@executor-js/plugin-openapi 1.4.33 → 1.5.0

package/dist/chunk-2ZKKZYZH.js

@@ -1,1181 +0,0 @@
-import {
-  addOpenApiSpecOptimistic,
-  previewOpenApiSpec
-} from "./chunk-X5JX3KTA.js";
-import {
-  OAuth2SourceConfig,
-  expandServerUrlOptions,
-  headerBindingSlot,
-  oauth2ClientIdSlot,
-  oauth2ClientSecretSlot,
-  oauth2ConnectionSlot,
-  queryParamBindingSlot,
-  specFetchHeaderBindingSlot,
-  specFetchQueryParamBindingSlot
-} from "./chunk-AN4HJFNP.js";
-
-// src/react/AddOpenApiSource.tsx
-import { useCallback, useEffect, useMemo, useRef, useState } from "react";
-import { useAtomSet } from "@effect/atom-react";
-import * as Effect from "effect/Effect";
-import * as Exit from "effect/Exit";
-import * as Match from "effect/Match";
-import * as Option from "effect/Option";
-import * as Schema from "effect/Schema";
-import {
-  ConnectionId,
-  ScopeId,
-  SecretId,
-  SetSourceCredentialBindingInput
-} from "@executor-js/sdk/shared";
-import { setSourceCredentialBinding, startOAuth } from "@executor-js/react/api/atoms";
-import { useScope, useScopeStack } from "@executor-js/react/api/scope-context";
-import { connectionWriteKeys, sourceWriteKeys } from "@executor-js/react/api/reactivity-keys";
-import { HeadersList } from "@executor-js/react/plugins/headers-list";
-import {
-  HttpCredentialsEditor,
-  emptyHttpCredentials,
-  serializeHttpCredentials
-} from "@executor-js/react/plugins/http-credentials";
-import {
-  oauthCallbackUrl,
-  useOAuthPopupFlow
-} from "@executor-js/react/plugins/oauth-sign-in";
-import {
-  CreatableSecretPicker,
-  matchPresetKey
-} from "@executor-js/react/plugins/secret-header-auth";
-import { CredentialScopeDropdown } from "@executor-js/react/plugins/credential-target-scope";
-import { slugifyNamespace, useSourceIdentity } from "@executor-js/react/plugins/source-identity";
-import { useSecretPickerSecrets } from "@executor-js/react/plugins/use-secret-picker-secrets";
-import { Button } from "@executor-js/react/components/button";
-import { CopyButton } from "@executor-js/react/components/copy-button";
-import {
-  Collapsible,
-  CollapsibleContent,
-  CollapsibleTrigger
-} from "@executor-js/react/components/collapsible";
-import {
-  CardStack as CardStack2,
-  CardStackContent as CardStackContent2,
-  CardStackEntryField as CardStackEntryField2
-} from "@executor-js/react/components/card-stack";
-import { FieldLabel } from "@executor-js/react/components/field";
-import { FloatActions } from "@executor-js/react/components/float-actions";
-import { HelpTooltip } from "@executor-js/react/components/help-tooltip";
-import { Label } from "@executor-js/react/components/label";
-import { Textarea } from "@executor-js/react/components/textarea";
-import { Checkbox } from "@executor-js/react/components/checkbox";
-import { RadioGroup, RadioGroupItem } from "@executor-js/react/components/radio-group";
-import { IOSSpinner, Spinner } from "@executor-js/react/components/spinner";
-
-// src/react/OpenApiSourceDetailsFields.tsx
-import {
-  CardStack,
-  CardStackContent,
-  CardStackEntry,
-  CardStackEntryContent,
-  CardStackEntryDescription,
-  CardStackEntryField,
-  CardStackEntryTitle
-} from "@executor-js/react/components/card-stack";
-import {
-  FreeformCombobox
-} from "@executor-js/react/components/combobox";
-import { Input } from "@executor-js/react/components/input";
-import { SourceFavicon } from "@executor-js/react/components/source-favicon";
-import {
-  SourceIdentityFieldRows
-} from "@executor-js/react/plugins/source-identity";
-import { jsx, jsxs } from "react/jsx-runtime";
-function OpenApiSourceDetailsFields(props) {
-  const baseUrlOptions = props.baseUrlOptions ?? [];
-  return /* @__PURE__ */ jsx(CardStack, { children: /* @__PURE__ */ jsxs(CardStackContent, { className: "border-t-0", children: [
-    /* @__PURE__ */ jsxs(CardStackEntry, { children: [
-      props.faviconUrl && /* @__PURE__ */ jsx(SourceFavicon, { url: props.faviconUrl, size: 16 }),
-      /* @__PURE__ */ jsxs(CardStackEntryContent, { children: [
-        /* @__PURE__ */ jsx(CardStackEntryTitle, { children: props.title }),
-        props.description && /* @__PURE__ */ jsx(CardStackEntryDescription, { children: props.description })
-      ] }),
-      props.saveState && props.saveState !== "idle" && /* @__PURE__ */ jsx("span", { className: "text-xs text-muted-foreground", children: props.saveState === "saving" ? "Saving\u2026" : "Saved" })
-    ] }),
-    /* @__PURE__ */ jsx(
-      SourceIdentityFieldRows,
-      {
-        identity: props.identity,
-        namespaceReadOnly: props.namespaceReadOnly
-      }
-    ),
-    /* @__PURE__ */ jsxs("div", { className: "grid grid-cols-1 md:grid-cols-2", children: [
-      /* @__PURE__ */ jsxs(CardStackEntryField, { label: "Base URL", children: [
-        baseUrlOptions.length > 0 ? /* @__PURE__ */ jsx(
-          FreeformCombobox,
-          {
-            value: props.baseUrl,
-            onValueChange: props.onBaseUrlChange,
-            options: baseUrlOptions,
-            placeholder: "https://api.example.com",
-            className: "w-full",
-            inputClassName: "font-mono text-sm"
-          }
-        ) : /* @__PURE__ */ jsx(
-          Input,
-          {
-            value: props.baseUrl,
-            onChange: (e) => props.onBaseUrlChange(e.target.value),
-            placeholder: "https://api.example.com",
-            className: "font-mono text-sm"
-          }
-        ),
-        props.baseUrlMissingMessage && !props.baseUrl && /* @__PURE__ */ jsx("p", { className: "text-[11px] text-amber-600 dark:text-amber-400", children: props.baseUrlMissingMessage })
-      ] }),
-      props.specUrl !== void 0 && props.onSpecUrlChange && /* @__PURE__ */ jsx(CardStackEntryField, { label: "Spec URL", children: /* @__PURE__ */ jsx(
-        Input,
-        {
-          value: props.specUrl,
-          onChange: (e) => props.onSpecUrlChange?.(e.target.value),
-          placeholder: "https://api.example.com/openapi.json",
-          className: "font-mono text-sm",
-          disabled: props.specUrlDisabled
-        }
-      ) })
-    ] }),
-    props.footer && /* @__PURE__ */ jsx(CardStackEntry, { children: /* @__PURE__ */ jsx(CardStackEntryContent, { children: /* @__PURE__ */ jsx(CardStackEntryTitle, { children: props.footer }) }) })
-  ] }) });
-}
-
-// src/react/AddOpenApiSource.tsx
-import { Fragment, jsx as jsx2, jsxs as jsxs2 } from "react/jsx-runtime";
-var addSpecWriteKeys = [...sourceWriteKeys, ...connectionWriteKeys];
-var bindingWriteKeys = [...sourceWriteKeys, ...connectionWriteKeys];
-var OPENAPI_OAUTH_POPUP_NAME = "openapi-oauth";
-var OPENAPI_OAUTH_CALLBACK_PATH = "/api/oauth/callback";
-var ErrorMessage = Schema.Struct({ message: Schema.String });
-var decodeErrorMessage = Schema.decodeUnknownOption(ErrorMessage);
-var errorMessageFromExit = (exit, fallback) => Option.match(Option.flatMap(Exit.findErrorOption(exit), decodeErrorMessage), {
-  onNone: () => fallback,
-  onSome: ({ message }) => message
-});
-var openApiOAuthConnectionId = (namespaceSlug, flow) => flow === "clientCredentials" ? `openapi-oauth2-app-${namespaceSlug || "default"}` : `openapi-oauth2-user-${namespaceSlug || "default"}`;
-function resolveOAuthUrl(url, baseUrl) {
-  if (!url) return url;
-  try {
-    new URL(url);
-    return url;
-  } catch {
-    if (!baseUrl) return url;
-    try {
-      return new URL(url, baseUrl).toString();
-    } catch {
-      return url;
-    }
-  }
-}
-function inferOAuthIssuerUrl(authorizationUrl) {
-  try {
-    return new URL(authorizationUrl).origin;
-  } catch {
-    return null;
-  }
-}
-var specInputForAdd = (input) => {
-  const value2 = input.trim();
-  const parsed = Effect.runSyncExit(
-    Effect.try({
-      try: () => new URL(value2),
-      catch: () => null
-    })
-  );
-  return Exit.isSuccess(parsed) ? { kind: "url", url: value2 } : { kind: "blob", value: value2 };
-};
-var serializeStrategy = (s) => Match.value(s).pipe(
-  Match.when({ kind: "none" }, () => "none"),
-  Match.when({ kind: "custom" }, () => "custom"),
-  Match.when({ kind: "header" }, (sel) => `header:${sel.presetIndex}`),
-  Match.when({ kind: "oauth2" }, (sel) => `oauth2:${sel.presetIndex}`),
-  Match.exhaustive
-);
-var parseStrategy = (value2) => {
-  if (value2 === "none") return { kind: "none" };
-  if (value2 === "custom") return { kind: "custom" };
-  if (value2.startsWith("header:")) {
-    return {
-      kind: "header",
-      presetIndex: Number(value2.slice("header:".length))
-    };
-  }
-  if (value2.startsWith("oauth2:")) {
-    return {
-      kind: "oauth2",
-      presetIndex: Number(value2.slice("oauth2:".length))
-    };
-  }
-  return { kind: "none" };
-};
-function prefixForHeader(preset, headerName) {
-  const label = preset.label.toLowerCase();
-  if (headerName.toLowerCase() === "authorization") {
-    if (label.includes("bearer")) return "Bearer ";
-    if (label.includes("basic")) return "Basic ";
-  }
-  return void 0;
-}
-function entriesFromSpecPreset(preset) {
-  return preset.secretHeaders.map((headerName) => {
-    const prefix = prefixForHeader(preset, headerName);
-    return {
-      name: headerName,
-      secretId: null,
-      prefix,
-      presetKey: matchPresetKey(headerName, prefix),
-      fromPreset: true
-    };
-  });
-}
-var secretStorageDescription = (label) => label === "Personal" ? "Only you can use this secret." : "Everyone in the organization can use this secret.";
-function AddOpenApiSource(props) {
-  const [specUrl, setSpecUrl] = useState(props.initialUrl ?? "");
-  const [analyzing, setAnalyzing] = useState(false);
-  const [analyzeError, setAnalyzeError] = useState(null);
-  const [preview, setPreview] = useState(null);
-  const [baseUrl, setBaseUrl] = useState("");
-  const identity = useSourceIdentity({
-    fallbackName: preview ? Option.getOrElse(preview.title, () => "") : "",
-    fallbackNamespace: props.initialNamespace
-  });
-  const [strategy, setStrategy] = useState({ kind: "none" });
-  const [customHeaders, setCustomHeaders] = useState([]);
-  const [specFetchCredentials, setSpecFetchCredentials] = useState(
-    () => emptyHttpCredentials()
-  );
-  const [specFetchCredentialsOpen, setSpecFetchCredentialsOpen] = useState(false);
-  const [runtimeCredentials, setRuntimeCredentials] = useState(
-    () => emptyHttpCredentials()
-  );
-  const [oauth2ClientIdSecretId, setOauth2ClientIdSecretId] = useState(null);
-  const [oauth2ClientSecretSecretId, setOauth2ClientSecretSecretId] = useState(null);
-  const [oauth2ClientIdScope, setOauth2ClientIdScope] = useState(null);
-  const [oauth2ClientSecretScope, setOauth2ClientSecretScope] = useState(null);
-  const [oauth2SelectedScopes, setOauth2SelectedScopes] = useState(/* @__PURE__ */ new Set());
-  const [oauth2AuthState, setOauth2AuthState] = useState(null);
-  const [startingOAuth, setStartingOAuth] = useState(false);
-  const [oauth2Error, setOauth2Error] = useState(null);
-  const [adding, setAdding] = useState(false);
-  const [addError, setAddError] = useState(null);
-  const scopeId = useScope();
-  const scopeStack = useScopeStack();
-  const credentialScopeOptions = useMemo(
-    () => scopeStack.map((entry, index) => ({
-      scopeId: entry.id,
-      label: index === 0 ? "Personal" : entry.name || "Organization",
-      description: secretStorageDescription(
-        index === 0 ? "Personal" : entry.name || "Organization"
-      )
-    })),
-    [scopeStack]
-  );
-  const defaultOAuthTokenTargetScope = credentialScopeOptions[0]?.scopeId ?? scopeId;
-  const [oauthTokenTargetScope, setOAuthTokenTargetScope] = useState(
-    defaultOAuthTokenTargetScope
-  );
-  useEffect(() => {
-    if (!credentialScopeOptions.some((option) => option.scopeId === oauthTokenTargetScope)) {
-      setOAuthTokenTargetScope(defaultOAuthTokenTargetScope);
-    }
-  }, [credentialScopeOptions, defaultOAuthTokenTargetScope, oauthTokenTargetScope]);
-  useEffect(() => {
-    if (oauth2ClientIdScope && !credentialScopeOptions.some((option) => option.scopeId === oauth2ClientIdScope)) {
-      setOauth2ClientIdScope(null);
-      setOauth2ClientIdSecretId(null);
-      setOauth2AuthState(null);
-    }
-    if (oauth2ClientSecretScope && !credentialScopeOptions.some((option) => option.scopeId === oauth2ClientSecretScope)) {
-      setOauth2ClientSecretScope(null);
-      setOauth2ClientSecretSecretId(null);
-      setOauth2AuthState(null);
-    }
-  }, [credentialScopeOptions, oauth2ClientIdScope, oauth2ClientSecretScope]);
-  const doPreview = useAtomSet(previewOpenApiSpec, { mode: "promiseExit" });
-  const doAdd = useAtomSet(addOpenApiSpecOptimistic(scopeId), {
-    mode: "promiseExit"
-  });
-  const doStartOAuth = useAtomSet(startOAuth, { mode: "promiseExit" });
-  const doSetBinding = useAtomSet(setSourceCredentialBinding, {
-    mode: "promiseExit"
-  });
-  const secretList = useSecretPickerSecrets();
-  const oauth = useOAuthPopupFlow({
-    popupName: OPENAPI_OAUTH_POPUP_NAME,
-    popupBlockedMessage: "OAuth popup was blocked by the browser",
-    popupClosedMessage: "OAuth cancelled - popup was closed before completing the flow.",
-    startErrorMessage: "Failed to start OAuth"
-  });
-  const handleAnalyzeRef = useRef(() => {
-  });
-  useEffect(() => {
-    const trimmed = specUrl.trim();
-    if (!trimmed) return;
-    if (preview) return;
-    const handle = setTimeout(() => {
-      handleAnalyzeRef.current();
-    }, 400);
-    return () => clearTimeout(handle);
-  }, [specUrl, preview]);
-  const expandServerOptions = (server) => {
-    return expandServerUrlOptions(server).map((value2) => ({
-      value: value2,
-      label: value2
-    }));
-  };
-  const servers = preview?.servers ?? [];
-  const baseUrlOptions = Array.from(
-    new Map(servers.flatMap(expandServerOptions).map((option) => [option.value, option])).values()
-  );
-  const resolvedBaseUrl = baseUrl.trim();
-  const sourceScope = ScopeId.make(scopeId);
-  const configuredHeaders = {};
-  const headerBindings = [];
-  const configuredQueryParams = {};
-  const queryParamBindings = [];
-  for (const ch of customHeaders) {
-    if (!ch.name.trim()) continue;
-    const slot = headerBindingSlot(ch.name.trim());
-    configuredHeaders[ch.name.trim()] = { kind: "secret", prefix: ch.prefix };
-    if (ch.secretId) {
-      const targetScope = ch.targetScope ?? sourceScope;
-      headerBindings.push({
-        slot,
-        secretId: ch.secretId,
-        scope: targetScope,
-        secretScope: ch.secretScope ?? targetScope
-      });
-    }
-  }
-  for (const param of runtimeCredentials.queryParams) {
-    const name = param.name.trim();
-    if (!name) continue;
-    if (param.secretId) {
-      const slot = queryParamBindingSlot(name);
-      const targetScope = param.targetScope ?? sourceScope;
-      configuredQueryParams[name] = { kind: "secret", prefix: param.prefix };
-      queryParamBindings.push({
-        slot,
-        secretId: param.secretId,
-        scope: targetScope,
-        secretScope: param.secretScope ?? targetScope
-      });
-      continue;
-    }
-    if (param.literalValue?.trim()) {
-      configuredQueryParams[name] = param.literalValue.trim();
-    }
-  }
-  const configuredSpecFetchHeaders = {};
-  const configuredSpecFetchQueryParams = {};
-  const specFetchBindings = [];
-  for (const header of specFetchCredentials.headers) {
-    const name = header.name.trim();
-    if (!name || !header.secretId) continue;
-    const targetScope = header.targetScope ?? sourceScope;
-    configuredSpecFetchHeaders[name] = { kind: "secret", prefix: header.prefix };
-    specFetchBindings.push({
-      slot: specFetchHeaderBindingSlot(name),
-      secretId: header.secretId,
-      scope: targetScope,
-      secretScope: header.secretScope ?? targetScope
-    });
-  }
-  for (const param of specFetchCredentials.queryParams) {
-    const name = param.name.trim();
-    if (!name) continue;
-    if (param.secretId) {
-      const targetScope = param.targetScope ?? sourceScope;
-      configuredSpecFetchQueryParams[name] = { kind: "secret", prefix: param.prefix };
-      specFetchBindings.push({
-        slot: specFetchQueryParamBindingSlot(name),
-        secretId: param.secretId,
-        scope: targetScope,
-        secretScope: param.secretScope ?? targetScope
-      });
-      continue;
-    }
-    if (param.literalValue?.trim()) {
-      configuredSpecFetchQueryParams[name] = param.literalValue.trim();
-    }
-  }
-  const configuredSpecFetchCredentials = Object.keys(configuredSpecFetchHeaders).length > 0 || Object.keys(configuredSpecFetchQueryParams).length > 0 ? {
-    ...Object.keys(configuredSpecFetchHeaders).length > 0 ? { headers: configuredSpecFetchHeaders } : {},
-    ...Object.keys(configuredSpecFetchQueryParams).length > 0 ? { queryParams: configuredSpecFetchQueryParams } : {}
-  } : null;
-  const oauth2Presets = preview?.oauth2Presets ?? [];
-  const oauth2RedirectUrl = oauthCallbackUrl(OPENAPI_OAUTH_CALLBACK_PATH);
-  const resolvedSourceId = slugifyNamespace(identity.namespace) || (preview ? Option.getOrElse(preview.title, () => "openapi") : "openapi");
-  const selectedOAuth2Preset = strategy.kind === "oauth2" ? oauth2Presets[strategy.presetIndex] ?? null : null;
-  const selectedOAuth2Fingerprint = selectedOAuth2Preset ? [
-    resolvedSourceId,
-    resolvedBaseUrl,
-    selectedOAuth2Preset.securitySchemeName,
-    selectedOAuth2Preset.flow,
-    selectedOAuth2Preset.tokenUrl,
-    Option.getOrElse(selectedOAuth2Preset.authorizationUrl, () => "")
-  ].join("\n") : "";
-  const oauth2Auth = oauth2AuthState?.fingerprint === selectedOAuth2Fingerprint ? oauth2AuthState.auth : null;
-  const configuredOAuth2 = strategy.kind === "oauth2" && selectedOAuth2Preset ? OAuth2SourceConfig.make({
-    kind: "oauth2",
-    securitySchemeName: selectedOAuth2Preset.securitySchemeName,
-    flow: selectedOAuth2Preset.flow,
-    tokenUrl: resolveOAuthUrl(selectedOAuth2Preset.tokenUrl, resolvedBaseUrl),
-    authorizationUrl: selectedOAuth2Preset.flow === "authorizationCode" ? resolveOAuthUrl(
-      Option.getOrElse(selectedOAuth2Preset.authorizationUrl, () => ""),
-      resolvedBaseUrl
-    ) || null : null,
-    clientIdSlot: oauth2ClientIdSlot(selectedOAuth2Preset.securitySchemeName),
-    // Authorization-code specs can still be confidential clients
-    // (Spotify is one example). Persist the slot even when the value is
-    // deferred so the edit screen can collect the secret later.
-    clientSecretSlot: oauth2ClientSecretSlot(selectedOAuth2Preset.securitySchemeName),
-    connectionSlot: oauth2ConnectionSlot(selectedOAuth2Preset.securitySchemeName),
-    scopes: [...oauth2SelectedScopes]
-  }) : null;
-  const hasHeaders = Object.keys(configuredHeaders).length > 0;
-  const oauth2Busy = startingOAuth || oauth.busy;
-  const canConnectOAuth2 = Boolean(oauth2ClientIdSecretId) && resolvedBaseUrl.length > 0;
-  const hasIncompleteHeaderCredentials = strategy.kind !== "none" && strategy.kind !== "oauth2" && customHeaders.some((header) => header.name.trim() && !header.secretId);
-  const hasIncompleteQueryCredentials = runtimeCredentials.queryParams.some(
-    (param) => param.name.trim() && !param.secretId && !param.literalValue?.trim()
-  );
-  const hasIncompleteSpecFetchCredentials = specFetchCredentials.headers.some((header) => header.name.trim() && !header.secretId) || specFetchCredentials.queryParams.some(
-    (param) => param.name.trim() && !param.secretId && !param.literalValue?.trim()
-  );
-  const willAddWithoutInitialCredentials = Boolean(selectedOAuth2Preset && !oauth2Auth) || hasIncompleteSpecFetchCredentials || hasIncompleteHeaderCredentials || hasIncompleteQueryCredentials;
-  const canAdd = preview !== null && resolvedBaseUrl.length > 0;
-  const handleAnalyze = async () => {
-    setAnalyzing(true);
-    setAnalyzeError(null);
-    setAddError(null);
-    const credentials = serializeHttpCredentials(specFetchCredentials);
-    const exit = await doPreview({
-      params: { scopeId },
-      payload: {
-        spec: specUrl,
-        specFetchCredentials: credentials
-      }
-    });
-    if (Exit.isFailure(exit)) {
-      setAnalyzeError(errorMessageFromExit(exit, "Failed to parse spec"));
-      setAnalyzing(false);
-      return;
-    }
-    const result = exit.value;
-    setPreview(result);
-    const firstServer = result.servers[0];
-    setBaseUrl(firstServer ? expandServerOptions(firstServer)[0]?.value ?? "" : "");
-    const firstPreset = result.headerPresets[0];
-    if (firstPreset) {
-      setStrategy({ kind: "header", presetIndex: 0 });
-      setCustomHeaders(entriesFromSpecPreset(firstPreset));
-    } else if (result.oauth2Presets[0]) {
-      setStrategy({ kind: "oauth2", presetIndex: 0 });
-      setCustomHeaders([]);
-      setOauth2SelectedScopes(new Set(Object.keys(result.oauth2Presets[0].scopes)));
-    } else {
-      setStrategy({ kind: "custom" });
-      setCustomHeaders([]);
-    }
-    setAnalyzing(false);
-  };
-  handleAnalyzeRef.current = handleAnalyze;
-  const selectStrategy = (next) => {
-    setStrategy(next);
-    if (next.kind !== "oauth2") {
-      setOauth2AuthState(null);
-      setOauth2Error(null);
-    }
-    Match.value(next).pipe(
-      Match.when({ kind: "none" }, () => {
-        setCustomHeaders([]);
-      }),
-      Match.when({ kind: "custom" }, () => {
-        const userHeaders = customHeaders.filter((h) => !h.fromPreset);
-        setCustomHeaders(userHeaders.length > 0 ? userHeaders : []);
-      }),
-      Match.when({ kind: "header" }, (n) => {
-        const preset = preview?.headerPresets[n.presetIndex];
-        if (!preset) return;
-        const userHeaders = customHeaders.filter((h) => !h.fromPreset);
-        setCustomHeaders([...entriesFromSpecPreset(preset), ...userHeaders]);
-      }),
-      Match.when({ kind: "oauth2" }, (n) => {
-        setCustomHeaders([]);
-        const preset = preview?.oauth2Presets[n.presetIndex];
-        if (preset) {
-          setOauth2SelectedScopes(new Set(Object.keys(preset.scopes)));
-        }
-      }),
-      Match.exhaustive
-    );
-  };
-  const handleHeadersChange = (next) => {
-    setCustomHeaders(next);
-    if (strategy.kind === "header" && next.every((h) => !h.fromPreset)) {
-      setStrategy(next.length === 0 ? { kind: "none" } : { kind: "custom" });
-    }
-  };
-  const toggleOAuth2Scope = (scope) => {
-    setOauth2SelectedScopes((prev) => {
-      const copy = new Set(prev);
-      if (copy.has(scope)) copy.delete(scope);
-      else copy.add(scope);
-      return copy;
-    });
-    setOauth2AuthState(null);
-  };
-  const handleConnectOAuth2 = useCallback(async () => {
-    if (!selectedOAuth2Preset || !oauth2ClientIdSecretId || !preview) return;
-    oauth.cancel();
-    setOauth2Error(null);
-    const displayName = identity.name.trim() || selectedOAuth2Preset.securitySchemeName;
-    const tokenUrl = resolveOAuthUrl(selectedOAuth2Preset.tokenUrl, resolvedBaseUrl);
-    const clientIdSecretScope = oauth2ClientIdScope ?? sourceScope;
-    const clientSecretSecretScope = oauth2ClientSecretScope ?? sourceScope;
-    if (selectedOAuth2Preset.flow === "clientCredentials") {
-      if (!oauth2ClientSecretSecretId) {
-        setOauth2Error("client_credentials requires a client secret");
-        return;
-      }
-      setStartingOAuth(true);
-      const connectionId = openApiOAuthConnectionId(resolvedSourceId, selectedOAuth2Preset.flow);
-      const exit = await doStartOAuth({
-        params: { scopeId: oauthTokenTargetScope },
-        payload: {
-          endpoint: tokenUrl,
-          redirectUrl: tokenUrl,
-          connectionId,
-          tokenScope: oauthTokenTargetScope,
-          strategy: {
-            kind: "client-credentials",
-            tokenEndpoint: tokenUrl,
-            clientIdSecretId: oauth2ClientIdSecretId,
-            clientIdSecretScopeId: String(clientIdSecretScope),
-            clientSecretSecretId: oauth2ClientSecretSecretId,
-            clientSecretSecretScopeId: String(clientSecretSecretScope),
-            scopes: [...oauth2SelectedScopes]
-          },
-          pluginId: "openapi",
-          identityLabel: `${displayName} OAuth`
-        }
-      });
-      setStartingOAuth(false);
-      if (Exit.isFailure(exit)) {
-        setOauth2Error(errorMessageFromExit(exit, "Failed to start OAuth"));
-        return;
-      }
-      const response = exit.value;
-      if (!response.completedConnection) {
-        setOauth2Error("client_credentials flow did not mint a connection");
-        return;
-      }
-      setOauth2AuthState({
-        fingerprint: selectedOAuth2Fingerprint,
-        auth: { connectionId: response.completedConnection.connectionId }
-      });
-      setOauth2Error(null);
-      return;
-    }
-    const authorizationUrl = resolveOAuthUrl(
-      Option.getOrElse(selectedOAuth2Preset.authorizationUrl, () => ""),
-      resolvedBaseUrl
-    );
-    const issuerUrl = inferOAuthIssuerUrl(authorizationUrl);
-    await oauth.openAuthorization({
-      tokenScope: oauthTokenTargetScope,
-      run: async () => {
-        const exit = await doStartOAuth({
-          params: { scopeId: oauthTokenTargetScope },
-          payload: {
-            endpoint: authorizationUrl,
-            connectionId: openApiOAuthConnectionId(resolvedSourceId, selectedOAuth2Preset.flow),
-            tokenScope: oauthTokenTargetScope,
-            redirectUrl: oauth2RedirectUrl,
-            strategy: {
-              kind: "authorization-code",
-              authorizationEndpoint: authorizationUrl,
-              tokenEndpoint: tokenUrl,
-              issuerUrl,
-              clientIdSecretId: oauth2ClientIdSecretId,
-              clientIdSecretScopeId: String(clientIdSecretScope),
-              clientSecretSecretId: oauth2ClientSecretSecretId ?? null,
-              clientSecretSecretScopeId: oauth2ClientSecretSecretId ? String(clientSecretSecretScope) : null,
-              scopes: [...oauth2SelectedScopes]
-            },
-            pluginId: "openapi",
-            identityLabel: `${displayName} OAuth`
-          }
-        });
-        if (Exit.isFailure(exit)) {
-          throw new Error(errorMessageFromExit(exit, "Failed to start OAuth"));
-        }
-        const response = exit.value;
-        if (response.authorizationUrl === null) {
-          throw new Error("Unexpected response flow from server");
-        }
-        return {
-          sessionId: response.sessionId,
-          authorizationUrl: response.authorizationUrl
-        };
-      },
-      onSuccess: (result) => {
-        setOauth2AuthState({
-          fingerprint: selectedOAuth2Fingerprint,
-          auth: { connectionId: result.connectionId }
-        });
-        setOauth2Error(null);
-      },
-      onError: (message) => {
-        setStartingOAuth(false);
-        setOauth2Error(message);
-      }
-    });
-  }, [
-    selectedOAuth2Preset,
-    oauth2ClientIdSecretId,
-    oauth2ClientSecretSecretId,
-    oauth2SelectedScopes,
-    oauth2RedirectUrl,
-    resolvedBaseUrl,
-    preview,
-    doStartOAuth,
-    identity.name,
-    resolvedSourceId,
-    selectedOAuth2Fingerprint,
-    oauth,
-    oauthTokenTargetScope,
-    oauth2ClientIdScope,
-    oauth2ClientSecretScope,
-    sourceScope
-  ]);
-  const handleCancelOAuth2 = useCallback(() => {
-    oauth.cancel();
-    setStartingOAuth(false);
-    setOauth2Error(null);
-  }, [oauth]);
-  const handleAdd = async () => {
-    setAdding(true);
-    setAddError(null);
-    const namespace = resolvedSourceId;
-    const displayName = identity.name.trim() || (preview ? Option.getOrElse(preview.title, () => namespace) : namespace);
-    const exit = await doAdd({
-      params: { scopeId },
-      payload: {
-        spec: specInputForAdd(specUrl),
-        name: displayName,
-        namespace,
-        baseUrl: resolvedBaseUrl,
-        ...configuredSpecFetchCredentials ? { specFetchCredentials: configuredSpecFetchCredentials } : {},
-        ...hasHeaders ? { headers: configuredHeaders } : {},
-        ...Object.keys(configuredQueryParams).length > 0 ? { queryParams: configuredQueryParams } : {},
-        ...configuredOAuth2 ? { oauth2: configuredOAuth2 } : {}
-      },
-      reactivityKeys: addSpecWriteKeys
-    });
-    if (Exit.isFailure(exit)) {
-      setAddError(errorMessageFromExit(exit, "Failed to add source"));
-      setAdding(false);
-      return;
-    }
-    const sourceId = exit.value.namespace;
-    const oauthTokenBindingScope = ScopeId.make(oauthTokenTargetScope);
-    const clientIdBindingScope = oauth2ClientIdScope ?? sourceScope;
-    const clientSecretBindingScope = oauth2ClientSecretScope ?? sourceScope;
-    for (const binding of headerBindings) {
-      const bindingExit = await doSetBinding({
-        params: { scopeId },
-        payload: SetSourceCredentialBindingInput.make({
-          source: { id: sourceId, scope: sourceScope },
-          scope: binding.scope,
-          slotKey: binding.slot,
-          value: {
-            kind: "secret",
-            secretId: SecretId.make(binding.secretId),
-            secretScopeId: binding.secretScope
-          }
-        }),
-        reactivityKeys: bindingWriteKeys
-      });
-      if (Exit.isFailure(bindingExit)) {
-        setAddError(errorMessageFromExit(bindingExit, "Failed to add source"));
-        setAdding(false);
-        return;
-      }
-    }
-    for (const binding of queryParamBindings) {
-      const bindingExit = await doSetBinding({
-        params: { scopeId },
-        payload: SetSourceCredentialBindingInput.make({
-          source: { id: sourceId, scope: sourceScope },
-          scope: binding.scope,
-          slotKey: binding.slot,
-          value: {
-            kind: "secret",
-            secretId: SecretId.make(binding.secretId),
-            secretScopeId: binding.secretScope
-          }
-        }),
-        reactivityKeys: bindingWriteKeys
-      });
-      if (Exit.isFailure(bindingExit)) {
-        setAddError(errorMessageFromExit(bindingExit, "Failed to add source"));
-        setAdding(false);
-        return;
-      }
-    }
-    for (const binding of specFetchBindings) {
-      const bindingExit = await doSetBinding({
-        params: { scopeId },
-        payload: SetSourceCredentialBindingInput.make({
-          source: { id: sourceId, scope: sourceScope },
-          scope: binding.scope,
-          slotKey: binding.slot,
-          value: {
-            kind: "secret",
-            secretId: SecretId.make(binding.secretId),
-            secretScopeId: binding.secretScope
-          }
-        }),
-        reactivityKeys: bindingWriteKeys
-      });
-      if (Exit.isFailure(bindingExit)) {
-        setAddError(errorMessageFromExit(bindingExit, "Failed to add source"));
-        setAdding(false);
-        return;
-      }
-    }
-    if (configuredOAuth2 && oauth2ClientIdSecretId) {
-      const bindingExit = await doSetBinding({
-        params: { scopeId },
-        payload: SetSourceCredentialBindingInput.make({
-          source: { id: sourceId, scope: sourceScope },
-          scope: clientIdBindingScope,
-          slotKey: configuredOAuth2.clientIdSlot,
-          value: {
-            kind: "secret",
-            secretId: SecretId.make(oauth2ClientIdSecretId),
-            secretScopeId: clientIdBindingScope
-          }
-        }),
-        reactivityKeys: bindingWriteKeys
-      });
-      if (Exit.isFailure(bindingExit)) {
-        setAddError(errorMessageFromExit(bindingExit, "Failed to add source"));
-        setAdding(false);
-        return;
-      }
-    }
-    if (configuredOAuth2?.clientSecretSlot && oauth2ClientSecretSecretId) {
-      const bindingExit = await doSetBinding({
-        params: { scopeId },
-        payload: SetSourceCredentialBindingInput.make({
-          source: { id: sourceId, scope: sourceScope },
-          scope: clientSecretBindingScope,
-          slotKey: configuredOAuth2.clientSecretSlot,
-          value: {
-            kind: "secret",
-            secretId: SecretId.make(oauth2ClientSecretSecretId),
-            secretScopeId: clientSecretBindingScope
-          }
-        }),
-        reactivityKeys: bindingWriteKeys
-      });
-      if (Exit.isFailure(bindingExit)) {
-        setAddError(errorMessageFromExit(bindingExit, "Failed to add source"));
-        setAdding(false);
-        return;
-      }
-    }
-    if (configuredOAuth2 && oauth2Auth) {
-      const bindingExit = await doSetBinding({
-        params: { scopeId },
-        payload: SetSourceCredentialBindingInput.make({
-          source: { id: sourceId, scope: sourceScope },
-          scope: oauthTokenBindingScope,
-          slotKey: configuredOAuth2.connectionSlot,
-          value: {
-            kind: "connection",
-            connectionId: ConnectionId.make(oauth2Auth.connectionId)
-          }
-        }),
-        reactivityKeys: bindingWriteKeys
-      });
-      if (Exit.isFailure(bindingExit)) {
-        setAddError(errorMessageFromExit(bindingExit, "Failed to add source"));
-        setAdding(false);
-        return;
-      }
-    }
-    props.onComplete();
-  };
-  return /* @__PURE__ */ jsxs2("div", { className: "flex flex-1 flex-col gap-6", children: [
-    /* @__PURE__ */ jsx2("div", { children: /* @__PURE__ */ jsx2("h1", { className: "text-xl font-semibold text-foreground", children: "Add OpenAPI Source" }) }),
-    !preview && /* @__PURE__ */ jsxs2(Fragment, { children: [
-      /* @__PURE__ */ jsx2(CardStack2, { children: /* @__PURE__ */ jsx2(CardStackContent2, { className: "border-t-0", children: /* @__PURE__ */ jsx2(
-        CardStackEntryField2,
-        {
-          label: "OpenAPI Spec",
-          hint: "Paste a URL or raw JSON/YAML content.",
-          children: /* @__PURE__ */ jsxs2("div", { className: "relative", children: [
-            /* @__PURE__ */ jsx2(
-              Textarea,
-              {
-                value: specUrl,
-                onChange: (e) => {
-                  setSpecUrl(e.target.value);
-                },
-                placeholder: "https://api.example.com/openapi.json",
-                rows: 3,
-                maxRows: 10,
-                className: "font-mono text-sm"
-              }
-            ),
-            analyzing && /* @__PURE__ */ jsx2("div", { className: "pointer-events-none absolute right-2 top-2", children: /* @__PURE__ */ jsx2(IOSSpinner, { className: "size-4" }) })
-          ] })
-        }
-      ) }) }),
-      /* @__PURE__ */ jsxs2(
-        Collapsible,
-        {
-          open: specFetchCredentialsOpen,
-          onOpenChange: setSpecFetchCredentialsOpen,
-          className: "space-y-3",
-          children: [
-            /* @__PURE__ */ jsx2(CollapsibleTrigger, { asChild: true, children: /* @__PURE__ */ jsx2(Button, { variant: "outline", size: "sm", className: "self-start", children: specFetchCredentialsOpen ? "Hide spec credentials" : "Add spec credentials" }) }),
-            /* @__PURE__ */ jsx2(CollapsibleContent, { children: /* @__PURE__ */ jsx2(
-              HttpCredentialsEditor,
-              {
-                credentials: specFetchCredentials,
-                onChange: setSpecFetchCredentials,
-                existingSecrets: secretList,
-                sourceName: identity.name,
-                targetScope: sourceScope,
-                credentialScopeOptions,
-                bindingScopeOptions: credentialScopeOptions,
-                labels: {
-                  headers: "Spec fetch headers",
-                  queryParams: "Spec fetch query parameters"
-                }
-              }
-            ) })
-          ]
-        }
-      )
-    ] }),
-    preview ? /* @__PURE__ */ jsx2(
-      OpenApiSourceDetailsFields,
-      {
-        title: Option.getOrElse(preview.title, () => "API"),
-        description: `${Option.getOrElse(preview.version, () => "")}${Option.isSome(preview.version) ? " \xB7 " : ""}${preview.operationCount} operation${preview.operationCount !== 1 ? "s" : ""}${preview.tags.length > 0 ? ` \xB7 ${preview.tags.length} tag${preview.tags.length !== 1 ? "s" : ""}` : ""}`,
-        identity,
-        baseUrl: resolvedBaseUrl,
-        onBaseUrlChange: setBaseUrl,
-        baseUrlOptions,
-        specUrl,
-        onSpecUrlChange: (value2) => {
-          setSpecUrl(value2);
-          setPreview(null);
-          setBaseUrl("");
-          setCustomHeaders([]);
-          setStrategy({ kind: "none" });
-          setOauth2AuthState(null);
-          setOauth2Error(null);
-        },
-        faviconUrl: resolvedBaseUrl,
-        baseUrlMissingMessage: "A base URL is required to make requests."
-      }
-    ) : null,
-    analyzeError && /* @__PURE__ */ jsx2("div", { className: "rounded-lg border border-destructive/30 bg-destructive/5 px-3 py-2", children: /* @__PURE__ */ jsx2("p", { className: "text-[12px] text-destructive", children: analyzeError }) }),
-    preview && /* @__PURE__ */ jsxs2(Fragment, { children: [
-      /* @__PURE__ */ jsxs2("section", { className: "space-y-2.5", children: [
-        /* @__PURE__ */ jsx2(FieldLabel, { children: "Authentication method" }),
-        /* @__PURE__ */ jsxs2(
-          RadioGroup,
-          {
-            value: serializeStrategy(strategy),
-            onValueChange: (value2) => selectStrategy(parseStrategy(value2)),
-            className: "gap-1.5",
-            children: [
-              preview.headerPresets.map((preset, i) => {
-                const selected = strategy.kind === "header" && strategy.presetIndex === i;
-                return /* @__PURE__ */ jsxs2(
-                  Label,
-                  {
-                    className: `flex items-start gap-2.5 rounded-lg border px-3 py-2 cursor-pointer transition-colors ${selected ? "border-primary/50 bg-primary/[0.03]" : "border-border hover:bg-accent/50"}`,
-                    children: [
-                      /* @__PURE__ */ jsx2(RadioGroupItem, { value: `header:${i}`, className: "mt-0.5" }),
-                      /* @__PURE__ */ jsxs2("div", { className: "min-w-0 flex-1", children: [
-                        /* @__PURE__ */ jsx2("div", { className: "text-xs font-medium text-foreground", children: preset.label }),
-                        preset.secretHeaders.length > 0 && /* @__PURE__ */ jsx2("div", { className: "mt-0.5 font-mono text-[10px] text-muted-foreground", children: preset.secretHeaders.join(" \xB7 ") })
-                      ] })
-                    ]
-                  },
-                  `header-${i}`
-                );
-              }),
-              oauth2Presets.map((preset, i) => {
-                const selected = strategy.kind === "oauth2" && strategy.presetIndex === i;
-                const scopeCount = Object.keys(preset.scopes).length;
-                return /* @__PURE__ */ jsxs2(
-                  Label,
-                  {
-                    className: `flex items-start gap-2.5 rounded-lg border px-3 py-2 cursor-pointer transition-colors ${selected ? "border-primary/50 bg-primary/[0.03]" : "border-border hover:bg-accent/50"}`,
-                    children: [
-                      /* @__PURE__ */ jsx2(RadioGroupItem, { value: `oauth2:${i}`, className: "mt-0.5" }),
-                      /* @__PURE__ */ jsxs2("div", { className: "min-w-0 flex-1", children: [
-                        /* @__PURE__ */ jsx2("div", { className: "text-xs font-medium text-foreground", children: preset.label }),
-                        /* @__PURE__ */ jsxs2("div", { className: "mt-0.5 text-[10px] text-muted-foreground", children: [
-                          scopeCount,
-                          " scope",
-                          scopeCount === 1 ? "" : "s"
-                        ] })
-                      ] })
-                    ]
-                  },
-                  `oauth2-${i}`
-                );
-              }),
-              /* @__PURE__ */ jsxs2(
-                Label,
-                {
-                  className: `flex items-center gap-2.5 rounded-lg border px-3 py-2 cursor-pointer transition-colors ${strategy.kind === "custom" ? "border-primary/50 bg-primary/[0.03]" : "border-border hover:bg-accent/50"}`,
-                  children: [
-                    /* @__PURE__ */ jsx2(RadioGroupItem, { value: "custom" }),
-                    /* @__PURE__ */ jsx2("span", { className: "text-xs font-medium text-foreground", children: "Custom" })
-                  ]
-                }
-              ),
-              /* @__PURE__ */ jsxs2(
-                Label,
-                {
-                  className: `flex items-center gap-2.5 rounded-lg border px-3 py-2 cursor-pointer transition-colors ${strategy.kind === "none" ? "border-primary/50 bg-primary/[0.03]" : "border-border hover:bg-accent/50"}`,
-                  children: [
-                    /* @__PURE__ */ jsx2(RadioGroupItem, { value: "none" }),
-                    /* @__PURE__ */ jsx2("span", { className: "text-xs font-medium text-foreground", children: "None" })
-                  ]
-                }
-              )
-            ]
-          }
-        ),
-        strategy.kind !== "none" && strategy.kind !== "oauth2" && /* @__PURE__ */ jsx2("div", { className: "space-y-3", children: /* @__PURE__ */ jsx2(
-          HeadersList,
-          {
-            headers: customHeaders,
-            onHeadersChange: handleHeadersChange,
-            existingSecrets: secretList,
-            sourceName: identity.name,
-            targetScope: sourceScope,
-            credentialScopeOptions,
-            bindingScopeOptions: credentialScopeOptions,
-            emptyLabel: "No credentials yet. Add the header value this method should use."
-          }
-        ) }),
-        /* @__PURE__ */ jsx2(
-          HttpCredentialsEditor,
-          {
-            credentials: runtimeCredentials,
-            onChange: setRuntimeCredentials,
-            existingSecrets: secretList,
-            sourceName: identity.name,
-            targetScope: sourceScope,
-            credentialScopeOptions,
-            bindingScopeOptions: credentialScopeOptions,
-            sections: { headers: false, queryParams: true },
-            labels: { queryParams: "Runtime query parameters" }
-          }
-        ),
-        selectedOAuth2Preset && /* @__PURE__ */ jsx2("div", { className: "space-y-3 rounded-lg border border-border/60 bg-muted/10 p-3", children: /* @__PURE__ */ jsxs2("div", { className: "space-y-3", children: [
-          /* @__PURE__ */ jsxs2("div", { className: "space-y-1.5", children: [
-            /* @__PURE__ */ jsxs2(FieldLabel, { className: "text-[11px]", children: [
-              "Redirect URL",
-              " ",
-              /* @__PURE__ */ jsx2("span", { className: "text-muted-foreground", children: "\xB7 add this to your OAuth app's allowed redirects" })
-            ] }),
-            /* @__PURE__ */ jsxs2("div", { className: "flex items-center gap-1 rounded-md border border-border bg-background/50 px-2.5 py-1.5 font-mono text-[11px]", children: [
-              /* @__PURE__ */ jsx2("span", { className: "truncate flex-1 text-foreground", children: oauth2RedirectUrl }),
-              /* @__PURE__ */ jsx2(CopyButton, { value: oauth2RedirectUrl })
-            ] })
-          ] }),
-          /* @__PURE__ */ jsxs2("div", { className: "space-y-1.5", children: [
-            /* @__PURE__ */ jsx2(FieldLabel, { className: "text-[11px]", children: "Client ID secret" }),
-            /* @__PURE__ */ jsxs2("div", { className: "grid gap-2 md:grid-cols-2", children: [
-              /* @__PURE__ */ jsxs2("div", { className: "space-y-1.5", children: [
-                /* @__PURE__ */ jsxs2("div", { className: "flex items-center gap-1.5", children: [
-                  /* @__PURE__ */ jsx2(FieldLabel, { className: "text-[11px]", children: "Secret" }),
-                  /* @__PURE__ */ jsx2(HelpTooltip, { label: "Client ID secret", children: "Select or create the OAuth client ID secret." })
-                ] }),
-                /* @__PURE__ */ jsx2(
-                  CreatableSecretPicker,
-                  {
-                    value: oauth2ClientIdSecretId,
-                    onSelect: (id, secretScopeId) => {
-                      setOauth2ClientIdSecretId(id);
-                      setOauth2ClientIdScope(secretScopeId ?? sourceScope);
-                      setOauth2AuthState(null);
-                    },
-                    secrets: secretList,
-                    sourceName: identity.name,
-                    secretLabel: "Client ID",
-                    targetScope: oauth2ClientIdScope ?? sourceScope,
-                    credentialScopeOptions,
-                    onCreatedScope: setOauth2ClientIdScope
-                  }
-                )
-              ] }),
-              /* @__PURE__ */ jsx2(
-                CredentialScopeDropdown,
-                {
-                  value: oauth2ClientIdScope ?? sourceScope,
-                  options: credentialScopeOptions,
-                  onChange: (targetScope) => {
-                    setOauth2ClientIdScope(targetScope);
-                    setOauth2ClientIdSecretId(null);
-                    setOauth2AuthState(null);
-                  },
-                  label: "Used by",
-                  help: "Choose where this OAuth client ID credential lives."
-                }
-              )
-            ] })
-          ] }),
-          /* @__PURE__ */ jsxs2("div", { className: "space-y-1.5", children: [
-            /* @__PURE__ */ jsxs2(FieldLabel, { className: "text-[11px]", children: [
-              "Client secret",
-              " ",
-              /* @__PURE__ */ jsx2("span", { className: "text-muted-foreground", children: "\xB7 optional for public clients with PKCE" })
-            ] }),
-            /* @__PURE__ */ jsxs2("div", { className: "grid gap-2 md:grid-cols-2", children: [
-              /* @__PURE__ */ jsxs2("div", { className: "space-y-1.5", children: [
-                /* @__PURE__ */ jsxs2("div", { className: "flex items-center gap-1.5", children: [
-                  /* @__PURE__ */ jsx2(FieldLabel, { className: "text-[11px]", children: "Secret" }),
-                  /* @__PURE__ */ jsx2(HelpTooltip, { label: "Client secret", children: "Select or create the OAuth client secret." })
-                ] }),
-                /* @__PURE__ */ jsx2(
-                  CreatableSecretPicker,
-                  {
-                    value: oauth2ClientSecretSecretId,
-                    onSelect: (id, secretScopeId) => {
-                      setOauth2ClientSecretSecretId(id);
-                      setOauth2ClientSecretScope(secretScopeId ?? sourceScope);
-                      setOauth2AuthState(null);
-                    },
-                    secrets: secretList,
-                    sourceName: identity.name,
-                    secretLabel: "Client Secret",
-                    targetScope: oauth2ClientSecretScope ?? sourceScope,
-                    credentialScopeOptions,
-                    onCreatedScope: setOauth2ClientSecretScope
-                  }
-                )
-              ] }),
-              /* @__PURE__ */ jsx2(
-                CredentialScopeDropdown,
-                {
-                  value: oauth2ClientSecretScope ?? sourceScope,
-                  options: credentialScopeOptions,
-                  onChange: (targetScope) => {
-                    setOauth2ClientSecretScope(targetScope);
-                    setOauth2ClientSecretSecretId(null);
-                    setOauth2AuthState(null);
-                  },
-                  label: "Used by",
-                  help: "Choose where this OAuth client secret credential lives."
-                }
-              )
-            ] })
-          ] }),
-          /* @__PURE__ */ jsxs2("div", { className: "space-y-1.5", children: [
-            /* @__PURE__ */ jsx2(FieldLabel, { className: "text-[11px]", children: "Scopes" }),
-            /* @__PURE__ */ jsx2("div", { className: "space-y-1 rounded-md border border-border/50 bg-background/50 p-2", children: Object.keys(selectedOAuth2Preset.scopes).length === 0 ? /* @__PURE__ */ jsx2("div", { className: "text-[11px] italic text-muted-foreground", children: "No scopes declared by the spec." }) : Object.entries(selectedOAuth2Preset.scopes).map(([scope, description]) => /* @__PURE__ */ jsxs2(Label, { className: "flex items-start gap-2 cursor-pointer py-1", children: [
-              /* @__PURE__ */ jsx2(
-                Checkbox,
-                {
-                  checked: oauth2SelectedScopes.has(scope),
-                  onCheckedChange: () => toggleOAuth2Scope(scope)
-                }
-              ),
-              /* @__PURE__ */ jsxs2("div", { className: "min-w-0 flex-1", children: [
-                /* @__PURE__ */ jsx2("div", { className: "font-mono text-[11px] text-foreground", children: scope }),
-                description && /* @__PURE__ */ jsx2("div", { className: "text-[10px] text-muted-foreground", children: description })
-              ] })
-            ] }, scope)) })
-          ] }),
-          oauth2Auth ? /* @__PURE__ */ jsxs2("div", { className: "flex items-center justify-between rounded-md border border-green-500/30 bg-green-500/5 px-3 py-2", children: [
-            /* @__PURE__ */ jsxs2("div", { className: "text-[11px] text-green-700 dark:text-green-400", children: [
-              "Connected \xB7 ",
-              oauth2SelectedScopes.size,
-              " scope",
-              oauth2SelectedScopes.size === 1 ? "" : "s",
-              " granted"
-            ] }),
-            /* @__PURE__ */ jsx2(Button, { variant: "ghost", size: "sm", onClick: () => setOauth2AuthState(null), children: "Disconnect" })
-          ] }) : oauth2Busy ? /* @__PURE__ */ jsxs2("div", { className: "flex items-center gap-2", children: [
-            /* @__PURE__ */ jsxs2("div", { className: "flex flex-1 items-center gap-2 rounded-md border border-border/60 bg-background/50 px-3 py-2 text-[11px] text-muted-foreground", children: [
-              /* @__PURE__ */ jsx2(Spinner, { className: "size-3.5" }),
-              "Waiting for OAuth\u2026 complete the flow in the popup, or cancel to retry."
-            ] }),
-            /* @__PURE__ */ jsx2(Button, { variant: "ghost", size: "sm", onClick: handleCancelOAuth2, children: "Cancel" }),
-            /* @__PURE__ */ jsx2(Button, { variant: "secondary", size: "sm", onClick: handleConnectOAuth2, children: "Retry" })
-          ] }) : /* @__PURE__ */ jsx2("div", { className: "flex flex-col gap-1.5", children: /* @__PURE__ */ jsxs2("div", { className: "grid gap-2 md:grid-cols-2", children: [
-            /* @__PURE__ */ jsxs2("div", { className: "space-y-1.5", children: [
-              /* @__PURE__ */ jsxs2("div", { className: "flex items-center gap-1.5", children: [
-                /* @__PURE__ */ jsx2(FieldLabel, { className: "text-[11px]", children: "OAuth sign-in" }),
-                /* @__PURE__ */ jsx2(HelpTooltip, { label: "OAuth sign-in", children: "Start the provider OAuth flow." })
-              ] }),
-              /* @__PURE__ */ jsx2(
-                Button,
-                {
-                  variant: "secondary",
-                  onClick: handleConnectOAuth2,
-                  disabled: !canConnectOAuth2,
-                  className: canConnectOAuth2 ? "w-full border border-green-500/30 bg-green-600 text-white hover:bg-green-700 focus-visible:ring-green-500/30 dark:bg-green-500 dark:text-white dark:hover:bg-green-600" : "w-full",
-                  children: "Connect via OAuth"
-                }
-              )
-            ] }),
-            /* @__PURE__ */ jsx2(
-              CredentialScopeDropdown,
-              {
-                value: oauthTokenTargetScope,
-                options: credentialScopeOptions,
-                onChange: (targetScope) => {
-                  setOAuthTokenTargetScope(targetScope);
-                  setOauth2AuthState(null);
-                },
-                label: "Token saved to",
-                help: "Choose who can use the signed-in OAuth token."
-              }
-            )
-          ] }) }),
-          oauth2Error && /* @__PURE__ */ jsx2("div", { className: "rounded-md border border-destructive/30 bg-destructive/5 px-3 py-2", children: /* @__PURE__ */ jsx2("p", { className: "text-[11px] text-destructive", children: oauth2Error }) })
-        ] }) })
-      ] }),
-      addError && /* @__PURE__ */ jsx2("div", { className: "rounded-lg border border-destructive/30 bg-destructive/5 px-3 py-2", children: /* @__PURE__ */ jsx2("p", { className: "text-[12px] text-destructive", children: addError }) })
-    ] }),
-    /* @__PURE__ */ jsxs2(FloatActions, { children: [
-      /* @__PURE__ */ jsx2(Button, { variant: "ghost", onClick: props.onCancel, disabled: adding, children: "Cancel" }),
-      preview && /* @__PURE__ */ jsxs2(Button, { onClick: handleAdd, disabled: !canAdd || adding, children: [
-        adding && /* @__PURE__ */ jsx2(Spinner, { className: "size-3.5" }),
-        adding ? "Adding\u2026" : willAddWithoutInitialCredentials ? "Add without credentials" : "Add source"
-      ] })
-    ] })
-  ] });
-}
-
-export {
-  OpenApiSourceDetailsFields,
-  OPENAPI_OAUTH_POPUP_NAME,
-  OPENAPI_OAUTH_CALLBACK_PATH,
-  openApiOAuthConnectionId,
-  resolveOAuthUrl,
-  inferOAuthIssuerUrl,
-  AddOpenApiSource
-};
-//# sourceMappingURL=chunk-2ZKKZYZH.js.map