        candidates.append(override_dir)
-    for pf in pkg_frontend_candidates:
-        if pf.exists():
-            candidates.append(pf)
-    if config_dir is not None and (config_dir / "package.json").exists():
-        candidates.append(config_dir)
-    cwd_pkg = Path.cwd()
-    if (cwd_pkg / "package.json").exists():
-        candidates.append(cwd_pkg)
-
-    if not candidates:
-        log.warning(
-            "No frontend directory found (no packaged frontend and no package.json in CWD). Skipping website."
-        )
-        return (port, None)
-
-    for candidate in candidates:
-        try:
-            # If no package.json but directory exists, try a basic npm i per user request
-            if not (candidate / "package.json").exists():
-                log.info(f"No package.json in {candidate}. Running 'npm i' as best effort...")
-                _ = _subprocess.call(["npm", "i"], cwd=str(candidate))
-
-            # Install deps if needed
-            if (
-                not (candidate / "node_modules").exists()
-                and (candidate / "package-lock.json").exists()
-            ):
-                log.info(f"Installing frontend dependencies with npm ci in {candidate}...")
-                r_install = _subprocess.call(["npm", "ci"], cwd=str(candidate))
-                if r_install != 0:
-                    log.error("Failed to install frontend dependencies")
-                    continue
-
-            log.info(f"Starting frontend dev server in {candidate} on port {port}...")
-            cmd_default = ["npm", "run", "dev", "--", "--port", str(port)]
-            proc = _subprocess.Popen(cmd_default, cwd=str(candidate))
-            return (port, proc)
-        except FileNotFoundError:
-            log.error("npm not found. Please install Node.js to run the website dev server.")
-            return (port, None)
-
-    # If all candidates failed
-    return (port, None)
-
-
 async def _run_server(args: Any) -> None:
-    # TODO check this works as we want it to
     # Resolve config dir and expose via env for the rest of the app
     config_dir_arg = getattr(args, "config_dir", None)
     if config_dir_arg is not None:
@@ -186,44 +119,27 @@ async def _run_server(args: Any) -> None:
     log.info(f"Using config directory: {config_dir}")
     proxy = OpenEdisonProxy(host=host, port=port)
 
-    # Website served from packaged assets by default; still detect and log
-    frontend_proc = None
-    used_port, frontend_proc = _spawn_frontend_dev(5173, None, config_dir)
-    if frontend_proc is None and used_port == -1:
-        log.info("Frontend is being served from packaged assets at /dashboard")
-
     try:
         await proxy.start()
-        _ = await asyncio.Event().wait()
     except KeyboardInterrupt:
         log.info("Received shutdown signal")
-    finally:
-        if frontend_proc is not None:
-            with suppress(Exception):
-                frontend_proc.terminate()
-                _ = frontend_proc.wait(timeout=5)
-            with suppress(Exception):
-                frontend_proc.kill()
-
-
-def _run_website(port: int, website_dir: Path | None = None) -> int:
-    # Use the same spawning logic, then return 0 if started or 1 if failed
-    _, proc = _spawn_frontend_dev(port, website_dir)
-    return 0 if proc is not None else 1
 
 
 def main(argv: list[str] | None = None) -> NoReturn:  # noqa: C901
     args = _parse_args(argv)
 
-    if getattr(args, "command", None) == "website":
-        exit_code = _run_website(port=args.port, website_dir=getattr(args, "dir", None))
-        raise SystemExit(exit_code)
+    if args.command is None:
+        args.command = "run"
 
-    if getattr(args, "command", None) == "import-mcp":
+    if args.command == "import-mcp":
         result_code = run_cli(argv)
         raise SystemExit(result_code)
 
-    # default: run server (top-level flags)
+    # Run import tui if necessary
+    tui_success = run_import_tui(args, force=args.wizard_force)
+    if not tui_success:
+        raise SystemExit(1)
+
     try:
         asyncio.run(_run_server(args))
         raise SystemExit(0)

src/config.py

@@ -108,12 +108,21 @@ class MCPServerConfig:
         Remote servers use mcp-remote with HTTPS URLs and may require OAuth.
         Local servers run as child processes and don't need OAuth.
         """
-        return (
-            self.command == "npx"
-            and len(self.args) >= 3
-            and self.args[1] == "mcp-remote"
-            and self.args[2].startswith("https://")
-        )
+        if self.command != "npx":
+            return False
+
+        # Be tolerant of npx flags by scanning for 'mcp-remote' and the subsequent HTTPS URL
+        try:
+            if "mcp-remote" not in self.args:
+                return False
+            idx: int = self.args.index("mcp-remote")
+            # Look for first https?:// argument after 'mcp-remote'
+            for candidate in self.args[idx + 1 :]:
+                if candidate.startswith(("https://", "http://")):
+                    return candidate.startswith("https://")
+            return False
+        except Exception:
+            return False
 
     def get_remote_url(self) -> str | None:
         """
@@ -122,9 +131,17 @@ class MCPServerConfig:
         Returns:
             The HTTPS URL if this is a remote server, None otherwise
         """
-        if self.is_remote_server():
-            return self.args[2]
-        return None
+        # Reuse the same tolerant parsing as is_remote_server
+        if self.command != "npx" or "mcp-remote" not in self.args:
+            return None
+        try:
+            idx: int = self.args.index("mcp-remote")
+            for candidate in self.args[idx + 1 :]:
+                if candidate.startswith(("https://", "http://")):
+                    return candidate
+            return None
+        except Exception:
+            return None
 
 
 @dataclass

src/mcp_importer/__main__.py

@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 import sys
 
 from src.mcp_importer.cli import run_cli as import_run_cli

src/mcp_importer/api.py

@@ -1,12 +1,15 @@
 # pyright: reportMissingImports=false, reportUnknownVariableType=false, reportUnknownMemberType=false, reportUnknownArgumentType=false, reportUnknownParameterType=false
 import asyncio
-from collections.abc import Awaitable
+import contextlib
 from enum import Enum
 from pathlib import Path
 from typing import Any
 
+import questionary
+from fastmcp import Client as FastMCPClient
 from fastmcp import FastMCP
-from loguru import logger as log
+from fastmcp.client.auth.oauth import FileTokenStorage
+from loguru import logger as log  # kept for non-TUI contexts; printing used in TUI flows
 
 from src.config import Config, MCPServerConfig, get_config_json_path
 from src.mcp_importer import paths as _paths
@@ -23,6 +26,8 @@ from src.mcp_importer.importers import (
 )
 from src.mcp_importer.merge import MergePolicy, merge_servers
 from src.oauth_manager import OAuthStatus, get_oauth_manager
+from src.oauth_override import OpenEdisonOAuth
+from src.tools.io import suppress_fds
 
 
 class CLIENT(str, Enum):
@@ -133,12 +138,140 @@ def export_edison_to(
 def verify_mcp_server(server: MCPServerConfig) -> bool:  # noqa
     """Minimal validation: try listing tools/resources/prompts via FastMCP within a timeout."""
 
-    async def _verify_async() -> bool:
+    async def _verify_async() -> bool:  # noqa: C901
         if not server.command.strip():
             return False
+        oauth_info = None
 
-        # Inline backend config and capability listing (no extra helpers)
-        backend_cfg: dict[str, Any] = {
+        # If this is a remote server, consult OAuth requirement first. Only skip
+        # verification when OAuth is actually required and no tokens are present.
+        if server.is_remote_server():
+            remote_url: str | None = server.get_remote_url()
+            if remote_url:
+                oauth_info = await get_oauth_manager().check_oauth_requirement(
+                    server.name, remote_url
+                )
+                if oauth_info.status != OAuthStatus.NOT_REQUIRED:
+                    # Token presence check
+                    storage = FileTokenStorage(
+                        server_url=remote_url, cache_dir=get_oauth_manager().cache_dir
+                    )
+                    tokens = await storage.get_tokens()
+                    no_tokens: bool = not tokens or (
+                        not getattr(tokens, "access_token", None)
+                        and not getattr(tokens, "refresh_token", None)
+                    )
+                    # Detect if inline headers are present in args (translated from config)
+                    has_inline_headers: bool = any(
+                        (a == "--header" or a.startswith("--header")) for a in server.args
+                    )
+                    if (
+                        oauth_info.status == OAuthStatus.NEEDS_AUTH
+                        and no_tokens
+                        and not has_inline_headers
+                    ):
+                        questionary.print(
+                            f"Skipping verification for remote server '{server.name}' pending OAuth",
+                            style="bold fg:ansiyellow",
+                        )
+                        return True
+
+        # Remote servers
+        if server.is_remote_server():
+            connection_timeout = 10.0
+            remote_url = server.get_remote_url()
+            if remote_url:
+                # If inline headers are specified (e.g., API key), verify via proxy to honor headers
+                has_inline_headers_remote: bool = any(
+                    (a == "--header" or a.startswith("--header")) for a in server.args
+                )
+                if has_inline_headers_remote:
+                    backend_cfg_remote: dict[str, Any] = {
+                        "mcpServers": {
+                            server.name: {
+                                "command": server.command,
+                                "args": server.args,
+                                "env": server.env or {},
+                                **({"roots": server.roots} if server.roots else {}),
+                            }
+                        }
+                    }
+                    proxy_remote: FastMCP[Any] | None = None
+                    host_remote: FastMCP[Any] | None = None
+                    try:
+                        # TODO: In debug mode, do not suppress child process output.
+                        with suppress_fds(suppress_stdout=True, suppress_stderr=True):
+                            proxy_remote = FastMCP.as_proxy(backend_cfg_remote)
+                            host_remote = FastMCP(name=f"open-edison-verify-host-{server.name}")
+                            host_remote.mount(proxy_remote, prefix=server.name)
+
+                            async def _list_tools_only() -> Any:
+                                return await host_remote._tool_manager.list_tools()  # type: ignore[attr-defined]
+
+                            await asyncio.wait_for(_list_tools_only(), timeout=10.0)
+                        return True
+                    except Exception as e:
+                        log.error(
+                            "MCP remote (headers) verification failed for '{}': {}", server.name, e
+                        )
+                        return False
+                    finally:
+                        for obj in (host_remote, proxy_remote):
+                            if isinstance(obj, FastMCP):
+                                with contextlib.suppress(Exception):
+                                    result = obj.shutdown()  # type: ignore[attr-defined]
+                                    await asyncio.wait_for(result, timeout=2.0)  # type: ignore[func-returns-value]
+                # Otherwise, avoid triggering OAuth flows during verification
+                ping_succeeded = False
+                try:
+                    if oauth_info is None:
+                        oauth_info = await get_oauth_manager().check_oauth_requirement(
+                            server.name, remote_url
+                        )
+                    # If OAuth is needed or we are already authenticated, don't initiate browser flows here
+                    if oauth_info.status in (OAuthStatus.NEEDS_AUTH, OAuthStatus.AUTHENTICATED):
+                        return True
+                    # NOT_REQUIRED: quick unauthenticated ping
+                    # TODO: In debug mode, do not suppress child process output.
+                    questionary.print(
+                        f"Testing connection to '{server.name}'... (timeout: {connection_timeout}s)",
+                        style="bold fg:ansigreen",
+                    )
+                    log.debug(f"Establishing contact with remote server '{server.name}'")
+                    async with asyncio.timeout(connection_timeout):
+                        async with FastMCPClient(
+                            remote_url,
+                            auth=None,
+                            timeout=connection_timeout,
+                            init_timeout=connection_timeout,
+                        ) as client:
+                            log.debug(f"Connection established to '{server.name}'; pinging...")
+                            with suppress_fds(suppress_stdout=True, suppress_stderr=True):
+                                await asyncio.wait_for(fut=client.ping(), timeout=1.0)
+                            log.info(f"Ping received from '{server.name}'; shutting down client")
+                            ping_succeeded = True
+                        log.debug(f"Client '{server.name}' shut down")
+                    return ping_succeeded
+                except TimeoutError:
+                    if ping_succeeded:
+                        questionary.print(
+                            f"Ping received from '{server.name}' but shutdown timed out (treating as success)",
+                            style="bold fg:ansiyellow",
+                        )
+                    else:
+                        questionary.print(
+                            f"Verification timed out (> {connection_timeout}s) for '{server.name}'",
+                            style="bold fg:ansired",
+                        )
+                    return ping_succeeded
+                except Exception as e:  # noqa: BLE001
+                    questionary.print(
+                        f"Verification failed for '{server.name}': {e}", style="bold fg:ansired"
+                    )
+                    return False
+
+        # Local/stdio servers: mount via proxy and perform a single light operation (tools only)
+        backend_cfg_local: dict[str, Any] = {
             "mcpServers": {
                 server.name: {
                     "command": server.command,
@@ -149,56 +282,133 @@ def verify_mcp_server(server: MCPServerConfig) -> bool:  # noqa
             }
         }
 
-        proxy: FastMCP[Any] | None = None
-        host: FastMCP[Any] | None = None
+        proxy_local: FastMCP[Any] | None = None
+        host_local: FastMCP[Any] | None = None
         try:
-            proxy = FastMCP.as_proxy(backend_cfg)
-            host = FastMCP(name=f"open-edison-verify-host-{server.name}")
-            host.mount(proxy, prefix=server.name)
-
-            async def _call_list(kind: str) -> Any:
-                manager_name = {
-                    "tools": "_tool_manager",
-                    "resources": "_resource_manager",
-                    "prompts": "_prompt_manager",
-                }[kind]
-                manager = getattr(host, manager_name)
-                return await getattr(manager, f"list_{kind}")()
-
-            await asyncio.wait_for(
-                asyncio.gather(
-                    _call_list("tools"),
-                    _call_list("resources"),
-                    _call_list("prompts"),
-                ),
-                timeout=30.0,
-            )
+            # TODO: In debug mode, do not suppress child process output.
+            log.info("Checking properties of '{}'...", server.name)
+            with suppress_fds(suppress_stdout=True, suppress_stderr=True):
+                proxy_local = FastMCP.as_proxy(backend_cfg_local)
+                host_local = FastMCP(name=f"open-edison-verify-host-{server.name}")
+                host_local.mount(proxy_local, prefix=server.name)
+            log.info("MCP properties check succeeded for '{}'", server.name)
+
+            async def _list_tools_only() -> Any:
+                return await host_local._tool_manager.list_tools()  # type: ignore[attr-defined]
+
+            await asyncio.wait_for(_list_tools_only(), timeout=30.0)
             return True
         except Exception as e:
-            log.error("MCP verification failed for '{}': {}", server.name, e)
+            questionary.print(
+                f"Verification failed for '{server.name}': {e}", style="bold fg:ansired"
+            )
             return False
         finally:
-            try:
-                for obj in (host, proxy):
-                    if isinstance(obj, FastMCP):
+            for obj in (host_local, proxy_local):
+                if isinstance(obj, FastMCP):
+                    with contextlib.suppress(Exception):
                         result = obj.shutdown()  # type: ignore[attr-defined]
-                        if isinstance(result, Awaitable):
-                            await result  # type: ignore[func-returns-value]
-            except Exception:
-                pass
+                        await asyncio.wait_for(result, timeout=2.0)  # type: ignore[func-returns-value]
 
     return asyncio.run(_verify_async())
 
 
-def server_needs_oauth(server: MCPServerConfig) -> bool:  # noqa
-    """Return True if the remote server currently needs OAuth; False otherwise."""
+def authorize_server_oauth(server: MCPServerConfig) -> bool:
+    """Run an interactive OAuth flow for a remote MCP server and cache tokens.
+
+    Returns True if authorization succeeded (tokens cached and a ping succeeded),
+    False otherwise. Local servers return True immediately.
+    """
 
-    async def _needs_oauth_async() -> bool:
+    async def _authorize_async() -> bool:
         if not server.is_remote_server():
+            return True
+
+        remote_url: str | None = server.get_remote_url()
+        if not remote_url:
+            log.error("OAuth requested for remote server '{}' but no URL found", server.name)
+            return False
+
+        oauth_manager = get_oauth_manager()
+
+        try:
+            # Debug info prior to starting OAuth
+            print(
+                "[OAuth] Starting authorization",
+                f"server={server.name}",
+                f"remote_url={remote_url}",
+                f"cache_dir={oauth_manager.cache_dir}",
+                f"scopes={server.oauth_scopes}",
+                f"client_name={server.oauth_client_name or 'Open Edison Setup'}",
+            )
+
+            oauth = OpenEdisonOAuth(
+                mcp_url=remote_url,
+                scopes=server.oauth_scopes,
+                client_name=server.oauth_client_name or "Open Edison Setup",
+                token_storage_cache_dir=oauth_manager.cache_dir,
+                callback_port=50001,
+            )
+
+            # Establish a connection to trigger OAuth if needed
+            async with FastMCPClient(remote_url, auth=oauth) as client:  # type: ignore
+                log.info(
+                    "Starting OAuth flow for '{}' (a browser window may open; if not, follow the printed URL)",
+                    server.name,
+                )
+                await client.ping()
+
+            # Refresh cached status
+            info = await oauth_manager.check_oauth_requirement(server.name, remote_url)
+
+            # Post-authorization token inspection (no secrets printed)
+            try:
+                storage = FileTokenStorage(server_url=remote_url, cache_dir=oauth_manager.cache_dir)
+                tokens = await storage.get_tokens()
+                access_present = bool(getattr(tokens, "access_token", None)) if tokens else False
+                refresh_present = bool(getattr(tokens, "refresh_token", None)) if tokens else False
+                expires_at = getattr(tokens, "expires_at", None) if tokens else None
+                print(
+                    "[OAuth] Authorization result:",
+                    f"status={info.status.value}",
+                    f"has_refresh_token={info.has_refresh_token}",
+                    f"token_expires_at={info.token_expires_at or expires_at}",
+                    f"tokens_cached=access:{access_present}/refresh:{refresh_present}",
+                )
+            except Exception as _e:  # noqa: BLE001
+                print("[OAuth] Authorization completed, but token inspection failed:", _e)
+
+            log.info("OAuth completed and tokens cached for '{}'", server.name)
+            return True
+        except Exception as e:  # noqa: BLE001
+            log.error("OAuth authorization failed for '{}': {}", server.name, e)
+            print("[OAuth] Authorization failed:", e)
+            return False
+
+    return asyncio.run(_authorize_async())
+
+
+def has_oauth_tokens(server: MCPServerConfig) -> bool:
+    """Return True if cached OAuth tokens exist for the remote server.
+
+    Local servers return True (no OAuth needed).
+    """
+
+    async def _check_async() -> bool:
+        if not server.is_remote_server():
+            return True
+
+        remote_url: str | None = server.get_remote_url()
+        if not remote_url:
+            return False
+
+        try:
+            storage = FileTokenStorage(
+                server_url=remote_url, cache_dir=get_oauth_manager().cache_dir
+            )
+            tokens = await storage.get_tokens()
+            return bool(tokens and (tokens.access_token or tokens.refresh_token))
+        except Exception:
             return False
-        info = await get_oauth_manager().check_oauth_requirement(
-            server.name, server.get_remote_url()
-        )
-        return info.status == OAuthStatus.NEEDS_AUTH
 
-    return asyncio.run(_needs_oauth_async())
+    return asyncio.run(_check_async())