executor 1.3.0-beta.2 → 1.3.0-beta.4

package/bin/executor.mjs

@@ -354738,6 +354738,7 @@ var McpStartOAuthInputSchema = Struct({
 });
 var McpDiscoverInputSchema = Struct({
   endpoint: String$,
+  queryParams: optional(NullOr(StringMapSchema)),
   probeAuth: optional(NullOr(SourceProbeAuthSchema))
 });
 var McpDiscoverResultSchema = NullOr(SourceDiscoveryResultSchema);
@@ -354909,6 +354910,9 @@ var createMcpCapability = (input) => {
     auth: { kind: "none" },
     interaction: {
       ...interaction,
+      approval: {
+        mayRequire: false
+      },
       resume: {
         supported: mcpResumeSupport(input.operation.providerData.execution)
       }
@@ -357477,7 +357481,7 @@ var mcpCatalogOperationFromManifestEntry = (input) => ({
   toolId: input.entry.toolId,
   title: input.entry.displayTitle ?? input.entry.title ?? input.entry.toolName,
   description: input.entry.description ?? null,
-  effect: input.entry.annotations?.readOnlyHint === true ? "read" : "write",
+  effect: "read",
   inputSchema: input.entry.inputSchema,
   outputSchema: input.entry.outputSchema,
   providerData: {
@@ -357839,7 +357843,10 @@ var mcpSdkPlugin = (options7) => defineExecutorSourcePlugin({
       inputSchema: McpDiscoverInputSchema,
       outputSchema: McpDiscoverResultSchema,
       execute: ({ args: args2 }) => gen2(function* () {
-        const normalizedUrl = normalizeSourceDiscoveryUrl(args2.endpoint);
+        const normalizedUrl = normalizeSourceDiscoveryUrl(resolveMcpEndpoint({
+          endpoint: args2.endpoint.trim(),
+          queryParams: args2.queryParams
+        }));
         const discovered = yield* detectMcpSource({
           normalizedUrl,
           headers: probeHeadersFromAuth(args2.probeAuth ?? null)
@@ -357977,7 +357984,10 @@ var mcpSdkPlugin = (options7) => defineExecutorSourcePlugin({
     const provideRuntime = (effect3) => provideExecutorRuntime(effect3, executor.runtime);
     return {
       discoverSource: (input) => provideRuntime(gen2(function* () {
-        const normalizedUrl = normalizeSourceDiscoveryUrl(input.endpoint);
+        const normalizedUrl = normalizeSourceDiscoveryUrl(resolveMcpEndpoint({
+          endpoint: input.endpoint.trim(),
+          queryParams: input.queryParams
+        }));
         const discovered = yield* detectMcpSource({
           normalizedUrl,
           headers: probeHeadersFromAuth(input.probeAuth ?? null)
@@ -364867,512 +364877,28 @@ var openApiHttpPlugin = () => ({
   })), mapError2(mapPluginStorageError4("openapi.updateSource")))).handle("refreshSource", ({ path: path4 }) => resolveRequestedLocalWorkspace("openapi.refreshSource", path4.workspaceId).pipe(flatMap10(() => executor2.openapi.refreshSource(path4.sourceId)), mapError2(mapPluginStorageError4("openapi.refreshSource")))).handle("removeSource", ({ path: path4 }) => resolveRequestedLocalWorkspace("openapi.removeSource", path4.workspaceId).pipe(flatMap10(() => executor2.openapi.removeSource(path4.sourceId)), map16((removed) => ({ removed })), mapError2(mapPluginStorageError4("openapi.removeSource")))))
 });
 
-// plugins/onepassword/shared/index.ts
-var ONEPASSWORD_SECRET_STORE_KIND = "onepassword";
-var ONEPASSWORD_SECRET_FIELD_ID = "credential";
-var OnePasswordStoreAuthSchema = Union2(Struct({
-  kind: Literal2("desktop-app"),
-  accountName: String$
-}), Struct({
-  kind: Literal2("service-account"),
-  tokenSecretRef: SecretRefSchema2
-}));
-var OnePasswordConnectInputSchema = Struct({
-  kind: Literal2(ONEPASSWORD_SECRET_STORE_KIND),
-  name: String$,
-  vaultId: String$,
-  auth: OnePasswordStoreAuthSchema
-});
-var OnePasswordStoreConfigPayloadSchema = OnePasswordConnectInputSchema;
-var OnePasswordUpdateStoreInputSchema = Struct({
-  storeId: String$,
-  config: OnePasswordStoreConfigPayloadSchema
-});
-var OnePasswordStoredStoreDataSchema = Struct({
-  vaultId: String$,
-  auth: OnePasswordStoreAuthSchema
-});
-var OnePasswordDiscoverVaultsInputSchema = Struct({
-  auth: OnePasswordStoreAuthSchema
-});
-var OnePasswordVaultSchema = Struct({
-  id: String$,
-  name: String$
-});
-var OnePasswordDiscoverVaultsResultSchema = Struct({
-  vaults: Array$(OnePasswordVaultSchema)
-});
-var OnePasswordDiscoverStoreItemsInputSchema = Struct({
-  storeId: String$
-});
-var OnePasswordItemFieldSchema = Struct({
-  id: String$,
-  title: String$,
-  fieldType: String$,
-  sectionId: optional(String$)
-});
-var OnePasswordItemSchema = Struct({
-  id: String$,
-  title: String$,
-  category: String$,
-  fields: optional(Array$(OnePasswordItemFieldSchema))
-});
-var OnePasswordDiscoverStoreItemsResultSchema = Struct({
-  items: Array$(OnePasswordItemSchema)
-});
-var OnePasswordDiscoverItemFieldsInputSchema = Struct({
-  storeId: String$,
-  itemId: String$
-});
-var OnePasswordDiscoverItemFieldsResultSchema = Struct({
-  itemId: String$,
-  fields: Array$(OnePasswordItemFieldSchema)
-});
-var OnePasswordImportSecretInputSchema = Struct({
-  storeId: String$,
-  itemId: String$,
-  fieldId: String$,
-  name: optional(String$)
-});
-var OnePasswordImportSecretResultSchema = Struct({
-  id: String$,
-  name: NullOr(String$),
-  storeId: String$,
-  purpose: String$,
-  createdAt: Number$,
-  updatedAt: Number$
-});
-var workspaceIdParam8 = exports_HttpApiSchema.param("workspaceId", ScopeIdSchema2);
-var onePasswordHttpGroup = exports_HttpApiGroup.make("onepassword").add(exports_HttpApiEndpoint.post("discoverVaults")`/workspaces/${workspaceIdParam8}/plugins/onepassword/vaults/discover`.setPayload(OnePasswordDiscoverVaultsInputSchema).addSuccess(OnePasswordDiscoverVaultsResultSchema)).add(exports_HttpApiEndpoint.post("discoverStoreItems")`/workspaces/${workspaceIdParam8}/plugins/onepassword/stores/discover-items`.setPayload(OnePasswordDiscoverStoreItemsInputSchema).addSuccess(OnePasswordDiscoverStoreItemsResultSchema)).add(exports_HttpApiEndpoint.post("discoverItemFields")`/workspaces/${workspaceIdParam8}/plugins/onepassword/items/discover-fields`.setPayload(OnePasswordDiscoverItemFieldsInputSchema).addSuccess(OnePasswordDiscoverItemFieldsResultSchema)).add(exports_HttpApiEndpoint.post("importSecret")`/workspaces/${workspaceIdParam8}/plugins/onepassword/secrets/import`.setPayload(OnePasswordImportSecretInputSchema).addSuccess(OnePasswordImportSecretResultSchema)).prefix("/v1");
-
-// plugins/onepassword/http/index.ts
-var workspaceIdParam9 = exports_HttpApiSchema.param("workspaceId", ScopeIdSchema2);
-var OnePasswordHttpGroup = exports_HttpApiGroup.make("onepassword").add(exports_HttpApiEndpoint.post("discoverVaults")`/workspaces/${workspaceIdParam9}/plugins/onepassword/vaults/discover`.setPayload(OnePasswordDiscoverVaultsInputSchema).addSuccess(OnePasswordDiscoverVaultsResultSchema).addError(ControlPlaneBadRequestError).addError(ControlPlaneForbiddenError).addError(ControlPlaneStorageError)).add(exports_HttpApiEndpoint.post("discoverStoreItems")`/workspaces/${workspaceIdParam9}/plugins/onepassword/stores/discover-items`.setPayload(OnePasswordDiscoverStoreItemsInputSchema).addSuccess(OnePasswordDiscoverStoreItemsResultSchema).addError(ControlPlaneBadRequestError).addError(ControlPlaneForbiddenError).addError(ControlPlaneStorageError)).add(exports_HttpApiEndpoint.post("discoverItemFields")`/workspaces/${workspaceIdParam9}/plugins/onepassword/items/discover-fields`.setPayload(OnePasswordDiscoverItemFieldsInputSchema).addSuccess(OnePasswordDiscoverItemFieldsResultSchema).addError(ControlPlaneBadRequestError).addError(ControlPlaneForbiddenError).addError(ControlPlaneStorageError)).add(exports_HttpApiEndpoint.post("importSecret")`/workspaces/${workspaceIdParam9}/plugins/onepassword/secrets/import`.setPayload(OnePasswordImportSecretInputSchema).addSuccess(OnePasswordImportSecretResultSchema).addError(ControlPlaneBadRequestError).addError(ControlPlaneForbiddenError).addError(ControlPlaneStorageError)).prefix("/v1");
-var OnePasswordHttpApi = exports_HttpApi.make("executor").add(OnePasswordHttpGroup);
-var toStorageError5 = (operation, cause2) => new ControlPlaneStorageError({
-  operation,
-  message: cause2 instanceof Error ? cause2.message : String(cause2),
-  details: cause2 instanceof Error ? cause2.stack ?? cause2.message : String(cause2)
-});
-var onePasswordHttpPlugin = () => ({
-  key: "onepassword",
-  group: OnePasswordHttpGroup,
-  build: ({ executor: executor2 }) => exports_HttpApiBuilder.group(OnePasswordHttpApi, "onepassword", (handlers) => handlers.handle("discoverVaults", ({ path: path4, payload }) => resolveRequestedLocalWorkspace("onepassword.discoverVaults", path4.workspaceId).pipe(flatMap10(() => executor2.onepassword.discoverVaults(payload)), mapError2((cause2) => toStorageError5("onepassword.discoverVaults", cause2)))).handle("discoverStoreItems", ({ path: path4, payload }) => resolveRequestedLocalWorkspace("onepassword.discoverStoreItems", path4.workspaceId).pipe(flatMap10(() => executor2.onepassword.discoverStoreItems(payload)), mapError2((cause2) => toStorageError5("onepassword.discoverStoreItems", cause2)))).handle("discoverItemFields", ({ path: path4, payload }) => resolveRequestedLocalWorkspace("onepassword.discoverItemFields", path4.workspaceId).pipe(flatMap10(() => executor2.onepassword.discoverItemFields(payload)), mapError2((cause2) => toStorageError5("onepassword.discoverItemFields", cause2)))).handle("importSecret", ({ path: path4, payload }) => resolveRequestedLocalWorkspace("onepassword.importSecret", path4.workspaceId).pipe(flatMap10(() => executor2.onepassword.importSecret(payload)), mapError2((cause2) => toStorageError5("onepassword.importSecret", cause2)))))
-});
-
-// plugins/onepassword/sdk/index.ts
-import {
-  createClient,
-  DesktopAuth,
-  ItemCategory,
-  ItemFieldType
-} from "@1password/sdk";
-var ONEPASSWORD_REQUEST_TIMEOUT_MS = 15000;
-var timedOutOnePasswordRequestError = (operation) => new Error(`1Password ${operation} timed out after ${Math.floor(ONEPASSWORD_REQUEST_TIMEOUT_MS / 1000)} seconds. Approve the request in the 1Password desktop app and try again.`);
-var runOnePasswordRequest = (operation, effect3) => new Promise((resolve5, reject) => {
-  const timeoutId = setTimeout(() => {
-    reject(timedOutOnePasswordRequestError(operation));
-  }, ONEPASSWORD_REQUEST_TIMEOUT_MS);
-  effect3().then((value7) => {
-    clearTimeout(timeoutId);
-    resolve5(value7);
-  }, (cause2) => {
-    clearTimeout(timeoutId);
-    reject(cause2);
-  });
-});
-var resolveServiceAccountToken = (auth2) => gen2(function* () {
-  const resolveSecretMaterial = yield* SecretMaterialResolverService;
-  return yield* resolveSecretMaterial({
-    ref: auth2.tokenSecretRef
-  });
-});
-var makeClientFromAuth = (auth2) => gen2(function* () {
-  const resolvedAuth = auth2.kind === "desktop-app" ? new DesktopAuth(auth2.accountName) : yield* resolveServiceAccountToken(auth2);
-  return yield* tryPromise2({
-    try: () => runOnePasswordRequest("client setup", () => createClient({
-      auth: resolvedAuth,
-      integrationName: "Executor",
-      integrationVersion: "0.0.0"
-    })),
-    catch: (cause2) => cause2 instanceof Error ? cause2 : new Error(String(cause2))
-  });
-});
-var makeClient2 = (stored) => gen2(function* () {
-  if (!stored) {
-    throw new Error("1Password store configuration is missing.");
-  }
-  return yield* makeClientFromAuth(stored.auth);
-});
-var importableFieldTypes = new Set([
-  ItemFieldType.Concealed,
-  ItemFieldType.Text
-]);
-var ONEPASSWORD_BROWSE_ITEM_LIMIT = 12;
-var toImportableFields = (fields) => fields.filter((field) => importableFieldTypes.has(field.fieldType) && field.id.trim().length > 0 && field.value.trim().length > 0).map((field) => ({
-  id: field.id,
-  title: field.title || field.id,
-  fieldType: field.fieldType,
-  ...field.sectionId ? { sectionId: field.sectionId } : {}
-}));
-var secretSelectionKey = (itemId, fieldId) => `secret:${itemId}:${fieldId}`;
-var parseSelectionKey = (value7) => {
-  const itemMatch = /^item:([^:]+)$/.exec(value7);
-  if (itemMatch) {
-    return {
-      kind: "item",
-      itemId: itemMatch[1]
-    };
-  }
-  const secretMatch = /^secret:([^:]+):([^:]+)$/.exec(value7);
-  if (secretMatch) {
-    return {
-      kind: "secret",
-      itemId: secretMatch[1],
-      fieldId: secretMatch[2]
-    };
-  }
-  throw new Error(`Invalid 1Password selection key: ${value7}`);
-};
-var discoverVaults = (input) => flatMap10(makeClientFromAuth(input.auth), (client) => tryPromise2({
-  try: async () => {
-    const vaults = await runOnePasswordRequest("vault discovery", () => client.vaults.list({ decryptDetails: true }));
-    return {
-      vaults: vaults.map((vault) => ({
-        id: vault.id,
-        name: vault.title
-      })).sort((left3, right3) => left3.name.localeCompare(right3.name))
-    };
-  },
-  catch: (cause2) => cause2 instanceof Error ? cause2 : new Error(String(cause2))
-}));
-var discoverStoreItems = (input) => flatMap10(makeClient2(input.stored), (client) => tryPromise2({
-  try: async () => {
-    const overviews = await runOnePasswordRequest("item discovery", () => client.items.list(input.stored.vaultId));
-    return {
-      items: overviews.map((item) => ({
-        id: item.id,
-        title: item.title,
-        category: item.category
-      })).sort((left3, right3) => left3.title.localeCompare(right3.title))
-    };
-  },
-  catch: (cause2) => cause2 instanceof Error ? cause2 : new Error(String(cause2))
-}));
-var discoverItemFields = (input) => flatMap10(makeClient2(input.stored), (client) => tryPromise2({
-  try: async () => {
-    const item = await runOnePasswordRequest("field discovery", () => client.items.get(input.stored.vaultId, input.itemId));
-    return {
-      itemId: item.id,
-      fields: toImportableFields(item.fields)
-    };
-  },
-  catch: (cause2) => cause2 instanceof Error ? cause2 : new Error(String(cause2))
-}));
-var discoverImportableSecrets = (input) => flatMap10(makeClient2(input.stored), (client) => tryPromise2({
-  try: async () => {
-    const normalizedQuery = input.query?.trim().toLowerCase() ?? "";
-    const overviews = await runOnePasswordRequest("item discovery", () => client.items.list(input.stored.vaultId));
-    const filteredItems = overviews.filter((item) => normalizedQuery.length === 0 || item.title.toLowerCase().includes(normalizedQuery)).slice(0, ONEPASSWORD_BROWSE_ITEM_LIMIT);
-    const detailedItems = await Promise.all(filteredItems.map((item) => runOnePasswordRequest("field discovery", () => client.items.get(input.stored.vaultId, item.id))));
-    return {
-      entries: detailedItems.flatMap((item) => toImportableFields(item.fields).filter((field) => normalizedQuery.length === 0 || item.title.toLowerCase().includes(normalizedQuery) || field.title.toLowerCase().includes(normalizedQuery) || field.id.toLowerCase().includes(normalizedQuery)).map((field) => ({
-        key: secretSelectionKey(item.id, field.id),
-        label: `${item.title} · ${field.title}`,
-        description: item.category ?? field.fieldType ?? null,
-        kind: "secret"
-      }))).sort((left3, right3) => left3.label.localeCompare(right3.label))
-    };
-  },
-  catch: (cause2) => cause2 instanceof Error ? cause2 : new Error(String(cause2))
-}));
-var browseSecrets = (input) => gen2(function* () {
-  const normalizedQuery = input.query?.trim().toLowerCase() ?? "";
-  if (!input.parentKey) {
-    return yield* discoverImportableSecrets({
-      ...input,
-      query: normalizedQuery
-    });
-  }
-  const selection = parseSelectionKey(input.parentKey);
-  if (selection.kind !== "item") {
-    throw new Error(`Cannot browse children for selection: ${input.parentKey}`);
-  }
-  const fields = yield* discoverItemFields({
-    ...input,
-    itemId: selection.itemId
-  });
-  return {
-    entries: fields.fields.filter((field) => normalizedQuery.length === 0 || field.title.toLowerCase().includes(normalizedQuery) || field.id.toLowerCase().includes(normalizedQuery)).map((field) => ({
-      key: secretSelectionKey(selection.itemId, field.id),
-      label: field.title,
-      description: field.fieldType ?? null,
-      kind: "secret"
-    }))
-  };
-});
-var importSecretFromSelection = (input) => gen2(function* () {
-  const selection = parseSelectionKey(input.selectionKey);
-  if (selection.kind !== "secret") {
-    throw new Error(`1Password selection is not a secret field: ${input.selectionKey}`);
-  }
-  const items = yield* discoverStoreItems(input);
-  const item = items.items.find((candidate) => candidate.id === selection.itemId);
-  if (!item) {
-    throw new Error(`1Password item not found: ${selection.itemId}`);
-  }
-  const fields = yield* discoverItemFields({
-    ...input,
-    itemId: selection.itemId
-  });
-  const field = fields.fields.find((candidate) => candidate.id === selection.fieldId);
-  if (!field) {
-    throw new Error(`1Password field not found: ${selection.itemId}/${selection.fieldId}`);
-  }
-  return {
-    secretStored: {
-      uri: `op://${input.stored.vaultId}/${item.id}/${field.id}`
-    },
-    name: input.name?.trim() || `${item.title} · ${field.title}`
-  };
-});
-var createImportedSecretRecord2 = (input) => gen2(function* () {
-  const now2 = Date.now();
-  const secret7 = {
-    id: SecretMaterialIdSchema.make(`sec_${crypto.randomUUID()}`),
-    storeId: input.store.id,
-    name: input.name,
-    purpose: input.purpose ?? "auth_material",
-    createdAt: now2,
-    updatedAt: now2
-  };
-  yield* input.executor.runtime.storage.secrets.upsert(secret7);
-  yield* input.executor.runtime.storage.secrets.secretMaterialStoredData.upsert({
-    secretId: secret7.id,
-    data: input.secretStored
-  });
-  return {
-    id: secret7.id,
-    name: secret7.name,
-    storeId: secret7.storeId,
-    purpose: secret7.purpose,
-    createdAt: secret7.createdAt,
-    updatedAt: secret7.updatedAt
-  };
-});
-var parseSecretReference = (uri) => {
-  const match18 = /^op:\/\/([^/]+)\/([^/]+)\/([^/]+)$/.exec(uri);
-  if (!match18) {
-    throw new Error(`Invalid 1Password secret reference: ${uri}`);
-  }
-  return {
-    vaultId: match18[1],
-    itemId: match18[2],
-    fieldId: match18[3]
-  };
-};
-var upsertCredentialField = (item, value7) => {
-  const existing = item.fields.find((field) => field.id === ONEPASSWORD_SECRET_FIELD_ID);
-  if (existing) {
-    existing.value = value7;
-    return item;
-  }
-  item.fields.push({
-    id: ONEPASSWORD_SECRET_FIELD_ID,
-    title: "Credential",
-    fieldType: ItemFieldType.Concealed,
-    value: value7
-  });
-  return item;
-};
-var onePasswordSdkPlugin = (input) => defineExecutorSecretStorePlugin({
-  key: ONEPASSWORD_SECRET_STORE_KIND,
-  secretStore: {
-    kind: ONEPASSWORD_SECRET_STORE_KIND,
-    displayName: "1Password",
-    add: {
-      inputSchema: OnePasswordConnectInputSchema,
-      toConnectInput: (value7) => value7
-    },
-    storage: input.storage,
-    store: {
-      create: (value7) => ({
-        store: {
-          kind: ONEPASSWORD_SECRET_STORE_KIND,
-          name: value7.name,
-          status: "connected",
-          enabled: true
-        },
-        stored: {
-          vaultId: value7.vaultId,
-          auth: value7.auth
-        }
-      }),
-      update: ({ store, config: config4 }) => ({
-        store: {
-          ...store,
-          name: config4.name,
-          status: "connected"
-        },
-        stored: {
-          vaultId: config4.vaultId,
-          auth: config4.auth
-        }
-      }),
-      toConfig: ({ store, stored }) => ({
-        kind: ONEPASSWORD_SECRET_STORE_KIND,
-        name: store.name,
-        vaultId: stored.vaultId,
-        auth: stored.auth
-      }),
-      resolveSecret: ({ secretStored, stored }) => flatMap10(makeClient2(stored), (client) => tryPromise2({
-        try: () => runOnePasswordRequest("secret resolution", () => client.secrets.resolve(secretStored.uri)),
-        catch: (cause2) => cause2 instanceof Error ? cause2 : new Error(String(cause2))
-      })),
-      createSecret: ({ stored, value: value7, name }) => flatMap10(makeClient2(stored), (client) => tryPromise2({
-        try: async () => {
-          const item = await runOnePasswordRequest("secret creation", () => client.items.create({
-            category: ItemCategory.Password,
-            vaultId: stored.vaultId,
-            title: name?.trim() || "Executor Secret",
-            fields: [
-              {
-                id: ONEPASSWORD_SECRET_FIELD_ID,
-                title: "Credential",
-                fieldType: ItemFieldType.Concealed,
-                value: value7
-              }
-            ]
-          }));
-          return {
-            secretStored: {
-              uri: `op://${stored.vaultId}/${item.id}/${ONEPASSWORD_SECRET_FIELD_ID}`
-            },
-            name: item.title
-          };
-        },
-        catch: (cause2) => cause2 instanceof Error ? cause2 : new Error(String(cause2))
-      })),
-      updateSecret: ({ secret: _secret, secretStored, stored, name, value: value7 }) => flatMap10(makeClient2(stored), (client) => tryPromise2({
-        try: async () => {
-          const parsed = parseSecretReference(secretStored.uri);
-          const item = await runOnePasswordRequest("secret update", () => client.items.get(parsed.vaultId, parsed.itemId));
-          if (name !== undefined) {
-            item.title = name?.trim() || item.title;
-          }
-          if (value7 !== undefined) {
-            upsertCredentialField(item, value7);
-          }
-          const updated = await runOnePasswordRequest("secret update", () => client.items.put(item));
-          return {
-            name: updated.title,
-            secretStored
-          };
-        },
-        catch: (cause2) => cause2 instanceof Error ? cause2 : new Error(String(cause2))
-      })),
-      deleteSecret: ({ secretStored, stored }) => flatMap10(makeClient2(stored), (client) => tryPromise2({
-        try: async () => {
-          const parsed = parseSecretReference(secretStored.uri);
-          await runOnePasswordRequest("secret deletion", () => client.items.delete(parsed.vaultId, parsed.itemId));
-          return true;
-        },
-        catch: (cause2) => cause2 instanceof Error ? cause2 : new Error(String(cause2))
-      })),
-      browseSecrets: ({ store, stored, parentKey, query }) => browseSecrets({
-        store,
-        stored,
-        parentKey,
-        query
-      }),
-      importSecret: ({ store, stored, selectionKey, name }) => importSecretFromSelection({
-        store,
-        stored,
-        selectionKey,
-        name
-      }),
-      capabilities: () => ({
-        canCreateSecrets: true,
-        canUpdateSecrets: true,
-        canDeleteSecrets: true,
-        canBrowseSecrets: true,
-        canImportSecrets: true
-      })
-    }
-  },
-  extendExecutor: ({ executor: executor2, secretStore }) => ({
-    getStoreConfig: (storeId) => secretStore.getStoreConfig(storeId),
-    createStore: (value7) => secretStore.createStore(value7),
-    updateStore: (value7) => secretStore.updateStore(value7),
-    removeStore: (storeId) => secretStore.removeStore(storeId),
-    discoverVaults: (value7) => discoverVaults(value7),
-    discoverStoreItems: (value7) => gen2(function* () {
-      const store = yield* secretStore.getStore(value7.storeId);
-      const stored = yield* input.storage.get({
-        scopeId: store.scopeId,
-        storeId: store.id
-      });
-      return yield* discoverStoreItems({
-        store,
-        stored
-      });
-    }),
-    discoverItemFields: (value7) => gen2(function* () {
-      const store = yield* secretStore.getStore(value7.storeId);
-      const stored = yield* input.storage.get({
-        scopeId: store.scopeId,
-        storeId: store.id
-      });
-      return yield* discoverItemFields({
-        store,
-        stored,
-        itemId: value7.itemId
-      });
-    }),
-    importSecret: (value7) => gen2(function* () {
-      const store = yield* secretStore.getStore(value7.storeId);
-      const stored = yield* input.storage.get({
-        scopeId: store.scopeId,
-        storeId: store.id
-      });
-      const imported = yield* importSecretFromSelection({
-        store,
-        stored,
-        selectionKey: secretSelectionKey(value7.itemId, value7.fieldId),
-        name: value7.name?.trim() || null
-      });
-      return yield* createImportedSecretRecord2({
-        executor: executor2,
-        store,
-        secretStored: imported.secretStored,
-        name: imported.name
-      });
-    })
-  })
-});
-
 // packages/platform/api/src/executions/http.ts
 var ExecutorExecutionsLive = exports_HttpApiBuilder.group(ExecutorApi, "executions", (handlers) => handlers.handle("list", ({ path: path4 }) => resolveRequestedLocalWorkspace("executions.list", path4.workspaceId).pipe(flatMap10((executor2) => executor2.executions.list()))).handle("create", ({ path: path4, payload }) => resolveRequestedLocalWorkspace("executions.create", path4.workspaceId).pipe(flatMap10((executor2) => executor2.executions.create(payload)))).handle("get", ({ path: path4 }) => resolveRequestedLocalWorkspace("executions.get", path4.workspaceId).pipe(flatMap10((executor2) => executor2.executions.get(path4.executionId)))).handle("resume", ({ path: path4, payload }) => resolveRequestedLocalWorkspace("executions.resume", path4.workspaceId).pipe(flatMap10((executor2) => executor2.executions.resume(path4.executionId, payload)))));
 
 // packages/platform/api/src/local/http.ts
-var toStorageError6 = (operation) => (cause2) => new ControlPlaneStorageError({
+var toStorageError5 = (operation) => (cause2) => new ControlPlaneStorageError({
   operation,
   message: cause2 instanceof Error ? cause2.message : String(cause2),
   details: cause2 instanceof Error ? cause2.stack ?? cause2.message : String(cause2)
 });
-var ExecutorLocalLive = exports_HttpApiBuilder.group(ExecutorApi, "local", (handlers) => handlers.handle("installation", () => flatMap10(getControlPlaneExecutor(), (executor2) => succeed8(executor2.installation))).handle("config", () => flatMap10(getControlPlaneExecutor(), (executor2) => provideExecutorRuntime(flatMap10(LocalInstanceConfigService, (resolveInstanceConfig) => resolveInstanceConfig()), executor2.runtime).pipe(mapError2(toStorageError6("local.config"))))).handle("listSecretStores", () => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secretStores.list().pipe(mapError2(toStorageError6("local.listSecretStores"))))).handle("createSecretStore", ({ payload }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secretStores.create(payload).pipe(mapError2(toStorageError6("local.createSecretStore"))))).handle("updateSecretStore", ({ path: path4, payload }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secretStores.update({
+var ExecutorLocalLive = exports_HttpApiBuilder.group(ExecutorApi, "local", (handlers) => handlers.handle("installation", () => flatMap10(getControlPlaneExecutor(), (executor2) => succeed8(executor2.installation))).handle("config", () => flatMap10(getControlPlaneExecutor(), (executor2) => provideExecutorRuntime(flatMap10(LocalInstanceConfigService, (resolveInstanceConfig) => resolveInstanceConfig()), executor2.runtime).pipe(mapError2(toStorageError5("local.config"))))).handle("listSecretStores", () => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secretStores.list().pipe(mapError2(toStorageError5("local.listSecretStores"))))).handle("createSecretStore", ({ payload }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secretStores.create(payload).pipe(mapError2(toStorageError5("local.createSecretStore"))))).handle("updateSecretStore", ({ path: path4, payload }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secretStores.update({
   storeId: path4.storeId,
   payload
-}).pipe(mapError2(toStorageError6("local.updateSecretStore"))))).handle("deleteSecretStore", ({ path: path4 }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secretStores.remove(path4.storeId).pipe(mapError2(toStorageError6("local.deleteSecretStore"))))).handle("browseSecretStore", ({ path: path4, payload }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secretStores.browse({
+}).pipe(mapError2(toStorageError5("local.updateSecretStore"))))).handle("deleteSecretStore", ({ path: path4 }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secretStores.remove(path4.storeId).pipe(mapError2(toStorageError5("local.deleteSecretStore"))))).handle("browseSecretStore", ({ path: path4, payload }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secretStores.browse({
   storeId: path4.storeId,
   payload
-}).pipe(mapError2(toStorageError6("local.browseSecretStore"))))).handle("importSecretFromStore", ({ path: path4, payload }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secretStores.import({
+}).pipe(mapError2(toStorageError5("local.browseSecretStore"))))).handle("importSecretFromStore", ({ path: path4, payload }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secretStores.import({
   storeId: path4.storeId,
   payload
-}).pipe(mapError2(toStorageError6("local.importSecretFromStore"))))).handle("listSecrets", () => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secrets.list().pipe(mapError2(toStorageError6("local.listSecrets"))))).handle("createSecret", ({ payload }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secrets.create(payload).pipe(mapError2(toStorageError6("local.createSecret"))))).handle("updateSecret", ({ path: path4, payload }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secrets.update({
+}).pipe(mapError2(toStorageError5("local.importSecretFromStore"))))).handle("listSecrets", () => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secrets.list().pipe(mapError2(toStorageError5("local.listSecrets"))))).handle("createSecret", ({ payload }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secrets.create(payload).pipe(mapError2(toStorageError5("local.createSecret"))))).handle("updateSecret", ({ path: path4, payload }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secrets.update({
   secretId: path4.secretId,
   payload
-}).pipe(mapError2(toStorageError6("local.updateSecret"))))).handle("deleteSecret", ({ path: path4 }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secrets.remove(path4.secretId).pipe(mapError2(toStorageError6("local.deleteSecret"))))));
+}).pipe(mapError2(toStorageError5("local.updateSecret"))))).handle("deleteSecret", ({ path: path4 }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secrets.remove(path4.secretId).pipe(mapError2(toStorageError5("local.deleteSecret"))))));
 
 // packages/platform/api/src/policies/http.ts
 var ExecutorPoliciesLive = exports_HttpApiBuilder.group(ExecutorApi, "policies", (handlers) => handlers.handle("list", ({ path: path4 }) => resolveRequestedLocalWorkspace("policies.list", path4.workspaceId).pipe(flatMap10((executor2) => executor2.policies.list()))).handle("create", ({ path: path4, payload }) => resolveRequestedLocalWorkspace("policies.create", path4.workspaceId).pipe(flatMap10((executor2) => executor2.policies.create(payload)))).handle("get", ({ path: path4 }) => resolveRequestedLocalWorkspace("policies.get", path4.workspaceId).pipe(flatMap10((executor2) => executor2.policies.get(path4.policyId)))).handle("update", ({ path: path4, payload }) => resolveRequestedLocalWorkspace("policies.update", path4.workspaceId).pipe(flatMap10((executor2) => executor2.policies.update(path4.policyId, payload)))).handle("remove", ({ path: path4 }) => resolveRequestedLocalWorkspace("policies.remove", path4.workspaceId).pipe(flatMap10((executor2) => executor2.policies.remove(path4.policyId)), map16((removed) => ({ removed })))));
@@ -366327,32 +365853,6 @@ var createFileOpenApiSourceStorage = (input) => ({
   }))
 });
 
-// packages/platform/server/src/onepassword-store-storage.ts
-var createFileOnePasswordStoreStorage = (input) => ({
-  get: ({ scopeId, storeId }) => readJsonFile({
-    path: pluginSourceStoragePath({
-      rootDir: input.rootDir,
-      scopeId,
-      sourceId: storeId
-    }),
-    schema: OnePasswordStoredStoreDataSchema
-  }),
-  put: ({ scopeId, storeId, value: value7 }) => writeJsonFile({
-    path: pluginSourceStoragePath({
-      rootDir: input.rootDir,
-      scopeId,
-      sourceId: storeId
-    }),
-    schema: OnePasswordStoredStoreDataSchema,
-    value: value7
-  }),
-  remove: ({ scopeId, storeId }) => removeJsonFile(pluginSourceStoragePath({
-    rootDir: input.rootDir,
-    scopeId,
-    sourceId: storeId
-  }))
-});
-
 // packages/platform/server/src/index.ts
 var EXECUTOR_NPM_DIST_TAGS_PATHNAME = "/v1/app/npm/dist-tags";
 var EXECUTOR_NPM_DIST_TAGS_URL = "https://registry.npmjs.org/-/package/executor/dist-tags";
@@ -366360,7 +365860,6 @@ var executorHttpPlugins = [
   graphqlHttpPlugin(),
   googleDiscoveryHttpPlugin(),
   mcpHttpPlugin(),
-  onePasswordHttpPlugin(),
   openApiHttpPlugin()
 ];
 var disposeExecutor = (executor2) => tryPromise2({
@@ -366402,11 +365901,6 @@ var createExecutorRuntime = (localDataDir, getLocalServerBaseUrl, options7) => c
       storage: createFileOpenApiSourceStorage({
         rootDir: resolve6(localDataDir, "plugins", "openapi", "sources")
       })
-    }),
-    onePasswordSdkPlugin({
-      storage: createFileOnePasswordStoreStorage({
-        rootDir: resolve6(localDataDir, "plugins", "onepassword", "stores")
-      })
     })
   ],
   executionResolver: options7.executionResolver,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "executor",
-  "version": "1.3.0-beta.2",
+  "version": "1.3.0-beta.4",
   "description": "Local AI executor with a CLI, local API server, and web UI.",
   "keywords": [
     "executor",

package/resources/web/assets/{highlighted-body-TPN3WLV5-D5HE2RY_.js → highlighted-body-TPN3WLV5-DWag2KgW.js}

@@ -1 +1 @@
-import{r,R as c,M as p,B as x}from"./mermaid-O7DHMXV3-BRg34qvu.js";import{j as d}from"./index-CRuElBS1.js";var R=({code:i,language:e,raw:t,className:g,startLine:u,...m})=>{let{shikiTheme:o}=r.useContext(c),a=p(),[n,s]=r.useState(t);return r.useEffect(()=>{if(!a){s(t);return}let l=a.highlight({code:i,language:e,themes:o},h=>{s(h)});l&&s(l)},[i,e,o,a,t]),d.jsx(x,{className:g,language:e,result:n,startLine:u,...m})};export{R as HighlightedCodeBlockBody};
+import{r,R as c,M as p,B as x}from"./mermaid-O7DHMXV3-Dhg9dniF.js";import{j as d}from"./index-CRuElBS1.js";var R=({code:i,language:e,raw:t,className:g,startLine:u,...m})=>{let{shikiTheme:o}=r.useContext(c),a=p(),[n,s]=r.useState(t);return r.useEffect(()=>{if(!a){s(t);return}let l=a.highlight({code:i,language:e,themes:o},h=>{s(h)});l&&s(l)},[i,e,o,a,t]),d.jsx(x,{className:g,language:e,result:n,startLine:u,...m})};export{R as HighlightedCodeBlockBody};