@tangle-network/agent-integrations 0.23.1 → 0.25.0

package/dist/{chunk-P4BB4CU6.js → chunk-VJ57GPYO.js}

@@ -1,7 +1,7 @@
 import {
   integrationSpecToConnector,
   listIntegrationSpecs
-} from "./chunk-L6WBPDUP.js";
+} from "./chunk-4JQ754PA.js";
 
 // src/index.ts
 import { createHmac as createHmac4, randomUUID as randomUUID5, timingSafeEqual as timingSafeEqual3 } from "crypto";
@@ -218,6 +218,699 @@ function dataClassFor(category) {
   return "internal";
 }
 
+// src/catalog-executor.ts
+function createCatalogExecutorProvider(options) {
+  const byConnector = new Map(options.connectors.map((connector) => [connector.id, connector]));
+  return {
+    id: options.id,
+    kind: options.kind,
+    listConnectors: () => options.connectors,
+    startAuth: options.startAuth,
+    completeAuth: options.completeAuth,
+    async invokeAction(connection, request) {
+      const connector = byConnector.get(connection.connectorId);
+      if (!connector) {
+        throw new IntegrationError(`Connector ${connection.connectorId} not found.`, "connector_not_found");
+      }
+      const action = connector.actions.find((candidate) => candidate.id === request.action);
+      if (!action) {
+        throw new IntegrationError(`Action ${request.action} is not defined by connector ${connector.id}.`, "action_not_found");
+      }
+      return options.executeAction({ connection, request, connector, action });
+    },
+    async subscribeTrigger(connection, triggerId, targetUrl) {
+      if (!options.subscribeTrigger) {
+        throw new IntegrationError(`Provider ${options.id} does not support trigger subscriptions.`, "trigger_not_found");
+      }
+      const connector = byConnector.get(connection.connectorId);
+      if (!connector) {
+        throw new IntegrationError(`Connector ${connection.connectorId} not found.`, "connector_not_found");
+      }
+      const trigger2 = connector.triggers?.find((candidate) => candidate.id === triggerId);
+      if (!trigger2) {
+        throw new IntegrationError(`Trigger ${triggerId} is not defined by connector ${connector.id}.`, "trigger_not_found");
+      }
+      return options.subscribeTrigger(connection, trigger2, targetUrl);
+    },
+    unsubscribeTrigger: options.unsubscribeTrigger,
+    normalizeTriggerEvent: options.normalizeTriggerEvent
+  };
+}
+
+// src/activepieces-provider.ts
+function createActivepiecesExecutorProvider(options) {
+  const providerId = options.id ?? "activepieces";
+  const connectors = options.connectors ?? buildActivepiecesConnectors({
+    providerId,
+    includeCatalogActions: true,
+    executable: true
+  });
+  const byEntry = new Map(listActivepiecesCatalogEntries().map((entry) => [entry.id, entry]));
+  return createCatalogExecutorProvider({
+    id: providerId,
+    kind: "activepieces",
+    connectors,
+    startAuth: options.startAuth,
+    completeAuth: options.completeAuth,
+    executeAction: async ({ connection, request, connector, action }) => {
+      const catalogEntry = byEntry.get(connector.id);
+      if (!catalogEntry) {
+        throw new IntegrationError(`Activepieces catalog entry ${connector.id} not found.`, "connector_not_found");
+      }
+      const catalogAction = catalogEntry.actions.find((candidate) => candidate.id === action.id);
+      return options.executeAction({
+        connection,
+        request,
+        connector,
+        catalogEntry,
+        piece: {
+          id: catalogEntry.id,
+          npmPackage: catalogEntry.npmPackage,
+          version: catalogEntry.version,
+          actionId: action.id,
+          upstreamActionName: catalogAction?.upstreamName
+        }
+      });
+    }
+  });
+}
+
+// src/catalog.ts
+var riskRank = {
+  read: 0,
+  write: 1,
+  destructive: 2
+};
+function integrationToolName(providerId, connectorId, actionId) {
+  return `int_${encodeToolPart(providerId)}_${encodeToolPart(connectorId)}_${encodeToolPart(actionId)}`;
+}
+function parseIntegrationToolName(name) {
+  const parts = name.split("_");
+  if (parts.length !== 4 || parts[0] !== "int") {
+    throw new Error(`Invalid integration tool name: ${name}`);
+  }
+  return {
+    providerId: decodeToolPart(parts[1]),
+    connectorId: decodeToolPart(parts[2]),
+    actionId: decodeToolPart(parts[3])
+  };
+}
+function buildIntegrationToolCatalog(connectors) {
+  const tools = [];
+  for (const connector of connectors) {
+    for (const action of connector.actions) {
+      const tags = unique([
+        connector.id,
+        connector.providerId,
+        connector.title,
+        connector.category,
+        action.id,
+        action.title,
+        action.risk,
+        action.dataClass,
+        ...connector.scopes ?? [],
+        ...action.requiredScopes ?? []
+      ].flatMap(tokenize));
+      tools.push({
+        name: integrationToolName(connector.providerId, connector.id, action.id),
+        title: `${connector.title}: ${action.title}`,
+        description: action.description ?? `${action.risk} action ${action.id} on ${connector.title}`,
+        providerId: connector.providerId,
+        connectorId: connector.id,
+        connectorTitle: connector.title,
+        category: connector.category,
+        action,
+        risk: action.risk,
+        dataClass: action.dataClass,
+        requiredScopes: action.requiredScopes,
+        inputSchema: action.inputSchema,
+        outputSchema: action.outputSchema,
+        tags
+      });
+    }
+  }
+  return tools;
+}
+function searchIntegrationTools(catalog, query, filters = {}) {
+  const terms = tokenize(query);
+  const filtered = catalog.filter((tool) => {
+    if (filters.providerId && tool.providerId !== filters.providerId) return false;
+    if (filters.connectorId && tool.connectorId !== filters.connectorId) return false;
+    if (filters.category && tool.category !== filters.category) return false;
+    if (filters.dataClass && tool.dataClass !== filters.dataClass) return false;
+    if (filters.maxRisk && riskRank[tool.risk] > riskRank[filters.maxRisk]) return false;
+    return true;
+  });
+  const scored = filtered.map((tool) => scoreTool(tool, terms));
+  return scored.filter((result) => terms.length === 0 || result.score > 0).sort((a, b) => b.score - a.score || a.tool.name.localeCompare(b.tool.name)).slice(0, filters.limit ?? 20);
+}
+function toMcpTools(tools) {
+  return tools.map((tool) => ({
+    name: tool.name,
+    description: `${tool.title}. ${tool.description}`,
+    inputSchema: tool.inputSchema ?? {
+      type: "object",
+      additionalProperties: true,
+      properties: {}
+    }
+  }));
+}
+function scoreTool(tool, terms) {
+  if (terms.length === 0) return { tool, score: 1, matched: [] };
+  const haystack = new Set(tool.tags);
+  const matched = [];
+  let score = 0;
+  for (const term of terms) {
+    if (haystack.has(term)) {
+      matched.push(term);
+      score += 4;
+      continue;
+    }
+    if (tool.tags.some((tag) => tag.includes(term))) {
+      matched.push(term);
+      score += 1;
+    }
+  }
+  if (tool.risk === "read") score += 0.25;
+  return { tool, score, matched: unique(matched) };
+}
+function tokenize(value) {
+  return value.toLowerCase().split(/[^a-z0-9]+/g).map((part) => part.trim()).filter(Boolean);
+}
+function encodeToolPart(value) {
+  return Buffer.from(value, "utf8").toString("base64url").replace(/_/g, ".");
+}
+function decodeToolPart(value) {
+  return Buffer.from(value.replace(/\./g, "_"), "base64url").toString("utf8");
+}
+function unique(values) {
+  return [...new Set(values)];
+}
+
+// src/catalog-freshness.ts
+var ACTIVEPIECES_PUBLIC_CATALOG_URL = "https://www.activepieces.com/pieces";
+function parseCount(value) {
+  if (!value) return void 0;
+  const parsed = Number.parseInt(value.replace(/,/g, ""), 10);
+  return Number.isFinite(parsed) ? parsed : void 0;
+}
+function extractActivepiecesPublicPieceCount(html) {
+  const showingMatch = html.match(/Showing\s+([0-9,]+)\s+pieces/i);
+  const integrationMatch = html.match(/([0-9,]+)\+?\s+Integrations/i);
+  return parseCount(showingMatch?.[1]) ?? parseCount(integrationMatch?.[1]);
+}
+async function auditIntegrationCatalogFreshness(options = {}) {
+  const minActivepiecesConnectors = options.minActivepiecesConnectors ?? 600;
+  const staleConnectorDelta = options.staleConnectorDelta ?? 25;
+  const activepiecesEntries = listActivepiecesCatalogEntries();
+  const activepiecesConnectors = buildActivepiecesConnectors({
+    includeCatalogActions: true
+  });
+  const executableActivepiecesProvider = createActivepiecesExecutorProvider({
+    executeAction: () => ({ ok: true, action: "audit.noop" })
+  });
+  const executableActivepiecesConnectors = await executableActivepiecesProvider.listConnectors();
+  const executableRegistry = composeIntegrationRegistry([
+    {
+      id: executableActivepiecesProvider.id,
+      connectors: executableActivepiecesConnectors
+    }
+  ]);
+  const executableTools = buildIntegrationToolCatalog(executableRegistry.connectors);
+  const unsupportedExecutableConnectorIds = executableActivepiecesConnectors.filter((connector) => connector.actions.length === 0).map((connector) => connector.id);
+  const registry = buildDefaultIntegrationRegistry({
+    includeSpecs: true,
+    includeActivepieces: true
+  });
+  const warnings = [];
+  if (activepiecesConnectors.length < minActivepiecesConnectors) {
+    warnings.push(
+      `Activepieces catalog has ${activepiecesConnectors.length} connectors, below floor ${minActivepiecesConnectors}.`
+    );
+  }
+  if (unsupportedExecutableConnectorIds.length > 0) {
+    warnings.push(
+      `Activepieces executable provider has ${unsupportedExecutableConnectorIds.length} connectors without actions.`
+    );
+  }
+  if (executableTools.length < activepiecesEntries.length) {
+    warnings.push(
+      `Activepieces executable provider produced only ${executableTools.length} tool definitions for ${activepiecesEntries.length} entries.`
+    );
+  }
+  let upstream;
+  if (options.liveActivepieces) {
+    upstream = await checkActivepiecesPublicCatalog({
+      localConnectorCount: activepiecesConnectors.length,
+      staleConnectorDelta,
+      fetchImpl: options.fetchImpl,
+      warnings
+    });
+  }
+  return {
+    ok: warnings.length === 0,
+    generatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    local: {
+      activepiecesEntries: activepiecesEntries.length,
+      activepiecesConnectors: activepiecesConnectors.length,
+      activepiecesActions: activepiecesConnectors.reduce(
+        (sum, connector) => sum + connector.actions.length,
+        0
+      ),
+      activepiecesTriggers: activepiecesConnectors.reduce(
+        (sum, connector) => sum + (connector.triggers?.length ?? 0),
+        0
+      ),
+      executableActivepiecesConnectors: executableActivepiecesConnectors.length,
+      executableActivepiecesActions: executableActivepiecesConnectors.reduce(
+        (sum, connector) => sum + connector.actions.length,
+        0
+      ),
+      executableActivepiecesTriggers: executableActivepiecesConnectors.reduce(
+        (sum, connector) => sum + (connector.triggers?.length ?? 0),
+        0
+      ),
+      executableToolDefinitions: executableTools.length,
+      unsupportedExecutableConnectorIds,
+      registryEntries: registry.entries.length,
+      registrySummary: summarizeIntegrationRegistry(registry),
+      conflictSamples: registry.entries.flatMap((entry) => entry.conflicts).slice(0, 10)
+    },
+    upstream,
+    warnings
+  };
+}
+async function checkActivepiecesPublicCatalog(input) {
+  try {
+    const res = await (input.fetchImpl ?? fetch)(ACTIVEPIECES_PUBLIC_CATALOG_URL, {
+      headers: { accept: "text/html" },
+      signal: AbortSignal.timeout(15e3)
+    });
+    if (!res.ok) {
+      const warning = `Activepieces freshness request failed with HTTP ${res.status}.`;
+      input.warnings.push(warning);
+      return {
+        checkedUrl: ACTIVEPIECES_PUBLIC_CATALOG_URL,
+        warning
+      };
+    }
+    const activepiecesPieces = extractActivepiecesPublicPieceCount(await res.text());
+    const activepiecesDelta = activepiecesPieces === void 0 ? void 0 : activepiecesPieces - input.localConnectorCount;
+    if (activepiecesDelta !== void 0 && activepiecesDelta > input.staleConnectorDelta) {
+      input.warnings.push(
+        `Activepieces upstream appears ${activepiecesDelta} connectors ahead of the vendored package catalog.`
+      );
+    }
+    return {
+      activepiecesPieces,
+      activepiecesDelta,
+      checkedUrl: ACTIVEPIECES_PUBLIC_CATALOG_URL,
+      warning: activepiecesPieces === void 0 ? "Could not parse upstream piece count." : void 0
+    };
+  } catch (error) {
+    const warning = error instanceof Error ? error.message : "Activepieces freshness request failed.";
+    input.warnings.push(warning);
+    return {
+      checkedUrl: ACTIVEPIECES_PUBLIC_CATALOG_URL,
+      warning
+    };
+  }
+}
+
+// src/activepieces-runtime.ts
+import { createHmac, randomUUID, timingSafeEqual } from "crypto";
+var ACTIVEPIECES_RUNTIME_SIGNATURE_HEADER = "x-tangle-activepieces-signature";
+var TANGLE_CATALOG_RUNTIME_SIGNATURE_HEADER = "x-tangle-catalog-signature";
+function createActivepiecesHttpExecutor(options) {
+  const endpoint = options.endpoint.replace(/\/$/, "");
+  const path = options.path ?? "/v1/activepieces/actions/invoke";
+  const normalizedPath = path.startsWith("/") ? path : `/${path}`;
+  const signatureHeader = options.signatureHeader ?? ACTIVEPIECES_RUNTIME_SIGNATURE_HEADER;
+  const fetchImpl = options.fetchImpl ?? fetch;
+  const requestId = options.requestId ?? (() => `apexec_${randomUUID()}`);
+  return async (invocation) => {
+    const body = buildActivepiecesRuntimeRequest(invocation, requestId());
+    const serialized = JSON.stringify(body);
+    const response = await fetchImpl(`${endpoint}${normalizedPath}`, {
+      method: "POST",
+      headers: {
+        "content-type": "application/json",
+        ...options.headers,
+        ...options.secret ? { [signatureHeader]: signActivepiecesRuntimeRequest(serialized, options.secret) } : {}
+      },
+      body: serialized,
+      signal: AbortSignal.timeout(options.timeoutMs ?? 3e4)
+    });
+    const parsed = await response.json().catch(() => void 0);
+    if (!response.ok) {
+      return parsed ?? {
+        ok: false,
+        action: invocation.request.action,
+        output: { message: `Activepieces runtime returned HTTP ${response.status}.` }
+      };
+    }
+    return parsed ?? {
+      ok: false,
+      action: invocation.request.action,
+      output: { message: "Activepieces runtime returned an empty response." }
+    };
+  };
+}
+function buildActivepiecesRuntimeRequest(invocation, requestId = `apexec_${randomUUID()}`) {
+  return {
+    version: 1,
+    requestId,
+    providerId: invocation.connection.providerId,
+    connection: invocation.connection,
+    connector: {
+      id: invocation.connector.id,
+      title: invocation.connector.title,
+      auth: invocation.connector.auth,
+      scopes: invocation.connector.scopes,
+      metadata: invocation.connector.metadata
+    },
+    piece: invocation.piece,
+    action: {
+      id: invocation.request.action,
+      input: invocation.request.input,
+      idempotencyKey: invocation.request.idempotencyKey,
+      dryRun: invocation.request.dryRun,
+      metadata: invocation.request.metadata
+    }
+  };
+}
+function signActivepiecesRuntimeRequest(serializedBody, secret) {
+  return `sha256=${createHmac("sha256", secret).update(serializedBody).digest("hex")}`;
+}
+function verifyActivepiecesRuntimeSignature(serializedBody, signature, secret) {
+  if (!signature) return false;
+  const expected = signActivepiecesRuntimeRequest(serializedBody, secret);
+  const left = Buffer.from(signature);
+  const right = Buffer.from(expected);
+  return left.length === right.length && timingSafeEqual(left, right);
+}
+function createTangleCatalogHttpExecutor(options) {
+  const endpoint = options.endpoint.replace(/\/$/, "");
+  const path = options.path ?? "/v1/integration-catalog/actions/invoke";
+  const normalizedPath = path.startsWith("/") ? path : `/${path}`;
+  const signatureHeader = options.signatureHeader ?? TANGLE_CATALOG_RUNTIME_SIGNATURE_HEADER;
+  const fetchImpl = options.fetchImpl ?? fetch;
+  const requestId = options.requestId ?? (() => `tcat_${randomUUID()}`);
+  return async (invocation) => {
+    const body = buildTangleCatalogRuntimeRequest(invocation, requestId());
+    const serialized = JSON.stringify(body);
+    const response = await fetchImpl(`${endpoint}${normalizedPath}`, {
+      method: "POST",
+      headers: {
+        "content-type": "application/json",
+        ...options.headers,
+        ...options.secret ? { [signatureHeader]: signTangleCatalogRuntimeRequest(serialized, options.secret) } : {}
+      },
+      body: serialized,
+      signal: AbortSignal.timeout(options.timeoutMs ?? 3e4)
+    });
+    const parsed = await response.json().catch(() => void 0);
+    if (!response.ok) {
+      return parsed ?? {
+        ok: false,
+        action: invocation.request.action,
+        output: { message: `Tangle catalog runtime returned HTTP ${response.status}.` }
+      };
+    }
+    return parsed ?? {
+      ok: false,
+      action: invocation.request.action,
+      output: { message: "Tangle catalog runtime returned an empty response." }
+    };
+  };
+}
+function buildTangleCatalogRuntimeRequest(invocation, requestId = `tcat_${randomUUID()}`) {
+  return {
+    version: 1,
+    requestId,
+    providerId: invocation.connection.providerId,
+    connection: invocation.connection,
+    connector: {
+      id: invocation.connector.id,
+      title: invocation.connector.title,
+      auth: invocation.connector.auth,
+      scopes: invocation.connector.scopes,
+      metadata: invocation.connector.metadata
+    },
+    piece: invocation.piece,
+    action: {
+      id: invocation.request.action,
+      input: invocation.request.input,
+      idempotencyKey: invocation.request.idempotencyKey,
+      dryRun: invocation.request.dryRun,
+      metadata: invocation.request.metadata
+    }
+  };
+}
+var signTangleCatalogRuntimeRequest = signActivepiecesRuntimeRequest;
+var verifyTangleCatalogRuntimeSignature = verifyActivepiecesRuntimeSignature;
+
+// src/tangle-catalog.ts
+var TANGLE_INTEGRATIONS_CATALOG_PROVIDER_ID = "tangle-catalog";
+var TANGLE_INTEGRATIONS_CATALOG_SOURCE = "tangle-integrations-catalog";
+var NATIVE_ADAPTER_IDS = /* @__PURE__ */ new Set([
+  "google-calendar",
+  "google-sheets",
+  "microsoft-calendar",
+  "hubspot",
+  "slack",
+  "notion-database",
+  "twilio-sms",
+  "stripe-pack",
+  "webhook",
+  "stripe",
+  "slack-inbound",
+  "github",
+  "gitlab",
+  "airtable",
+  "asana",
+  "salesforce"
+]);
+function listTangleIntegrationCatalogEntries() {
+  return listActivepiecesCatalogEntries().map((entry) => sanitizeEntry(entry));
+}
+function listTangleIntegrationContracts() {
+  return listActivepiecesCatalogEntries().map((entry) => {
+    const nativeAdapter = NATIVE_ADAPTER_IDS.has(entry.id);
+    return {
+      id: entry.id,
+      title: entry.title,
+      description: entry.description,
+      category: entry.category,
+      auth: entry.auth,
+      authFields: entry.authFields ?? [],
+      actions: entry.actions.map((action) => ({
+        id: action.id,
+        title: action.title,
+        risk: action.risk,
+        upstreamName: action.upstreamName ?? action.id
+      })),
+      triggers: entry.triggers.map((trigger2) => ({
+        id: trigger2.id,
+        title: trigger2.title,
+        upstreamName: trigger2.upstreamName ?? trigger2.id
+      })),
+      implementation: {
+        kind: nativeAdapter ? "native_adapter" : "package_runtime",
+        runtimePackage: entry.npmPackage,
+        version: entry.version
+      },
+      status: nativeAdapter ? "native_backed" : entry.npmPackage ? "runtime_backed" : "contract_ready",
+      quality: {
+        tangleContract: true,
+        authFieldsMapped: entry.auth === "none" || Boolean(entry.authFields?.length),
+        actionNamesMapped: entry.actions.every((action) => Boolean(action.upstreamName)),
+        triggerNamesMapped: entry.triggers.every((trigger2) => Boolean(trigger2.upstreamName)),
+        runtimePackageMapped: Boolean(entry.npmPackage),
+        nativeAdapter
+      }
+    };
+  });
+}
+function listTangleIntegrationCatalogRuntimePackages() {
+  return listActivepiecesCatalogEntries().filter((entry) => Boolean(entry.npmPackage)).map((entry) => ({
+    connectorId: entry.id,
+    packageName: entry.npmPackage,
+    version: entry.version
+  }));
+}
+function buildTangleCatalogRuntimePackageManifest(options = {}) {
+  const dependencies = {};
+  if (options.includeAgentIntegrationsPackage ?? true) {
+    dependencies["@tangle-network/agent-integrations"] = options.agentIntegrationsVersion ?? "latest";
+  }
+  for (const pkg of listTangleIntegrationCatalogRuntimePackages()) {
+    dependencies[pkg.packageName] = pkg.version ?? "latest";
+  }
+  Object.assign(dependencies, options.additionalDependencies);
+  return {
+    name: options.name ?? "@tangle-network/agent-integrations-runtime-bundle",
+    private: true,
+    type: "module",
+    dependencies: Object.fromEntries(Object.entries(dependencies).sort(([a], [b]) => a.localeCompare(b))),
+    tangle: {
+      integrationContracts: listTangleIntegrationContracts().length,
+      packageRuntimeBackends: listTangleIntegrationContracts().filter((contract) => contract.implementation.kind === "package_runtime").length,
+      generatedFrom: TANGLE_INTEGRATIONS_CATALOG_SOURCE
+    }
+  };
+}
+function renderTangleCatalogRuntimePnpmAddCommand(options = {}) {
+  const manifest = buildTangleCatalogRuntimePackageManifest({
+    includeAgentIntegrationsPackage: options.includeAgentIntegrationsPackage,
+    agentIntegrationsVersion: options.agentIntegrationsVersion
+  });
+  return [
+    "pnpm",
+    "add",
+    ...Object.entries(manifest.dependencies).map(([name, version]) => `${name}@${version}`)
+  ].join(" ");
+}
+function buildTangleIntegrationCatalogConnectors(options = {}) {
+  const providerId = options.providerId ?? TANGLE_INTEGRATIONS_CATALOG_PROVIDER_ID;
+  return buildActivepiecesConnectors({
+    ...options,
+    providerId
+  }).map((connector) => sanitizeConnector(connector, providerId));
+}
+function createTangleCatalogExecutorProvider(options) {
+  const providerId = options.id ?? TANGLE_INTEGRATIONS_CATALOG_PROVIDER_ID;
+  const connectors = options.connectors ?? buildTangleIntegrationCatalogConnectors({
+    providerId,
+    includeCatalogActions: true,
+    executable: true
+  });
+  const byEntry = new Map(listActivepiecesCatalogEntries().map((entry) => [entry.id, entry]));
+  return createCatalogExecutorProvider({
+    id: providerId,
+    kind: "tangle_catalog",
+    connectors,
+    startAuth: options.startAuth,
+    completeAuth: options.completeAuth,
+    executeAction: async ({ connection, request, connector, action }) => {
+      const importedEntry = byEntry.get(connector.id);
+      if (!importedEntry) {
+        throw new IntegrationError(`Tangle catalog entry ${connector.id} not found.`, "connector_not_found");
+      }
+      const catalogAction = importedEntry.actions.find((candidate) => candidate.id === action.id);
+      return options.executeAction({
+        connection,
+        request,
+        connector,
+        catalogEntry: sanitizeEntry(importedEntry),
+        piece: {
+          id: importedEntry.id,
+          packageName: importedEntry.npmPackage,
+          version: importedEntry.version,
+          actionId: action.id,
+          upstreamActionName: catalogAction?.upstreamName
+        }
+      });
+    },
+    subscribeTrigger: options.subscribeTrigger ? async (connection, trigger2, targetUrl) => {
+      const connector = connectors.find((candidate) => candidate.id === connection.connectorId);
+      const importedEntry = byEntry.get(connection.connectorId);
+      if (!connector || !importedEntry) {
+        throw new IntegrationError(`Tangle catalog entry ${connection.connectorId} not found.`, "connector_not_found");
+      }
+      const catalogTrigger = importedEntry.triggers.find((candidate) => candidate.id === trigger2.id);
+      return options.subscribeTrigger({
+        connection,
+        connector,
+        catalogEntry: sanitizeEntry(importedEntry),
+        trigger: trigger2,
+        targetUrl,
+        piece: {
+          id: importedEntry.id,
+          packageName: importedEntry.npmPackage,
+          version: importedEntry.version,
+          triggerId: trigger2.id,
+          upstreamTriggerName: catalogTrigger?.upstreamName
+        }
+      });
+    } : void 0,
+    unsubscribeTrigger: options.unsubscribeTrigger,
+    normalizeTriggerEvent: options.normalizeTriggerEvent
+  });
+}
+var extractExternalCatalogPublicCount = extractActivepiecesPublicPieceCount;
+async function auditTangleIntegrationCatalogFreshness(options = {}) {
+  const result = await auditIntegrationCatalogFreshness(options);
+  return {
+    ok: result.ok,
+    generatedAt: result.generatedAt,
+    local: {
+      catalogEntries: result.local.activepiecesEntries,
+      catalogConnectors: result.local.activepiecesConnectors,
+      catalogActions: result.local.activepiecesActions,
+      catalogTriggers: result.local.activepiecesTriggers,
+      executableCatalogConnectors: result.local.executableActivepiecesConnectors,
+      executableCatalogActions: result.local.executableActivepiecesActions,
+      executableCatalogTriggers: result.local.executableActivepiecesTriggers,
+      executableToolDefinitions: result.local.executableToolDefinitions,
+      unsupportedExecutableConnectorIds: result.local.unsupportedExecutableConnectorIds,
+      registryEntries: result.local.registryEntries,
+      registrySummary: result.local.registrySummary,
+      conflictSamples: result.local.conflictSamples
+    },
+    upstream: result.upstream ? {
+      externalEntries: result.upstream.activepiecesPieces,
+      externalDelta: result.upstream.activepiecesDelta,
+      checkedUrl: result.upstream.checkedUrl,
+      warning: result.upstream.warning
+    } : void 0,
+    warnings: result.warnings.map((warning) => warning.replaceAll("Activepieces", "Tangle Integrations Catalog"))
+  };
+}
+function sanitizeEntry(entry) {
+  return {
+    id: entry.id,
+    title: entry.title,
+    description: entry.description,
+    category: entry.category,
+    auth: entry.auth,
+    authFields: entry.authFields,
+    domains: entry.domains.filter((domain) => !domain.toLowerCase().includes("activepieces")),
+    actions: entry.actions.map((action) => ({
+      id: action.id,
+      title: action.title,
+      risk: action.risk,
+      upstreamName: action.upstreamName
+    })),
+    triggers: entry.triggers.map((trigger2) => ({
+      id: trigger2.id,
+      title: trigger2.title,
+      upstreamName: trigger2.upstreamName
+    }))
+  };
+}
+function sanitizeConnector(connector, providerId) {
+  const metadata = connector.metadata ?? {};
+  return {
+    ...connector,
+    providerId,
+    metadata: {
+      source: TANGLE_INTEGRATIONS_CATALOG_SOURCE,
+      providerId,
+      executable: metadata.executable,
+      runtime: "tangle-catalog-runtime",
+      catalogOnly: metadata.catalogOnly,
+      supportTier: metadata.supportTier,
+      catalogActionCount: metadata.catalogActionCount,
+      catalogTriggerCount: metadata.catalogTriggerCount,
+      license: metadata.license,
+      version: metadata.version,
+      domains: Array.isArray(metadata.domains) ? metadata.domains.filter((domain) => typeof domain === "string" && !domain.toLowerCase().includes("activepieces")) : void 0,
+      ...metadata.overridden ? { overridden: true } : {}
+    }
+  };
+}
+
 // src/registry.ts
 var DEFAULT_ALIASES = {
   notion: "notion-database",
@@ -256,26 +949,31 @@ function buildDefaultIntegrationRegistry(options = {}) {
     });
   }
   if (includeTangleCatalog) {
+    const tangleConnectors = options.tangleCatalogRuntimeExecutable ? buildTangleIntegrationCatalogConnectors({
+      providerId: "tangle-catalog",
+      includeCatalogActions: true,
+      executable: true
+    }) : buildActivepiecesConnectors({ providerId: "tangle-catalog" }).map((connector) => ({
+      ...connector,
+      providerId: "tangle-catalog",
+      metadata: {
+        source: "tangle-integrations-catalog",
+        providerId: "tangle-catalog",
+        executable: connector.metadata?.executable,
+        runtime: "tangle-catalog-runtime",
+        catalogOnly: connector.metadata?.catalogOnly,
+        supportTier: connector.metadata?.supportTier,
+        catalogActionCount: connector.metadata?.catalogActionCount,
+        catalogTriggerCount: connector.metadata?.catalogTriggerCount,
+        license: connector.metadata?.license,
+        version: connector.metadata?.version,
+        domains: Array.isArray(connector.metadata?.domains) ? connector.metadata.domains.filter((domain) => typeof domain === "string" && !domain.toLowerCase().includes("activepieces")) : void 0,
+        ...connector.metadata?.overridden ? { overridden: true } : {}
+      }
+    }));
     sources.push({
       id: "tangle-catalog",
-      connectors: buildActivepiecesConnectors({ providerId: "tangle-catalog" }).map((connector) => ({
-        ...connector,
-        providerId: "tangle-catalog",
-        metadata: {
-          source: "tangle-integrations-catalog",
-          providerId: "tangle-catalog",
-          executable: connector.metadata?.executable,
-          runtime: "tangle-catalog-runtime",
-          catalogOnly: connector.metadata?.catalogOnly,
-          supportTier: connector.metadata?.supportTier,
-          catalogActionCount: connector.metadata?.catalogActionCount,
-          catalogTriggerCount: connector.metadata?.catalogTriggerCount,
-          license: connector.metadata?.license,
-          version: connector.metadata?.version,
-          domains: Array.isArray(connector.metadata?.domains) ? connector.metadata.domains.filter((domain) => typeof domain === "string" && !domain.toLowerCase().includes("activepieces")) : void 0,
-          ...connector.metadata?.overridden ? { overridden: true } : {}
-        }
-      }))
+      connectors: tangleConnectors
     });
   }
   return composeIntegrationRegistry(sources);
@@ -352,12 +1050,12 @@ function registryEntry(canonicalId, candidates, precedence, aliases) {
   const primary = ordered[0];
   const actions = mergeActions(ordered);
   const triggers = mergeTriggers(ordered);
-  const scopes = unique(toolBindableCandidates(ordered).flatMap((candidate) => candidate.connector.scopes ?? []));
+  const scopes = unique2(toolBindableCandidates(ordered).flatMap((candidate) => candidate.connector.scopes ?? []));
   const supportTier = ordered.reduce(
     (best, candidate) => SUPPORT_RANK[candidate.supportTier] > SUPPORT_RANK[best] ? candidate.supportTier : best,
     primary.supportTier
   );
-  const aliasesForEntry = unique([
+  const aliasesForEntry = unique2([
     ...ordered.map((candidate) => candidate.connector.id),
     ...Object.entries(aliases).filter(([, target]) => canonicalConnectorId(target, aliases) === canonicalId).map(([alias]) => alias)
   ].map(slug).filter((id) => id && id !== canonicalId)).sort();
@@ -453,12 +1151,12 @@ function isSupportTier(value) {
 function slug(value) {
   return value.trim().toLowerCase().replace(/&/g, "and").replace(/[^a-z0-9]+/g, "-").replace(/^-+|-+$/g, "");
 }
-function unique(values) {
+function unique2(values) {
   return [...new Set(values)];
 }
 
 // src/audit.ts
-import { randomUUID } from "crypto";
+import { randomUUID as randomUUID2 } from "crypto";
 var InMemoryIntegrationAuditStore = class {
   events = [];
   record(event) {
@@ -472,7 +1170,7 @@ function createIntegrationAuditEvent(input) {
   const occurredAt = input.occurredAt instanceof Date ? input.occurredAt.toISOString() : input.occurredAt ?? (input.now?.() ?? /* @__PURE__ */ new Date()).toISOString();
   return {
     ...input,
-    id: input.id ?? `audit_${randomUUID()}`,
+    id: input.id ?? `audit_${randomUUID2()}`,
     occurredAt,
     metadata: input.metadata ? redactUnknown(input.metadata) : void 0
   };
@@ -1015,7 +1713,7 @@ function statusForCode(code) {
   if (code === "approval_denied") return 403;
   if (code === "connection_revoked" || code === "connection_expired" || code === "provider_auth_failed") return 401;
   if (code === "scope_missing" || code === "action_denied" || code === "passthrough_disabled") return 403;
-  if (code === "action_not_found" || code === "manifest_invalid" || code === "input_invalid") return 400;
+  if (code === "action_not_found" || code === "trigger_not_found" || code === "manifest_invalid" || code === "input_invalid") return 400;
   if (code === "provider_rate_limited") return 429;
   if (code === "provider_unavailable") return 503;
   if (code === "capability_expired" || code === "capability_invalid") return 401;
@@ -1121,7 +1819,7 @@ function renderConsentSummary(manifestOrResolution, options = {}) {
   const appName = options.appName ?? manifest.title ?? manifest.id;
   const requirements = manifest.requirements;
   const risk = aggregateRisk(requirements, options.connectors);
-  const connectorIds = unique2(requirements.map((requirement) => requirement.connectorId));
+  const connectorIds = unique3(requirements.map((requirement) => requirement.connectorId));
   const first = requirements[0];
   const body = first ? sentenceForRequirement(appName, first) : `${appName} does not request integrations.`;
   return {
@@ -1184,7 +1882,7 @@ function humanList(values) {
 function titleize(value) {
   return value.split(/[-_.]/g).filter(Boolean).map((part) => part[0].toUpperCase() + part.slice(1)).join(" ");
 }
-function unique2(values) {
+function unique3(values) {
   return [...new Set(values)];
 }
 
@@ -1808,8 +2506,8 @@ function inferIntegrationManifestFromTools(options) {
     if (existing) {
       byConnector.set(id, {
         ...existing,
-        requiredActions: unique3([...existing.requiredActions ?? [], action]),
-        requiredScopes: unique3([...existing.requiredScopes ?? [], ...typeof item === "string" ? [] : item.scopes ?? []])
+        requiredActions: unique4([...existing.requiredActions ?? [], action]),
+        requiredScopes: unique4([...existing.requiredScopes ?? [], ...typeof item === "string" ? [] : item.scopes ?? []])
       });
     } else {
       byConnector.set(id, {
@@ -1863,7 +2561,7 @@ function defaultReason(connectorId, mode) {
   if (connectorId === "google-calendar" && mode === "write") return "Create or update calendar events after user approval.";
   return `${mode === "read" ? "Read from" : mode === "write" ? "Write to" : "Subscribe to"} ${connectorId} for this app.`;
 }
-function unique3(values) {
+function unique4(values) {
   return [...new Set(values)];
 }
 
@@ -1898,7 +2596,7 @@ function validateProviderPassthroughRequest(input, policy) {
 }
 
 // src/policy.ts
-import { randomUUID as randomUUID2 } from "crypto";
+import { randomUUID as randomUUID3 } from "crypto";
 var StaticIntegrationPolicyEngine = class {
   rules;
   defaultReadEffect;
@@ -1941,7 +2639,7 @@ function buildApprovalRequest(ctx, reason, requestedAt) {
     throw new Error("Cannot build approval request without an action descriptor.");
   }
   return {
-    id: `approval_${randomUUID2()}`,
+    id: `approval_${randomUUID3()}`,
     connectionId: ctx.connection.id,
     providerId: ctx.connection.providerId,
     connectorId: ctx.connection.connectorId,
@@ -1966,11 +2664,11 @@ function ruleMatches(rule, ctx) {
   if (rule.connectorId && rule.connectorId !== ctx.connection.connectorId) return false;
   if (rule.action && rule.action !== ctx.request.action) return false;
   if (rule.risk && rule.risk !== ctx.action.risk) return false;
-  if (rule.maxRisk && riskRank(ctx.action.risk) > riskRank(rule.maxRisk)) return false;
+  if (rule.maxRisk && riskRank2(ctx.action.risk) > riskRank2(rule.maxRisk)) return false;
   if (rule.dataClass && rule.dataClass !== ctx.action.dataClass) return false;
   return true;
 }
-function riskRank(risk) {
+function riskRank2(risk) {
   if (risk === "read") return 0;
   if (risk === "write") return 1;
   return 2;
@@ -2196,7 +2894,7 @@ function _resetPendingFlowsForTests() {
 }
 
 // src/connectors/webhooks.ts
-import { createHmac, timingSafeEqual } from "crypto";
+import { createHmac as createHmac2, timingSafeEqual as timingSafeEqual2 } from "crypto";
 var DEFAULT_SIGNATURE_TOLERANCE_SECONDS = 5 * 60;
 function parseStripeSignatureHeader(header) {
   const acc = { sigs: [] };
@@ -2221,12 +2919,12 @@ function verifyStripeSignature(rawBody, signatureHeader, secret, options = {}) {
   const tolerance = options.toleranceSeconds ?? DEFAULT_SIGNATURE_TOLERANCE_SECONDS;
   const now = options.now ?? Math.floor(Date.now() / 1e3);
   if (Math.abs(now - parsed.t) > tolerance) return false;
-  const expected = createHmac("sha256", secret).update(`${parsed.t}.${rawBody}`).digest("hex");
+  const expected = createHmac2("sha256", secret).update(`${parsed.t}.${rawBody}`).digest("hex");
   const expectedBuf = Buffer.from(expected, "utf8");
   for (const sig of parsed.sigs) {
     const sigBuf = Buffer.from(sig, "utf8");
     if (sigBuf.length !== expectedBuf.length) continue;
-    if (timingSafeEqual(sigBuf, expectedBuf)) return true;
+    if (timingSafeEqual2(sigBuf, expectedBuf)) return true;
   }
   return false;
 }
@@ -2237,11 +2935,11 @@ function verifySlackSignature(rawBody, signatureHeader, timestampHeader, secret,
   const tolerance = options.toleranceSeconds ?? DEFAULT_SIGNATURE_TOLERANCE_SECONDS;
   const now = options.now ?? Math.floor(Date.now() / 1e3);
   if (Math.abs(now - ts) > tolerance) return false;
-  const expected = "v0=" + createHmac("sha256", secret).update(`v0:${ts}:${rawBody}`).digest("hex");
+  const expected = "v0=" + createHmac2("sha256", secret).update(`v0:${ts}:${rawBody}`).digest("hex");
   const expectedBuf = Buffer.from(expected, "utf8");
   const sigBuf = Buffer.from(signatureHeader, "utf8");
   if (sigBuf.length !== expectedBuf.length) return false;
-  return timingSafeEqual(sigBuf, expectedBuf);
+  return timingSafeEqual2(sigBuf, expectedBuf);
 }
 function verifyHmacSignature(rawBody, signatureHeader, secret, options = {}) {
   const algorithm = options.algorithm ?? "sha256";
@@ -2253,11 +2951,11 @@ function verifyHmacSignature(rawBody, signatureHeader, secret, options = {}) {
     candidate = candidate.slice(prefix.length);
   }
   if (lower) candidate = candidate.toLowerCase();
-  const expected = createHmac(algorithm, secret).update(rawBody).digest("hex");
+  const expected = createHmac2(algorithm, secret).update(rawBody).digest("hex");
   const expectedBuf = Buffer.from(expected, "utf8");
   const sigBuf = Buffer.from(candidate, "utf8");
   if (sigBuf.length !== expectedBuf.length) return false;
-  return timingSafeEqual(sigBuf, expectedBuf);
+  return timingSafeEqual2(sigBuf, expectedBuf);
 }
 function verifyTwilioSignature(input, options = {}) {
   if (!input.authToken) {
@@ -2267,11 +2965,11 @@ function verifyTwilioSignature(input, options = {}) {
   if (!signature || Array.isArray(signature)) return false;
   if (!input.fullUrl) return false;
   const data = options.bodyAsRaw === true ? input.fullUrl + (options.rawBody ?? "") : Object.keys(input.params ?? {}).sort().reduce((acc, key) => acc + key + (input.params[key] ?? ""), input.fullUrl);
-  const expected = createHmac("sha1", input.authToken).update(data).digest("base64");
+  const expected = createHmac2("sha1", input.authToken).update(data).digest("base64");
   const expectedBuf = Buffer.from(expected);
   const sigBuf = Buffer.from(signature);
   if (expectedBuf.length !== sigBuf.length) return false;
-  return timingSafeEqual(expectedBuf, sigBuf);
+  return timingSafeEqual2(expectedBuf, sigBuf);
 }
 function firstHeader(headers, name) {
   const v = headers[name] ?? headers[name.toLowerCase()] ?? Object.entries(headers).find(([key]) => key.toLowerCase() === name.toLowerCase())?.[1];
@@ -4633,7 +5331,7 @@ function readApiKey(creds) {
 }
 
 // src/connectors/adapters/webhook.ts
-import { createHmac as createHmac2 } from "crypto";
+import { createHmac as createHmac3 } from "crypto";
 var webhookConnector = {
   manifest: {
     kind: "webhook",
@@ -4747,7 +5445,7 @@ function signHeaders(creds, body, idempotencyKey) {
     "x-phony-idempotency-key": idempotencyKey
   };
   if (creds.kind === "hmac" && typeof creds.secret === "string" && creds.secret.length > 0) {
-    const sig = createHmac2("sha256", creds.secret).update(`${ts}.${body}`).digest("hex");
+    const sig = createHmac3("sha256", creds.secret).update(`${ts}.${body}`).digest("hex");
     headers["x-phony-signature"] = `sha256=${sig}`;
   }
   return headers;
@@ -5180,188 +5878,37 @@ var salesforceConnector = declarativeRestConnector({
         properties: { objectName: { type: "string" }, recordId: { type: "string" } },
         required: ["objectName", "recordId"]
       },
-      request: { method: "GET", path: "/services/data/v61.0/sobjects/{objectName}/{recordId}" },
-      requiredScopes: ["api"]
-    },
-    {
-      name: "records.create",
-      class: "mutation",
-      description: "Create a Salesforce sObject record.",
-      parameters: {
-        type: "object",
-        properties: { objectName: { type: "string" }, fields: { type: "object" } },
-        required: ["objectName", "fields"]
-      },
-      request: { method: "POST", path: "/services/data/v61.0/sobjects/{objectName}", body: "{fields}" },
-      cas: "native-idempotency",
-      requiredScopes: ["api"]
-    },
-    {
-      name: "records.update",
-      class: "mutation",
-      description: "Update a Salesforce sObject record.",
-      parameters: {
-        type: "object",
-        properties: { objectName: { type: "string" }, recordId: { type: "string" }, fields: { type: "object" } },
-        required: ["objectName", "recordId", "fields"]
-      },
-      request: { method: "PATCH", path: "/services/data/v61.0/sobjects/{objectName}/{recordId}", body: "{fields}" },
-      cas: "etag-if-match",
-      requiredScopes: ["api"]
-    }
-  ]
-});
-
-// src/catalog.ts
-var riskRank2 = {
-  read: 0,
-  write: 1,
-  destructive: 2
-};
-function integrationToolName(providerId, connectorId, actionId) {
-  return `int_${encodeToolPart(providerId)}_${encodeToolPart(connectorId)}_${encodeToolPart(actionId)}`;
-}
-function parseIntegrationToolName(name) {
-  const parts = name.split("_");
-  if (parts.length !== 4 || parts[0] !== "int") {
-    throw new Error(`Invalid integration tool name: ${name}`);
-  }
-  return {
-    providerId: decodeToolPart(parts[1]),
-    connectorId: decodeToolPart(parts[2]),
-    actionId: decodeToolPart(parts[3])
-  };
-}
-function buildIntegrationToolCatalog(connectors) {
-  const tools = [];
-  for (const connector of connectors) {
-    for (const action of connector.actions) {
-      const tags = unique4([
-        connector.id,
-        connector.providerId,
-        connector.title,
-        connector.category,
-        action.id,
-        action.title,
-        action.risk,
-        action.dataClass,
-        ...connector.scopes ?? [],
-        ...action.requiredScopes ?? []
-      ].flatMap(tokenize));
-      tools.push({
-        name: integrationToolName(connector.providerId, connector.id, action.id),
-        title: `${connector.title}: ${action.title}`,
-        description: action.description ?? `${action.risk} action ${action.id} on ${connector.title}`,
-        providerId: connector.providerId,
-        connectorId: connector.id,
-        connectorTitle: connector.title,
-        category: connector.category,
-        action,
-        risk: action.risk,
-        dataClass: action.dataClass,
-        requiredScopes: action.requiredScopes,
-        inputSchema: action.inputSchema,
-        outputSchema: action.outputSchema,
-        tags
-      });
-    }
-  }
-  return tools;
-}
-function searchIntegrationTools(catalog, query, filters = {}) {
-  const terms = tokenize(query);
-  const filtered = catalog.filter((tool) => {
-    if (filters.providerId && tool.providerId !== filters.providerId) return false;
-    if (filters.connectorId && tool.connectorId !== filters.connectorId) return false;
-    if (filters.category && tool.category !== filters.category) return false;
-    if (filters.dataClass && tool.dataClass !== filters.dataClass) return false;
-    if (filters.maxRisk && riskRank2[tool.risk] > riskRank2[filters.maxRisk]) return false;
-    return true;
-  });
-  const scored = filtered.map((tool) => scoreTool(tool, terms));
-  return scored.filter((result) => terms.length === 0 || result.score > 0).sort((a, b) => b.score - a.score || a.tool.name.localeCompare(b.tool.name)).slice(0, filters.limit ?? 20);
-}
-function toMcpTools(tools) {
-  return tools.map((tool) => ({
-    name: tool.name,
-    description: `${tool.title}. ${tool.description}`,
-    inputSchema: tool.inputSchema ?? {
-      type: "object",
-      additionalProperties: true,
-      properties: {}
-    }
-  }));
-}
-function scoreTool(tool, terms) {
-  if (terms.length === 0) return { tool, score: 1, matched: [] };
-  const haystack = new Set(tool.tags);
-  const matched = [];
-  let score = 0;
-  for (const term of terms) {
-    if (haystack.has(term)) {
-      matched.push(term);
-      score += 4;
-      continue;
-    }
-    if (tool.tags.some((tag) => tag.includes(term))) {
-      matched.push(term);
-      score += 1;
-    }
-  }
-  if (tool.risk === "read") score += 0.25;
-  return { tool, score, matched: unique4(matched) };
-}
-function tokenize(value) {
-  return value.toLowerCase().split(/[^a-z0-9]+/g).map((part) => part.trim()).filter(Boolean);
-}
-function encodeToolPart(value) {
-  return Buffer.from(value, "utf8").toString("base64url").replace(/_/g, ".");
-}
-function decodeToolPart(value) {
-  return Buffer.from(value.replace(/\./g, "_"), "base64url").toString("utf8");
-}
-function unique4(values) {
-  return [...new Set(values)];
-}
-
-// src/catalog-executor.ts
-function createCatalogExecutorProvider(options) {
-  const byConnector = new Map(options.connectors.map((connector) => [connector.id, connector]));
-  return {
-    id: options.id,
-    kind: options.kind,
-    listConnectors: () => options.connectors,
-    startAuth: options.startAuth,
-    completeAuth: options.completeAuth,
-    async invokeAction(connection, request) {
-      const connector = byConnector.get(connection.connectorId);
-      if (!connector) {
-        throw new IntegrationError(`Connector ${connection.connectorId} not found.`, "connector_not_found");
-      }
-      const action = connector.actions.find((candidate) => candidate.id === request.action);
-      if (!action) {
-        throw new IntegrationError(`Action ${request.action} is not defined by connector ${connector.id}.`, "action_not_found");
-      }
-      return options.executeAction({ connection, request, connector, action });
+      request: { method: "GET", path: "/services/data/v61.0/sobjects/{objectName}/{recordId}" },
+      requiredScopes: ["api"]
     },
-    async subscribeTrigger(connection, triggerId, targetUrl) {
-      if (!options.subscribeTrigger) {
-        throw new IntegrationError(`Provider ${options.id} does not support trigger subscriptions.`, "action_not_found");
-      }
-      const connector = byConnector.get(connection.connectorId);
-      if (!connector) {
-        throw new IntegrationError(`Connector ${connection.connectorId} not found.`, "connector_not_found");
-      }
-      const trigger2 = connector.triggers?.find((candidate) => candidate.id === triggerId);
-      if (!trigger2) {
-        throw new IntegrationError(`Trigger ${triggerId} is not defined by connector ${connector.id}.`, "action_not_found");
-      }
-      return options.subscribeTrigger(connection, trigger2, targetUrl);
+    {
+      name: "records.create",
+      class: "mutation",
+      description: "Create a Salesforce sObject record.",
+      parameters: {
+        type: "object",
+        properties: { objectName: { type: "string" }, fields: { type: "object" } },
+        required: ["objectName", "fields"]
+      },
+      request: { method: "POST", path: "/services/data/v61.0/sobjects/{objectName}", body: "{fields}" },
+      cas: "native-idempotency",
+      requiredScopes: ["api"]
     },
-    unsubscribeTrigger: options.unsubscribeTrigger,
-    normalizeTriggerEvent: options.normalizeTriggerEvent
-  };
-}
+    {
+      name: "records.update",
+      class: "mutation",
+      description: "Update a Salesforce sObject record.",
+      parameters: {
+        type: "object",
+        properties: { objectName: { type: "string" }, recordId: { type: "string" }, fields: { type: "object" } },
+        required: ["objectName", "recordId", "fields"]
+      },
+      request: { method: "PATCH", path: "/services/data/v61.0/sobjects/{objectName}/{recordId}", body: "{fields}" },
+      cas: "etag-if-match",
+      requiredScopes: ["api"]
+    }
+  ]
+});
 
 // src/sandbox.ts
 function buildIntegrationInvocationEnvelope(input) {
@@ -5386,868 +5933,417 @@ function invocationRequestFromEnvelope(envelope) {
     input: envelope.input,
     idempotencyKey: envelope.idempotencyKey,
     dryRun: envelope.dryRun,
-    metadata: envelope.metadata
-  };
-}
-function validateIntegrationInvocationEnvelope(envelope, options = {}) {
-  if (!envelope || typeof envelope !== "object") throw new Error("Integration invocation envelope is required.");
-  if (envelope.kind !== "integration.invocation") throw new Error("Invalid integration invocation envelope kind.");
-  if (!isNonEmptyString(envelope.capabilityToken)) throw new Error("Integration invocation envelope is missing capabilityToken.");
-  if (!isNonEmptyString(envelope.toolName)) throw new Error("Integration invocation envelope is missing toolName.");
-  if (!isNonEmptyString(envelope.action)) throw new Error("Integration invocation envelope is missing action.");
-  if (!isNonEmptyString(envelope.idempotencyKey)) throw new Error("Integration invocation envelope is missing idempotencyKey.");
-  if (envelope.metadata !== void 0 && !isPlainRecord(envelope.metadata)) {
-    throw new Error("Integration invocation envelope metadata must be an object.");
-  }
-  const parsed = parseIntegrationToolName(envelope.toolName);
-  if (parsed.actionId !== envelope.action) {
-    throw new Error(`Integration invocation action ${envelope.action} does not match tool ${parsed.actionId}.`);
-  }
-  const inputBytes = Buffer.byteLength(JSON.stringify(envelope.input ?? null), "utf8");
-  const maxInputBytes = options.maxInputBytes ?? 256 * 1024;
-  if (inputBytes > maxInputBytes) {
-    throw new Error(`Integration invocation input exceeds ${maxInputBytes} bytes.`);
-  }
-  if (options.requireKnownTool || options.connectors) {
-    if (!options.connectors) throw new Error("connectors are required when requireKnownTool is true.");
-    const connector = options.connectors.find(
-      (candidate) => candidate.providerId === parsed.providerId && candidate.id === parsed.connectorId
-    );
-    const action = connector?.actions.find((candidate) => candidate.id === parsed.actionId);
-    if (!connector || !action) throw new Error(`Unknown integration tool ${envelope.toolName}.`);
-  }
-}
-function redactInvocationEnvelope(envelope) {
-  return {
-    ...envelope,
-    capabilityToken: "[REDACTED]",
-    input: redactUnknown4(envelope.input)
-  };
-}
-function redactCapability(capability) {
-  return {
-    ...capability,
-    metadata: redactUnknown4(capability.metadata)
-  };
-}
-function normalizeIntegrationResult(result) {
-  const output = result.output;
-  if (!result.ok && output?.approvalRequired === true && output.approval) {
-    return {
-      status: "approval_required",
-      action: result.action,
-      approval: output.approval,
-      metadata: result.metadata
-    };
-  }
-  if (!result.ok) {
-    return {
-      status: "failed",
-      action: result.action,
-      error: String(result.output ?? result.warnings?.[0] ?? "integration action failed"),
-      metadata: result.metadata
-    };
-  }
-  return {
-    status: "ok",
-    action: result.action,
-    output: result.output,
-    metadata: result.metadata
-  };
-}
-async function dispatchIntegrationInvocation(envelope, options) {
-  try {
-    validateIntegrationInvocationEnvelope(envelope, options);
-    const result = await options.hub.invokeWithCapability(
-      envelope.capabilityToken,
-      invocationRequestFromEnvelope(envelope)
-    );
-    return normalizeIntegrationResult(result);
-  } catch (error) {
-    return {
-      status: "failed",
-      action: typeof envelope?.action === "string" ? envelope.action : "unknown",
-      error: error instanceof Error ? error.message : "Integration invocation failed."
-    };
-  }
-}
-var IntegrationSandboxHost = class {
-  options;
-  constructor(options) {
-    this.options = options;
-  }
-  dispatch(envelope) {
-    return dispatchIntegrationInvocation(envelope, this.options);
-  }
-};
-function redactUnknown4(value) {
-  if (Array.isArray(value)) return value.map(redactUnknown4);
-  if (!value || typeof value !== "object") return value;
-  const out = {};
-  for (const [key, child] of Object.entries(value)) {
-    if (/token|secret|password|authorization|api[_-]?key|credential/i.test(key)) {
-      out[key] = "[REDACTED]";
-    } else {
-      out[key] = redactUnknown4(child);
-    }
-  }
-  return out;
-}
-function isNonEmptyString(value) {
-  return typeof value === "string" && value.trim().length > 0;
-}
-function isPlainRecord(value) {
-  return Boolean(value) && typeof value === "object" && !Array.isArray(value);
-}
-
-// src/importers.ts
-var HTTP_METHODS = /* @__PURE__ */ new Set(["get", "post", "put", "patch", "delete"]);
-function importOpenApiConnector(document, options) {
-  const actions = [];
-  for (const [path, methods] of Object.entries(document.paths ?? {})) {
-    for (const [method, rawOperation] of Object.entries(methods)) {
-      const normalizedMethod = method.toLowerCase();
-      if (!HTTP_METHODS.has(normalizedMethod) || !isObject(rawOperation)) continue;
-      const operation = rawOperation;
-      const operationId = operation.operationId ?? `${normalizedMethod}_${path.replace(/[^a-zA-Z0-9]+/g, "_").replace(/^_+|_+$/g, "")}`;
-      actions.push({
-        id: operationId,
-        title: operation.summary ?? titleFromId(operationId),
-        risk: riskFromHttpMethod(normalizedMethod, operation, options.defaultRisk),
-        requiredScopes: scopesFromOpenApiOperation(operation, options.scopes ?? []),
-        dataClass: options.dataClass ?? "private",
-        description: operation.description ?? operation.summary ?? `${normalizedMethod.toUpperCase()} ${path}`,
-        approvalRequired: riskFromHttpMethod(normalizedMethod, operation, options.defaultRisk) !== "read",
-        inputSchema: openApiInputSchema(path, normalizedMethod, operation),
-        outputSchema: operation.responses
-      });
-    }
-  }
-  return connectorFromActions(options, actions);
-}
-function importGraphqlConnector(operations, options) {
-  return connectorFromActions(options, operations.map((operation) => ({
-    id: operation.name,
-    title: titleFromId(operation.name),
-    risk: operation.kind === "query" ? "read" : options.defaultRisk ?? "write",
-    requiredScopes: operation.requiredScopes ?? options.scopes ?? [],
-    dataClass: options.dataClass ?? "private",
-    description: operation.description,
-    approvalRequired: operation.kind === "mutation",
-    inputSchema: operation.inputSchema,
-    outputSchema: operation.outputSchema
-  })));
-}
-function importMcpConnector(catalog, options) {
-  return connectorFromActions(options, catalog.tools.map((tool) => {
-    const risk = riskFromMcpTool(tool, options.defaultRisk);
-    return {
-      id: tool.name,
-      title: tool.annotations?.title ?? titleFromId(tool.name),
-      risk,
-      requiredScopes: options.scopes ?? [],
-      dataClass: options.dataClass ?? "private",
-      description: tool.description,
-      approvalRequired: risk !== "read",
-      inputSchema: tool.inputSchema
-    };
-  }));
-}
-function connectorFromActions(options, actions) {
-  const scopes = unique5([
-    ...options.scopes ?? [],
-    ...actions.flatMap((action) => action.requiredScopes)
-  ]);
-  return {
-    id: options.connectorId,
-    providerId: options.providerId,
-    title: options.connectorTitle,
-    category: options.category ?? "other",
-    auth: options.auth ?? "custom",
-    scopes,
-    actions,
-    metadata: { source: "catalog-importer" }
-  };
-}
-function riskFromHttpMethod(method, operation, fallback) {
-  if (method === "get") return "read";
-  if (method === "delete") return "destructive";
-  const text = `${operation.operationId ?? ""} ${operation.summary ?? ""} ${operation.description ?? ""}`.toLowerCase();
-  if (/\b(delete|remove|destroy|cancel|void|revoke|drop)\b/.test(text)) return "destructive";
-  return fallback && fallback !== "read" ? fallback : "write";
-}
-function riskFromMcpTool(tool, fallback) {
-  if (tool.annotations?.destructiveHint) return "destructive";
-  if (tool.annotations?.readOnlyHint) return "read";
-  const text = `${tool.name} ${tool.description ?? ""}`.toLowerCase();
-  if (/\b(delete|remove|destroy|cancel|void|revoke|drop)\b/.test(text)) return "destructive";
-  if (/\b(get|list|read|search|find|fetch|query)\b/.test(text)) return "read";
-  return fallback ?? "write";
-}
-function scopesFromOpenApiOperation(operation, fallback) {
-  const scopes = (operation.security ?? []).flatMap((entry) => Object.values(entry).flat());
-  return unique5(scopes.length > 0 ? scopes : fallback);
-}
-function openApiInputSchema(path, method, operation) {
-  return {
-    type: "object",
-    additionalProperties: true,
-    properties: {
-      path: { const: path },
-      method: { const: method.toUpperCase() },
-      parameters: { type: "object", additionalProperties: true },
-      body: operation.requestBody ?? { type: "object", additionalProperties: true }
-    }
+    metadata: envelope.metadata
   };
 }
-function titleFromId(id) {
-  return id.replace(/([a-z])([A-Z])/g, "$1 $2").split(/[^a-zA-Z0-9]+/g).filter(Boolean).map((part) => part.slice(0, 1).toUpperCase() + part.slice(1)).join(" ");
-}
-function isObject(value) {
-  return Boolean(value) && typeof value === "object" && !Array.isArray(value);
-}
-function unique5(values) {
-  return [...new Set(values)];
-}
-
-// src/gateway-catalog.ts
-function createGatewayCatalogProvider(options) {
-  const now = options.now ?? (() => /* @__PURE__ */ new Date());
-  let cachedAt = 0;
-  let cached;
-  async function listConnectors() {
-    const ttl = options.cacheTtlMs ?? 6e4;
-    const current = now().getTime();
-    if (cached && current - cachedAt < ttl) return cached;
-    const entries = await options.fetchCatalog();
-    cached = normalizeGatewayCatalog(entries, {
-      providerId: options.id,
-      providerKind: options.kind
-    });
-    cachedAt = current;
-    return cached;
+function validateIntegrationInvocationEnvelope(envelope, options = {}) {
+  if (!envelope || typeof envelope !== "object") throw new Error("Integration invocation envelope is required.");
+  if (envelope.kind !== "integration.invocation") throw new Error("Invalid integration invocation envelope kind.");
+  if (!isNonEmptyString(envelope.capabilityToken)) throw new Error("Integration invocation envelope is missing capabilityToken.");
+  if (!isNonEmptyString(envelope.toolName)) throw new Error("Integration invocation envelope is missing toolName.");
+  if (!isNonEmptyString(envelope.action)) throw new Error("Integration invocation envelope is missing action.");
+  if (!isNonEmptyString(envelope.idempotencyKey)) throw new Error("Integration invocation envelope is missing idempotencyKey.");
+  if (envelope.metadata !== void 0 && !isPlainRecord(envelope.metadata)) {
+    throw new Error("Integration invocation envelope metadata must be an object.");
+  }
+  const parsed = parseIntegrationToolName(envelope.toolName);
+  if (parsed.actionId !== envelope.action) {
+    throw new Error(`Integration invocation action ${envelope.action} does not match tool ${parsed.actionId}.`);
+  }
+  const inputBytes = Buffer.byteLength(JSON.stringify(envelope.input ?? null), "utf8");
+  const maxInputBytes = options.maxInputBytes ?? 256 * 1024;
+  if (inputBytes > maxInputBytes) {
+    throw new Error(`Integration invocation input exceeds ${maxInputBytes} bytes.`);
+  }
+  if (options.requireKnownTool || options.connectors) {
+    if (!options.connectors) throw new Error("connectors are required when requireKnownTool is true.");
+    const connector = options.connectors.find(
+      (candidate) => candidate.providerId === parsed.providerId && candidate.id === parsed.connectorId
+    );
+    const action = connector?.actions.find((candidate) => candidate.id === parsed.actionId);
+    if (!connector || !action) throw new Error(`Unknown integration tool ${envelope.toolName}.`);
   }
+}
+function redactInvocationEnvelope(envelope) {
   return {
-    id: options.id,
-    kind: options.kind,
-    listConnectors,
-    startAuth: options.startAuth,
-    completeAuth: options.completeAuth,
-    async invokeAction(connection, request) {
-      if (!options.invokeAction) {
-        throw new IntegrationError(`Gateway provider ${options.id} does not implement action invocation.`, "action_not_found");
-      }
-      await assertKnownGatewayAction(await listConnectors(), connection.connectorId, request.action);
-      return options.invokeAction(connection, request);
-    }
+    ...envelope,
+    capabilityToken: "[REDACTED]",
+    input: redactUnknown4(envelope.input)
   };
 }
-function normalizeGatewayCatalog(entries, options) {
-  const out = [];
-  const seen = /* @__PURE__ */ new Set();
-  for (const entry of entries) {
-    const id = slug2(entry.id ?? entry.key ?? entry.name ?? entry.title ?? "");
-    if (!id || seen.has(id)) continue;
-    seen.add(id);
-    const title = entry.title ?? entry.name ?? titleFromId2(id);
-    const actions = normalizeActions(entry.actions ?? [], entry.scopes ?? []);
-    out.push({
-      id,
-      providerId: options.providerId,
-      title,
-      category: normalizeCategory(entry.category),
-      auth: normalizeAuth(entry.auth),
-      scopes: unique6([
-        ...entry.scopes ?? [],
-        ...actions.flatMap((action) => action.requiredScopes)
-      ]),
-      actions: actions.length > 0 ? actions : defaultActionsFor(entry.category, entry.scopes ?? []),
-      triggers: normalizeTriggers(entry.triggers ?? [], entry.scopes ?? []),
-      metadata: {
-        ...entry.metadata ?? {},
-        source: "gateway-catalog",
-        providerKind: options.providerKind,
-        executable: true
-      }
-    });
-  }
-  return out;
+function redactCapability(capability) {
+  return {
+    ...capability,
+    metadata: redactUnknown4(capability.metadata)
+  };
 }
-async function assertKnownGatewayAction(connectors, connectorId, actionId) {
-  const connector = connectors.find((candidate) => candidate.id === connectorId);
-  if (!connector) throw new IntegrationError(`Connector ${connectorId} not found.`, "connector_not_found");
-  if (!connector.actions.some((action) => action.id === actionId)) {
-    throw new IntegrationError(`Action ${actionId} is not defined by connector ${connectorId}.`, "action_not_found");
+function normalizeIntegrationResult(result) {
+  const output = result.output;
+  if (!result.ok && output?.approvalRequired === true && output.approval) {
+    return {
+      status: "approval_required",
+      action: result.action,
+      approval: output.approval,
+      metadata: result.metadata
+    };
   }
-}
-function normalizeActions(actions, fallbackScopes) {
-  return actions.map((action) => {
-    const id = slug2(action.id ?? action.key ?? action.name ?? action.title ?? "");
+  if (!result.ok) {
     return {
-      id,
-      title: action.title ?? action.name ?? titleFromId2(id),
-      risk: normalizeRisk(action.risk),
-      requiredScopes: unique6([
-        ...action.requiredScopes ?? [],
-        ...action.scopes ?? [],
-        ...action.requiredScopes?.length || action.scopes?.length ? [] : fallbackScopes
-      ]),
-      dataClass: normalizeDataClass(action.dataClass),
-      description: action.description,
-      approvalRequired: action.approvalRequired ?? normalizeRisk(action.risk) !== "read",
-      inputSchema: action.inputSchema,
-      outputSchema: action.outputSchema
+      status: "failed",
+      action: result.action,
+      error: String(result.output ?? result.warnings?.[0] ?? "integration action failed"),
+      metadata: result.metadata
     };
-  }).filter((action) => action.id);
+  }
+  return {
+    status: "ok",
+    action: result.action,
+    output: result.output,
+    metadata: result.metadata
+  };
 }
-function normalizeTriggers(triggers, fallbackScopes) {
-  const normalized = triggers.map((trigger2) => {
-    const id = slug2(trigger2.id ?? trigger2.key ?? trigger2.name ?? trigger2.title ?? "");
+async function dispatchIntegrationInvocation(envelope, options) {
+  try {
+    validateIntegrationInvocationEnvelope(envelope, options);
+    const result = await options.hub.invokeWithCapability(
+      envelope.capabilityToken,
+      invocationRequestFromEnvelope(envelope)
+    );
+    return normalizeIntegrationResult(result);
+  } catch (error) {
     return {
-      id,
-      title: trigger2.title ?? trigger2.name ?? titleFromId2(id),
-      requiredScopes: unique6([
-        ...trigger2.requiredScopes ?? [],
-        ...trigger2.scopes ?? [],
-        ...trigger2.requiredScopes?.length || trigger2.scopes?.length ? [] : fallbackScopes
-      ]),
-      dataClass: normalizeDataClass(trigger2.dataClass),
-      description: trigger2.description,
-      payloadSchema: trigger2.payloadSchema
+      status: "failed",
+      action: typeof envelope?.action === "string" ? envelope.action : "unknown",
+      error: error instanceof Error ? error.message : "Integration invocation failed."
     };
-  }).filter((trigger2) => trigger2.id);
-  return normalized.length > 0 ? normalized : void 0;
-}
-function defaultActionsFor(category, scopes) {
-  const readScope = scopes.find((scope) => scope.endsWith(".read")) ?? scopes[0];
-  const writeScope = scopes.find((scope) => scope.endsWith(".write")) ?? scopes[1] ?? readScope;
-  const requiredRead = readScope ? [readScope] : [];
-  const requiredWrite = writeScope ? [writeScope] : [];
-  const dataClass = normalizeDataClass(category === "finance" || category === "commerce" || category === "hr" ? "sensitive" : "private");
-  return [
-    {
-      id: "records.search",
-      title: "Search records",
-      risk: "read",
-      requiredScopes: requiredRead,
-      dataClass,
-      description: "Search provider records."
-    },
-    {
-      id: "records.read",
-      title: "Read record",
-      risk: "read",
-      requiredScopes: requiredRead,
-      dataClass,
-      description: "Read a provider record."
-    },
-    {
-      id: "records.upsert",
-      title: "Upsert record",
-      risk: "write",
-      requiredScopes: requiredWrite,
-      dataClass,
-      approvalRequired: true,
-      description: "Create or update a provider record."
-    }
-  ];
-}
-function normalizeCategory(category) {
-  const value = slug2(category ?? "");
-  if (value === "mail") return "email";
-  if (value === "messaging" || value === "communication" || value === "communications") return "chat";
-  if (value === "file" || value === "files") return "storage";
-  if (value === "project-management" || value === "automation") return "workflow";
-  if (value === "developer" || value === "devops") return "workflow";
-  if (value === "support") return "crm";
-  if ([
-    "email",
-    "calendar",
-    "chat",
-    "crm",
-    "storage",
-    "docs",
-    "database",
-    "webhook",
-    "workflow",
-    "internal",
-    "other"
-  ].includes(value)) return value;
-  return "other";
-}
-function normalizeAuth(auth) {
-  if (auth === "oauth2") return "oauth2";
-  if (auth === "api_key" || auth === "api-key" || auth === "apikey") return "api_key";
-  if (auth === "none") return "none";
-  return "custom";
-}
-function normalizeRisk(risk) {
-  if (risk === "read" || risk === "write" || risk === "destructive") return risk;
-  return "write";
-}
-function normalizeDataClass(dataClass) {
-  if (dataClass === "public" || dataClass === "internal" || dataClass === "private" || dataClass === "sensitive" || dataClass === "secret") return dataClass;
-  return "private";
+  }
 }
-function slug2(value) {
-  return value.trim().toLowerCase().replace(/&/g, "and").replace(/[^a-z0-9]+/g, "-").replace(/^-+|-+$/g, "");
+var IntegrationSandboxHost = class {
+  options;
+  constructor(options) {
+    this.options = options;
+  }
+  dispatch(envelope) {
+    return dispatchIntegrationInvocation(envelope, this.options);
+  }
+};
+function redactUnknown4(value) {
+  if (Array.isArray(value)) return value.map(redactUnknown4);
+  if (!value || typeof value !== "object") return value;
+  const out = {};
+  for (const [key, child] of Object.entries(value)) {
+    if (/token|secret|password|authorization|api[_-]?key|credential/i.test(key)) {
+      out[key] = "[REDACTED]";
+    } else {
+      out[key] = redactUnknown4(child);
+    }
+  }
+  return out;
 }
-function titleFromId2(id) {
-  return id.split("-").filter(Boolean).map((part) => part.slice(0, 1).toUpperCase() + part.slice(1)).join(" ");
+function isNonEmptyString(value) {
+  return typeof value === "string" && value.trim().length > 0;
 }
-function unique6(values) {
-  return [...new Set(values)];
+function isPlainRecord(value) {
+  return Boolean(value) && typeof value === "object" && !Array.isArray(value);
 }
 
-// src/activepieces-provider.ts
-function createActivepiecesExecutorProvider(options) {
-  const providerId = options.id ?? "activepieces";
-  const connectors = options.connectors ?? buildActivepiecesConnectors({
-    providerId,
-    includeCatalogActions: true,
-    executable: true
-  });
-  const byEntry = new Map(listActivepiecesCatalogEntries().map((entry) => [entry.id, entry]));
-  return createCatalogExecutorProvider({
-    id: providerId,
-    kind: "activepieces",
-    connectors,
-    startAuth: options.startAuth,
-    completeAuth: options.completeAuth,
-    executeAction: async ({ connection, request, connector, action }) => {
-      const catalogEntry = byEntry.get(connector.id);
-      if (!catalogEntry) {
-        throw new IntegrationError(`Activepieces catalog entry ${connector.id} not found.`, "connector_not_found");
-      }
-      const catalogAction = catalogEntry.actions.find((candidate) => candidate.id === action.id);
-      return options.executeAction({
-        connection,
-        request,
-        connector,
-        catalogEntry,
-        piece: {
-          id: catalogEntry.id,
-          npmPackage: catalogEntry.npmPackage,
-          version: catalogEntry.version,
-          actionId: action.id,
-          upstreamActionName: catalogAction?.upstreamName
-        }
+// src/importers.ts
+var HTTP_METHODS = /* @__PURE__ */ new Set(["get", "post", "put", "patch", "delete"]);
+function importOpenApiConnector(document, options) {
+  const actions = [];
+  for (const [path, methods] of Object.entries(document.paths ?? {})) {
+    for (const [method, rawOperation] of Object.entries(methods)) {
+      const normalizedMethod = method.toLowerCase();
+      if (!HTTP_METHODS.has(normalizedMethod) || !isObject(rawOperation)) continue;
+      const operation = rawOperation;
+      const operationId = operation.operationId ?? `${normalizedMethod}_${path.replace(/[^a-zA-Z0-9]+/g, "_").replace(/^_+|_+$/g, "")}`;
+      actions.push({
+        id: operationId,
+        title: operation.summary ?? titleFromId(operationId),
+        risk: riskFromHttpMethod(normalizedMethod, operation, options.defaultRisk),
+        requiredScopes: scopesFromOpenApiOperation(operation, options.scopes ?? []),
+        dataClass: options.dataClass ?? "private",
+        description: operation.description ?? operation.summary ?? `${normalizedMethod.toUpperCase()} ${path}`,
+        approvalRequired: riskFromHttpMethod(normalizedMethod, operation, options.defaultRisk) !== "read",
+        inputSchema: openApiInputSchema(path, normalizedMethod, operation),
+        outputSchema: operation.responses
       });
     }
-  });
+  }
+  return connectorFromActions(options, actions);
 }
-
-// src/activepieces-runtime.ts
-import { createHmac as createHmac3, randomUUID as randomUUID3, timingSafeEqual as timingSafeEqual2 } from "crypto";
-var ACTIVEPIECES_RUNTIME_SIGNATURE_HEADER = "x-tangle-activepieces-signature";
-var TANGLE_CATALOG_RUNTIME_SIGNATURE_HEADER = "x-tangle-catalog-signature";
-function createActivepiecesHttpExecutor(options) {
-  const endpoint = options.endpoint.replace(/\/$/, "");
-  const path = options.path ?? "/v1/activepieces/actions/invoke";
-  const normalizedPath = path.startsWith("/") ? path : `/${path}`;
-  const signatureHeader = options.signatureHeader ?? ACTIVEPIECES_RUNTIME_SIGNATURE_HEADER;
-  const fetchImpl = options.fetchImpl ?? fetch;
-  const requestId = options.requestId ?? (() => `apexec_${randomUUID3()}`);
-  return async (invocation) => {
-    const body = buildActivepiecesRuntimeRequest(invocation, requestId());
-    const serialized = JSON.stringify(body);
-    const response = await fetchImpl(`${endpoint}${normalizedPath}`, {
-      method: "POST",
-      headers: {
-        "content-type": "application/json",
-        ...options.headers,
-        ...options.secret ? { [signatureHeader]: signActivepiecesRuntimeRequest(serialized, options.secret) } : {}
-      },
-      body: serialized,
-      signal: AbortSignal.timeout(options.timeoutMs ?? 3e4)
-    });
-    const parsed = await response.json().catch(() => void 0);
-    if (!response.ok) {
-      return parsed ?? {
-        ok: false,
-        action: invocation.request.action,
-        output: { message: `Activepieces runtime returned HTTP ${response.status}.` }
-      };
-    }
-    return parsed ?? {
-      ok: false,
-      action: invocation.request.action,
-      output: { message: "Activepieces runtime returned an empty response." }
+function importGraphqlConnector(operations, options) {
+  return connectorFromActions(options, operations.map((operation) => ({
+    id: operation.name,
+    title: titleFromId(operation.name),
+    risk: operation.kind === "query" ? "read" : options.defaultRisk ?? "write",
+    requiredScopes: operation.requiredScopes ?? options.scopes ?? [],
+    dataClass: options.dataClass ?? "private",
+    description: operation.description,
+    approvalRequired: operation.kind === "mutation",
+    inputSchema: operation.inputSchema,
+    outputSchema: operation.outputSchema
+  })));
+}
+function importMcpConnector(catalog, options) {
+  return connectorFromActions(options, catalog.tools.map((tool) => {
+    const risk = riskFromMcpTool(tool, options.defaultRisk);
+    return {
+      id: tool.name,
+      title: tool.annotations?.title ?? titleFromId(tool.name),
+      risk,
+      requiredScopes: options.scopes ?? [],
+      dataClass: options.dataClass ?? "private",
+      description: tool.description,
+      approvalRequired: risk !== "read",
+      inputSchema: tool.inputSchema
     };
-  };
+  }));
 }
-function buildActivepiecesRuntimeRequest(invocation, requestId = `apexec_${randomUUID3()}`) {
+function connectorFromActions(options, actions) {
+  const scopes = unique5([
+    ...options.scopes ?? [],
+    ...actions.flatMap((action) => action.requiredScopes)
+  ]);
   return {
-    version: 1,
-    requestId,
-    providerId: invocation.connection.providerId,
-    connection: invocation.connection,
-    connector: {
-      id: invocation.connector.id,
-      title: invocation.connector.title,
-      auth: invocation.connector.auth,
-      scopes: invocation.connector.scopes,
-      metadata: invocation.connector.metadata
-    },
-    piece: invocation.piece,
-    action: {
-      id: invocation.request.action,
-      input: invocation.request.input,
-      idempotencyKey: invocation.request.idempotencyKey,
-      dryRun: invocation.request.dryRun,
-      metadata: invocation.request.metadata
-    }
+    id: options.connectorId,
+    providerId: options.providerId,
+    title: options.connectorTitle,
+    category: options.category ?? "other",
+    auth: options.auth ?? "custom",
+    scopes,
+    actions,
+    metadata: { source: "catalog-importer" }
   };
 }
-function signActivepiecesRuntimeRequest(serializedBody, secret) {
-  return `sha256=${createHmac3("sha256", secret).update(serializedBody).digest("hex")}`;
+function riskFromHttpMethod(method, operation, fallback) {
+  if (method === "get") return "read";
+  if (method === "delete") return "destructive";
+  const text = `${operation.operationId ?? ""} ${operation.summary ?? ""} ${operation.description ?? ""}`.toLowerCase();
+  if (/\b(delete|remove|destroy|cancel|void|revoke|drop)\b/.test(text)) return "destructive";
+  return fallback && fallback !== "read" ? fallback : "write";
 }
-function verifyActivepiecesRuntimeSignature(serializedBody, signature, secret) {
-  if (!signature) return false;
-  const expected = signActivepiecesRuntimeRequest(serializedBody, secret);
-  const left = Buffer.from(signature);
-  const right = Buffer.from(expected);
-  return left.length === right.length && timingSafeEqual2(left, right);
+function riskFromMcpTool(tool, fallback) {
+  if (tool.annotations?.destructiveHint) return "destructive";
+  if (tool.annotations?.readOnlyHint) return "read";
+  const text = `${tool.name} ${tool.description ?? ""}`.toLowerCase();
+  if (/\b(delete|remove|destroy|cancel|void|revoke|drop)\b/.test(text)) return "destructive";
+  if (/\b(get|list|read|search|find|fetch|query)\b/.test(text)) return "read";
+  return fallback ?? "write";
 }
-function createTangleCatalogHttpExecutor(options) {
-  const endpoint = options.endpoint.replace(/\/$/, "");
-  const path = options.path ?? "/v1/integration-catalog/actions/invoke";
-  const normalizedPath = path.startsWith("/") ? path : `/${path}`;
-  const signatureHeader = options.signatureHeader ?? TANGLE_CATALOG_RUNTIME_SIGNATURE_HEADER;
-  const fetchImpl = options.fetchImpl ?? fetch;
-  const requestId = options.requestId ?? (() => `tcat_${randomUUID3()}`);
-  return async (invocation) => {
-    const body = buildTangleCatalogRuntimeRequest(invocation, requestId());
-    const serialized = JSON.stringify(body);
-    const response = await fetchImpl(`${endpoint}${normalizedPath}`, {
-      method: "POST",
-      headers: {
-        "content-type": "application/json",
-        ...options.headers,
-        ...options.secret ? { [signatureHeader]: signTangleCatalogRuntimeRequest(serialized, options.secret) } : {}
-      },
-      body: serialized,
-      signal: AbortSignal.timeout(options.timeoutMs ?? 3e4)
-    });
-    const parsed = await response.json().catch(() => void 0);
-    if (!response.ok) {
-      return parsed ?? {
-        ok: false,
-        action: invocation.request.action,
-        output: { message: `Tangle catalog runtime returned HTTP ${response.status}.` }
-      };
-    }
-    return parsed ?? {
-      ok: false,
-      action: invocation.request.action,
-      output: { message: "Tangle catalog runtime returned an empty response." }
-    };
-  };
+function scopesFromOpenApiOperation(operation, fallback) {
+  const scopes = (operation.security ?? []).flatMap((entry) => Object.values(entry).flat());
+  return unique5(scopes.length > 0 ? scopes : fallback);
 }
-function buildTangleCatalogRuntimeRequest(invocation, requestId = `tcat_${randomUUID3()}`) {
+function openApiInputSchema(path, method, operation) {
   return {
-    version: 1,
-    requestId,
-    providerId: invocation.connection.providerId,
-    connection: invocation.connection,
-    connector: {
-      id: invocation.connector.id,
-      title: invocation.connector.title,
-      auth: invocation.connector.auth,
-      scopes: invocation.connector.scopes,
-      metadata: invocation.connector.metadata
-    },
-    piece: invocation.piece,
-    action: {
-      id: invocation.request.action,
-      input: invocation.request.input,
-      idempotencyKey: invocation.request.idempotencyKey,
-      dryRun: invocation.request.dryRun,
-      metadata: invocation.request.metadata
+    type: "object",
+    additionalProperties: true,
+    properties: {
+      path: { const: path },
+      method: { const: method.toUpperCase() },
+      parameters: { type: "object", additionalProperties: true },
+      body: operation.requestBody ?? { type: "object", additionalProperties: true }
     }
   };
 }
-var signTangleCatalogRuntimeRequest = signActivepiecesRuntimeRequest;
-var verifyTangleCatalogRuntimeSignature = verifyActivepiecesRuntimeSignature;
-
-// src/catalog-freshness.ts
-var ACTIVEPIECES_PUBLIC_CATALOG_URL = "https://www.activepieces.com/pieces";
-function parseCount(value) {
-  if (!value) return void 0;
-  const parsed = Number.parseInt(value.replace(/,/g, ""), 10);
-  return Number.isFinite(parsed) ? parsed : void 0;
+function titleFromId(id) {
+  return id.replace(/([a-z])([A-Z])/g, "$1 $2").split(/[^a-zA-Z0-9]+/g).filter(Boolean).map((part) => part.slice(0, 1).toUpperCase() + part.slice(1)).join(" ");
+}
+function isObject(value) {
+  return Boolean(value) && typeof value === "object" && !Array.isArray(value);
 }
-function extractActivepiecesPublicPieceCount(html) {
-  const showingMatch = html.match(/Showing\s+([0-9,]+)\s+pieces/i);
-  const integrationMatch = html.match(/([0-9,]+)\+?\s+Integrations/i);
-  return parseCount(showingMatch?.[1]) ?? parseCount(integrationMatch?.[1]);
+function unique5(values) {
+  return [...new Set(values)];
 }
-async function auditIntegrationCatalogFreshness(options = {}) {
-  const minActivepiecesConnectors = options.minActivepiecesConnectors ?? 600;
-  const staleConnectorDelta = options.staleConnectorDelta ?? 25;
-  const activepiecesEntries = listActivepiecesCatalogEntries();
-  const activepiecesConnectors = buildActivepiecesConnectors({
-    includeCatalogActions: true
-  });
-  const executableActivepiecesProvider = createActivepiecesExecutorProvider({
-    executeAction: () => ({ ok: true, action: "audit.noop" })
-  });
-  const executableActivepiecesConnectors = await executableActivepiecesProvider.listConnectors();
-  const executableRegistry = composeIntegrationRegistry([
-    {
-      id: executableActivepiecesProvider.id,
-      connectors: executableActivepiecesConnectors
-    }
-  ]);
-  const executableTools = buildIntegrationToolCatalog(executableRegistry.connectors);
-  const unsupportedExecutableConnectorIds = executableActivepiecesConnectors.filter((connector) => connector.actions.length === 0).map((connector) => connector.id);
-  const registry = buildDefaultIntegrationRegistry({
-    includeSpecs: true,
-    includeActivepieces: true
-  });
-  const warnings = [];
-  if (activepiecesConnectors.length < minActivepiecesConnectors) {
-    warnings.push(
-      `Activepieces catalog has ${activepiecesConnectors.length} connectors, below floor ${minActivepiecesConnectors}.`
-    );
-  }
-  if (unsupportedExecutableConnectorIds.length > 0) {
-    warnings.push(
-      `Activepieces executable provider has ${unsupportedExecutableConnectorIds.length} connectors without actions.`
-    );
-  }
-  if (executableTools.length < activepiecesEntries.length) {
-    warnings.push(
-      `Activepieces executable provider produced only ${executableTools.length} tool definitions for ${activepiecesEntries.length} entries.`
-    );
-  }
-  let upstream;
-  if (options.liveActivepieces) {
-    upstream = await checkActivepiecesPublicCatalog({
-      localConnectorCount: activepiecesConnectors.length,
-      staleConnectorDelta,
-      fetchImpl: options.fetchImpl,
-      warnings
+
+// src/gateway-catalog.ts
+function createGatewayCatalogProvider(options) {
+  const now = options.now ?? (() => /* @__PURE__ */ new Date());
+  let cachedAt = 0;
+  let cached;
+  async function listConnectors() {
+    const ttl = options.cacheTtlMs ?? 6e4;
+    const current = now().getTime();
+    if (cached && current - cachedAt < ttl) return cached;
+    const entries = await options.fetchCatalog();
+    cached = normalizeGatewayCatalog(entries, {
+      providerId: options.id,
+      providerKind: options.kind
     });
+    cachedAt = current;
+    return cached;
   }
   return {
-    ok: warnings.length === 0,
-    generatedAt: (/* @__PURE__ */ new Date()).toISOString(),
-    local: {
-      activepiecesEntries: activepiecesEntries.length,
-      activepiecesConnectors: activepiecesConnectors.length,
-      activepiecesActions: activepiecesConnectors.reduce(
-        (sum, connector) => sum + connector.actions.length,
-        0
-      ),
-      activepiecesTriggers: activepiecesConnectors.reduce(
-        (sum, connector) => sum + (connector.triggers?.length ?? 0),
-        0
-      ),
-      executableActivepiecesConnectors: executableActivepiecesConnectors.length,
-      executableActivepiecesActions: executableActivepiecesConnectors.reduce(
-        (sum, connector) => sum + connector.actions.length,
-        0
-      ),
-      executableActivepiecesTriggers: executableActivepiecesConnectors.reduce(
-        (sum, connector) => sum + (connector.triggers?.length ?? 0),
-        0
-      ),
-      executableToolDefinitions: executableTools.length,
-      unsupportedExecutableConnectorIds,
-      registryEntries: registry.entries.length,
-      registrySummary: summarizeIntegrationRegistry(registry),
-      conflictSamples: registry.entries.flatMap((entry) => entry.conflicts).slice(0, 10)
-    },
-    upstream,
-    warnings
+    id: options.id,
+    kind: options.kind,
+    listConnectors,
+    startAuth: options.startAuth,
+    completeAuth: options.completeAuth,
+    async invokeAction(connection, request) {
+      if (!options.invokeAction) {
+        throw new IntegrationError(`Gateway provider ${options.id} does not implement action invocation.`, "action_not_found");
+      }
+      await assertKnownGatewayAction(await listConnectors(), connection.connectorId, request.action);
+      return options.invokeAction(connection, request);
+    }
   };
 }
-async function checkActivepiecesPublicCatalog(input) {
-  try {
-    const res = await (input.fetchImpl ?? fetch)(ACTIVEPIECES_PUBLIC_CATALOG_URL, {
-      headers: { accept: "text/html" },
-      signal: AbortSignal.timeout(15e3)
+function normalizeGatewayCatalog(entries, options) {
+  const out = [];
+  const seen = /* @__PURE__ */ new Set();
+  for (const entry of entries) {
+    const id = slug2(entry.id ?? entry.key ?? entry.name ?? entry.title ?? "");
+    if (!id || seen.has(id)) continue;
+    seen.add(id);
+    const title = entry.title ?? entry.name ?? titleFromId2(id);
+    const actions = normalizeActions(entry.actions ?? [], entry.scopes ?? []);
+    out.push({
+      id,
+      providerId: options.providerId,
+      title,
+      category: normalizeCategory(entry.category),
+      auth: normalizeAuth(entry.auth),
+      scopes: unique6([
+        ...entry.scopes ?? [],
+        ...actions.flatMap((action) => action.requiredScopes)
+      ]),
+      actions: actions.length > 0 ? actions : defaultActionsFor(entry.category, entry.scopes ?? []),
+      triggers: normalizeTriggers(entry.triggers ?? [], entry.scopes ?? []),
+      metadata: {
+        ...entry.metadata ?? {},
+        source: "gateway-catalog",
+        providerKind: options.providerKind,
+        executable: true
+      }
     });
-    if (!res.ok) {
-      const warning = `Activepieces freshness request failed with HTTP ${res.status}.`;
-      input.warnings.push(warning);
-      return {
-        checkedUrl: ACTIVEPIECES_PUBLIC_CATALOG_URL,
-        warning
-      };
-    }
-    const activepiecesPieces = extractActivepiecesPublicPieceCount(await res.text());
-    const activepiecesDelta = activepiecesPieces === void 0 ? void 0 : activepiecesPieces - input.localConnectorCount;
-    if (activepiecesDelta !== void 0 && activepiecesDelta > input.staleConnectorDelta) {
-      input.warnings.push(
-        `Activepieces upstream appears ${activepiecesDelta} connectors ahead of the vendored package catalog.`
-      );
-    }
+  }
+  return out;
+}
+async function assertKnownGatewayAction(connectors, connectorId, actionId) {
+  const connector = connectors.find((candidate) => candidate.id === connectorId);
+  if (!connector) throw new IntegrationError(`Connector ${connectorId} not found.`, "connector_not_found");
+  if (!connector.actions.some((action) => action.id === actionId)) {
+    throw new IntegrationError(`Action ${actionId} is not defined by connector ${connectorId}.`, "action_not_found");
+  }
+}
+function normalizeActions(actions, fallbackScopes) {
+  return actions.map((action) => {
+    const id = slug2(action.id ?? action.key ?? action.name ?? action.title ?? "");
     return {
-      activepiecesPieces,
-      activepiecesDelta,
-      checkedUrl: ACTIVEPIECES_PUBLIC_CATALOG_URL,
-      warning: activepiecesPieces === void 0 ? "Could not parse upstream piece count." : void 0
+      id,
+      title: action.title ?? action.name ?? titleFromId2(id),
+      risk: normalizeRisk(action.risk),
+      requiredScopes: unique6([
+        ...action.requiredScopes ?? [],
+        ...action.scopes ?? [],
+        ...action.requiredScopes?.length || action.scopes?.length ? [] : fallbackScopes
+      ]),
+      dataClass: normalizeDataClass(action.dataClass),
+      description: action.description,
+      approvalRequired: action.approvalRequired ?? normalizeRisk(action.risk) !== "read",
+      inputSchema: action.inputSchema,
+      outputSchema: action.outputSchema
     };
-  } catch (error) {
-    const warning = error instanceof Error ? error.message : "Activepieces freshness request failed.";
-    input.warnings.push(warning);
+  }).filter((action) => action.id);
+}
+function normalizeTriggers(triggers, fallbackScopes) {
+  const normalized = triggers.map((trigger2) => {
+    const id = slug2(trigger2.id ?? trigger2.key ?? trigger2.name ?? trigger2.title ?? "");
     return {
-      checkedUrl: ACTIVEPIECES_PUBLIC_CATALOG_URL,
-      warning
+      id,
+      title: trigger2.title ?? trigger2.name ?? titleFromId2(id),
+      requiredScopes: unique6([
+        ...trigger2.requiredScopes ?? [],
+        ...trigger2.scopes ?? [],
+        ...trigger2.requiredScopes?.length || trigger2.scopes?.length ? [] : fallbackScopes
+      ]),
+      dataClass: normalizeDataClass(trigger2.dataClass),
+      description: trigger2.description,
+      payloadSchema: trigger2.payloadSchema
     };
-  }
+  }).filter((trigger2) => trigger2.id);
+  return normalized.length > 0 ? normalized : void 0;
+}
+function defaultActionsFor(category, scopes) {
+  const readScope = scopes.find((scope) => scope.endsWith(".read")) ?? scopes[0];
+  const writeScope = scopes.find((scope) => scope.endsWith(".write")) ?? scopes[1] ?? readScope;
+  const requiredRead = readScope ? [readScope] : [];
+  const requiredWrite = writeScope ? [writeScope] : [];
+  const dataClass = normalizeDataClass(category === "finance" || category === "commerce" || category === "hr" ? "sensitive" : "private");
+  return [
+    {
+      id: "records.search",
+      title: "Search records",
+      risk: "read",
+      requiredScopes: requiredRead,
+      dataClass,
+      description: "Search provider records."
+    },
+    {
+      id: "records.read",
+      title: "Read record",
+      risk: "read",
+      requiredScopes: requiredRead,
+      dataClass,
+      description: "Read a provider record."
+    },
+    {
+      id: "records.upsert",
+      title: "Upsert record",
+      risk: "write",
+      requiredScopes: requiredWrite,
+      dataClass,
+      approvalRequired: true,
+      description: "Create or update a provider record."
+    }
+  ];
 }
-
-// src/tangle-catalog.ts
-var TANGLE_INTEGRATIONS_CATALOG_PROVIDER_ID = "tangle-catalog";
-var TANGLE_INTEGRATIONS_CATALOG_SOURCE = "tangle-integrations-catalog";
-function listTangleIntegrationCatalogEntries() {
-  return listActivepiecesCatalogEntries().map((entry) => sanitizeEntry(entry));
+function normalizeCategory(category) {
+  const value = slug2(category ?? "");
+  if (value === "mail") return "email";
+  if (value === "messaging" || value === "communication" || value === "communications") return "chat";
+  if (value === "file" || value === "files") return "storage";
+  if (value === "project-management" || value === "automation") return "workflow";
+  if (value === "developer" || value === "devops") return "workflow";
+  if (value === "support") return "crm";
+  if ([
+    "email",
+    "calendar",
+    "chat",
+    "crm",
+    "storage",
+    "docs",
+    "database",
+    "webhook",
+    "workflow",
+    "internal",
+    "other"
+  ].includes(value)) return value;
+  return "other";
 }
-function listTangleIntegrationCatalogRuntimePackages() {
-  return listActivepiecesCatalogEntries().filter((entry) => Boolean(entry.npmPackage)).map((entry) => ({
-    connectorId: entry.id,
-    packageName: entry.npmPackage,
-    version: entry.version
-  }));
+function normalizeAuth(auth) {
+  if (auth === "oauth2") return "oauth2";
+  if (auth === "api_key" || auth === "api-key" || auth === "apikey") return "api_key";
+  if (auth === "none") return "none";
+  return "custom";
 }
-function buildTangleIntegrationCatalogConnectors(options = {}) {
-  const providerId = options.providerId ?? TANGLE_INTEGRATIONS_CATALOG_PROVIDER_ID;
-  return buildActivepiecesConnectors({
-    ...options,
-    providerId
-  }).map((connector) => sanitizeConnector(connector, providerId));
+function normalizeRisk(risk) {
+  if (risk === "read" || risk === "write" || risk === "destructive") return risk;
+  return "write";
 }
-function createTangleCatalogExecutorProvider(options) {
-  const providerId = options.id ?? TANGLE_INTEGRATIONS_CATALOG_PROVIDER_ID;
-  const connectors = options.connectors ?? buildTangleIntegrationCatalogConnectors({
-    providerId,
-    includeCatalogActions: true,
-    executable: true
-  });
-  const byEntry = new Map(listActivepiecesCatalogEntries().map((entry) => [entry.id, entry]));
-  return createCatalogExecutorProvider({
-    id: providerId,
-    kind: "tangle_catalog",
-    connectors,
-    startAuth: options.startAuth,
-    completeAuth: options.completeAuth,
-    executeAction: async ({ connection, request, connector, action }) => {
-      const importedEntry = byEntry.get(connector.id);
-      if (!importedEntry) {
-        throw new IntegrationError(`Tangle catalog entry ${connector.id} not found.`, "connector_not_found");
-      }
-      const catalogAction = importedEntry.actions.find((candidate) => candidate.id === action.id);
-      return options.executeAction({
-        connection,
-        request,
-        connector,
-        catalogEntry: sanitizeEntry(importedEntry),
-        piece: {
-          id: importedEntry.id,
-          version: importedEntry.version,
-          actionId: action.id,
-          upstreamActionName: catalogAction?.upstreamName
-        }
-      });
-    },
-    subscribeTrigger: options.subscribeTrigger ? async (connection, trigger2, targetUrl) => {
-      const connector = connectors.find((candidate) => candidate.id === connection.connectorId);
-      const importedEntry = byEntry.get(connection.connectorId);
-      if (!connector || !importedEntry) {
-        throw new IntegrationError(`Tangle catalog entry ${connection.connectorId} not found.`, "connector_not_found");
-      }
-      const catalogTrigger = importedEntry.triggers.find((candidate) => candidate.id === trigger2.id);
-      return options.subscribeTrigger({
-        connection,
-        connector,
-        catalogEntry: sanitizeEntry(importedEntry),
-        trigger: trigger2,
-        targetUrl,
-        piece: {
-          id: importedEntry.id,
-          version: importedEntry.version,
-          triggerId: trigger2.id,
-          upstreamTriggerName: catalogTrigger?.upstreamName
-        }
-      });
-    } : void 0,
-    unsubscribeTrigger: options.unsubscribeTrigger,
-    normalizeTriggerEvent: options.normalizeTriggerEvent
-  });
+function normalizeDataClass(dataClass) {
+  if (dataClass === "public" || dataClass === "internal" || dataClass === "private" || dataClass === "sensitive" || dataClass === "secret") return dataClass;
+  return "private";
 }
-var extractExternalCatalogPublicCount = extractActivepiecesPublicPieceCount;
-async function auditTangleIntegrationCatalogFreshness(options = {}) {
-  const result = await auditIntegrationCatalogFreshness(options);
-  return {
-    ok: result.ok,
-    generatedAt: result.generatedAt,
-    local: {
-      catalogEntries: result.local.activepiecesEntries,
-      catalogConnectors: result.local.activepiecesConnectors,
-      catalogActions: result.local.activepiecesActions,
-      catalogTriggers: result.local.activepiecesTriggers,
-      executableCatalogConnectors: result.local.executableActivepiecesConnectors,
-      executableCatalogActions: result.local.executableActivepiecesActions,
-      executableCatalogTriggers: result.local.executableActivepiecesTriggers,
-      executableToolDefinitions: result.local.executableToolDefinitions,
-      unsupportedExecutableConnectorIds: result.local.unsupportedExecutableConnectorIds,
-      registryEntries: result.local.registryEntries,
-      registrySummary: result.local.registrySummary,
-      conflictSamples: result.local.conflictSamples
-    },
-    upstream: result.upstream ? {
-      externalEntries: result.upstream.activepiecesPieces,
-      externalDelta: result.upstream.activepiecesDelta,
-      checkedUrl: result.upstream.checkedUrl,
-      warning: result.upstream.warning
-    } : void 0,
-    warnings: result.warnings.map((warning) => warning.replaceAll("Activepieces", "Tangle Integrations Catalog"))
-  };
+function slug2(value) {
+  return value.trim().toLowerCase().replace(/&/g, "and").replace(/[^a-z0-9]+/g, "-").replace(/^-+|-+$/g, "");
 }
-function sanitizeEntry(entry) {
-  return {
-    id: entry.id,
-    title: entry.title,
-    description: entry.description,
-    category: entry.category,
-    auth: entry.auth,
-    authFields: entry.authFields,
-    domains: entry.domains.filter((domain) => !domain.toLowerCase().includes("activepieces")),
-    actions: entry.actions.map((action) => ({
-      id: action.id,
-      title: action.title,
-      risk: action.risk
-    })),
-    triggers: entry.triggers.map((trigger2) => ({
-      id: trigger2.id,
-      title: trigger2.title,
-      upstreamName: trigger2.upstreamName
-    }))
-  };
+function titleFromId2(id) {
+  return id.split("-").filter(Boolean).map((part) => part.slice(0, 1).toUpperCase() + part.slice(1)).join(" ");
 }
-function sanitizeConnector(connector, providerId) {
-  const metadata = connector.metadata ?? {};
-  return {
-    ...connector,
-    providerId,
-    metadata: {
-      source: TANGLE_INTEGRATIONS_CATALOG_SOURCE,
-      providerId,
-      executable: metadata.executable,
-      runtime: "tangle-catalog-runtime",
-      catalogOnly: metadata.catalogOnly,
-      supportTier: metadata.supportTier,
-      catalogActionCount: metadata.catalogActionCount,
-      catalogTriggerCount: metadata.catalogTriggerCount,
-      license: metadata.license,
-      version: metadata.version,
-      domains: Array.isArray(metadata.domains) ? metadata.domains.filter((domain) => typeof domain === "string" && !domain.toLowerCase().includes("activepieces")) : void 0,
-      ...metadata.overridden ? { overridden: true } : {}
-    }
-  };
+function unique6(values) {
+  return [...new Set(values)];
 }
 
 // src/tangle-catalog-runtime.ts
@@ -6278,6 +6374,9 @@ function createTangleCatalogRuntimeHandler(options) {
     const parsed = parseRuntimeRequest(serialized);
     if (!parsed.ok) return parsed.response;
     const request = parsed.request;
+    if (request.providerId !== request.connection.providerId) {
+      return errorResponse(400, request.action.id, "provider_mismatch", "Request providerId does not match connection providerId.");
+    }
     const connector = byConnector.get(request.connector.id);
     if (!connector) {
       return errorResponse(404, request.action.id, "connector_not_found", `Connector ${request.connector.id} is not in the Tangle catalog runtime.`);
@@ -6316,6 +6415,13 @@ function createTangleCatalogInstalledPackageExecutor(options = {}) {
     if (!packageName) {
       return runtimeFailure(invocation.action.id, "runtime_not_available", `No installed runtime package is known for connector ${invocation.connector.id}.`);
     }
+    if (invocation.request.piece.packageName && invocation.request.piece.packageName !== packageName) {
+      return runtimeFailure(
+        invocation.action.id,
+        "runtime_package_mismatch",
+        `Runtime package ${invocation.request.piece.packageName} does not match catalog package ${packageName}.`
+      );
+    }
     const loaded = await loadRuntimeModule(packageName, options.moduleLoader, moduleCache);
     if (!loaded.ok) {
       return runtimeFailure(invocation.action.id, "runtime_not_installed", loaded.message);
@@ -6324,7 +6430,7 @@ function createTangleCatalogInstalledPackageExecutor(options = {}) {
     if (!piece) {
       return runtimeFailure(invocation.action.id, "runtime_invalid", `Runtime package ${packageName} does not export a recognizable piece for ${invocation.connector.id}.`);
     }
-    const action = findRuntimeAction(piece, invocation, options.actionAliases);
+    const action = findRuntimeAction(piece, invocation, options.actionAliases, options.allowFuzzyActionMatch ?? false);
     if (!action?.run) {
       return runtimeFailure(invocation.action.id, "action_not_implemented", `Runtime package ${packageName} does not expose executable action ${invocation.action.id}.`);
     }
@@ -6350,6 +6456,56 @@ function createTangleCatalogInstalledPackageExecutor(options = {}) {
     }
   };
 }
+async function auditTangleCatalogRuntimePackages(options = {}) {
+  const only = options.connectorIds ? new Set(options.connectorIds) : void 0;
+  const rows = [];
+  const moduleCache = /* @__PURE__ */ new Map();
+  const entries = listActivepiecesCatalogEntries().filter((entry) => entry.npmPackage && (!only || only.has(entry.id)));
+  for (const entry of entries) {
+    const packageName = entry.npmPackage;
+    const base = {
+      connectorId: entry.id,
+      packageName,
+      actionMappingsTotal: entry.actions.length,
+      triggerMappingsTotal: entry.triggers.length
+    };
+    const loaded = await loadRuntimeModule(packageName, options.moduleLoader, moduleCache);
+    if (!loaded.ok) {
+      rows.push({
+        ...base,
+        packageInstalled: false,
+        packageLoads: false,
+        pieceExportFound: false,
+        actionMappingsVerified: 0,
+        triggerMappingsFound: 0,
+        triggerHostingSupported: false,
+        error: loaded.message
+      });
+      continue;
+    }
+    const piece = findPieceExport(loaded.module, entry.id);
+    const actions = piece?.actions ?? [];
+    const triggers = piece?.triggers ?? [];
+    rows.push({
+      ...base,
+      packageInstalled: true,
+      packageLoads: true,
+      pieceExportFound: Boolean(piece),
+      actionMappingsVerified: entry.actions.filter((action) => hasRuntimeName(actions, [
+        action.id,
+        action.title,
+        action.upstreamName
+      ])).length,
+      triggerMappingsFound: entry.triggers.filter((trigger2) => hasRuntimeName(triggers, [
+        trigger2.id,
+        trigger2.title,
+        trigger2.upstreamName
+      ])).length,
+      triggerHostingSupported: entry.triggers.length === 0 || triggers.length > 0
+    });
+  }
+  return rows;
+}
 function createTangleCatalogCredentialAuthResolver(options) {
   return async function resolveTangleCatalogAuth(connection) {
     if (!connection.secretRef) return void 0;
@@ -6436,7 +6592,11 @@ function findPieceExport(moduleValue, connectorId) {
   ];
   return values.find((value) => Boolean(value) && typeof value === "object" && Array.isArray(value.actions));
 }
-function findRuntimeAction(piece, invocation, aliases = {}) {
+function hasRuntimeName(values, candidates) {
+  const expected = new Set(candidates.filter((value) => Boolean(value)));
+  return values.filter((value) => Boolean(value) && typeof value === "object").some((value) => [value.name, value.displayName].some((name) => typeof name === "string" && expected.has(name)));
+}
+function findRuntimeAction(piece, invocation, aliases = {}, allowFuzzyActionMatch = false) {
   const actions = (piece.actions ?? []).filter((action) => Boolean(action) && typeof action === "object");
   const explicit = aliases[invocation.connector.id]?.[invocation.action.id];
   const candidates = new Set([
@@ -6448,7 +6608,7 @@ function findRuntimeAction(piece, invocation, aliases = {}) {
   for (const action of actions) {
     const names = [action.name, action.displayName].filter((value) => Boolean(value));
     if (names.some((name) => candidates.has(name))) return action;
-    if (names.some((name) => [...candidates].some((candidate) => comparable(name) === comparable(candidate)))) return action;
+    if (allowFuzzyActionMatch && names.some((name) => [...candidates].some((candidate) => comparable(name) === comparable(candidate)))) return action;
   }
   return void 0;
 }
@@ -7035,7 +7195,7 @@ var IntegrationHub = class {
     const provider = this.requireProvider(connection.providerId);
     const connector = await this.requireConnector(provider, connection.connectorId);
     const spec = connector.triggers?.find((candidate) => candidate.id === trigger2);
-    if (!spec) throw new IntegrationError(`Trigger ${trigger2} is not defined by connector ${connector.id}.`, "action_not_found");
+    if (!spec) throw new IntegrationError(`Trigger ${trigger2} is not defined by connector ${connector.id}.`, "trigger_not_found");
     assertScopes(connection, spec.requiredScopes);
     if (!provider.subscribeTrigger) {
       throw new IntegrationError(`Provider ${provider.id} does not support triggers.`, "auth_not_supported");
@@ -7231,6 +7391,37 @@ export {
   getActivepiecesOverride,
   listActivepiecesCatalogEntries,
   buildActivepiecesConnectors,
+  createCatalogExecutorProvider,
+  createActivepiecesExecutorProvider,
+  integrationToolName,
+  parseIntegrationToolName,
+  buildIntegrationToolCatalog,
+  searchIntegrationTools,
+  toMcpTools,
+  ACTIVEPIECES_PUBLIC_CATALOG_URL,
+  extractActivepiecesPublicPieceCount,
+  auditIntegrationCatalogFreshness,
+  ACTIVEPIECES_RUNTIME_SIGNATURE_HEADER,
+  TANGLE_CATALOG_RUNTIME_SIGNATURE_HEADER,
+  createActivepiecesHttpExecutor,
+  buildActivepiecesRuntimeRequest,
+  signActivepiecesRuntimeRequest,
+  verifyActivepiecesRuntimeSignature,
+  createTangleCatalogHttpExecutor,
+  buildTangleCatalogRuntimeRequest,
+  signTangleCatalogRuntimeRequest,
+  verifyTangleCatalogRuntimeSignature,
+  TANGLE_INTEGRATIONS_CATALOG_PROVIDER_ID,
+  TANGLE_INTEGRATIONS_CATALOG_SOURCE,
+  listTangleIntegrationCatalogEntries,
+  listTangleIntegrationContracts,
+  listTangleIntegrationCatalogRuntimePackages,
+  buildTangleCatalogRuntimePackageManifest,
+  renderTangleCatalogRuntimePnpmAddCommand,
+  buildTangleIntegrationCatalogConnectors,
+  createTangleCatalogExecutorProvider,
+  extractExternalCatalogPublicCount,
+  auditTangleIntegrationCatalogFreshness,
   buildDefaultIntegrationRegistry,
   composeIntegrationRegistry,
   summarizeIntegrationRegistry,
@@ -7326,12 +7517,6 @@ export {
   airtableConnector,
   asanaConnector,
   salesforceConnector,
-  integrationToolName,
-  parseIntegrationToolName,
-  buildIntegrationToolCatalog,
-  searchIntegrationTools,
-  toMcpTools,
-  createCatalogExecutorProvider,
   buildIntegrationInvocationEnvelope,
   invocationRequestFromEnvelope,
   validateIntegrationInvocationEnvelope,
@@ -7345,30 +7530,9 @@ export {
   importMcpConnector,
   createGatewayCatalogProvider,
   normalizeGatewayCatalog,
-  createActivepiecesExecutorProvider,
-  ACTIVEPIECES_RUNTIME_SIGNATURE_HEADER,
-  TANGLE_CATALOG_RUNTIME_SIGNATURE_HEADER,
-  createActivepiecesHttpExecutor,
-  buildActivepiecesRuntimeRequest,
-  signActivepiecesRuntimeRequest,
-  verifyActivepiecesRuntimeSignature,
-  createTangleCatalogHttpExecutor,
-  buildTangleCatalogRuntimeRequest,
-  signTangleCatalogRuntimeRequest,
-  verifyTangleCatalogRuntimeSignature,
-  ACTIVEPIECES_PUBLIC_CATALOG_URL,
-  extractActivepiecesPublicPieceCount,
-  auditIntegrationCatalogFreshness,
-  TANGLE_INTEGRATIONS_CATALOG_PROVIDER_ID,
-  TANGLE_INTEGRATIONS_CATALOG_SOURCE,
-  listTangleIntegrationCatalogEntries,
-  listTangleIntegrationCatalogRuntimePackages,
-  buildTangleIntegrationCatalogConnectors,
-  createTangleCatalogExecutorProvider,
-  extractExternalCatalogPublicCount,
-  auditTangleIntegrationCatalogFreshness,
   createTangleCatalogRuntimeHandler,
   createTangleCatalogInstalledPackageExecutor,
+  auditTangleCatalogRuntimePackages,
   createTangleCatalogCredentialAuthResolver,
   createTangleCatalogHttpAuthResolver,
   tangleCatalogAuthValue,
@@ -7389,4 +7553,4 @@ export {
   signCapability,
   verifyCapabilityToken
 };
-//# sourceMappingURL=chunk-P4BB4CU6.js.map
+//# sourceMappingURL=chunk-VJ57GPYO.js.map