From c5bf4cda8a1796ec2e7a3aaf8b6706ee1afffc47 Mon Sep 17 00:00:00 2001
From: Chris Coutinho <chris@coutinho.io>
Date: Sat, 24 Jan 2026 13:04:23 +0100
Subject: [PATCH] fix(astrolabe): rename OAuthController and fix app password
 check

- Rename OAuthController.php to OauthController.php for consistency
- Fix Personal.php to check specifically for app password presence
  using getBackgroundSyncPassword() instead of hasBackgroundSyncAccess()
  for hybrid auth mode

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .../Controller/{OAuthController.php => OauthController.php}   | 2 +-
 third_party/astrolabe/lib/Settings/Personal.php               | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)
 rename third_party/astrolabe/lib/Controller/{OAuthController.php => OauthController.php} (99%)

diff --git a/third_party/astrolabe/lib/Controller/OAuthController.php b/third_party/astrolabe/lib/Controller/OauthController.php
similarity index 99%
rename from third_party/astrolabe/lib/Controller/OAuthController.php
rename to third_party/astrolabe/lib/Controller/OauthController.php
index aa21811..6172335 100644
--- a/third_party/astrolabe/lib/Controller/OAuthController.php
+++ b/third_party/astrolabe/lib/Controller/OauthController.php
@@ -32,7 +32,7 @@ use Psr\Log\LoggerInterface;
  * - Public clients: PKCE only
  * - Confidential clients: PKCE + client_secret (defense in depth)
  */
-class OAuthController extends Controller {
+class OauthController extends Controller {
 	private IConfig $config;
 	private ISession $session;
 	private IUserSession $userSession;
diff --git a/third_party/astrolabe/lib/Settings/Personal.php b/third_party/astrolabe/lib/Settings/Personal.php
index a93ca7f..f6f38fd 100644
--- a/third_party/astrolabe/lib/Settings/Personal.php
+++ b/third_party/astrolabe/lib/Settings/Personal.php
@@ -86,7 +86,9 @@ class Personal implements ISettings {
 		if ($authMode === 'multi_user_basic' && $supportsAppPasswords) {
 			// Check both credentials
 			$hasOAuthToken = ($token !== null && !$this->tokenStorage->isExpired($token));
-			$hasAppPassword = $this->tokenStorage->hasBackgroundSyncAccess($userId);
+			// In hybrid mode, check specifically for app password (not general background access)
+			// because MCP server needs the app password for background sync
+			$hasAppPassword = ($this->tokenStorage->getBackgroundSyncPassword($userId) !== null);
 			$backgroundSyncType = $this->tokenStorage->getBackgroundSyncType($userId);
 			$backgroundSyncProvisionedAt = $this->tokenStorage->getBackgroundSyncProvisionedAt($userId);