fix(mcp): stop OAuth callback server after authentication completes

hchangjae · hchangjae · commit e4d8b227a3d1 · 2026-04-20T23:25:04.000+09:00
diff --git a/packages/opencode/src/mcp/index.ts b/packages/opencode/src/mcp/index.ts
@@ -839,10 +839,13 @@ export const layer = Layer.effect(
       const storedState = yield* auth.getOAuthState(mcpName)
       if (storedState !== result.oauthState) {
         yield* auth.clearOAuthState(mcpName)
+        yield* Effect.promise(() => McpOAuthCallback.stopIfIdle())
         throw new Error("OAuth state mismatch - potential CSRF attack")
       }
       yield* auth.clearOAuthState(mcpName)
-      return yield* finishAuth(mcpName, code)
+      const status = yield* finishAuth(mcpName, code)
+      yield* Effect.promise(() => McpOAuthCallback.stopIfIdle())
+      return status
     })
 
     const finishAuth = Effect.fn("MCP.finishAuth")(function* (mcpName: string, authorizationCode: string) {
diff --git a/packages/opencode/src/mcp/oauth-callback.ts b/packages/opencode/src/mcp/oauth-callback.ts
@@ -225,6 +225,18 @@ export async function stop(): Promise<void> {
   mcpNameToState.clear()
 }
 
+export async function stopIfIdle(): Promise<void> {
+  if (pendingAuths.size === 0) {
+    await stop()
+  }
+}
+
+export async function stopIfIdle(): Promise<void> {
+  if (pendingAuths.size === 0) {
+    await stop()
+  }
+}
+
 export function isRunning(): boolean {
   return server !== undefined
 }
