@executor-js/cli 0.1.0 → 0.2.2

package/dist/index.js

@@ -3,775 +3,12 @@
 // src/index.ts
 import { Command as Command2 } from "commander";
 
-// src/commands/generate.ts
-import { existsSync as existsSync3 } from "fs";
+// src/commands/schema.ts
+import { existsSync as existsSync2 } from "fs";
 import fs from "fs/promises";
 import path2 from "path";
 import { Command } from "commander";
-
-// ../sdk/src/index.ts
-import { Context as Context2, Effect as Effect14, Layer, Schema as Schema14, Data as Data6, Option as Option2 } from "effect";
-import {
-  HttpApi,
-  HttpApiBuilder,
-  HttpApiClient,
-  HttpApiEndpoint,
-  HttpApiGroup,
-  HttpApiMiddleware,
-  HttpApiSchema
-} from "effect/unstable/httpapi";
-
-// ../storage-core/src/factory.ts
-import { Effect } from "effect";
-
-// ../storage-core/src/errors.ts
-import { Data } from "effect";
-var StorageError = class extends Data.TaggedError("StorageError") {
-};
-var UniqueViolationError = class extends Data.TaggedError(
-  "UniqueViolationError"
-) {
-};
-
-// ../sdk/src/ids.ts
-import { Schema } from "effect";
-var ScopeId = Schema.String.pipe(Schema.brand("ScopeId"));
-var ToolId = Schema.String.pipe(Schema.brand("ToolId"));
-var SecretId = Schema.String.pipe(Schema.brand("SecretId"));
-var PolicyId = Schema.String.pipe(Schema.brand("PolicyId"));
-var ConnectionId = Schema.String.pipe(Schema.brand("ConnectionId"));
-
-// ../sdk/src/scope.ts
-import { Schema as Schema2 } from "effect";
-var Scope = class extends Schema2.Class("Scope")({
-  id: ScopeId,
-  name: Schema2.String,
-  createdAt: Schema2.Date
-}) {
-};
-
-// ../sdk/src/errors.ts
-import { Data as Data2, Schema as Schema3 } from "effect";
-var ToolNotFoundError = class extends Schema3.TaggedErrorClass()(
-  "ToolNotFoundError",
-  { toolId: ToolId }
-) {
-};
-var ToolInvocationError = class extends Data2.TaggedError("ToolInvocationError") {
-};
-var PluginNotLoadedError = class extends Schema3.TaggedErrorClass()(
-  "PluginNotLoadedError",
-  {
-    pluginId: Schema3.String,
-    toolId: ToolId
-  }
-) {
-};
-var NoHandlerError = class extends Schema3.TaggedErrorClass()(
-  "NoHandlerError",
-  {
-    toolId: ToolId,
-    pluginId: Schema3.String
-  }
-) {
-};
-var ToolBlockedError = class extends Schema3.TaggedErrorClass()(
-  "ToolBlockedError",
-  {
-    toolId: ToolId,
-    pattern: Schema3.String
-  }
-) {
-};
-var SourceNotFoundError = class extends Schema3.TaggedErrorClass()(
-  "SourceNotFoundError",
-  { sourceId: Schema3.String }
-) {
-};
-var SourceRemovalNotAllowedError = class extends Schema3.TaggedErrorClass()(
-  "SourceRemovalNotAllowedError",
-  { sourceId: Schema3.String }
-) {
-};
-var SecretNotFoundError = class extends Schema3.TaggedErrorClass()(
-  "SecretNotFoundError",
-  { secretId: SecretId }
-) {
-};
-var SecretResolutionError = class extends Schema3.TaggedErrorClass()(
-  "SecretResolutionError",
-  {
-    secretId: SecretId,
-    message: Schema3.String
-  }
-) {
-};
-var SecretOwnedByConnectionError = class extends Schema3.TaggedErrorClass()(
-  "SecretOwnedByConnectionError",
-  {
-    secretId: SecretId,
-    connectionId: ConnectionId
-  }
-) {
-};
-var ConnectionNotFoundError = class extends Schema3.TaggedErrorClass()(
-  "ConnectionNotFoundError",
-  { connectionId: ConnectionId }
-) {
-};
-var ConnectionProviderNotRegisteredError = class extends Schema3.TaggedErrorClass()(
-  "ConnectionProviderNotRegisteredError",
-  {
-    provider: Schema3.String,
-    connectionId: Schema3.optional(ConnectionId)
-  }
-) {
-};
-var ConnectionRefreshNotSupportedError = class extends Schema3.TaggedErrorClass()(
-  "ConnectionRefreshNotSupportedError",
-  {
-    connectionId: ConnectionId,
-    provider: Schema3.String
-  }
-) {
-};
-var ConnectionReauthRequiredError = class extends Schema3.TaggedErrorClass()(
-  "ConnectionReauthRequiredError",
-  {
-    connectionId: ConnectionId,
-    provider: Schema3.String,
-    message: Schema3.String
-  }
-) {
-};
-
-// ../sdk/src/types.ts
-import { Schema as Schema4 } from "effect";
-var ToolSchema = class extends Schema4.Class("ToolSchema")({
-  id: ToolId,
-  name: Schema4.optional(Schema4.String),
-  description: Schema4.optional(Schema4.String),
-  inputSchema: Schema4.optional(Schema4.Unknown),
-  outputSchema: Schema4.optional(Schema4.Unknown),
-  inputTypeScript: Schema4.optional(Schema4.String),
-  outputTypeScript: Schema4.optional(Schema4.String),
-  typeScriptDefinitions: Schema4.optional(
-    Schema4.Record(Schema4.String, Schema4.String)
-  )
-}) {
-};
-var SourceDetectionResult = class extends Schema4.Class(
-  "SourceDetectionResult"
-)({
-  /** Plugin id that recognized the URL (e.g. "openapi", "graphql"). */
-  kind: Schema4.String,
-  /** Confidence tier — UI uses this to pick a winner when multiple
-   *  plugins claim a URL. */
-  confidence: Schema4.Literals(["high", "medium", "low"]),
-  /** The (possibly normalized) endpoint the plugin will use. */
-  endpoint: Schema4.String,
-  /** Human-readable name suggestion, typically derived from spec title
-   *  or URL hostname. */
-  name: Schema4.String,
-  /** Namespace suggestion — the plugin's recommendation for the source
-   *  id. UI may override. */
-  namespace: Schema4.String
-}) {
-};
-
-// ../sdk/src/core-schema.ts
-var coreSchema = {
-  source: {
-    fields: {
-      id: { type: "string", required: true },
-      scope_id: { type: "string", required: true, index: true },
-      plugin_id: { type: "string", required: true, index: true },
-      kind: { type: "string", required: true },
-      name: { type: "string", required: true },
-      url: { type: "string", required: false },
-      can_remove: {
-        type: "boolean",
-        required: true,
-        defaultValue: true
-      },
-      can_refresh: {
-        type: "boolean",
-        required: true,
-        defaultValue: false
-      },
-      can_edit: {
-        type: "boolean",
-        required: true,
-        defaultValue: false
-      },
-      created_at: { type: "date", required: true },
-      updated_at: { type: "date", required: true }
-    }
-  },
-  tool: {
-    fields: {
-      id: { type: "string", required: true },
-      scope_id: { type: "string", required: true, index: true },
-      source_id: { type: "string", required: true, index: true },
-      plugin_id: { type: "string", required: true, index: true },
-      name: { type: "string", required: true },
-      description: { type: "string", required: true },
-      input_schema: { type: "json", required: false },
-      output_schema: { type: "json", required: false },
-      // NOTE: tool annotations (requiresApproval, approvalDescription,
-      // mayElicit) are NOT stored on this row. They're derived at read
-      // time from plugin-owned data via `plugin.resolveAnnotations`,
-      // because the source of truth already lives in each plugin's own
-      // storage (openapi's OperationBinding, etc.) and duplicating it
-      // here would just mean bulk-rewriting rows every time the
-      // derivation logic changes.
-      created_at: { type: "date", required: true },
-      updated_at: { type: "date", required: true }
-    }
-  },
-  // Shared JSON-schema `$defs` stored once per source. Tool input/output
-  // schemas carry `$ref: "#/$defs/X"` pointers; the read path attaches
-  // matching defs under `$defs` before returning. Keyed by synthetic id
-  // `${source_id}.${name}` so cleanup on source removal is a single
-  // deleteMany by source_id.
-  definition: {
-    fields: {
-      id: { type: "string", required: true },
-      scope_id: { type: "string", required: true, index: true },
-      source_id: { type: "string", required: true, index: true },
-      plugin_id: { type: "string", required: true, index: true },
-      name: { type: "string", required: true },
-      schema: { type: "json", required: true },
-      created_at: { type: "date", required: true }
-    }
-  },
-  // Secrets live in the core surface as metadata (id, display name,
-  // provider key). Actual values never touch this table — they live in
-  // the secret provider (keychain, 1password, file, etc.) and are
-  // resolved on demand via `ctx.secrets.get(id)`.
-  //
-  // `owned_by_connection_id` ties the row to a connection. Connection-
-  // owned secrets are plumbing, not user-facing values: `ctx.secrets.list`
-  // filters them out (the user sees the Connection instead), and
-  // `ctx.secrets.remove` refuses to delete them (Connection.remove is
-  // the single owner of the lifecycle). The FK is nullable so existing
-  // "bare" secrets (API keys entered by the user, pre-connection OAuth
-  // rows during migration) remain visible and removable unchanged.
-  secret: {
-    fields: {
-      id: { type: "string", required: true },
-      scope_id: { type: "string", required: true, index: true },
-      name: { type: "string", required: true },
-      provider: { type: "string", required: true, index: true },
-      owned_by_connection_id: {
-        type: "string",
-        required: false,
-        index: true
-      },
-      created_at: { type: "date", required: true }
-    }
-  },
-  // Connections — sign-in state for one identity against one remote
-  // provider. A Connection owns one or more `secret` rows (access +
-  // refresh tokens, etc.) via `secret.owned_by_connection_id`, and the
-  // SDK exposes `ctx.connections.accessToken(id)` which transparently
-  // refreshes the backing secrets when they're near expiry. Plugins
-  // contribute refresh behavior via `plugin.connectionProviders[].refresh`
-  // keyed by `provider`, same pattern as `secretProviders`.
-  //
-  // `provider_state` is plugin-owned opaque JSON — token endpoint URL,
-  // scopes, issuer, auth-server metadata — whatever the provider's
-  // refresh handler needs to re-hit the token endpoint. It's NOT
-  // sensitive (all secrets go through the provider-backed secret rows);
-  // it's just enough metadata to drive a refresh without re-running
-  // discovery.
-  connection: {
-    fields: {
-      id: { type: "string", required: true },
-      scope_id: { type: "string", required: true, index: true },
-      /** Routing key into `plugin.connectionProviders`. Typical shape
-       *  is `${pluginId}:${kind}` (e.g. `openapi:oauth2`, `mcp:oauth2`,
-       *  `google-discovery:google`). Mirrors `secret.provider`. */
-      provider: { type: "string", required: true, index: true },
-      /** Display label shown in the Connections UI. Usually the account
-       *  email / handle / org name the user signed in as. */
-      identity_label: { type: "string", required: false },
-      /** Stable id of the access-token secret. Always present. */
-      access_token_secret_id: { type: "string", required: true },
-      /** Stable id of the refresh-token secret. Null for flows that
-       *  don't mint a refresh token (client_credentials, etc.). */
-      refresh_token_secret_id: { type: "string", required: false },
-      /** Epoch ms when the access token expires. Null if the provider
-       *  didn't declare an expiry. Used as the refresh trigger. Stored as
-       *  `bigint` because `Date.now()` overflows int32. */
-      expires_at: { type: "number", required: false, bigint: true },
-      /** Scope string as returned by the token endpoint. */
-      scope: { type: "string", required: false },
-      /** Opaque plugin-owned JSON — token endpoint URL, scopes list,
-       *  discovery hints, etc. Never sensitive. */
-      provider_state: { type: "json", required: false },
-      created_at: { type: "date", required: true },
-      updated_at: { type: "date", required: true }
-    }
-  },
-  // Pending OAuth authorization rows shared by every OAuth-capable plugin.
-  // Rows are short-lived and deleted after completion/cancel; the resulting
-  // `connection` row is the durable sign-in state.
-  oauth2_session: {
-    fields: {
-      id: { type: "string", required: true },
-      scope_id: { type: "string", required: true, index: true },
-      plugin_id: { type: "string", required: true, index: true },
-      strategy: { type: "string", required: true },
-      connection_id: { type: "string", required: true, index: true },
-      token_scope: { type: "string", required: true },
-      redirect_url: { type: "string", required: true },
-      payload: { type: "json", required: true },
-      expires_at: { type: "number", required: true, bigint: true },
-      created_at: { type: "date", required: true }
-    }
-  },
-  // User-authored overrides for tool permissions. Each row is one rule:
-  // a glob-ish pattern + an action (approve / require_approval / block).
-  // Resolution walks the scope stack innermost-first, then `position`
-  // ascending within each scope; first match wins. Plugin-derived
-  // annotations from `resolveAnnotations` apply only when no rule
-  // matches.
-  //
-  // Pattern grammar (v1):
-  //   - `*`                  every tool id (universal)
-  //   - `vercel.dns.create`  exact tool id
-  //   - `vercel.dns.*`       any tool whose id starts with `vercel.dns.`
-  //   - `vercel.*`           plugin-wide
-  // No `**`, no brace expansion, no leading-`*` prefixes (`*foo`, `*.foo`).
-  tool_policy: {
-    fields: {
-      id: { type: "string", required: true },
-      scope_id: { type: "string", required: true, index: true },
-      pattern: { type: "string", required: true },
-      /** "approve" | "require_approval" | "block". */
-      action: { type: "string", required: true },
-      /** Fractional-indexing key (Jira lexorank style). Lower lex order =
-       *  higher precedence. New rules default to a key generated above
-       *  the current minimum. Strings instead of numbers so we can
-       *  always lengthen the key to insert between two adjacent rows
-       *  without precision loss; see `fractional-indexing` in
-       *  `policies.ts`. */
-      position: { type: "string", required: true, index: true },
-      created_at: { type: "date", required: true },
-      updated_at: { type: "date", required: true }
-    }
-  }
-};
-
-// ../sdk/src/policies.ts
-import { Schema as Schema5 } from "effect";
-var ToolPolicyActionSchema = Schema5.Literals([
-  "approve",
-  "require_approval",
-  "block"
-]);
-
-// ../sdk/src/secrets.ts
-import { Schema as Schema6 } from "effect";
-var SecretRef = class extends Schema6.Class("SecretRef")({
-  id: SecretId,
-  scopeId: ScopeId,
-  /** Human-readable label (e.g. "Cloudflare API Token") */
-  name: Schema6.String,
-  /** Which provider holds the value */
-  provider: Schema6.String,
-  createdAt: Schema6.Date
-}) {
-};
-var SetSecretInput = class extends Schema6.Class(
-  "SetSecretInput"
-)({
-  id: SecretId,
-  /** Scope id to own this secret. Must be one of the executor's
-   *  configured scopes. */
-  scope: ScopeId,
-  /** Display name shown in secret-list UI. */
-  name: Schema6.String,
-  /** The secret value itself — never persisted outside the provider. */
-  value: Schema6.String,
-  /** Optional provider routing. If unset the executor picks the first
-   *  writable provider in registration order. */
-  provider: Schema6.optional(Schema6.String)
-}) {
-};
-
-// ../sdk/src/secret-backed-value.ts
-import { Effect as Effect3, Schema as Schema7 } from "effect";
-var SecretBackedValue = Schema7.Union([
-  Schema7.String,
-  Schema7.Struct({
-    secretId: Schema7.String,
-    prefix: Schema7.optional(Schema7.String)
-  })
-]);
-var SecretBackedMap = Schema7.Record(Schema7.String, SecretBackedValue);
-
-// ../sdk/src/connections.ts
-import { Data as Data3, Schema as Schema8 } from "effect";
-var ConnectionProviderState = Schema8.Record(Schema8.String, Schema8.Unknown);
-var ConnectionRef = class extends Schema8.Class("ConnectionRef")({
-  id: ConnectionId,
-  scopeId: ScopeId,
-  provider: Schema8.String,
-  identityLabel: Schema8.NullOr(Schema8.String),
-  accessTokenSecretId: SecretId,
-  refreshTokenSecretId: Schema8.NullOr(SecretId),
-  /** Epoch ms when the access token expires; null if not declared. */
-  expiresAt: Schema8.NullOr(Schema8.Number),
-  /** OAuth-style scope string as returned by the token endpoint. Named
-   *  `oauthScope` to avoid collision with the executor scope id. */
-  oauthScope: Schema8.NullOr(Schema8.String),
-  providerState: Schema8.NullOr(ConnectionProviderState),
-  createdAt: Schema8.Date,
-  updatedAt: Schema8.Date
-}) {
-};
-var TokenMaterial = class extends Schema8.Class("TokenMaterial")({
-  /** Target secret id. Plugins typically derive this from the source id
-   *  + a stable suffix (e.g. `${sourceId}.access_token`). */
-  secretId: SecretId,
-  /** Display name stamped on the secret row. Only visible to code — the
-   *  Connections UI hides connection-owned secrets. */
-  name: Schema8.String,
-  value: Schema8.String
-}) {
-};
-var CreateConnectionInput = class extends Schema8.Class(
-  "CreateConnectionInput"
-)({
-  id: ConnectionId,
-  /** Executor scope id that will own this connection + its backing
-   *  secrets. This is the sharing boundary: a user scope is personal,
-   *  an org/workspace scope is shared with descendants. */
-  scope: ScopeId,
-  provider: Schema8.String,
-  identityLabel: Schema8.NullOr(Schema8.String),
-  accessToken: TokenMaterial,
-  refreshToken: Schema8.NullOr(TokenMaterial),
-  expiresAt: Schema8.NullOr(Schema8.Number),
-  /** OAuth-style scope string. Distinct from the executor scope above. */
-  oauthScope: Schema8.NullOr(Schema8.String),
-  providerState: Schema8.NullOr(ConnectionProviderState)
-}) {
-};
-var ConnectionRefreshError = class extends Data3.TaggedError(
-  "ConnectionRefreshError"
-) {
-};
-var UpdateConnectionTokensInput = class extends Schema8.Class(
-  "UpdateConnectionTokensInput"
-)({
-  id: ConnectionId,
-  accessToken: Schema8.String,
-  refreshToken: Schema8.optional(Schema8.NullOr(Schema8.String)),
-  expiresAt: Schema8.optional(Schema8.NullOr(Schema8.Number)),
-  oauthScope: Schema8.optional(Schema8.NullOr(Schema8.String)),
-  providerState: Schema8.optional(Schema8.NullOr(ConnectionProviderState)),
-  identityLabel: Schema8.optional(Schema8.NullOr(Schema8.String))
-}) {
-};
-
-// ../sdk/src/elicitation.ts
-import { Schema as Schema9 } from "effect";
-var FormElicitation = class extends Schema9.TaggedClass()("FormElicitation", {
-  message: Schema9.String,
-  /** JSON Schema describing the fields to collect */
-  requestedSchema: Schema9.Record(Schema9.String, Schema9.Unknown)
-}) {
-};
-var UrlElicitation = class extends Schema9.TaggedClass()("UrlElicitation", {
-  message: Schema9.String,
-  url: Schema9.String,
-  /** Unique ID so the host can correlate the callback */
-  elicitationId: Schema9.String
-}) {
-};
-var ElicitationAction = Schema9.Literals(["accept", "decline", "cancel"]);
-var ElicitationResponse = class extends Schema9.Class("ElicitationResponse")({
-  action: ElicitationAction,
-  /** Present when action is "accept" — the data the user provided */
-  content: Schema9.optional(Schema9.Record(Schema9.String, Schema9.Unknown))
-}) {
-};
-var ElicitationDeclinedError = class extends Schema9.TaggedErrorClass()(
-  "ElicitationDeclinedError",
-  {
-    toolId: ToolId,
-    action: Schema9.Literals(["decline", "cancel"])
-  }
-) {
-};
-
-// ../sdk/src/blob.ts
-import { Effect as Effect6 } from "effect";
-
-// ../sdk/src/oauth.ts
-import { Effect as Effect7, Schema as Schema10 } from "effect";
-var OAuthDynamicDcrStrategy = Schema10.Struct({
-  kind: Schema10.Literal("dynamic-dcr"),
-  /** Scopes to request. Defaults to whatever `scopes_supported`
-   *  advertises; caller can narrow or extend. */
-  scopes: Schema10.optional(Schema10.Array(Schema10.String))
-});
-var OAuthAuthorizationCodeStrategy = Schema10.Struct({
-  kind: Schema10.Literal("authorization-code"),
-  authorizationEndpoint: Schema10.String,
-  tokenEndpoint: Schema10.String,
-  /** Expected authorization-server issuer for ID token validation. Some
-   *  providers use a token endpoint host that differs from issuer, or a
-   *  path-scoped issuer such as Okta custom authorization servers. */
-  issuerUrl: Schema10.optional(Schema10.NullOr(Schema10.String)),
-  /** Secret id holding the `client_id`. Using a secret row rather than
-   *  an inline string so the value lives at the scope where the caller
-   *  configured it and shadowing behaves consistently. */
-  clientIdSecretId: Schema10.String,
-  /** Secret id for `client_secret`. Null for public clients using
-   *  PKCE without a confidential secret. */
-  clientSecretSecretId: Schema10.NullOr(Schema10.String),
-  scopes: Schema10.Array(Schema10.String),
-  /** Separator between scopes. RFC 6749 says space; some providers
-   *  (GitHub classic) use comma. */
-  scopeSeparator: Schema10.optional(Schema10.String),
-  /** Provider-specific params injected at authorization URL build time
-   *  (Google's `access_type=offline`, `prompt=consent`, ...). */
-  extraAuthorizationParams: Schema10.optional(
-    Schema10.Record(Schema10.String, Schema10.String)
-  ),
-  /** `"body"` (default) sends client creds in the form body; `"basic"`
-   *  uses HTTP Basic auth. Stripe-style servers require basic. */
-  clientAuth: Schema10.optional(Schema10.Literals(["body", "basic"]))
-});
-var OAuthClientCredentialsStrategy = Schema10.Struct({
-  kind: Schema10.Literal("client-credentials"),
-  tokenEndpoint: Schema10.String,
-  clientIdSecretId: Schema10.String,
-  clientSecretSecretId: Schema10.String,
-  scopes: Schema10.optional(Schema10.Array(Schema10.String)),
-  scopeSeparator: Schema10.optional(Schema10.String),
-  clientAuth: Schema10.optional(Schema10.Literals(["body", "basic"]))
-});
-var OAuthStrategy = Schema10.Union([
-  OAuthDynamicDcrStrategy,
-  OAuthAuthorizationCodeStrategy,
-  OAuthClientCredentialsStrategy
-]);
-var OAuthProviderState = Schema10.Union([
-  Schema10.Struct({
-    kind: Schema10.Literal("dynamic-dcr"),
-    tokenEndpoint: Schema10.String,
-    issuerUrl: Schema10.optional(Schema10.NullOr(Schema10.String)),
-    authorizationServerUrl: Schema10.optional(Schema10.NullOr(Schema10.String)),
-    authorizationServerMetadataUrl: Schema10.NullOr(Schema10.String),
-    idTokenSigningAlgValuesSupported: Schema10.optional(
-      Schema10.Array(Schema10.String)
-    ),
-    /** DCR-minted client_id. Embedded inline (not a secret) — DCR
-     *  clients are public-ish by design; the secret part (if the AS
-     *  issued one) is a separate secret row. */
-    clientId: Schema10.String,
-    clientSecretSecretId: Schema10.NullOr(Schema10.String),
-    clientAuth: Schema10.Literals(["body", "basic"]),
-    scopes: Schema10.Array(Schema10.String).pipe(Schema10.withDecodingDefaultType(Effect7.succeed([]))),
-    scopeSeparator: Schema10.optional(Schema10.String),
-    scope: Schema10.NullOr(Schema10.String)
-  }),
-  Schema10.Struct({
-    kind: Schema10.Literal("authorization-code"),
-    tokenEndpoint: Schema10.String,
-    issuerUrl: Schema10.optional(Schema10.NullOr(Schema10.String)),
-    clientIdSecretId: Schema10.String,
-    clientSecretSecretId: Schema10.NullOr(Schema10.String),
-    clientAuth: Schema10.Literals(["body", "basic"]),
-    scopes: Schema10.Array(Schema10.String).pipe(Schema10.withDecodingDefaultType(Effect7.succeed([]))),
-    scopeSeparator: Schema10.optional(Schema10.String),
-    scope: Schema10.NullOr(Schema10.String)
-  }),
-  Schema10.Struct({
-    kind: Schema10.Literal("client-credentials"),
-    tokenEndpoint: Schema10.String,
-    clientIdSecretId: Schema10.String,
-    clientSecretSecretId: Schema10.String,
-    scopes: Schema10.Array(Schema10.String),
-    scopeSeparator: Schema10.optional(Schema10.String),
-    clientAuth: Schema10.Literals(["body", "basic"]),
-    scope: Schema10.NullOr(Schema10.String)
-  })
-]);
-var OAuthProbeError = class extends Schema10.TaggedErrorClass()(
-  "OAuthProbeError",
-  {
-    message: Schema10.String
-  }
-) {
-  static annotations = { httpApiStatus: 400 };
-};
-var OAuthStartError = class extends Schema10.TaggedErrorClass()(
-  "OAuthStartError",
-  {
-    message: Schema10.String
-  }
-) {
-  static annotations = { httpApiStatus: 400 };
-};
-var OAuthCompleteError = class extends Schema10.TaggedErrorClass()(
-  "OAuthCompleteError",
-  {
-    message: Schema10.String,
-    /** RFC 6749 §5.2 error code, when the token endpoint returned one.
-     *  Callers distinguish terminal failures (`invalid_grant` ⇒
-     *  re-auth required) from transient ones. */
-    code: Schema10.optional(Schema10.String)
-  }
-) {
-  static annotations = { httpApiStatus: 400 };
-};
-var OAuthSessionNotFoundError = class extends Schema10.TaggedErrorClass()(
-  "OAuthSessionNotFoundError",
-  {
-    sessionId: Schema10.String
-  }
-) {
-  static annotations = { httpApiStatus: 404 };
-};
-var OAUTH2_SESSION_TTL_MS = 15 * 60 * 1e3;
-
-// ../sdk/src/oauth-helpers.ts
-import { Data as Data4, Effect as Effect8 } from "effect";
-var OAuth2Error = class extends Data4.TaggedError("OAuth2Error") {
-};
-
-// ../sdk/src/oauth-service.ts
-import { Effect as Effect10, Schema as Schema12 } from "effect";
-
-// ../sdk/src/oauth-discovery.ts
-import { Data as Data5, Effect as Effect9, Result, Schema as Schema11 } from "effect";
-var OAuthDiscoveryError = class extends Data5.TaggedError(
-  "OAuthDiscoveryError"
-) {
-};
-var StringArray = Schema11.Array(Schema11.String);
-var OAuthProtectedResourceMetadataSchema = Schema11.Struct({
-  resource: Schema11.optional(Schema11.String),
-  authorization_servers: Schema11.optional(StringArray),
-  scopes_supported: Schema11.optional(StringArray),
-  bearer_methods_supported: Schema11.optional(StringArray),
-  resource_documentation: Schema11.optional(Schema11.String)
-}).annotate({ identifier: "OAuthProtectedResourceMetadata" });
-var OAuthAuthorizationServerMetadataSchema = Schema11.Struct({
-  issuer: Schema11.String,
-  authorization_endpoint: Schema11.String,
-  token_endpoint: Schema11.String,
-  registration_endpoint: Schema11.optional(Schema11.String),
-  scopes_supported: Schema11.optional(StringArray),
-  response_types_supported: Schema11.optional(StringArray),
-  grant_types_supported: Schema11.optional(StringArray),
-  code_challenge_methods_supported: Schema11.optional(StringArray),
-  token_endpoint_auth_methods_supported: Schema11.optional(StringArray),
-  revocation_endpoint: Schema11.optional(Schema11.String),
-  introspection_endpoint: Schema11.optional(Schema11.String),
-  userinfo_endpoint: Schema11.optional(Schema11.String),
-  id_token_signing_alg_values_supported: Schema11.optional(StringArray)
-}).annotate({ identifier: "OAuthAuthorizationServerMetadata" });
-var OAuthClientInformationSchema = Schema11.Struct({
-  client_id: Schema11.String,
-  client_secret: Schema11.optional(Schema11.String),
-  client_id_issued_at: Schema11.optional(Schema11.Number),
-  client_secret_expires_at: Schema11.optional(Schema11.Number),
-  registration_access_token: Schema11.optional(Schema11.String),
-  registration_client_uri: Schema11.optional(Schema11.String),
-  token_endpoint_auth_method: Schema11.optional(Schema11.String),
-  grant_types: Schema11.optional(StringArray),
-  response_types: Schema11.optional(StringArray),
-  redirect_uris: Schema11.optional(StringArray),
-  client_name: Schema11.optional(Schema11.String),
-  scope: Schema11.optional(Schema11.String)
-}).annotate({ identifier: "OAuthClientInformation" });
-var decodeResourceMetadata = Schema11.decodeUnknownEffect(
-  OAuthProtectedResourceMetadataSchema
-);
-var decodeAuthServerMetadata = Schema11.decodeUnknownEffect(
-  OAuthAuthorizationServerMetadataSchema
-);
-var decodeClientInformation = Schema11.decodeUnknownEffect(
-  OAuthClientInformationSchema
-);
-var DcrErrorBody = class extends Data5.TaggedError("DcrErrorBody") {
-};
-var DcrTransport = class extends Data5.TaggedError("DcrTransport") {
-};
-
-// ../sdk/src/oauth-service.ts
-var OAuthAuthorizationServerMetadataJson = Schema12.Record(Schema12.String, Schema12.Unknown);
-var OAuthClientInformationJson = Schema12.Record(Schema12.String, Schema12.Unknown);
-var DynamicDcrSessionPayload = Schema12.Struct({
-  kind: Schema12.Literal("dynamic-dcr"),
-  identityLabel: Schema12.NullOr(Schema12.String),
-  codeVerifier: Schema12.String,
-  authorizationServerUrl: Schema12.String,
-  authorizationServerMetadataUrl: Schema12.String,
-  authorizationServerMetadata: OAuthAuthorizationServerMetadataJson,
-  clientInformation: OAuthClientInformationJson,
-  resourceMetadataUrl: Schema12.NullOr(Schema12.String),
-  resourceMetadata: Schema12.NullOr(
-    Schema12.Record(Schema12.String, Schema12.Unknown)
-  ),
-  scopes: Schema12.Array(Schema12.String)
-});
-var AuthorizationCodeSessionPayload = Schema12.Struct({
-  kind: Schema12.Literal("authorization-code"),
-  identityLabel: Schema12.NullOr(Schema12.String),
-  codeVerifier: Schema12.String,
-  authorizationEndpoint: Schema12.String,
-  tokenEndpoint: Schema12.String,
-  issuerUrl: Schema12.NullOr(Schema12.String).pipe(Schema12.withDecodingDefaultType(Effect10.succeed(null))),
-  clientIdSecretId: Schema12.String,
-  clientSecretSecretId: Schema12.NullOr(Schema12.String),
-  scopes: Schema12.Array(Schema12.String),
-  scopeSeparator: Schema12.optional(Schema12.String),
-  clientAuth: Schema12.Literals(["body", "basic"])
-});
-var OAuthSessionPayload = Schema12.Union([
-  DynamicDcrSessionPayload,
-  AuthorizationCodeSessionPayload
-]);
-var decodeSessionPayload = Schema12.decodeUnknownSync(OAuthSessionPayload);
-var encodeSessionPayload = Schema12.encodeSync(OAuthSessionPayload);
-
-// ../sdk/src/executor.ts
-import { Context, Deferred, Effect as Effect12, Option, Result as Result2, Schema as Schema13, Semaphore } from "effect";
-
-// ../sdk/src/scoped-adapter.ts
-import { Effect as Effect11 } from "effect";
-
-// ../sdk/src/executor.ts
-var collectSchemas = (plugins) => {
-  const merged = { ...coreSchema };
-  for (const plugin of plugins) {
-    if (!plugin.schema) continue;
-    for (const [modelKey, model] of Object.entries(plugin.schema)) {
-      if (merged[modelKey]) {
-        throw new Error(
-          `Duplicate model "${modelKey}" contributed by plugin "${plugin.id}" (reserved by core or another plugin)`
-        );
-      }
-      merged[modelKey] = model;
-    }
-  }
-  return merged;
-};
-var activeAdapterRef = Context.Reference(
-  "executor/ActiveAdapter",
-  { defaultValue: () => null }
-);
-
-// ../storage-core/src/testing/memory.ts
-import { Effect as Effect13 } from "effect";
+import { collectTables } from "@executor-js/sdk/core";
 
 // src/utils/get-config.ts
 import { existsSync } from "fs";
@@ -811,339 +48,10 @@ var getConfig = async (opts) => {
   return config;
 };
 
-// src/generators/drizzle.ts
-import { existsSync as existsSync2 } from "fs";
-var getModelName = (key, def) => def.modelName ?? key;
-var getType = (name, field, dialect) => {
-  if (field.references?.field === "id") {
-    return `text('${name}')`;
-  }
-  const type = field.type;
-  if (typeof type !== "string") {
-    if (Array.isArray(type) && type.every((x) => typeof x === "string")) {
-      return {
-        sqlite: `text({ enum: [${type.map((x) => `'${x}'`).join(", ")}] })`,
-        pg: `text('${name}', { enum: [${type.map((x) => `'${x}'`).join(", ")}] })`,
-        mysql: `mysqlEnum([${type.map((x) => `'${x}'`).join(", ")}])`
-      }[dialect];
-    }
-    throw new TypeError(
-      `Invalid field type for field ${name}`
-    );
-  }
-  const typeMap = {
-    string: {
-      sqlite: `text('${name}')`,
-      pg: `text('${name}')`,
-      mysql: field.unique ? `varchar('${name}', { length: 255 })` : field.references ? `varchar('${name}', { length: 36 })` : field.sortable ? `varchar('${name}', { length: 255 })` : field.index ? `varchar('${name}', { length: 255 })` : `text('${name}')`
-    },
-    boolean: {
-      sqlite: `integer('${name}', { mode: 'boolean' })`,
-      pg: `boolean('${name}')`,
-      mysql: `boolean('${name}')`
-    },
-    number: {
-      sqlite: `integer('${name}')`,
-      pg: field.bigint ? `bigint('${name}', { mode: 'number' })` : `integer('${name}')`,
-      mysql: field.bigint ? `bigint('${name}', { mode: 'number' })` : `int('${name}')`
-    },
-    date: {
-      sqlite: `integer('${name}', { mode: 'timestamp_ms' })`,
-      pg: `timestamp('${name}')`,
-      mysql: `timestamp('${name}', { fsp: 3 })`
-    },
-    "number[]": {
-      sqlite: `text('${name}', { mode: "json" })`,
-      pg: field.bigint ? `bigint('${name}', { mode: 'number' }).array()` : `integer('${name}').array()`,
-      mysql: `text('${name}', { mode: 'json' })`
-    },
-    "string[]": {
-      sqlite: `text('${name}', { mode: "json" })`,
-      pg: `text('${name}').array()`,
-      mysql: `text('${name}', { mode: "json" })`
-    },
-    json: {
-      sqlite: `text('${name}', { mode: "json" })`,
-      pg: `jsonb('${name}')`,
-      mysql: `json('${name}', { mode: "json" })`
-    }
-  };
-  const dbTypeMap = typeMap[type];
-  if (!dbTypeMap) {
-    throw new Error(
-      `Unsupported field type '${field.type}' for field '${name}'.`
-    );
-  }
-  return dbTypeMap[dialect];
-};
-var generateDrizzleSchema = async ({
-  schema,
-  dialect,
-  file
-}) => {
-  const filePath = file || "./executor-schema.ts";
-  const fileExist = existsSync2(filePath);
-  let code = generateImport({ dialect, schema });
-  for (const [tableKey, tableDef] of Object.entries(schema)) {
-    const modelName = getModelName(tableKey, tableDef);
-    const fields = tableDef.fields;
-    const hasScopeId = Object.prototype.hasOwnProperty.call(fields, "scope_id");
-    const id = hasScopeId ? `text('id').notNull()` : `text('id').primaryKey()`;
-    const extras = [];
-    const assignExtras = (items) => {
-      if (!items.length) return "";
-      const lines = [`, (table) => [`];
-      for (const item of items) {
-        if (item.kind === "primaryKey") {
-          const cols = item.columns.map((c) => `table.${c}`).join(", ");
-          lines.push(`  primaryKey({ columns: [${cols}] }),`);
-        } else {
-          const cols = Array.isArray(item.on) ? item.on.map((c) => `table.${c}`).join(", ") : `table.${item.on}`;
-          lines.push(`  ${item.kind}("${item.name}").on(${cols}),`);
-        }
-      }
-      lines.push(`]`);
-      return lines.join("\n");
-    };
-    if (hasScopeId) {
-      extras.push({ kind: "primaryKey", columns: ["scope_id", "id"] });
-    }
-    const fieldLines = Object.entries(fields).filter(([fieldName]) => fieldName !== "id").map(([fieldName, attr]) => {
-      const physical = attr.fieldName ?? fieldName;
-      const isToolPolicyCompositeField = tableKey === "tool_policy" && (physical === "scope_id" || physical === "position");
-      if (attr.index && !attr.unique && !isToolPolicyCompositeField) {
-        extras.push({
-          kind: "index",
-          name: `${tableKey}_${physical}_idx`,
-          on: physical
-        });
-      } else if (attr.index && attr.unique) {
-        extras.push({
-          kind: "uniqueIndex",
-          name: `${tableKey}_${physical}_uidx`,
-          on: physical
-        });
-      }
-      let col = getType(physical, attr, dialect);
-      if (attr.defaultValue !== null && typeof attr.defaultValue !== "undefined") {
-        if (typeof attr.defaultValue === "function") {
-          if (attr.type === "date" && attr.defaultValue.toString().includes("new Date()")) {
-            if (dialect === "sqlite") {
-              col += `.default(sql\`(cast(unixepoch('subsecond') * 1000 as integer))\`)`;
-            } else {
-              col += `.defaultNow()`;
-            }
-          }
-        } else if (typeof attr.defaultValue === "string") {
-          col += `.default("${attr.defaultValue}")`;
-        } else {
-          col += `.default(${attr.defaultValue})`;
-        }
-      }
-      if (attr.onUpdate && attr.type === "date") {
-        if (typeof attr.onUpdate === "function") {
-          col += `.$onUpdate(${attr.onUpdate})`;
-        }
-      }
-      return `${physical}: ${col}${attr.required !== false ? ".notNull()" : ""}${attr.unique ? ".unique()" : ""}${attr.references ? `.references(()=> ${attr.references.model}.${attr.references.field ?? "id"}, { onDelete: '${attr.references.onDelete || "cascade"}' })` : ""}`;
-    }).join(",\n  ");
-    if (tableKey === "tool_policy") {
-      extras.push({
-        kind: "index",
-        name: "tool_policy_scope_id_position_idx",
-        on: ["scope_id", "position"]
-      });
-    }
-    const tableSchema = `export const ${tableKey} = ${dialect}Table("${modelName}", {
-  id: ${id},
-  ${fieldLines}
-}${assignExtras(extras)});`;
-    code += `
-${tableSchema}
-`;
-  }
-  let relationsString = "";
-  for (const [tableKey, tableDef] of Object.entries(schema)) {
-    const modelName = tableKey;
-    const oneRelations = [];
-    const manyRelations = [];
-    const manyRelationsSet = /* @__PURE__ */ new Set();
-    for (const [fieldName, field] of Object.entries(tableDef.fields)) {
-      if (!field.references) continue;
-      const referencedModel = field.references.model;
-      const physical = field.fieldName ?? fieldName;
-      const fieldRef = `${tableKey}.${physical}`;
-      const referenceRef = `${referencedModel}.${field.references.field || "id"}`;
-      oneRelations.push({
-        key: referencedModel,
-        model: referencedModel,
-        type: "one",
-        reference: {
-          field: fieldRef,
-          references: referenceRef,
-          fieldName
-        }
-      });
-    }
-    for (const [otherKey, otherDef] of Object.entries(schema)) {
-      if (otherKey === tableKey) continue;
-      const hasFK = Object.values(otherDef.fields).some(
-        (field) => field.references?.model === tableKey
-      );
-      if (!hasFK) continue;
-      const relationKey = `${otherKey}s`;
-      if (!manyRelationsSet.has(relationKey)) {
-        manyRelationsSet.add(relationKey);
-        manyRelations.push({
-          key: relationKey,
-          model: otherKey,
-          type: "many"
-        });
-      }
-    }
-    const relationsByModel = /* @__PURE__ */ new Map();
-    for (const rel of oneRelations) {
-      if (!rel.reference) continue;
-      const arr = relationsByModel.get(rel.key) ?? [];
-      arr.push(rel);
-      relationsByModel.set(rel.key, arr);
-    }
-    const duplicateRelations = [];
-    const singleRelations = [];
-    for (const [, rels] of relationsByModel.entries()) {
-      if (rels.length > 1) {
-        duplicateRelations.push(...rels);
-      } else {
-        singleRelations.push(rels[0]);
-      }
-    }
-    for (const rel of duplicateRelations) {
-      if (!rel.reference) continue;
-      const relExportName = `${modelName}${rel.reference.fieldName.charAt(0).toUpperCase() + rel.reference.fieldName.slice(1)}Relations`;
-      const block = `export const ${relExportName} = relations(${modelName}, ({ one }) => ({
-  ${rel.key}: one(${rel.model}, {
-    fields: [${rel.reference.field}],
-    references: [${rel.reference.references}],
-  })
-}))`;
-      relationsString += `
-${block}
-`;
-    }
-    const hasOne = singleRelations.length > 0;
-    const hasMany = manyRelations.length > 0;
-    if (hasOne || hasMany) {
-      const destructured = [
-        hasOne ? "one" : "",
-        hasMany ? "many" : ""
-      ].filter(Boolean).join(", ");
-      const body = [
-        ...singleRelations.filter((r) => r.reference).map(
-          (r) => `  ${r.key}: one(${r.model}, {
-    fields: [${r.reference.field}],
-    references: [${r.reference.references}],
-  })`
-        ),
-        ...manyRelations.map(
-          ({ key, model }) => `  ${key}: many(${model})`
-        )
-      ].join(",\n");
-      const block = `export const ${modelName}Relations = relations(${modelName}, ({ ${destructured} }) => ({
-${body}
-}))`;
-      relationsString += `
-${block}
-`;
-    }
-  }
-  code += `
-${relationsString}`;
-  return {
-    code,
-    fileName: filePath,
-    overwrite: fileExist
-  };
-};
-function generateImport({
-  dialect,
-  schema
-}) {
-  const rootImports = [];
-  const coreImports = [];
-  let hasBigint = false;
-  let hasJson = false;
-  let hasBoolean = false;
-  let hasNumber = false;
-  let hasDate = false;
-  let hasIndex = false;
-  let hasUniqueIndex = false;
-  let hasReferences = false;
-  let hasCompositePrimaryKey = false;
-  for (const [tableKey, table] of Object.entries(schema)) {
-    for (const field of Object.values(table.fields)) {
-      if (field.bigint) hasBigint = true;
-      if (field.type === "json") hasJson = true;
-      if (field.type === "boolean") hasBoolean = true;
-      if (field.type === "number" && !field.bigint || field.type === "number[]") {
-        hasNumber = true;
-      }
-      if (field.type === "date") hasDate = true;
-      if (field.index && !field.unique) hasIndex = true;
-      if (field.index && field.unique) hasUniqueIndex = true;
-      if (field.references) hasReferences = true;
-    }
-    if (Object.prototype.hasOwnProperty.call(table.fields, "scope_id")) {
-      hasCompositePrimaryKey = true;
-    }
-    void tableKey;
-  }
-  coreImports.push(`${dialect}Table`);
-  coreImports.push("text");
-  if (hasBoolean && dialect !== "sqlite") coreImports.push("boolean");
-  if (hasDate) {
-    if (dialect === "pg") coreImports.push("timestamp");
-  }
-  if (hasNumber || dialect === "sqlite") {
-    if (dialect === "pg") coreImports.push("integer");
-    else if (dialect === "mysql") coreImports.push("int");
-    else coreImports.push("integer");
-  }
-  if (hasBigint && dialect !== "sqlite") coreImports.push("bigint");
-  if (hasJson) {
-    if (dialect === "pg") coreImports.push("jsonb");
-    else if (dialect === "mysql") coreImports.push("json");
-  }
-  if (hasIndex) coreImports.push("index");
-  if (hasUniqueIndex) coreImports.push("uniqueIndex");
-  if (hasCompositePrimaryKey) coreImports.push("primaryKey");
-  if (dialect === "sqlite" && (hasBoolean || hasDate)) {
-    if (!coreImports.includes("integer")) coreImports.push("integer");
-  }
-  if (dialect === "sqlite" && hasNumber) {
-  }
-  const hasSqliteTimestamp = dialect === "sqlite" && Object.values(schema).some(
-    (table) => Object.values(table.fields).some(
-      (field) => field.type === "date" && field.defaultValue && typeof field.defaultValue === "function" && field.defaultValue.toString().includes("new Date()")
-    )
-  );
-  if (hasSqliteTimestamp) {
-    rootImports.push("sql");
-  }
-  if (hasReferences || dialect === "mysql") {
-  }
-  if (hasReferences) rootImports.push("relations");
-  const filteredCore = coreImports.map((x) => x.trim()).filter((x) => x !== "");
-  const uniqueCore = [...new Set(filteredCore)];
-  const uniqueRoot = [...new Set(rootImports)];
-  return `${uniqueRoot.length > 0 ? `import { ${uniqueRoot.join(", ")} } from "drizzle-orm";
-` : ""}import { ${uniqueCore.join(", ")} } from "drizzle-orm/${dialect}-core";
-`;
-}
-
-// src/commands/generate.ts
-async function generateAction(opts) {
+// src/commands/schema.ts
+var schemaGenerateAction = async (opts) => {
   const cwd = path2.resolve(opts.cwd);
-  if (!existsSync3(cwd)) {
+  if (!existsSync2(cwd)) {
     console.error(`The directory "${cwd}" does not exist.`);
     process.exit(1);
   }
@@ -1154,39 +62,48 @@ async function generateAction(opts) {
     );
     process.exit(1);
   }
-  const schema = collectSchemas(config.plugins());
-  const result = await generateDrizzleSchema({
-    schema,
-    dialect: config.dialect,
-    file: opts.output
-  });
-  if (!result.code) {
-    console.log("Schema is already up to date.");
-    process.exit(0);
+  if (opts.adapter !== "drizzle") {
+    console.error(`Unsupported schema adapter "${opts.adapter}". Supported adapters: drizzle.`);
+    process.exit(1);
   }
-  const outPath = path2.resolve(cwd, result.fileName);
-  const outDir = path2.dirname(outPath);
-  if (!existsSync3(outDir)) {
-    await fs.mkdir(outDir, { recursive: true });
+  if (opts.provider !== "mysql" && opts.provider !== "postgresql" && opts.provider !== "sqlite") {
+    console.error(
+      `Unsupported drizzle provider "${opts.provider}". Supported providers: mysql, postgresql, sqlite.`
+    );
+    process.exit(1);
   }
-  await fs.writeFile(outPath, result.code);
+  const [{ fumadb }, { drizzleAdapter }, { schema: fumaSchema }] = await Promise.all([
+    import("fumadb"),
+    import("fumadb/adapters/drizzle"),
+    import("fumadb/schema")
+  ]);
+  const schema2 = fumaSchema({
+    version: opts.version,
+    tables: collectTables(config.plugins())
+  });
+  const factory = fumadb({
+    namespace: opts.namespace,
+    schemas: [schema2]
+  });
+  const generated = factory.client(
+    drizzleAdapter({
+      db: {},
+      provider: opts.provider
+    })
+  ).generateSchema("latest", opts.namespace);
+  const output = opts.output ?? generated.path;
+  const outPath = path2.resolve(cwd, output);
+  await fs.mkdir(path2.dirname(outPath), { recursive: true });
+  await fs.writeFile(outPath, generated.code);
   console.log(`Schema generated: ${path2.relative(cwd, outPath)}`);
-}
-var generate = new Command("generate").description("Generate a drizzle schema file from the executor config").option(
-  "-c, --cwd <cwd>",
-  "the working directory",
-  process.cwd()
-).option(
-  "--config <config>",
-  "path to the executor config file"
-).option(
-  "--output <output>",
-  "output file path for the generated schema"
-).action(generateAction);
+};
+var schema = new Command("schema").description("Database schema utilities").addCommand(
+  new Command("generate").description("Generate an ORM schema file from the executor config").option("-c, --cwd <cwd>", "the working directory", process.cwd()).option("--config <config>", "path to the executor config file").option("--output <output>", "output file path for the generated schema").option("--namespace <namespace>", "FumaDB namespace", "executor").option("--adapter <adapter>", "FumaDB adapter", "drizzle").option("--provider <provider>", "database provider", "postgresql").option("--version <version>", "FumaDB schema version", "1.0.0").action(schemaGenerateAction)
+);
 
 // src/index.ts
 process.on("SIGINT", () => process.exit(0));
 process.on("SIGTERM", () => process.exit(0));
-var program = new Command2("executor").version("0.0.1").description("Executor CLI").addCommand(generate).action(() => program.help());
-program.parse();
+var program = new Command2("executor-sdk").version("0.0.1").description("Executor SDK CLI").addCommand(schema).action(() => program.help());
+await program.parseAsync();
 //# sourceMappingURL=index.js.map