@executor-js/plugin-openapi 1.5.14 → 1.5.16

package/dist/{chunk-PNOEE3ET.js → chunk-3FM2SWM4.js}

@@ -1,14 +1,10 @@
 import {
-  convertGoogleDiscoveryBundleToOpenApi,
-  convertGoogleDiscoveryToOpenApi,
   deriveAuthenticationTemplateFromPreview,
-  fetchGoogleDiscoveryDocument,
-  firstBaseUrlForPreview,
-  isGoogleDiscoveryUrl
-} from "./chunk-I2XDCVVM.js";
+  firstBaseUrlForPreview
+} from "./chunk-CKBX4SXK.js";
 import {
   openApiPresets
-} from "./chunk-PAHWRRS3.js";
+} from "./chunk-QQFCICLX.js";
 import {
   InvocationResult,
   OpenApiExtractionError,
@@ -18,11 +14,10 @@ import {
   extract,
   normalizeOpenApiAuthInputs,
   parse,
-  previewSpec,
   previewSpecText,
   resolveServerUrl,
   resolveSpecText
-} from "./chunk-RFSMGUBJ.js";
+} from "./chunk-KVPUDOJZ.js";
 
 // src/sdk/config.ts
 import { Option, Schema } from "effect";
@@ -46,8 +41,6 @@ var OpenApiIntegrationConfigSchema = Schema.Struct({
   specHash: Schema.optional(Schema.String),
   /** Origin URL the spec was fetched from, when known. Enables refresh. */
   sourceUrl: Schema.optional(Schema.String),
-  /** Google Discovery bundle URLs, when the spec came from a Google bundle. */
-  googleDiscoveryUrls: Schema.optional(Schema.Array(Schema.String)),
   /** Optional base URL override. */
   baseUrl: Schema.optional(Schema.String),
   /** Static headers applied to every request (no secret material). */
@@ -73,8 +66,101 @@ var requiredTemplateVariables = (template) => {
   return requiredPlacementVariables(template.placements);
 };
 
+// src/sdk/store.ts
+import { Effect, Option as Option2, Predicate, Schema as Schema2 } from "effect";
+var OPERATION_COLLECTION = "operation";
+var STORE_OWNER = "org";
+var OPERATION_KEY_VERSION = "op";
+var encodeBinding = Schema2.encodeSync(OperationBinding);
+var decodeBinding = Schema2.decodeUnknownSync(OperationBinding);
+var decodeBindingJson = Schema2.decodeUnknownSync(Schema2.fromJsonString(OperationBinding));
+var toJsonRecord = (value) => value;
+var OperationStorage = Schema2.Struct({
+  integration: Schema2.String,
+  toolName: Schema2.String,
+  binding: Schema2.Unknown
+});
+var decodeOperationStorage = Schema2.decodeUnknownOption(OperationStorage);
+var rowToOperation = (row) => {
+  const decoded = decodeOperationStorage(row.data);
+  if (Option2.isNone(decoded)) return null;
+  const operation = decoded.value;
+  return {
+    integration: operation.integration,
+    toolName: operation.toolName,
+    binding: decodeBinding(
+      typeof operation.binding === "string" ? decodeBindingJson(operation.binding) : operation.binding
+    )
+  };
+};
+var stableKeyHash = (value) => {
+  let hash = 0xcbf29ce484222325n;
+  const prime = 0x100000001b3n;
+  const mask = 0xffffffffffffffffn;
+  for (let index = 0; index < value.length; index += 1) {
+    hash ^= BigInt(value.charCodeAt(index));
+    hash = hash * prime & mask;
+  }
+  return hash.toString(36).padStart(13, "0");
+};
+var operationKey = (integration, toolName) => `${OPERATION_KEY_VERSION}.${stableKeyHash(integration)}.${stableKeyHash(toolName)}`;
+var legacyOperationKey = (integration, toolName) => `${integration}.${toolName}`;
+var specBlobKey = (specHash) => `spec/${specHash}`;
+var makeDefaultOpenapiStore = ({ pluginStorage, blobs }) => {
+  const operationData = (operation) => ({
+    integration: operation.integration,
+    toolName: operation.toolName,
+    binding: toJsonRecord(encodeBinding(operation.binding))
+  });
+  const listRows = (integration) => pluginStorage.list({ collection: OPERATION_COLLECTION }).pipe(
+    Effect.map(
+      (rows) => rows.filter((row) => rowToOperation(row)?.integration === integration)
+    )
+  );
+  const removeOperations = (integration) => Effect.gen(function* () {
+    const rows = yield* listRows(integration);
+    yield* pluginStorage.removeMany({
+      owner: STORE_OWNER,
+      entries: rows.map((row) => ({ collection: OPERATION_COLLECTION, key: row.key }))
+    });
+  });
+  return {
+    putOperations: (integration, operations) => Effect.gen(function* () {
+      yield* removeOperations(integration);
+      yield* pluginStorage.putMany({
+        owner: STORE_OWNER,
+        entries: operations.map((operation) => ({
+          collection: OPERATION_COLLECTION,
+          key: operationKey(integration, operation.toolName),
+          data: operationData(operation)
+        }))
+      });
+    }),
+    getOperation: (integration, toolName) => Effect.gen(function* () {
+      const row = yield* pluginStorage.get({
+        collection: OPERATION_COLLECTION,
+        key: operationKey(integration, toolName)
+      });
+      if (row) return rowToOperation(row);
+      const legacyKey = legacyOperationKey(integration, toolName);
+      if (legacyKey.length > 255) return null;
+      const legacyRow = yield* pluginStorage.get({
+        collection: OPERATION_COLLECTION,
+        key: legacyKey
+      });
+      return legacyRow ? rowToOperation(legacyRow) : null;
+    }),
+    listOperations: (integration) => listRows(integration).pipe(
+      Effect.map((rows) => rows.map(rowToOperation).filter(Predicate.isNotNull))
+    ),
+    removeOperations,
+    putSpec: (specHash, specText) => blobs.put(specBlobKey(specHash), specText, { owner: STORE_OWNER }),
+    getSpec: (specHash) => blobs.get(specBlobKey(specHash))
+  };
+};
+
 // src/sdk/invoke.ts
-import { Effect, Layer, Option as Option2 } from "effect";
+import { Effect as Effect2, Layer, Option as Option3 } from "effect";
 import { HttpClient, HttpClientRequest } from "effect/unstable/http";
 var CONTAINER_KEYS = {
   path: ["path", "pathParams", "params"],
@@ -107,13 +193,13 @@ var encodeReservedAware = (raw, allowReserved) => {
 var queryParamValues = (value, param) => {
   if (value === void 0 || value === null) return [];
   if (!Array.isArray(value)) return [primitiveToString(value)];
-  const style = Option2.getOrUndefined(param.style) ?? "form";
-  const explode = Option2.getOrElse(param.explode, () => true);
+  const style = Option3.getOrUndefined(param.style) ?? "form";
+  const explode = Option3.getOrElse(param.explode, () => true);
   if (explode) return value.map(primitiveToString);
   const separator = style === "spaceDelimited" ? " " : style === "pipeDelimited" ? "|" : ",";
   return [value.map(primitiveToString).join(separator)];
 };
-var resolvePath = Effect.fn("OpenApi.resolvePath")(function* (pathTemplate, args, parameters) {
+var resolvePath = Effect2.fn("OpenApi.resolvePath")(function* (pathTemplate, args, parameters) {
   let resolved = pathTemplate;
   for (const param of parameters) {
     if (param.location !== "path") continue;
@@ -122,14 +208,14 @@ var resolvePath = Effect.fn("OpenApi.resolvePath")(function* (pathTemplate, args
       if (param.required) {
         return yield* new OpenApiInvocationError({
           message: `Missing required path parameter: ${param.name}`,
-          statusCode: Option2.none()
+          statusCode: Option3.none()
         });
       }
       continue;
     }
     const encoded = encodeReservedAware(
       String(value),
-      Option2.getOrElse(param.allowReserved, () => false)
+      Option3.getOrElse(param.allowReserved, () => false)
     );
     resolved = resolved.replaceAll(`{${param.name}}`, encoded);
     resolved = resolved.replaceAll(`{+${param.name}}`, encoded);
@@ -145,7 +231,7 @@ var resolvePath = Effect.fn("OpenApi.resolvePath")(function* (pathTemplate, args
   if (unresolved.length > 0) {
     return yield* new OpenApiInvocationError({
       message: `Unresolved path parameters: ${[...new Set(unresolved)].join(", ")}`,
-      statusCode: Option2.none()
+      statusCode: Option3.none()
     });
   }
   return resolved;
@@ -172,6 +258,72 @@ var isXmlContentType = (ct) => {
 };
 var isTextContentType = (ct) => normalizeContentType(ct).startsWith("text/");
 var isOctetStream = (ct) => normalizeContentType(ct) === "application/octet-stream";
+var bytesToBase64 = (bytes) => {
+  let binary = "";
+  const chunkSize = 32768;
+  for (let i = 0; i < bytes.length; i += chunkSize) {
+    binary += String.fromCharCode(...bytes.subarray(i, i + chunkSize));
+  }
+  return btoa(binary);
+};
+var normalizeBase64 = (value, encoding) => {
+  const compact = value.replace(/\s/g, "");
+  const alphabet = encoding === "base64url" ? compact.replace(/-/g, "+").replace(/_/g, "/") : compact;
+  const remainder = alphabet.length % 4;
+  return remainder === 0 ? alphabet : `${alphabet}${"=".repeat(4 - remainder)}`;
+};
+var byteLengthFromBase64 = (base64) => {
+  const compact = base64.replace(/\s/g, "");
+  const padding = compact.endsWith("==") ? 2 : compact.endsWith("=") ? 1 : 0;
+  return Math.max(0, Math.floor(compact.length * 3 / 4) - padding);
+};
+var isGenericMimeType = (mimeType) => normalizeContentType(mimeType) === "application/octet-stream";
+var startsWithBytes = (bytes, prefix) => prefix.every((byte, index) => bytes[index] === byte);
+var isLikelyUtf8Text = (bytes) => {
+  if (bytes.length === 0) return false;
+  let text;
+  try {
+    text = new TextDecoder("utf-8", { fatal: true }).decode(bytes);
+  } catch {
+    return false;
+  }
+  let suspicious = 0;
+  for (let index = 0; index < text.length; index += 1) {
+    const code = text.charCodeAt(index);
+    const allowedControl = code === 9 || code === 10 || code === 12 || code === 13;
+    if (code === 0) return false;
+    if (code < 32 && !allowedControl) suspicious += 1;
+  }
+  return suspicious / Math.max(1, text.length) <= 0.02;
+};
+var sniffMimeType = (bytes) => {
+  if (startsWithBytes(bytes, [255, 216, 255])) return "image/jpeg";
+  if (startsWithBytes(bytes, [137, 80, 78, 71, 13, 10, 26, 10])) {
+    return "image/png";
+  }
+  if (startsWithBytes(bytes, [71, 73, 70, 56, 55, 97]) || startsWithBytes(bytes, [71, 73, 70, 56, 57, 97])) {
+    return "image/gif";
+  }
+  if (startsWithBytes(bytes, [82, 73, 70, 70]) && bytes[8] === 87 && bytes[9] === 69 && bytes[10] === 66 && bytes[11] === 80) {
+    return "image/webp";
+  }
+  if (startsWithBytes(bytes, [37, 80, 68, 70, 45])) return "application/pdf";
+  if (startsWithBytes(bytes, [80, 75, 3, 4]) || startsWithBytes(bytes, [80, 75, 5, 6]) || startsWithBytes(bytes, [80, 75, 7, 8])) {
+    return "application/zip";
+  }
+  if (isLikelyUtf8Text(bytes)) return "text/plain";
+  return null;
+};
+var bytesFromBase64Prefix = (base64) => {
+  const prefix = base64.slice(0, Math.min(base64.length, 64));
+  const binary = atob(prefix);
+  const bytes = new Uint8Array(binary.length);
+  for (let index = 0; index < binary.length; index += 1) {
+    bytes[index] = binary.charCodeAt(index);
+  }
+  return bytes;
+};
+var sniffMimeTypeFromBase64 = (base64) => sniffMimeType(bytesFromBase64Prefix(base64));
 var toUint8Array = (value) => {
   if (value instanceof Uint8Array) return value;
   if (value instanceof ArrayBuffer) return new Uint8Array(value);
@@ -184,6 +336,37 @@ var toUint8Array = (value) => {
   }
   return null;
 };
+var readHintString = (option, fallback) => Option3.getOrElse(option, () => fallback);
+var readHintMimeType = (hint, fallback) => Option3.getOrElse(hint.mimeType, () => fallback);
+var readHintEncoding = (hint) => Option3.getOrElse(hint.encoding, () => "base64");
+var fileFromByteField = (body, hint) => {
+  if (typeof body !== "object" || body === null || Array.isArray(body)) return null;
+  const record = body;
+  const dataField = readHintString(hint.dataField, "data");
+  const rawData = record[dataField];
+  if (typeof rawData !== "string") return null;
+  const data = normalizeBase64(rawData, readHintEncoding(hint));
+  const sizeField = Option3.getOrUndefined(hint.sizeField);
+  const byteLength = sizeField && typeof record[sizeField] === "number" ? record[sizeField] : byteLengthFromBase64(data);
+  const hintedMimeType = readHintMimeType(hint, "application/octet-stream");
+  return {
+    _tag: "ToolFile",
+    mimeType: isGenericMimeType(hintedMimeType) ? sniffMimeTypeFromBase64(data) ?? hintedMimeType : hintedMimeType,
+    encoding: "base64",
+    data,
+    byteLength
+  };
+};
+var fileFromBinaryBytes = (bytes, hint, contentType) => {
+  const hintedMimeType = contentType ?? readHintMimeType(hint, "application/octet-stream");
+  return {
+    _tag: "ToolFile",
+    mimeType: isGenericMimeType(hintedMimeType) ? sniffMimeType(bytes) ?? hintedMimeType : hintedMimeType,
+    encoding: "base64",
+    data: bytesToBase64(bytes),
+    byteLength: bytes.byteLength
+  };
+};
 var toArrayBuffer = (bytes) => {
   const copy = new ArrayBuffer(bytes.byteLength);
   new Uint8Array(copy).set(bytes);
@@ -197,9 +380,9 @@ var DEFAULT_FORM_STYLE = {
 var resolveStyleExplode = (e) => {
   if (!e) return DEFAULT_FORM_STYLE;
   return {
-    style: Option2.getOrElse(e.style, () => DEFAULT_FORM_STYLE.style),
-    explode: Option2.getOrElse(e.explode, () => DEFAULT_FORM_STYLE.explode),
-    allowReserved: Option2.getOrElse(e.allowReserved, () => DEFAULT_FORM_STYLE.allowReserved)
+    style: Option3.getOrElse(e.style, () => DEFAULT_FORM_STYLE.style),
+    explode: Option3.getOrElse(e.explode, () => DEFAULT_FORM_STYLE.explode),
+    allowReserved: Option3.getOrElse(e.allowReserved, () => DEFAULT_FORM_STYLE.allowReserved)
   };
 };
 var encodeFormValue = (v, allowReserved) => {
@@ -259,7 +442,7 @@ var coerceFormDataRecord = (value, encoding) => {
   const out = {};
   for (const [key, raw] of Object.entries(value)) {
     if (raw === void 0 || raw === null) continue;
-    const partType = encoding?.[key] ? Option2.getOrUndefined(encoding[key].contentType) : void 0;
+    const partType = encoding?.[key] ? Option3.getOrUndefined(encoding[key].contentType) : void 0;
     if (partType) {
       const isJson = partType.startsWith("application/json") || partType.includes("+json");
       const serialized = typeof raw === "string" ? raw : isJson ? JSON.stringify(raw) : typeof raw === "object" ? JSON.stringify(raw) : String(raw);
@@ -340,9 +523,9 @@ var applyRequestBody = (request, contentType, bodyValue, encoding) => {
   if (bytes) return HttpClientRequest.bodyUint8Array(request, bytes, contentType);
   return HttpClientRequest.bodyText(request, JSON.stringify(bodyValue), contentType);
 };
-var invoke = Effect.fn("OpenApi.invoke")(function* (operation, args, resolvedHeaders, sourceQueryParams = {}) {
+var invoke = Effect2.fn("OpenApi.invoke")(function* (operation, args, resolvedHeaders, sourceQueryParams = {}) {
   const client = yield* HttpClient.HttpClient;
-  yield* Effect.annotateCurrentSpan({
+  yield* Effect2.annotateCurrentSpan({
     "http.method": operation.method.toUpperCase(),
     "http.route": operation.pathTemplate,
     "plugin.openapi.method": operation.method.toUpperCase(),
@@ -368,50 +551,57 @@ var invoke = Effect.fn("OpenApi.invoke")(function* (operation, args, resolvedHea
     if (value === void 0 || value === null) continue;
     request = HttpClientRequest.setHeader(request, param.name, String(value));
   }
-  if (Option2.isSome(operation.requestBody)) {
+  if (Option3.isSome(operation.requestBody)) {
     const rb = operation.requestBody.value;
     const bodyValue = args.body ?? args.input;
     if (bodyValue !== void 0) {
-      const contentsOpt = Option2.getOrUndefined(rb.contents);
+      const contentsOpt = Option3.getOrUndefined(rb.contents);
       const requestedCt = typeof args.contentType === "string" ? args.contentType : void 0;
       const selected = contentsOpt && requestedCt ? contentsOpt.find((c) => c.contentType === requestedCt) : void 0;
       const chosenCt = selected?.contentType ?? rb.contentType;
-      const chosenEncoding = selected ? Option2.getOrUndefined(selected.encoding) : contentsOpt && contentsOpt[0] ? Option2.getOrUndefined(contentsOpt[0].encoding) : void 0;
+      const chosenEncoding = selected ? Option3.getOrUndefined(selected.encoding) : contentsOpt && contentsOpt[0] ? Option3.getOrUndefined(contentsOpt[0].encoding) : void 0;
       request = applyRequestBody(request, chosenCt, bodyValue, chosenEncoding);
     }
   }
   request = applyHeaders(request, resolvedHeaders);
   const response = yield* client.execute(request).pipe(
-    Effect.mapError(
+    Effect2.mapError(
       (err) => new OpenApiInvocationError({
         message: "HTTP request failed",
-        statusCode: Option2.none(),
+        statusCode: Option3.none(),
         cause: err
       })
     )
   );
   const status = response.status;
-  yield* Effect.annotateCurrentSpan({
+  yield* Effect2.annotateCurrentSpan({
     "http.status_code": status
   });
   const responseHeaders = { ...response.headers };
   const contentType = response.headers["content-type"] ?? null;
-  const mapBodyError = Effect.mapError(
+  const mapBodyError = Effect2.mapError(
     (err) => new OpenApiInvocationError({
       message: "Failed to read response body",
-      statusCode: Option2.some(status),
+      statusCode: Option3.some(status),
       cause: err
     })
   );
-  const responseBody = status === 204 ? null : isJsonContentType(contentType) ? yield* response.json.pipe(
-    Effect.catch(() => response.text),
+  const responseBodyBinding = Option3.getOrUndefined(operation.responseBody);
+  const fileHint = responseBodyBinding ? Option3.getOrUndefined(responseBodyBinding.fileHint) : void 0;
+  const ok = status >= 200 && status < 300;
+  const responseBody = status === 204 ? null : ok && fileHint?.kind === "binaryResponse" ? fileFromBinaryBytes(
+    new Uint8Array(yield* response.arrayBuffer.pipe(mapBodyError)),
+    fileHint,
+    contentType
+  ) : isJsonContentType(contentType) ? yield* response.json.pipe(
+    Effect2.catch(() => response.text),
     mapBodyError
   ) : yield* response.text.pipe(mapBodyError);
-  const ok = status >= 200 && status < 300;
+  const dataBody = ok && fileHint?.kind === "byteField" ? fileFromByteField(responseBody, fileHint) ?? responseBody : responseBody;
   return InvocationResult.make({
     status,
     headers: responseHeaders,
-    data: ok ? responseBody : null,
+    data: ok ? dataBody : null,
     error: ok ? null : responseBody
   });
 });
@@ -426,25 +616,25 @@ var resolveRequestHost = (servers, serverArg, baseUrl) => {
       if (value != null && value !== "") overrides[name] = String(value);
     }
   }
-  return resolveServerUrl(chosen.url, Option2.getOrUndefined(chosen.variables), overrides);
+  return resolveServerUrl(chosen.url, Option3.getOrUndefined(chosen.variables), overrides);
 };
 var invokeWithLayer = (operation, args, baseUrl, resolvedHeaders, sourceQueryParams, httpClientLayer) => {
   const effectiveBaseUrl = resolveRequestHost(operation.servers ?? [], args.server, baseUrl);
   const clientWithBaseUrl = effectiveBaseUrl ? Layer.effect(
     HttpClient.HttpClient,
-    Effect.map(
-      Effect.service(HttpClient.HttpClient),
+    Effect2.map(
+      Effect2.service(HttpClient.HttpClient),
       HttpClient.mapRequest(HttpClientRequest.prependUrl(effectiveBaseUrl))
     )
   ).pipe(Layer.provide(httpClientLayer)) : httpClientLayer;
   return invoke(operation, args, resolvedHeaders, sourceQueryParams).pipe(
-    Effect.provide(clientWithBaseUrl),
+    Effect2.provide(clientWithBaseUrl),
     // `invoke` annotates http.status_code on ITS span (`OpenApi.invoke`,
     // via Effect.fn) — annotateCurrentSpan inside it never reaches this
     // wrapper span. Stamp the status here too so queries against
     // `plugin.openapi.invoke` see the upstream outcome directly.
-    Effect.tap((result) => Effect.annotateCurrentSpan({ "http.status_code": result.status })),
-    Effect.withSpan("plugin.openapi.invoke", {
+    Effect2.tap((result) => Effect2.annotateCurrentSpan({ "http.status_code": result.status })),
+    Effect2.withSpan("plugin.openapi.invoke", {
       attributes: {
         "plugin.openapi.method": operation.method.toUpperCase(),
         "plugin.openapi.path_template": operation.pathTemplate,
@@ -463,88 +653,13 @@ var annotationsForOperation = (method, pathTemplate) => {
   };
 };
 
-// src/sdk/store.ts
-import { Effect as Effect2, Option as Option3, Predicate, Schema as Schema2 } from "effect";
-var OPERATION_COLLECTION = "operation";
-var STORE_OWNER = "org";
-var encodeBinding = Schema2.encodeSync(OperationBinding);
-var decodeBinding = Schema2.decodeUnknownSync(OperationBinding);
-var decodeBindingJson = Schema2.decodeUnknownSync(Schema2.fromJsonString(OperationBinding));
-var toJsonRecord = (value) => value;
-var OperationStorage = Schema2.Struct({
-  integration: Schema2.String,
-  toolName: Schema2.String,
-  binding: Schema2.Unknown
-});
-var decodeOperationStorage = Schema2.decodeUnknownOption(OperationStorage);
-var rowToOperation = (row) => {
-  const decoded = decodeOperationStorage(row.data);
-  if (Option3.isNone(decoded)) return null;
-  const operation = decoded.value;
-  return {
-    integration: operation.integration,
-    toolName: operation.toolName,
-    binding: decodeBinding(
-      typeof operation.binding === "string" ? decodeBindingJson(operation.binding) : operation.binding
-    )
-  };
-};
-var operationKey = (integration, toolName) => `${integration}.${toolName}`;
-var specBlobKey = (specHash) => `spec/${specHash}`;
-var makeDefaultOpenapiStore = ({ pluginStorage, blobs }) => {
-  const operationData = (operation) => ({
-    integration: operation.integration,
-    toolName: operation.toolName,
-    binding: toJsonRecord(encodeBinding(operation.binding))
-  });
-  const listRows = (integration) => pluginStorage.list({ collection: OPERATION_COLLECTION, keyPrefix: `${integration}.` }).pipe(
-    Effect2.map(
-      (rows) => rows.filter((row) => rowToOperation(row)?.integration === integration)
-    )
-  );
-  const removeOperations = (integration) => Effect2.gen(function* () {
-    const rows = yield* listRows(integration);
-    yield* pluginStorage.removeMany({
-      owner: STORE_OWNER,
-      entries: rows.map((row) => ({ collection: OPERATION_COLLECTION, key: row.key }))
-    });
-  });
-  return {
-    putOperations: (integration, operations) => Effect2.gen(function* () {
-      yield* removeOperations(integration);
-      yield* pluginStorage.putMany({
-        owner: STORE_OWNER,
-        entries: operations.map((operation) => ({
-          collection: OPERATION_COLLECTION,
-          key: operationKey(integration, operation.toolName),
-          data: operationData(operation)
-        }))
-      });
-    }),
-    getOperation: (integration, toolName) => pluginStorage.get({ collection: OPERATION_COLLECTION, key: operationKey(integration, toolName) }).pipe(Effect2.map((row) => row ? rowToOperation(row) : null)),
-    listOperations: (integration) => listRows(integration).pipe(
-      Effect2.map((rows) => rows.map(rowToOperation).filter(Predicate.isNotNull))
-    ),
-    removeOperations,
-    putSpec: (specHash, specText) => blobs.put(specBlobKey(specHash), specText, { owner: STORE_OWNER }),
-    getSpec: (specHash) => blobs.get(specBlobKey(specHash))
-  };
-};
-
-// src/sdk/plugin.ts
+// src/sdk/backing.ts
 import { Effect as Effect3, Option as Option5, Schema as Schema3 } from "effect";
 import {
-  IntegrationAlreadyExistsError,
-  IntegrationDetectionResult,
-  IntegrationNotFoundError,
-  IntegrationSlug,
+  ToolFileJsonSchema,
   ToolName,
   ToolResult,
-  authToolFailure,
-  definePlugin,
-  mergeAuthTemplates,
-  sha256Hex,
-  tool
+  authToolFailure
 } from "@executor-js/sdk/core";
 
 // src/sdk/definitions.ts
@@ -692,8 +807,7 @@ var compileToolDefinitions = (operations) => {
   return resolveCollisions(raw).sort((a, b) => a.toolPath.localeCompare(b.toolPath));
 };
 
-// src/sdk/plugin.ts
-import { ApiKeyAuthTemplate, describeApiKeyAuthMethod } from "@executor-js/sdk/http-auth";
+// src/sdk/backing.ts
 var STRINGIFIED_BODY_CAP = 1024;
 var UpstreamMessageBody = Schema3.Struct({ message: Schema3.String });
 var UpstreamErrorMessageBody = Schema3.Struct({ errorMessage: Schema3.String });
@@ -727,7 +841,7 @@ var clampedStringify = (value) => {
   return s.length > STRINGIFIED_BODY_CAP ? `${s.slice(0, STRINGIFIED_BODY_CAP)}\u2026` : s;
 };
 var firstNonEmpty = (...values) => values.find((value) => value !== void 0 && value.length > 0);
-var extractUpstreamMessage = (body, status) => {
+var extractOpenApiUpstreamMessage = (body, status) => {
   if (typeof body === "string") {
     return body.length > 0 ? body : `Upstream returned HTTP ${status}`;
   }
@@ -758,162 +872,353 @@ var extractUpstreamMessage = (body, status) => {
   }
   return `Upstream returned HTTP ${status}`;
 };
-var PreviewSpecInputSchema = Schema3.Struct({
-  spec: Schema3.String
+var openApiAuthToolFailure = (failure) => authToolFailure({
+  code: failure.code,
+  message: failure.message,
+  source: { id: failure.integration, scope: failure.owner },
+  credential: {
+    kind: failure.credentialKind,
+    ...failure.credentialLabel ? { label: failure.credentialLabel } : {}
+  },
+  ...failure.status !== void 0 ? { status: failure.status } : {},
+  ...failure.details !== void 0 ? {
+    upstream: {
+      ...failure.status !== void 0 ? { status: failure.status } : {},
+      details: failure.details
+    }
+  } : {}
+});
+var normalizeOpenApiRefs = (node) => {
+  if (node == null || typeof node !== "object") return node;
+  if (Array.isArray(node)) {
+    let changed2 = false;
+    const out = node.map((item) => {
+      const n = normalizeOpenApiRefs(item);
+      if (n !== item) changed2 = true;
+      return n;
+    });
+    return changed2 ? out : node;
+  }
+  const obj = node;
+  if (typeof obj.$ref === "string") {
+    const match = obj.$ref.match(/^#\/components\/schemas\/(.+)$/);
+    if (match) return { ...obj, $ref: `#/$defs/${match[1]}` };
+    return obj;
+  }
+  let changed = false;
+  const result = {};
+  for (const [k, v] of Object.entries(obj)) {
+    const n = normalizeOpenApiRefs(v);
+    if (n !== v) changed = true;
+    result[k] = n;
+  }
+  return changed ? result : obj;
+};
+var toBinding = (def) => OperationBinding.make({
+  method: def.operation.method,
+  servers: def.operation.servers,
+  pathTemplate: def.operation.pathTemplate,
+  parameters: [...def.operation.parameters],
+  requestBody: def.operation.requestBody,
+  responseBody: def.operation.responseBody
 });
-var StaticPreviewServerVariableSchema = Schema3.Struct({
-  default: Schema3.String,
-  enum: Schema3.NullOr(Schema3.Array(Schema3.String)),
-  description: Schema3.NullOr(Schema3.String)
+var descriptionFor = (def) => {
+  const op = def.operation;
+  return Option5.getOrElse(
+    op.description,
+    () => Option5.getOrElse(op.summary, () => `${op.method.toUpperCase()} ${op.pathTemplate}`)
+  );
+};
+var compileOpenApiDocument = (doc) => Effect3.gen(function* () {
+  const result = yield* extract(doc);
+  const hoistedDefs = {};
+  if (doc.components?.schemas) {
+    for (const [k, v] of Object.entries(doc.components.schemas)) {
+      hoistedDefs[k] = normalizeOpenApiRefs(v);
+    }
+  }
+  return {
+    definitions: compileToolDefinitions(result.operations),
+    hoistedDefs,
+    title: Option5.getOrUndefined(result.title),
+    description: Option5.getOrUndefined(result.description)
+  };
 });
-var StaticPreviewServerSchema = Schema3.Struct({
-  url: Schema3.String,
-  description: Schema3.NullOr(Schema3.String),
-  variables: Schema3.NullOr(Schema3.Record(Schema3.String, StaticPreviewServerVariableSchema))
+var compileOpenApiSpec = (specText) => Effect3.gen(function* () {
+  const doc = yield* parse(specText);
+  return yield* compileOpenApiDocument(doc);
 });
-var StaticPreviewOAuthAuthorizationCodeFlowSchema = Schema3.Struct({
-  authorizationUrl: Schema3.String,
-  tokenUrl: Schema3.String,
-  refreshUrl: Schema3.NullOr(Schema3.String),
-  scopes: Schema3.Record(Schema3.String, Schema3.String)
+var openApiToolDefsFromCompiled = (compiled) => compiled.definitions.map(
+  (def) => ({
+    name: ToolName.make(def.toolPath),
+    description: descriptionFor(def),
+    inputSchema: normalizeOpenApiRefs(Option5.getOrUndefined(def.operation.inputSchema)),
+    outputSchema: Option5.match(def.operation.responseBody, {
+      onNone: () => normalizeOpenApiRefs(Option5.getOrUndefined(def.operation.outputSchema)),
+      onSome: (responseBody) => Option5.isSome(responseBody.fileHint) ? ToolFileJsonSchema : normalizeOpenApiRefs(Option5.getOrUndefined(def.operation.outputSchema))
+    }),
+    annotations: annotationsForOperation(def.operation.method, def.operation.pathTemplate)
+  })
+);
+var openApiStoredOperationsFromCompiled = (integration, compiled) => compiled.definitions.map((def) => ({
+  integration,
+  toolName: def.toolPath,
+  binding: toBinding(def)
+}));
+var loadOpenApiSpecText = (storage, config) => config.specHash != null ? storage.getSpec(config.specHash) : Effect3.succeed(null);
+var resolveOpenApiBackedTools = ({
+  config,
+  storage
+}) => Effect3.gen(function* () {
+  const openApiConfig = decodeOpenApiIntegrationConfig(config);
+  if (!openApiConfig) return { tools: [], definitions: {} };
+  const specText = yield* loadOpenApiSpecText(storage, openApiConfig);
+  if (specText == null) return { tools: [], definitions: {} };
+  const compiled = yield* compileOpenApiSpec(specText).pipe(
+    Effect3.catch(() => Effect3.succeed(null))
+  );
+  if (!compiled) return { tools: [], definitions: {} };
+  return {
+    tools: openApiToolDefsFromCompiled(compiled),
+    definitions: compiled.hoistedDefs
+  };
 });
-var StaticPreviewOAuthClientCredentialsFlowSchema = Schema3.Struct({
-  tokenUrl: Schema3.String,
-  refreshUrl: Schema3.NullOr(Schema3.String),
-  scopes: Schema3.Record(Schema3.String, Schema3.String)
+var invokeOpenApiBackedTool = (input) => Effect3.gen(function* () {
+  const integration = input.toolRow.integration;
+  const config = decodeOpenApiIntegrationConfig(input.credential.config);
+  let binding = (yield* input.ctx.storage.getOperation(integration, input.toolRow.name))?.binding;
+  if ((!binding || Option5.isNone(binding.responseBody)) && config) {
+    const specText = yield* loadOpenApiSpecText(input.ctx.storage, config).pipe(
+      Effect3.catch(() => Effect3.succeed(null))
+    );
+    const compiled = specText == null ? null : yield* compileOpenApiSpec(specText).pipe(Effect3.catch(() => Effect3.succeed(null)));
+    binding = compiled ? openApiStoredOperationsFromCompiled(integration, compiled).find(
+      (op) => op.toolName === input.toolRow.name
+    )?.binding : void 0;
+  }
+  if (!binding) {
+    return yield* new OpenApiExtractionError({
+      message: `No OpenAPI operation found for tool "${input.toolRow.name}" on "${integration}"`
+    });
+  }
+  const headers = { ...config?.headers ?? {} };
+  const queryParams = {
+    ...config?.queryParams ?? {}
+  };
+  const template = (config?.authenticationTemplate ?? []).find(
+    (entry) => String(entry.slug) === String(input.credential.template)
+  );
+  if (template) {
+    const missing = requiredTemplateVariables(template).filter((name) => {
+      const value = input.credential.values[name];
+      return value == null || value === "";
+    });
+    if (missing.length > 0) {
+      return openApiAuthToolFailure({
+        code: template.kind === "oauth2" ? "oauth_connection_missing" : "connection_value_missing",
+        message: `Connection "${input.credential.connection}" for "${integration}" has no resolvable credential value. Re-authenticate or update the connection.`,
+        owner: input.credential.owner,
+        integration,
+        connection: String(input.credential.connection),
+        credentialKind: template.kind === "oauth2" ? "oauth" : "secret"
+      });
+    }
+    const rendered = renderAuthTemplate(template, input.credential.values);
+    Object.assign(headers, rendered.headers);
+    Object.assign(queryParams, rendered.queryParams);
+  }
+  const result = yield* invokeWithLayer(
+    binding,
+    input.args ?? {},
+    config?.baseUrl ?? "",
+    headers,
+    queryParams,
+    input.httpClientLayer
+  );
+  const ok = result.status >= 200 && result.status < 300;
+  if (!ok) {
+    if (result.status === 401 || result.status === 403) {
+      return openApiAuthToolFailure({
+        code: "connection_rejected",
+        status: result.status,
+        message: `Upstream rejected credentials for "${integration}" with HTTP ${result.status}. Re-authenticate or update the connection "${input.credential.connection}" before retrying this tool.`,
+        owner: input.credential.owner,
+        integration,
+        connection: String(input.credential.connection),
+        credentialKind: "upstream",
+        credentialLabel: "Upstream authorization",
+        details: result.error
+      });
+    }
+    return ToolResult.fail({
+      code: "upstream_http_error",
+      status: result.status,
+      message: extractOpenApiUpstreamMessage(result.error, result.status),
+      details: result.error
+    });
+  }
+  return ToolResult.ok(result.data, {
+    http: { status: result.status, headers: result.headers }
+  });
+});
+var resolveOpenApiBackedAnnotations = (input) => Effect3.gen(function* () {
+  const ops = yield* input.ctx.storage.listOperations(String(input.integration));
+  const byName = /* @__PURE__ */ new Map();
+  for (const op of ops) byName.set(op.toolName, op.binding);
+  const out = {};
+  for (const row of input.toolRows) {
+    const binding = byName.get(row.name);
+    if (binding) {
+      out[row.name] = annotationsForOperation(binding.method, binding.pathTemplate);
+    }
+  }
+  return out;
+});
+
+// src/sdk/plugin.ts
+import { Effect as Effect4, Option as Option6, Schema as Schema4 } from "effect";
+import {
+  IntegrationAlreadyExistsError,
+  IntegrationDetectionResult,
+  IntegrationNotFoundError,
+  IntegrationSlug,
+  ToolResult as ToolResult2,
+  definePlugin,
+  mergeAuthTemplates,
+  sha256Hex,
+  tool
+} from "@executor-js/sdk/core";
+import { ApiKeyAuthTemplate, describeApiKeyAuthMethod } from "@executor-js/sdk/http-auth";
+var PreviewSpecInputSchema = Schema4.Struct({
+  spec: Schema4.String
+});
+var StaticPreviewServerVariableSchema = Schema4.Struct({
+  default: Schema4.String,
+  enum: Schema4.NullOr(Schema4.Array(Schema4.String)),
+  description: Schema4.NullOr(Schema4.String)
+});
+var StaticPreviewServerSchema = Schema4.Struct({
+  url: Schema4.String,
+  description: Schema4.NullOr(Schema4.String),
+  variables: Schema4.NullOr(Schema4.Record(Schema4.String, StaticPreviewServerVariableSchema))
 });
-var StaticPreviewOAuthFlowsSchema = Schema3.Struct({
-  authorizationCode: Schema3.NullOr(StaticPreviewOAuthAuthorizationCodeFlowSchema),
-  clientCredentials: Schema3.NullOr(StaticPreviewOAuthClientCredentialsFlowSchema)
+var StaticPreviewOAuthAuthorizationCodeFlowSchema = Schema4.Struct({
+  authorizationUrl: Schema4.String,
+  tokenUrl: Schema4.String,
+  refreshUrl: Schema4.NullOr(Schema4.String),
+  scopes: Schema4.Record(Schema4.String, Schema4.String)
 });
-var StaticPreviewSecuritySchemeSchema = Schema3.Struct({
-  name: Schema3.String,
-  type: Schema3.Literals(["http", "apiKey", "oauth2", "openIdConnect"]),
-  scheme: Schema3.NullOr(Schema3.String),
-  bearerFormat: Schema3.NullOr(Schema3.String),
-  in: Schema3.NullOr(Schema3.Literals(["header", "query", "cookie"])),
-  headerName: Schema3.NullOr(Schema3.String),
-  description: Schema3.NullOr(Schema3.String),
-  flows: Schema3.NullOr(StaticPreviewOAuthFlowsSchema),
-  openIdConnectUrl: Schema3.NullOr(Schema3.String)
+var StaticPreviewOAuthClientCredentialsFlowSchema = Schema4.Struct({
+  tokenUrl: Schema4.String,
+  refreshUrl: Schema4.NullOr(Schema4.String),
+  scopes: Schema4.Record(Schema4.String, Schema4.String)
 });
-var StaticPreviewOAuth2PresetSchema = Schema3.Struct({
-  label: Schema3.String,
-  securitySchemeName: Schema3.String,
-  flow: Schema3.Literals(["authorizationCode", "clientCredentials"]),
-  authorizationUrl: Schema3.NullOr(Schema3.String),
-  tokenUrl: Schema3.String,
-  refreshUrl: Schema3.NullOr(Schema3.String),
-  scopes: Schema3.Record(Schema3.String, Schema3.String),
-  identityScopes: Schema3.Union([
-    Schema3.Literal("auto"),
-    Schema3.Literal(false),
-    Schema3.Array(Schema3.String)
+var StaticPreviewOAuthFlowsSchema = Schema4.Struct({
+  authorizationCode: Schema4.NullOr(StaticPreviewOAuthAuthorizationCodeFlowSchema),
+  clientCredentials: Schema4.NullOr(StaticPreviewOAuthClientCredentialsFlowSchema)
+});
+var StaticPreviewSecuritySchemeSchema = Schema4.Struct({
+  name: Schema4.String,
+  type: Schema4.Literals(["http", "apiKey", "oauth2", "openIdConnect"]),
+  scheme: Schema4.NullOr(Schema4.String),
+  bearerFormat: Schema4.NullOr(Schema4.String),
+  in: Schema4.NullOr(Schema4.Literals(["header", "query", "cookie"])),
+  headerName: Schema4.NullOr(Schema4.String),
+  description: Schema4.NullOr(Schema4.String),
+  flows: Schema4.NullOr(StaticPreviewOAuthFlowsSchema),
+  openIdConnectUrl: Schema4.NullOr(Schema4.String)
+});
+var StaticPreviewOAuth2PresetSchema = Schema4.Struct({
+  label: Schema4.String,
+  securitySchemeName: Schema4.String,
+  flow: Schema4.Literals(["authorizationCode", "clientCredentials"]),
+  authorizationUrl: Schema4.NullOr(Schema4.String),
+  tokenUrl: Schema4.String,
+  refreshUrl: Schema4.NullOr(Schema4.String),
+  scopes: Schema4.Record(Schema4.String, Schema4.String),
+  identityScopes: Schema4.Union([
+    Schema4.Literal("auto"),
+    Schema4.Literal(false),
+    Schema4.Array(Schema4.String)
   ])
 });
-var StaticPreviewSpecOutputSchema = Schema3.Struct({
-  title: Schema3.NullOr(Schema3.String),
-  version: Schema3.NullOr(Schema3.String),
-  servers: Schema3.Array(StaticPreviewServerSchema),
-  operationCount: Schema3.Number,
-  tags: Schema3.Array(Schema3.String),
-  securitySchemes: Schema3.Array(StaticPreviewSecuritySchemeSchema),
-  authStrategies: Schema3.Array(Schema3.Struct({ schemes: Schema3.Array(Schema3.String) })),
-  headerPresets: Schema3.Array(
-    Schema3.Struct({
-      label: Schema3.String,
-      headers: Schema3.Record(Schema3.String, Schema3.NullOr(Schema3.String)),
-      secretHeaders: Schema3.Array(Schema3.String)
+var StaticPreviewSpecOutputSchema = Schema4.Struct({
+  title: Schema4.NullOr(Schema4.String),
+  version: Schema4.NullOr(Schema4.String),
+  servers: Schema4.Array(StaticPreviewServerSchema),
+  operationCount: Schema4.Number,
+  tags: Schema4.Array(Schema4.String),
+  securitySchemes: Schema4.Array(StaticPreviewSecuritySchemeSchema),
+  authStrategies: Schema4.Array(Schema4.Struct({ schemes: Schema4.Array(Schema4.String) })),
+  headerPresets: Schema4.Array(
+    Schema4.Struct({
+      label: Schema4.String,
+      headers: Schema4.Record(Schema4.String, Schema4.NullOr(Schema4.String)),
+      secretHeaders: Schema4.Array(Schema4.String)
     })
   ),
-  oauth2Presets: Schema3.Array(StaticPreviewOAuth2PresetSchema)
+  oauth2Presets: Schema4.Array(StaticPreviewOAuth2PresetSchema)
 });
-var OpenApiSpecInputSchema = Schema3.Union([
-  Schema3.Struct({ kind: Schema3.Literal("url"), url: Schema3.String }),
-  Schema3.Struct({ kind: Schema3.Literal("blob"), value: Schema3.String }),
-  Schema3.Struct({
-    kind: Schema3.Literal("googleDiscovery"),
-    url: Schema3.String
-  }),
-  Schema3.Struct({
-    kind: Schema3.Literal("googleDiscoveryBundle"),
-    urls: Schema3.Array(Schema3.String)
-  })
+var OpenApiSpecInputSchema = Schema4.Union([
+  Schema4.Struct({ kind: Schema4.Literal("url"), url: Schema4.String }),
+  Schema4.Struct({ kind: Schema4.Literal("blob"), value: Schema4.String })
 ]);
-var AuthenticationSchema2 = Schema3.Union([
-  Schema3.Struct({
-    slug: Schema3.String,
-    kind: Schema3.Literal("oauth2"),
-    authorizationUrl: Schema3.String,
-    tokenUrl: Schema3.String,
-    scopes: Schema3.Array(Schema3.String)
+var AuthenticationSchema2 = Schema4.Union([
+  Schema4.Struct({
+    slug: Schema4.String,
+    kind: Schema4.Literal("oauth2"),
+    authorizationUrl: Schema4.String,
+    tokenUrl: Schema4.String,
+    scopes: Schema4.Array(Schema4.String)
   }),
-  // Credential methods are authored request-shaped — the ONE apikey input
+  // Credential methods are authored request-shaped - the ONE apikey input
   // dialect: `{ type: "apiKey", headers: { Authorization: ["Bearer ",
   // variable("token")] }, queryParams: { … } }`.
   ApiKeyAuthTemplate
 ]);
-var AddSourceInputSchema = Schema3.Struct({
+var AddSourceInputSchema = Schema4.Struct({
   spec: OpenApiSpecInputSchema,
-  slug: Schema3.String,
-  description: Schema3.optional(Schema3.String),
-  baseUrl: Schema3.optional(Schema3.String),
-  headers: Schema3.optional(Schema3.Record(Schema3.String, Schema3.String)),
-  queryParams: Schema3.optional(Schema3.Record(Schema3.String, Schema3.String)),
-  authenticationTemplate: Schema3.optional(Schema3.Array(AuthenticationSchema2))
+  slug: Schema4.String,
+  description: Schema4.optional(Schema4.String),
+  baseUrl: Schema4.optional(Schema4.String),
+  headers: Schema4.optional(Schema4.Record(Schema4.String, Schema4.String)),
+  queryParams: Schema4.optional(Schema4.Record(Schema4.String, Schema4.String)),
+  authenticationTemplate: Schema4.optional(Schema4.Array(AuthenticationSchema2))
 });
-var AddSourceOutputSchema = Schema3.Struct({
-  slug: Schema3.String,
-  toolCount: Schema3.Number
+var AddSourceOutputSchema = Schema4.Struct({
+  slug: Schema4.String,
+  toolCount: Schema4.Number
 });
-var PreviewSpecInputStandardSchema = Schema3.toStandardSchemaV1(
-  Schema3.toStandardJSONSchemaV1(PreviewSpecInputSchema)
+var PreviewSpecInputStandardSchema = Schema4.toStandardSchemaV1(
+  Schema4.toStandardJSONSchemaV1(PreviewSpecInputSchema)
 );
-var PreviewSpecOutputStandardSchema = Schema3.toStandardSchemaV1(
-  Schema3.toStandardJSONSchemaV1(StaticPreviewSpecOutputSchema)
+var PreviewSpecOutputStandardSchema = Schema4.toStandardSchemaV1(
+  Schema4.toStandardJSONSchemaV1(StaticPreviewSpecOutputSchema)
 );
-var AddSourceInputStandardSchema = Schema3.toStandardSchemaV1(
-  Schema3.toStandardJSONSchemaV1(AddSourceInputSchema)
+var AddSourceInputStandardSchema = Schema4.toStandardSchemaV1(
+  Schema4.toStandardJSONSchemaV1(AddSourceInputSchema)
 );
-var AddSourceOutputStandardSchema = Schema3.toStandardSchemaV1(
-  Schema3.toStandardJSONSchemaV1(AddSourceOutputSchema)
+var AddSourceOutputStandardSchema = Schema4.toStandardSchemaV1(
+  Schema4.toStandardJSONSchemaV1(AddSourceOutputSchema)
 );
-var openApiToolFailure = (code, message, details) => ToolResult.fail({
+var openApiToolFailure = (code, message, details) => ToolResult2.fail({
   code,
   message,
   ...details === void 0 ? {} : { details }
 });
-var openApiAuthToolFailure = (failure) => authToolFailure({
-  // The auth-tool-failure helper's code set is shared with v1; keep the
-  // string but reference the connection rather than v1's source/slot.
-  code: failure.code,
-  message: failure.message,
-  source: { id: failure.integration, scope: failure.owner },
-  credential: {
-    kind: failure.credentialKind,
-    ...failure.credentialLabel ? { label: failure.credentialLabel } : {}
-  },
-  ...failure.status !== void 0 ? { status: failure.status } : {},
-  ...failure.details !== void 0 ? {
-    upstream: {
-      ...failure.status !== void 0 ? { status: failure.status } : {},
-      details: failure.details
-    }
-  } : {}
-});
 var staticPreviewOutput = (preview) => ({
-  title: Option5.getOrNull(preview.title),
-  version: Option5.getOrNull(preview.version),
+  title: Option6.getOrNull(preview.title),
+  version: Option6.getOrNull(preview.version),
   servers: preview.servers.map((server) => ({
     url: server.url,
-    description: Option5.getOrNull(server.description),
-    variables: Option5.getOrNull(server.variables) ? Object.fromEntries(
-      Object.entries(Option5.getOrNull(server.variables) ?? {}).map(([name, variable]) => [
+    description: Option6.getOrNull(server.description),
+    variables: Option6.getOrNull(server.variables) ? Object.fromEntries(
+      Object.entries(Option6.getOrNull(server.variables) ?? {}).map(([name, variable]) => [
         name,
         {
           default: variable.default,
-          enum: Option5.getOrNull(variable.enum),
-          description: Option5.getOrNull(variable.description)
+          enum: Option6.getOrNull(variable.enum),
+          description: Option6.getOrNull(variable.description)
         }
       ])
     ) : null
@@ -923,25 +1228,25 @@ var staticPreviewOutput = (preview) => ({
   securitySchemes: preview.securitySchemes.map((scheme) => ({
     name: scheme.name,
     type: scheme.type,
-    scheme: Option5.getOrNull(scheme.scheme),
-    bearerFormat: Option5.getOrNull(scheme.bearerFormat),
-    in: Option5.getOrNull(scheme.in),
-    headerName: Option5.getOrNull(scheme.headerName),
-    description: Option5.getOrNull(scheme.description),
-    flows: Option5.isSome(scheme.flows) ? {
-      authorizationCode: Option5.isSome(scheme.flows.value.authorizationCode) ? {
+    scheme: Option6.getOrNull(scheme.scheme),
+    bearerFormat: Option6.getOrNull(scheme.bearerFormat),
+    in: Option6.getOrNull(scheme.in),
+    headerName: Option6.getOrNull(scheme.headerName),
+    description: Option6.getOrNull(scheme.description),
+    flows: Option6.isSome(scheme.flows) ? {
+      authorizationCode: Option6.isSome(scheme.flows.value.authorizationCode) ? {
         authorizationUrl: scheme.flows.value.authorizationCode.value.authorizationUrl,
         tokenUrl: scheme.flows.value.authorizationCode.value.tokenUrl,
-        refreshUrl: Option5.getOrNull(scheme.flows.value.authorizationCode.value.refreshUrl),
+        refreshUrl: Option6.getOrNull(scheme.flows.value.authorizationCode.value.refreshUrl),
         scopes: scheme.flows.value.authorizationCode.value.scopes
       } : null,
-      clientCredentials: Option5.isSome(scheme.flows.value.clientCredentials) ? {
+      clientCredentials: Option6.isSome(scheme.flows.value.clientCredentials) ? {
         tokenUrl: scheme.flows.value.clientCredentials.value.tokenUrl,
-        refreshUrl: Option5.getOrNull(scheme.flows.value.clientCredentials.value.refreshUrl),
+        refreshUrl: Option6.getOrNull(scheme.flows.value.clientCredentials.value.refreshUrl),
         scopes: scheme.flows.value.clientCredentials.value.scopes
       } : null
     } : null,
-    openIdConnectUrl: Option5.getOrNull(scheme.openIdConnectUrl)
+    openIdConnectUrl: Option6.getOrNull(scheme.openIdConnectUrl)
   })),
   authStrategies: preview.authStrategies,
   headerPresets: preview.headerPresets,
@@ -949,55 +1254,14 @@ var staticPreviewOutput = (preview) => ({
     label: preset.label,
     securitySchemeName: preset.securitySchemeName,
     flow: preset.flow,
-    authorizationUrl: Option5.getOrNull(preset.authorizationUrl),
+    authorizationUrl: Option6.getOrNull(preset.authorizationUrl),
     tokenUrl: preset.tokenUrl,
-    refreshUrl: Option5.getOrNull(preset.refreshUrl),
+    refreshUrl: Option6.getOrNull(preset.refreshUrl),
     scopes: preset.scopes,
     identityScopes: preset.identityScopes
   }))
 });
-var normalizeOpenApiRefs = (node) => {
-  if (node == null || typeof node !== "object") return node;
-  if (Array.isArray(node)) {
-    let changed2 = false;
-    const out = node.map((item) => {
-      const n = normalizeOpenApiRefs(item);
-      if (n !== item) changed2 = true;
-      return n;
-    });
-    return changed2 ? out : node;
-  }
-  const obj = node;
-  if (typeof obj.$ref === "string") {
-    const match = obj.$ref.match(/^#\/components\/schemas\/(.+)$/);
-    if (match) return { ...obj, $ref: `#/$defs/${match[1]}` };
-    return obj;
-  }
-  let changed = false;
-  const result = {};
-  for (const [k, v] of Object.entries(obj)) {
-    const n = normalizeOpenApiRefs(v);
-    if (n !== v) changed = true;
-    result[k] = n;
-  }
-  return changed ? result : obj;
-};
-var toBinding = (def) => OperationBinding.make({
-  method: def.operation.method,
-  servers: def.operation.servers,
-  pathTemplate: def.operation.pathTemplate,
-  parameters: [...def.operation.parameters],
-  requestBody: def.operation.requestBody
-});
-var descriptionFor = (def) => {
-  const op = def.operation;
-  return Option5.getOrElse(
-    op.description,
-    () => Option5.getOrElse(op.summary, () => `${op.method.toUpperCase()} ${op.pathTemplate}`)
-  );
-};
-var specInputToSourceUrl = (spec) => spec.kind === "url" || spec.kind === "googleDiscovery" ? spec.url : void 0;
-var specInputToGoogleBundle = (spec) => spec.kind === "googleDiscoveryBundle" ? spec.urls : void 0;
+var specInputToSourceUrl = (spec) => spec.kind === "url" ? spec.url : void 0;
 var describeOpenApiAuthMethods = (record) => {
   const config = decodeOpenApiIntegrationConfig(record.config);
   if (!config) return [];
@@ -1024,76 +1288,10 @@ var describeOpenApiIntegrationDisplay = (record) => {
   const config = decodeOpenApiIntegrationConfig(record.config);
   return { url: config?.baseUrl ?? config?.sourceUrl };
 };
-var loadSpecText = (storage, config) => config.specHash != null ? storage.getSpec(config.specHash) : Effect3.succeed(null);
-var compileSpec = (specText) => Effect3.gen(function* () {
-  const doc = yield* parse(specText);
-  const result = yield* extract(doc);
-  const hoistedDefs = {};
-  if (doc.components?.schemas) {
-    for (const [k, v] of Object.entries(doc.components.schemas)) {
-      hoistedDefs[k] = normalizeOpenApiRefs(v);
-    }
-  }
-  return {
-    definitions: compileToolDefinitions(result.operations),
-    hoistedDefs,
-    title: Option5.getOrUndefined(result.title),
-    description: Option5.getOrUndefined(result.description)
-  };
-});
-var toolDefsFromCompiled = (compiled) => compiled.definitions.map(
-  (def) => ({
-    name: ToolName.make(def.toolPath),
-    description: descriptionFor(def),
-    inputSchema: normalizeOpenApiRefs(Option5.getOrUndefined(def.operation.inputSchema)),
-    // The output schema is the upstream response body only — transport
-    // status/headers live in the ToolResult `http` side channel, not the
-    // payload (see the invoke handler).
-    outputSchema: normalizeOpenApiRefs(Option5.getOrUndefined(def.operation.outputSchema)),
-    annotations: annotationsForOperation(def.operation.method, def.operation.pathTemplate)
-  })
-);
-var storedOperationsFromCompiled = (integration, compiled) => compiled.definitions.map((def) => ({
-  integration,
-  toolName: def.toolPath,
-  binding: toBinding(def)
-}));
-var fetchGoogleDiscoveryBundleConversion = (urls, httpClientLayer) => Effect3.forEach(
-  urls,
-  (url) => fetchGoogleDiscoveryDocument(url).pipe(
-    Effect3.provide(httpClientLayer),
-    Effect3.map((documentText) => ({ discoveryUrl: url, documentText }))
-  ),
-  { concurrency: 4 }
-).pipe(Effect3.flatMap((documents) => convertGoogleDiscoveryBundleToOpenApi({ documents })));
 var openApiPlugin = definePlugin((options) => {
-  const resolveSpecForInput = (spec, httpClientLayer) => Effect3.gen(function* () {
-    if (spec.kind === "googleDiscovery") {
-      const conversion = yield* fetchGoogleDiscoveryDocument(spec.url).pipe(
-        Effect3.provide(httpClientLayer),
-        Effect3.flatMap(
-          (documentText) => convertGoogleDiscoveryToOpenApi({
-            discoveryUrl: spec.url,
-            documentText
-          })
-        )
-      );
-      return {
-        specText: conversion.specText,
-        baseUrl: conversion.baseUrl,
-        ...conversion.authenticationTemplate ? { authenticationTemplate: conversion.authenticationTemplate } : {}
-      };
-    }
-    if (spec.kind === "googleDiscoveryBundle") {
-      const conversion = yield* fetchGoogleDiscoveryBundleConversion(spec.urls, httpClientLayer);
-      return {
-        specText: conversion.specText,
-        baseUrl: conversion.baseUrl,
-        ...conversion.authenticationTemplate ? { authenticationTemplate: conversion.authenticationTemplate } : {}
-      };
-    }
+  const resolveSpecForInput = (spec, httpClientLayer) => Effect4.gen(function* () {
     if (spec.kind === "url") {
-      const specText = yield* resolveSpecText(spec.url).pipe(Effect3.provide(httpClientLayer));
+      const specText = yield* resolveSpecText(spec.url).pipe(Effect4.provide(httpClientLayer));
       return { specText };
     }
     return { specText: spec.value };
@@ -1112,12 +1310,12 @@ var openApiPlugin = definePlugin((options) => {
     storage: (deps) => makeDefaultOpenapiStore(deps),
     extension: (ctx) => {
       const httpClientLayer = options?.httpClientLayer ?? ctx.httpClientLayer;
-      const addSpec = (config) => Effect3.gen(function* () {
+      const addSpec = (config) => Effect4.gen(function* () {
         const resolved = yield* resolveSpecForInput(config.spec, httpClientLayer);
-        const compiled = yield* compileSpec(resolved.specText);
-        const explicitBaseUrl = config.baseUrl ?? resolved.baseUrl;
+        const compiled = yield* compileOpenApiSpec(resolved.specText);
+        const explicitBaseUrl = config.baseUrl;
         const needsDerivedBaseUrl = explicitBaseUrl == null;
-        const needsDerivedAuth = config.authenticationTemplate == null && resolved.authenticationTemplate == null;
+        const needsDerivedAuth = config.authenticationTemplate == null;
         const preview = needsDerivedBaseUrl || needsDerivedAuth ? yield* previewSpecText(resolved.specText) : void 0;
         const derivedBaseUrl = needsDerivedBaseUrl && preview ? firstBaseUrlForPreview(preview) : void 0;
         const effectiveBaseUrl = explicitBaseUrl ?? (derivedBaseUrl || void 0);
@@ -1131,55 +1329,52 @@ var openApiPlugin = definePlugin((options) => {
         const integrationConfig = {
           specHash,
           ...specInputToSourceUrl(config.spec) !== void 0 ? { sourceUrl: specInputToSourceUrl(config.spec) } : {},
-          ...specInputToGoogleBundle(config.spec) !== void 0 ? { googleDiscoveryUrls: specInputToGoogleBundle(config.spec) } : {},
           // baseUrl is an optional override only. The host is otherwise
           // resolved per call from the operation's `servers` (extracted from
           // the spec), so we never bake a derived base URL into the config.
           ...config.baseUrl ? { baseUrl: config.baseUrl } : {},
           ...config.headers ? { headers: config.headers } : {},
           ...config.queryParams ? { queryParams: config.queryParams } : {},
-          // Prefer the caller's explicit template; otherwise adopt the one the
-          // Google Discovery converter derived from the spec (the bundle add
-          // path relies on this — it has no preview to detect auth from);
-          // otherwise derive from the spec's declared security schemes.
+          // Prefer the caller's explicit template; otherwise derive from the
+          // spec's declared security schemes.
           ...config.authenticationTemplate ? {
             authenticationTemplate: normalizeOpenApiAuthInputs(config.authenticationTemplate)
-          } : resolved.authenticationTemplate ? { authenticationTemplate: resolved.authenticationTemplate } : derivedAuthenticationTemplate && derivedAuthenticationTemplate.length > 0 ? { authenticationTemplate: derivedAuthenticationTemplate } : {}
+          } : derivedAuthenticationTemplate && derivedAuthenticationTemplate.length > 0 ? { authenticationTemplate: derivedAuthenticationTemplate } : {}
         };
         yield* ctx.storage.putSpec(specHash, resolved.specText);
         yield* ctx.transaction(
-          Effect3.gen(function* () {
+          Effect4.gen(function* () {
             yield* ctx.core.integrations.register({
               slug,
               name: config.name?.trim() || compiled.title || config.slug,
               description: config.description ?? compiled.description ?? compiled.title ?? config.slug,
               config: integrationConfig,
               canRemove: true,
-              canRefresh: specInputToSourceUrl(config.spec) != null || specInputToGoogleBundle(config.spec) != null
+              canRefresh: specInputToSourceUrl(config.spec) != null
             });
             yield* ctx.storage.putOperations(
               config.slug,
-              storedOperationsFromCompiled(config.slug, compiled)
+              openApiStoredOperationsFromCompiled(config.slug, compiled)
             );
           })
         );
         return { slug, toolCount: compiled.definitions.length };
       });
-      const updateSpec = (rawSlug, input) => Effect3.gen(function* () {
+      const updateSpec = (rawSlug, input) => Effect4.gen(function* () {
         const slug = IntegrationSlug.make(rawSlug);
         const record = yield* ctx.core.integrations.get(slug);
         const current = record ? decodeOpenApiIntegrationConfig(record.config) : null;
         if (!record || !current) {
           return yield* new IntegrationNotFoundError({ slug });
         }
-        const specInput = input?.spec ?? (current.googleDiscoveryUrls ? { kind: "googleDiscoveryBundle", urls: current.googleDiscoveryUrls } : current.sourceUrl ? isGoogleDiscoveryUrl(current.sourceUrl) ? { kind: "googleDiscovery", url: current.sourceUrl } : { kind: "url", url: current.sourceUrl } : null);
+        const specInput = input?.spec ?? (current.sourceUrl ? { kind: "url", url: current.sourceUrl } : null);
         if (specInput === null) {
           return yield* new OpenApiParseError({
             message: "This integration's spec was pasted inline and has no source URL to re-fetch. Provide the updated spec content."
           });
         }
         const resolved = yield* resolveSpecForInput(specInput, httpClientLayer);
-        const compiled = yield* compileSpec(resolved.specText);
+        const compiled = yield* compileOpenApiSpec(resolved.specText);
         const previousOperations = yield* ctx.storage.listOperations(rawSlug);
         const previousNames = new Set(previousOperations.map((op) => op.toolName));
         const nextNames = new Set(compiled.definitions.map((def) => def.toolPath));
@@ -1188,32 +1383,31 @@ var openApiPlugin = definePlugin((options) => {
         const nextConfig = {
           ...current,
           specHash,
-          ...specInputToSourceUrl(specInput) !== void 0 ? { sourceUrl: specInputToSourceUrl(specInput) } : {},
-          ...specInputToGoogleBundle(specInput) !== void 0 ? { googleDiscoveryUrls: specInputToGoogleBundle(specInput) } : {}
+          ...specInputToSourceUrl(specInput) !== void 0 ? { sourceUrl: specInputToSourceUrl(specInput) } : {}
         };
         yield* ctx.transaction(
-          Effect3.gen(function* () {
+          Effect4.gen(function* () {
             yield* ctx.core.integrations.update(slug, {
               config: nextConfig
             });
             yield* ctx.storage.putOperations(
               rawSlug,
-              storedOperationsFromCompiled(rawSlug, compiled)
+              openApiStoredOperationsFromCompiled(rawSlug, compiled)
             );
           })
         );
         const connections = yield* ctx.connections.list({ integration: slug });
-        yield* Effect3.forEach(
+        yield* Effect4.forEach(
           connections,
           (connection) => ctx.connections.refresh({
             owner: connection.owner,
             integration: connection.integration,
             name: connection.name
-          }).pipe(Effect3.catchTag("ConnectionNotFoundError", () => Effect3.succeed([]))),
+          }).pipe(Effect4.catchTag("ConnectionNotFoundError", () => Effect4.succeed([]))),
           { discard: true }
         ).pipe(
-          Effect3.catchTag("IntegrationNotFoundError", () => Effect3.void),
-          Effect3.withSpan("openapi.plugin.update_spec.refresh_connections", {
+          Effect4.catchTag("IntegrationNotFoundError", () => Effect4.void),
+          Effect4.withSpan("openapi.plugin.update_spec.refresh_connections", {
             attributes: { "openapi.connection_count": connections.length }
           })
         );
@@ -1224,35 +1418,28 @@ var openApiPlugin = definePlugin((options) => {
           removedTools: [...previousNames].filter((name) => !nextNames.has(name)).sort()
         };
       }).pipe(
-        Effect3.withSpan("openapi.plugin.update_spec", {
+        Effect4.withSpan("openapi.plugin.update_spec", {
           attributes: { "openapi.integration.slug": rawSlug }
         })
       );
       return {
-        previewSpec: (input) => Effect3.gen(function* () {
+        previewSpec: (input) => Effect4.gen(function* () {
           const previewInput = typeof input === "string" ? { spec: input } : input;
-          const specText = isGoogleDiscoveryUrl(previewInput.spec) ? yield* fetchGoogleDiscoveryDocument(previewInput.spec).pipe(
-            Effect3.provide(httpClientLayer),
-            Effect3.flatMap(
-              (documentText) => convertGoogleDiscoveryToOpenApi({
-                discoveryUrl: previewInput.spec,
-                documentText
-              })
-            ),
-            Effect3.map((conversion) => conversion.specText)
-          ) : yield* resolveSpecText(previewInput.spec).pipe(Effect3.provide(httpClientLayer));
-          return yield* previewSpec(specText).pipe(Effect3.provide(httpClientLayer));
+          const specText = yield* resolveSpecText(previewInput.spec).pipe(
+            Effect4.provide(httpClientLayer)
+          );
+          return yield* previewSpecText(specText);
         }),
         addSpec,
         updateSpec,
         removeSpec: (slug) => ctx.transaction(
-          Effect3.gen(function* () {
+          Effect4.gen(function* () {
             yield* ctx.storage.removeOperations(slug);
-            yield* ctx.core.integrations.remove(IntegrationSlug.make(slug)).pipe(Effect3.catchTag("IntegrationRemovalNotAllowedError", () => Effect3.void));
+            yield* ctx.core.integrations.remove(IntegrationSlug.make(slug)).pipe(Effect4.catchTag("IntegrationRemovalNotAllowedError", () => Effect4.void));
           })
         ),
         getIntegration: (slug) => ctx.core.integrations.get(IntegrationSlug.make(slug)).pipe(
-          Effect3.map(
+          Effect4.map(
             (record) => record ? {
               slug: record.slug,
               description: record.description,
@@ -1263,12 +1450,12 @@ var openApiPlugin = definePlugin((options) => {
           )
         ),
         getConfig: (slug) => ctx.core.integrations.get(IntegrationSlug.make(slug)).pipe(
-          Effect3.map(
+          Effect4.map(
             (record) => record ? decodeOpenApiIntegrationConfig(record.config) : null
           )
         ),
         configure: (slug, input) => ctx.transaction(
-          Effect3.gen(function* () {
+          Effect4.gen(function* () {
             const record = yield* ctx.core.integrations.get(IntegrationSlug.make(slug));
             if (!record) return [];
             const current = decodeOpenApiIntegrationConfig(record.config);
@@ -1299,17 +1486,17 @@ var openApiPlugin = definePlugin((options) => {
             inputSchema: PreviewSpecInputStandardSchema,
             outputSchema: PreviewSpecOutputStandardSchema,
             execute: (input) => self.previewSpec(input).pipe(
-              Effect3.map((preview) => ToolResult.ok(staticPreviewOutput(preview))),
-              Effect3.catchTags({
-                OpenApiParseError: ({ message }) => Effect3.succeed(openApiToolFailure("openapi_parse_failed", message)),
-                OpenApiExtractionError: ({ message }) => Effect3.succeed(openApiToolFailure("openapi_extraction_failed", message)),
-                OpenApiOAuthError: ({ message }) => Effect3.succeed(openApiToolFailure("openapi_oauth_failed", message))
+              Effect4.map((preview) => ToolResult2.ok(staticPreviewOutput(preview))),
+              Effect4.catchTags({
+                OpenApiParseError: ({ message }) => Effect4.succeed(openApiToolFailure("openapi_parse_failed", message)),
+                OpenApiExtractionError: ({ message }) => Effect4.succeed(openApiToolFailure("openapi_extraction_failed", message)),
+                OpenApiOAuthError: ({ message }) => Effect4.succeed(openApiToolFailure("openapi_oauth_failed", message))
               })
             )
           }),
           tool({
             name: "addSpec",
-            description: "Add an OpenAPI integration to the catalog and persist its operations as tools. Recommended flow: call `previewSpec`, choose a `slug`, then create a connection for that integration with the user's API key or via `oauth.start`. When `baseUrl` is omitted it defaults to the spec's first server; when `authenticationTemplate` is omitted the auth methods are derived from the spec's declared security schemes (pass an explicit template to override how a credential is applied \u2014 apiKey header/query, or oauth bearer \u2014 or an empty array for no auth methods).",
+            description: "Add an OpenAPI integration to the catalog and persist its operations as tools. Recommended flow: call `previewSpec`, choose a `slug`, then create a connection for that integration with the user's API key or via `oauth.start`. When `baseUrl` is omitted it defaults to the spec's first server; when `authenticationTemplate` is omitted the auth methods are derived from the spec's declared security schemes (pass an explicit template to override how a credential is applied - apiKey header/query, or oauth bearer - or an empty array for no auth methods).",
             annotations: {
               requiresApproval: true,
               approvalDescription: "Add an OpenAPI integration"
@@ -1325,17 +1512,17 @@ var openApiPlugin = definePlugin((options) => {
               queryParams: input.queryParams,
               authenticationTemplate: input.authenticationTemplate
             }).pipe(
-              Effect3.map(
-                (result) => ToolResult.ok({
+              Effect4.map(
+                (result) => ToolResult2.ok({
                   slug: String(result.slug),
                   toolCount: result.toolCount
                 })
               ),
-              Effect3.catchTags({
-                OpenApiParseError: ({ message }) => Effect3.succeed(openApiToolFailure("openapi_parse_failed", message)),
-                OpenApiExtractionError: ({ message }) => Effect3.succeed(openApiToolFailure("openapi_extraction_failed", message)),
-                OpenApiOAuthError: ({ message }) => Effect3.succeed(openApiToolFailure("openapi_oauth_failed", message)),
-                IntegrationAlreadyExistsError: ({ slug }) => Effect3.succeed(
+              Effect4.catchTags({
+                OpenApiParseError: ({ message }) => Effect4.succeed(openApiToolFailure("openapi_parse_failed", message)),
+                OpenApiExtractionError: ({ message }) => Effect4.succeed(openApiToolFailure("openapi_extraction_failed", message)),
+                OpenApiOAuthError: ({ message }) => Effect4.succeed(openApiToolFailure("openapi_oauth_failed", message)),
+                IntegrationAlreadyExistsError: ({ slug }) => Effect4.succeed(
                   openApiToolFailure(
                     "integration_already_exists",
                     `Integration ${slug} already exists; update it instead of re-adding.`
@@ -1350,173 +1537,50 @@ var openApiPlugin = definePlugin((options) => {
     describeAuthMethods: describeOpenApiAuthMethods,
     describeIntegrationDisplay: describeOpenApiIntegrationDisplay,
     // Produce one tool per spec operation. Spec-derived, identical for every
-    // connection on the integration — so `getValue` is never called here. The
+    // connection on the integration - so `getValue` is never called here. The
     // operation bindings invokeTool needs are persisted at addSpec time; this
     // hook only shapes the per-connection ToolDefs from the spec blob the
     // catalog config points at.
-    resolveTools: ({
-      config,
-      storage
-    }) => Effect3.gen(function* () {
-      const openApiConfig = decodeOpenApiIntegrationConfig(config);
-      if (!openApiConfig) return { tools: [], definitions: {} };
-      const specText = yield* loadSpecText(storage, openApiConfig);
-      if (specText == null) return { tools: [], definitions: {} };
-      const compiled = yield* compileSpec(specText).pipe(
-        Effect3.catch(() => Effect3.succeed(null))
-      );
-      if (!compiled) return { tools: [], definitions: {} };
-      return {
-        tools: toolDefsFromCompiled(compiled),
-        definitions: compiled.hoistedDefs
-      };
-    }),
-    invokeTool: ({
-      ctx: invokeCtx,
-      toolRow,
-      credential,
-      args
-    }) => Effect3.gen(function* () {
+    resolveTools: ({ config, storage }) => resolveOpenApiBackedTools({ config, storage }),
+    invokeTool: ({ ctx: invokeCtx, toolRow, credential, args }) => {
       const httpClientLayer = options?.httpClientLayer ?? invokeCtx.httpClientLayer;
-      const integration = toolRow.integration;
-      const config = decodeOpenApiIntegrationConfig(credential.config);
-      let binding = (yield* invokeCtx.storage.getOperation(integration, toolRow.name))?.binding;
-      if (!binding && config) {
-        const specText = yield* loadSpecText(invokeCtx.storage, config).pipe(
-          Effect3.catch(() => Effect3.succeed(null))
-        );
-        const compiled = specText == null ? null : yield* compileSpec(specText).pipe(Effect3.catch(() => Effect3.succeed(null)));
-        binding = compiled ? storedOperationsFromCompiled(integration, compiled).find(
-          (op) => op.toolName === toolRow.name
-        )?.binding : void 0;
-      }
-      if (!binding) {
-        return yield* new OpenApiExtractionError({
-          message: `No OpenAPI operation found for tool "${toolRow.name}" on "${integration}"`
-        });
-      }
-      const headers = { ...config?.headers ?? {} };
-      const queryParams = {
-        ...config?.queryParams ?? {}
-      };
-      const template = (config?.authenticationTemplate ?? []).find(
-        (entry) => String(entry.slug) === String(credential.template)
-      );
-      if (template) {
-        const missing = requiredTemplateVariables(template).filter((name) => {
-          const value = credential.values[name];
-          return value == null || value === "";
-        });
-        if (missing.length > 0) {
-          return openApiAuthToolFailure({
-            code: template.kind === "oauth2" ? "oauth_connection_missing" : "connection_value_missing",
-            message: `Connection "${credential.connection}" for "${integration}" has no resolvable credential value. Re-authenticate or update the connection.`,
-            owner: credential.owner,
-            integration,
-            connection: String(credential.connection),
-            credentialKind: template.kind === "oauth2" ? "oauth" : "secret"
-          });
-        }
-        const rendered = renderAuthTemplate(template, credential.values);
-        Object.assign(headers, rendered.headers);
-        Object.assign(queryParams, rendered.queryParams);
-      }
-      const result = yield* invokeWithLayer(
-        binding,
-        args ?? {},
-        config?.baseUrl ?? "",
-        headers,
-        queryParams,
+      return invokeOpenApiBackedTool({
+        ctx: invokeCtx,
+        toolRow,
+        credential,
+        args,
         httpClientLayer
-      );
-      const ok = result.status >= 200 && result.status < 300;
-      if (!ok) {
-        if (result.status === 401 || result.status === 403) {
-          return openApiAuthToolFailure({
-            code: "connection_rejected",
-            status: result.status,
-            message: `Upstream rejected credentials for "${integration}" with HTTP ${result.status}. Re-authenticate or update the connection "${credential.connection}" before retrying this tool.`,
-            owner: credential.owner,
-            integration,
-            connection: String(credential.connection),
-            credentialKind: "upstream",
-            credentialLabel: "Upstream authorization",
-            details: result.error
-          });
-        }
-        return ToolResult.fail({
-          code: "upstream_http_error",
-          status: result.status,
-          message: extractUpstreamMessage(result.error, result.status),
-          details: result.error
-        });
-      }
-      return ToolResult.ok(result.data, {
-        http: { status: result.status, headers: result.headers }
       });
-    }),
-    resolveAnnotations: ({
+    },
+    resolveAnnotations: ({ ctx: annotationsCtx, integration, toolRows }) => resolveOpenApiBackedAnnotations({
       ctx: annotationsCtx,
-      integration,
+      integration: String(integration),
       toolRows
-    }) => Effect3.gen(function* () {
-      const ops = yield* annotationsCtx.storage.listOperations(String(integration));
-      const byName = /* @__PURE__ */ new Map();
-      for (const op of ops) byName.set(op.toolName, op.binding);
-      const out = {};
-      for (const row of toolRows) {
-        const binding = byName.get(row.name);
-        if (binding) {
-          out[row.name] = annotationsForOperation(binding.method, binding.pathTemplate);
-        }
-      }
-      return out;
     }),
-    removeConnection: () => Effect3.void,
+    removeConnection: () => Effect4.void,
     detect: ({
       ctx: detectCtx,
       url
-    }) => Effect3.gen(function* () {
+    }) => Effect4.gen(function* () {
       const httpClientLayer = options?.httpClientLayer ?? detectCtx.httpClientLayer;
       const trimmed = url.trim();
       if (!trimmed) return null;
-      const parsed = yield* Effect3.try({
+      const parsed = yield* Effect4.try({
         try: () => new URL(trimmed),
         catch: (error) => error
-      }).pipe(Effect3.option);
-      if (Option5.isNone(parsed)) return null;
-      if (isGoogleDiscoveryUrl(trimmed)) {
-        const conversion = yield* fetchGoogleDiscoveryDocument(trimmed).pipe(
-          Effect3.provide(httpClientLayer),
-          Effect3.flatMap(
-            (documentText) => convertGoogleDiscoveryToOpenApi({
-              discoveryUrl: trimmed,
-              documentText
-            })
-          ),
-          Effect3.catch(() => Effect3.succeed(null))
-        );
-        if (conversion) {
-          return IntegrationDetectionResult.make({
-            kind: "openapi",
-            confidence: "high",
-            endpoint: trimmed,
-            name: conversion.title,
-            slug: conversion.title.toLowerCase().replace(/[^a-z0-9]+/g, "_").replace(/^_+|_+$/g, "") || `google_${conversion.service}`
-          });
-        }
-      }
+      }).pipe(Effect4.option);
+      if (Option6.isNone(parsed)) return null;
       const specText = yield* resolveSpecText(trimmed).pipe(
-        Effect3.provide(httpClientLayer),
-        Effect3.catch(() => Effect3.succeed(null))
+        Effect4.provide(httpClientLayer),
+        Effect4.catch(() => Effect4.succeed(null))
       );
       if (specText === null) return null;
-      const doc = yield* parse(specText).pipe(Effect3.catch(() => Effect3.succeed(null)));
+      const doc = yield* parse(specText).pipe(Effect4.catch(() => Effect4.succeed(null)));
       if (!doc) return null;
-      const result = yield* extract(doc).pipe(Effect3.catch(() => Effect3.succeed(null)));
+      const result = yield* extract(doc).pipe(Effect4.catch(() => Effect4.succeed(null)));
       if (!result) return null;
-      const slug = Option5.getOrElse(result.title, () => "api").toLowerCase().replace(/[^a-z0-9]+/g, "_");
-      const name = Option5.getOrElse(result.title, () => slug);
+      const slug = Option6.getOrElse(result.title, () => "api").toLowerCase().replace(/[^a-z0-9]+/g, "_");
+      const name = Option6.getOrElse(result.title, () => slug);
       return IntegrationDetectionResult.make({
         kind: "openapi",
         confidence: "high",
@@ -1533,10 +1597,20 @@ export {
   OpenApiIntegrationConfigSchema,
   decodeOpenApiIntegrationConfig,
   renderAuthTemplate,
+  makeDefaultOpenapiStore,
   invoke,
   invokeWithLayer,
   annotationsForOperation,
-  makeDefaultOpenapiStore,
+  extractOpenApiUpstreamMessage,
+  normalizeOpenApiRefs,
+  compileOpenApiDocument,
+  compileOpenApiSpec,
+  openApiToolDefsFromCompiled,
+  openApiStoredOperationsFromCompiled,
+  loadOpenApiSpecText,
+  resolveOpenApiBackedTools,
+  invokeOpenApiBackedTool,
+  resolveOpenApiBackedAnnotations,
   openApiPlugin
 };
-//# sourceMappingURL=chunk-PNOEE3ET.js.map
+//# sourceMappingURL=chunk-3FM2SWM4.js.map