diff --git a/third_party/astrolabe/lib/Controller/CredentialsController.php b/third_party/astrolabe/lib/Controller/CredentialsController.php
index 2ba87ff..4d414a2 100644
--- a/third_party/astrolabe/lib/Controller/CredentialsController.php
+++ b/third_party/astrolabe/lib/Controller/CredentialsController.php
@@ -23,13 +23,13 @@ use Psr\Log\LoggerInterface;
  * Handles storing and validating app passwords for multi-user BasicAuth mode.
  */
 class CredentialsController extends Controller {
-	private $tokenStorage;
-	private $userSession;
-	private $logger;
-	private $config;
-	private $client;
-	private $httpClientService;
-	private $urlGenerator;
+	private McpTokenStorage $tokenStorage;
+	private IUserSession $userSession;
+	private LoggerInterface $logger;
+	private IConfig $config;
+	private McpServerClient $client;
+	private IClientService $httpClientService;
+	private IURLGenerator $urlGenerator;
 
 	public function __construct(
 		string $appName,
diff --git a/third_party/astrolabe/lib/Controller/OAuthController.php b/third_party/astrolabe/lib/Controller/OAuthController.php
index b6698b2..aa21811 100644
--- a/third_party/astrolabe/lib/Controller/OAuthController.php
+++ b/third_party/astrolabe/lib/Controller/OAuthController.php
@@ -12,6 +12,7 @@ use OCP\AppFramework\Http\Attribute\NoAdminRequired;
 use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
 use OCP\AppFramework\Http\RedirectResponse;
 use OCP\AppFramework\Http\TemplateResponse;
+use OCP\Http\Client\IClient;
 use OCP\Http\Client\IClientService;
 use OCP\IConfig;
 use OCP\IL10N;
@@ -32,15 +33,15 @@ use Psr\Log\LoggerInterface;
  * - Confidential clients: PKCE + client_secret (defense in depth)
  */
 class OAuthController extends Controller {
-	private $config;
-	private $session;
-	private $userSession;
-	private $urlGenerator;
-	private $tokenStorage;
-	private $logger;
-	private $l;
-	private $httpClient;
-	private $client;
+	private IConfig $config;
+	private ISession $session;
+	private IUserSession $userSession;
+	private IURLGenerator $urlGenerator;
+	private McpTokenStorage $tokenStorage;
+	private LoggerInterface $logger;
+	private IL10N $l;
+	private IClient $httpClient;
+	private McpServerClient $client;
 
 	public function __construct(
 		string $appName,
diff --git a/third_party/astrolabe/lib/Service/IdpTokenRefresher.php b/third_party/astrolabe/lib/Service/IdpTokenRefresher.php
index f35179d..682e105 100644
--- a/third_party/astrolabe/lib/Service/IdpTokenRefresher.php
+++ b/third_party/astrolabe/lib/Service/IdpTokenRefresher.php
@@ -4,6 +4,7 @@ declare(strict_types=1);
 
 namespace OCA\Astrolabe\Service;
 
+use OCP\Http\Client\IClient;
 use OCP\Http\Client\IClientService;
 use OCP\IConfig;
 use Psr\Log\LoggerInterface;
@@ -18,10 +19,10 @@ use Psr\Log\LoggerInterface;
  * Public clients without client_secret cannot refresh tokens.
  */
 class IdpTokenRefresher {
-	private $config;
-	private $httpClient;
-	private $logger;
-	private $mcpServerClient;
+	private IConfig $config;
+	private IClient $httpClient;
+	private LoggerInterface $logger;
+	private McpServerClient $mcpServerClient;
 
 	public function __construct(
 		IConfig $config,
@@ -56,6 +57,9 @@ class IdpTokenRefresher {
 	private function getNextcloudBaseUrl(): string {
 		// Check for explicit internal URL config (for custom container setups)
 		$internalUrl = $this->config->getSystemValue('astrolabe_internal_url', '');
+		if (!is_string($internalUrl)) {
+			$internalUrl = '';
+		}
 		if (!empty($internalUrl)) {
 			// Validate URL format
 			if (!filter_var($internalUrl, FILTER_VALIDATE_URL)) {
diff --git a/third_party/astrolabe/lib/Service/McpServerClient.php b/third_party/astrolabe/lib/Service/McpServerClient.php
index 2338135..4316ed9 100644
--- a/third_party/astrolabe/lib/Service/McpServerClient.php
+++ b/third_party/astrolabe/lib/Service/McpServerClient.php
@@ -4,6 +4,7 @@ declare(strict_types=1);
 
 namespace OCA\Astrolabe\Service;
 
+use OCP\Http\Client\IClient;
 use OCP\Http\Client\IClientService;
 use OCP\IConfig;
 use Psr\Log\LoggerInterface;
@@ -16,10 +17,10 @@ use Psr\Log\LoggerInterface;
  * for all management operations.
  */
 class McpServerClient {
-	private $httpClient;
-	private $config;
-	private $logger;
-	private $baseUrl;
+	private IClient $httpClient;
+	private IConfig $config;
+	private LoggerInterface $logger;
+	private string $baseUrl;
 
 	public function __construct(
 		IClientService $clientService,
@@ -31,7 +32,8 @@ class McpServerClient {
 		$this->logger = $logger;
 
 		// Get MCP server configuration from Nextcloud config
-		$this->baseUrl = $this->config->getSystemValue('mcp_server_url', 'http://localhost:8000');
+		$baseUrl = $this->config->getSystemValue('mcp_server_url', 'http://localhost:8000');
+		$this->baseUrl = is_string($baseUrl) ? $baseUrl : 'http://localhost:8000';
 	}
 
 	/**
diff --git a/third_party/astrolabe/psalm-baseline.xml b/third_party/astrolabe/psalm-baseline.xml
index 8cd76ea..cf66cc8 100644
--- a/third_party/astrolabe/psalm-baseline.xml
+++ b/third_party/astrolabe/psalm-baseline.xml
@@ -84,19 +84,8 @@
     </UnusedClass>
   </file>
   <file src="lib/Controller/CredentialsController.php">
-    <MissingPropertyType>
-      <code><![CDATA[$client]]></code>
-      <code><![CDATA[$config]]></code>
-      <code><![CDATA[$httpClientService]]></code>
-      <code><![CDATA[$logger]]></code>
-      <code><![CDATA[$tokenStorage]]></code>
-      <code><![CDATA[$urlGenerator]]></code>
-      <code><![CDATA[$userSession]]></code>
-    </MissingPropertyType>
     <MixedArgument>
       <code><![CDATA[$mcpServerUrl]]></code>
-      <code><![CDATA[$response->getBody()]]></code>
-      <code><![CDATA[$userId]]></code>
     </MixedArgument>
     <MixedArrayAccess>
       <code><![CDATA[$body['error']]]></code>
@@ -105,67 +94,11 @@
     <MixedAssignment>
       <code><![CDATA[$body]]></code>
       <code><![CDATA[$error]]></code>
-      <code><![CDATA[$hasAccess]]></code>
-      <code><![CDATA[$hasAccess]]></code>
-      <code><![CDATA[$httpClient]]></code>
-      <code><![CDATA[$httpClient]]></code>
       <code><![CDATA[$mcpServerUrl]]></code>
-      <code><![CDATA[$provisionedAt]]></code>
-      <code><![CDATA[$provisionedAt]]></code>
-      <code><![CDATA[$response]]></code>
-      <code><![CDATA[$response]]></code>
-      <code><![CDATA[$statusCode]]></code>
-      <code><![CDATA[$statusCode]]></code>
-      <code><![CDATA[$syncType]]></code>
-      <code><![CDATA[$syncType]]></code>
-      <code><![CDATA[$user]]></code>
-      <code><![CDATA[$user]]></code>
-      <code><![CDATA[$user]]></code>
-      <code><![CDATA[$userId]]></code>
-      <code><![CDATA[$userId]]></code>
-      <code><![CDATA[$userId]]></code>
     </MixedAssignment>
-    <MixedMethodCall>
-      <code><![CDATA[debug]]></code>
-      <code><![CDATA[debug]]></code>
-      <code><![CDATA[debug]]></code>
-      <code><![CDATA[deleteBackgroundSyncPassword]]></code>
-      <code><![CDATA[deleteUserToken]]></code>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[get]]></code>
-      <code><![CDATA[getBackgroundSyncProvisionedAt]]></code>
-      <code><![CDATA[getBackgroundSyncProvisionedAt]]></code>
-      <code><![CDATA[getBackgroundSyncType]]></code>
-      <code><![CDATA[getBackgroundSyncType]]></code>
-      <code><![CDATA[getBody]]></code>
-      <code><![CDATA[getStatusCode]]></code>
-      <code><![CDATA[getStatusCode]]></code>
-      <code><![CDATA[getSystemValue]]></code>
-      <code><![CDATA[getUID]]></code>
-      <code><![CDATA[getUID]]></code>
-      <code><![CDATA[getUID]]></code>
-      <code><![CDATA[getUser]]></code>
-      <code><![CDATA[getUser]]></code>
-      <code><![CDATA[getUser]]></code>
-      <code><![CDATA[hasBackgroundSyncAccess]]></code>
-      <code><![CDATA[hasBackgroundSyncAccess]]></code>
-      <code><![CDATA[info]]></code>
-      <code><![CDATA[info]]></code>
-      <code><![CDATA[info]]></code>
-      <code><![CDATA[newClient]]></code>
-      <code><![CDATA[newClient]]></code>
-      <code><![CDATA[post]]></code>
-      <code><![CDATA[storeBackgroundSyncPassword]]></code>
-      <code><![CDATA[warning]]></code>
-      <code><![CDATA[warning]]></code>
-      <code><![CDATA[warning]]></code>
-      <code><![CDATA[warning]]></code>
-    </MixedMethodCall>
+    <PossiblyInvalidArgument>
+      <code><![CDATA[$response->getBody()]]></code>
+    </PossiblyInvalidArgument>
     <RiskyTruthyFalsyComparison>
       <code><![CDATA[$body['success'] ?? false]]></code>
     </RiskyTruthyFalsyComparison>
@@ -174,36 +107,19 @@
     </UnusedClass>
   </file>
   <file src="lib/Controller/OAuthController.php">
-    <MissingPropertyType>
-      <code><![CDATA[$client]]></code>
-      <code><![CDATA[$config]]></code>
-      <code><![CDATA[$httpClient]]></code>
-      <code><![CDATA[$l]]></code>
-      <code><![CDATA[$logger]]></code>
-      <code><![CDATA[$session]]></code>
-      <code><![CDATA[$tokenStorage]]></code>
-      <code><![CDATA[$urlGenerator]]></code>
-      <code><![CDATA[$userSession]]></code>
-    </MissingPropertyType>
     <MixedArgument>
       <code><![CDATA[$authEndpoint]]></code>
       <code><![CDATA[$codeVerifier]]></code>
-      <code><![CDATA[$externalBaseUrl]]></code>
+      <code><![CDATA[$discoveryUrl]]></code>
+      <code><![CDATA[$discoveryUrl]]></code>
       <code><![CDATA[$internalBaseUrl]]></code>
       <code><![CDATA[$mcpServerUrl]]></code>
       <code><![CDATA[$mcpServerUrl]]></code>
-      <code><![CDATA[$response->getBody()]]></code>
-      <code><![CDATA[$response->getBody()]]></code>
-      <code><![CDATA[$responseBody]]></code>
-      <code><![CDATA[$statusResponse->getBody()]]></code>
-      <code><![CDATA[$statusResponse->getBody()]]></code>
-      <code><![CDATA[$this->urlGenerator->linkToRoute('settings.PersonalSettings.index', [
-					'section' => 'astrolabe',
-					'error' => urlencode($e->getMessage())
-				])]]></code>
-      <code><![CDATA[$this->urlGenerator->linkToRoute('settings.PersonalSettings.index', ['section' => 'astrolabe'])]]></code>
-      <code><![CDATA[$this->urlGenerator->linkToRoute('settings.PersonalSettings.index', ['section' => 'astrolabe'])]]></code>
-      <code><![CDATA[$this->urlGenerator->linkToRoute('settings.PersonalSettings.index', ['section' => 'astrolabe'])]]></code>
+      <code><![CDATA[$tokenData['access_token']]]></code>
+      <code><![CDATA[$tokenData['refresh_token'] ?? '']]></code>
+      <code><![CDATA[$tokenEndpoint]]></code>
+      <code><![CDATA[$userId]]></code>
+      <code><![CDATA[time() + ($tokenData['expires_in'] ?? 3600)]]></code>
     </MixedArgument>
     <MixedArrayAccess>
       <code><![CDATA[$discovery['authorization_endpoint']]]></code>
@@ -226,116 +142,35 @@
       <code><![CDATA[$discovery]]></code>
       <code><![CDATA[$discoveryUrl]]></code>
       <code><![CDATA[$discoveryUrl]]></code>
-      <code><![CDATA[$externalBaseUrl]]></code>
       <code><![CDATA[$mcpServerPublicUrl]]></code>
       <code><![CDATA[$mcpServerUrl]]></code>
       <code><![CDATA[$mcpServerUrl]]></code>
       <code><![CDATA[$postData['client_secret']]]></code>
-      <code><![CDATA[$redirectUri]]></code>
-      <code><![CDATA[$redirectUri]]></code>
-      <code><![CDATA[$response]]></code>
-      <code><![CDATA[$response]]></code>
-      <code><![CDATA[$response]]></code>
-      <code><![CDATA[$responseBody]]></code>
       <code><![CDATA[$statusData]]></code>
       <code><![CDATA[$statusData]]></code>
-      <code><![CDATA[$statusResponse]]></code>
-      <code><![CDATA[$statusResponse]]></code>
       <code><![CDATA[$storedState]]></code>
       <code><![CDATA[$tokenData]]></code>
       <code><![CDATA[$tokenEndpoint]]></code>
-      <code><![CDATA[$user]]></code>
-      <code><![CDATA[$user]]></code>
-      <code><![CDATA[$userId]]></code>
       <code><![CDATA[$userId]]></code>
     </MixedAssignment>
     <MixedInferredReturnType>
       <code><![CDATA[array]]></code>
     </MixedInferredReturnType>
-    <MixedMethodCall>
-      <code><![CDATA[deleteUserToken]]></code>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[get]]></code>
-      <code><![CDATA[get]]></code>
-      <code><![CDATA[get]]></code>
-      <code><![CDATA[get]]></code>
-      <code><![CDATA[get]]></code>
-      <code><![CDATA[get]]></code>
-      <code><![CDATA[get]]></code>
-      <code><![CDATA[getAbsoluteURL]]></code>
-      <code><![CDATA[getBody]]></code>
-      <code><![CDATA[getBody]]></code>
-      <code><![CDATA[getBody]]></code>
-      <code><![CDATA[getBody]]></code>
-      <code><![CDATA[getBody]]></code>
-      <code><![CDATA[getClientId]]></code>
-      <code><![CDATA[getClientId]]></code>
-      <code><![CDATA[getStatusCode]]></code>
-      <code><![CDATA[getSystemValue]]></code>
-      <code><![CDATA[getSystemValue]]></code>
-      <code><![CDATA[getSystemValue]]></code>
-      <code><![CDATA[getSystemValue]]></code>
-      <code><![CDATA[getSystemValue]]></code>
-      <code><![CDATA[getUID]]></code>
-      <code><![CDATA[getUID]]></code>
-      <code><![CDATA[getUID]]></code>
-      <code><![CDATA[getUID]]></code>
-      <code><![CDATA[getUser]]></code>
-      <code><![CDATA[getUser]]></code>
-      <code><![CDATA[info]]></code>
-      <code><![CDATA[info]]></code>
-      <code><![CDATA[info]]></code>
-      <code><![CDATA[info]]></code>
-      <code><![CDATA[info]]></code>
-      <code><![CDATA[info]]></code>
-      <code><![CDATA[info]]></code>
-      <code><![CDATA[info]]></code>
-      <code><![CDATA[info]]></code>
-      <code><![CDATA[info]]></code>
-      <code><![CDATA[info]]></code>
-      <code><![CDATA[info]]></code>
-      <code><![CDATA[info]]></code>
-      <code><![CDATA[info]]></code>
-      <code><![CDATA[info]]></code>
-      <code><![CDATA[info]]></code>
-      <code><![CDATA[info]]></code>
-      <code><![CDATA[linkToRoute]]></code>
-      <code><![CDATA[linkToRoute]]></code>
-      <code><![CDATA[linkToRoute]]></code>
-      <code><![CDATA[linkToRoute]]></code>
-      <code><![CDATA[linkToRouteAbsolute]]></code>
-      <code><![CDATA[linkToRouteAbsolute]]></code>
-      <code><![CDATA[post]]></code>
-      <code><![CDATA[remove]]></code>
-      <code><![CDATA[remove]]></code>
-      <code><![CDATA[remove]]></code>
-      <code><![CDATA[remove]]></code>
-      <code><![CDATA[remove]]></code>
-      <code><![CDATA[remove]]></code>
-      <code><![CDATA[set]]></code>
-      <code><![CDATA[set]]></code>
-      <code><![CDATA[set]]></code>
-      <code><![CDATA[storeUserToken]]></code>
-      <code><![CDATA[t]]></code>
-      <code><![CDATA[t]]></code>
-    </MixedMethodCall>
     <MixedOperand>
       <code><![CDATA[$authEndpoint]]></code>
       <code><![CDATA[$tokenData['expires_in'] ?? 3600]]></code>
-      <code><![CDATA[$user->getUID()]]></code>
-      <code><![CDATA[$user->getUID()]]></code>
     </MixedOperand>
     <MixedReturnStatement>
       <code><![CDATA[$tokenData]]></code>
     </MixedReturnStatement>
+    <PossiblyInvalidArgument>
+      <code><![CDATA[$response->getBody()]]></code>
+      <code><![CDATA[$response->getBody()]]></code>
+      <code><![CDATA[$responseBody]]></code>
+      <code><![CDATA[$responseBody]]></code>
+      <code><![CDATA[$statusResponse->getBody()]]></code>
+      <code><![CDATA[$statusResponse->getBody()]]></code>
+    </PossiblyInvalidArgument>
     <RiskyTruthyFalsyComparison>
       <code><![CDATA[$error]]></code>
     </RiskyTruthyFalsyComparison>
@@ -400,18 +235,10 @@
     </RiskyTruthyFalsyComparison>
   </file>
   <file src="lib/Service/IdpTokenRefresher.php">
-    <MissingPropertyType>
-      <code><![CDATA[$config]]></code>
-      <code><![CDATA[$httpClient]]></code>
-      <code><![CDATA[$logger]]></code>
-      <code><![CDATA[$mcpServerClient]]></code>
-    </MissingPropertyType>
     <MixedArgument>
-      <code><![CDATA[$discoveryResponse->getBody()]]></code>
-      <code><![CDATA[$internalUrl]]></code>
-      <code><![CDATA[$response->getBody()]]></code>
-      <code><![CDATA[$statusResponse->getBody()]]></code>
+      <code><![CDATA[$discoveryUrl]]></code>
       <code><![CDATA[$tokenData]]></code>
+      <code><![CDATA[$tokenEndpoint]]></code>
     </MixedArgument>
     <MixedArrayAccess>
       <code><![CDATA[$discovery['token_endpoint']]]></code>
@@ -421,70 +248,37 @@
     <MixedAssignment>
       <code><![CDATA[$clientSecret]]></code>
       <code><![CDATA[$discovery]]></code>
-      <code><![CDATA[$discoveryResponse]]></code>
       <code><![CDATA[$discoveryUrl]]></code>
       <code><![CDATA[$internalUrl]]></code>
       <code><![CDATA[$mcpServerUrl]]></code>
-      <code><![CDATA[$response]]></code>
       <code><![CDATA[$statusData]]></code>
-      <code><![CDATA[$statusResponse]]></code>
       <code><![CDATA[$tokenData]]></code>
       <code><![CDATA[$tokenEndpoint]]></code>
     </MixedAssignment>
     <MixedInferredReturnType>
       <code><![CDATA[array|null]]></code>
     </MixedInferredReturnType>
-    <MixedMethodCall>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[get]]></code>
-      <code><![CDATA[get]]></code>
-      <code><![CDATA[getBody]]></code>
-      <code><![CDATA[getBody]]></code>
-      <code><![CDATA[getBody]]></code>
-      <code><![CDATA[getClientId]]></code>
-      <code><![CDATA[getSystemValue]]></code>
-      <code><![CDATA[getSystemValue]]></code>
-      <code><![CDATA[getSystemValue]]></code>
-      <code><![CDATA[info]]></code>
-      <code><![CDATA[info]]></code>
-      <code><![CDATA[info]]></code>
-      <code><![CDATA[info]]></code>
-      <code><![CDATA[post]]></code>
-      <code><![CDATA[warning]]></code>
-    </MixedMethodCall>
     <MixedOperand>
       <code><![CDATA[$mcpServerUrl]]></code>
     </MixedOperand>
     <MixedReturnStatement>
       <code><![CDATA[$tokenData]]></code>
     </MixedReturnStatement>
+    <PossiblyInvalidArgument>
+      <code><![CDATA[$discoveryResponse->getBody()]]></code>
+      <code><![CDATA[$response->getBody()]]></code>
+      <code><![CDATA[$statusResponse->getBody()]]></code>
+    </PossiblyInvalidArgument>
     <PossiblyUnusedMethod>
       <code><![CDATA[__construct]]></code>
     </PossiblyUnusedMethod>
   </file>
   <file src="lib/Service/McpServerClient.php">
-    <MissingPropertyType>
-      <code><![CDATA[$baseUrl]]></code>
-      <code><![CDATA[$config]]></code>
-      <code><![CDATA[$httpClient]]></code>
-      <code><![CDATA[$logger]]></code>
-    </MissingPropertyType>
     <MixedArgument>
       <code><![CDATA[$clientId]]></code>
-      <code><![CDATA[$response->getBody()]]></code>
-      <code><![CDATA[$response->getBody()]]></code>
-      <code><![CDATA[$response->getBody()]]></code>
-      <code><![CDATA[$response->getBody()]]></code>
-      <code><![CDATA[$response->getBody()]]></code>
-      <code><![CDATA[$response->getBody()]]></code>
-      <code><![CDATA[$response->getBody()]]></code>
-      <code><![CDATA[$response->getBody()]]></code>
-      <code><![CDATA[$response->getBody()]]></code>
-      <code><![CDATA[$response->getBody()]]></code>
-      <code><![CDATA[$response->getBody()]]></code>
     </MixedArgument>
     <MixedAssignment>
+      <code><![CDATA[$baseUrl]]></code>
       <code><![CDATA[$clientId]]></code>
       <code><![CDATA[$data]]></code>
       <code><![CDATA[$data]]></code>
@@ -497,17 +291,6 @@
       <code><![CDATA[$data]]></code>
       <code><![CDATA[$data]]></code>
       <code><![CDATA[$data]]></code>
-      <code><![CDATA[$response]]></code>
-      <code><![CDATA[$response]]></code>
-      <code><![CDATA[$response]]></code>
-      <code><![CDATA[$response]]></code>
-      <code><![CDATA[$response]]></code>
-      <code><![CDATA[$response]]></code>
-      <code><![CDATA[$response]]></code>
-      <code><![CDATA[$response]]></code>
-      <code><![CDATA[$response]]></code>
-      <code><![CDATA[$response]]></code>
-      <code><![CDATA[$response]]></code>
     </MixedAssignment>
     <MixedInferredReturnType>
       <code><![CDATA[array]]></code>
@@ -582,61 +365,7 @@
       <code><![CDATA[array{success?: bool, error?: string}]]></code>
       <code><![CDATA[array{success?: bool, message?: string, error?: string}]]></code>
       <code><![CDATA[string]]></code>
-      <code><![CDATA[string]]></code>
     </MixedInferredReturnType>
-    <MixedMethodCall>
-      <code><![CDATA[debug]]></code>
-      <code><![CDATA[delete]]></code>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[error]]></code>
-      <code><![CDATA[get]]></code>
-      <code><![CDATA[get]]></code>
-      <code><![CDATA[get]]></code>
-      <code><![CDATA[get]]></code>
-      <code><![CDATA[get]]></code>
-      <code><![CDATA[get]]></code>
-      <code><![CDATA[getBody]]></code>
-      <code><![CDATA[getBody]]></code>
-      <code><![CDATA[getBody]]></code>
-      <code><![CDATA[getBody]]></code>
-      <code><![CDATA[getBody]]></code>
-      <code><![CDATA[getBody]]></code>
-      <code><![CDATA[getBody]]></code>
-      <code><![CDATA[getBody]]></code>
-      <code><![CDATA[getBody]]></code>
-      <code><![CDATA[getBody]]></code>
-      <code><![CDATA[getBody]]></code>
-      <code><![CDATA[getStatusCode]]></code>
-      <code><![CDATA[getSystemValue]]></code>
-      <code><![CDATA[getSystemValue]]></code>
-      <code><![CDATA[post]]></code>
-      <code><![CDATA[post]]></code>
-      <code><![CDATA[post]]></code>
-      <code><![CDATA[post]]></code>
-      <code><![CDATA[warning]]></code>
-    </MixedMethodCall>
-    <MixedOperand>
-      <code><![CDATA[$this->baseUrl]]></code>
-      <code><![CDATA[$this->baseUrl]]></code>
-      <code><![CDATA[$this->baseUrl]]></code>
-      <code><![CDATA[$this->baseUrl]]></code>
-      <code><![CDATA[$this->baseUrl]]></code>
-      <code><![CDATA[$this->baseUrl]]></code>
-      <code><![CDATA[$this->baseUrl]]></code>
-      <code><![CDATA[$this->baseUrl]]></code>
-      <code><![CDATA[$this->baseUrl]]></code>
-      <code><![CDATA[$this->baseUrl]]></code>
-      <code><![CDATA[$this->baseUrl]]></code>
-    </MixedOperand>
     <MixedReturnStatement>
       <code><![CDATA[$data]]></code>
       <code><![CDATA[$data]]></code>
@@ -649,12 +378,23 @@
       <code><![CDATA[$data]]></code>
       <code><![CDATA[$data]]></code>
       <code><![CDATA[$data]]></code>
-      <code><![CDATA[$this->baseUrl]]></code>
       <code><![CDATA[$this->config->getSystemValue('mcp_server_public_url', $this->baseUrl)]]></code>
     </MixedReturnStatement>
+    <PossiblyInvalidArgument>
+      <code><![CDATA[$response->getBody()]]></code>
+      <code><![CDATA[$response->getBody()]]></code>
+      <code><![CDATA[$response->getBody()]]></code>
+      <code><![CDATA[$response->getBody()]]></code>
+      <code><![CDATA[$response->getBody()]]></code>
+      <code><![CDATA[$response->getBody()]]></code>
+      <code><![CDATA[$response->getBody()]]></code>
+      <code><![CDATA[$response->getBody()]]></code>
+      <code><![CDATA[$response->getBody()]]></code>
+      <code><![CDATA[$response->getBody()]]></code>
+      <code><![CDATA[$response->getBody()]]></code>
+    </PossiblyInvalidArgument>
     <PossiblyUnusedMethod>
       <code><![CDATA[__construct]]></code>
-      <code><![CDATA[getClientId]]></code>
       <code><![CDATA[isServerReachable]]></code>
     </PossiblyUnusedMethod>
   </file>
@@ -686,8 +426,6 @@
     </MixedReturnStatement>
     <PossiblyUnusedMethod>
       <code><![CDATA[__construct]]></code>
-      <code><![CDATA[deleteBackgroundSyncPassword]]></code>
-      <code><![CDATA[storeBackgroundSyncPassword]]></code>
     </PossiblyUnusedMethod>
     <RiskyTruthyFalsyComparison>
       <code><![CDATA[!$token]]></code>