fix(mcp): remove default profile session cleanly

[JSONbored]

Motivation

• Removing the default MCP profile could leave a legacy top-level session in the persisted config, and normalizeConfig() would rehydrate profiles.default, causing a removed bearer token to remain on disk. This is a local credential-hygiene bug.

Description

• Clear the legacy top-level session when removing the default profile by updating removeProfile() to drop session for that case so normalizeConfig() cannot re-create profiles.default. (change in packages/gittensory-mcp/bin/gittensory-mcp.js)
• Add a regression test removes the default profile without rehydrating its legacy session token that seeds a config with both profiles.default.session and a legacy top-level session, invokes profile remove default, and asserts the default token is removed while other profiles remain. (added to test/unit/mcp-cli.test.ts)

Testing

• Ran the targeted unit test: npm test -- test/unit/mcp-cli.test.ts -t "removes the default profile", which passed.
• Ran type checks with npm run typecheck which completed successfully.
• Verified manually with a small repro script that writes a config containing both profiles.default.session and the legacy session, runs gittensory-mcp profile remove default --json against that config, and confirmed the saved config no longer contains the default token.
• A full run of npm test -- test/unit/mcp-cli.test.ts was attempted and reported two unrelated/flaky failures (decision-pack cache abort/timeout and an unsafe packet markdown timeout test); these failures are external to this change and the new regression test passes in isolation.

---

Codex Task

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	gittensory-ui	ce2181c	Commit Preview URL Branch Preview URL	Jun 02 2026, 11:09 PM