Background
`apps/main/src/routes/vaults.ts:278` returns 501:
"MCP OAuth credential validation not yet implemented on this server"
The OAuth refresh + introspection logic lives in `apps/integrations/`, but main worker needs to RPC into it to validate stored credentials before exposing them as session-bound vault entries.
Work
- Define a service-binding RPC contract on integrations worker: `POST /internal/mcp_oauth_validate { credential_id }` → `{ valid: bool, expires_at? }`
- Wire the binding from main → integrations
- Replace the 501 stub with a forward + envelope wrap
Why deferred from #PR
Cross-worker change, requires extending the integrations worker's internal API. Not part of AMA wire alignment.
References
`apps/main/src/routes/vaults.ts:272-285`
Background
`apps/main/src/routes/vaults.ts:278` returns 501:
The OAuth refresh + introspection logic lives in `apps/integrations/`, but main worker needs to RPC into it to validate stored credentials before exposing them as session-bound vault entries.
Work
Why deferred from #PR
Cross-worker change, requires extending the integrations worker's internal API. Not part of AMA wire alignment.
References
`apps/main/src/routes/vaults.ts:272-285`