chore: track PR smart-mcp-proxy#255 review suggestions as beans

Created follow-up tasks from code review:
- mcpproxy-go-4ydu: Extract shared RefreshState type
- mcpproxy-go-75ss: Extract containsIgnoreCase to utility
- mcpproxy-go-3st0: Replace custom toLower with strings.ToLower
- mcpproxy-go-xguu: Document 24-hour token expiry threshold

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

Author: technicalpickles

.beans.yml

@@ -0,0 +1,6 @@
+beans:
+    path: .beans
+    prefix: mcpproxy-go-
+    id_length: 4
+    default_status: todo
+    default_type: task

.beans/mcpproxy-go-3st0--replace-custom-tolower-with-stringstolower.md

@@ -0,0 +1,15 @@
+---
+# mcpproxy-go-3st0
+title: Replace custom toLower with strings.ToLower
+status: todo
+type: task
+priority: low
+created_at: 2026-01-19T14:25:30Z
+updated_at: 2026-01-19T14:25:30Z
+---
+
+From PR #255 code review.
+
+File: `internal/oauth/refresh_manager.go:792-802`
+
+Uses a manual ASCII-only lowercase implementation. Consider using `strings.ToLower()` from stdlib unless there's a specific performance reason for the custom implementation.

.beans/mcpproxy-go-4ydu--extract-shared-refreshstate-type-to-common-package.md

@@ -0,0 +1,21 @@
+---
+# mcpproxy-go-4ydu
+title: Extract shared RefreshState type to common package
+status: todo
+type: task
+priority: low
+created_at: 2026-01-19T14:25:29Z
+updated_at: 2026-01-19T14:25:29Z
+---
+
+From PR #255 code review.
+
+The `RefreshState` type is duplicated in:
+- `internal/health/calculator.go:9-22`
+- `internal/oauth/refresh_manager.go:37-70`
+
+The health package mirrors the oauth package's `RefreshState` "for decoupling". Options:
+1. Create a shared types package
+2. Add a test to ensure the duplicates stay in sync
+
+Consider which approach better serves the architecture.

.beans/mcpproxy-go-75ss--extract-containsignorecase-to-shared-utility-packa.md

@@ -0,0 +1,17 @@
+---
+# mcpproxy-go-75ss
+title: Extract containsIgnoreCase to shared utility package
+status: todo
+type: task
+priority: low
+created_at: 2026-01-19T14:25:29Z
+updated_at: 2026-01-19T14:25:29Z
+---
+
+From PR #255 code review.
+
+The `containsIgnoreCase` function is duplicated in:
+- `internal/health/calculator.go:305`
+- `internal/oauth/refresh_manager.go:780`
+
+Both packages have identical implementations. Should be extracted to a shared utility package (e.g., `internal/util/strings.go`).

.beans/mcpproxy-go-sskj--add-all-flag-to-auth-login-command.md

@@ -0,0 +1,18 @@
+---
+# mcpproxy-go-sskj
+title: Add --all flag to auth login command
+status: in-progress
+type: feature
+created_at: 2026-01-19T13:53:58Z
+updated_at: 2026-01-19T13:53:58Z
+---
+
+Add support for re-authenticating all servers at once with mcpproxy auth login --all. Include confirmation prompt (yes/no) before opening multiple browser tabs, with optional --force flag to bypass confirmation.
+
+## Checklist
+- [ ] Explore existing auth command implementation
+- [ ] Add --all flag to auth login command
+- [ ] Implement confirmation prompt for multiple servers
+- [ ] Add --force flag to bypass confirmation
+- [ ] Test with multiple servers requiring auth
+- [ ] Update any relevant documentation

.beans/mcpproxy-go-xguu--document-24-hour-token-expiry-threshold-constant.md

@@ -0,0 +1,21 @@
+---
+# mcpproxy-go-xguu
+title: Document 24-hour token expiry threshold constant
+status: todo
+type: task
+priority: low
+created_at: 2026-01-19T14:25:30Z
+updated_at: 2026-01-19T14:25:30Z
+---
+
+From PR #255 code review.
+
+File: `internal/oauth/refresh_manager.go:665`
+
+```go
+if timeSinceExpiry > 24*time.Hour {
+```
+
+The 24-hour threshold for giving up on token refresh is undocumented. Should:
+1. Extract to a named constant (e.g., `maxTokenExpiryRecoveryWindow`)
+2. Add documentation explaining why 24 hours was chosen