Skip to content

docs(mcp): sync cli-reference + troubleshooting for OAuth discovery/DCR (#316 follow-up)#322

Merged
initializ-mk merged 1 commit into
mainfrom
docs/mcp-oauth-discovery-sync
Jul 17, 2026
Merged

docs(mcp): sync cli-reference + troubleshooting for OAuth discovery/DCR (#316 follow-up)#322
initializ-mk merged 1 commit into
mainfrom
docs/mcp-oauth-discovery-sync

Conversation

@initializ-mk

Copy link
Copy Markdown
Contributor

Follow-up doc sync for the MCP OAuth discovery + DCR feature (#316, merged in #320). The feature commits already updated docs/mcp/configuration.md and .claude/skills/forge.md; this covers the two MCP docs that weren't in that PR.

Changes

docs/mcp/cli-reference.md

  • forge mcp login — documents discovery (RFC 9728/8414) + dynamic client registration (RFC 7591), the persisted mcp_reg_<name>.json, explicit-config override, and fail-closed behavior.
  • forge mcp test — notes it reads the token via the same mcp.token_store_path / MCP_TOKEN_STORE_PATH override as login/logout (the store-path fix that shipped in feat(mcp): OAuth discovery (RFC 9728/8414) + dynamic client registration (RFC 7591) (closes #316) #320) and requires a prior login.
  • forge mcp logout — now also clears the registration record (the revoked-client recovery path).
  • K8s Secret example — bundles mcp_reg_<name>.json alongside the token, since a discovery-based server's runtime refresh needs the discovered token_url + client_id.

docs/mcp/troubleshooting.md

  • New OAuth rows: test-vs-login store mismatch, no discovery metadata, no registration_endpoint, confidential-client fail-closed, and revoked-DCR-client recovery.
  • New egress row: the discovered authorization-server host learned from the registration record (not knowable at build-time freeze).

Notes

  • Docs-only; no code.
  • Cross-links + anchor targets verified against the merged configuration.md.

…CR (#316)

- cli-reference: `forge mcp login` documents discovery (RFC 9728/8414) +
  DCR (RFC 7591), the persisted `mcp_reg_<name>.json`, explicit-override,
  and fail-closed; `forge mcp test` notes it honors the same
  token_store_path override (the mcp_test store-path fix) and needs a
  prior login; `forge mcp logout` clears the registration record; K8s
  Secret example bundles `mcp_reg_<name>.json` for the refresh path.
- troubleshooting: new OAuth rows (test-vs-login store mismatch, no
  discovery metadata, no registration_endpoint, confidential client,
  revoked-DCR-client recovery) + an egress row for the discovered
  auth-server host learned from the registration record.

configuration.md + forge.md were already updated in the feature commits.
@initializ-mk
initializ-mk merged commit 5806bfa into main Jul 17, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant