Add organization MCP integrations

[niemyjski]

Summary

• Move AI tools setup into organization settings with a new Integrations tab and redirect the old account AI Tools route to the selected organization.
• Add GitHub Copilot setup instructions using the VS Code remote HTTP MCP configuration, alongside the existing Claude Code, Codex CLI, and OpenCode flows.
• Document the backend plan for real organization-scoped integrations and OAuth grants in docs/organization-integrations-plan.md.

Backend Notes

• External logins are user sign-in links, while OAuth applications are global client definitions.
• Current OAuth tokens are user-scoped and do not store the selected organization, so accurate organization integration listing needs a new organization-scoped grant/installation model or organization-aware OAuth tokens.
• The next backend step is organization consent selection plus list/view/revoke endpoints under /api/v2/organizations/{organizationId}/integrations.

Verification

• npm run check
• npx prettier --check <touched Svelte/TS/Markdown files>
• npm run build
• npx eslint <touched Svelte/TS files>

Notes

• Full npm run lint:eslint currently fails on an existing module-sort issue in src/lib/features/shared/table.svelte.ts:392.
• GitHub Copilot MCP setup was checked against the official VS Code MCP docs: https://code.visualstudio.com/docs/agent-customization/mcp-servers

Breaking Changes

• None.

[niemyjski]

Added the missing OAuth Applications half of the organization integrations work.

Update includes:

• Organization Integrations now has two tabs: AI Tools and OAuth Applications.
• OAuth Applications tab reuses the existing management flow: list, create, edit, disable, and delete.
• System > OAuth Apps now renders the same reusable manager component, so the behavior stays in one place.
• Plan doc updated to reflect the OAuth Applications tab and the remaining backend need for organization-scoped grants/revocation.

Verification after this update:

• npm run check
• targeted Prettier check
• targeted ESLint
• npm run build

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 341c5afcc1

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Avoid implying the OAuth grant is organization-scoped

When a member of multiple organizations opens this tab for organization A, this copy says the AI/OAuth integration is for A, but the same commit documents that OAuth tokens store only user/client/resource/scopes and grant access across all accessible organizations (docs/organization-integrations-plan.md:7-8). Since AiToolsSetup starts the normal MCP OAuth flow without passing an organization, authorizing from this page can expose other organizations despite the org-scoped UI; either keep the setup user-scoped or add an explicit warning until organization-scoped grants exist.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Wait for selected organization before redirecting old links

When this compatibility route is hit before organization.current has been restored (for example a logged-out user follows an old /account/ai-tools link, logs in, and localStorage was cleared by logout), the effect immediately chooses /organization/list and replaces the URL, so the page unmounts before the app layout can populate the first valid organization. Valid users with organizations therefore do not get redirected to the new Integrations page; wait for organization initialization or query the user's organizations before falling back to the list.

Useful? React with 👍 / 👎.

[niemyjski]

Updated the PR to address the MCP/OAuth follow-up:

• Renamed the organization integration setup from AI Tools to MCP in the visible UI and moved the feature component to features/mcp.
• Clarified the GitHub Copilot option as "GitHub Copilot in VS Code" and added an "Add to VS Code" button using VS Code's mcp/install URI, with the code --add-mcp and workspace .vscode/mcp.json fallbacks still visible.
• Reworked OAuth Applications into a table-first manager: New/Edit open a dialog, Disable/Enable and Delete are row actions with confirmation dialogs, and disabled state is no longer exposed as a create/edit form field.
• Updated the project setup links and integration plan copy to use MCP language.

Validation:

• npm run check passed.
• Targeted npx prettier --check ... passed.
• Targeted npx eslint ... passed.
• npm run build passed.
• git diff --check passed.
• Package npm run lint still fails on the existing unrelated src/lib/features/shared/table.svelte.ts:392 sort rule (resolvePageCount before withClientSortedRowModel).

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 555e0afe77

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Gate the admin-only OAuth manager

For non-global organization members, this organization page now mounts the same OAuth application manager used by the System page, but that manager calls /admin/oauth-applications and the controller is protected by GlobalAdminPolicy; the System page wraps it in GlobalUser, while this tab does not. As a result, normal organization users see an OAuth Applications tab/New OAuth App flow that can only fail with access denied. Gate this tab/manager to global admins or replace it with an organization-scoped integrations API when available.

Useful? React with 👍 / 👎.

[niemyjski]

Follow-up update:

• Added URL-addressable organization Integrations sub-tabs with ?tab=mcp and ?tab=oauth-applications.
• Reworked MCP setup options to VS Code MCP, Cursor MCP, and GitHub Copilot CLI.
• Added tool/docs links plus setup actions where supported: Add to VS Code, Add to Cursor, and copilot mcp add --transport http.
• Removed the legacy /account/ai-tools redirect route.
• Updated docs/organization-integrations-plan.md to match the organization-scoped MCP/OAuth shape.

Docs checked:

• VS Code MCP docs: https://code.visualstudio.com/docs/agent-customization/mcp-servers
• Cursor MCP docs and install links: https://cursor.com/docs/mcp and https://cursor.com/docs/mcp/install-links
• GitHub Copilot CLI MCP docs: https://docs.github.com/en/copilot/how-tos/copilot-cli/customize-copilot/add-mcp-servers

Validation:

• npm run check passed.
• npm run lint:prettier passed.
• npm run build passed.
• git diff --check passed.
• npm run lint:eslint still fails on existing src/lib/features/shared/table.svelte.ts:392 module ordering (resolvePageCount before withClientSortedRowModel), outside this PR diff.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4b92ffcc04

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Keep a compatibility route for AI Tools links

When users or bookmarks still hit the existing /account/ai-tools URL, SvelteKit now has no route to handle it, so they get a 404 instead of reaching the new organization Integrations page. Fresh evidence: this line states the legacy redirect was removed, and rg -n "ai-tools" finds no current route in the tree. Keeping a small redirect route that resolves the selected or first organization would preserve old links while still landing on the organization-scoped page.

Useful? React with 👍 / 👎.

[github-actions]

Package	Line Rate	Branch Rate	Complexity	Health
Exceptionless.AppHost	39%	40%	134	❌
Exceptionless.Core	71%	63%	8469	➖
Exceptionless.Insulation	24%	23%	203	❌
Exceptionless.Web	75%	63%	4773	➖
Summary	70% (15960 / 22656)	62% (8122 / 13076)	13579	➖