clean up comments to be more concise

Author: jsourcebot

packages/web/src/ee/features/chat/mcp/oauthScopeUtils.ts

@@ -54,8 +54,7 @@ export function buildMcpOAuthScopeEntries({
 
     return normalizedAvailableOAuthScopes.map((scope) => ({
         scope,
-        // offline_access is enabled by default because all clients declare the refresh_token
-        // grant; an admin who leaves it unticked would produce a broken authorization request.
+        // Force-enabled regardless of admin selection — see OFFLINE_ACCESS_SCOPE.
         enabled: scope === OFFLINE_ACCESS_SCOPE || requestedScopeSet.has(scope),
     }));
 }

packages/web/src/ee/features/chat/mcp/prismaOAuthClientProvider.ts

@@ -113,12 +113,10 @@ export class PrismaOAuthClientProvider implements OAuthClientProvider {
     this.userId = userId;
     this.callbackUrl = callbackUrl;
     this.callbackReturnTo = callbackReturnTo;
-    // offline_access is always injected because every client declares the refresh_token grant
-    // and providers such as Atlassian reject /authorize when the grant is declared but
-    // offline_access is absent. We inject unconditionally rather than checking the provider's
-    // advertised scopes because oauthScopesSupported is not plumbed through to this constructor;
-    // the tradeoff (a benign unknown-scope rejection on strict providers) is the same as the
-    // existing behaviour of always declaring refresh_token.
+    // Always inject offline_access (see OFFLINE_ACCESS_SCOPE). We do so unconditionally rather
+    // than checking the provider's advertised scopes because oauthScopesSupported is not plumbed
+    // through to this constructor; the tradeoff (a benign unknown-scope rejection on strict
+    // providers) is the same as the existing behaviour of always declaring refresh_token.
     this.requestedOAuthScopes = normalizeMcpRequestedOAuthScopes([
         ...requestedOAuthScopes,
         OFFLINE_ACCESS_SCOPE,