@vm0/cli 9.177.18 → 9.178.0

package/{chunk-CYXYACBN.js → chunk-DPEOZVW6.js}

@@ -74083,7 +74083,7 @@ if (DSN) {
   init2({
     dsn: DSN,
     environment: process.env.SENTRY_ENVIRONMENT ?? "production",
-    release: "9.177.18",
+    release: "9.178.0",
     sendDefaultPii: false,
     tracesSampleRate: 0,
     shutdownTimeout: 500,
@@ -74102,7 +74102,7 @@ if (DSN) {
     }
   });
   setContext("cli", {
-    version: "9.177.18",
+    version: "9.178.0",
     command: process.argv.slice(2).join(" ")
   });
   setContext("runtime", {
@@ -93483,6 +93483,7 @@ var HOST_DOT_EQUIVALENTS = /* @__PURE__ */ new Set([".", "\u3002", "\uFF0E", "\u
 var HOST_DOT_EQUIVALENT_PATTERN = /[\u3002\uff0e\uff61]/g;
 var FORBIDDEN_NORMALIZED_LABEL_CHARS = new Set("#%,/:<>?@[\\]^|[]".split(""));
 var ALLOWED_BASE_URL_SCHEMES = /* @__PURE__ */ new Set(["http", "https"]);
+var REQUIRED_AUTH_BASE_URL_SCHEME = "https";
 var WHITESPACE_PATTERN = /\s/u;
 var UNICODE_CONTROL_PATTERN = /\p{C}/u;
 var UNICODE_MARK_PATTERN = /\p{M}/u;
@@ -93541,9 +93542,11 @@ function validateUrlSchemeDelimiter(value, serviceName2, label, displayValue = v
   const colonIndex = value.indexOf(":");
   if (colonIndex !== -1) {
     const scheme = value.slice(0, colonIndex);
-    if (!ALLOWED_BASE_URL_SCHEMES.has(scheme.toLowerCase())) {
+    const schemeDetail = label === "auth.base URL" ? "scheme must be https" : "scheme must be http or https";
+    const allowedScheme = label === "auth.base URL" ? scheme.toLowerCase() === REQUIRED_AUTH_BASE_URL_SCHEME : ALLOWED_BASE_URL_SCHEMES.has(scheme.toLowerCase());
+    if (!allowedScheme) {
       throw new Error(
-        `Invalid ${label} "${displayValue}" in firewall "${serviceName2}": scheme must be http or https`
+        `Invalid ${label} "${displayValue}" in firewall "${serviceName2}": ${schemeDetail}`
       );
     }
     throw new Error(
@@ -94197,9 +94200,9 @@ function validateAuthBaseUrl(authBase, serviceName2) {
       `Invalid auth.base URL "${authBase}" in firewall "${serviceName2}": not a valid URL`
     );
   }
-  if (!ALLOWED_BASE_URL_SCHEMES.has(url2.protocol.slice(0, -1).toLowerCase())) {
+  if (url2.protocol.slice(0, -1).toLowerCase() !== REQUIRED_AUTH_BASE_URL_SCHEME) {
     throw new Error(
-      `Invalid auth.base URL "${authBase}" in firewall "${serviceName2}": scheme must be http or https`
+      `Invalid auth.base URL "${authBase}" in firewall "${serviceName2}": scheme must be https`
     );
   }
   if (url2.hash) {
@@ -94843,13 +94846,10 @@ var SUPPORTED_RUN_MODELS = [
   "claude-opus-4-7",
   "claude-opus-4-6",
   "claude-sonnet-4-6",
-  "claude-haiku-4-5",
   "deepseek-v4-pro",
-  "deepseek-v4-flash",
   "kimi-k2.6",
   "kimi-k2.5",
   "MiniMax-M3",
-  "MiniMax-M2.7",
   "glm-5.1",
   "gpt-5.5",
   "gpt-5.4",
@@ -94860,13 +94860,10 @@ var VM0_MODEL_CREDIT_MULTIPLIER = Object.freeze({
   "claude-opus-4-7": 1.7,
   "claude-opus-4-6": 1.7,
   "claude-sonnet-4-6": 1,
-  "claude-haiku-4-5": 0.3,
   "deepseek-v4-pro": 0.06,
-  "deepseek-v4-flash": 0.02,
   "kimi-k2.6": 0.3,
   "kimi-k2.5": 0.2,
   "MiniMax-M3": 0.2,
-  "MiniMax-M2.7": 0.1,
   "glm-5.1": 0.4,
   "gpt-5.5": 2,
   "gpt-5.4": 1,
@@ -94905,10 +94902,6 @@ var VM0_MODEL_TO_PROVIDER = {
     vendor: "openrouter",
     apiModel: "z-ai/glm-5.1"
   },
-  "claude-haiku-4-5": {
-    concreteType: "anthropic-api-key",
-    vendor: "anthropic"
-  },
   "kimi-k2.6": {
     concreteType: "moonshot-api-key",
     vendor: "moonshot"
@@ -94921,18 +94914,10 @@ var VM0_MODEL_TO_PROVIDER = {
     concreteType: "minimax-api-key",
     vendor: "minimax"
   },
-  "MiniMax-M2.7": {
-    concreteType: "minimax-api-key",
-    vendor: "minimax"
-  },
   "deepseek-v4-pro": {
     concreteType: "deepseek-api-key",
     vendor: "deepseek"
   },
-  "deepseek-v4-flash": {
-    concreteType: "deepseek-api-key",
-    vendor: "deepseek"
-  },
   "gpt-5.5": {
     concreteType: "openai-api-key",
     vendor: "openai"
@@ -95006,13 +94991,10 @@ var MODEL_PROVIDER_TYPES = {
       "anthropic/claude-opus-4.6",
       "anthropic/claude-opus-4.5",
       "anthropic/claude-sonnet-4.5",
-      "anthropic/claude-haiku-4.5",
       "z-ai/glm-5.1",
       "deepseek/deepseek-v4-pro",
-      "deepseek/deepseek-v4-flash",
       "moonshotai/kimi-k2.6",
-      "moonshotai/kimi-k2.5",
-      "minimax/minimax-m2.7"
+      "moonshotai/kimi-k2.5"
     ],
     defaultModel: ""
   },
@@ -95056,7 +95038,7 @@ var MODEL_PROVIDER_TYPES = {
       API_TIMEOUT_MS: "3000000",
       CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC: "1"
     },
-    models: ["MiniMax-M3", "MiniMax-M2.7", "MiniMax-M2.1"],
+    models: ["MiniMax-M3", "MiniMax-M2.1"],
     defaultModel: "MiniMax-M3"
   },
   "deepseek-api-key": {
@@ -95076,8 +95058,8 @@ var MODEL_PROVIDER_TYPES = {
       API_TIMEOUT_MS: "600000",
       CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC: "1"
     },
-    models: ["deepseek-v4-pro", "deepseek-v4-flash"],
-    defaultModel: "deepseek-v4-flash"
+    models: ["deepseek-v4-pro"],
+    defaultModel: "deepseek-v4-pro"
   },
   "zai-api-key": {
     framework: "claude-code",
@@ -95121,7 +95103,6 @@ var MODEL_PROVIDER_TYPES = {
       "anthropic/claude-opus-4.5",
       "anthropic/claude-sonnet-4.6",
       "anthropic/claude-sonnet-4.5",
-      "anthropic/claude-haiku-4.5",
       "moonshotai/kimi-k2.6",
       "moonshotai/kimi-k2.5",
       "minimax/minimax-m2.5",
@@ -95816,6 +95797,7 @@ var orgMessageResponseSchema = external_exports.object({
 // ../../packages/api-contracts/src/contracts/orgs.ts
 var c4 = initContract();
 var orgTierSchema = external_exports.enum(["free", "pro-suspend", "pro", "team"]);
+var permissionGrantModeSchema = external_exports.enum(["legacy", "user-grants"]);
 var orgSlugSchema = external_exports.string().min(3, "Org slug must be at least 3 characters").max(64, "Org slug must be at most 64 characters").regex(
   /^[a-z0-9][a-z0-9-]*[a-z0-9]$|^[a-z0-9]{1,2}$/,
   "Org slug must contain only lowercase letters, numbers, and hyphens, and must start and end with an alphanumeric character"
@@ -95828,6 +95810,7 @@ var orgResponseSchema = external_exports.object({
   name: external_exports.string(),
   tier: external_exports.string().optional(),
   role: orgRoleSchema.optional(),
+  permissionGrantMode: permissionGrantModeSchema.optional(),
   createdBy: external_exports.string().optional()
 });
 var updateOrgRequestSchema = external_exports.object({
@@ -97457,6 +97440,13 @@ var github = {
           clientIdEnv: "GH_OAUTH_CLIENT_ID",
           clientSecretEnv: "GH_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["GITHUB_ACCESS_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "GITHUB_ACCESS_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: "https://github.com/login/oauth/access_token",
@@ -97495,6 +97485,14 @@ var gmail = {
           clientIdEnv: "GOOGLE_OAUTH_CLIENT_ID",
           clientSecretEnv: "GOOGLE_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["GMAIL_ACCESS_TOKEN", "GMAIL_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "GMAIL_ACCESS_TOKEN",
+            refreshToken: "GMAIL_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL,
@@ -97503,8 +97501,6 @@ var gmail = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL,
-          accessToken: "GMAIL_ACCESS_TOKEN",
-          refreshToken: "GMAIL_REFRESH_TOKEN",
           envBindings: {
             GMAIL_TOKEN: "$secrets.GMAIL_ACCESS_TOKEN"
           }
@@ -97535,6 +97531,14 @@ var notion = {
           clientIdEnv: "NOTION_OAUTH_CLIENT_ID",
           clientSecretEnv: "NOTION_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["NOTION_ACCESS_TOKEN", "NOTION_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "NOTION_ACCESS_TOKEN",
+            refreshToken: "NOTION_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL2,
@@ -97543,8 +97547,6 @@ var notion = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL2,
-          accessToken: "NOTION_ACCESS_TOKEN",
-          refreshToken: "NOTION_REFRESH_TOKEN",
           envBindings: {
             NOTION_TOKEN: "$secrets.NOTION_ACCESS_TOKEN"
           }
@@ -97574,6 +97576,14 @@ var x = {
           clientIdEnv: "X_OAUTH_CLIENT_ID",
           clientSecretEnv: "X_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["X_ACCESS_TOKEN", "X_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "X_ACCESS_TOKEN",
+            refreshToken: "X_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL3,
@@ -97627,8 +97637,6 @@ var x = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL3,
-          accessToken: "X_ACCESS_TOKEN",
-          refreshToken: "X_REFRESH_TOKEN",
           envBindings: {
             X_TOKEN: "$secrets.X_ACCESS_TOKEN"
           }
@@ -97658,6 +97666,14 @@ var googleDrive = {
           clientIdEnv: "GOOGLE_OAUTH_CLIENT_ID",
           clientSecretEnv: "GOOGLE_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["GOOGLE_DRIVE_ACCESS_TOKEN", "GOOGLE_DRIVE_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "GOOGLE_DRIVE_ACCESS_TOKEN",
+            refreshToken: "GOOGLE_DRIVE_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL4,
@@ -97669,8 +97685,6 @@ var googleDrive = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL4,
-          accessToken: "GOOGLE_DRIVE_ACCESS_TOKEN",
-          refreshToken: "GOOGLE_DRIVE_REFRESH_TOKEN",
           envBindings: {
             GOOGLE_DRIVE_TOKEN: "$secrets.GOOGLE_DRIVE_ACCESS_TOKEN"
           }
@@ -97700,6 +97714,13 @@ var slack = {
           clientIdEnv: "SLACK_OAUTH_CLIENT_ID",
           clientSecretEnv: "SLACK_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["SLACK_ACCESS_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "SLACK_ACCESS_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: "https://slack.com/api/oauth.v2.access",
@@ -97770,6 +97791,18 @@ var slock = {
           clientRegistration: "dynamic",
           clientType: "public"
         },
+        storage: {
+          secrets: [
+            "SLOCK_ACCESS_TOKEN",
+            "SLOCK_SERVER_ID",
+            "SLOCK_REFRESH_TOKEN"
+          ],
+          variables: [],
+          secretRoles: {
+            accessToken: "SLOCK_ACCESS_TOKEN",
+            refreshToken: "SLOCK_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "device-auth",
           deviceAuthUrl: `${SLOCK_API_BASE_URL}/api/auth/device/authorize`,
@@ -97779,8 +97812,6 @@ var slock = {
         access: {
           kind: "refresh-token",
           tokenUrl: SLOCK_REFRESH_TOKEN_URL,
-          accessToken: "SLOCK_ACCESS_TOKEN",
-          refreshToken: "SLOCK_REFRESH_TOKEN",
           envBindings: {
             SLOCK_TOKEN: "$secrets.SLOCK_ACCESS_TOKEN",
             SLOCK_SERVER_ID: "$secrets.SLOCK_SERVER_ID"
@@ -97811,6 +97842,17 @@ var googleSheets = {
           clientIdEnv: "GOOGLE_OAUTH_CLIENT_ID",
           clientSecretEnv: "GOOGLE_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: [
+            "GOOGLE_SHEETS_ACCESS_TOKEN",
+            "GOOGLE_SHEETS_REFRESH_TOKEN"
+          ],
+          variables: [],
+          secretRoles: {
+            accessToken: "GOOGLE_SHEETS_ACCESS_TOKEN",
+            refreshToken: "GOOGLE_SHEETS_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL5,
@@ -97822,8 +97864,6 @@ var googleSheets = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL5,
-          accessToken: "GOOGLE_SHEETS_ACCESS_TOKEN",
-          refreshToken: "GOOGLE_SHEETS_REFRESH_TOKEN",
           envBindings: {
             GOOGLE_SHEETS_TOKEN: "$secrets.GOOGLE_SHEETS_ACCESS_TOKEN"
           }
@@ -97854,6 +97894,17 @@ var googleCalendar = {
           clientIdEnv: "GOOGLE_OAUTH_CLIENT_ID",
           clientSecretEnv: "GOOGLE_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: [
+            "GOOGLE_CALENDAR_ACCESS_TOKEN",
+            "GOOGLE_CALENDAR_REFRESH_TOKEN"
+          ],
+          variables: [],
+          secretRoles: {
+            accessToken: "GOOGLE_CALENDAR_ACCESS_TOKEN",
+            refreshToken: "GOOGLE_CALENDAR_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL6,
@@ -97865,8 +97916,6 @@ var googleCalendar = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL6,
-          accessToken: "GOOGLE_CALENDAR_ACCESS_TOKEN",
-          refreshToken: "GOOGLE_CALENDAR_REFRESH_TOKEN",
           envBindings: {
             GOOGLE_CALENDAR_TOKEN: "$secrets.GOOGLE_CALENDAR_ACCESS_TOKEN"
           }
@@ -97896,6 +97945,14 @@ var googleDocs = {
           clientIdEnv: "GOOGLE_OAUTH_CLIENT_ID",
           clientSecretEnv: "GOOGLE_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["GOOGLE_DOCS_ACCESS_TOKEN", "GOOGLE_DOCS_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "GOOGLE_DOCS_ACCESS_TOKEN",
+            refreshToken: "GOOGLE_DOCS_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL7,
@@ -97907,8 +97964,6 @@ var googleDocs = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL7,
-          accessToken: "GOOGLE_DOCS_ACCESS_TOKEN",
-          refreshToken: "GOOGLE_DOCS_REFRESH_TOKEN",
           envBindings: {
             GOOGLE_DOCS_TOKEN: "$secrets.GOOGLE_DOCS_ACCESS_TOKEN"
           }
@@ -97939,6 +97994,14 @@ var linear = {
           clientIdEnv: "LINEAR_OAUTH_CLIENT_ID",
           clientSecretEnv: "LINEAR_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["LINEAR_ACCESS_TOKEN", "LINEAR_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "LINEAR_ACCESS_TOKEN",
+            refreshToken: "LINEAR_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL8,
@@ -97953,8 +98016,6 @@ var linear = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL8,
-          accessToken: "LINEAR_ACCESS_TOKEN",
-          refreshToken: "LINEAR_REFRESH_TOKEN",
           envBindings: {
             LINEAR_TOKEN: "$secrets.LINEAR_ACCESS_TOKEN"
           }
@@ -97983,6 +98044,13 @@ var intervalsIcu = {
           clientIdEnv: "INTERVALS_ICU_OAUTH_CLIENT_ID",
           clientSecretEnv: "INTERVALS_ICU_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["INTERVALS_ICU_ACCESS_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "INTERVALS_ICU_ACCESS_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: "https://intervals.icu/api/oauth/token",
@@ -98018,6 +98086,13 @@ var vercel = {
           clientIdEnv: "VERCEL_OAUTH_CLIENT_ID",
           clientSecretEnv: "VERCEL_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["VERCEL_ACCESS_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "VERCEL_ACCESS_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: "https://api.vercel.com/v2/oauth/access_token",
@@ -98054,6 +98129,14 @@ var strava = {
           clientIdEnv: "STRAVA_OAUTH_CLIENT_ID",
           clientSecretEnv: "STRAVA_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["STRAVA_ACCESS_TOKEN", "STRAVA_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "STRAVA_ACCESS_TOKEN",
+            refreshToken: "STRAVA_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL9,
@@ -98067,8 +98150,6 @@ var strava = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL9,
-          accessToken: "STRAVA_ACCESS_TOKEN",
-          refreshToken: "STRAVA_REFRESH_TOKEN",
           envBindings: {
             STRAVA_TOKEN: "$secrets.STRAVA_ACCESS_TOKEN"
           }
@@ -98098,6 +98179,14 @@ var googleMeet = {
           clientIdEnv: "GOOGLE_OAUTH_CLIENT_ID",
           clientSecretEnv: "GOOGLE_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["GOOGLE_MEET_ACCESS_TOKEN", "GOOGLE_MEET_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "GOOGLE_MEET_ACCESS_TOKEN",
+            refreshToken: "GOOGLE_MEET_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL10,
@@ -98114,8 +98203,6 @@ var googleMeet = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL10,
-          accessToken: "GOOGLE_MEET_ACCESS_TOKEN",
-          refreshToken: "GOOGLE_MEET_REFRESH_TOKEN",
           envBindings: {
             GOOGLE_MEET_TOKEN: "$secrets.GOOGLE_MEET_ACCESS_TOKEN"
           }
@@ -98145,6 +98232,14 @@ var hubspot = {
           clientIdEnv: "HUBSPOT_OAUTH_CLIENT_ID",
           clientSecretEnv: "HUBSPOT_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["HUBSPOT_ACCESS_TOKEN", "HUBSPOT_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "HUBSPOT_ACCESS_TOKEN",
+            refreshToken: "HUBSPOT_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL11,
@@ -98166,8 +98261,6 @@ var hubspot = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL11,
-          accessToken: "HUBSPOT_ACCESS_TOKEN",
-          refreshToken: "HUBSPOT_REFRESH_TOKEN",
           envBindings: {
             HUBSPOT_TOKEN: "$secrets.HUBSPOT_ACCESS_TOKEN"
           }
@@ -98197,6 +98290,14 @@ var sentry = {
           clientIdEnv: "SENTRY_OAUTH_CLIENT_ID",
           clientSecretEnv: "SENTRY_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["SENTRY_ACCESS_TOKEN", "SENTRY_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "SENTRY_ACCESS_TOKEN",
+            refreshToken: "SENTRY_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL12,
@@ -98212,8 +98313,6 @@ var sentry = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL12,
-          accessToken: "SENTRY_ACCESS_TOKEN",
-          refreshToken: "SENTRY_REFRESH_TOKEN",
           envBindings: {
             SENTRY_TOKEN: "$secrets.SENTRY_ACCESS_TOKEN"
           }
@@ -98242,6 +98341,13 @@ var todoist = {
           clientIdEnv: "TODOIST_OAUTH_CLIENT_ID",
           clientSecretEnv: "TODOIST_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["TODOIST_ACCESS_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "TODOIST_ACCESS_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: "https://todoist.com/oauth/access_token",
@@ -98278,6 +98384,14 @@ var xero = {
           clientIdEnv: "XERO_OAUTH_CLIENT_ID",
           clientSecretEnv: "XERO_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["XERO_ACCESS_TOKEN", "XERO_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "XERO_ACCESS_TOKEN",
+            refreshToken: "XERO_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL13,
@@ -98309,8 +98423,6 @@ var xero = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL13,
-          accessToken: "XERO_ACCESS_TOKEN",
-          refreshToken: "XERO_REFRESH_TOKEN",
           envBindings: {
             XERO_TOKEN: "$secrets.XERO_ACCESS_TOKEN"
           }
@@ -98340,6 +98452,14 @@ var airtable = {
           clientIdEnv: "AIRTABLE_OAUTH_CLIENT_ID",
           clientSecretEnv: "AIRTABLE_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["AIRTABLE_ACCESS_TOKEN", "AIRTABLE_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "AIRTABLE_ACCESS_TOKEN",
+            refreshToken: "AIRTABLE_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL14,
@@ -98356,8 +98476,6 @@ var airtable = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL14,
-          accessToken: "AIRTABLE_ACCESS_TOKEN",
-          refreshToken: "AIRTABLE_REFRESH_TOKEN",
           envBindings: {
             AIRTABLE_TOKEN: "$secrets.AIRTABLE_ACCESS_TOKEN"
           }
@@ -98393,6 +98511,14 @@ var docusign = {
           clientIdEnv: "DOCUSIGN_OAUTH_CLIENT_ID",
           clientSecretEnv: "DOCUSIGN_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["DOCUSIGN_ACCESS_TOKEN", "DOCUSIGN_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "DOCUSIGN_ACCESS_TOKEN",
+            refreshToken: "DOCUSIGN_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL15,
@@ -98401,8 +98527,6 @@ var docusign = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL15,
-          accessToken: "DOCUSIGN_ACCESS_TOKEN",
-          refreshToken: "DOCUSIGN_REFRESH_TOKEN",
           envBindings: {
             DOCUSIGN_TOKEN: "$secrets.DOCUSIGN_ACCESS_TOKEN"
           }
@@ -98434,6 +98558,14 @@ var googleAds = {
           clientIdEnv: "GOOGLE_OAUTH_CLIENT_ID",
           clientSecretEnv: "GOOGLE_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["GOOGLE_ADS_ACCESS_TOKEN", "GOOGLE_ADS_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "GOOGLE_ADS_ACCESS_TOKEN",
+            refreshToken: "GOOGLE_ADS_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL16,
@@ -98445,8 +98577,6 @@ var googleAds = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL16,
-          accessToken: "GOOGLE_ADS_ACCESS_TOKEN",
-          refreshToken: "GOOGLE_ADS_REFRESH_TOKEN",
           platformSecrets: ["GOOGLE_ADS_DEVELOPER_TOKEN"],
           envBindings: {
             GOOGLE_ADS_TOKEN: "$secrets.GOOGLE_ADS_ACCESS_TOKEN",
@@ -98471,6 +98601,10 @@ var googleMaps = {
       "api-token": {
         label: "API Key",
         helpText: "1. Open [Google Cloud Console](https://console.cloud.google.com/google/maps-apis/credentials)\n2. Select or create a project and enable the Maps APIs you need (Geocoding, Places, Directions, etc.)\n3. Go to **APIs & Services \u2192 Credentials** and click **Create credentials \u2192 API key**\n4. Copy the API key (format: `AIza\u2026`) and restrict it to the APIs and referrers/IPs you trust",
+        storage: {
+          secrets: ["GOOGLE_MAPS_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -98513,6 +98647,14 @@ var gumroad = {
           clientIdEnv: "GUMROAD_OAUTH_CLIENT_ID",
           clientSecretEnv: "GUMROAD_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["GUMROAD_ACCESS_TOKEN", "GUMROAD_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "GUMROAD_ACCESS_TOKEN",
+            refreshToken: "GUMROAD_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL17,
@@ -98527,8 +98669,6 @@ var gumroad = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL17,
-          accessToken: "GUMROAD_ACCESS_TOKEN",
-          refreshToken: "GUMROAD_REFRESH_TOKEN",
           envBindings: {
             GUMROAD_TOKEN: "$secrets.GUMROAD_ACCESS_TOKEN"
           }
@@ -98538,6 +98678,10 @@ var gumroad = {
       "api-token": {
         label: "Access Token",
         helpText: "1. Log in to [Gumroad](https://app.gumroad.com/settings/advanced)\n2. Scroll to the **Applications** section\n3. Click **Generate access token**\n4. Copy the token and paste it here",
+        storage: {
+          secrets: ["GUMROAD_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -98580,6 +98724,14 @@ var spotify = {
           clientIdEnv: "SPOTIFY_OAUTH_CLIENT_ID",
           clientSecretEnv: "SPOTIFY_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["SPOTIFY_ACCESS_TOKEN", "SPOTIFY_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "SPOTIFY_ACCESS_TOKEN",
+            refreshToken: "SPOTIFY_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL18,
@@ -98608,8 +98760,6 @@ var spotify = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL18,
-          accessToken: "SPOTIFY_ACCESS_TOKEN",
-          refreshToken: "SPOTIFY_REFRESH_TOKEN",
           envBindings: {
             SPOTIFY_TOKEN: "$secrets.SPOTIFY_ACCESS_TOKEN"
           }
@@ -98632,6 +98782,10 @@ var agentmail = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [AgentMail Console](https://console.agentmail.to)\n2. Go to **API Keys**\n3. Create a new API key\n4. Copy the key",
+        storage: {
+          secrets: ["AGENTMAIL_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -98667,6 +98821,14 @@ var agora = {
       "api-token": {
         label: "REST credentials",
         helpText: "1. In [Agora Console](https://console.agora.io), open **Developer Toolkit > RESTful API**\n2. Click **Add a secret** to create a Customer ID and Customer Secret, then download and store the secret securely\n3. Copy your project **App ID** from Agora Console\n4. Optionally copy your **App Certificate** if you need to generate RTC or RTM tokens",
+        storage: {
+          secrets: [
+            "AGORA_CUSTOMER_ID",
+            "AGORA_CUSTOMER_SECRET",
+            "AGORA_APP_CERTIFICATE"
+          ],
+          variables: ["AGORA_APP_ID"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -98728,6 +98890,14 @@ var ahrefs = {
           clientIdEnv: "AHREFS_OAUTH_CLIENT_ID",
           clientSecretEnv: "AHREFS_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["AHREFS_ACCESS_TOKEN", "AHREFS_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "AHREFS_ACCESS_TOKEN",
+            refreshToken: "AHREFS_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL19,
@@ -98736,8 +98906,6 @@ var ahrefs = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL19,
-          accessToken: "AHREFS_ACCESS_TOKEN",
-          refreshToken: "AHREFS_REFRESH_TOKEN",
           envBindings: {
             AHREFS_TOKEN: "$secrets.AHREFS_ACCESS_TOKEN"
           }
@@ -98747,6 +98915,10 @@ var ahrefs = {
       "api-token": {
         label: "API Token",
         helpText: "1. Log in to [Ahrefs](https://ahrefs.com) as a workspace owner or admin\n2. Go to **Account settings > API keys**\n3. Create a new API key\n4. Copy the API key and use it in the `Authorization: Bearer <YOUR_API_KEY>` header",
+        storage: {
+          secrets: ["AHREFS_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -98782,6 +98954,10 @@ var adzuna = {
       "api-token": {
         label: "App ID and App Key",
         helpText: "1. Register at the [Adzuna Developer Portal](https://developer.adzuna.com)\n2. Copy your **app_id** and **app_key**\n3. Pass them as the `app_id` and `app_key` query parameters on Adzuna API requests",
+        storage: {
+          secrets: ["ADZUNA_APP_KEY"],
+          variables: ["ADZUNA_APP_ID"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -98824,6 +99000,10 @@ var altium365 = {
       "api-token": {
         label: "API Key",
         helpText: "1. Sign in to your Altium 365 workspace (e.g. `https://<workspace>.365.altium.com`)\n2. Open **Settings \u2192 User Tokens** and click **Generate**\n3. Copy the generated token \u2014 it is shown only once and expires three months from creation\n4. Paste the token and your full workspace URL (including `https://`) below",
+        storage: {
+          secrets: ["ALTIUM365_TOKEN"],
+          variables: ["ALTIUM365_WORKSPACE_URL"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -98865,6 +99045,10 @@ var alchemy = {
       "api-token": {
         label: "API Key or Access Key",
         helpText: "1. Log in to the [Alchemy Dashboard](https://dashboard.alchemy.com)\n2. Open **Team Overview** and go to the **Apps** tab\n3. Create or open an app and copy its **API Key**\n4. Use this key in the `Authorization: Bearer` header for supported Alchemy API requests",
+        storage: {
+          secrets: ["ALCHEMY_API_KEY"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -98899,6 +99083,10 @@ var amplitude = {
       "api-token": {
         label: "API Key",
         helpText: "1. In Amplitude, open **Organization Settings** (top right nav) \u2192 **Projects** and click the project you want to connect\n2. Copy the **API Key** from the project table (Manager role required)\n3. Click **Generate Secret Key**, name it, and copy it immediately (the secret is only shown once)\n4. Paste both values into the fields below",
+        storage: {
+          secrets: ["AMPLITUDE_API_KEY", "AMPLITUDE_SECRET_KEY"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -98939,6 +99127,10 @@ var amadeus = {
       "api-token": {
         label: "API Key and Secret",
         helpText: "1. Sign in to the [Amadeus for Developers portal](https://developers.amadeus.com/)\n2. Create or open an app in **My Self-Service Workspace**\n3. Copy the app's **API Key** and **API Secret**\n4. Use them with the client credentials grant to request an access token",
+        storage: {
+          secrets: ["AMADEUS_API_KEY", "AMADEUS_API_SECRET"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -98977,6 +99169,10 @@ var anthropicManagedAgents = {
       "api-token": {
         label: "API Key",
         helpText: "1. Sign up at [Anthropic Console](https://console.anthropic.com)\n2. Go to **API Keys** and create a new key\n3. Ensure your account has Managed Agents (beta) access\n4. Copy the API key (starts with `sk-ant-`)",
+        storage: {
+          secrets: ["ANTHROPIC_MANAGED_AGENTS_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -99011,6 +99207,10 @@ var apify = {
       "api-token": {
         label: "API Token",
         helpText: "1. Log in to [Apify Console](https://console.apify.com)\n2. Go to **Settings > Integrations**\n3. Copy your **Personal API token**",
+        storage: {
+          secrets: ["APIFY_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -99045,6 +99245,10 @@ var apollo = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [Apollo](https://app.apollo.io)\n2. Go to **Settings > Integrations**\n3. Click **Connect** beside Apollo API\n4. Select **API Keys > Create new key**\n5. Enter a name, select endpoint access (or toggle **Set as master key**)\n6. Copy the API key",
+        storage: {
+          secrets: ["APOLLO_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -99086,6 +99290,14 @@ var asana = {
           clientIdEnv: "ASANA_OAUTH_CLIENT_ID",
           clientSecretEnv: "ASANA_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["ASANA_ACCESS_TOKEN", "ASANA_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "ASANA_ACCESS_TOKEN",
+            refreshToken: "ASANA_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL20,
@@ -99094,8 +99306,6 @@ var asana = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL20,
-          accessToken: "ASANA_ACCESS_TOKEN",
-          refreshToken: "ASANA_REFRESH_TOKEN",
           envBindings: {
             ASANA_TOKEN: "$secrets.ASANA_ACCESS_TOKEN"
           }
@@ -99118,6 +99328,10 @@ var atlassian = {
       "api-token": {
         label: "API Token",
         helpText: "1. Log in to [Atlassian](https://id.atlassian.com/manage-profile/security/api-tokens)\n2. Click **Create API token**\n3. Give it a label and click **Create**\n4. Copy the generated token",
+        storage: {
+          secrets: ["ATLASSIAN_TOKEN"],
+          variables: ["ATLASSIAN_EMAIL", "ATLASSIAN_DOMAIN"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -99166,6 +99380,10 @@ var attio = {
       "api-token": {
         label: "API Key",
         helpText: "1. Open [Attio](https://app.attio.com) and sign in\n2. Open **Workspace settings** from the dropdown beside your workspace name\n3. Click the **Developers** tab\n4. Click **+ New access token**, give it a name, and select the scopes you need\n5. Click **Create**, then copy the token (shown once)",
+        storage: {
+          secrets: ["ATTIO_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -99202,6 +99420,10 @@ var atlascloud = {
       "api-token": {
         label: "API Key",
         helpText: "1. Sign in to [Atlas Cloud](https://console.atlascloud.ai)\n2. Go to **API Keys**\n3. Click **Create API Key**\n4. Copy the key and use it with `https://api.atlascloud.ai/v1` for OpenAI-compatible chat or `https://api.atlascloud.ai/api/v1` for image, video, and media APIs",
+        storage: {
+          secrets: ["ATLASCLOUD_API_KEY"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -99236,6 +99458,10 @@ var aviationstack = {
       "api-token": {
         label: "Access Key",
         helpText: "1. Sign in to the [AviationStack dashboard](https://aviationstack.com/dashboard)\n2. Copy the **API Access Key** shown on the main dashboard\n3. Pass it as the `access_key` query parameter on every request",
+        storage: {
+          secrets: ["AVIATIONSTACK_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -99269,6 +99495,10 @@ var axiom = {
       "api-token": {
         label: "API Token",
         helpText: "1. Log in to [Axiom](https://app.axiom.co)\n2. Go to **Settings > API Tokens**\n3. Create a new API token with the required permissions\n4. Copy the token",
+        storage: {
+          secrets: ["AXIOM_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -99309,6 +99539,14 @@ var base44 = {
           clientType: "public",
           clientId: "base44_cli"
         },
+        storage: {
+          secrets: ["BASE44_ACCESS_TOKEN", "BASE44_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "BASE44_ACCESS_TOKEN",
+            refreshToken: "BASE44_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "device-auth",
           deviceAuthUrl: "https://app.base44.com/oauth/device/code",
@@ -99318,8 +99556,6 @@ var base44 = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL21,
-          accessToken: "BASE44_ACCESS_TOKEN",
-          refreshToken: "BASE44_REFRESH_TOKEN",
           envBindings: {
             BASE44_TOKEN: "$secrets.BASE44_ACCESS_TOKEN"
           }
@@ -99345,6 +99581,10 @@ var bentoml = {
         featureFlag: "bentomlConnector" /* BentomlConnector */,
         label: "BentoCloud API Token",
         helpText: "1. Log in to [BentoCloud](https://cloud.bentoml.com)\n2. Open your profile menu, then go to **API Tokens**\n3. Create a Personal or Organization API token with the access your workflow needs\n4. Copy the token and enter your organization endpoint, for example `https://your-org.cloud.bentoml.com`",
+        storage: {
+          secrets: ["BENTO_CLOUD_API_KEY"],
+          variables: ["BENTO_CLOUD_API_ENDPOINT"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -99388,6 +99628,10 @@ var bfl = {
       "api-token": {
         label: "API Key",
         helpText: "1. Go to the [Black Forest Labs dashboard](https://dashboard.bfl.ai)\n2. Navigate to **API \u2192 Keys** in your project sidebar\n3. Click **Add Key** and give the key a descriptive name\n4. Copy the API key immediately \u2014 you will not be able to see the full key again",
+        storage: {
+          secrets: ["BFL_API_KEY"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -99422,6 +99666,10 @@ var bitrefill = {
       "api-token": {
         label: "Personal API Token",
         helpText: "1. Sign in to [Bitrefill](https://www.bitrefill.com)\n2. Go to **Account > Developers**\n3. Generate an API key\n4. Copy the Personal API token\n\nThis connector currently supports Bitrefill Personal API Bearer tokens. Business and Affiliate Basic auth credentials are not supported yet.",
+        storage: {
+          secrets: ["BITREFILL_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -99455,6 +99703,10 @@ var bitrix = {
       "api-token": {
         label: "Webhook URL",
         helpText: "1. Log in to your [Bitrix24](https://www.bitrix24.com) account\n2. Go to **Applications > Developer resources**\n3. Select the **Ready-made scenarios** tab\n4. Choose **Other > Incoming webhook**\n5. Configure the webhook name and set access permissions\n6. Click **Execute** to test the webhook\n7. Copy the generated webhook URL, which contains your secret code in the format `https://<domain>/rest/1/<secret-code>/<method>.json`",
+        storage: {
+          secrets: ["BITRIX_WEBHOOK_URL"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -99491,6 +99743,10 @@ var bland = {
       "api-token": {
         label: "API Key",
         helpText: "1. Go to the [Bland dashboard](https://app.bland.ai)\n2. Copy your API key from your account or API settings\n3. Paste the key here. You can also use the key with the Bland CLI as `BLAND_API_KEY`",
+        storage: {
+          secrets: ["BLAND_API_KEY"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -99525,6 +99781,10 @@ var braveSearch = {
       "api-token": {
         label: "API Key",
         helpText: "1. Go to the [Brave Search API dashboard](https://api-dashboard.search.brave.com/register) and sign up for an account\n2. Provide a credit card for identity verification (free plans will not be charged)\n3. After registration, your API key will be available in the dashboard\n4. Copy the API key and use it in the `X-Subscription-Token` request header",
+        storage: {
+          secrets: ["BRAVE_API_KEY"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -99560,6 +99820,10 @@ var brex = {
       "api-token": {
         label: "API Token",
         helpText: "1. In Brex, create or obtain an API user token with the permissions required for your workflow\n2. Confirm the token is intended for the production API at `https://api.brex.com`\n3. Copy the token",
+        storage: {
+          secrets: ["BREX_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -99594,6 +99858,10 @@ var brevo = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [Brevo](https://app.brevo.com)\n2. Go to **Settings** \u2192 **SMTP & API** \u2192 **API Keys**\n3. Copy your API key",
+        storage: {
+          secrets: ["BREVO_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -99628,6 +99896,10 @@ var brightData = {
       "api-token": {
         label: "API Token",
         helpText: "1. Log in to [Bright Data](https://brightdata.com/cp)\n2. Go to **Account settings**\n3. Click **Add API key** and configure permissions\n4. Copy the token (shown only once)",
+        storage: {
+          secrets: ["BRIGHTDATA_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -99661,6 +99933,10 @@ var browserbase = {
       "api-token": {
         label: "API Token",
         helpText: "1. Sign up for a [Browserbase](https://www.browserbase.com/sign-up) account\n2. Log in and navigate to the **Overview** dashboard\n3. Your **Project ID** and **API key** are displayed on the right side of the Overview page\n4. Copy the API key",
+        storage: {
+          secrets: ["BROWSERBASE_TOKEN"],
+          variables: ["BROWSERBASE_PROJECT_ID"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -99701,6 +99977,10 @@ var browserless = {
       "api-token": {
         label: "API Token",
         helpText: "1. Sign up or log in at [Browserless](https://browserless.io/account/)\n2. Navigate to the account dashboard\n3. Copy your API token from the dashboard",
+        storage: {
+          secrets: ["BROWSERLESS_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -99735,6 +100015,10 @@ var browserstack = {
       "api-token": {
         label: "API Key",
         helpText: "1. Sign in to [BrowserStack](https://www.browserstack.com) and open **Account Settings**\n2. Copy your **Username** and **Access Key** from the **Authentication & Security** section\n3. Paste both values below \u2014 these credentials work across Live, Automate, App Live, and App Automate",
+        storage: {
+          secrets: ["BROWSERSTACK_USERNAME", "BROWSERSTACK_ACCESS_KEY"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -99775,6 +100059,10 @@ var browserUse = {
       "api-token": {
         label: "API Key",
         helpText: "1. Sign in at [cloud.browser-use.com](https://cloud.browser-use.com)\n2. Go to **Settings \u2192 API Keys**\n3. Click **Create new key**\n4. Copy the generated API key",
+        storage: {
+          secrets: ["BROWSER_USE_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -99809,6 +100097,10 @@ var bubblemaps = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to the [Bubblemaps Pro platform](https://pro.bubblemaps.io)\n2. Get your Data API key\n3. Use this key in the `X-ApiKey` request header",
+        storage: {
+          secrets: ["BUBBLEMAPS_API_KEY"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -99843,6 +100135,10 @@ var buffer = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [Buffer](https://publish.buffer.com) and go to **Settings > Developer Dashboard** (you must be an **Org Owner** \u2014 paid accounts can create up to 5 keys; free accounts get 1).\n2. Click **Create API Key**, give it a name, and set an expiration if desired.\n3. Copy the key immediately \u2014 it's only shown once.\n4. Paste it here.\n\n**Note:** Buffer's API is currently in beta.",
+        storage: {
+          secrets: ["BUFFER_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -99877,6 +100173,10 @@ var builtwith = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [BuiltWith](https://api.builtwith.com)\n2. Open the **API access** page in your account\n3. Copy your **API key**\n4. Pass it as the `KEY` query parameter on every request",
+        storage: {
+          secrets: ["BUILTWITH_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -99910,6 +100210,10 @@ var calCom = {
       "api-token": {
         label: "API Token",
         helpText: "1. Log in to [Cal.com](https://app.cal.com)\n2. Go to **Settings** \u2192 **Developer** \u2192 **API Keys**\n3. Click **Create API Key**\n4. Copy the generated key",
+        storage: {
+          secrets: ["CALCOM_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -99944,6 +100248,10 @@ var calendly = {
       "api-token": {
         label: "Personal Access Token",
         helpText: "1. Log in to [Calendly](https://calendly.com)\n2. Go to **Integrations > API & Webhooks**\n3. Generate a Personal Access Token\n4. Copy the token",
+        storage: {
+          secrets: ["CALENDLY_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -99986,6 +100294,14 @@ var canva = {
           clientIdEnv: "CANVA_OAUTH_CLIENT_ID",
           clientSecretEnv: "CANVA_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["CANVA_ACCESS_TOKEN", "CANVA_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "CANVA_ACCESS_TOKEN",
+            refreshToken: "CANVA_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL22,
@@ -100007,8 +100323,6 @@ var canva = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL22,
-          accessToken: "CANVA_ACCESS_TOKEN",
-          refreshToken: "CANVA_REFRESH_TOKEN",
           envBindings: {
             CANVA_TOKEN: "$secrets.CANVA_ACCESS_TOKEN"
           }
@@ -100031,6 +100345,10 @@ var chatwoot = {
       "api-token": {
         label: "API Access Token",
         helpText: "1. Log in to [Chatwoot](https://app.chatwoot.com) with an administrator account\n2. Click on your **avatar image** in the bottom left corner of the screen\n3. Select **Profile Settings** from the menu\n4. Scroll to the bottom of the Profile Settings page\n5. Copy the **Personal Access Token** displayed there",
+        storage: {
+          secrets: ["CHATWOOT_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -100072,6 +100390,10 @@ var checkr = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to the [Checkr Dashboard](https://dashboard.checkr.com)\n2. Go to **Account Settings > Developer Settings**\n3. Copy a live or test API key for the account you want to connect\n4. Use only keys and actions that comply with your background check authorization and compliance process",
+        storage: {
+          secrets: ["CHECKR_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -100106,6 +100428,10 @@ var clado = {
       "api-token": {
         label: "API Key",
         helpText: "1. Sign in to [Clado](https://clado.ai)\n2. Open the **API keys** page in your account\n3. Click **Create Key**, name it, and copy the value\n4. Use it as a Bearer token on requests to `https://search.clado.ai`",
+        storage: {
+          secrets: ["CLADO_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -100139,6 +100465,10 @@ var clerk = {
       "api-token": {
         label: "Secret Key",
         helpText: "Go to Clerk Dashboard \u2192 API Keys \u2192 copy the **Secret key** (starts with `sk_test_` for development or `sk_live_` for production). The key grants full administrative access to the matching instance \u2014 vm0's firewall ships with write operations denied by default; enable `*:write` permissions per agent only when needed.",
+        storage: {
+          secrets: ["CLERK_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -100173,6 +100503,10 @@ var clearbit = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [Clearbit](https://dashboard.clearbit.com)\n2. Go to **Settings > Keys & Settings**\n3. Reveal and copy your **Secret API Key**\n\nClearbit API keys are available only for accounts created in 2023 or earlier; new 2024+ accounts may require HubSpot/Breeze Intelligence access instead.",
+        storage: {
+          secrets: ["CLEARBIT_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -100207,6 +100541,10 @@ var clickup = {
       "api-token": {
         label: "API Token",
         helpText: "1. Log in to [ClickUp](https://app.clickup.com)\n2. Click your avatar in the upper-right corner and select **Settings**\n3. In the sidebar, click **Apps** (or visit [app.clickup.com/settings/apps](https://app.clickup.com/settings/apps))\n4. Under the **API Token** section, click **Generate** (or **Regenerate** if you already have one)\n5. Click **Copy** to copy the personal token (tokens start with `pk_` and never expire)",
+        storage: {
+          secrets: ["CLICKUP_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -100249,6 +100587,14 @@ var close2 = {
           clientIdEnv: "CLOSE_OAUTH_CLIENT_ID",
           clientSecretEnv: "CLOSE_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["CLOSE_ACCESS_TOKEN", "CLOSE_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "CLOSE_ACCESS_TOKEN",
+            refreshToken: "CLOSE_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL23,
@@ -100257,8 +100603,6 @@ var close2 = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL23,
-          accessToken: "CLOSE_ACCESS_TOKEN",
-          refreshToken: "CLOSE_REFRESH_TOKEN",
           envBindings: {
             CLOSE_TOKEN: "$secrets.CLOSE_ACCESS_TOKEN"
           }
@@ -100281,6 +100625,10 @@ var cloudflare = {
       "api-token": {
         label: "API Token",
         helpText: "1. Log in to the [Cloudflare Dashboard](https://dash.cloudflare.com)\n2. Go to **My Profile** \u2192 **API Tokens**\n3. Click **Create Token** and configure the required permissions\n4. Copy the generated token",
+        storage: {
+          secrets: ["CLOUDFLARE_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -100314,6 +100662,10 @@ var cloudinary = {
       "api-token": {
         label: "API Credentials",
         helpText: "1. Log in to the [Cloudinary Console](https://console.cloudinary.com/settings/api-keys)\n2. Go to **Settings** \u2192 **API Keys**\n3. Copy your **Cloud Name**, **API Key**, and **API Secret**",
+        storage: {
+          secrets: ["CLOUDINARY_TOKEN", "CLOUDINARY_API_SECRET"],
+          variables: ["CLOUDINARY_CLOUD_NAME"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -100359,6 +100711,10 @@ var coda = {
       "api-token": {
         label: "API Token",
         helpText: "1. Open Coda and click your avatar (bottom left) then **Account Settings**\n2. Scroll to **API Settings**\n3. Click **Generate API Token**, give it a name, optionally restrict scope\n4. Copy the token and paste it here",
+        storage: {
+          secrets: ["CODA_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -100393,6 +100749,10 @@ var coingecko = {
       "api-token": {
         label: "API Key",
         helpText: "1. Sign up or log in to [CoinGecko](https://www.coingecko.com/en/api)\n2. Open the **Developer Dashboard**\n3. Click **Add New Key** to create a Demo or Pro API key\n4. Copy the API key",
+        storage: {
+          secrets: ["COINGECKO_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -100427,6 +100787,10 @@ var coresignal = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to the [Coresignal self-service dashboard](https://dashboard.coresignal.com)\n2. Open **API Keys** from your account settings or homepage\n3. Copy an API key\n4. Use it in requests with the `apikey` header",
+        storage: {
+          secrets: ["CORESIGNAL_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -100461,6 +100825,10 @@ var cronlytic = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to the [Cronlytic dashboard](https://www.cronlytic.com/dashboard)\n2. Go to the **API Keys** section\n3. Click **Generate New API Key**\n4. Copy your **API Key** and **User ID** (both are required for authentication via `X-API-Key` and `X-User-ID` headers)",
+        storage: {
+          secrets: ["CRONLYTIC_API_KEY"],
+          variables: ["CRONLYTIC_USER_ID"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -100500,6 +100868,10 @@ var crustdata = {
       "api-token": {
         label: "API Key",
         helpText: "1. Request or open your Crustdata API key from the [Crustdata dashboard](https://crustdata.com)\n2. Copy your API key\n3. Crustdata authenticates requests with `Authorization: Bearer <key>` and requires the `x-api-version` header",
+        storage: {
+          secrets: ["CRUSTDATA_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -100533,6 +100905,10 @@ var customerIo = {
       "api-token": {
         label: "API Token",
         helpText: "1. Log in to your [Customer.io](https://fly.customer.io) account\n2. Go to **Account Settings > [API Credentials](https://fly.customer.io/settings/api_credentials)**\n3. Locate your **Site ID** and **API Key** on the Track API Keys page\n4. Copy both values (they are used together as basic authentication credentials in the format `site_id:api_key`, Base64-encoded)",
+        storage: {
+          secrets: ["CUSTOMERIO_APP_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -100566,6 +100942,10 @@ var db9 = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [db9](https://db9.ai)\n2. Go to **Settings > API Keys**\n3. Create a new API key\n4. Copy the 128-character hex token",
+        storage: {
+          secrets: ["DB9_API_KEY"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -100608,6 +100988,14 @@ var deel = {
           clientIdEnv: "DEEL_OAUTH_CLIENT_ID",
           clientSecretEnv: "DEEL_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["DEEL_ACCESS_TOKEN", "DEEL_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "DEEL_ACCESS_TOKEN",
+            refreshToken: "DEEL_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL24,
@@ -100625,8 +101013,6 @@ var deel = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL24,
-          accessToken: "DEEL_ACCESS_TOKEN",
-          refreshToken: "DEEL_REFRESH_TOKEN",
           envBindings: {
             DEEL_TOKEN: "$secrets.DEEL_ACCESS_TOKEN"
           }
@@ -100636,6 +101022,10 @@ var deel = {
       "api-token": {
         label: "API Token",
         helpText: "1. Create a [Deel](https://app.deel.com) account and verify your email\n2. Navigate to the **Developer Center**\n3. Select the **API Sandbox** tab (or **Production** for live credentials)\n4. Click **Create Sandbox** and enter a unique email and password\n5. Click **Confirm** to finalize sandbox creation\n6. Locate your **API Key / Access Token** in the Developer Center\n7. Copy and store the token securely",
+        storage: {
+          secrets: ["DEEL_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -100669,6 +101059,10 @@ var defillama = {
       "api-token": {
         label: "Pro API Key",
         helpText: "1. Subscribe to [DefiLlama Pro API](https://defillama.com/subscription)\n2. Open the [Pro API docs](https://defillama.com/pro-api/docs)\n3. Copy your Pro API key\n\nThis connector is for the DefiLlama Pro API key. Most free DefiLlama API endpoints do not require authentication.",
+        storage: {
+          secrets: ["DEFILLAMA_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -100704,6 +101098,10 @@ var deepseek = {
       "api-token": {
         label: "API Key",
         helpText: "1. Go to the [DeepSeek Platform](https://platform.deepseek.com/api_keys)\n2. Sign up for an account or log in\n3. Navigate to the **API Keys** page\n4. Create a new API key and copy it",
+        storage: {
+          secrets: ["DEEPSEEK_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -100738,6 +101136,10 @@ var devto = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [DEV.to](https://dev.to)\n2. Go to **Settings > Extensions** (or visit [dev.to/settings/extensions](https://dev.to/settings/extensions))\n3. Generate a new API key from the settings page\n4. Copy the API key and use it in the `api-key` request header",
+        storage: {
+          secrets: ["DEVTO_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -100772,6 +101174,10 @@ var diffbot = {
       "api-token": {
         label: "API Token",
         helpText: "1. Log in to [Diffbot](https://app.diffbot.com/get-started/)\n2. Open your account dashboard\n3. Copy the **API token** shown on the dashboard\n4. Pass it as the `token` query parameter on every request",
+        storage: {
+          secrets: ["DIFFBOT_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -100806,6 +101212,10 @@ var dify = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [Dify](https://cloud.dify.ai)\n2. Open your app and navigate to **API Access** in the left sidebar\n3. Click to generate new API credentials\n4. Copy the API key",
+        storage: {
+          secrets: ["DIFY_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -100840,6 +101250,10 @@ var discord = {
       "api-token": {
         label: "Bot Token",
         helpText: "1. Go to the [Discord Developer Portal](https://discord.com/developers/applications)\n2. Select your application (or create a new one)\n3. Navigate to the **Bot** page in your app's settings\n4. In the **Token** section, click **Reset Token** to generate a new bot token\n5. Copy and securely store the token \u2014 you won't be able to view it again unless you regenerate it",
+        storage: {
+          secrets: ["DISCORD_BOT_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -100874,6 +101288,10 @@ var discordWebhook = {
       "api-token": {
         label: "Webhook URL",
         helpText: "1. Open your Discord server and navigate to **Server Settings**\n2. Select the **Integrations** tab\n3. Click the **Create Webhook** button\n4. Configure the webhook name and select the target text channel from the dropdown menu\n5. Click the **Copy Webhook URL** button to copy the webhook URL",
+        storage: {
+          secrets: ["DISCORD_WEBHOOK_URL"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -100908,6 +101326,10 @@ var doppler = {
       "api-token": {
         label: "Service Token",
         helpText: "1. Log in to [Doppler](https://dashboard.doppler.com)\n2. Go to your project, then select a config (environment)\n3. Click the **Access** tab\n4. Click **+ Generate Service Token**\n5. Set permissions to **Read** and copy the token",
+        storage: {
+          secrets: ["DOPPLER_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -100944,6 +101366,10 @@ var doubao = {
       "api-token": {
         label: "Doubao API Key",
         helpText: "1. Sign in to the [Volcengine new speech console](https://console.volcengine.com/speech/new)\n2. Open **\u8BBE\u7F6E \u2192 API Key \u7BA1\u7406** ([direct link](https://console.volcengine.com/speech/new/setting/apikeys))\n3. Click **\u521B\u5EFA API Key**, name it, and copy the UUID value\n4. The key authorises every endpoint under `openspeech.bytedance.com` \u2014 TTS, ASR file recognition, voice cloning",
+        storage: {
+          secrets: ["DOUBAO_API_KEY"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -100978,6 +101404,10 @@ var drive9 = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [drive9](https://drive9.ai)\n2. Go to **Settings > API Keys**\n3. Create a new API key\n4. Copy the key (format: `drive9_sk_...`)",
+        storage: {
+          secrets: ["DRIVE9_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -101020,6 +101450,14 @@ var dropbox = {
           clientIdEnv: "DROPBOX_OAUTH_CLIENT_ID",
           clientSecretEnv: "DROPBOX_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["DROPBOX_ACCESS_TOKEN", "DROPBOX_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "DROPBOX_ACCESS_TOKEN",
+            refreshToken: "DROPBOX_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL25,
@@ -101032,8 +101470,6 @@ var dropbox = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL25,
-          accessToken: "DROPBOX_ACCESS_TOKEN",
-          refreshToken: "DROPBOX_REFRESH_TOKEN",
           envBindings: {
             DROPBOX_TOKEN: "$secrets.DROPBOX_ACCESS_TOKEN"
           }
@@ -101043,6 +101479,10 @@ var dropbox = {
       "api-token": {
         label: "Access Token",
         helpText: "1. Go to the [Dropbox App Console](https://www.dropbox.com/developers/apps)\n2. Select your app (or create a new one)\n3. Click the button to generate an access token for your own account\n4. Copy the generated OAuth 2 access token",
+        storage: {
+          secrets: ["DROPBOX_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -101078,6 +101518,10 @@ var dropboxSign = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [Dropbox Sign](https://sign.dropbox.com)\n2. Click **API** in the left sidebar and open the **API Dashboard**\n3. Click **Reveal key** for an existing key, or **Generate key** to create a new one\n4. Copy the 40-character hex key and paste it here\n\nTip: While developing, add `test_mode=1` to signature-request calls to avoid billing and real emails.",
+        storage: {
+          secrets: ["DROPBOX_SIGN_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -101112,6 +101556,10 @@ var duffel = {
       "api-token": {
         label: "Access Token",
         helpText: "1. Log in to the [Duffel dashboard](https://app.duffel.com)\n2. Click your organisation name, then **Developers > Access tokens**\n3. Click **New token**, give it a name, leave scope as **Read write**\n4. Click **Create token** and copy the value (format: `duffel_test_...` for test mode, `duffel_live_...` for live mode)",
+        storage: {
+          secrets: ["DUFFEL_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -101146,6 +101594,10 @@ var e2b = {
       "api-token": {
         label: "API Key",
         helpText: "1. Sign up at [e2b.dev](https://e2b.dev)\n2. Go to Dashboard \u2192 **API Keys**\n3. Click **Create API Key**\n4. Copy the key (starts with `e2b_`). Paste it here.",
+        storage: {
+          secrets: ["E2B_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -101181,6 +101633,10 @@ var elevenlabs = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [ElevenLabs](https://elevenlabs.io)\n2. Go to [Settings > API Keys](https://elevenlabs.io/app/settings/api-keys)\n3. Click to create a new API key\n4. Copy the key and store it securely",
+        storage: {
+          secrets: ["ELEVENLABS_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -101215,6 +101671,10 @@ var etsy = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [Etsy](https://www.etsy.com/developers/your-apps)\n2. Click **Create a New App** (or select an existing app)\n3. Copy the **Keystring** and **Shared Secret**\n4. Paste both values joined with a colon: `keystring:shared_secret`",
+        storage: {
+          secrets: ["ETSY_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -101249,6 +101709,10 @@ var etherscan = {
       "api-token": {
         label: "API Key",
         helpText: "1. Sign in to [Etherscan](https://etherscan.io)\n2. Open your [API Dashboard](https://etherscan.io/myapikey)\n3. Click **Add +** to create a new API key\n4. Use the key with Etherscan API V2 requests; one key works across supported chains via the `chainid` parameter",
+        storage: {
+          secrets: ["ETHERSCAN_API_KEY"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -101282,6 +101746,10 @@ var exa = {
       "api-token": {
         label: "API Key",
         helpText: "1. Sign up at [dashboard.exa.ai](https://dashboard.exa.ai)\n2. Click your account \u2192 **API Keys** \u2192 **Create API Key**\n3. Copy the key (starts with `exa_`). Free tier: 1,000 requests/month.",
+        storage: {
+          secrets: ["EXA_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -101316,6 +101784,10 @@ var explorium = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to the [Explorium Admin Portal](https://admin.explorium.ai)\n2. Navigate to **Access & Authentication > Getting Your API Key**\n3. Click the **Show Key** button to reveal the masked API key\n4. Click the **Copy Key** button to copy it",
+        storage: {
+          secrets: ["EXPLORIUM_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -101358,6 +101830,10 @@ var faire = {
       "api-token": {
         label: "Access Token",
         helpText: "1. In the Faire portal, go to **Settings > Integrations**\n2. Generate an API key for a direct integration, or request one from Faire for a custom integration\n3. Copy the access token for the brand account you want to connect",
+        storage: {
+          secrets: ["FAIRE_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -101393,6 +101869,10 @@ var fal = {
       "api-token": {
         label: "API Key",
         helpText: "1. Go to the [fal Dashboard Keys page](https://fal.ai/dashboard/keys)\n2. Click the **Create Key** button\n3. Provide a name for your key and select the appropriate scope (**API** for calling models, or **ADMIN** for full access)\n4. Copy the key immediately \u2014 you will not be able to see it again",
+        storage: {
+          secrets: ["FAL_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -101435,6 +101915,14 @@ var figma = {
           clientIdEnv: "FIGMA_OAUTH_CLIENT_ID",
           clientSecretEnv: "FIGMA_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["FIGMA_ACCESS_TOKEN", "FIGMA_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "FIGMA_ACCESS_TOKEN",
+            refreshToken: "FIGMA_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL26,
@@ -101453,8 +101941,6 @@ var figma = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL26,
-          accessToken: "FIGMA_ACCESS_TOKEN",
-          refreshToken: "FIGMA_REFRESH_TOKEN",
           envBindings: {
             FIGMA_TOKEN: "$secrets.FIGMA_ACCESS_TOKEN"
           }
@@ -101464,6 +101950,10 @@ var figma = {
       "api-token": {
         label: "Personal Access Token",
         helpText: "1. Log in to [Figma](https://www.figma.com) and open the file browser\n2. Click the account menu in the top-left corner and select **Settings**\n3. Select the **Security** tab\n4. Scroll to the **Personal access tokens** section and click **Generate new token**\n5. Enter a name for the token, assign the desired scopes, and press Return/Enter\n6. Copy the generated token immediately \u2014 it will not be shown again",
+        storage: {
+          secrets: ["FIGMA_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -101498,6 +101988,10 @@ var firecrawl = {
       "api-token": {
         label: "API Token",
         helpText: "1. Log in to [Firecrawl](https://www.firecrawl.dev)\n2. Go to your **Dashboard**\n3. Copy your **API Key**",
+        storage: {
+          secrets: ["FIRECRAWL_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -101532,6 +102026,10 @@ var fireflies = {
       "api-token": {
         label: "API Token",
         helpText: "1. Log in to [Fireflies](https://fireflies.ai)\n2. Navigate to the **Integrations** section\n3. Click on **Fireflies API**\n4. Copy your API key and store it securely",
+        storage: {
+          secrets: ["FIREFLIES_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -101565,6 +102063,10 @@ var flightaware = {
       "api-token": {
         label: "AeroAPI Key",
         helpText: "1. Sign in to the [FlightAware AeroAPI portal](https://flightaware.com/aeroapi/portal/)\n2. Open your API key settings\n3. Copy your AeroAPI key\n4. Send it in the `x-apikey` header for AeroAPI requests",
+        storage: {
+          secrets: ["FLIGHTAWARE_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -101599,6 +102101,10 @@ var freshdesk = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to Freshdesk and click your profile picture (top right), then **Profile Settings**\n2. On the right pane, click **View API Key** and complete the captcha\n3. Copy the API key\n4. Enter your Freshdesk subdomain \u2014 the prefix of `https://<subdomain>.freshdesk.com`",
+        storage: {
+          secrets: ["FRESHDESK_TOKEN"],
+          variables: ["FRESHDESK_DOMAIN"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -101640,6 +102146,10 @@ var gamma = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [Gamma](https://gamma.app)\n2. Go to [API Keys](https://gamma.app/settings/api-keys) (Settings > API Keys)\n3. Click **Create API key**\n4. Copy the key (it is only shown once)",
+        storage: {
+          secrets: ["GAMMA_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -101682,6 +102192,17 @@ var garminConnect = {
           clientIdEnv: "GARMIN_CONNECT_OAUTH_CLIENT_ID",
           clientSecretEnv: "GARMIN_CONNECT_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: [
+            "GARMIN_CONNECT_ACCESS_TOKEN",
+            "GARMIN_CONNECT_REFRESH_TOKEN"
+          ],
+          variables: [],
+          secretRoles: {
+            accessToken: "GARMIN_CONNECT_ACCESS_TOKEN",
+            refreshToken: "GARMIN_CONNECT_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL27,
@@ -101690,8 +102211,6 @@ var garminConnect = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL27,
-          accessToken: "GARMIN_CONNECT_ACCESS_TOKEN",
-          refreshToken: "GARMIN_CONNECT_REFRESH_TOKEN",
           envBindings: {
             GARMIN_CONNECT_TOKEN: "$secrets.GARMIN_CONNECT_ACCESS_TOKEN"
           }
@@ -101716,6 +102235,10 @@ var gemini = {
       "api-token": {
         label: "API Key",
         helpText: "1. Go to [Google AI Studio](https://aistudio.google.com/apikey)\n2. Sign in with your Google account\n3. Click **Create API key**\n4. Copy the key (starts with `AIza`) and store it in a safe location",
+        storage: {
+          secrets: ["GEMINI_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -101751,6 +102274,10 @@ var gitlab = {
       "api-token": {
         label: "Personal Access Token",
         helpText: "1. Log in to [GitLab](https://gitlab.com)\n2. Click your avatar in the upper-right corner and select **Edit profile**\n3. In the left sidebar, navigate to **Access > Personal access tokens**\n4. From the **Generate token** dropdown, select **Legacy token**\n5. Enter a name in the **Token name** field\n6. Optionally set an expiration date (defaults to 365 days)\n7. Select the required scopes for your token\n8. Click **Generate token**\n9. Copy and save the token \u2014 you cannot view it again after leaving the page",
+        storage: {
+          secrets: ["GITLAB_TOKEN"],
+          variables: ["GITLAB_HOST"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -101792,6 +102319,10 @@ var gong = {
       "api-token": {
         label: "Access Key",
         helpText: "1. In Gong, go to **Company Settings \u2192 Ecosystem \u2192 API** (requires the Technical Administrator permission profile)\n2. Click **Create** to generate an Access Key and Access Key Secret\n3. Copy both values \u2014 the secret is shown only once\n4. Copy the **API Base URL** shown on the same screen (e.g. `api.gong.io`, or your region-specific host)",
+        storage: {
+          secrets: ["GONG_ACCESS_KEY", "GONG_ACCESS_KEY_SECRET"],
+          variables: ["GONG_API_BASE"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -101837,6 +102368,10 @@ var granola = {
       "api-token": {
         label: "API Key",
         helpText: "1. Open the [Granola](https://granola.ai) desktop app\n2. Go to **Settings > API**\n3. Click the **Create new key** button\n4. Choose a key type (if prompted) and click **Generate API Key**\n5. Copy and save the API key securely",
+        storage: {
+          secrets: ["GRANOLA_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -101871,6 +102406,10 @@ var greenhouse = {
       "api-token": {
         label: "API Key",
         helpText: "1. In Greenhouse, click **Configure** (gear icon) \u2192 **Dev Center** (left sidebar)\n2. Click **API Credential Management** \u2192 **Create new API credentials**\n3. For **API type**, select **Harvest API** (v1/v2). For **Partner**, choose **Custom** (or **Unlisted vendor**). Description: **vm0**\n4. Select the endpoints you want this key to access (permission scoping)\n5. Click **View and store credentials** and copy the API key \u2014 it is only shown once\n6. Paste it here\n\n**Note:** Harvest v1/v2 will be deprecated on August 31, 2026; migrate to OAuth v3 before that date.",
+        storage: {
+          secrets: ["GREENHOUSE_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -101907,6 +102446,10 @@ var groq = {
       "api-token": {
         label: "API Key",
         helpText: "1. Sign up at [console.groq.com](https://console.groq.com)\n2. Click **API Keys** in the left sidebar\n3. Click **Create API Key**, name it, and copy it immediately \u2014 it is shown only once\n4. Paste it here. Free tier available; the key is org-bound.",
+        storage: {
+          secrets: ["GROQ_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -101941,6 +102484,10 @@ var helicone = {
       "api-token": {
         label: "API Key",
         helpText: "Go to helicone.ai \u2192 Settings \u2192 API Keys \u2192 create a new key.",
+        storage: {
+          secrets: ["HELICONE_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -101976,6 +102523,10 @@ var heygen = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [HeyGen](https://app.heygen.com)\n2. Navigate to **Settings > API > API token**\n3. Click to generate your API key\n4. Copy and save the key immediately \u2014 you cannot retrieve it after leaving the page, and regenerating a new key will invalidate the previous one",
+        storage: {
+          secrets: ["HEYGEN_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -102012,6 +102563,10 @@ var hitem3d = {
       "api-token": {
         label: "API Credentials",
         helpText: "1. Sign in to the [Hitem3D Developer Platform](https://platform.hitem3d.ai)\n2. Purchase or enable a resource package\n3. Open the API Key page and create an enabled API key\n4. Copy the client ID and client secret. Paste them here.",
+        storage: {
+          secrets: ["HITEM3D_CLIENT_ID", "HITEM3D_CLIENT_SECRET"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -102053,6 +102608,10 @@ var htmlcsstoimage = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [HTML/CSS to Image](https://htmlcsstoimage.com/dashboard)\n2. Go to your **Dashboard**\n3. Locate your **User ID** and **API Key** displayed on the dashboard\n4. Copy the **API Key** (used as the password in HTTP Basic authentication)",
+        storage: {
+          secrets: ["HCTI_API_KEY"],
+          variables: ["HCTI_USER_ID"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -102092,6 +102651,10 @@ var honcho = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [Honcho](https://app.honcho.dev)\n2. Open **API KEYS**\n3. Create or copy an API key\n4. Honcho sends this key as `Authorization: Bearer <token>`",
+        storage: {
+          secrets: ["HONCHO_API_KEY"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -102127,6 +102690,10 @@ var huggingFace = {
       "api-token": {
         label: "API Token",
         helpText: "1. Log in to [Hugging Face](https://huggingface.co)\n2. Go to **Settings \u2192 Access Tokens**\n3. Create a new token with the required permissions\n4. Copy the token",
+        storage: {
+          secrets: ["HUGGING_FACE_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -102162,6 +102729,10 @@ var hume = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to the [Hume Portal](https://app.hume.ai)\n2. Navigate to the **API Keys** page\n3. Copy your API key",
+        storage: {
+          secrets: ["HUME_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -102195,6 +102766,10 @@ var hunter = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [Hunter](https://hunter.io/api-keys)\n2. Open the **API keys** page under your account\n3. Copy your existing key or click **Generate a new key**\n4. Pass it as the `api_key` query parameter on every request",
+        storage: {
+          secrets: ["HUNTER_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -102228,6 +102803,10 @@ var imgur = {
       "api-token": {
         label: "API Token",
         helpText: "1. Log in to [Imgur](https://imgur.com)\n2. Go to [Register an Application](https://api.imgur.com/oauth2/addclient)\n3. Fill in the application registration form\n4. After registration, you will receive a **Client ID** and **Client Secret**\n5. Copy and save both credentials",
+        storage: {
+          secrets: ["IMGUR_CLIENT_ID"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -102262,6 +102841,10 @@ var infisical = {
       "api-token": {
         label: "Token Auth",
         helpText: "1. Log in to [Infisical](https://app.infisical.com)\n2. Go to **Access Control > Machine Identities**\n3. Create a new Machine Identity with **Token Auth**\n4. Copy the **Token**\n5. Assign the identity to your project with the desired role",
+        storage: {
+          secrets: ["INFISICAL_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -102296,6 +102879,10 @@ var instagram = {
       "api-token": {
         label: "API Token",
         helpText: "1. Create a Meta app of type **Business** at [Meta for Developers](https://developers.facebook.com/apps)\n2. In your app dashboard, click **Instagram > API setup with Instagram business login** in the left side menu\n3. Click **Generate token** next to the Instagram account you want to access\n4. Log into Instagram when prompted\n5. Copy the access token",
+        storage: {
+          secrets: ["INSTAGRAM_TOKEN"],
+          variables: ["INSTAGRAM_BUSINESS_ACCOUNT_ID"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -102335,6 +102922,10 @@ var instantly = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [Instantly](https://app.instantly.ai)\n2. Navigate to **Settings > Integrations** at https://app.instantly.ai/app/settings/integrations\n3. Click the **API Keys** section in the left sidebar\n4. Click the **Create API Key** button\n5. Enter a name for the API key\n6. Select the scopes (permissions) you want the API key to have\n7. Click **Create**\n8. Copy the key and store it in a secure place (it will only be displayed once)",
+        storage: {
+          secrets: ["INSTANTLY_API_KEY"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -102369,6 +102960,10 @@ var intercom = {
       "api-token": {
         label: "Access Token",
         helpText: "1. Sign up at the [Intercom Developer Hub](https://app.intercom.com/admins/sign_up/developer) on your Intercom workspace\n2. Create a new app in the Developer Hub\n3. Navigate to **Configure > Authentication** within your app in the [Developer Hub](https://app.intercom.io/a/apps/_/developer-hub/app-packages)\n4. Copy your access token",
+        storage: {
+          secrets: ["INTERCOM_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -102403,6 +102998,10 @@ var ironclad = {
       "api-token": {
         label: "API Key",
         helpText: "1. In Ironclad, go to **Company Settings \u2192 API**\n2. Generate an API key and copy it\n3. Set the API host to match your instance's data region: `ironcladapp.com` (North America), `eu1.ironcladapp.com` (Europe), or `demo.ironcladapp.com` (demo)",
+        storage: {
+          secrets: ["IRONCLAD_API_KEY"],
+          variables: ["IRONCLAD_HOST"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -102443,6 +103042,10 @@ var jam = {
       "api-token": {
         label: "Personal Access Token",
         helpText: '1. Log in to [Jam](https://jam.dev)\n2. Go to **Settings > Integrations > AI Agents**\n3. Scroll down to the **Personal Access Tokens** section\n4. Click **Create token**\n5. Enter a name for the token (e.g., "Cursor" or "Claude Code")\n6. Choose an expiration period (7 days, 30 days, 90 days, or 1 year)\n7. Select at least one scope (`mcp:read` for viewing or `mcp:write` for editing)\n8. Click **Create**\n9. Copy the token immediately (it will not be displayed again)',
+        storage: {
+          secrets: ["JAM_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -102478,6 +103081,10 @@ var jira = {
       "api-token": {
         label: "API Token",
         helpText: "1. Go to [Atlassian API token management](https://id.atlassian.com/manage-profile/security/api-tokens)\n2. Log in to your Atlassian account\n3. Click **Create API token**\n4. Enter a name that describes what the token is for\n5. Choose an expiration date (between 1 and 365 days)\n6. Click **Create**\n7. Click **Copy to clipboard** and save the token in a secure place (you cannot recover it later)",
+        storage: {
+          secrets: ["JIRA_API_TOKEN"],
+          variables: ["JIRA_DOMAIN", "JIRA_EMAIL"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -102525,6 +103132,10 @@ var jotform = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to your [Jotform account](https://www.jotform.com/myaccount/api)\n2. Navigate to **Settings** \u2192 **API**\n3. Click **Create New Key**\n4. Copy your **API Key**",
+        storage: {
+          secrets: ["JOTFORM_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -102558,6 +103169,10 @@ var klaviyo = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [Klaviyo](https://www.klaviyo.com/)\n2. Go to **Account > Settings > API keys**\n3. Click **Create Private API Key**\n4. Grant the scopes your workflow needs (e.g. `profiles:write`, `lists:write`, `events:write`, `subscriptions:write`)\n5. Copy the key (format: `pk_...`)",
+        storage: {
+          secrets: ["KLAVIYO_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -102592,6 +103207,10 @@ var kommo = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [Kommo](https://www.kommo.com) and create a **private integration**\n2. Go to the **Keys and Scopes** tab in your private integration settings\n3. Click **Generate long-lived token**\n4. Set the token expiration date (from 1 day to 5 years)\n5. Copy and save the token immediately (it will only be displayed once)",
+        storage: {
+          secrets: ["KOMMO_API_KEY"],
+          variables: ["KOMMO_SUBDOMAIN"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -102633,6 +103252,10 @@ var langfuse = {
       "api-token": {
         label: "API Keys",
         helpText: "1. Sign up at [cloud.langfuse.com](https://cloud.langfuse.com)\n2. Create an organization and a project\n3. In project **Settings \u2192 API Keys**, click **Create new API keys**\n4. Copy both the **Public Key** (`pk-lf-...`) and the **Secret Key** (`sk-lf-...`) \u2014 the secret is shown only once\n5. Paste both values into the fields below",
+        storage: {
+          secrets: ["LANGFUSE_PUBLIC_KEY", "LANGFUSE_SECRET_KEY"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -102673,6 +103296,10 @@ var langsmith = {
       "api-token": {
         label: "API Key",
         helpText: "Go to [smith.langchain.com](https://smith.langchain.com) \u2192 Settings \u2192 API Keys \u2192 Create API Key.",
+        storage: {
+          secrets: ["LANGSMITH_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -102708,6 +103335,10 @@ var lark = {
         featureFlag: "larkConnector" /* LarkConnector */,
         label: "App Credentials",
         helpText: "1. Log in to the [Lark Developer Console](https://open.larksuite.com/app/)\n2. Select your app from the list (or create a new one)\n3. Go to the **Credentials & Basic Info** page\n4. Copy your **App ID** and **App Secret**\n5. Use these credentials to call the tenant_access_token API to obtain an access token",
+        storage: {
+          secrets: ["LARK_TOKEN"],
+          variables: ["LARK_APP_ID"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -102748,6 +103379,10 @@ var line = {
       "api-token": {
         label: "Channel Access Token",
         helpText: "1. Log in to the [LINE Developers Console](https://developers.line.biz/console)\n2. Select your provider and channel\n3. Go to the **Messaging API** tab\n4. Issue or copy the **Channel access token (long-lived)**",
+        storage: {
+          secrets: ["LINE_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -102781,6 +103416,10 @@ var loops = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [Loops](https://app.loops.so)\n2. Go to **Settings** \u2192 **API**\n3. Click **Generate key**\n4. Copy the generated API key",
+        storage: {
+          secrets: ["LOOPS_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -102816,6 +103455,10 @@ var luma = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in at [lu.ma](https://lu.ma)\n2. Go to Calendars Home \u2192 select your calendar \u2192 Settings \u2192 Developer\n3. Generate or copy your API key\n4. Paste the key here",
+        storage: {
+          secrets: ["LUMA_API_KEY"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -102851,6 +103494,10 @@ var lumaAi = {
       "api-token": {
         label: "API Key",
         helpText: "1. Sign up at [lumalabs.ai](https://lumalabs.ai)\n2. Go to [lumalabs.ai/dream-machine/api](https://lumalabs.ai/dream-machine/api) or account settings \u2192 API Keys\n3. Create a new API key and copy it\n4. Paste the key here",
+        storage: {
+          secrets: ["LUMA_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -102892,6 +103539,13 @@ var mailchimp = {
           clientIdEnv: "MAILCHIMP_OAUTH_CLIENT_ID",
           clientSecretEnv: "MAILCHIMP_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["MAILCHIMP_ACCESS_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "MAILCHIMP_ACCESS_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: "https://login.mailchimp.com/oauth2/token",
@@ -102908,6 +103562,10 @@ var mailchimp = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [Mailchimp](https://mailchimp.com)\n2. Click your **profile icon** and select **Profile**\n3. Click the **Extras** dropdown menu, then choose **API keys**\n4. In the **Your API Keys** section, click **Create A Key**\n5. Enter a descriptive name for the key\n6. Click **Generate Key**\n7. Click **Copy Key to Clipboard** and store it in a secure place (you will not be able to see or copy it again)\n8. Click **Done**",
+        storage: {
+          secrets: ["MAILCHIMP_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -102942,6 +103600,10 @@ var mailsac = {
       "api-token": {
         label: "API Key",
         helpText: "1. Go to [Mailsac](https://mailsac.com) and sign up for an account\n2. Log in to your Mailsac dashboard\n3. Navigate to [API Keys](https://mailsac.com/api-keys)\n4. Copy your API key from the dashboard",
+        storage: {
+          secrets: ["MAILSAC_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -102976,6 +103638,10 @@ var make = {
       "api-token": {
         label: "API Token",
         helpText: "1. Log in to [Make](https://www.make.com)\n2. Click your **avatar** at the bottom-left corner\n3. Select **Profile**, then open the **API** tab\n4. Click **Add token**\n5. Enter a **Label** (custom name to identify the token)\n6. Select the required **Scopes** (permissions)\n7. Click **Save**\n8. Copy the token and store it in a safe place (it will be hidden once you leave the page)",
+        storage: {
+          secrets: ["MAKE_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -103009,6 +103675,10 @@ var manus = {
       "api-token": {
         label: "API Key",
         helpText: "1. Sign in to [Manus](https://manus.im)\n2. Navigate to **Settings \u2192 Integration \u2192 Build with Manus API**\n3. Click **Create New**, give it a name, and confirm\n4. Copy the generated API key",
+        storage: {
+          secrets: ["MANUS_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -103043,6 +103713,10 @@ var mapbox = {
       "api-token": {
         label: "Access Token",
         helpText: "1. Log in to [Mapbox](https://account.mapbox.com)\n2. Open the **Access tokens** page\n3. Click **Create a token**, give it a name, and pick the scopes you need\n4. Copy the token (format: `pk.\u2026`) \u2014 pass it as the `access_token` query parameter",
+        storage: {
+          secrets: ["MAPBOX_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -103077,6 +103751,10 @@ var mathpix = {
       "api-token": {
         label: "App ID + App Key",
         helpText: "1. Sign in to the [Mathpix Console](https://console.mathpix.com)\n2. Open **API Keys** under your account\n3. Copy your **app_id** and create / copy an **app_key**\n4. Mathpix authenticates with both values sent as the `app_id` and `app_key` request headers",
+        storage: {
+          secrets: ["MATHPIX_APP_KEY"],
+          variables: ["MATHPIX_APP_ID"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -103116,6 +103794,10 @@ var mem0 = {
       "api-token": {
         label: "API Key",
         helpText: "Go to [app.mem0.ai](https://app.mem0.ai) \u2192 **API Keys** \u2192 create or copy your key.",
+        storage: {
+          secrets: ["MEM0_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -103158,6 +103840,14 @@ var mercury = {
           clientIdEnv: "MERCURY_OAUTH_CLIENT_ID",
           clientSecretEnv: "MERCURY_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["MERCURY_ACCESS_TOKEN", "MERCURY_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "MERCURY_ACCESS_TOKEN",
+            refreshToken: "MERCURY_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL28,
@@ -103166,8 +103856,6 @@ var mercury = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL28,
-          accessToken: "MERCURY_ACCESS_TOKEN",
-          refreshToken: "MERCURY_REFRESH_TOKEN",
           envBindings: {
             MERCURY_TOKEN: "$secrets.MERCURY_ACCESS_TOKEN"
           }
@@ -103177,6 +103865,10 @@ var mercury = {
       "api-token": {
         label: "API Token",
         helpText: "1. Log in to your [Mercury Dashboard](https://mercury.com)\n2. Go to **Settings \u2192 Tokens**\n3. Generate a new API token\n4. Copy the token",
+        storage: {
+          secrets: ["MERCURY_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -103212,6 +103904,10 @@ var meshy = {
       "api-token": {
         label: "API Key",
         helpText: "1. Sign in to [Meshy](https://www.meshy.ai)\n2. Open the [API settings page](https://www.meshy.ai/settings/api)\n3. Click **Create API Key**\n4. Copy the API key. You will not be able to see it again.",
+        storage: {
+          secrets: ["MESHY_API_KEY"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -103253,6 +103949,13 @@ var metaAds = {
           clientIdEnv: "META_ADS_OAUTH_CLIENT_ID",
           clientSecretEnv: "META_ADS_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["META_ADS_ACCESS_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "META_ADS_ACCESS_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: "https://graph.facebook.com/v22.0/oauth/access_token",
@@ -103282,6 +103985,10 @@ var metabase = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to your Metabase instance as an admin\n2. Go to **Admin** \u2192 **Settings** \u2192 **Authentication** \u2192 **API Keys**\n3. Click **Create API Key**\n4. Enter a name and select a group for the key\n5. Copy the generated API key",
+        storage: {
+          secrets: ["METABASE_TOKEN"],
+          variables: ["METABASE_BASE_URL"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -103323,6 +104030,10 @@ var minimax = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [MiniMax Platform](https://platform.minimax.io)\n2. Go to **User Center > Basic Information > Interface Key**\n3. Create a new API key\n4. Copy the key",
+        storage: {
+          secrets: ["MINIMAX_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -103357,6 +104068,10 @@ var minio = {
       "api-token": {
         label: "Access Credentials",
         helpText: "1. Log in to the MinIO Console\n2. Navigate to the **Access Keys** section under Security and Access\n3. Click **Create Access Key**\n4. The system automatically generates an access key and secret key\n5. Optionally override the auto-generated values or toggle **Restrict beyond user policy** to limit permissions\n6. Save the secret key in a secure location (you cannot retrieve or reset it after creation)\n7. Click **Create** to finalize",
+        storage: {
+          secrets: ["MINIO_TOKEN", "MINIO_SECRET_TOKEN"],
+          variables: ["MINIO_ENDPOINT"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -103404,6 +104119,10 @@ var miro = {
       "api-token": {
         label: "Access Token",
         helpText: "1. Go to [Miro App Settings](https://miro.com/app/settings/user-profile/apps) and click **Create new app**\n2. Fill in the app name and description\n3. **Important:** when asked about token expiration, select **Non-expiring access token** \u2014 this choice is permanent for the app\n4. On the app's page, open **Permissions** and check the scopes you need (e.g. `boards:read`, `boards:write`)\n5. Click **Install app and get OAuth token**, select your team, and copy the token\n6. Paste the token here",
+        storage: {
+          secrets: ["MIRO_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -103439,6 +104158,13 @@ var mixpanel = {
       "api-token": {
         label: "Service Account",
         helpText: "1. In Mixpanel, open **Organization Settings \u2192 Service Accounts** (or **Project Settings \u2192 Service Accounts**)\n2. Click **Add Service Account**, give it a name, and choose a role (minimum **Member**); optionally set an expiration\n3. Copy the **Username** and **Secret** immediately \u2014 the secret is only shown once\n4. Open **Project Settings \u2192 Overview \u2192 Access Keys** and copy your **Project ID**\n5. Paste all three values below",
+        storage: {
+          secrets: [
+            "MIXPANEL_SERVICE_ACCOUNT_USERNAME",
+            "MIXPANEL_SERVICE_ACCOUNT_SECRET"
+          ],
+          variables: ["MIXPANEL_PROJECT_ID"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -103492,6 +104218,14 @@ var monday = {
           clientIdEnv: "MONDAY_OAUTH_CLIENT_ID",
           clientSecretEnv: "MONDAY_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["MONDAY_ACCESS_TOKEN", "MONDAY_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "MONDAY_ACCESS_TOKEN",
+            refreshToken: "MONDAY_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL29,
@@ -103515,8 +104249,6 @@ var monday = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL29,
-          accessToken: "MONDAY_ACCESS_TOKEN",
-          refreshToken: "MONDAY_REFRESH_TOKEN",
           envBindings: {
             MONDAY_TOKEN: "$secrets.MONDAY_ACCESS_TOKEN"
           }
@@ -103540,6 +104272,10 @@ var moss = {
       "api-token": {
         label: "Project Credentials",
         helpText: "1. Sign in to [Moss](https://www.moss.dev) and open the project portal\n2. Open **Project Settings \u2192 API Keys**\n3. Copy the **Project ID** and **Project Key** for your project (both are required and paired)",
+        storage: {
+          secrets: ["MOSS_PROJECT_ID", "MOSS_PROJECT_KEY"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -103580,6 +104316,10 @@ var msg9 = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [msg9](https://www.msg9.io)\n2. Go to **Settings > API Keys**\n3. Create a new API key\n4. Copy the key (format: `msg9_sk_...`)",
+        storage: {
+          secrets: ["MSG9_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -103614,6 +104354,10 @@ var n8n = {
       "api-token": {
         label: "API Key",
         helpText: "1. Open your n8n instance\n2. Go to **Settings** \u2192 **n8n API**\n3. Click **Create an API key**\n4. Copy the key and paste it below\n5. Set your instance URL (e.g. `https://your-instance.app.n8n.cloud`)",
+        storage: {
+          secrets: ["N8N_TOKEN"],
+          variables: ["N8N_BASE_URL"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -103663,6 +104407,14 @@ var neon = {
           clientIdEnv: "NEON_OAUTH_CLIENT_ID",
           clientSecretEnv: "NEON_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["NEON_ACCESS_TOKEN", "NEON_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "NEON_ACCESS_TOKEN",
+            refreshToken: "NEON_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL30,
@@ -103678,8 +104430,6 @@ var neon = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL30,
-          accessToken: "NEON_ACCESS_TOKEN",
-          refreshToken: "NEON_REFRESH_TOKEN",
           envBindings: {
             NEON_TOKEN: "$secrets.NEON_ACCESS_TOKEN"
           }
@@ -103689,6 +104439,10 @@ var neon = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [Neon Console](https://console.neon.tech)\n2. Navigate to **Account settings > API keys**\n3. Click the button to create a new API key\n4. Copy and store the secret token immediately (it is only displayed once)",
+        storage: {
+          secrets: ["NEON_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -103724,6 +104478,10 @@ var novita = {
       "api-token": {
         label: "API Key",
         helpText: "1. Sign in at [novita.ai](https://novita.ai)\n2. Open **Settings \u2192 Key Management**\n3. Click **+ Add New Key**\n4. Copy the key (it begins with `sk_`). Paste it here.",
+        storage: {
+          secrets: ["NOVITA_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -103758,6 +104516,10 @@ var nyne = {
       "api-token": {
         label: "API Credentials",
         helpText: "1. Sign in at [nyne.ai](https://nyne.ai)\n2. Open your dashboard \u2192 **API Keys**\n3. Copy your **API Key** and **API Secret**\n4. Nyne authenticates each request with both `X-API-Key` and `X-API-Secret` headers on `https://api.nyne.ai`",
+        storage: {
+          secrets: ["NYNE_API_KEY", "NYNE_API_SECRET"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -103796,6 +104558,10 @@ var onyx = {
       "api-token": {
         label: "API Key / PAT",
         helpText: "1. Log in to [Onyx Cloud](https://cloud.onyx.app)\n2. Go to **Settings \u2192 Accounts & Access**\n3. Click **Create New Token**\n4. Give it a name and choose an expiration\n5. Copy the token immediately \u2014 it is shown only once",
+        storage: {
+          secrets: ["ONYX_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -103832,6 +104598,10 @@ var openai = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [OpenAI Platform](https://platform.openai.com)\n2. Navigate to the [API Keys](https://platform.openai.com/api-keys) page in the dashboard\n3. Create a new API key\n4. Copy and store the key in a safe location",
+        storage: {
+          secrets: ["OPENAI_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -103867,6 +104637,10 @@ var openrouter = {
       "api-token": {
         label: "API Key",
         helpText: "1. Sign in to [OpenRouter](https://openrouter.ai/keys)\n2. Click **Create Key**, name it, and set the credit limit you want\n3. Copy the key (format: `sk-or-v1-\u2026`)\n4. Use it as a Bearer token on requests to `https://openrouter.ai/api/v1/...`",
+        storage: {
+          secrets: ["OPENROUTER_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -103901,6 +104675,10 @@ var openweather = {
       "api-token": {
         label: "API Key",
         helpText: "1. Sign in to [OpenWeather](https://home.openweathermap.org)\n2. Go to **My API keys**\n3. Copy your default key or click **Generate** to create a new one\n4. Pass it as the `appid` query parameter on every request",
+        storage: {
+          secrets: ["OPENWEATHER_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -103942,6 +104720,17 @@ var outlookCalendar = {
           clientIdEnv: "MICROSOFT_OAUTH_CLIENT_ID",
           clientSecretEnv: "MICROSOFT_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: [
+            "OUTLOOK_CALENDAR_ACCESS_TOKEN",
+            "OUTLOOK_CALENDAR_REFRESH_TOKEN"
+          ],
+          variables: [],
+          secretRoles: {
+            accessToken: "OUTLOOK_CALENDAR_ACCESS_TOKEN",
+            refreshToken: "OUTLOOK_CALENDAR_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL31,
@@ -103950,8 +104739,6 @@ var outlookCalendar = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL31,
-          accessToken: "OUTLOOK_CALENDAR_ACCESS_TOKEN",
-          refreshToken: "OUTLOOK_CALENDAR_REFRESH_TOKEN",
           envBindings: {
             OUTLOOK_CALENDAR_TOKEN: "$secrets.OUTLOOK_CALENDAR_ACCESS_TOKEN"
           }
@@ -103982,6 +104769,14 @@ var outlookMail = {
           clientIdEnv: "MICROSOFT_OAUTH_CLIENT_ID",
           clientSecretEnv: "MICROSOFT_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["OUTLOOK_MAIL_ACCESS_TOKEN", "OUTLOOK_MAIL_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "OUTLOOK_MAIL_ACCESS_TOKEN",
+            refreshToken: "OUTLOOK_MAIL_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL32,
@@ -103995,8 +104790,6 @@ var outlookMail = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL32,
-          accessToken: "OUTLOOK_MAIL_ACCESS_TOKEN",
-          refreshToken: "OUTLOOK_MAIL_REFRESH_TOKEN",
           envBindings: {
             OUTLOOK_MAIL_TOKEN: "$secrets.OUTLOOK_MAIL_ACCESS_TOKEN"
           }
@@ -104019,6 +104812,10 @@ var pandadoc = {
       "api-token": {
         label: "API Key",
         helpText: "1. In PandaDoc, go to **Settings > Integrations > API**\n2. Click **Generate Production Key** (requires an API-enabled plan) or **Generate Sandbox Key** for testing\n3. Copy the key and paste it here\n\nNote: Only Org Admins can generate keys. Sandbox keys work for free but signed documents have no legal validity.",
+        storage: {
+          secrets: ["PANDADOC_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -104053,6 +104850,10 @@ var parallel = {
       "api-token": {
         label: "API Key",
         helpText: "1. Go to [Parallel Platform](https://platform.parallel.ai)\n2. Create or copy your API key\n3. Use it as `PARALLEL_API_KEY`",
+        storage: {
+          secrets: ["PARALLEL_API_KEY"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -104088,6 +104889,10 @@ var pdf4me = {
       "api-token": {
         label: "API Key",
         helpText: "1. Register for an account at [PDF4me](https://portal.pdf4me.com) using email/password or via Google, Microsoft, Apple, or Facebook\n2. Go to the **Billing Info** section and select **Start Free Trial**\n3. After activation, you will be redirected to the **Dashboard**\n4. Find and copy your API Key from the Dashboard",
+        storage: {
+          secrets: ["PDF4ME_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -104122,6 +104927,10 @@ var pdfco = {
     authMethods: {
       "api-token": {
         label: "API Key",
+        storage: {
+          secrets: ["PDFCO_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -104157,6 +104966,10 @@ var pdforge = {
       "api-token": {
         label: "API Key",
         helpText: "1. Create an account on [pdforge](https://pdforge.com)\n2. Two API keys are automatically generated when you create your account\n3. Go to the **API Keys** menu in the sidebar to view your keys\n4. Copy your API key and use it in the `Authorization: Bearer pdfnoodle_api_[your_key]` header",
+        storage: {
+          secrets: ["PDFORGE_API_KEY"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -104191,6 +105004,10 @@ var peopleDataLabs = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to your [People Data Labs dashboard](https://dashboard.peopledatalabs.com)\n2. Open your API dashboard\n3. Copy your API key\n4. People Data Labs accepts it in the `X-Api-Key` header",
+        storage: {
+          secrets: ["PEOPLE_DATA_LABS_API_KEY"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -104226,6 +105043,10 @@ var perplexity = {
       "api-token": {
         label: "API Key",
         helpText: '1. Log in to the [Perplexity Console](https://console.perplexity.ai)\n2. Navigate to the **API Groups** page and create an API group (e.g., "Production" or "Development")\n3. Go to the **API Keys** page\n4. Generate a new API key\n5. Store the key immediately and securely (you will only see the full token value once)',
+        storage: {
+          secrets: ["PERPLEXITY_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -104260,6 +105081,10 @@ var pika = {
       "api-token": {
         label: "Developer Key",
         helpText: "1. Go to [pika.me/dev](https://www.pika.me/dev/)\n2. Sign in or create an account\n3. Create a new Developer Key\n4. Copy the key (format: `dk_...`)",
+        storage: {
+          secrets: ["PIKA_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -104294,6 +105119,10 @@ var pinecone = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [Pinecone](https://app.pinecone.io)\n2. Go to **API Keys** in the left sidebar\n3. Copy your default API key or create a new one",
+        storage: {
+          secrets: ["PINECONE_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -104328,6 +105157,10 @@ var pipedream = {
       "api-token": {
         label: "User API Key",
         helpText: "1. Log in to [Pipedream](https://pipedream.com)\n2. Open **My Account \u2192 API Key** in your user settings\n3. Copy your user API key\n4. Pipedream sends this key as `Authorization: Bearer <api key>`",
+        storage: {
+          secrets: ["PIPEDREAM_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -104362,6 +105195,10 @@ var pipedrive = {
       "api-token": {
         label: "API Key",
         helpText: "1. In Pipedrive, click your avatar (top right) \u2192 **Personal Preferences** \u2192 **API**\n2. Copy your personal API token\n3. Paste it here",
+        storage: {
+          secrets: ["PIPEDRIVE_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -104396,6 +105233,10 @@ var plain = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [Plain](https://app.plain.com)\n2. Go to **Settings \u2192 Machine Users**\n3. Click **New machine user** and generate an API key\n4. Copy the API key",
+        storage: {
+          secrets: ["PLAIN_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -104430,6 +105271,10 @@ var plausible = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [Plausible Analytics](https://plausible.io)\n2. Go to **Account Settings** \u2192 **API Keys**\n3. Click **New API Key** and choose **Stats API**\n4. Copy the key (it is only shown once)",
+        storage: {
+          secrets: ["PLAUSIBLE_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -104464,6 +105309,10 @@ var podchaser = {
       "api-token": {
         label: "API Token",
         helpText: "1. Log in to [Podchaser](https://www.podchaser.com)\n2. Go to [Profile > Settings > API](https://www.podchaser.com/profile/settings/api) to retrieve your **API Key** and **API Secret**\n3. Request an access token by sending a POST request to `https://api.podchaser.com/graphql` using the `requestAccessToken` mutation with `grant_type` set to `CLIENT_CREDENTIALS`, your API Key as `client_id`, and your API Secret as `client_secret`\n4. Store the returned access token (it lasts 1 year)",
+        storage: {
+          secrets: ["PODCHASER_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -104506,6 +105355,14 @@ var posthog = {
           clientIdEnv: "POSTHOG_OAUTH_CLIENT_ID",
           clientSecretEnv: "POSTHOG_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["POSTHOG_ACCESS_TOKEN", "POSTHOG_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "POSTHOG_ACCESS_TOKEN",
+            refreshToken: "POSTHOG_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL33,
@@ -104539,8 +105396,6 @@ var posthog = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL33,
-          accessToken: "POSTHOG_ACCESS_TOKEN",
-          refreshToken: "POSTHOG_REFRESH_TOKEN",
           envBindings: {
             POSTHOG_TOKEN: "$secrets.POSTHOG_ACCESS_TOKEN"
           }
@@ -104550,6 +105405,10 @@ var posthog = {
       "api-token": {
         label: "Personal API Key",
         helpText: "1. Log in to [PostHog](https://app.posthog.com)\n2. Navigate to **Personal API keys** in your account settings\n3. Click **+ Create a personal API Key**\n4. Enter a descriptive label for the key\n5. Choose the scopes (permissions) required for your use case\n6. Copy the key immediately (it will not be shown again after refreshing the page)",
+        storage: {
+          secrets: ["POSTHOG_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -104584,6 +105443,10 @@ var porkbun = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [Porkbun](https://porkbun.com)\n2. Open **Account > API Access**\n3. Create an API key and save both the **API Key** and **Secret Key**\n4. Enable API access for each domain you want to manage",
+        storage: {
+          secrets: ["PORKBUN_API_KEY", "PORKBUN_SECRET_API_KEY"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -104625,6 +105488,10 @@ var printful = {
       "api-token": {
         label: "Private Token",
         helpText: "1. Log in to the [Printful Developer Portal](https://developers.printful.com/)\n2. Generate a **Private Token** with the scopes your workflow needs\n3. Copy the token and use it as a Bearer token\n\nFor account-level Private Tokens, Printful requires an `X-PF-Store-Id` header on store-scoped requests.",
+        storage: {
+          secrets: ["PRINTFUL_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -104658,6 +105525,10 @@ var prismaPostgres = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to the [Prisma Console](https://console.prisma.io)\n2. Go to your workspace **Settings** page\n3. Select **Service Tokens**\n4. Click **New Service Token**\n5. Copy and save the generated service token securely",
+        storage: {
+          secrets: ["PRISMA_POSTGRES_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -104691,6 +105562,10 @@ var productlane = {
     authMethods: {
       "api-token": {
         label: "API Key",
+        storage: {
+          secrets: ["PRODUCTLANE_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -104724,6 +105599,10 @@ var pushinator = {
     authMethods: {
       "api-token": {
         label: "API Token",
+        storage: {
+          secrets: ["PUSHINATOR_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -104758,6 +105637,10 @@ var qdrant = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [Qdrant Cloud](https://cloud.qdrant.io)\n2. Open your cluster's detail page and go to **API Keys**\n3. Click **Create** and configure your key\n4. Copy the key (shown only once)",
+        storage: {
+          secrets: ["QDRANT_TOKEN"],
+          variables: ["QDRANT_BASE_URL"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -104799,6 +105682,10 @@ var qiita = {
       "api-token": {
         label: "Access Token",
         helpText: "1. Log in to [Qiita](https://qiita.com)\n2. Go to **Settings > Applications**\n3. Create a new access token with the desired scopes (e.g., `read_qiita`, `write_qiita`)\n4. Copy the generated token\n5. Use it in API requests with the header `Authorization: Bearer [your_token]`",
+        storage: {
+          secrets: ["QIITA_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -104833,6 +105720,10 @@ var railway = {
       "api-token": {
         label: "Account or Workspace Token",
         helpText: "1. Log in to [Railway](https://railway.com)\n2. Open your account or workspace **Settings \u2192 Tokens**\n3. Click **Create New Token**, name it, and (for workspace tokens) pick the workspace\n4. Copy the token (UUID v4 format)\n\nUse this connector for cross-project automation. For a single project, use the **Railway Project** connector instead.",
+        storage: {
+          secrets: ["RAILWAY_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -104867,6 +105758,10 @@ var railwayProject = {
       "api-token": {
         label: "Project Token",
         helpText: "1. Log in to [Railway](https://railway.com) and open the target project\n2. Go to **Project Settings \u2192 Tokens**\n3. Click **Create Token**, pick the environment, and name it\n4. Copy the token (UUID v4 format)\n\nThis token is sent via the `Project-Access-Token` header and is bound to one environment in one project. For cross-project automation use the **Railway** connector instead.",
+        storage: {
+          secrets: ["RAILWAY_PROJECT_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -104909,6 +105804,10 @@ var reap = {
       "api-token": {
         label: "API Key",
         helpText: "1. Contact the Reap team to obtain an API key for your project\n2. Choose the matching API base URL for the key environment: `https://sandbox.api.reap.global/v1` or `https://prod.api.reap.global/v1`\n3. Copy the API key",
+        storage: {
+          secrets: ["REAP_API_KEY"],
+          variables: ["REAP_API_BASE_URL"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -104958,6 +105857,14 @@ var reddit = {
           clientIdEnv: "REDDIT_OAUTH_CLIENT_ID",
           clientSecretEnv: "REDDIT_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["REDDIT_ACCESS_TOKEN", "REDDIT_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "REDDIT_ACCESS_TOKEN",
+            refreshToken: "REDDIT_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL34,
@@ -104966,8 +105873,6 @@ var reddit = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL34,
-          accessToken: "REDDIT_ACCESS_TOKEN",
-          refreshToken: "REDDIT_REFRESH_TOKEN",
           envBindings: {
             REDDIT_TOKEN: "$secrets.REDDIT_ACCESS_TOKEN"
           }
@@ -104990,6 +105895,10 @@ var reducto = {
       "api-token": {
         label: "API Key",
         helpText: "1. Sign in to the [Reducto Platform](https://platform.reducto.ai)\n2. Open **Settings \u2192 API Keys**\n3. Click **Create Key**, name it, and copy the value\n4. Use it as a Bearer token on requests to `https://platform.reducto.ai`",
+        storage: {
+          secrets: ["REDUCTO_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -105024,6 +105933,10 @@ var recraft = {
       "api-token": {
         label: "API Token",
         helpText: "1. Sign in to [Recraft](https://app.recraft.ai)\n2. Open your profile\n3. Copy your API token\n4. Paste it here.",
+        storage: {
+          secrets: ["RECRAFT_API_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -105058,6 +105971,10 @@ var replicate = {
       "api-token": {
         label: "API Token",
         helpText: "1. Sign up at [replicate.com](https://replicate.com)\n2. Click your avatar \u2192 **API Tokens**\n3. Click **Create token**, give it a name\n4. Copy the token (starts with `r8_`)\n5. Paste it here",
+        storage: {
+          secrets: ["REPLICATE_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -105092,6 +106009,10 @@ var reportei = {
       "api-token": {
         label: "API Token",
         helpText: "1. Log in to [Reportei](https://app.reportei.com)\n2. Go to **Company Settings** (Configura\xE7\xF5es da Empresa)\n3. Navigate to the **API Reportei** section\n4. Click **Generate new token** or copy your existing token",
+        storage: {
+          secrets: ["REPORTEI_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -105126,6 +106047,10 @@ var resend = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [Resend](https://resend.com)\n2. Navigate to the [API Keys](https://resend.com/api-keys) page\n3. Click **Create API Key**\n4. Enter a name for your key (up to 50 characters)\n5. Select the permission level: **Full access** or **Sending access**\n6. If choosing sending access, select which domain the key can access\n7. Copy the generated API key",
+        storage: {
+          secrets: ["RESEND_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -105160,6 +106085,10 @@ var rentcast = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to the [RentCast API dashboard](https://app.rentcast.io/app/api)\n2. Click **Create API Key**\n3. Copy the generated API key",
+        storage: {
+          secrets: ["RENTCAST_API_KEY"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -105194,6 +106123,10 @@ var revenuecat = {
       "api-token": {
         label: "Secret API Key",
         helpText: "1. Log in to [RevenueCat](https://app.revenuecat.com)\n2. Navigate to the **API keys** section in your project dashboard\n3. Public API keys are automatically created when you add an app to your project\n4. To create a secret API key, click **+ New secret API key** in the API keys section\n5. Copy and store the key securely (never embed secret keys in client-side code)",
+        storage: {
+          secrets: ["REVENUECAT_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -105229,6 +106162,10 @@ var runway = {
       "api-token": {
         label: "API Key",
         helpText: "1. Sign up for an account in the [Runway Developer Portal](https://dev.runwayml.com/)\n2. After signing up, create a new organization\n3. Click to the **API Keys** tab\n4. Create a new key, giving it a descriptive name\n5. Copy the key immediately and store it in a safe place \u2014 it will only be shown once",
+        storage: {
+          secrets: ["RUNWAY_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -105262,6 +106199,10 @@ var salesforce = {
     authMethods: {
       "api-token": {
         label: "API Token",
+        storage: {
+          secrets: ["SALESFORCE_TOKEN"],
+          variables: ["SALESFORCE_INSTANCE"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -105302,6 +106243,10 @@ var scrapeninja = {
     authMethods: {
       "api-token": {
         label: "API Token",
+        storage: {
+          secrets: ["SCRAPENINJA_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -105336,6 +106281,10 @@ var segment = {
       "api-token": {
         label: "Public API Token",
         helpText: "1. Log in to [Segment](https://app.segment.com)\n2. Open the workspace you want to manage\n3. Create a Public API token with the permissions required for your workflow\n4. Copy the token",
+        storage: {
+          secrets: ["SEGMENT_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -105371,6 +106320,10 @@ var sendgrid = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [SendGrid](https://app.sendgrid.com) and open **Settings > API Keys**\n2. Click **Create API Key**, name it (e.g. `vm0`), and pick **Full Access** or a scoped permission set covering Mail Send, Templates, and Suppressions\n3. Click **Create & View** and copy the API key \u2014 it is shown only once\n4. Paste the key below (starts with `SG.`)",
+        storage: {
+          secrets: ["SENDGRID_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -105405,6 +106358,10 @@ var serpapi = {
       "api-token": {
         label: "API Key",
         helpText: "1. Go to [SerpApi](https://serpapi.com) and sign up for an account (free plan available with 250 searches/month)\n2. Log in and go to your [Dashboard](https://serpapi.com/dashboard)\n3. Your API key is displayed on the dashboard\n4. Copy the API key",
+        storage: {
+          secrets: ["SERPAPI_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -105440,6 +106397,10 @@ var servicenow = {
       "api-token": {
         label: "API Key",
         helpText: "1. In ServiceNow, create (or pick) a dedicated service user with the roles the integration needs \u2014 `itil` for incident/change, `cmdb_read` for CMDB, etc.\n2. Set a password on that user under **User Administration \u2192 Users**\n3. Enter the username, password, and your ServiceNow instance subdomain \u2014 the prefix of `https://<subdomain>.service-now.com`",
+        storage: {
+          secrets: ["SERVICENOW_USERNAME", "SERVICENOW_PASSWORD"],
+          variables: ["SERVICENOW_INSTANCE"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -105488,6 +106449,10 @@ var shopify = {
       "api-token": {
         label: "API Key",
         helpText: "1. In your Shopify admin, go to **Settings \u2192 Apps and sales channels \u2192 Develop apps**\n2. Click **Create an app**, name it (e.g. `vm0`), and open it\n3. Under **Configuration \u2192 Admin API integration**, grant the scopes you need (e.g. `read_products`, `read_orders`)\n4. Click **Install app** and then **Reveal token once** \u2014 copy the Admin API access token (starts with `shpat_`)\n5. For the **Store subdomain** below, enter only the subdomain of your `.myshopify.com` URL (for `acme.myshopify.com` enter `acme`)",
+        storage: {
+          secrets: ["SHOPIFY_TOKEN"],
+          variables: ["SHOPIFY_SHOP"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -105529,6 +106494,10 @@ var shortio = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to the [Short.io](https://short.io) Dashboard\n2. Navigate to **Integrations and API**\n3. Click on **Create API key**\n4. Leave the **Public key** option disabled to create a private (secret) key\n5. Restrict the scope of the key to a specific team or domain\n6. Click **Create**\n7. Copy the key and store it in a safe place \u2014 secret keys cannot be recovered",
+        storage: {
+          secrets: ["SHORTIO_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -105563,6 +106532,10 @@ var similarweb = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to the [Similarweb platform](https://pro.similarweb.com/) (admin access required)\n2. From the main menu on the left, select **Settings & Help**, then select **Account**\n3. Under **Data Tools**, select either **REST API** or **Batch API**\n4. Click **Generate a New API Key** on the right\n5. Type the name of the API key, then select whether this is for yourself or another user\n6. Click **Create** \u2014 your key will be displayed in the Generated Keys table\n7. In the Generated Keys table, ensure the **Activation** toggle is on for the relevant API key",
+        storage: {
+          secrets: ["SIMILARWEB_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -105597,6 +106570,10 @@ var slackWebhook = {
       "api-token": {
         label: "Webhook URL",
         helpText: "1. Create a [Slack app](https://api.slack.com/apps) (or use an existing one), choosing a workspace to associate it with\n2. From the app settings page, select **Incoming Webhooks**\n3. Toggle **Activate Incoming Webhooks** to on\n4. Click **Add New Webhook to Workspace**\n5. Pick a channel for the app to post to, then click **Authorize**\n6. Copy the webhook URL from the **Webhook URLs for Your Workspace** section (it will look like `https://hooks.slack.com/services/T.../B.../XXXX...`)",
+        storage: {
+          secrets: ["SLACK_WEBHOOK_URL"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -105632,6 +106609,10 @@ var snowflake = {
       "api-token": {
         label: "Programmatic Access Token",
         helpText: "1. In Snowflake, generate a programmatic access token for the user or service user that should own the connection\n2. Copy the generated token secret when Snowflake displays it\n3. Enter your Snowflake account identifier, for example `myorganization-myaccount` from `https://myorganization-myaccount.snowflakecomputing.com`",
+        storage: {
+          secrets: ["SNOWFLAKE_PAT"],
+          variables: ["SNOWFLAKE_ACCOUNT"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -105673,6 +106654,10 @@ var sociavault = {
       "api-token": {
         label: "API Key",
         helpText: "1. Sign up or log in to the [SociaVault Dashboard](https://sociavault.com)\n2. Copy your API key\n3. SociaVault authenticates requests with the `X-API-Key` header",
+        storage: {
+          secrets: ["SOCIAVAULT_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -105707,6 +106692,10 @@ var sponge = {
       "api-token": {
         label: "Master API Key",
         helpText: "1. Sign in to the [Sponge Wallet dashboard](https://wallet.paysponge.com)\n2. Open **Settings \u2192 Master API Keys**\n3. Click **Create master key**, name it, and copy the value (prefix `sponge_master_...`)\n\nThe master key is the platform credential. Sponge agent runtime keys are minted on demand through it \u2014 store the master key once and never embed it in agent traffic.",
+        storage: {
+          secrets: ["SPONGE_MASTER_KEY"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -105749,6 +106738,10 @@ var sproutgigs = {
       "api-token": {
         label: "API Secret",
         helpText: "1. Log in to [SproutGigs](https://sproutgigs.com)\n2. Open **Account Settings** and go to the **Settings** tab\n3. Create or reset your API secret\n4. Enter your SproutGigs user ID and API secret. SproutGigs signs requests with HTTP Basic Auth using `USER_ID:API_SECRET`.",
+        storage: {
+          secrets: ["SPROUTGIGS_API_SECRET"],
+          variables: ["SPROUTGIGS_USER_ID"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -105790,6 +106783,10 @@ var square = {
       "api-token": {
         label: "Access Token",
         helpText: "1. Sign in to the [Square Developer Console](https://developer.squareup.com/apps)\n2. Open (or create) an application\n3. In the left pane, choose **Credentials**\n4. At the top of the page, select **Production**\n5. Copy the **Production Access token** (format: `EAAA...`)",
+        storage: {
+          secrets: ["SQUARE_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -105825,6 +106822,10 @@ var stabilityAi = {
       "api-token": {
         label: "API Key",
         helpText: "1. Sign up at [platform.stability.ai](https://platform.stability.ai)\n2. Go to **Account \u2192 API Keys \u2192 Create API Key**\n3. Copy the key (starts with `sk-`). Paste here. Free credits on signup.",
+        storage: {
+          secrets: ["STABILITY_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -105859,6 +106860,10 @@ var strapi = {
       "api-token": {
         label: "API Token",
         helpText: "1. Log in to your Strapi admin panel\n2. Go to **Settings \u2192 API Tokens**\n3. Click **Create new API Token**\n4. Enter a name, select a token duration, and choose a token type (Full Access or Custom)\n5. Click **Save** and copy the generated token",
+        storage: {
+          secrets: ["STRAPI_TOKEN"],
+          variables: ["STRAPI_BASE_URL"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -105899,6 +106904,10 @@ var streak = {
       "api-token": {
         label: "API Key",
         helpText: "1. Install the Streak extension and navigate to [Gmail](https://mail.google.com)\n2. Click on the Streak icon in the right sidebar\n3. Select the **Integrations** button\n4. Under the **Streak API** section, click **Create New Key**\n5. Copy and store the API key securely",
+        storage: {
+          secrets: ["STREAK_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -105942,6 +106951,14 @@ var stripe = {
           clientIdEnv: "STRIPE_OAUTH_CLIENT_ID",
           clientSecretEnv: "STRIPE_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["STRIPE_ACCESS_TOKEN", "STRIPE_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "STRIPE_ACCESS_TOKEN",
+            refreshToken: "STRIPE_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL35,
@@ -105950,8 +106967,6 @@ var stripe = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL35,
-          accessToken: "STRIPE_ACCESS_TOKEN",
-          refreshToken: "STRIPE_REFRESH_TOKEN",
           envBindings: {
             STRIPE_TOKEN: "$secrets.STRIPE_ACCESS_TOKEN"
           }
@@ -105961,6 +106976,10 @@ var stripe = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to your [Stripe Dashboard](https://dashboard.stripe.com/apikeys)\n2. Go to **Developers > API keys**\n3. Reveal the **Secret key** (starts with `sk_live_` or `sk_test_`) or create a **Restricted key** (`rk_live_...`) with the scopes you need\n4. Copy the key",
+        storage: {
+          secrets: ["STRIPE_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -106003,6 +107022,14 @@ var supabase = {
           clientIdEnv: "SUPABASE_OAUTH_CLIENT_ID",
           clientSecretEnv: "SUPABASE_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["SUPABASE_ACCESS_TOKEN", "SUPABASE_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "SUPABASE_ACCESS_TOKEN",
+            refreshToken: "SUPABASE_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL36,
@@ -106024,8 +107051,6 @@ var supabase = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL36,
-          accessToken: "SUPABASE_ACCESS_TOKEN",
-          refreshToken: "SUPABASE_REFRESH_TOKEN",
           envBindings: {
             SUPABASE_TOKEN: "$secrets.SUPABASE_ACCESS_TOKEN"
           }
@@ -106035,6 +107060,10 @@ var supabase = {
       "api-token": {
         label: "Service Role Key",
         helpText: "1. Log in to the [Supabase Dashboard](https://supabase.com/dashboard)\n2. Open your project's **Connect** dialog, or go to **Project Settings > API Keys**\n3. For legacy keys, copy the `anon` key (for client-side) or `service_role` key (for server-side) from the **Legacy API Keys** tab\n4. For new keys, open the **API Keys** tab, click **Create new API Keys** if needed, and copy the value from the **Publishable key** section",
+        storage: {
+          secrets: ["SUPABASE_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -106069,6 +107098,10 @@ var supadata = {
       "api-token": {
         label: "API Key",
         helpText: "1. Go to the [Supadata Dashboard](https://dash.supadata.ai)\n2. Sign up for an account (no credit card required)\n3. Your API key will be generated automatically\n4. Use it in API requests with the header `x-api-key: [your_api_key]`",
+        storage: {
+          secrets: ["SUPADATA_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -106103,6 +107136,10 @@ var supermemory = {
       "api-token": {
         label: "API Key",
         helpText: "Go to [console.supermemory.ai](https://console.supermemory.ai) \u2192 **API Keys** \u2192 create or copy your key.",
+        storage: {
+          secrets: ["SUPERMEMORY_API_KEY"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -106137,6 +107174,10 @@ var tavily = {
       "api-token": {
         label: "API Key",
         helpText: "1. Go to [app.tavily.com](https://app.tavily.com/) and sign up for a free account\n2. After signing in, your API key will be available on the dashboard\n3. Copy the API key (it will start with `tvly-`)",
+        storage: {
+          secrets: ["TAVILY_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -106186,12 +107227,18 @@ var testOauth = {
         label: "OAuth",
         helpText: "Test-only OAuth provider. Only reachable in dev/preview.",
         client: TEST_OAUTH_CLIENT,
+        storage: {
+          secrets: ["TEST_OAUTH_ACCESS_TOKEN", "TEST_OAUTH_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "TEST_OAUTH_ACCESS_TOKEN",
+            refreshToken: "TEST_OAUTH_REFRESH_TOKEN"
+          }
+        },
         grant: TEST_OAUTH_AUTH_CODE_GRANT,
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL37,
-          accessToken: "TEST_OAUTH_ACCESS_TOKEN",
-          refreshToken: "TEST_OAUTH_REFRESH_TOKEN",
           envBindings: {
             TEST_OAUTH_TOKEN: "$secrets.TEST_OAUTH_ACCESS_TOKEN"
           }
@@ -106203,12 +107250,21 @@ var testOauth = {
         label: "API OAuth",
         helpText: "Secondary test-only OAuth method used to exercise method-aware provider registration.",
         client: TEST_OAUTH_CLIENT,
+        storage: {
+          secrets: [
+            "TEST_OAUTH_API_ACCESS_TOKEN",
+            "TEST_OAUTH_API_REFRESH_TOKEN"
+          ],
+          variables: [],
+          secretRoles: {
+            accessToken: "TEST_OAUTH_API_ACCESS_TOKEN",
+            refreshToken: "TEST_OAUTH_API_REFRESH_TOKEN"
+          }
+        },
         grant: TEST_OAUTH_AUTH_CODE_GRANT,
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL37,
-          accessToken: "TEST_OAUTH_API_ACCESS_TOKEN",
-          refreshToken: "TEST_OAUTH_API_REFRESH_TOKEN",
           envBindings: {
             TEST_OAUTH_TOKEN: "$secrets.TEST_OAUTH_API_ACCESS_TOKEN"
           }
@@ -106237,6 +107293,13 @@ var testOauthDevice = {
           clientType: "public",
           clientId: "test-oauth-device-client"
         },
+        storage: {
+          secrets: ["TEST_OAUTH_DEVICE_ACCESS_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "TEST_OAUTH_DEVICE_ACCESS_TOKEN"
+          }
+        },
         grant: {
           kind: "device-auth",
           deviceAuthUrl: "/api/test/oauth-provider/device/code",
@@ -106260,6 +107323,13 @@ var testOauthDevice = {
           clientType: "public",
           clientId: "test-oauth-device-api-client"
         },
+        storage: {
+          secrets: ["TEST_OAUTH_DEVICE_API_ACCESS_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "TEST_OAUTH_DEVICE_API_ACCESS_TOKEN"
+          }
+        },
         grant: {
           kind: "device-auth",
           deviceAuthUrl: "/api/test/oauth-provider/device/code",
@@ -106291,6 +107361,10 @@ var testrail = {
       "api-token": {
         label: "API Key",
         helpText: "1. In TestRail, open **My Settings** (top-right user menu) \u2192 **API Keys**\n2. Click **Add Key**, name it (e.g. `vm0`), copy the generated key\n3. Enter the email you log in with, the generated API key, and your TestRail instance subdomain \u2014 the prefix of `https://<subdomain>.testrail.io`\n4. If your team self-hosts TestRail Server, set `TESTRAIL_INSTANCE` to the full host (e.g. `tests.example.com`) \u2014 the firewall accepts both forms",
+        storage: {
+          secrets: ["TESTRAIL_EMAIL", "TESTRAIL_TOKEN"],
+          variables: ["TESTRAIL_INSTANCE"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -106338,6 +107412,10 @@ var ticketmaster = {
       "api-token": {
         label: "Discovery API Key",
         helpText: "1. Log in to the [Ticketmaster Developer Portal](https://developer.ticketmaster.com)\n2. Open your application in **My Apps**\n3. Copy the **Consumer Key** for the Discovery API\n4. Use it as the `apikey` query parameter for Discovery API requests",
+        storage: {
+          secrets: ["TICKETMASTER_API_KEY"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -106372,6 +107450,10 @@ var tldv = {
       "api-token": {
         label: "API Key",
         helpText: "1. Ensure you have a **Business Plan** subscription on [tldv](https://tldv.io)\n2. API and webhook access is only available on the Business Plan\n3. Contact support at **support@tldv.io** to request API access and obtain your credentials",
+        storage: {
+          secrets: ["TLDV_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -106407,6 +107489,10 @@ var together = {
       "api-token": {
         label: "API Key",
         helpText: "1. Sign up at [api.together.ai](https://api.together.ai)\n2. Go to **Settings \u2192 API Keys**\n3. Click **Create API Key**\n4. Copy the key. Paste it here. Free $1 credit on signup.",
+        storage: {
+          secrets: ["TOGETHER_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -106442,6 +107528,10 @@ var tripo = {
       "api-token": {
         label: "API Key",
         helpText: "1. Sign in at [platform.tripo3d.ai](https://platform.tripo3d.ai)\n2. Open **API Keys**\n3. Click **Create API Key**\n4. Copy the key (it begins with `tsk_`). It is shown only once. Paste it here.",
+        storage: {
+          secrets: ["TRIPO_API_KEY"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -106476,6 +107566,10 @@ var twenty = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to your [Twenty](https://twenty.com) workspace\n2. Go to **Settings > APIs & Webhooks**\n3. Click **+ Create key**\n4. Enter a descriptive **Name** and set an **Expiration Date**\n5. Click **Save**\n6. Copy the key immediately \u2014 it is only shown once",
+        storage: {
+          secrets: ["TWENTY_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -106511,6 +107605,10 @@ var twilio = {
       "api-token": {
         label: "API Key",
         helpText: "1. Open the [Twilio Console](https://console.twilio.com) \u2014 your **Account SID** is shown on the dashboard\n2. Click **View** next to **Auth Token** to reveal the live auth token\n3. Copy both values and paste them below \u2014 the SID always starts with `AC`",
+        storage: {
+          secrets: ["TWILIO_ACCOUNT_SID", "TWILIO_AUTH_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -106551,6 +107649,10 @@ var typeform = {
       "api-token": {
         label: "Personal Access Token",
         helpText: "1. Log in to [Typeform](https://admin.typeform.com)\n2. Open the account menu (top-right) and pick **Personal tokens**\n3. Click **Generate a new token**, name it, and choose the scopes you need (e.g. `forms:read`, `responses:read`, `webhooks:write`)\n4. Copy the token (format: `tfp_...`)",
+        storage: {
+          secrets: ["TYPEFORM_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -106586,6 +107688,10 @@ var v0 = {
       "api-token": {
         label: "API Token",
         helpText: "1. Log in to [v0](https://v0.dev)\n2. Go to **Settings** \u2192 **Keys** ([direct link](https://v0.dev/chat/settings/keys))\n3. Create a new API key\n4. Copy the generated token",
+        storage: {
+          secrets: ["V0_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -106620,6 +107726,10 @@ var wandb = {
       "api-token": {
         label: "API Key",
         helpText: "Go to wandb.ai \u2192 Settings \u2192 API Keys \u2192 copy your key.",
+        storage: {
+          secrets: ["WANDB_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -106661,6 +107771,13 @@ var webflow = {
           clientIdEnv: "WEBFLOW_OAUTH_CLIENT_ID",
           clientSecretEnv: "WEBFLOW_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["WEBFLOW_ACCESS_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "WEBFLOW_ACCESS_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: "https://api.webflow.com/oauth/access_token",
@@ -106694,6 +107811,10 @@ var webflow = {
       "api-token": {
         label: "Site Token",
         helpText: "1. Log in to [Webflow](https://webflow.com) (site administrator access required)\n2. In your workspace, find the site and click the gear icon to open **Site Settings**\n3. In the left sidebar, select **Apps & integrations**\n4. Scroll to the bottom of the page to the **API access** section\n5. Click **Generate API token**\n6. Enter a name for your token and choose the required scopes\n7. Click **Generate token**\n8. Copy the generated token and save it in a secure location",
+        storage: {
+          secrets: ["WEBFLOW_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -106737,6 +107858,10 @@ var weread = {
       "api-token": {
         label: "WeRead API Key",
         helpText: "1. Open the [WeRead Skill page](https://weread.qq.com/r/weread-skills)\n2. Scan the QR code with WeChat to sign in to your WeChat Reading account\n3. Copy the generated API key (it begins with `wrk-`)\n4. The key authorises every endpoint under `i.weread.qq.com` and is scoped to your own account data",
+        storage: {
+          secrets: ["WEREAD_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -106771,6 +107896,10 @@ var whaleAlert = {
       "api-token": {
         label: "API Key",
         helpText: "1. Create a Whale Alert developer account\n2. Subscribe to the Custom Alerts or Enterprise REST API plan\n3. Copy the API key provided for your subscription\n4. Use this key as the `api_key` query parameter",
+        storage: {
+          secrets: ["WHALE_ALERT_API_KEY"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -106805,6 +107934,10 @@ var wix = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to your [Wix](https://www.wix.com) account (account owner or co-owner access required)\n2. Go to the [API Keys Manager](https://manage.wix.com/account/api-keys)\n3. Create a new API key and assign the required permissions\n4. Copy the generated API key and store it securely",
+        storage: {
+          secrets: ["WIX_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -106839,6 +107972,10 @@ var workos = {
       "api-token": {
         label: "API Key",
         helpText: "Go to WorkOS Dashboard \u2192 API Keys \u2192 copy your secret key (starts with `sk_live_` for production or `sk_test_` for sandbox).",
+        storage: {
+          secrets: ["WORKOS_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -106873,6 +108010,10 @@ var wrike = {
       "api-token": {
         label: "Permanent Access Token",
         helpText: "1. Navigate to your [Wrike](https://www.wrike.com) workspace\n2. Click on your **profile icon** in the navigation bar\n3. Select **Apps & Integrations**\n4. Click on **API**\n5. Click **+ App**\n6. Enter a name for your integration\n7. Click **Get Token** at the bottom of the window\n8. Copy and securely store your token \u2014 it will not be shown again after closing the page\n9. Click **Save**",
+        storage: {
+          secrets: ["WRIKE_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -106906,6 +108047,10 @@ var youtube = {
       "api-token": {
         label: "API Key",
         helpText: "1. Go to [Google Cloud Console](https://console.cloud.google.com/)\n2. Enable **YouTube Data API v3**\n3. Go to **Credentials** \u2192 **Create Credentials** \u2192 **API Key**\n4. Copy the API key",
+        storage: {
+          secrets: ["YOUTUBE_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -106940,6 +108085,10 @@ var zapier = {
       "api-token": {
         featureFlag: "zapierConnector" /* ZapierConnector */,
         label: "API Key",
+        storage: {
+          secrets: ["ZAPIER_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -106974,6 +108123,10 @@ var zapsign = {
       "api-token": {
         label: "API Token",
         helpText: "1. Log in to your [ZapSign](https://app.zapsign.com) account\n2. Go to **Settings**\n3. Navigate to **Integrations**\n4. Select **ZAPSIGN API**\n5. Copy your API token",
+        storage: {
+          secrets: ["ZAPSIGN_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -107008,6 +108161,10 @@ var zendesk = {
       "api-token": {
         label: "API Token",
         helpText: "1. Log in to [Zendesk Admin Center](https://www.zendesk.com/admin/)\n2. Go to **Apps and integrations \u2192 APIs \u2192 Zendesk API**\n3. Enable **Token Access** under the Settings tab\n4. Click **Add API token** and copy the token",
+        storage: {
+          secrets: ["ZENDESK_API_TOKEN"],
+          variables: ["ZENDESK_EMAIL", "ZENDESK_SUBDOMAIN"]
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -107056,6 +108213,10 @@ var zep = {
       "api-token": {
         label: "API Key",
         helpText: "1. Log in to [app.getzep.com](https://app.getzep.com)\n2. Go to **Settings**\n3. Navigate to **API Keys**\n4. Click **Create API Key** and copy the key",
+        storage: {
+          secrets: ["ZEP_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -107090,6 +108251,10 @@ var zeptomail = {
       "api-token": {
         label: "Send Mail Token",
         helpText: "1. Log in to [ZeptoMail](https://zeptomail.zoho.com)\n2. Select the Mail Agent for which you want to generate the API key\n3. Go to the **SMTP/API** tab\n4. In the **API** section, copy the **Agent alias** (agentkey)\n5. Submit a POST request to `https://api.zeptomail.com/v1.1/agents/{agentkey}/apikeys` with an `Authorization: Zoho-oauthtoken [your-token]` header\n6. The response will contain your send mail token (username and password)",
+        storage: {
+          secrets: ["ZEPTOMAIL_TOKEN"],
+          variables: []
+        },
         grant: {
           kind: "manual",
           fields: {
@@ -107132,6 +108297,14 @@ var zoom = {
           clientIdEnv: "ZOOM_OAUTH_CLIENT_ID",
           clientSecretEnv: "ZOOM_OAUTH_CLIENT_SECRET"
         },
+        storage: {
+          secrets: ["ZOOM_ACCESS_TOKEN", "ZOOM_REFRESH_TOKEN"],
+          variables: [],
+          secretRoles: {
+            accessToken: "ZOOM_ACCESS_TOKEN",
+            refreshToken: "ZOOM_REFRESH_TOKEN"
+          }
+        },
         grant: {
           kind: "auth-code",
           tokenUrl: OAUTH_TOKEN_URL38,
@@ -107155,8 +108328,6 @@ var zoom = {
         access: {
           kind: "refresh-token",
           tokenUrl: OAUTH_TOKEN_URL38,
-          accessToken: "ZOOM_ACCESS_TOKEN",
-          refreshToken: "ZOOM_REFRESH_TOKEN",
           envBindings: {
             ZOOM_TOKEN: "$secrets.ZOOM_ACCESS_TOKEN"
           }
@@ -107171,7 +108342,10 @@ var zoom = {
 // ../../packages/connectors/src/connectors.ts
 var CONNECTOR_AUTH_METHOD_IDS = ["oauth", "api-token", "api"];
 var connectorAuthMethodIdSchema = external_exports.enum(CONNECTOR_AUTH_METHOD_IDS);
-var CONNECTOR_TYPES_DEF = {
+function defineConnectors(configs) {
+  return configs;
+}
+var CONNECTOR_TYPES_DEF = defineConnectors({
   ...github,
   ...gmail,
   ...notion,
@@ -107421,7 +108595,7 @@ var CONNECTOR_TYPES_DEF = {
   ...zep,
   ...zeptomail,
   ...zoom
-};
+});
 var CONNECTOR_TYPES = CONNECTOR_TYPES_DEF;
 var CONNECTOR_TYPE_KEYS = Object.freeze(
   Object.keys(CONNECTOR_TYPES_DEF)
@@ -116118,7 +117292,6 @@ var CONNECTOR_AUTH_METHOD_PRIORITY = {
   "api-token": 1,
   api: 2
 };
-var CONNECTOR_SECRET_REF_PREFIX = "$secrets.";
 function connectorAuthMethodPriority(authMethod) {
   return CONNECTOR_AUTH_METHOD_PRIORITY[authMethod];
 }
@@ -116155,32 +117328,6 @@ function connectorAccessEnvBindings(access) {
       return {};
   }
 }
-function connectorAccessPlatformSecrets(access) {
-  switch (access.kind) {
-    case "static":
-    case "refresh-token":
-      return access.platformSecrets ?? [];
-    case "none":
-      return [];
-  }
-}
-function connectorOwnedAccessSecretBindingEntries(args) {
-  const platformSecretNames = new Set(
-    args.platformSecrets
-  );
-  const entries = [];
-  for (const [envName, valueRef] of Object.entries(args.envBindings)) {
-    if (!valueRef.startsWith(CONNECTOR_SECRET_REF_PREFIX)) {
-      continue;
-    }
-    const secretName = valueRef.slice(CONNECTOR_SECRET_REF_PREFIX.length);
-    if (platformSecretNames.has(secretName)) {
-      continue;
-    }
-    entries.push({ envName, secretName });
-  }
-  return entries;
-}
 function connectorGrantScopes(grant) {
   switch (grant?.kind) {
     case "auth-code":
@@ -116202,33 +117349,7 @@ function getConnectorGenerationTypes(type) {
   return "generation" in config4 ? config4.generation ?? [] : [];
 }
 function connectorMethodOwnedSecretNames(method) {
-  if (!method) {
-    return [];
-  }
-  const names = /* @__PURE__ */ new Set();
-  const fields = getManualGrantFields(method);
-  for (const [name, field] of Object.entries(fields ?? {})) {
-    if (field.storage !== "variable") {
-      names.add(name);
-    }
-  }
-  for (const { secretName } of connectorOwnedAccessSecretBindingEntries({
-    envBindings: connectorAccessEnvBindings(method.access),
-    platformSecrets: connectorAccessPlatformSecrets(method.access)
-  })) {
-    names.add(secretName);
-  }
-  if (method.access.kind === "refresh-token") {
-    names.add(method.access.accessToken);
-    names.add(method.access.refreshToken);
-  }
-  const platformSecretNames = new Set(
-    connectorAccessPlatformSecrets(method.access)
-  );
-  for (const secretName of platformSecretNames) {
-    names.delete(secretName);
-  }
-  return [...names];
+  return method ? [...method.storage.secrets] : [];
 }
 function getConnectorAuthMethodEnvBindings(type, authMethod) {
   const method = getConnectorAuthMethod(type, authMethod);
@@ -130209,12 +131330,6 @@ var agentIdSchema = external_exports.string().uuid();
 var connectorRefSchema = external_exports.string().min(1).max(64);
 var permissionSchema = external_exports.string().min(1).max(128);
 var userPermissionGrantActionSchema = external_exports.enum(["allow", "deny"]);
-var userPermissionGrantTtlSecondsSchema = external_exports.union([
-  external_exports.literal(300),
-  external_exports.literal(900),
-  external_exports.literal(3600),
-  external_exports.literal(86400)
-]);
 var userPermissionGrantResponseSchema = external_exports.object({
   agentId: agentIdSchema,
   connectorRef: connectorRefSchema,
@@ -130231,8 +131346,7 @@ var upsertUserPermissionGrantRequestSchema = external_exports.object({
   agentId: agentIdSchema,
   connectorRef: connectorRefSchema,
   permission: permissionSchema,
-  action: userPermissionGrantActionSchema,
-  ttlSeconds: userPermissionGrantTtlSecondsSchema
+  action: userPermissionGrantActionSchema
 });
 var zeroUserPermissionGrantsContract = c61.router({
   list: {
@@ -134481,4 +135595,4 @@ undici/lib/web/fetch/body.js:
 undici/lib/web/websocket/frame.js:
   (*! ws. MIT License. Einar Otto Stangvik <einaros@gmail.com> *)
 */
-//# sourceMappingURL=chunk-CYXYACBN.js.map
+//# sourceMappingURL=chunk-DPEOZVW6.js.map