mcp: clarify pre-safety empty selection vs safety rejection; trim URLs in isValidUrl to avoid whitespace false negatives

src/lib/server/textGeneration/mcp/runMcpFlow.ts

@@ -100,6 +100,12 @@ export async function* runMcpFlow({
 		// ignore selection merge errors and proceed with env servers
 	}
 
+	// If selection/merge yielded no servers, bail early with clearer log
+	if (servers.length === 0) {
+		console.warn("[mcp] no MCP servers selected after merge/name filter");
+		return false;
+	}
+
 	// Enforce server-side safety (public HTTPS only, no private ranges)
 	{
 		const before = servers.slice();
@@ -121,7 +127,7 @@ export async function* runMcpFlow({
 		} catch {}
 	}
 	if (servers.length === 0) {
-	console.warn("[mcp] all selected servers rejected by URL safety guard");
+		console.warn("[mcp] all selected MCP servers rejected by URL safety guard");
 		return false;
 	}
 

src/lib/server/urlSafety.ts

@@ -1,7 +1,7 @@
 // Shared server-side URL safety helper (exact behavior preserved)
 export function isValidUrl(urlString: string): boolean {
 	try {
-		const url = new URL(urlString);
+		const url = new URL(urlString.trim());
 		// Only allow HTTPS protocol
 		if (url.protocol !== "https:") {
 			return false;