Add tasks API, improve CLI UX, and fix auth/proxy issues

[jancurn]

Summary

This release adds comprehensive task management capabilities to mcpc, improves the CLI user experience with better help text and inline parameter signatures, and fixes several critical issues with authentication, proxy support, and session state handling.

Key Changes

New Features:

• Task management commands (tasks-list, tasks-get, tasks-cancel) for managing async operations on the server
• --task flag for tools-call with progress spinner showing elapsed time and server status messages
• --detach flag to start tasks and return immediately without waiting for completion
• ESC key support during --task execution to detach on the fly
• --insecure global option to skip TLS certificate verification for self-signed certificates
• --client-id and --client-secret options for mcpc login for servers without dynamic client registration
• --no-profile option for connect to skip OAuth profile auto-detection
• Fallback to pasted callback URL in mcpc login when browser cannot be opened (headless environments)
• Inline parameter signatures in tools-list output (e.g., read_file(path: string, +4 optional))
• mcpc @session now displays available tools from bridge cache without extra server calls

Improvements:

• Lazy loading of @napi-rs/keyring native addon with fallback to ~/.mcpc/credentials.json
• --header / -H option now specific to connect command instead of global
• Tools cache now fetches all pages on startup and on tools/list_changed notifications
• Clearer session state handling: unauthorized (401/403), disconnected (bridge alive but server unreachable >2min), expired (session ID rejected)
• Simplified mcpc grep command description in help text

Bug Fixes:

• HTTP proxy support (HTTP_PROXY/HTTPS_PROXY) now works for MCP server connections, OAuth token refresh, and x402 payment signing
• Explicit --header "Authorization: ..." now takes precedence over auto-detected OAuth profiles
• Fixed auth loss when reconnecting unauthorized sessions via mcpc connect
• Session restart now auto-detects default OAuth profile created after session establishment
• --timeout flag now correctly propagates to MCP requests via session bridge
• --task and --detach tool calls now correctly send task creation parameters to server
• Bridge now forwards logging/message notifications to connected clients
• IPC buffer between CLI and bridge capped at 10 MB to prevent unbounded memory growth
• Fixed mcpc help <command> showing truncated usage lines (e.g., now shows mcpc <@session> resources-read <uri> instead of just resources-read <uri>)

Implementation Details

• Session state machine revised to distinguish between authentication failures (401/403 → unauthorized) and session expiry (session ID rejection → expired)
• Task execution integrated with progress tracking and real-time server status updates
• Proxy configuration now properly threaded through MCP SDK transport, OAuth flows, and x402 payment signing
• Keyring integration made optional with graceful degradation to file-based credential storage

https://claude.ai/code/session_01JWQyaYTd36WC1tCBqby8j1