Key design decisions with context and rationale.
| ADR | Decision |
|---|---|
| 001 | No refresh tokens—rely on MCP SDK’s re-auth flow |
| 002 | Token exchange inside redirectToAuthorization() |
| 003 | Immutable client metadata across DCR |
| 004 | Validate state only when present in auth URL |
| 005 | Store persists only tokens, client, and PKCE verifier |