fix(mcp): Install NEAR AI MCP server from environment config

[hanakannzashi]

Summary

• Fix the remove -> install -> activate flow for the built-in NEAR AI MCP entry.
• When nearai is installed from the registry, reuse the existing env/bootstrap config path instead of installing the raw registry URL directly.
• This ensures reinstalling nearai persists the same MCP config shape as startup bootstrap, including the configured auth header, so activation does not fall into the unsupported OAuth/DCR discovery path.

Change Type

• Bug fix
• New feature
• Refactor
• Documentation
• CI/Infrastructure
• Security
• Dependencies

Linked Issue

None. Follow-up to review/debugging on this PR.

Validation

• cargo fmt --all -- --check
• cargo clippy --all --benches --tests --examples --all-features -- -D warnings
• cargo build
• Relevant tests pass:
• cargo test --features integration if database-backed or integration behavior changed
• Manual testing: reproduced remove nearai -> install -> activate in the local staging gateway; before the fix activation failed with OAuth metadata discovery against the raw registry URL, after the fix reinstall uses the env-backed config and activation succeeds
• If a coding agent was used and supports it, review-pr or pr-shepherd --fix was run before requesting review

Additional checks run:

• cargo build --bin ironclaw

Security Impact

Low. This does not add new auth mechanisms or secret storage paths; it only ensures the NEAR AI registry install path reuses the existing env/bootstrap MCP config (including the configured Authorization header) instead of installing a mismatched raw registry entry.

Database Impact

None. No schema or migration changes. This only affects which MCP config is persisted when installing the nearai registry entry.

Blast Radius

Touches MCP install behavior in the extension manager for the nearai registry entry. Main risk area is MCP install flow for that one built-in entry; other registry MCP installs should remain unchanged.

Rollback Plan

Revert the install-path change in ExtensionManager and restart the gateway. As an operational workaround, users can remove the bad nearai MCP entry and restart with NEARAI_BASE_URL / NEARAI_API_KEY so startup bootstrap recreates it.

Review Follow-Through

• Addresses the observed regression where removing the bootstrapped NEAR AI MCP and reinstalling it from the registry produced a plain registry MCP entry without the configured auth header.
• The registry install path for nearai now routes back through the existing env/bootstrap config logic instead of treating it like a generic URL-only MCP install.

---

Review track: B

[gemini-code-assist]

Code Review

This pull request introduces a specialized installation path for the NEAR AI MCP server by checking for a specific server name and loading configuration from environment variables. A review comment suggests refactoring this logic to avoid hardcoded identifiers, recommending the use of a new ExtensionSource enum variant to handle environment-based installations more generically.

[Copilot]

Pull request overview

Fixes the registry install path for the built-in NEAR AI MCP server so that reinstalling nearai reuses the existing env/bootstrap-derived MCP config (including Authorization header), avoiding activation falling into OAuth/DCR discovery against the raw registry URL.

Changes:

• Exposes the env-derived NEAR AI MCP config builder for reuse outside the config module.
• Special-cases registry installs of nearai to install from environment config rather than the registry URL.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
src/tools/mcp/config.rs	Makes nearai_mcp_server_from_env available to other crate modules.
src/extensions/manager.rs	Routes nearai registry installs through a new env-backed install helper instead of the generic URL install.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.