@executor-js/plugin-openapi 0.1.0 → 0.2.1

package/dist/chunk-2BXVRXGL.js

@@ -0,0 +1,1345 @@
+// src/sdk/errors.ts
+import { Data, Schema } from "effect";
+var OpenApiParseError = class extends Schema.TaggedErrorClass()(
+  "OpenApiParseError",
+  {
+    message: Schema.String
+  },
+  { httpApiStatus: 400 }
+) {
+};
+var OpenApiExtractionError = class extends Schema.TaggedErrorClass()(
+  "OpenApiExtractionError",
+  {
+    message: Schema.String
+  },
+  { httpApiStatus: 400 }
+) {
+};
+var OpenApiInvocationError = class extends Data.TaggedError("OpenApiInvocationError") {
+};
+var OpenApiOAuthError = class extends Schema.TaggedErrorClass()(
+  "OpenApiOAuthError",
+  {
+    message: Schema.String
+  },
+  { httpApiStatus: 400 }
+) {
+};
+
+// src/sdk/parse.ts
+import { Duration, Effect, Schema as Schema2 } from "effect";
+import { HttpClient, HttpClientRequest } from "effect/unstable/http";
+import YAML from "yaml";
+var OpenApiExtractionErrorFromParse = class extends OpenApiExtractionError {
+};
+var fetchSpecText = Effect.fn("OpenApi.fetchSpecText")(function* (url, credentials) {
+  const client = yield* HttpClient.HttpClient;
+  const requestUrl = new URL(url);
+  for (const [name, value] of Object.entries(credentials?.queryParams ?? {})) {
+    requestUrl.searchParams.set(name, value);
+  }
+  let request = HttpClientRequest.get(requestUrl.toString()).pipe(
+    HttpClientRequest.setHeader("Accept", "application/json, application/yaml, text/yaml, */*")
+  );
+  for (const [name, value] of Object.entries(credentials?.headers ?? {})) {
+    request = HttpClientRequest.setHeader(request, name, value);
+  }
+  const response = yield* client.execute(request).pipe(
+    Effect.timeout(Duration.seconds(60)),
+    Effect.mapError(
+      (_cause) => new OpenApiParseError({
+        message: "Failed to fetch OpenAPI document"
+      })
+    )
+  );
+  if (response.status < 200 || response.status >= 300) {
+    return yield* new OpenApiParseError({
+      message: `Failed to fetch OpenAPI document: HTTP ${response.status}`
+    });
+  }
+  return yield* response.text.pipe(
+    Effect.mapError(
+      (_cause) => new OpenApiParseError({
+        message: "Failed to read OpenAPI document body"
+      })
+    )
+  );
+});
+var resolveSpecText = (input, credentials) => input.startsWith("http://") || input.startsWith("https://") ? fetchSpecText(input, credentials) : Effect.succeed(input);
+var parse = Effect.fn("OpenApi.parse")(function* (text) {
+  const api = yield* parseTextToObject(text);
+  if (!isOpenApi3(api)) {
+    return yield* new OpenApiExtractionErrorFromParse({
+      message: "Only OpenAPI 3.x documents are supported. Swagger 2.x documents should be converted first."
+    });
+  }
+  return api;
+});
+var isOpenApi3 = (doc) => "openapi" in doc && typeof doc.openapi === "string" && doc.openapi.startsWith("3.");
+var parseTextToObject = (text) => Effect.gen(function* () {
+  const trimmed = text.trim();
+  if (trimmed.length === 0) {
+    return yield* new OpenApiParseError({
+      message: "OpenAPI document is empty"
+    });
+  }
+  const parsed = yield* parseJsonLike(trimmed).pipe(
+    Effect.mapError(
+      () => new OpenApiParseError({
+        message: "Failed to parse OpenAPI document"
+      })
+    )
+  );
+  if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) {
+    return yield* new OpenApiParseError({
+      message: "OpenAPI document must parse to an object"
+    });
+  }
+  return parsed;
+});
+var parseJsonText = Schema2.decodeUnknownEffect(Schema2.fromJsonString(Schema2.Unknown));
+var parseJsonLike = (text) => {
+  const parseYaml = Effect.try({
+    try: () => YAML.parse(text),
+    catch: () => "YamlParseFailed"
+  });
+  if (!text.startsWith("{") && !text.startsWith("[")) return parseYaml;
+  return parseJsonText(text).pipe(Effect.catch(() => parseYaml));
+};
+
+// src/sdk/openapi-utils.ts
+import { Option } from "effect";
+var DocResolver = class {
+  constructor(doc) {
+    this.doc = doc;
+  }
+  doc;
+  /** Resolve a value that might be a $ref, returning the resolved object */
+  resolve(value) {
+    if (isRef(value)) {
+      const resolved = this.resolvePointer(value.$ref);
+      return resolved;
+    }
+    return value;
+  }
+  resolvePointer(ref) {
+    if (!ref.startsWith("#/")) return null;
+    const segments = ref.slice(2).split("/");
+    let current = this.doc;
+    for (const segment of segments) {
+      if (typeof current !== "object" || current === null) return null;
+      current = current[segment];
+    }
+    return current;
+  }
+};
+var isRef = (value) => typeof value === "object" && value !== null && "$ref" in value;
+var substituteUrlVariables = (url, values) => {
+  let out = url;
+  for (const [name, value] of Object.entries(values)) {
+    out = out.replaceAll(`{${name}}`, value);
+  }
+  return out;
+};
+var OPENAPI_MAX_SERVER_VARIABLE_OPTIONS = 64;
+var expandServerUrlOptions = (server, limit = OPENAPI_MAX_SERVER_VARIABLE_OPTIONS) => {
+  if (!Option.isSome(server.variables)) return [server.url];
+  let urls = [server.url];
+  for (const [name, variable] of Object.entries(server.variables.value)) {
+    const enumValues = typeof variable === "string" ? [] : Option.getOrElse(variable.enum, () => []);
+    const values = enumValues.length > 0 ? enumValues : [typeof variable === "string" ? variable : variable.default];
+    const next = [];
+    for (const url of urls) {
+      for (const value of values) {
+        next.push(url.replaceAll(`{${name}}`, value));
+        if (next.length >= limit) return next;
+      }
+    }
+    urls = next;
+  }
+  return urls;
+};
+var resolveBaseUrl = (servers) => {
+  const server = servers[0];
+  if (!server) return "";
+  if (!Option.isSome(server.variables)) return server.url;
+  const values = {};
+  for (const [name, v] of Object.entries(server.variables.value)) {
+    values[name] = typeof v === "string" ? v : v.default;
+  }
+  return substituteUrlVariables(server.url, values);
+};
+var declaredContents = (content) => {
+  if (!content) return [];
+  return Object.entries(content).map(([mediaType, media]) => ({ mediaType, media }));
+};
+var preferredContent = (content) => {
+  const first = declaredContents(content)[0];
+  return first ? first : void 0;
+};
+var preferredResponseContent = (content) => {
+  if (!content) return void 0;
+  const entries = Object.entries(content);
+  const pick = entries.find(([mt]) => mt === "application/json") ?? entries.find(([mt]) => mt.toLowerCase().includes("+json")) ?? entries.find(([mt]) => mt.toLowerCase().includes("json")) ?? entries[0];
+  return pick ? { mediaType: pick[0], media: pick[1] } : void 0;
+};
+
+// src/sdk/types.ts
+import { Schema as Schema3 } from "effect";
+import {
+  ConnectionId,
+  ScopeId,
+  ScopedSecretCredentialInput,
+  SecretBackedValue,
+  SecretId
+} from "@executor-js/sdk/core";
+var OperationId = Schema3.String.pipe(Schema3.brand("OperationId"));
+var HttpMethod = Schema3.Literals([
+  "get",
+  "put",
+  "post",
+  "delete",
+  "patch",
+  "head",
+  "options",
+  "trace"
+]);
+var ParameterLocation = Schema3.Literals(["path", "query", "header", "cookie"]);
+var OperationParameter = class extends Schema3.Class("OperationParameter")({
+  name: Schema3.String,
+  location: ParameterLocation,
+  required: Schema3.Boolean,
+  schema: Schema3.OptionFromOptional(Schema3.Unknown),
+  style: Schema3.OptionFromOptional(Schema3.String),
+  explode: Schema3.OptionFromOptional(Schema3.Boolean),
+  allowReserved: Schema3.OptionFromOptional(Schema3.Boolean),
+  description: Schema3.OptionFromOptional(Schema3.String)
+}) {
+};
+var EncodingObject = class extends Schema3.Class("EncodingObject")({
+  contentType: Schema3.OptionFromOptional(Schema3.String),
+  style: Schema3.OptionFromOptional(Schema3.String),
+  explode: Schema3.OptionFromOptional(Schema3.Boolean),
+  allowReserved: Schema3.OptionFromOptional(Schema3.Boolean)
+}) {
+};
+var MediaBinding = class extends Schema3.Class("MediaBinding")({
+  contentType: Schema3.String,
+  schema: Schema3.OptionFromOptional(Schema3.Unknown),
+  encoding: Schema3.OptionFromOptional(Schema3.Record(Schema3.String, EncodingObject))
+}) {
+};
+var OperationRequestBody = class extends Schema3.Class(
+  "OperationRequestBody"
+)({
+  required: Schema3.Boolean,
+  /** Default media type — first declared in spec order (not JSON-first).
+   *  Used when the caller does not override via the tool's `contentType` arg. */
+  contentType: Schema3.String,
+  /** Schema of the default media type. Kept for backward compat with stored
+   *  bindings from before `contents` was added. */
+  schema: Schema3.OptionFromOptional(Schema3.Unknown),
+  /** All declared media types in spec order. Populated by `extract.ts`
+   *  going forward; older persisted bindings may have this unset and will
+   *  fall back to `{contentType, schema}`. */
+  contents: Schema3.OptionFromOptional(Schema3.Array(MediaBinding))
+}) {
+};
+var ExtractedOperation = class extends Schema3.Class("ExtractedOperation")({
+  operationId: OperationId,
+  method: HttpMethod,
+  pathTemplate: Schema3.String,
+  summary: Schema3.OptionFromOptional(Schema3.String),
+  description: Schema3.OptionFromOptional(Schema3.String),
+  tags: Schema3.Array(Schema3.String),
+  parameters: Schema3.Array(OperationParameter),
+  requestBody: Schema3.OptionFromOptional(OperationRequestBody),
+  inputSchema: Schema3.OptionFromOptional(Schema3.Unknown),
+  outputSchema: Schema3.OptionFromOptional(Schema3.Unknown),
+  deprecated: Schema3.Boolean
+}) {
+};
+var ServerVariable = class extends Schema3.Class("ServerVariable")({
+  default: Schema3.String,
+  enum: Schema3.OptionFromOptional(Schema3.Array(Schema3.String)),
+  description: Schema3.OptionFromOptional(Schema3.String)
+}) {
+};
+var ServerInfo = class extends Schema3.Class("ServerInfo")({
+  url: Schema3.String,
+  description: Schema3.OptionFromOptional(Schema3.String),
+  variables: Schema3.OptionFromOptional(Schema3.Record(Schema3.String, ServerVariable))
+}) {
+};
+var ExtractionResult = class extends Schema3.Class("ExtractionResult")({
+  title: Schema3.OptionFromOptional(Schema3.String),
+  version: Schema3.OptionFromOptional(Schema3.String),
+  servers: Schema3.Array(ServerInfo),
+  operations: Schema3.Array(ExtractedOperation)
+}) {
+};
+var OperationBinding = class extends Schema3.Class("OperationBinding")({
+  method: HttpMethod,
+  pathTemplate: Schema3.String,
+  parameters: Schema3.Array(OperationParameter),
+  requestBody: Schema3.OptionFromOptional(OperationRequestBody)
+}) {
+};
+var HeaderValue = SecretBackedValue;
+var ConfiguredHeaderBinding = class extends Schema3.Class(
+  "OpenApiConfiguredHeaderBinding"
+)({
+  kind: Schema3.Literal("binding"),
+  slot: Schema3.String,
+  prefix: Schema3.optional(Schema3.String)
+}) {
+};
+var ConfiguredHeaderValue = Schema3.Union([Schema3.String, ConfiguredHeaderBinding]);
+var OpenApiCredentialInput = Schema3.Union([
+  ScopedSecretCredentialInput,
+  HeaderValue,
+  ConfiguredHeaderValue
+]);
+var OpenApiSourceBindingValue = Schema3.Union([
+  Schema3.Struct({
+    kind: Schema3.Literal("secret"),
+    secretId: SecretId,
+    secretScopeId: Schema3.optional(ScopeId)
+  }),
+  Schema3.Struct({
+    kind: Schema3.Literal("connection"),
+    connectionId: ConnectionId
+  }),
+  Schema3.Struct({
+    kind: Schema3.Literal("text"),
+    text: Schema3.String
+  })
+]);
+var OpenApiSourceBindingInputSchema = Schema3.Struct({
+  sourceId: Schema3.String,
+  sourceScope: ScopeId,
+  scope: ScopeId,
+  slot: Schema3.String,
+  value: OpenApiSourceBindingValue
+});
+var OpenApiSourceBindingInput = class extends Schema3.Class(
+  "OpenApiSourceBindingInput"
+)(OpenApiSourceBindingInputSchema.fields) {
+};
+var OpenApiSourceBindingRef = class extends Schema3.Class(
+  "OpenApiSourceBindingRef"
+)({
+  sourceId: Schema3.String,
+  sourceScopeId: ScopeId,
+  scopeId: ScopeId,
+  slot: Schema3.String,
+  value: OpenApiSourceBindingValue,
+  createdAt: Schema3.Date,
+  updatedAt: Schema3.Date
+}) {
+};
+var OAuth2Flow = Schema3.Literals(["authorizationCode", "clientCredentials"]);
+var OAuth2SourceConfigSchema = Schema3.Struct({
+  kind: Schema3.Literal("oauth2"),
+  securitySchemeName: Schema3.String,
+  flow: OAuth2Flow,
+  tokenUrl: Schema3.String,
+  authorizationUrl: Schema3.NullOr(Schema3.String),
+  issuerUrl: Schema3.optional(Schema3.NullOr(Schema3.String)),
+  clientIdSlot: Schema3.String,
+  clientSecretSlot: Schema3.NullOr(Schema3.String),
+  connectionSlot: Schema3.String,
+  scopes: Schema3.Array(Schema3.String)
+});
+var OAuth2SourceConfig = class extends Schema3.Class(
+  "OpenApiOAuth2SourceConfig"
+)(OAuth2SourceConfigSchema.fields) {
+};
+var InvocationResult = class extends Schema3.Class("InvocationResult")({
+  status: Schema3.Number,
+  headers: Schema3.Record(Schema3.String, Schema3.String),
+  data: Schema3.NullOr(Schema3.Unknown),
+  error: Schema3.NullOr(Schema3.Unknown)
+}) {
+};
+
+// src/sdk/extract.ts
+import { Effect as Effect2, Option as Option2 } from "effect";
+var HTTP_METHODS = [
+  "get",
+  "put",
+  "post",
+  "delete",
+  "patch",
+  "head",
+  "options",
+  "trace"
+];
+var VALID_PARAM_LOCATIONS = /* @__PURE__ */ new Set(["path", "query", "header", "cookie"]);
+var extractParameters = (pathItem, operation, r) => {
+  const merged = /* @__PURE__ */ new Map();
+  for (const raw of pathItem.parameters ?? []) {
+    const p = r.resolve(raw);
+    if (!p) continue;
+    merged.set(`${p.in}:${p.name}`, p);
+  }
+  for (const raw of operation.parameters ?? []) {
+    const p = r.resolve(raw);
+    if (!p) continue;
+    merged.set(`${p.in}:${p.name}`, p);
+  }
+  return [...merged.values()].filter((p) => VALID_PARAM_LOCATIONS.has(p.in)).map(
+    (p) => new OperationParameter({
+      name: p.name,
+      location: p.in,
+      required: p.in === "path" ? true : p.required === true,
+      schema: Option2.fromNullishOr(p.schema),
+      style: Option2.fromNullishOr(p.style),
+      explode: Option2.fromNullishOr(p.explode),
+      allowReserved: Option2.fromNullishOr("allowReserved" in p ? p.allowReserved : void 0),
+      description: Option2.fromNullishOr(p.description)
+    })
+  );
+};
+var buildEncodingRecord = (encoding) => {
+  if (!encoding) return void 0;
+  const out = {};
+  for (const [prop, raw] of Object.entries(encoding)) {
+    if (typeof raw !== "object" || raw === null) continue;
+    const e = raw;
+    out[prop] = new EncodingObject({
+      contentType: Option2.fromNullishOr(e.contentType),
+      style: Option2.fromNullishOr(e.style),
+      explode: Option2.fromNullishOr(e.explode),
+      allowReserved: Option2.fromNullishOr(e.allowReserved)
+    });
+  }
+  return Object.keys(out).length > 0 ? out : void 0;
+};
+var extractRequestBody = (operation, r) => {
+  if (!operation.requestBody) return void 0;
+  const body = r.resolve(operation.requestBody);
+  if (!body) return void 0;
+  const contents = declaredContents(body.content).map(
+    ({ mediaType, media }) => new MediaBinding({
+      contentType: mediaType,
+      schema: Option2.fromNullishOr(media.schema),
+      encoding: Option2.fromNullishOr(
+        buildEncodingRecord(media.encoding)
+      )
+    })
+  );
+  if (contents.length === 0) return void 0;
+  const defaultContent = contents[0];
+  return new OperationRequestBody({
+    required: body.required === true,
+    contentType: defaultContent.contentType,
+    schema: defaultContent.schema,
+    contents: Option2.some(contents)
+  });
+};
+var extractOutputSchema = (operation, r) => {
+  if (!operation.responses) return void 0;
+  const entries = Object.entries(operation.responses);
+  const preferred = [
+    ...entries.filter(([s]) => /^2\d\d$/.test(s)).sort(([a], [b]) => a.localeCompare(b)),
+    ...entries.filter(([s]) => s === "default")
+  ];
+  for (const [, ref] of preferred) {
+    const resp = r.resolve(ref);
+    if (!resp) continue;
+    const content = preferredResponseContent(resp.content);
+    if (content?.media.schema) return content.media.schema;
+  }
+  return void 0;
+};
+var buildInputSchema = (parameters, requestBody) => {
+  const properties = {};
+  const required = [];
+  for (const param of parameters) {
+    properties[param.name] = Option2.getOrElse(param.schema, () => ({ type: "string" }));
+    if (param.required) required.push(param.name);
+  }
+  if (requestBody) {
+    properties.body = Option2.getOrElse(requestBody.schema, () => ({ type: "object" }));
+    if (requestBody.required) required.push("body");
+    const contents = Option2.getOrUndefined(requestBody.contents);
+    if (contents && contents.length > 1) {
+      properties.contentType = {
+        type: "string",
+        enum: contents.map((c) => c.contentType),
+        default: requestBody.contentType,
+        description: "Content-Type for the request body. Declared media types for this operation, in spec order."
+      };
+    }
+  }
+  if (Object.keys(properties).length === 0) return void 0;
+  return {
+    type: "object",
+    properties,
+    ...required.length > 0 ? { required } : {},
+    additionalProperties: false
+  };
+};
+var deriveOperationId = (method, pathTemplate, operation) => operation.operationId ?? (`${method}_${pathTemplate.replace(/[^a-zA-Z0-9]+/g, "_")}`.replace(/^_+|_+$/g, "") || `${method}_operation`);
+var extractServers = (doc) => (doc.servers ?? []).flatMap((server) => {
+  if (!server.url) return [];
+  const vars = server.variables ? Object.fromEntries(
+    Object.entries(server.variables).flatMap(([name, v]) => {
+      if (v.default === void 0 || v.default === null) return [];
+      const enumValues = Array.isArray(v.enum) ? v.enum.filter((x) => typeof x === "string") : void 0;
+      return [
+        [
+          name,
+          new ServerVariable({
+            default: String(v.default),
+            enum: enumValues && enumValues.length > 0 ? Option2.some(enumValues) : Option2.none(),
+            description: Option2.fromNullishOr(v.description)
+          })
+        ]
+      ];
+    })
+  ) : void 0;
+  return [
+    new ServerInfo({
+      url: server.url,
+      description: Option2.fromNullishOr(server.description),
+      variables: vars && Object.keys(vars).length > 0 ? Option2.some(vars) : Option2.none()
+    })
+  ];
+});
+var extract = Effect2.fn("OpenApi.extract")(function* (doc) {
+  const paths = doc.paths;
+  if (!paths) {
+    return yield* new OpenApiExtractionError({
+      message: "OpenAPI document has no paths defined"
+    });
+  }
+  const r = new DocResolver(doc);
+  const operations = [];
+  for (const [pathTemplate, pathItem] of Object.entries(paths).sort(
+    ([a], [b]) => a.localeCompare(b)
+  )) {
+    if (!pathItem) continue;
+    for (const method of HTTP_METHODS) {
+      const operation = pathItem[method];
+      if (!operation) continue;
+      const parameters = extractParameters(pathItem, operation, r);
+      const requestBody = extractRequestBody(operation, r);
+      const inputSchema = buildInputSchema(parameters, requestBody);
+      const outputSchema = extractOutputSchema(operation, r);
+      const tags = (operation.tags ?? []).filter((t) => t.trim().length > 0);
+      operations.push(
+        new ExtractedOperation({
+          operationId: OperationId.make(deriveOperationId(method, pathTemplate, operation)),
+          method,
+          pathTemplate,
+          summary: Option2.fromNullishOr(operation.summary),
+          description: Option2.fromNullishOr(operation.description),
+          tags,
+          parameters,
+          requestBody: Option2.fromNullishOr(requestBody),
+          inputSchema: Option2.fromNullishOr(inputSchema),
+          outputSchema: Option2.fromNullishOr(outputSchema),
+          deprecated: operation.deprecated === true
+        })
+      );
+    }
+  }
+  return new ExtractionResult({
+    title: Option2.fromNullishOr(doc.info?.title),
+    version: Option2.fromNullishOr(doc.info?.version),
+    servers: extractServers(doc),
+    operations
+  });
+});
+
+// src/sdk/preview.ts
+import { Effect as Effect3, Option as Option3 } from "effect";
+import { Schema as Schema4 } from "effect";
+var OAuth2Scopes = Schema4.Record(Schema4.String, Schema4.String);
+var SecuritySchemeType = Schema4.Literals(["http", "apiKey", "oauth2", "openIdConnect"]);
+var decodeSecuritySchemeType = Schema4.decodeUnknownOption(SecuritySchemeType);
+var OAuth2AuthorizationCodeFlow = class extends Schema4.Class(
+  "OAuth2AuthorizationCodeFlow"
+)({
+  authorizationUrl: Schema4.String,
+  tokenUrl: Schema4.String,
+  refreshUrl: Schema4.OptionFromOptional(Schema4.String),
+  scopes: OAuth2Scopes
+}) {
+};
+var OAuth2ClientCredentialsFlow = class extends Schema4.Class(
+  "OAuth2ClientCredentialsFlow"
+)({
+  tokenUrl: Schema4.String,
+  refreshUrl: Schema4.OptionFromOptional(Schema4.String),
+  scopes: OAuth2Scopes
+}) {
+};
+var OAuth2Flows = class extends Schema4.Class("OAuth2Flows")({
+  authorizationCode: Schema4.OptionFromOptional(OAuth2AuthorizationCodeFlow),
+  clientCredentials: Schema4.OptionFromOptional(OAuth2ClientCredentialsFlow)
+}) {
+};
+var SecurityScheme = class extends Schema4.Class("SecurityScheme")({
+  /** Key name in components.securitySchemes (e.g. "api_token") */
+  name: Schema4.String,
+  /** OpenAPI security scheme type */
+  type: SecuritySchemeType,
+  /** For type: "http" — e.g. "bearer", "basic" */
+  scheme: Schema4.OptionFromOptional(Schema4.String),
+  /** For type: "http" with scheme "bearer" — e.g. "JWT" */
+  bearerFormat: Schema4.OptionFromOptional(Schema4.String),
+  /** For type: "apiKey" — where the key goes */
+  in: Schema4.OptionFromOptional(Schema4.Literals(["header", "query", "cookie"])),
+  /** For type: "apiKey" — the header/query/cookie name */
+  headerName: Schema4.OptionFromOptional(Schema4.String),
+  description: Schema4.OptionFromOptional(Schema4.String),
+  /** For type: "oauth2" — declared flows (authorizationCode / clientCredentials only; implicit and password are deprecated). */
+  flows: Schema4.OptionFromOptional(OAuth2Flows),
+  /** For type: "openIdConnect" — the discovery URL. */
+  openIdConnectUrl: Schema4.OptionFromOptional(Schema4.String)
+}) {
+};
+var AuthStrategy = class extends Schema4.Class("AuthStrategy")({
+  /** The security schemes required together for this strategy */
+  schemes: Schema4.Array(Schema4.String)
+}) {
+};
+var HeaderPreset = class extends Schema4.Class("HeaderPreset")({
+  /** Human-readable label for the UI (e.g. "Bearer Token", "API Key + Email") */
+  label: Schema4.String,
+  /** Headers this strategy needs. Value is null when the user must provide it. */
+  headers: Schema4.Record(Schema4.String, Schema4.NullOr(Schema4.String)),
+  /** Which headers should be stored as secrets */
+  secretHeaders: Schema4.Array(Schema4.String)
+}) {
+};
+var OAuth2Preset = class extends Schema4.Class("OAuth2Preset")({
+  /** Human-readable label for the UI (e.g. "OAuth2 (Authorization Code) — oauth_app") */
+  label: Schema4.String,
+  /** The source security scheme this preset came from (components.securitySchemes key). */
+  securitySchemeName: Schema4.String,
+  /** Which OAuth2 flow this preset uses. */
+  flow: Schema4.Literals(["authorizationCode", "clientCredentials"]),
+  /** For authorizationCode: user-agent redirect URL (from the spec). */
+  authorizationUrl: Schema4.OptionFromOptional(Schema4.String),
+  /** Token endpoint to exchange the code / refresh. */
+  tokenUrl: Schema4.String,
+  /** Optional refresh endpoint if the spec declares one separately. */
+  refreshUrl: Schema4.OptionFromOptional(Schema4.String),
+  /** Declared scopes for this flow: `{ scope: description }`. */
+  scopes: Schema4.Record(Schema4.String, Schema4.String)
+}) {
+};
+var PreviewOperation = class extends Schema4.Class("PreviewOperation")({
+  operationId: Schema4.String,
+  method: HttpMethod,
+  path: Schema4.String,
+  summary: Schema4.OptionFromOptional(Schema4.String),
+  tags: Schema4.Array(Schema4.String),
+  deprecated: Schema4.Boolean
+}) {
+};
+var SpecPreview = class extends Schema4.Class("SpecPreview")({
+  title: Schema4.OptionFromOptional(Schema4.String),
+  version: Schema4.OptionFromOptional(Schema4.String),
+  /** Reuses ServerInfo from extraction */
+  servers: Schema4.Array(ServerInfo),
+  operationCount: Schema4.Number,
+  /** Lightweight operation list for the add-source UI */
+  operations: Schema4.Array(PreviewOperation),
+  tags: Schema4.Array(Schema4.String),
+  securitySchemes: Schema4.Array(SecurityScheme),
+  /** Valid auth strategies (each is a set of schemes used together) */
+  authStrategies: Schema4.Array(AuthStrategy),
+  /** Pre-built header presets derived from auth strategies */
+  headerPresets: Schema4.Array(HeaderPreset),
+  /** OAuth2 presets — one per (oauth2 scheme × supported flow) combination */
+  oauth2Presets: Schema4.Array(OAuth2Preset)
+}) {
+};
+var stringRecord = (value) => {
+  if (!value || typeof value !== "object" || Array.isArray(value)) return {};
+  const out = {};
+  for (const [k, v] of Object.entries(value)) {
+    if (typeof v === "string") out[k] = v;
+  }
+  return out;
+};
+var extractFlows = (rawFlows) => {
+  if (!rawFlows || typeof rawFlows !== "object") return Option3.none();
+  const flows = rawFlows;
+  const parseFlow = (key) => flows[key];
+  let authorizationCode = Option3.none();
+  const authCodeRaw = parseFlow("authorizationCode");
+  if (authCodeRaw && typeof authCodeRaw === "object") {
+    const f = authCodeRaw;
+    const authUrl = typeof f.authorizationUrl === "string" ? f.authorizationUrl : null;
+    const tokenUrl = typeof f.tokenUrl === "string" ? f.tokenUrl : null;
+    if (authUrl && tokenUrl) {
+      authorizationCode = Option3.some(
+        new OAuth2AuthorizationCodeFlow({
+          authorizationUrl: authUrl,
+          tokenUrl,
+          refreshUrl: Option3.fromNullishOr(
+            typeof f.refreshUrl === "string" ? f.refreshUrl : void 0
+          ),
+          scopes: stringRecord(f.scopes)
+        })
+      );
+    }
+  }
+  let clientCredentials = Option3.none();
+  const ccRaw = parseFlow("clientCredentials");
+  if (ccRaw && typeof ccRaw === "object") {
+    const f = ccRaw;
+    const tokenUrl = typeof f.tokenUrl === "string" ? f.tokenUrl : null;
+    if (tokenUrl) {
+      clientCredentials = Option3.some(
+        new OAuth2ClientCredentialsFlow({
+          tokenUrl,
+          refreshUrl: Option3.fromNullishOr(
+            typeof f.refreshUrl === "string" ? f.refreshUrl : void 0
+          ),
+          scopes: stringRecord(f.scopes)
+        })
+      );
+    }
+  }
+  if (Option3.isNone(authorizationCode) && Option3.isNone(clientCredentials)) {
+    return Option3.none();
+  }
+  return Option3.some(new OAuth2Flows({ authorizationCode, clientCredentials }));
+};
+var extractSecuritySchemes = (rawSchemes, resolver) => Object.entries(rawSchemes).flatMap(([name, schemeOrRef]) => {
+  if (!schemeOrRef || typeof schemeOrRef !== "object") return [];
+  const resolved = resolver.resolve(
+    schemeOrRef
+  );
+  if (!resolved || typeof resolved !== "object") return [];
+  const scheme = resolved;
+  const type = decodeSecuritySchemeType(scheme.type);
+  if (Option3.isNone(type)) return [];
+  const schemeType = type.value;
+  return [
+    new SecurityScheme({
+      name,
+      type: schemeType,
+      scheme: Option3.fromNullishOr(scheme.scheme),
+      bearerFormat: Option3.fromNullishOr(scheme.bearerFormat),
+      in: Option3.fromNullishOr(scheme.in),
+      headerName: Option3.fromNullishOr(scheme.name),
+      description: Option3.fromNullishOr(scheme.description),
+      flows: schemeType === "oauth2" ? extractFlows(scheme.flows) : Option3.none(),
+      openIdConnectUrl: Option3.fromNullishOr(scheme.openIdConnectUrl)
+    })
+  ];
+});
+var buildHeaderPresets = (schemes, strategies) => {
+  const schemeMap = new Map(schemes.map((s) => [s.name, s]));
+  return strategies.flatMap((strategy) => {
+    const resolved = strategy.schemes.map((name) => schemeMap.get(name)).filter((s) => s !== void 0);
+    if (resolved.length === 0) return [];
+    const headers = {};
+    const secretHeaders = [];
+    const labelParts = [];
+    for (const scheme of resolved) {
+      if (scheme.type === "http" && Option3.getOrElse(scheme.scheme, () => "") === "bearer") {
+        headers["Authorization"] = null;
+        secretHeaders.push("Authorization");
+        labelParts.push("Bearer Token");
+      } else if (scheme.type === "http" && Option3.getOrElse(scheme.scheme, () => "") === "basic") {
+        headers["Authorization"] = null;
+        secretHeaders.push("Authorization");
+        labelParts.push("Basic Auth");
+      } else if (scheme.type === "apiKey" && Option3.getOrElse(scheme.in, () => "") === "header") {
+        const headerName = Option3.getOrElse(scheme.headerName, () => scheme.name);
+        headers[headerName] = null;
+        secretHeaders.push(headerName);
+        labelParts.push(scheme.name);
+      } else if (scheme.type === "apiKey") {
+        labelParts.push(`${scheme.name} (${Option3.getOrElse(scheme.in, () => "unknown")})`);
+      } else if (scheme.type === "oauth2" || scheme.type === "openIdConnect") {
+        return [];
+      } else {
+        labelParts.push(scheme.name);
+      }
+    }
+    if (Object.keys(headers).length === 0 && resolved.length > 0) {
+      return [
+        new HeaderPreset({
+          label: labelParts.join(" + "),
+          headers: {},
+          secretHeaders: []
+        })
+      ];
+    }
+    return [
+      new HeaderPreset({
+        label: labelParts.join(" + "),
+        headers,
+        secretHeaders
+      })
+    ];
+  });
+};
+var buildOAuth2Presets = (schemes) => {
+  const presets = [];
+  for (const scheme of schemes) {
+    if (scheme.type !== "oauth2") continue;
+    if (Option3.isNone(scheme.flows)) continue;
+    const flows = scheme.flows.value;
+    if (Option3.isSome(flows.authorizationCode)) {
+      const flow = flows.authorizationCode.value;
+      presets.push(
+        new OAuth2Preset({
+          label: `OAuth2 Authorization Code \xB7 ${scheme.name}`,
+          securitySchemeName: scheme.name,
+          flow: "authorizationCode",
+          authorizationUrl: Option3.some(flow.authorizationUrl),
+          tokenUrl: flow.tokenUrl,
+          refreshUrl: flow.refreshUrl,
+          scopes: flow.scopes
+        })
+      );
+    }
+    if (Option3.isSome(flows.clientCredentials)) {
+      const flow = flows.clientCredentials.value;
+      presets.push(
+        new OAuth2Preset({
+          label: `OAuth2 Client Credentials \xB7 ${scheme.name}`,
+          securitySchemeName: scheme.name,
+          flow: "clientCredentials",
+          authorizationUrl: Option3.none(),
+          tokenUrl: flow.tokenUrl,
+          refreshUrl: flow.refreshUrl,
+          scopes: flow.scopes
+        })
+      );
+    }
+  }
+  return presets;
+};
+var collectTags = (result) => {
+  const tagSet = /* @__PURE__ */ new Set();
+  for (const op of result.operations) {
+    for (const tag of op.tags) tagSet.add(tag);
+  }
+  return [...tagSet].sort();
+};
+var previewSpec = Effect3.fn("OpenApi.previewSpec")(function* (input) {
+  const specText = yield* resolveSpecText(input);
+  const doc = yield* parse(specText);
+  const result = yield* extract(doc);
+  const resolver = new DocResolver(doc);
+  const securitySchemes = extractSecuritySchemes(doc.components?.securitySchemes ?? {}, resolver);
+  const rawSecurity = doc.security ?? [];
+  const declaredStrategies = rawSecurity.map(
+    (entry) => new AuthStrategy({ schemes: Object.keys(entry) })
+  );
+  const authStrategies = declaredStrategies.length > 0 ? declaredStrategies : securitySchemes.map((scheme) => new AuthStrategy({ schemes: [scheme.name] }));
+  return new SpecPreview({
+    title: result.title,
+    version: result.version,
+    servers: result.servers,
+    operationCount: result.operations.length,
+    operations: result.operations.map(
+      (op) => new PreviewOperation({
+        operationId: op.operationId,
+        method: op.method,
+        path: op.pathTemplate,
+        summary: op.summary,
+        tags: op.tags,
+        deprecated: op.deprecated
+      })
+    ),
+    tags: collectTags(result),
+    securitySchemes,
+    authStrategies,
+    headerPresets: buildHeaderPresets(securitySchemes, authStrategies),
+    oauth2Presets: buildOAuth2Presets(securitySchemes)
+  });
+});
+
+// src/sdk/store.ts
+import { Effect as Effect4, Option as Option4, Schema as Schema5 } from "effect";
+import { defineSchema } from "@executor-js/sdk/core";
+var openapiSchema = defineSchema({
+  openapi_source: {
+    fields: {
+      id: { type: "string", required: true },
+      scope_id: { type: "string", required: true, index: true },
+      name: { type: "string", required: true },
+      spec: { type: "string", required: true },
+      // Origin URL the spec was fetched from. Set when `addSpec` was
+      // invoked with an http(s) URL; null when the caller passed raw
+      // spec text. Drives `canRefresh` on the core source row and
+      // is the address re-fetched on `refreshSource`.
+      source_url: { type: "string", required: false },
+      base_url: { type: "string", required: false },
+      // OAuth2 stays JSON because it is one typed source-owned config object
+      // carrying slot names, not concrete secret/connection ids.
+      oauth2: { type: "json", required: false }
+    }
+  },
+  openapi_operation: {
+    fields: {
+      id: { type: "string", required: true },
+      scope_id: { type: "string", required: true, index: true },
+      source_id: { type: "string", required: true, index: true },
+      binding: { type: "json", required: true }
+    }
+  },
+  openapi_source_header: {
+    fields: {
+      id: { type: "string", required: true },
+      scope_id: { type: "string", required: true, index: true },
+      source_id: { type: "string", required: true, index: true },
+      name: { type: "string", required: true },
+      kind: { type: ["text", "binding"], required: true },
+      text_value: { type: "string", required: false },
+      slot_key: { type: "string", required: false },
+      prefix: { type: "string", required: false }
+    }
+  },
+  openapi_source_query_param: {
+    fields: {
+      id: { type: "string", required: true },
+      scope_id: { type: "string", required: true, index: true },
+      source_id: { type: "string", required: true, index: true },
+      name: { type: "string", required: true },
+      kind: { type: ["text", "binding"], required: true },
+      text_value: { type: "string", required: false },
+      slot_key: { type: "string", required: false },
+      prefix: { type: "string", required: false }
+    }
+  },
+  openapi_source_spec_fetch_header: {
+    fields: {
+      id: { type: "string", required: true },
+      scope_id: { type: "string", required: true, index: true },
+      source_id: { type: "string", required: true, index: true },
+      name: { type: "string", required: true },
+      kind: { type: ["text", "binding"], required: true },
+      text_value: { type: "string", required: false },
+      slot_key: { type: "string", required: false },
+      prefix: { type: "string", required: false }
+    }
+  },
+  openapi_source_spec_fetch_query_param: {
+    fields: {
+      id: { type: "string", required: true },
+      scope_id: { type: "string", required: true, index: true },
+      source_id: { type: "string", required: true, index: true },
+      name: { type: "string", required: true },
+      kind: { type: ["text", "binding"], required: true },
+      text_value: { type: "string", required: false },
+      slot_key: { type: "string", required: false },
+      prefix: { type: "string", required: false }
+    }
+  }
+});
+var StoredSourceSchema = class extends Schema5.Class("OpenApiStoredSource")({
+  namespace: Schema5.String,
+  scope: Schema5.String,
+  name: Schema5.String,
+  config: Schema5.Struct({
+    spec: Schema5.String,
+    sourceUrl: Schema5.optional(Schema5.String),
+    baseUrl: Schema5.optional(Schema5.String),
+    namespace: Schema5.optional(Schema5.String),
+    headers: Schema5.optional(Schema5.Record(Schema5.String, ConfiguredHeaderValue)),
+    queryParams: Schema5.optional(Schema5.Record(Schema5.String, ConfiguredHeaderValue)),
+    specFetchCredentials: Schema5.optional(
+      Schema5.Struct({
+        headers: Schema5.optional(Schema5.Record(Schema5.String, ConfiguredHeaderValue)),
+        queryParams: Schema5.optional(Schema5.Record(Schema5.String, ConfiguredHeaderValue))
+      })
+    ),
+    // Canonical source-owned OAuth config. Concrete client credentials
+    // and connection ids live in OpenAPI-owned scoped binding rows.
+    oauth2: Schema5.optional(OAuth2SourceConfig)
+  })
+}) {
+};
+var encodeBinding = Schema5.encodeSync(OperationBinding);
+var decodeBinding = Schema5.decodeUnknownSync(OperationBinding);
+var decodeBindingJson = Schema5.decodeUnknownSync(Schema5.fromJsonString(OperationBinding));
+var decodeOAuth2SourceConfigOption = Schema5.decodeUnknownOption(OAuth2SourceConfig);
+var decodeOAuth2SourceConfigJsonOption = Schema5.decodeUnknownOption(
+  Schema5.fromJsonString(OAuth2SourceConfig)
+);
+var encodeOAuth2SourceConfig = Schema5.encodeSync(OAuth2SourceConfig);
+var NullableString = Schema5.NullOr(Schema5.String);
+var OptionalNullableString = Schema5.optional(NullableString);
+var ChildStorageRow = Schema5.Struct({
+  name: Schema5.String,
+  kind: Schema5.Literals(["text", "binding"]),
+  text_value: OptionalNullableString,
+  slot_key: OptionalNullableString,
+  prefix: OptionalNullableString
+});
+var decodeChildStorageRowOption = Schema5.decodeUnknownOption(ChildStorageRow);
+var SourceStorageRow = Schema5.Struct({
+  id: Schema5.String,
+  scope_id: Schema5.String,
+  name: Schema5.String,
+  spec: Schema5.String,
+  source_url: OptionalNullableString,
+  base_url: OptionalNullableString,
+  oauth2: Schema5.optional(Schema5.Unknown)
+});
+var decodeSourceStorageRow = Schema5.decodeUnknownSync(SourceStorageRow);
+var OperationStorageRow = Schema5.Struct({
+  id: Schema5.String,
+  source_id: Schema5.String,
+  binding: Schema5.Unknown
+});
+var decodeOperationStorageRow = Schema5.decodeUnknownSync(OperationStorageRow);
+var valueMapToChildRows = (sourceId, scope, values) => {
+  if (!values) return [];
+  return Object.entries(values).map(([name, value]) => {
+    const id = JSON.stringify([sourceId, name]);
+    if (typeof value === "string") {
+      return {
+        id,
+        scope_id: scope,
+        source_id: sourceId,
+        name,
+        kind: "text",
+        text_value: value
+      };
+    }
+    return {
+      id,
+      scope_id: scope,
+      source_id: sourceId,
+      name,
+      kind: "binding",
+      slot_key: value.slot,
+      prefix: value.prefix
+    };
+  });
+};
+var childRowsToValueMap = (rows) => {
+  const out = {};
+  for (const row of rows) {
+    const decoded = decodeChildStorageRowOption(row);
+    if (Option4.isSome(decoded)) {
+      const child = decoded.value;
+      if (child.kind === "binding" && child.slot_key != null) {
+        out[child.name] = child.prefix != null ? new ConfiguredHeaderBinding({
+          kind: "binding",
+          slot: child.slot_key,
+          prefix: child.prefix
+        }) : new ConfiguredHeaderBinding({
+          kind: "binding",
+          slot: child.slot_key
+        });
+      } else if (child.kind === "text" && child.text_value != null) {
+        out[child.name] = child.text_value;
+      }
+    }
+  }
+  return out;
+};
+var toJsonRecord = (value) => value;
+var slugifySlotPart = (value) => value.trim().toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-+|-+$/g, "") || "default";
+var headerBindingSlot = (headerName) => `header:${slugifySlotPart(headerName)}`;
+var queryParamBindingSlot = (name) => `query_param:${slugifySlotPart(name)}`;
+var oauth2ClientIdSlot = (securitySchemeName) => `oauth2:${slugifySlotPart(securitySchemeName)}:client-id`;
+var oauth2ClientSecretSlot = (securitySchemeName) => `oauth2:${slugifySlotPart(securitySchemeName)}:client-secret`;
+var oauth2ConnectionSlot = (securitySchemeName) => `oauth2:${slugifySlotPart(securitySchemeName)}:connection`;
+var normalizeStoredOAuth2 = (value) => {
+  if (value == null) return void 0;
+  const sourceConfig = typeof value === "string" ? decodeOAuth2SourceConfigJsonOption(value) : decodeOAuth2SourceConfigOption(value);
+  if (Option4.isSome(sourceConfig)) {
+    return sourceConfig.value;
+  }
+  return void 0;
+};
+var makeDefaultOpenapiStore = ({ adapter }) => {
+  const loadChildValueMap = (model, sourceId, scope) => adapter.findMany({
+    model,
+    where: [
+      { field: "source_id", value: sourceId },
+      { field: "scope_id", value: scope }
+    ]
+  }).pipe(Effect4.map(childRowsToValueMap));
+  const rowToSource = (row) => Effect4.gen(function* () {
+    const sourceRow = decodeSourceStorageRow(row);
+    const sourceId = sourceRow.id;
+    const scope = sourceRow.scope_id;
+    const oauth2 = normalizeStoredOAuth2(sourceRow.oauth2);
+    const headers = yield* loadChildValueMap("openapi_source_header", sourceId, scope);
+    const queryParams = yield* loadChildValueMap("openapi_source_query_param", sourceId, scope);
+    const specFetchHeaders = yield* loadChildValueMap(
+      "openapi_source_spec_fetch_header",
+      sourceId,
+      scope
+    );
+    const specFetchQueryParams = yield* loadChildValueMap(
+      "openapi_source_spec_fetch_query_param",
+      sourceId,
+      scope
+    );
+    const specFetchCredentials = Object.keys(specFetchHeaders).length === 0 && Object.keys(specFetchQueryParams).length === 0 ? void 0 : {
+      ...Object.keys(specFetchHeaders).length > 0 ? { headers: specFetchHeaders } : {},
+      ...Object.keys(specFetchQueryParams).length > 0 ? { queryParams: specFetchQueryParams } : {}
+    };
+    return {
+      namespace: sourceId,
+      scope,
+      name: sourceRow.name,
+      config: {
+        spec: sourceRow.spec,
+        sourceUrl: sourceRow.source_url ?? void 0,
+        baseUrl: sourceRow.base_url ?? void 0,
+        headers,
+        queryParams,
+        specFetchCredentials,
+        oauth2
+      }
+    };
+  });
+  const rowToOperation = (row) => {
+    const operationRow = decodeOperationStorageRow(row);
+    return {
+      toolId: operationRow.id,
+      sourceId: operationRow.source_id,
+      binding: decodeBinding(
+        typeof operationRow.binding === "string" ? decodeBindingJson(operationRow.binding) : operationRow.binding
+      )
+    };
+  };
+  const replaceChildRows = (model, sourceId, scope, values) => Effect4.gen(function* () {
+    yield* adapter.deleteMany({
+      model,
+      where: [
+        { field: "source_id", value: sourceId },
+        { field: "scope_id", value: scope }
+      ]
+    });
+    const rows = valueMapToChildRows(sourceId, scope, values);
+    if (rows.length === 0) return;
+    yield* adapter.createMany({
+      model,
+      data: rows,
+      forceAllowId: true
+    });
+  });
+  const deleteSource = (namespace, scope) => Effect4.gen(function* () {
+    yield* adapter.deleteMany({
+      model: "openapi_operation",
+      where: [
+        { field: "source_id", value: namespace },
+        { field: "scope_id", value: scope }
+      ]
+    });
+    for (const model of [
+      "openapi_source_header",
+      "openapi_source_query_param",
+      "openapi_source_spec_fetch_header",
+      "openapi_source_spec_fetch_query_param"
+    ]) {
+      yield* adapter.deleteMany({
+        model,
+        where: [
+          { field: "source_id", value: namespace },
+          { field: "scope_id", value: scope }
+        ]
+      });
+    }
+    yield* adapter.delete({
+      model: "openapi_source",
+      where: [
+        { field: "id", value: namespace },
+        { field: "scope_id", value: scope }
+      ]
+    });
+  });
+  return {
+    upsertSource: (input, operations) => Effect4.gen(function* () {
+      yield* deleteSource(input.namespace, input.scope);
+      yield* adapter.create({
+        model: "openapi_source",
+        data: {
+          id: input.namespace,
+          scope_id: input.scope,
+          name: input.name,
+          spec: input.config.spec,
+          source_url: input.config.sourceUrl ?? void 0,
+          base_url: input.config.baseUrl ?? void 0,
+          oauth2: input.config.oauth2 ? toJsonRecord(encodeOAuth2SourceConfig(input.config.oauth2)) : void 0
+        },
+        forceAllowId: true
+      });
+      yield* replaceChildRows(
+        "openapi_source_header",
+        input.namespace,
+        input.scope,
+        input.config.headers
+      );
+      yield* replaceChildRows(
+        "openapi_source_query_param",
+        input.namespace,
+        input.scope,
+        input.config.queryParams
+      );
+      yield* replaceChildRows(
+        "openapi_source_spec_fetch_header",
+        input.namespace,
+        input.scope,
+        input.config.specFetchCredentials?.headers
+      );
+      yield* replaceChildRows(
+        "openapi_source_spec_fetch_query_param",
+        input.namespace,
+        input.scope,
+        input.config.specFetchCredentials?.queryParams
+      );
+      if (operations.length > 0) {
+        yield* adapter.createMany({
+          model: "openapi_operation",
+          data: operations.map((op) => ({
+            id: op.toolId,
+            scope_id: input.scope,
+            source_id: op.sourceId,
+            binding: toJsonRecord(encodeBinding(op.binding))
+          })),
+          forceAllowId: true
+        });
+      }
+    }),
+    updateSourceMeta: (namespace, scope, patch) => Effect4.gen(function* () {
+      const existingRow = yield* adapter.findOne({
+        model: "openapi_source",
+        where: [
+          { field: "id", value: namespace },
+          { field: "scope_id", value: scope }
+        ]
+      });
+      if (!existingRow) return;
+      const existing = yield* rowToSource(existingRow);
+      const nextName = patch.name?.trim() || existing.name;
+      const nextBaseUrl = patch.baseUrl !== void 0 ? patch.baseUrl : existing.config.baseUrl;
+      const nextOAuth2 = patch.oauth2 !== void 0 ? patch.oauth2 : existing.config.oauth2;
+      yield* adapter.update({
+        model: "openapi_source",
+        where: [
+          { field: "id", value: namespace },
+          { field: "scope_id", value: scope }
+        ],
+        update: {
+          name: nextName,
+          base_url: nextBaseUrl ?? void 0,
+          oauth2: nextOAuth2 ? toJsonRecord(encodeOAuth2SourceConfig(nextOAuth2)) : void 0
+        }
+      });
+      if (patch.headers !== void 0) {
+        yield* replaceChildRows("openapi_source_header", namespace, scope, patch.headers);
+      }
+      if (patch.queryParams !== void 0) {
+        yield* replaceChildRows(
+          "openapi_source_query_param",
+          namespace,
+          scope,
+          patch.queryParams
+        );
+      }
+    }),
+    getSource: (namespace, scope) => Effect4.gen(function* () {
+      const row = yield* adapter.findOne({
+        model: "openapi_source",
+        where: [
+          { field: "id", value: namespace },
+          { field: "scope_id", value: scope }
+        ]
+      });
+      if (!row) return null;
+      return yield* rowToSource(row);
+    }),
+    listSources: () => Effect4.gen(function* () {
+      const rows = yield* adapter.findMany({ model: "openapi_source" });
+      return yield* Effect4.forEach(rows, rowToSource, {
+        concurrency: "unbounded"
+      });
+    }),
+    getOperationByToolId: (toolId, scope) => adapter.findOne({
+      model: "openapi_operation",
+      where: [
+        { field: "id", value: toolId },
+        { field: "scope_id", value: scope }
+      ]
+    }).pipe(Effect4.map((row) => row ? rowToOperation(row) : null)),
+    listOperationsBySource: (sourceId, scope) => adapter.findMany({
+      model: "openapi_operation",
+      where: [
+        { field: "source_id", value: sourceId },
+        { field: "scope_id", value: scope }
+      ]
+    }).pipe(Effect4.map((rows) => rows.map(rowToOperation))),
+    removeSource: (namespace, scope) => deleteSource(namespace, scope)
+  };
+};
+
+export {
+  OpenApiParseError,
+  OpenApiExtractionError,
+  OpenApiInvocationError,
+  OpenApiOAuthError,
+  fetchSpecText,
+  resolveSpecText,
+  parse,
+  DocResolver,
+  substituteUrlVariables,
+  expandServerUrlOptions,
+  resolveBaseUrl,
+  preferredContent,
+  OperationId,
+  HttpMethod,
+  ParameterLocation,
+  OperationParameter,
+  EncodingObject,
+  MediaBinding,
+  OperationRequestBody,
+  ExtractedOperation,
+  ServerVariable,
+  ServerInfo,
+  ExtractionResult,
+  OperationBinding,
+  HeaderValue,
+  ConfiguredHeaderBinding,
+  ConfiguredHeaderValue,
+  OpenApiCredentialInput,
+  OpenApiSourceBindingValue,
+  OpenApiSourceBindingInputSchema,
+  OpenApiSourceBindingInput,
+  OpenApiSourceBindingRef,
+  OAuth2SourceConfigSchema,
+  OAuth2SourceConfig,
+  InvocationResult,
+  extract,
+  OAuth2AuthorizationCodeFlow,
+  OAuth2ClientCredentialsFlow,
+  OAuth2Flows,
+  SecurityScheme,
+  AuthStrategy,
+  HeaderPreset,
+  OAuth2Preset,
+  PreviewOperation,
+  SpecPreview,
+  previewSpec,
+  openapiSchema,
+  StoredSourceSchema,
+  headerBindingSlot,
+  queryParamBindingSlot,
+  oauth2ClientIdSlot,
+  oauth2ClientSecretSlot,
+  oauth2ConnectionSlot,
+  makeDefaultOpenapiStore
+};
+//# sourceMappingURL=chunk-2BXVRXGL.js.map