@executor-js/plugin-openapi 1.4.32 → 1.5.0

package/dist/chunk-V7VCHYOY.js

@@ -0,0 +1,1544 @@
+import {
+  convertGoogleDiscoveryBundleToOpenApi,
+  convertGoogleDiscoveryToOpenApi,
+  fetchGoogleDiscoveryDocument,
+  isGoogleDiscoveryUrl
+} from "./chunk-OSIFYIQP.js";
+import {
+  openApiPresets
+} from "./chunk-AQ7JDDRM.js";
+import {
+  InvocationResult,
+  OpenApiExtractionError,
+  OpenApiInvocationError,
+  OperationBinding,
+  TOKEN_VARIABLE,
+  extract,
+  parse,
+  previewSpec,
+  resolveSpecText
+} from "./chunk-YVRI7KRC.js";
+
+// src/sdk/config.ts
+import { Option, Schema } from "effect";
+var AuthenticationVariableSchema = Schema.Struct({
+  type: Schema.Literal("variable"),
+  name: Schema.String
+});
+var AuthenticationTemplateValueSchema = Schema.Union([
+  Schema.String,
+  Schema.Array(Schema.Union([Schema.String, AuthenticationVariableSchema]))
+]);
+var APIKeyAuthenticationSchema = Schema.Struct({
+  slug: Schema.String,
+  type: Schema.Literal("apiKey"),
+  headers: Schema.optional(Schema.Record(Schema.String, AuthenticationTemplateValueSchema)),
+  queryParams: Schema.optional(Schema.Record(Schema.String, AuthenticationTemplateValueSchema))
+});
+var OAuthAuthenticationSchema = Schema.Struct({
+  slug: Schema.String,
+  type: Schema.Literal("oauth"),
+  authorizationUrl: Schema.String,
+  tokenUrl: Schema.String,
+  scopes: Schema.Array(Schema.String)
+});
+var AuthenticationSchema = Schema.Union([
+  OAuthAuthenticationSchema,
+  APIKeyAuthenticationSchema
+]);
+var OpenApiIntegrationConfigSchema = Schema.Struct({
+  /** Inlined OpenAPI document text (resolved + parsed source of truth). */
+  spec: Schema.String,
+  /** Origin URL the spec was fetched from, when known. Enables refresh. */
+  sourceUrl: Schema.optional(Schema.String),
+  /** Google Discovery bundle URLs, when the spec came from a Google bundle. */
+  googleDiscoveryUrls: Schema.optional(Schema.Array(Schema.String)),
+  /** Base URL override; falls back to the spec's first server. */
+  baseUrl: Schema.optional(Schema.String),
+  /** Static headers applied to every request (no secret material). */
+  headers: Schema.optional(Schema.Record(Schema.String, Schema.String)),
+  /** Static query params applied to every request (no secret material). */
+  queryParams: Schema.optional(Schema.Record(Schema.String, Schema.String)),
+  /** The auth methods a connection's value can be applied through. */
+  authenticationTemplate: Schema.optional(Schema.Array(AuthenticationSchema))
+});
+var decodeConfig = Schema.decodeUnknownOption(OpenApiIntegrationConfigSchema);
+var decodeOpenApiIntegrationConfig = (value) => Option.getOrNull(decodeConfig(value));
+var isVariable = (part) => typeof part !== "string";
+var renderTemplateValue = (template, values) => {
+  if (typeof template === "string") return template;
+  return template.map((part) => isVariable(part) ? values[part.name] ?? "" : part).join("");
+};
+var renderAuthTemplate = (template, values) => {
+  if (template.type === "oauth") {
+    return {
+      headers: { authorization: `Bearer ${values[TOKEN_VARIABLE] ?? ""}` },
+      queryParams: {}
+    };
+  }
+  const headers = {};
+  const queryParams = {};
+  for (const [name, tmpl] of Object.entries(template.headers ?? {})) {
+    headers[name] = renderTemplateValue(tmpl, values);
+  }
+  for (const [name, tmpl] of Object.entries(template.queryParams ?? {})) {
+    queryParams[name] = renderTemplateValue(tmpl, values);
+  }
+  return { headers, queryParams };
+};
+var requiredTemplateVariables = (template) => {
+  if (template.type === "oauth") return [TOKEN_VARIABLE];
+  const names = /* @__PURE__ */ new Set();
+  const collect = (tmpl) => {
+    if (typeof tmpl === "string") return;
+    for (const part of tmpl) {
+      if (isVariable(part)) names.add(part.name);
+    }
+  };
+  for (const tmpl of Object.values(template.headers ?? {})) collect(tmpl);
+  for (const tmpl of Object.values(template.queryParams ?? {})) collect(tmpl);
+  return [...names];
+};
+
+// src/sdk/invoke.ts
+import { Effect, Layer, Option as Option2 } from "effect";
+import { HttpClient, HttpClientRequest } from "effect/unstable/http";
+var CONTAINER_KEYS = {
+  path: ["path", "pathParams", "params"],
+  query: ["query", "queryParams", "params"],
+  header: ["headers", "header"],
+  cookie: ["cookies", "cookie"]
+};
+var readParamValue = (args, param) => {
+  const direct = args[param.name];
+  if (direct !== void 0) return direct;
+  for (const key of CONTAINER_KEYS[param.location] ?? []) {
+    const container = args[key];
+    if (typeof container === "object" && container !== null && !Array.isArray(container)) {
+      const nested = container[param.name];
+      if (nested !== void 0) return nested;
+    }
+  }
+  return void 0;
+};
+var primitiveToString = (value) => typeof value === "object" && value !== null ? JSON.stringify(value) : String(value);
+var RESERVED_UNENCODED_RE = /[A-Za-z0-9\-._~:/?#[\]@!$&'()*+,;=]/;
+var encodeReservedAware = (raw, allowReserved) => {
+  if (!allowReserved) return encodeURIComponent(raw);
+  let out = "";
+  for (const ch of raw) {
+    out += RESERVED_UNENCODED_RE.test(ch) ? ch : encodeURIComponent(ch);
+  }
+  return out;
+};
+var queryParamValues = (value, param) => {
+  if (value === void 0 || value === null) return [];
+  if (!Array.isArray(value)) return [primitiveToString(value)];
+  const style = Option2.getOrUndefined(param.style) ?? "form";
+  const explode = Option2.getOrElse(param.explode, () => true);
+  if (explode) return value.map(primitiveToString);
+  const separator = style === "spaceDelimited" ? " " : style === "pipeDelimited" ? "|" : ",";
+  return [value.map(primitiveToString).join(separator)];
+};
+var resolvePath = Effect.fn("OpenApi.resolvePath")(function* (pathTemplate, args, parameters) {
+  let resolved = pathTemplate;
+  for (const param of parameters) {
+    if (param.location !== "path") continue;
+    const value = readParamValue(args, param);
+    if (value === void 0 || value === null) {
+      if (param.required) {
+        return yield* new OpenApiInvocationError({
+          message: `Missing required path parameter: ${param.name}`,
+          statusCode: Option2.none()
+        });
+      }
+      continue;
+    }
+    const encoded = encodeReservedAware(
+      String(value),
+      Option2.getOrElse(param.allowReserved, () => false)
+    );
+    resolved = resolved.replaceAll(`{${param.name}}`, encoded);
+    resolved = resolved.replaceAll(`{+${param.name}}`, encoded);
+  }
+  const remaining = [...resolved.matchAll(/\{([^{}]+)\}/g)].map((m) => m[1]).filter((v) => typeof v === "string");
+  for (const name of remaining) {
+    const value = args[name];
+    if (value !== void 0 && value !== null) {
+      resolved = resolved.replaceAll(`{${name}}`, encodeURIComponent(String(value)));
+    }
+  }
+  const unresolved = [...resolved.matchAll(/\{([^{}]+)\}/g)].map((m) => m[1]).filter((v) => typeof v === "string");
+  if (unresolved.length > 0) {
+    return yield* new OpenApiInvocationError({
+      message: `Unresolved path parameters: ${[...new Set(unresolved)].join(", ")}`,
+      statusCode: Option2.none()
+    });
+  }
+  return resolved;
+});
+var applyHeaders = (request, headers) => {
+  let req = request;
+  for (const [name, value] of Object.entries(headers)) {
+    req = HttpClientRequest.setHeader(req, name, value);
+  }
+  return req;
+};
+var normalizeContentType = (ct) => ct?.split(";")[0]?.trim().toLowerCase() ?? "";
+var isJsonContentType = (ct) => {
+  const normalized = normalizeContentType(ct);
+  if (!normalized) return false;
+  return normalized === "application/json" || normalized.includes("+json") || normalized.includes("json");
+};
+var isFormUrlEncoded = (ct) => normalizeContentType(ct) === "application/x-www-form-urlencoded";
+var isMultipartFormData = (ct) => normalizeContentType(ct).startsWith("multipart/form-data");
+var isXmlContentType = (ct) => {
+  const normalized = normalizeContentType(ct);
+  if (!normalized) return false;
+  return normalized === "application/xml" || normalized === "text/xml" || normalized.endsWith("+xml");
+};
+var isTextContentType = (ct) => normalizeContentType(ct).startsWith("text/");
+var isOctetStream = (ct) => normalizeContentType(ct) === "application/octet-stream";
+var toUint8Array = (value) => {
+  if (value instanceof Uint8Array) return value;
+  if (value instanceof ArrayBuffer) return new Uint8Array(value);
+  if (ArrayBuffer.isView(value)) {
+    const view = value;
+    return new Uint8Array(view.buffer, view.byteOffset, view.byteLength);
+  }
+  if (Array.isArray(value) && value.every((v) => typeof v === "number")) {
+    return new Uint8Array(value);
+  }
+  return null;
+};
+var toArrayBuffer = (bytes) => {
+  const copy = new ArrayBuffer(bytes.byteLength);
+  new Uint8Array(copy).set(bytes);
+  return copy;
+};
+var DEFAULT_FORM_STYLE = {
+  style: "form",
+  explode: true,
+  allowReserved: false
+};
+var resolveStyleExplode = (e) => {
+  if (!e) return DEFAULT_FORM_STYLE;
+  return {
+    style: Option2.getOrElse(e.style, () => DEFAULT_FORM_STYLE.style),
+    explode: Option2.getOrElse(e.explode, () => DEFAULT_FORM_STYLE.explode),
+    allowReserved: Option2.getOrElse(e.allowReserved, () => DEFAULT_FORM_STYLE.allowReserved)
+  };
+};
+var encodeFormValue = (v, allowReserved) => {
+  const raw = typeof v === "object" && v !== null ? JSON.stringify(v) : String(v);
+  return encodeReservedAware(raw, allowReserved);
+};
+var serializeFormUrlEncoded = (value, encoding) => {
+  const parts = [];
+  for (const [key, raw] of Object.entries(value)) {
+    if (raw === void 0 || raw === null) continue;
+    const { style, explode, allowReserved } = resolveStyleExplode(encoding?.[key]);
+    const encKey = encodeURIComponent(key);
+    if (Array.isArray(raw)) {
+      if (explode) {
+        for (const v of raw) {
+          parts.push(`${encKey}=${encodeFormValue(v, allowReserved)}`);
+        }
+      } else {
+        const sep = style === "spaceDelimited" ? " " : style === "pipeDelimited" ? "|" : ",";
+        parts.push(
+          `${encKey}=${encodeFormValue(
+            raw.map((v) => typeof v === "object" ? JSON.stringify(v) : String(v)).join(sep),
+            allowReserved
+          )}`
+        );
+      }
+      continue;
+    }
+    if (typeof raw === "object") {
+      const entries = Object.entries(raw).filter(
+        ([, v]) => v !== void 0 && v !== null
+      );
+      if (style === "deepObject") {
+        for (const [subkey, subval] of entries) {
+          parts.push(
+            `${encodeURIComponent(`${key}[${subkey}]`)}=${encodeFormValue(subval, allowReserved)}`
+          );
+        }
+      } else if (explode) {
+        for (const [subkey, subval] of entries) {
+          parts.push(`${encodeURIComponent(subkey)}=${encodeFormValue(subval, allowReserved)}`);
+        }
+      } else {
+        const flat = entries.flatMap(([k, v]) => [
+          k,
+          typeof v === "object" ? JSON.stringify(v) : String(v)
+        ]);
+        parts.push(`${encKey}=${encodeFormValue(flat.join(","), allowReserved)}`);
+      }
+      continue;
+    }
+    parts.push(`${encKey}=${encodeFormValue(raw, allowReserved)}`);
+  }
+  return parts.join("&");
+};
+var coerceFormDataRecord = (value, encoding) => {
+  const out = {};
+  for (const [key, raw] of Object.entries(value)) {
+    if (raw === void 0 || raw === null) continue;
+    const partType = encoding?.[key] ? Option2.getOrUndefined(encoding[key].contentType) : void 0;
+    if (partType) {
+      const isJson = partType.startsWith("application/json") || partType.includes("+json");
+      const serialized = typeof raw === "string" ? raw : isJson ? JSON.stringify(raw) : typeof raw === "object" ? JSON.stringify(raw) : String(raw);
+      out[key] = new Blob([serialized], { type: partType });
+      continue;
+    }
+    if (typeof raw === "string" || typeof raw === "number" || typeof raw === "boolean" || raw instanceof Blob || typeof File !== "undefined" && raw instanceof File) {
+      out[key] = raw;
+      continue;
+    }
+    if (Array.isArray(raw)) {
+      out[key] = raw.map(
+        (v) => typeof v === "string" || typeof v === "number" || typeof v === "boolean" || v instanceof Blob || typeof File !== "undefined" && v instanceof File ? v : JSON.stringify(v)
+      );
+      continue;
+    }
+    const bytes = toUint8Array(raw);
+    if (bytes) {
+      out[key] = new Blob([toArrayBuffer(bytes)]);
+      continue;
+    }
+    out[key] = JSON.stringify(raw);
+  }
+  return out;
+};
+var applyRequestBody = (request, contentType, bodyValue, encoding) => {
+  if (isJsonContentType(contentType)) {
+    if (typeof bodyValue === "string") {
+      return HttpClientRequest.bodyText(request, bodyValue, contentType);
+    }
+    return HttpClientRequest.bodyJsonUnsafe(request, bodyValue);
+  }
+  if (isFormUrlEncoded(contentType)) {
+    if (typeof bodyValue === "string") {
+      return HttpClientRequest.bodyText(request, bodyValue, contentType);
+    }
+    if (typeof bodyValue === "object" && bodyValue !== null && !Array.isArray(bodyValue)) {
+      const serialized = serializeFormUrlEncoded(bodyValue, encoding);
+      return HttpClientRequest.bodyText(request, serialized, contentType);
+    }
+    return HttpClientRequest.bodyUrlParams(
+      request,
+      bodyValue
+    );
+  }
+  if (isMultipartFormData(contentType)) {
+    if (bodyValue instanceof FormData) {
+      return HttpClientRequest.bodyFormData(request, bodyValue);
+    }
+    if (typeof bodyValue === "object" && bodyValue !== null) {
+      return HttpClientRequest.bodyFormDataRecord(
+        request,
+        coerceFormDataRecord(bodyValue, encoding)
+      );
+    }
+    return HttpClientRequest.bodyText(request, String(bodyValue), contentType);
+  }
+  if (isOctetStream(contentType)) {
+    const bytes2 = toUint8Array(bodyValue);
+    if (bytes2) return HttpClientRequest.bodyUint8Array(request, bytes2, contentType);
+    if (typeof bodyValue === "string") {
+      return HttpClientRequest.bodyText(request, bodyValue, contentType);
+    }
+    return HttpClientRequest.bodyText(request, JSON.stringify(bodyValue), contentType);
+  }
+  if (isXmlContentType(contentType) || isTextContentType(contentType)) {
+    if (typeof bodyValue === "string") {
+      return HttpClientRequest.bodyText(request, bodyValue, contentType);
+    }
+    const bytes2 = toUint8Array(bodyValue);
+    if (bytes2) return HttpClientRequest.bodyUint8Array(request, bytes2, contentType);
+    return HttpClientRequest.bodyText(request, JSON.stringify(bodyValue), contentType);
+  }
+  if (typeof bodyValue === "string") {
+    return HttpClientRequest.bodyText(request, bodyValue, contentType);
+  }
+  const bytes = toUint8Array(bodyValue);
+  if (bytes) return HttpClientRequest.bodyUint8Array(request, bytes, contentType);
+  return HttpClientRequest.bodyText(request, JSON.stringify(bodyValue), contentType);
+};
+var invoke = Effect.fn("OpenApi.invoke")(function* (operation, args, resolvedHeaders, sourceQueryParams = {}) {
+  const client = yield* HttpClient.HttpClient;
+  yield* Effect.annotateCurrentSpan({
+    "http.method": operation.method.toUpperCase(),
+    "http.route": operation.pathTemplate,
+    "plugin.openapi.method": operation.method.toUpperCase(),
+    "plugin.openapi.path_template": operation.pathTemplate,
+    "plugin.openapi.headers.resolved_count": Object.keys(resolvedHeaders).length
+  });
+  const resolvedPath = yield* resolvePath(operation.pathTemplate, args, operation.parameters);
+  const path = resolvedPath.startsWith("/") ? resolvedPath : `/${resolvedPath}`;
+  let request = HttpClientRequest.make(operation.method.toUpperCase())(path);
+  for (const [name, value] of Object.entries(sourceQueryParams)) {
+    request = HttpClientRequest.setUrlParam(request, name, value);
+  }
+  for (const param of operation.parameters) {
+    if (param.location !== "query") continue;
+    const value = readParamValue(args, param);
+    for (const paramValue of queryParamValues(value, param)) {
+      request = HttpClientRequest.appendUrlParam(request, param.name, paramValue);
+    }
+  }
+  for (const param of operation.parameters) {
+    if (param.location !== "header") continue;
+    const value = readParamValue(args, param);
+    if (value === void 0 || value === null) continue;
+    request = HttpClientRequest.setHeader(request, param.name, String(value));
+  }
+  if (Option2.isSome(operation.requestBody)) {
+    const rb = operation.requestBody.value;
+    const bodyValue = args.body ?? args.input;
+    if (bodyValue !== void 0) {
+      const contentsOpt = Option2.getOrUndefined(rb.contents);
+      const requestedCt = typeof args.contentType === "string" ? args.contentType : void 0;
+      const selected = contentsOpt && requestedCt ? contentsOpt.find((c) => c.contentType === requestedCt) : void 0;
+      const chosenCt = selected?.contentType ?? rb.contentType;
+      const chosenEncoding = selected ? Option2.getOrUndefined(selected.encoding) : contentsOpt && contentsOpt[0] ? Option2.getOrUndefined(contentsOpt[0].encoding) : void 0;
+      request = applyRequestBody(request, chosenCt, bodyValue, chosenEncoding);
+    }
+  }
+  request = applyHeaders(request, resolvedHeaders);
+  const response = yield* client.execute(request).pipe(
+    Effect.mapError(
+      (err) => new OpenApiInvocationError({
+        message: "HTTP request failed",
+        statusCode: Option2.none(),
+        cause: err
+      })
+    )
+  );
+  const status = response.status;
+  yield* Effect.annotateCurrentSpan({
+    "http.status_code": status
+  });
+  const responseHeaders = { ...response.headers };
+  const contentType = response.headers["content-type"] ?? null;
+  const mapBodyError = Effect.mapError(
+    (err) => new OpenApiInvocationError({
+      message: "Failed to read response body",
+      statusCode: Option2.some(status),
+      cause: err
+    })
+  );
+  const responseBody = status === 204 ? null : isJsonContentType(contentType) ? yield* response.json.pipe(
+    Effect.catch(() => response.text),
+    mapBodyError
+  ) : yield* response.text.pipe(mapBodyError);
+  const ok = status >= 200 && status < 300;
+  return InvocationResult.make({
+    status,
+    headers: responseHeaders,
+    data: ok ? responseBody : null,
+    error: ok ? null : responseBody
+  });
+});
+var invokeWithLayer = (operation, args, baseUrl, resolvedHeaders, sourceQueryParams, httpClientLayer) => {
+  const operationBaseUrl = operation.baseUrl;
+  const effectiveBaseUrl = operationBaseUrl ?? baseUrl;
+  const clientWithBaseUrl = effectiveBaseUrl ? Layer.effect(
+    HttpClient.HttpClient,
+    Effect.map(
+      Effect.service(HttpClient.HttpClient),
+      HttpClient.mapRequest(HttpClientRequest.prependUrl(effectiveBaseUrl))
+    )
+  ).pipe(Layer.provide(httpClientLayer)) : httpClientLayer;
+  return invoke(operation, args, resolvedHeaders, sourceQueryParams).pipe(
+    Effect.provide(clientWithBaseUrl),
+    Effect.withSpan("plugin.openapi.invoke", {
+      attributes: {
+        "plugin.openapi.method": operation.method.toUpperCase(),
+        "plugin.openapi.path_template": operation.pathTemplate,
+        "plugin.openapi.base_url": effectiveBaseUrl
+      }
+    })
+  );
+};
+var REQUIRE_APPROVAL = /* @__PURE__ */ new Set(["post", "put", "patch", "delete"]);
+var annotationsForOperation = (method, pathTemplate) => {
+  const m = method.toLowerCase();
+  if (!REQUIRE_APPROVAL.has(m)) return {};
+  return {
+    requiresApproval: true,
+    approvalDescription: `${method.toUpperCase()} ${pathTemplate}`
+  };
+};
+
+// src/sdk/store.ts
+import { Effect as Effect2, Option as Option3, Predicate, Schema as Schema2 } from "effect";
+var OPERATION_COLLECTION = "operation";
+var STORE_OWNER = "org";
+var encodeBinding = Schema2.encodeSync(OperationBinding);
+var decodeBinding = Schema2.decodeUnknownSync(OperationBinding);
+var decodeBindingJson = Schema2.decodeUnknownSync(Schema2.fromJsonString(OperationBinding));
+var toJsonRecord = (value) => value;
+var OperationStorage = Schema2.Struct({
+  integration: Schema2.String,
+  toolName: Schema2.String,
+  binding: Schema2.Unknown
+});
+var decodeOperationStorage = Schema2.decodeUnknownOption(OperationStorage);
+var rowToOperation = (row) => {
+  const decoded = decodeOperationStorage(row.data);
+  if (Option3.isNone(decoded)) return null;
+  const operation = decoded.value;
+  return {
+    integration: operation.integration,
+    toolName: operation.toolName,
+    binding: decodeBinding(
+      typeof operation.binding === "string" ? decodeBindingJson(operation.binding) : operation.binding
+    )
+  };
+};
+var operationKey = (integration, toolName) => `${integration}.${toolName}`;
+var makeDefaultOpenapiStore = ({ pluginStorage }) => {
+  const operationData = (operation) => ({
+    integration: operation.integration,
+    toolName: operation.toolName,
+    binding: toJsonRecord(encodeBinding(operation.binding))
+  });
+  const listRows = (integration) => pluginStorage.list({ collection: OPERATION_COLLECTION, keyPrefix: `${integration}.` }).pipe(
+    Effect2.map(
+      (rows) => rows.filter((row) => rowToOperation(row)?.integration === integration)
+    )
+  );
+  const removeOperations = (integration) => Effect2.gen(function* () {
+    const rows = yield* listRows(integration);
+    yield* pluginStorage.removeMany({
+      owner: STORE_OWNER,
+      entries: rows.map((row) => ({ collection: OPERATION_COLLECTION, key: row.key }))
+    });
+  });
+  return {
+    putOperations: (integration, operations) => Effect2.gen(function* () {
+      yield* removeOperations(integration);
+      yield* pluginStorage.putMany({
+        owner: STORE_OWNER,
+        entries: operations.map((operation) => ({
+          collection: OPERATION_COLLECTION,
+          key: operationKey(integration, operation.toolName),
+          data: operationData(operation)
+        }))
+      });
+    }),
+    getOperation: (integration, toolName) => pluginStorage.get({ collection: OPERATION_COLLECTION, key: operationKey(integration, toolName) }).pipe(Effect2.map((row) => row ? rowToOperation(row) : null)),
+    listOperations: (integration) => listRows(integration).pipe(
+      Effect2.map((rows) => rows.map(rowToOperation).filter(Predicate.isNotNull))
+    ),
+    removeOperations
+  };
+};
+
+// src/sdk/plugin.ts
+import { Effect as Effect3, Option as Option5, Schema as Schema3 } from "effect";
+import {
+  AuthTemplateSlug,
+  IntegrationAlreadyExistsError,
+  IntegrationDetectionResult,
+  IntegrationSlug,
+  ToolName,
+  ToolResult,
+  authToolFailure,
+  definePlugin,
+  tool
+} from "@executor-js/sdk/core";
+
+// src/sdk/definitions.ts
+import { Option as Option4 } from "effect";
+var splitWords = (value) => value.replace(/([a-z0-9])([A-Z])/g, "$1 $2").replace(/([A-Z]+)([A-Z][a-z0-9]+)/g, "$1 $2").replace(/[^a-zA-Z0-9]+/g, " ").trim().split(/\s+/).filter((part) => part.length > 0);
+var normalizeWord = (value) => value.toLowerCase();
+var toCamelCase = (value) => {
+  const words = splitWords(value).map(normalizeWord);
+  if (words.length === 0) return "tool";
+  const [first, ...rest] = words;
+  return `${first}${rest.map((p) => `${p[0]?.toUpperCase() ?? ""}${p.slice(1)}`).join("")}`;
+};
+var toPascalCase = (value) => {
+  const camel = toCamelCase(value);
+  return `${camel[0]?.toUpperCase() ?? ""}${camel.slice(1)}`;
+};
+var VERSION_SEGMENT_REGEX = /^v\d+(?:[._-]\d+)?$/i;
+var IGNORED_PATH_SEGMENTS = /* @__PURE__ */ new Set(["api"]);
+var pathSegmentsFromTemplate = (pathTemplate) => pathTemplate.split("/").map((s) => s.trim()).filter((s) => s.length > 0);
+var isPathParameterSegment = (segment) => segment.startsWith("{") && segment.endsWith("}");
+var normalizeGroupSegment = (value) => {
+  const candidate = value?.trim();
+  if (!candidate) return null;
+  return toCamelCase(candidate);
+};
+var deriveVersionSegment = (pathTemplate) => pathSegmentsFromTemplate(pathTemplate).map((s) => s.toLowerCase()).find((s) => VERSION_SEGMENT_REGEX.test(s));
+var derivePathGroup = (pathTemplate) => {
+  for (const segment of pathSegmentsFromTemplate(pathTemplate)) {
+    const lower = segment.toLowerCase();
+    if (VERSION_SEGMENT_REGEX.test(lower)) continue;
+    if (IGNORED_PATH_SEGMENTS.has(lower)) continue;
+    if (isPathParameterSegment(segment)) continue;
+    return normalizeGroupSegment(segment) ?? "root";
+  }
+  return "root";
+};
+var splitOperationIdSegments = (value) => value.split(/[/.]+/).map((s) => s.trim()).filter((s) => s.length > 0);
+var deriveLeafSeed = (operationId, group) => {
+  const segments = splitOperationIdSegments(operationId);
+  if (segments.length > 1) {
+    const [first, ...rest] = segments;
+    if ((normalizeGroupSegment(first) ?? first) === group && rest.length > 0) {
+      return rest.join(" ");
+    }
+  }
+  return operationId;
+};
+var fallbackLeafSeed = (method, pathTemplate, group) => {
+  const relevantSegments = pathSegmentsFromTemplate(pathTemplate).filter((s) => !VERSION_SEGMENT_REGEX.test(s.toLowerCase())).filter((s) => !IGNORED_PATH_SEGMENTS.has(s.toLowerCase())).filter((s) => !isPathParameterSegment(s)).map((s) => normalizeGroupSegment(s) ?? s).filter((s) => s !== group);
+  const segmentSuffix = relevantSegments.map((s) => toPascalCase(s)).join("");
+  return `${method}${segmentSuffix || "Operation"}`;
+};
+var deriveLeaf = (operationId, method, pathTemplate, group) => {
+  const preferred = toCamelCase(deriveLeafSeed(operationId, group));
+  if (preferred.length > 0 && preferred !== group) return preferred;
+  return toCamelCase(fallbackLeafSeed(method, pathTemplate, group));
+};
+var resolveCollisions = (definitions) => {
+  const staged = definitions.map((d) => ({ ...d }));
+  const applyFactory = (items, factory) => {
+    const byPath = /* @__PURE__ */ new Map();
+    for (const item of items) {
+      const bucket = byPath.get(item.toolPath) ?? [];
+      bucket.push(item);
+      byPath.set(item.toolPath, bucket);
+    }
+    for (const bucket of byPath.values()) {
+      if (bucket.length < 2) continue;
+      for (const d of bucket) {
+        d.toolPath = factory(d);
+      }
+    }
+  };
+  applyFactory(
+    staged,
+    (d) => d.versionSegment ? `${d.group}.${d.versionSegment}.${d.leaf}` : d.toolPath
+  );
+  applyFactory(staged, (d) => {
+    const prefix = d.versionSegment ? `${d.group}.${d.versionSegment}` : d.group;
+    return `${prefix}.${d.leaf}${toPascalCase(d.method)}`;
+  });
+  applyFactory(staged, (d) => {
+    const prefix = d.versionSegment ? `${d.group}.${d.versionSegment}` : d.group;
+    return `${prefix}.${d.leaf}${toPascalCase(d.method)}${d.operationHash.slice(0, 8)}`;
+  });
+  return staged.map((d) => ({
+    toolPath: d.toolPath,
+    group: d.group,
+    leaf: d.leaf,
+    operationIndex: d.operationIndex,
+    operation: d.operation
+  }));
+};
+var stableHash = (value) => {
+  const str = JSON.stringify(value, Object.keys(value).sort());
+  let hash = 0;
+  for (let i = 0; i < str.length; i++) {
+    hash = (hash << 5) - hash + str.charCodeAt(i) | 0;
+  }
+  return Math.abs(hash).toString(36).padStart(8, "0");
+};
+var compileToolDefinitions = (operations) => {
+  const raw = operations.map((op, index) => {
+    const operationId = op.operationId;
+    const explicitToolPath = Option4.getOrUndefined(op.toolPath);
+    if (explicitToolPath) {
+      const [group2 = "root", ...leafParts] = explicitToolPath.split(".").filter(Boolean);
+      const leaf2 = leafParts.join(".") || group2;
+      const versionSegment2 = deriveVersionSegment(op.pathTemplate);
+      const operationHash2 = stableHash({
+        method: op.method,
+        path: op.pathTemplate,
+        operationId
+      });
+      return {
+        toolPath: explicitToolPath,
+        group: group2,
+        leaf: leaf2,
+        versionSegment: versionSegment2,
+        method: op.method,
+        operationHash: operationHash2,
+        operationIndex: index,
+        operation: op
+      };
+    }
+    const group = normalizeGroupSegment(op.tags[0]) ?? derivePathGroup(op.pathTemplate);
+    const leaf = deriveLeaf(operationId, op.method, op.pathTemplate, group);
+    const versionSegment = deriveVersionSegment(op.pathTemplate);
+    const operationHash = stableHash({
+      method: op.method,
+      path: op.pathTemplate,
+      operationId
+    });
+    return {
+      toolPath: `${group}.${leaf}`,
+      group,
+      leaf,
+      versionSegment,
+      method: op.method,
+      operationHash,
+      operationIndex: index,
+      operation: op
+    };
+  });
+  return resolveCollisions(raw).sort((a, b) => a.toolPath.localeCompare(b.toolPath));
+};
+
+// src/sdk/plugin.ts
+var STRINGIFIED_BODY_CAP = 1024;
+var UpstreamMessageBody = Schema3.Struct({ message: Schema3.String });
+var UpstreamErrorMessageBody = Schema3.Struct({ errorMessage: Schema3.String });
+var UpstreamNestedErrorBody = Schema3.Struct({ error: UpstreamMessageBody });
+var UpstreamErrorsArrayBody = Schema3.Struct({
+  errors: Schema3.Array(
+    Schema3.Struct({
+      detail: Schema3.optional(Schema3.String),
+      message: Schema3.optional(Schema3.String),
+      title: Schema3.optional(Schema3.String)
+    })
+  )
+});
+var UpstreamDescriptionBody = Schema3.Struct({
+  detail: Schema3.optional(Schema3.String),
+  title: Schema3.optional(Schema3.String),
+  description: Schema3.optional(Schema3.String)
+});
+var decodeUpstreamMessageBody = Schema3.decodeUnknownOption(UpstreamMessageBody);
+var decodeUpstreamErrorMessageBody = Schema3.decodeUnknownOption(UpstreamErrorMessageBody);
+var decodeUpstreamNestedErrorBody = Schema3.decodeUnknownOption(UpstreamNestedErrorBody);
+var decodeUpstreamErrorsArrayBody = Schema3.decodeUnknownOption(UpstreamErrorsArrayBody);
+var decodeUpstreamDescriptionBody = Schema3.decodeUnknownOption(UpstreamDescriptionBody);
+var clampedStringify = (value) => {
+  let s;
+  try {
+    s = JSON.stringify(value);
+  } catch {
+    s = String(value);
+  }
+  return s.length > STRINGIFIED_BODY_CAP ? `${s.slice(0, STRINGIFIED_BODY_CAP)}\u2026` : s;
+};
+var firstNonEmpty = (...values) => values.find((value) => value !== void 0 && value.length > 0);
+var extractUpstreamMessage = (body, status) => {
+  if (typeof body === "string") {
+    return body.length > 0 ? body : `Upstream returned HTTP ${status}`;
+  }
+  const nested = Option5.getOrUndefined(decodeUpstreamNestedErrorBody(body));
+  const messageBody = Option5.getOrUndefined(decodeUpstreamMessageBody(body));
+  const errorMessageBody = Option5.getOrUndefined(decodeUpstreamErrorMessageBody(body));
+  const errorsBody = Option5.getOrUndefined(decodeUpstreamErrorsArrayBody(body));
+  const descriptionBody = Option5.getOrUndefined(decodeUpstreamDescriptionBody(body));
+  const arrayMessage = errorsBody?.errors.map(
+    ({
+      detail,
+      message: upstreamMessage,
+      title
+    }) => firstNonEmpty(detail, upstreamMessage, title)
+  ).find((message2) => message2 !== void 0);
+  const message = firstNonEmpty(
+    nested?.error.message,
+    messageBody?.message,
+    errorMessageBody?.errorMessage,
+    arrayMessage,
+    descriptionBody?.detail,
+    descriptionBody?.title,
+    descriptionBody?.description
+  );
+  if (message !== void 0) return message;
+  if (body !== null && typeof body === "object") {
+    return clampedStringify(body);
+  }
+  return `Upstream returned HTTP ${status}`;
+};
+var PreviewSpecInputSchema = Schema3.Struct({
+  spec: Schema3.String
+});
+var StaticPreviewServerVariableSchema = Schema3.Struct({
+  default: Schema3.String,
+  enum: Schema3.NullOr(Schema3.Array(Schema3.String)),
+  description: Schema3.NullOr(Schema3.String)
+});
+var StaticPreviewServerSchema = Schema3.Struct({
+  url: Schema3.String,
+  description: Schema3.NullOr(Schema3.String),
+  variables: Schema3.NullOr(Schema3.Record(Schema3.String, StaticPreviewServerVariableSchema))
+});
+var StaticPreviewOAuthAuthorizationCodeFlowSchema = Schema3.Struct({
+  authorizationUrl: Schema3.String,
+  tokenUrl: Schema3.String,
+  refreshUrl: Schema3.NullOr(Schema3.String),
+  scopes: Schema3.Record(Schema3.String, Schema3.String)
+});
+var StaticPreviewOAuthClientCredentialsFlowSchema = Schema3.Struct({
+  tokenUrl: Schema3.String,
+  refreshUrl: Schema3.NullOr(Schema3.String),
+  scopes: Schema3.Record(Schema3.String, Schema3.String)
+});
+var StaticPreviewOAuthFlowsSchema = Schema3.Struct({
+  authorizationCode: Schema3.NullOr(StaticPreviewOAuthAuthorizationCodeFlowSchema),
+  clientCredentials: Schema3.NullOr(StaticPreviewOAuthClientCredentialsFlowSchema)
+});
+var StaticPreviewSecuritySchemeSchema = Schema3.Struct({
+  name: Schema3.String,
+  type: Schema3.Literals(["http", "apiKey", "oauth2", "openIdConnect"]),
+  scheme: Schema3.NullOr(Schema3.String),
+  bearerFormat: Schema3.NullOr(Schema3.String),
+  in: Schema3.NullOr(Schema3.Literals(["header", "query", "cookie"])),
+  headerName: Schema3.NullOr(Schema3.String),
+  description: Schema3.NullOr(Schema3.String),
+  flows: Schema3.NullOr(StaticPreviewOAuthFlowsSchema),
+  openIdConnectUrl: Schema3.NullOr(Schema3.String)
+});
+var StaticPreviewOAuth2PresetSchema = Schema3.Struct({
+  label: Schema3.String,
+  securitySchemeName: Schema3.String,
+  flow: Schema3.Literals(["authorizationCode", "clientCredentials"]),
+  authorizationUrl: Schema3.NullOr(Schema3.String),
+  tokenUrl: Schema3.String,
+  refreshUrl: Schema3.NullOr(Schema3.String),
+  scopes: Schema3.Record(Schema3.String, Schema3.String),
+  identityScopes: Schema3.Union([
+    Schema3.Literal("auto"),
+    Schema3.Literal(false),
+    Schema3.Array(Schema3.String)
+  ])
+});
+var StaticPreviewSpecOutputSchema = Schema3.Struct({
+  title: Schema3.NullOr(Schema3.String),
+  version: Schema3.NullOr(Schema3.String),
+  servers: Schema3.Array(StaticPreviewServerSchema),
+  operationCount: Schema3.Number,
+  tags: Schema3.Array(Schema3.String),
+  securitySchemes: Schema3.Array(StaticPreviewSecuritySchemeSchema),
+  authStrategies: Schema3.Array(Schema3.Struct({ schemes: Schema3.Array(Schema3.String) })),
+  headerPresets: Schema3.Array(
+    Schema3.Struct({
+      label: Schema3.String,
+      headers: Schema3.Record(Schema3.String, Schema3.NullOr(Schema3.String)),
+      secretHeaders: Schema3.Array(Schema3.String)
+    })
+  ),
+  oauth2Presets: Schema3.Array(StaticPreviewOAuth2PresetSchema)
+});
+var OpenApiSpecInputSchema = Schema3.Union([
+  Schema3.Struct({ kind: Schema3.Literal("url"), url: Schema3.String }),
+  Schema3.Struct({ kind: Schema3.Literal("blob"), value: Schema3.String }),
+  Schema3.Struct({
+    kind: Schema3.Literal("googleDiscovery"),
+    url: Schema3.String
+  }),
+  Schema3.Struct({
+    kind: Schema3.Literal("googleDiscoveryBundle"),
+    urls: Schema3.Array(Schema3.String)
+  })
+]);
+var AuthenticationVariableSchema2 = Schema3.Struct({
+  type: Schema3.Literal("variable"),
+  name: Schema3.String
+});
+var AuthenticationTemplateValueSchema2 = Schema3.Union([
+  Schema3.String,
+  Schema3.Array(Schema3.Union([Schema3.String, AuthenticationVariableSchema2]))
+]);
+var AuthenticationSchema2 = Schema3.Union([
+  Schema3.Struct({
+    slug: Schema3.String,
+    type: Schema3.Literal("apiKey"),
+    headers: Schema3.optional(Schema3.Record(Schema3.String, AuthenticationTemplateValueSchema2)),
+    queryParams: Schema3.optional(Schema3.Record(Schema3.String, AuthenticationTemplateValueSchema2))
+  }),
+  Schema3.Struct({
+    slug: Schema3.String,
+    type: Schema3.Literal("oauth"),
+    authorizationUrl: Schema3.String,
+    tokenUrl: Schema3.String,
+    scopes: Schema3.Array(Schema3.String)
+  })
+]);
+var AddSourceInputSchema = Schema3.Struct({
+  spec: OpenApiSpecInputSchema,
+  slug: Schema3.String,
+  description: Schema3.optional(Schema3.String),
+  baseUrl: Schema3.optional(Schema3.String),
+  headers: Schema3.optional(Schema3.Record(Schema3.String, Schema3.String)),
+  queryParams: Schema3.optional(Schema3.Record(Schema3.String, Schema3.String)),
+  authenticationTemplate: Schema3.optional(Schema3.Array(AuthenticationSchema2))
+});
+var AddSourceOutputSchema = Schema3.Struct({
+  slug: Schema3.String,
+  toolCount: Schema3.Number
+});
+var PreviewSpecInputStandardSchema = Schema3.toStandardSchemaV1(
+  Schema3.toStandardJSONSchemaV1(PreviewSpecInputSchema)
+);
+var PreviewSpecOutputStandardSchema = Schema3.toStandardSchemaV1(
+  Schema3.toStandardJSONSchemaV1(StaticPreviewSpecOutputSchema)
+);
+var AddSourceInputStandardSchema = Schema3.toStandardSchemaV1(
+  Schema3.toStandardJSONSchemaV1(AddSourceInputSchema)
+);
+var AddSourceOutputStandardSchema = Schema3.toStandardSchemaV1(
+  Schema3.toStandardJSONSchemaV1(AddSourceOutputSchema)
+);
+var openApiToolFailure = (code, message, details) => ToolResult.fail({
+  code,
+  message,
+  ...details === void 0 ? {} : { details }
+});
+var openApiAuthToolFailure = (failure) => authToolFailure({
+  // The auth-tool-failure helper's code set is shared with v1; keep the
+  // string but reference the connection rather than v1's source/slot.
+  code: failure.code,
+  message: failure.message,
+  source: { id: failure.integration, scope: failure.owner },
+  credential: {
+    kind: failure.credentialKind,
+    ...failure.credentialLabel ? { label: failure.credentialLabel } : {}
+  },
+  ...failure.status !== void 0 ? { status: failure.status } : {},
+  ...failure.details !== void 0 ? {
+    upstream: {
+      ...failure.status !== void 0 ? { status: failure.status } : {},
+      details: failure.details
+    }
+  } : {}
+});
+var staticPreviewOutput = (preview) => ({
+  title: Option5.getOrNull(preview.title),
+  version: Option5.getOrNull(preview.version),
+  servers: preview.servers.map((server) => ({
+    url: server.url,
+    description: Option5.getOrNull(server.description),
+    variables: Option5.getOrNull(server.variables) ? Object.fromEntries(
+      Object.entries(Option5.getOrNull(server.variables) ?? {}).map(([name, variable]) => [
+        name,
+        {
+          default: variable.default,
+          enum: Option5.getOrNull(variable.enum),
+          description: Option5.getOrNull(variable.description)
+        }
+      ])
+    ) : null
+  })),
+  operationCount: preview.operationCount,
+  tags: preview.tags,
+  securitySchemes: preview.securitySchemes.map((scheme) => ({
+    name: scheme.name,
+    type: scheme.type,
+    scheme: Option5.getOrNull(scheme.scheme),
+    bearerFormat: Option5.getOrNull(scheme.bearerFormat),
+    in: Option5.getOrNull(scheme.in),
+    headerName: Option5.getOrNull(scheme.headerName),
+    description: Option5.getOrNull(scheme.description),
+    flows: Option5.isSome(scheme.flows) ? {
+      authorizationCode: Option5.isSome(scheme.flows.value.authorizationCode) ? {
+        authorizationUrl: scheme.flows.value.authorizationCode.value.authorizationUrl,
+        tokenUrl: scheme.flows.value.authorizationCode.value.tokenUrl,
+        refreshUrl: Option5.getOrNull(scheme.flows.value.authorizationCode.value.refreshUrl),
+        scopes: scheme.flows.value.authorizationCode.value.scopes
+      } : null,
+      clientCredentials: Option5.isSome(scheme.flows.value.clientCredentials) ? {
+        tokenUrl: scheme.flows.value.clientCredentials.value.tokenUrl,
+        refreshUrl: Option5.getOrNull(scheme.flows.value.clientCredentials.value.refreshUrl),
+        scopes: scheme.flows.value.clientCredentials.value.scopes
+      } : null
+    } : null,
+    openIdConnectUrl: Option5.getOrNull(scheme.openIdConnectUrl)
+  })),
+  authStrategies: preview.authStrategies,
+  headerPresets: preview.headerPresets,
+  oauth2Presets: preview.oauth2Presets.map((preset) => ({
+    label: preset.label,
+    securitySchemeName: preset.securitySchemeName,
+    flow: preset.flow,
+    authorizationUrl: Option5.getOrNull(preset.authorizationUrl),
+    tokenUrl: preset.tokenUrl,
+    refreshUrl: Option5.getOrNull(preset.refreshUrl),
+    scopes: preset.scopes,
+    identityScopes: preset.identityScopes
+  }))
+});
+var normalizeOpenApiRefs = (node) => {
+  if (node == null || typeof node !== "object") return node;
+  if (Array.isArray(node)) {
+    let changed2 = false;
+    const out = node.map((item) => {
+      const n = normalizeOpenApiRefs(item);
+      if (n !== item) changed2 = true;
+      return n;
+    });
+    return changed2 ? out : node;
+  }
+  const obj = node;
+  if (typeof obj.$ref === "string") {
+    const match = obj.$ref.match(/^#\/components\/schemas\/(.+)$/);
+    if (match) return { ...obj, $ref: `#/$defs/${match[1]}` };
+    return obj;
+  }
+  let changed = false;
+  const result = {};
+  for (const [k, v] of Object.entries(obj)) {
+    const n = normalizeOpenApiRefs(v);
+    if (n !== v) changed = true;
+    result[k] = n;
+  }
+  return changed ? result : obj;
+};
+var toBinding = (def) => OperationBinding.make({
+  method: def.operation.method,
+  baseUrl: def.operation.baseUrl,
+  pathTemplate: def.operation.pathTemplate,
+  parameters: [...def.operation.parameters],
+  requestBody: def.operation.requestBody
+});
+var descriptionFor = (def) => {
+  const op = def.operation;
+  return Option5.getOrElse(
+    op.description,
+    () => Option5.getOrElse(op.summary, () => `${op.method.toUpperCase()} ${op.pathTemplate}`)
+  );
+};
+var openApiTransportOutputSchema = (dataSchema) => ({
+  type: "object",
+  additionalProperties: false,
+  required: ["status", "headers", "data"],
+  properties: {
+    status: { type: "integer" },
+    headers: {
+      type: "object",
+      additionalProperties: { type: "string" }
+    },
+    data: dataSchema ?? {}
+  }
+});
+var specInputToSourceUrl = (spec) => spec.kind === "url" || spec.kind === "googleDiscovery" ? spec.url : void 0;
+var specInputToGoogleBundle = (spec) => spec.kind === "googleDiscoveryBundle" ? spec.urls : void 0;
+var shortId = () => Math.random().toString(36).slice(2, 8);
+var freshCustomSlug = (taken) => {
+  let candidate = `custom_${shortId()}`;
+  while (taken.has(candidate)) candidate = `custom_${shortId()}`;
+  return AuthTemplateSlug.make(candidate);
+};
+var mergeAuthenticationTemplate = (existing, incoming) => {
+  const result = existing.map((entry) => entry);
+  const taken = new Set(result.map((entry) => String(entry.slug)));
+  for (const entry of incoming) {
+    const rawSlug = entry.slug;
+    const requested = typeof rawSlug === "string" ? rawSlug.trim() : "";
+    const existingIndex = result.findIndex((current) => String(current.slug) === requested);
+    if (requested.length > 0 && existingIndex >= 0) {
+      result[existingIndex] = entry;
+      continue;
+    }
+    const slug = requested.length > 0 && !taken.has(requested) ? AuthTemplateSlug.make(requested) : freshCustomSlug(taken);
+    taken.add(String(slug));
+    result.push({ ...entry, slug });
+  }
+  return result;
+};
+var parseTemplateValue = (value) => {
+  if (typeof value === "string") return { prefix: "", variable: TOKEN_VARIABLE };
+  const parts = [];
+  for (const part of value) {
+    if (typeof part !== "string" && part.type === "variable") {
+      return { prefix: parts.join(""), variable: part.name };
+    }
+    if (typeof part === "string") parts.push(part);
+  }
+  return { prefix: parts.join(""), variable: TOKEN_VARIABLE };
+};
+var placementsFromAuthentication = (template) => {
+  const placements = [];
+  for (const [name, value] of Object.entries(template.headers ?? {})) {
+    const { prefix, variable } = parseTemplateValue(value);
+    placements.push({ carrier: "header", name, prefix, variable });
+  }
+  for (const [name, value] of Object.entries(template.queryParams ?? {})) {
+    const { prefix, variable } = parseTemplateValue(value);
+    placements.push({ carrier: "query", name, prefix, variable });
+  }
+  return placements;
+};
+var apiKeyLabel = (slug, placements) => {
+  const first = placements[0];
+  if (first) return `API key (${first.name || (first.carrier === "header" ? "header" : "query")})`;
+  return `API key (${slug})`;
+};
+var describeOpenApiAuthMethods = (record) => {
+  const config = decodeOpenApiIntegrationConfig(record.config);
+  if (!config) return [];
+  return (config.authenticationTemplate ?? []).map(
+    (template) => {
+      const slug = String(template.slug);
+      if (template.type === "oauth") {
+        return {
+          id: slug,
+          label: "OAuth2",
+          kind: "oauth",
+          template: slug,
+          oauth: {
+            authorizationUrl: template.authorizationUrl,
+            tokenUrl: template.tokenUrl,
+            scopes: template.scopes
+          }
+        };
+      }
+      const placements = placementsFromAuthentication(template);
+      return {
+        id: slug,
+        label: apiKeyLabel(slug, placements),
+        kind: "apikey",
+        template: slug,
+        placements
+      };
+    }
+  );
+};
+var describeOpenApiIntegrationDisplay = (record) => {
+  const config = decodeOpenApiIntegrationConfig(record.config);
+  return { url: config?.baseUrl ?? config?.sourceUrl };
+};
+var compileSpec = (specText) => Effect3.gen(function* () {
+  const doc = yield* parse(specText);
+  const result = yield* extract(doc);
+  const hoistedDefs = {};
+  if (doc.components?.schemas) {
+    for (const [k, v] of Object.entries(doc.components.schemas)) {
+      hoistedDefs[k] = normalizeOpenApiRefs(v);
+    }
+  }
+  return {
+    definitions: compileToolDefinitions(result.operations),
+    hoistedDefs,
+    title: Option5.getOrUndefined(result.title)
+  };
+});
+var toolDefsFromCompiled = (compiled) => compiled.definitions.map(
+  (def) => ({
+    name: ToolName.make(def.toolPath),
+    description: descriptionFor(def),
+    inputSchema: normalizeOpenApiRefs(Option5.getOrUndefined(def.operation.inputSchema)),
+    outputSchema: openApiTransportOutputSchema(
+      normalizeOpenApiRefs(Option5.getOrUndefined(def.operation.outputSchema))
+    ),
+    annotations: annotationsForOperation(def.operation.method, def.operation.pathTemplate)
+  })
+);
+var storedOperationsFromCompiled = (integration, compiled) => compiled.definitions.map((def) => ({
+  integration,
+  toolName: def.toolPath,
+  binding: toBinding(def)
+}));
+var fetchGoogleDiscoveryBundleConversion = (urls, httpClientLayer) => Effect3.forEach(
+  urls,
+  (url) => fetchGoogleDiscoveryDocument(url).pipe(
+    Effect3.provide(httpClientLayer),
+    Effect3.map((documentText) => ({ discoveryUrl: url, documentText }))
+  ),
+  { concurrency: 4 }
+).pipe(Effect3.flatMap((documents) => convertGoogleDiscoveryBundleToOpenApi({ documents })));
+var openApiPlugin = definePlugin((options) => {
+  const resolveSpecForInput = (spec, httpClientLayer) => Effect3.gen(function* () {
+    if (spec.kind === "googleDiscovery") {
+      const conversion = yield* fetchGoogleDiscoveryDocument(spec.url).pipe(
+        Effect3.provide(httpClientLayer),
+        Effect3.flatMap(
+          (documentText) => convertGoogleDiscoveryToOpenApi({
+            discoveryUrl: spec.url,
+            documentText
+          })
+        )
+      );
+      return {
+        specText: conversion.specText,
+        baseUrl: conversion.baseUrl,
+        ...conversion.authenticationTemplate ? { authenticationTemplate: conversion.authenticationTemplate } : {}
+      };
+    }
+    if (spec.kind === "googleDiscoveryBundle") {
+      const conversion = yield* fetchGoogleDiscoveryBundleConversion(spec.urls, httpClientLayer);
+      return {
+        specText: conversion.specText,
+        baseUrl: conversion.baseUrl,
+        ...conversion.authenticationTemplate ? { authenticationTemplate: conversion.authenticationTemplate } : {}
+      };
+    }
+    if (spec.kind === "url") {
+      const specText = yield* resolveSpecText(spec.url).pipe(Effect3.provide(httpClientLayer));
+      return { specText };
+    }
+    return { specText: spec.value };
+  });
+  return {
+    id: "openapi",
+    packageName: "@executor-js/plugin-openapi",
+    integrationPresets: openApiPresets.map((preset) => ({
+      id: preset.id,
+      name: preset.name,
+      summary: preset.summary,
+      ...preset.url ? { url: preset.url } : {},
+      ...preset.icon ? { icon: preset.icon } : {},
+      ...preset.featured ? { featured: preset.featured } : {}
+    })),
+    storage: (deps) => makeDefaultOpenapiStore(deps),
+    extension: (ctx) => {
+      const httpClientLayer = options?.httpClientLayer ?? ctx.httpClientLayer;
+      const addSpec = (config) => Effect3.gen(function* () {
+        const resolved = yield* resolveSpecForInput(config.spec, httpClientLayer);
+        const compiled = yield* compileSpec(resolved.specText);
+        const slug = IntegrationSlug.make(config.slug);
+        const existing = yield* ctx.core.integrations.get(slug);
+        if (existing) {
+          return yield* new IntegrationAlreadyExistsError({ slug });
+        }
+        const integrationConfig = {
+          spec: resolved.specText,
+          ...specInputToSourceUrl(config.spec) !== void 0 ? { sourceUrl: specInputToSourceUrl(config.spec) } : {},
+          ...specInputToGoogleBundle(config.spec) !== void 0 ? { googleDiscoveryUrls: specInputToGoogleBundle(config.spec) } : {},
+          ...config.baseUrl ?? resolved.baseUrl ? { baseUrl: config.baseUrl ?? resolved.baseUrl } : {},
+          ...config.headers ? { headers: config.headers } : {},
+          ...config.queryParams ? { queryParams: config.queryParams } : {},
+          // Prefer the caller's explicit template; otherwise adopt the one the
+          // Google Discovery converter derived from the spec (the bundle add
+          // path relies on this — it has no preview to detect auth from).
+          ...config.authenticationTemplate ? { authenticationTemplate: config.authenticationTemplate } : resolved.authenticationTemplate ? { authenticationTemplate: resolved.authenticationTemplate } : {}
+        };
+        yield* ctx.transaction(
+          Effect3.gen(function* () {
+            yield* ctx.core.integrations.register({
+              slug,
+              description: config.description ?? compiled.title ?? config.slug,
+              config: integrationConfig,
+              canRemove: true,
+              canRefresh: specInputToSourceUrl(config.spec) != null || specInputToGoogleBundle(config.spec) != null
+            });
+            yield* ctx.storage.putOperations(
+              config.slug,
+              storedOperationsFromCompiled(config.slug, compiled)
+            );
+          })
+        );
+        return { slug, toolCount: compiled.definitions.length };
+      });
+      return {
+        previewSpec: (input) => Effect3.gen(function* () {
+          const previewInput = typeof input === "string" ? { spec: input } : input;
+          const specText = isGoogleDiscoveryUrl(previewInput.spec) ? yield* fetchGoogleDiscoveryDocument(previewInput.spec).pipe(
+            Effect3.provide(httpClientLayer),
+            Effect3.flatMap(
+              (documentText) => convertGoogleDiscoveryToOpenApi({
+                discoveryUrl: previewInput.spec,
+                documentText
+              })
+            ),
+            Effect3.map((conversion) => conversion.specText)
+          ) : yield* resolveSpecText(previewInput.spec).pipe(Effect3.provide(httpClientLayer));
+          return yield* previewSpec(specText).pipe(Effect3.provide(httpClientLayer));
+        }),
+        addSpec,
+        removeSpec: (slug) => ctx.transaction(
+          Effect3.gen(function* () {
+            yield* ctx.storage.removeOperations(slug);
+            yield* ctx.core.integrations.remove(IntegrationSlug.make(slug)).pipe(Effect3.catchTag("IntegrationRemovalNotAllowedError", () => Effect3.void));
+          })
+        ),
+        getIntegration: (slug) => ctx.core.integrations.get(IntegrationSlug.make(slug)).pipe(
+          Effect3.map(
+            (record) => record ? {
+              slug: record.slug,
+              description: record.description,
+              kind: record.kind,
+              canRemove: record.canRemove,
+              canRefresh: record.canRefresh
+            } : null
+          )
+        ),
+        getConfig: (slug) => ctx.core.integrations.get(IntegrationSlug.make(slug)).pipe(
+          Effect3.map(
+            (record) => record ? decodeOpenApiIntegrationConfig(record.config) : null
+          )
+        ),
+        configure: (slug, input) => ctx.transaction(
+          Effect3.gen(function* () {
+            const record = yield* ctx.core.integrations.get(IntegrationSlug.make(slug));
+            if (!record) return [];
+            const current = decodeOpenApiIntegrationConfig(record.config);
+            if (!current) return [];
+            const merged = input.mode === "replace" ? input.authenticationTemplate : mergeAuthenticationTemplate(
+              current.authenticationTemplate ?? [],
+              input.authenticationTemplate
+            );
+            const next = {
+              ...current,
+              authenticationTemplate: merged
+            };
+            yield* ctx.core.integrations.update(IntegrationSlug.make(slug), {
+              config: next
+            });
+            return merged;
+          })
+        )
+      };
+    },
+    staticSources: (self) => [
+      {
+        id: "openapi",
+        kind: "executor",
+        name: "OpenAPI",
+        tools: [
+          tool({
+            name: "previewSpec",
+            description: "Preview an OpenAPI document before adding it as an integration. Call this first when the user provides a spec URL/blob so you can inspect servers, auth schemes, operation count, and tags before `addSpec`. Do not collect API keys or OAuth client secrets in chat; use the connections tools for those values.",
+            inputSchema: PreviewSpecInputStandardSchema,
+            outputSchema: PreviewSpecOutputStandardSchema,
+            execute: (input) => self.previewSpec(input).pipe(
+              Effect3.map((preview) => ToolResult.ok(staticPreviewOutput(preview))),
+              Effect3.catchTags({
+                OpenApiParseError: ({ message }) => Effect3.succeed(openApiToolFailure("openapi_parse_failed", message)),
+                OpenApiExtractionError: ({ message }) => Effect3.succeed(openApiToolFailure("openapi_extraction_failed", message)),
+                OpenApiOAuthError: ({ message }) => Effect3.succeed(openApiToolFailure("openapi_oauth_failed", message))
+              })
+            )
+          }),
+          tool({
+            name: "addSpec",
+            description: "Add an OpenAPI integration to the catalog and persist its operations as tools. Recommended flow: call `previewSpec`, choose a `slug`, declare an `authenticationTemplate` for how a credential is applied (apiKey header/query, or oauth bearer), then create a connection for that integration with the user's API key or via `oauth.start`.",
+            annotations: {
+              requiresApproval: true,
+              approvalDescription: "Add an OpenAPI integration"
+            },
+            inputSchema: AddSourceInputStandardSchema,
+            outputSchema: AddSourceOutputStandardSchema,
+            execute: (input) => self.addSpec({
+              spec: input.spec,
+              slug: input.slug,
+              description: input.description,
+              baseUrl: input.baseUrl,
+              headers: input.headers,
+              queryParams: input.queryParams,
+              authenticationTemplate: input.authenticationTemplate
+            }).pipe(
+              Effect3.map(
+                (result) => ToolResult.ok({
+                  slug: String(result.slug),
+                  toolCount: result.toolCount
+                })
+              ),
+              Effect3.catchTags({
+                OpenApiParseError: ({ message }) => Effect3.succeed(openApiToolFailure("openapi_parse_failed", message)),
+                OpenApiExtractionError: ({ message }) => Effect3.succeed(openApiToolFailure("openapi_extraction_failed", message)),
+                OpenApiOAuthError: ({ message }) => Effect3.succeed(openApiToolFailure("openapi_oauth_failed", message)),
+                IntegrationAlreadyExistsError: ({ slug }) => Effect3.succeed(
+                  openApiToolFailure(
+                    "integration_already_exists",
+                    `Integration ${slug} already exists; update it instead of re-adding.`
+                  )
+                )
+              })
+            )
+          })
+        ]
+      }
+    ],
+    describeAuthMethods: describeOpenApiAuthMethods,
+    describeIntegrationDisplay: describeOpenApiIntegrationDisplay,
+    // Produce one tool per spec operation. Spec-derived, identical for every
+    // connection on the integration — so `getValue` is never called here. The
+    // operation bindings invokeTool needs are persisted at addSpec time; this
+    // hook only shapes the per-connection ToolDefs from the catalog config.
+    resolveTools: ({
+      config
+    }) => Effect3.gen(function* () {
+      const openApiConfig = decodeOpenApiIntegrationConfig(config);
+      if (!openApiConfig) return { tools: [], definitions: {} };
+      const compiled = yield* compileSpec(openApiConfig.spec).pipe(
+        Effect3.catch(() => Effect3.succeed(null))
+      );
+      if (!compiled) return { tools: [], definitions: {} };
+      return {
+        tools: toolDefsFromCompiled(compiled),
+        definitions: compiled.hoistedDefs
+      };
+    }),
+    invokeTool: ({
+      ctx: invokeCtx,
+      toolRow,
+      credential,
+      args
+    }) => Effect3.gen(function* () {
+      const httpClientLayer = options?.httpClientLayer ?? invokeCtx.httpClientLayer;
+      const integration = toolRow.integration;
+      const config = decodeOpenApiIntegrationConfig(credential.config);
+      let binding = (yield* invokeCtx.storage.getOperation(integration, toolRow.name))?.binding;
+      if (!binding && config) {
+        const compiled = yield* compileSpec(config.spec).pipe(
+          Effect3.catch(() => Effect3.succeed(null))
+        );
+        binding = compiled ? storedOperationsFromCompiled(integration, compiled).find(
+          (op) => op.toolName === toolRow.name
+        )?.binding : void 0;
+      }
+      if (!binding) {
+        return yield* new OpenApiExtractionError({
+          message: `No OpenAPI operation found for tool "${toolRow.name}" on "${integration}"`
+        });
+      }
+      const headers = { ...config?.headers ?? {} };
+      const queryParams = {
+        ...config?.queryParams ?? {}
+      };
+      const template = (config?.authenticationTemplate ?? []).find(
+        (entry) => String(entry.slug) === String(credential.template)
+      );
+      if (template) {
+        const missing = requiredTemplateVariables(template).filter((name) => {
+          const value = credential.values[name];
+          return value == null || value === "";
+        });
+        if (missing.length > 0) {
+          return openApiAuthToolFailure({
+            code: template.type === "oauth" ? "oauth_connection_missing" : "connection_value_missing",
+            message: `Connection "${credential.connection}" for "${integration}" has no resolvable credential value. Re-authenticate or update the connection.`,
+            owner: credential.owner,
+            integration,
+            connection: String(credential.connection),
+            credentialKind: template.type === "oauth" ? "oauth" : "secret"
+          });
+        }
+        const rendered = renderAuthTemplate(template, credential.values);
+        Object.assign(headers, rendered.headers);
+        Object.assign(queryParams, rendered.queryParams);
+      }
+      const result = yield* invokeWithLayer(
+        binding,
+        args ?? {},
+        config?.baseUrl ?? "",
+        headers,
+        queryParams,
+        httpClientLayer
+      );
+      const ok = result.status >= 200 && result.status < 300;
+      if (!ok) {
+        if (result.status === 401 || result.status === 403) {
+          return openApiAuthToolFailure({
+            code: "connection_rejected",
+            status: result.status,
+            message: `Upstream rejected credentials for "${integration}" with HTTP ${result.status}. Re-authenticate or update the connection "${credential.connection}" before retrying this tool.`,
+            owner: credential.owner,
+            integration,
+            connection: String(credential.connection),
+            credentialKind: "upstream",
+            credentialLabel: "Upstream authorization",
+            details: result.error
+          });
+        }
+        return ToolResult.fail({
+          code: "upstream_http_error",
+          status: result.status,
+          message: extractUpstreamMessage(result.error, result.status),
+          details: result.error
+        });
+      }
+      return ToolResult.ok({
+        status: result.status,
+        headers: result.headers,
+        data: result.data
+      });
+    }),
+    resolveAnnotations: ({
+      ctx: annotationsCtx,
+      integration,
+      toolRows
+    }) => Effect3.gen(function* () {
+      const ops = yield* annotationsCtx.storage.listOperations(String(integration));
+      const byName = /* @__PURE__ */ new Map();
+      for (const op of ops) byName.set(op.toolName, op.binding);
+      const out = {};
+      for (const row of toolRows) {
+        const binding = byName.get(row.name);
+        if (binding) {
+          out[row.name] = annotationsForOperation(binding.method, binding.pathTemplate);
+        }
+      }
+      return out;
+    }),
+    removeConnection: () => Effect3.void,
+    detect: ({
+      ctx: detectCtx,
+      url
+    }) => Effect3.gen(function* () {
+      const httpClientLayer = options?.httpClientLayer ?? detectCtx.httpClientLayer;
+      const trimmed = url.trim();
+      if (!trimmed) return null;
+      const parsed = yield* Effect3.try({
+        try: () => new URL(trimmed),
+        catch: (error) => error
+      }).pipe(Effect3.option);
+      if (Option5.isNone(parsed)) return null;
+      if (isGoogleDiscoveryUrl(trimmed)) {
+        const conversion = yield* fetchGoogleDiscoveryDocument(trimmed).pipe(
+          Effect3.provide(httpClientLayer),
+          Effect3.flatMap(
+            (documentText) => convertGoogleDiscoveryToOpenApi({
+              discoveryUrl: trimmed,
+              documentText
+            })
+          ),
+          Effect3.catch(() => Effect3.succeed(null))
+        );
+        if (conversion) {
+          return IntegrationDetectionResult.make({
+            kind: "openapi",
+            confidence: "high",
+            endpoint: trimmed,
+            name: conversion.title,
+            slug: conversion.title.toLowerCase().replace(/[^a-z0-9]+/g, "_").replace(/^_+|_+$/g, "") || `google_${conversion.service}`
+          });
+        }
+      }
+      const specText = yield* resolveSpecText(trimmed).pipe(
+        Effect3.provide(httpClientLayer),
+        Effect3.catch(() => Effect3.succeed(null))
+      );
+      if (specText === null) return null;
+      const doc = yield* parse(specText).pipe(Effect3.catch(() => Effect3.succeed(null)));
+      if (!doc) return null;
+      const result = yield* extract(doc).pipe(Effect3.catch(() => Effect3.succeed(null)));
+      if (!result) return null;
+      const slug = Option5.getOrElse(result.title, () => "api").toLowerCase().replace(/[^a-z0-9]+/g, "_");
+      const name = Option5.getOrElse(result.title, () => slug);
+      return IntegrationDetectionResult.make({
+        kind: "openapi",
+        confidence: "high",
+        endpoint: trimmed,
+        name,
+        slug
+      });
+    })
+  };
+});
+
+export {
+  AuthenticationSchema,
+  OpenApiIntegrationConfigSchema,
+  decodeOpenApiIntegrationConfig,
+  renderAuthTemplate,
+  invoke,
+  invokeWithLayer,
+  annotationsForOperation,
+  makeDefaultOpenapiStore,
+  openApiPlugin
+};
+//# sourceMappingURL=chunk-V7VCHYOY.js.map