feat(mcp-oauth): 'skip' at paste prompt bypasses auth without disabling server#32069
Merged
Conversation
… disabling server
When an MCP server triggers OAuth at startup, the user can now type 'skip'
(or 'cancel', 's', 'n', 'no', 'q', 'quit') at the paste prompt + Enter to
exit the flow cleanly and continue agent startup without that server.
Previously the only ways to bypass an unwanted OAuth prompt were:
- Wait the full 5-minute paste timeout
- Ctrl+C (also kills the whole reload, may leave half-state)
- Edit config.yaml to set 'enabled: false' on the server
Skip writes a sentinel to result['error'] which _wait_for_callback maps to
OAuthNonInteractiveError('user_skipped'). mcp_tool already classifies that
as an auth error in _is_auth_error() and the reconnect loop logs it as
'not retrying automatically' — server stays disconnected for the session,
other MCP servers continue normally, no infinite retry burn.
The skip message tells users how to re-auth later ('hermes mcp login') or
disable persistently ('enabled: false'), so they don't have to remember.
14 new tests covering: case-insensitive skip parsing, all 7 skip tokens,
skip not stomping an HTTP-listener win, skip routed to skip path rather
than URL-parse path, sentinel mapped to OAuthNonInteractiveError, prompt
mentions the skip option.
Contributor
🔎 Lint report:
|
daletkc
pushed a commit
to daletkc/hermes-agent
that referenced
this pull request
May 25, 2026
… disabling server (NousResearch#32069) When an MCP server triggers OAuth at startup, the user can now type 'skip' (or 'cancel', 's', 'n', 'no', 'q', 'quit') at the paste prompt + Enter to exit the flow cleanly and continue agent startup without that server. Previously the only ways to bypass an unwanted OAuth prompt were: - Wait the full 5-minute paste timeout - Ctrl+C (also kills the whole reload, may leave half-state) - Edit config.yaml to set 'enabled: false' on the server Skip writes a sentinel to result['error'] which _wait_for_callback maps to OAuthNonInteractiveError('user_skipped'). mcp_tool already classifies that as an auth error in _is_auth_error() and the reconnect loop logs it as 'not retrying automatically' — server stays disconnected for the session, other MCP servers continue normally, no infinite retry burn. The skip message tells users how to re-auth later ('hermes mcp login') or disable persistently ('enabled: false'), so they don't have to remember. 14 new tests covering: case-insensitive skip parsing, all 7 skip tokens, skip not stomping an HTTP-listener win, skip routed to skip path rather than URL-parse path, sentinel mapped to OAuthNonInteractiveError, prompt mentions the skip option.
bridge25
pushed a commit
to bridge25/hermes-agent
that referenced
this pull request
May 27, 2026
… disabling server (NousResearch#32069) When an MCP server triggers OAuth at startup, the user can now type 'skip' (or 'cancel', 's', 'n', 'no', 'q', 'quit') at the paste prompt + Enter to exit the flow cleanly and continue agent startup without that server. Previously the only ways to bypass an unwanted OAuth prompt were: - Wait the full 5-minute paste timeout - Ctrl+C (also kills the whole reload, may leave half-state) - Edit config.yaml to set 'enabled: false' on the server Skip writes a sentinel to result['error'] which _wait_for_callback maps to OAuthNonInteractiveError('user_skipped'). mcp_tool already classifies that as an auth error in _is_auth_error() and the reconnect loop logs it as 'not retrying automatically' — server stays disconnected for the session, other MCP servers continue normally, no infinite retry burn. The skip message tells users how to re-auth later ('hermes mcp login') or disable persistently ('enabled: false'), so they don't have to remember. 14 new tests covering: case-insensitive skip parsing, all 7 skip tokens, skip not stomping an HTTP-listener win, skip routed to skip path rather than URL-parse path, sentinel mapped to OAuthNonInteractiveError, prompt mentions the skip option.
1 task
mathias3
pushed a commit
to mathias3/hermes-agent
that referenced
this pull request
May 28, 2026
… disabling server (NousResearch#32069) When an MCP server triggers OAuth at startup, the user can now type 'skip' (or 'cancel', 's', 'n', 'no', 'q', 'quit') at the paste prompt + Enter to exit the flow cleanly and continue agent startup without that server. Previously the only ways to bypass an unwanted OAuth prompt were: - Wait the full 5-minute paste timeout - Ctrl+C (also kills the whole reload, may leave half-state) - Edit config.yaml to set 'enabled: false' on the server Skip writes a sentinel to result['error'] which _wait_for_callback maps to OAuthNonInteractiveError('user_skipped'). mcp_tool already classifies that as an auth error in _is_auth_error() and the reconnect loop logs it as 'not retrying automatically' — server stays disconnected for the session, other MCP servers continue normally, no infinite retry burn. The skip message tells users how to re-auth later ('hermes mcp login') or disable persistently ('enabled: false'), so they don't have to remember. 14 new tests covering: case-insensitive skip parsing, all 7 skip tokens, skip not stomping an HTTP-listener win, skip routed to skip path rather than URL-parse path, sentinel mapped to OAuthNonInteractiveError, prompt mentions the skip option.
Bryce-huang
pushed a commit
to wbkunlun/hermes-agent
that referenced
this pull request
May 29, 2026
… disabling server (NousResearch#32069) When an MCP server triggers OAuth at startup, the user can now type 'skip' (or 'cancel', 's', 'n', 'no', 'q', 'quit') at the paste prompt + Enter to exit the flow cleanly and continue agent startup without that server. Previously the only ways to bypass an unwanted OAuth prompt were: - Wait the full 5-minute paste timeout - Ctrl+C (also kills the whole reload, may leave half-state) - Edit config.yaml to set 'enabled: false' on the server Skip writes a sentinel to result['error'] which _wait_for_callback maps to OAuthNonInteractiveError('user_skipped'). mcp_tool already classifies that as an auth error in _is_auth_error() and the reconnect loop logs it as 'not retrying automatically' — server stays disconnected for the session, other MCP servers continue normally, no infinite retry burn. The skip message tells users how to re-auth later ('hermes mcp login') or disable persistently ('enabled: false'), so they don't have to remember. 14 new tests covering: case-insensitive skip parsing, all 7 skip tokens, skip not stomping an HTTP-listener win, skip routed to skip path rather than URL-parse path, sentinel mapped to OAuthNonInteractiveError, prompt mentions the skip option. #AI commit#
mosaiq-systems
pushed a commit
to mosaiq-systems/hermes-agent
that referenced
this pull request
May 29, 2026
… disabling server (NousResearch#32069) When an MCP server triggers OAuth at startup, the user can now type 'skip' (or 'cancel', 's', 'n', 'no', 'q', 'quit') at the paste prompt + Enter to exit the flow cleanly and continue agent startup without that server. Previously the only ways to bypass an unwanted OAuth prompt were: - Wait the full 5-minute paste timeout - Ctrl+C (also kills the whole reload, may leave half-state) - Edit config.yaml to set 'enabled: false' on the server Skip writes a sentinel to result['error'] which _wait_for_callback maps to OAuthNonInteractiveError('user_skipped'). mcp_tool already classifies that as an auth error in _is_auth_error() and the reconnect loop logs it as 'not retrying automatically' — server stays disconnected for the session, other MCP servers continue normally, no infinite retry burn. The skip message tells users how to re-auth later ('hermes mcp login') or disable persistently ('enabled: false'), so they don't have to remember. 14 new tests covering: case-insensitive skip parsing, all 7 skip tokens, skip not stomping an HTTP-listener win, skip routed to skip path rather than URL-parse path, sentinel mapped to OAuthNonInteractiveError, prompt mentions the skip option.
gweeteve
pushed a commit
to gweeteve/hermes-agent
that referenced
this pull request
Jun 2, 2026
… disabling server (NousResearch#32069) When an MCP server triggers OAuth at startup, the user can now type 'skip' (or 'cancel', 's', 'n', 'no', 'q', 'quit') at the paste prompt + Enter to exit the flow cleanly and continue agent startup without that server. Previously the only ways to bypass an unwanted OAuth prompt were: - Wait the full 5-minute paste timeout - Ctrl+C (also kills the whole reload, may leave half-state) - Edit config.yaml to set 'enabled: false' on the server Skip writes a sentinel to result['error'] which _wait_for_callback maps to OAuthNonInteractiveError('user_skipped'). mcp_tool already classifies that as an auth error in _is_auth_error() and the reconnect loop logs it as 'not retrying automatically' — server stays disconnected for the session, other MCP servers continue normally, no infinite retry burn. The skip message tells users how to re-auth later ('hermes mcp login') or disable persistently ('enabled: false'), so they don't have to remember. 14 new tests covering: case-insensitive skip parsing, all 7 skip tokens, skip not stomping an HTTP-listener win, skip routed to skip path rather than URL-parse path, sentinel mapped to OAuthNonInteractiveError, prompt mentions the skip option.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Users can now type
skipat the MCP OAuth paste prompt to continue startup without that server — no config edit, no 5-minute wait, no Ctrl+C.Why
PR #32053 added paste-back for headless OAuth, but if a user simply doesn't want to auth right now, the only escapes were Ctrl+C, the 5-min timeout, or editing config to
enabled: false. None of those are good when you just want to get past startup.Changes
tools/mcp_oauth.py:_paste_callback_readeracceptsskip/cancel/s/n/no/q/quit(case-insensitive), writes a sentinel toresult['error']._wait_for_callbackmaps it toOAuthNonInteractiveError('user_skipped'), whichmcp_tool._is_auth_error()already treats as a non-fatal auth failure (server stays disconnected for the session, others continue, no retry burn). Updated paste prompt to mention the skip option.tests/tools/test_mcp_oauth.py: 14 new tests across two classes.UX
Validation
skip,cancel, normal paste all verified live against_wait_for_callback