refactor(providers): move auth status routes under provider API

Move provider authentication status endpoints out of the legacy `/api/cli` route
namespace so auth status is exposed through the same provider module that owns
provider auth and MCP behavior.

Add `GET /api/providers/:provider/auth/status` to the provider router and route
it through the provider auth service. Remove the old `cli-auth` route file and
`/api/cli` mount now that provider auth status is handled by the unified provider
API.

Update the frontend provider auth endpoint map to call the new provider-scoped
routes and rename the endpoint constant to reflect that it is no longer CLI
specific.

server/index.js

@@ -63,7 +63,6 @@ import commandsRoutes from './routes/commands.js';
 import settingsRoutes from './routes/settings.js';
 import agentRoutes from './routes/agent.js';
 import projectsRoutes, { WORKSPACES_ROOT, validateWorkspacePath } from './routes/projects.js';
-import cliAuthRoutes from './routes/cli-auth.js';
 import userRoutes from './routes/user.js';
 import codexRoutes from './routes/codex.js';
 import geminiRoutes from './routes/gemini.js';
@@ -386,9 +385,6 @@ app.use('/api/commands', authenticateToken, commandsRoutes);
 // Settings API Routes (protected)
 app.use('/api/settings', authenticateToken, settingsRoutes);
 
-// CLI Authentication API Routes (protected)
-app.use('/api/cli', authenticateToken, cliAuthRoutes);
-
 // User API Routes (protected)
 app.use('/api/user', authenticateToken, userRoutes);
 

server/modules/providers/provider.routes.ts

@@ -1,5 +1,6 @@
 import express, { type Request, type Response } from 'express';
 
+import { providerAuthService } from '@/modules/providers/services/provider-auth.service.js';
 import { providerMcpService } from '@/modules/providers/services/mcp.service.js';
 import type { LLMProvider, McpScope, McpTransport, UpsertProviderMcpServerInput } from '@/shared/types.js';
 import { AppError, asyncHandler, createApiSuccessResponse } from '@/shared/utils.js';
@@ -142,6 +143,15 @@ const parseProvider = (value: unknown): LLMProvider => {
   });
 };
 
+router.get(
+  '/:provider/auth/status',
+  asyncHandler(async (req: Request, res: Response) => {
+    const provider = parseProvider(req.params.provider);
+    const status = await providerAuthService.getProviderAuthStatus(provider);
+    res.json(status);
+  }),
+);
+
 router.get(
   '/:provider/mcp/servers',
   asyncHandler(async (req: Request, res: Response) => {

server/routes/cli-auth.js

@@ -1,35 +0,0 @@
-import express from 'express';
-
-import { providerAuthService } from '../modules/providers/services/provider-auth.service.js';
-
-const router = express.Router();
-
-/**
- * Creates a status route handler for one provider while preserving the existing
- * /api/cli/<provider>/status endpoint shape.
- */
-function createProviderStatusHandler(providerName) {
-  return async (req, res) => {
-    try {
-      const status = await providerAuthService.getProviderAuthStatus(providerName);
-      return res.json(status);
-    } catch (error) {
-      console.error(`Error checking ${providerName} auth status:`, error);
-      return res.status(500).json({
-        installed: false,
-        provider: providerName,
-        authenticated: false,
-        email: null,
-        method: null,
-        error: error instanceof Error ? error.message : 'Failed to check provider auth status',
-      });
-    }
-  };
-}
-
-router.get('/claude/status', createProviderStatusHandler('claude'));
-router.get('/cursor/status', createProviderStatusHandler('cursor'));
-router.get('/codex/status', createProviderStatusHandler('codex'));
-router.get('/gemini/status', createProviderStatusHandler('gemini'));
-
-export default router;

src/components/provider-auth/hooks/useProviderAuthStatus.ts

@@ -2,8 +2,8 @@ import { useCallback, useState } from 'react';
 import { authenticatedFetch } from '../../../utils/api';
 import type { LLMProvider } from '../../../types/app';
 import {
-  CLI_AUTH_STATUS_ENDPOINTS,
   CLI_PROVIDERS,
+  PROVIDER_AUTH_STATUS_ENDPOINTS,
   createInitialProviderAuthStatusMap,
 } from '../types';
 import type {
@@ -69,7 +69,7 @@ export function useProviderAuthStatus(
     setProviderLoading(provider);
 
     try {
-      const response = await authenticatedFetch(CLI_AUTH_STATUS_ENDPOINTS[provider]);
+      const response = await authenticatedFetch(PROVIDER_AUTH_STATUS_ENDPOINTS[provider]);
 
       if (!response.ok) {
         setProviderStatus(provider, {

src/components/provider-auth/types.ts

@@ -12,11 +12,11 @@ export type ProviderAuthStatusMap = Record<LLMProvider, ProviderAuthStatus>;
 
 export const CLI_PROVIDERS: LLMProvider[] = ['claude', 'cursor', 'codex', 'gemini'];
 
-export const CLI_AUTH_STATUS_ENDPOINTS: Record<LLMProvider, string> = {
-  claude: '/api/cli/claude/status',
-  cursor: '/api/cli/cursor/status',
-  codex: '/api/cli/codex/status',
-  gemini: '/api/cli/gemini/status',
+export const PROVIDER_AUTH_STATUS_ENDPOINTS: Record<LLMProvider, string> = {
+  claude: '/api/providers/claude/auth/status',
+  cursor: '/api/providers/cursor/auth/status',
+  codex: '/api/providers/codex/auth/status',
+  gemini: '/api/providers/gemini/auth/status',
 };
 
 export const createInitialProviderAuthStatusMap = (loading = true): ProviderAuthStatusMap => ({