chittyos · chitcommit · May 22, 2026
diff --git a/src/index.js b/src/index.js
@@ -2076,8 +2076,9 @@
  * Export worker
  *
  * OAuthProvider wraps the Hono app to add OAuth 2.1 + PKCE for MCP clients
- * (Claude Desktop Cowork). Only mcp.chitty.cc/mcp requires OAuth;
- * connect.chitty.cc/mcp/* continues using API key auth (backward compatible).
+ * (Claude Desktop Cowork). The mcp.chitty.cc aggregator (standalone service)
+ * owns OAuth upstream; connect.chitty.cc/mcp is the slim per-service MCP
+ * exposed here without auth (gateway authenticates and proxies in).
  *
  * OAuth endpoints served automatically:
  *   /.well-known/oauth-authorization-server — RFC 8414 discovery
@@ -2118,7 +2119,7 @@
 * endpoint is handled internally by OAuthProvider and never reaches
 * our defaultHandler.
 */
 function stripRedirectUriQueryParams(request) {
  const url = new URL(request.url);
  const rawRedirect = url.searchParams.get("redirect_uri");
  if (!rawRedirect) return request;
@@ -2294,15 +2295,16 @@
       }
     }
 
-    // When mcp.chitty.cc is fronted by Cloudflare Managed OAuth, Access owns
-    // the OAuth exchange and the origin should behave like a plain MCP server.
-    if (host === "mcp.chitty.cc" && url.pathname === "/mcp") {
+    // connect.chitty.cc/mcp — ChittyConnect's own slim MCP exposing only
+    // connect-specific tools. No auth: the upstream aggregator gateway
+    // (standalone mcp.chitty.cc service) authenticates and proxies in.
+    if (host === "connect.chitty.cc" && url.pathname === "/mcp") {
       try {
         return mcpAgentHandler.fetch(request, env, ctx);
       } catch (err) {
         const errorInfo = formatCaughtError(err);
         console.error(
-          `[MCP-Agent] /mcp threw: ${errorInfo.message}\n${errorInfo.stack}`,
+          `[MCP-Agent] connect.chitty.cc/mcp threw: ${errorInfo.message}\n${errorInfo.stack}`,
         );
         return new Response(
           JSON.stringify({
@@ -2424,7 +2426,7 @@
  // Scheduled handler for cron triggers
  // - "0 * * * *"     (hourly)  → 1Password event sync to ChittyChronicle
  // - every 5 min     → Connection health checks
  async scheduled(event, env, ctx) {
    console.log(
      `[Scheduled] Cron trigger: ${event.cron} at ${new Date().toISOString()}`,
    );

diff --git a/wrangler.jsonc b/wrangler.jsonc
@@ -314,8 +314,7 @@
       ],
 
       "routes": [
-        { "pattern": "connect.chitty.cc/*", "zone_name": "chitty.cc" },
-        { "pattern": "mcp.chitty.cc/*", "zone_name": "chitty.cc" }
+        { "pattern": "connect.chitty.cc/*", "zone_name": "chitty.cc" }
       ],
       "vars": {
         "ENVIRONMENT": "production",