executor 1.3.0-beta.3 → 1.3.0-beta.5

package/bin/executor.mjs

@@ -325915,6 +325915,8 @@ var sourceInspectOps = {
   tool: operationErrors("sources.inspect.tool"),
   discover: operationErrors("sources.inspect.discover")
 };
+var PRETTY_JSON_SECTION_MAX_CHARS = 20000;
+var MAX_CODE_SECTION_CHARS = 1e5;
 var tokenize3 = (value7) => value7.trim().toLowerCase().split(/[^a-z0-9]+/).filter(Boolean);
 var canInspectSourceWithoutCatalog = (source2) => source2.status === "draft" || source2.status === "probing" || source2.status === "auth_required";
 var loadSourceForMissingCatalog = (input) => gen2(function* () {
@@ -325988,12 +325990,31 @@ var persistedToolSummaryFromTool = (tool) => {
   };
 };
 var nativeEncodingLanguage = (encoding) => encoding === "graphql" || encoding === "yaml" || encoding === "json" || encoding === "text" ? encoding : "json";
-var jsonSection = (title, value7) => value7 === null || value7 === undefined ? null : {
+var truncatedCodeBody = (input) => input.body.length <= MAX_CODE_SECTION_CHARS ? input.body : [
+  `[${input.title} truncated for inspection UI: ${String(input.body.length)} chars total, showing first ${String(MAX_CODE_SECTION_CHARS)}]`,
+  input.body.slice(0, MAX_CODE_SECTION_CHARS)
+].join(`
+`);
+var serializedJsonSectionBody = (title, value7) => {
+  const compact4 = JSON.stringify(value7);
+  if (compact4.length <= PRETTY_JSON_SECTION_MAX_CHARS) {
+    return JSON.stringify(value7, null, 2);
+  }
+  return truncatedCodeBody({
+    title,
+    body: compact4
+  });
+};
+var codeSection = (title, language, body) => ({
   kind: "code",
   title,
-  language: "json",
-  body: JSON.stringify(value7, null, 2)
-};
+  language,
+  body: truncatedCodeBody({
+    title,
+    body
+  })
+});
+var jsonSection = (title, value7) => value7 === null || value7 === undefined ? null : codeSection(title, "json", serializedJsonSectionBody(title, value7));
 var inspectionToolDetailFromTool = (tool) => gen2(function* () {
   const summary6 = persistedToolSummaryFromTool(tool);
   const details = executableDetails(tool);
@@ -326012,18 +326033,14 @@ var inspectionToolDetailFromTool = (tool) => gen2(function* () {
     { label: "Response set", value: contract.responseSetId, mono: true }
   ];
   const nativeSections = [
-    ...(tool.capability.native ?? []).map((blob, index) => ({
-      kind: "code",
-      title: `Capability native ${String(index + 1)}: ${blob.kind}`,
-      language: nativeEncodingLanguage(blob.encoding),
-      body: typeof blob.value === "string" ? blob.value : JSON.stringify(blob.value ?? null, null, 2)
-    })),
-    ...(tool.executable.native ?? []).map((blob, index) => ({
-      kind: "code",
-      title: `Executable native ${String(index + 1)}: ${blob.kind}`,
-      language: nativeEncodingLanguage(blob.encoding),
-      body: typeof blob.value === "string" ? blob.value : JSON.stringify(blob.value ?? null, null, 2)
-    }))
+    ...(tool.capability.native ?? []).map((blob, index) => {
+      const title = `Capability native ${String(index + 1)}: ${blob.kind}`;
+      return codeSection(title, nativeEncodingLanguage(blob.encoding), typeof blob.value === "string" ? blob.value : serializedJsonSectionBody(title, blob.value ?? null));
+    }),
+    ...(tool.executable.native ?? []).map((blob, index) => {
+      const title = `Executable native ${String(index + 1)}: ${blob.kind}`;
+      return codeSection(title, nativeEncodingLanguage(blob.encoding), typeof blob.value === "string" ? blob.value : serializedJsonSectionBody(title, blob.value ?? null));
+    })
   ];
   const sections = [
     {
@@ -354804,6 +354821,16 @@ var resolveMcpEndpoint = (input) => {
   return url3.toString();
 };
 
+// plugins/mcp/sdk/executable-binding.ts
+var McpExecutableBindingSchema = Struct({
+  toolId: String$,
+  toolName: String$
+});
+var mcpExecutableBindingFromProviderData = (input) => ({
+  toolId: input.toolId,
+  toolName: input.toolName
+});
+
 // plugins/mcp/sdk/catalog.ts
 var mcpResumeSupport = (execution2) => execution2?.taskSupport === "optional" || execution2?.taskSupport === "required";
 var mcpSemanticsForOperation = (input) => {
@@ -354873,7 +354900,7 @@ var createMcpCapability = (input) => {
     scopeId: input.serviceScopeId,
     pluginKey: "mcp",
     bindingVersion: EXECUTABLE_BINDING_VERSION,
-    binding: input.operation.providerData,
+    binding: mcpExecutableBindingFromProviderData(input.operation.providerData),
     projection: {
       responseSetId,
       callShapeId,
@@ -357336,19 +357363,6 @@ var McpCompleteOAuthInputSchema = Struct({
   error: optional(String$),
   errorDescription: optional(String$)
 });
-var McpExecutableBindingSchema = Struct({
-  toolId: String$,
-  toolName: String$,
-  displayTitle: String$,
-  title: NullOr(String$),
-  description: NullOr(String$),
-  annotations: NullOr(Unknown),
-  execution: NullOr(Unknown),
-  icons: NullOr(Unknown),
-  meta: NullOr(Unknown),
-  rawTool: NullOr(Unknown),
-  server: NullOr(Unknown)
-});
 var decodeProviderData3 = decodeUnknownSync(McpExecutableBindingSchema);
 var McpExecutorAddInputSchema = Struct({
   kind: optional(Literal2("mcp")),
@@ -357773,19 +357787,11 @@ var mcpSdkPlugin = (options7) => defineExecutorSourcePlugin({
         });
         const manifest = {
           version: 2,
-          server: providerData.server,
           tools: [
             {
               toolId: providerData.toolId,
               toolName: providerData.toolName,
-              displayTitle: providerData.displayTitle,
-              title: providerData.title,
-              description: providerData.description,
-              annotations: providerData.annotations,
-              execution: providerData.execution,
-              icons: providerData.icons,
-              meta: providerData.meta,
-              rawTool: providerData.rawTool,
+              description: input.descriptor.description ?? null,
               inputSchema: input.descriptor.contract?.inputSchema,
               outputSchema: input.descriptor.contract?.outputSchema
             }
@@ -358885,7 +358891,14 @@ var createHttpCapabilityFromOpenApi = (input) => {
     })(),
     pluginKey: "openapi",
     bindingVersion: EXECUTABLE_BINDING_VERSION,
-    binding: input.operation.providerData,
+    binding: {
+      kind: "openapi",
+      toolId: input.operation.providerData.toolId,
+      ...input.operation.providerData.operationId ? { operationId: input.operation.providerData.operationId } : {},
+      invocation: input.operation.providerData.invocation,
+      ...input.operation.providerData.documentServers ? { documentServers: input.operation.providerData.documentServers } : {},
+      ...input.operation.providerData.servers ? { servers: input.operation.providerData.servers } : {}
+    },
     projection: {
       responseSetId,
       callShapeId
@@ -359143,6 +359156,14 @@ var OpenApiToolProviderDataSchema = Struct({
   documentServers: optional(Array$(OpenApiServerSchema)),
   servers: optional(Array$(OpenApiServerSchema))
 });
+var OpenApiExecutableBindingSchema = Struct({
+  kind: Literal2("openapi"),
+  toolId: String$,
+  operationId: optional(String$),
+  invocation: OpenApiInvocationPayloadSchema,
+  documentServers: optional(Array$(OpenApiServerSchema)),
+  servers: optional(Array$(OpenApiServerSchema))
+});
 
 // plugins/openapi/sdk/extraction.ts
 var asObject3 = (value7) => value7 !== null && typeof value7 === "object" && !Array.isArray(value7) ? value7 : {};
@@ -359248,13 +359269,20 @@ var loadDereferencedOpenApiDocument = async (input) => {
     return next;
   };
   const dereference = async (inputValue) => {
-    const { value: value7, currentDocument, currentDocumentUrl, activeRefs } = inputValue;
+    const {
+      value: value7,
+      currentDocument,
+      currentDocumentUrl,
+      activeRefs,
+      preserveLocalRefs
+    } = inputValue;
     if (Array.isArray(value7)) {
       return Promise.all(value7.map((entry) => dereference({
         value: entry,
         currentDocument,
         currentDocumentUrl,
-        activeRefs
+        activeRefs,
+        preserveLocalRefs
       })));
     }
     if (value7 === null || typeof value7 !== "object") {
@@ -359267,6 +359295,23 @@ var loadDereferencedOpenApiDocument = async (input) => {
       if (!target?.documentUrl && !ref.startsWith("#")) {
         return value7;
       }
+      const isLocalRef = ref.startsWith("#") && (target?.documentUrl === undefined || target.documentUrl === currentDocumentUrl);
+      if (isLocalRef && preserveLocalRefs) {
+        const siblingEntries2 = Object.fromEntries(await Promise.all(Object.entries(object4).filter(([key]) => key !== "$ref").map(async ([key, entry]) => [
+          key,
+          await dereference({
+            value: entry,
+            currentDocument,
+            currentDocumentUrl,
+            activeRefs,
+            preserveLocalRefs
+          })
+        ])));
+        return Object.keys(siblingEntries2).length > 0 ? {
+          $ref: ref,
+          ...siblingEntries2
+        } : value7;
+      }
       const activeKey = `${target?.documentUrl ?? currentDocumentUrl ?? "root"}|${target?.pointer ?? ref}`;
       if (activeRefs.has(activeKey)) {
         return value7;
@@ -359282,7 +359327,8 @@ var loadDereferencedOpenApiDocument = async (input) => {
         value: targetValue,
         currentDocument: targetDocument,
         currentDocumentUrl: target?.documentUrl ?? currentDocumentUrl,
-        activeRefs: nextActiveRefs
+        activeRefs: nextActiveRefs,
+        preserveLocalRefs: target?.documentUrl ? false : preserveLocalRefs
       });
       const siblingEntries = Object.fromEntries(await Promise.all(Object.entries(object4).filter(([key]) => key !== "$ref").map(async ([key, entry]) => [
         key,
@@ -359290,7 +359336,8 @@ var loadDereferencedOpenApiDocument = async (input) => {
           value: entry,
           currentDocument,
           currentDocumentUrl,
-          activeRefs: nextActiveRefs
+          activeRefs: nextActiveRefs,
+          preserveLocalRefs
         })
       ])));
       const resolvedObject = asObject3(resolvedValue);
@@ -359302,7 +359349,8 @@ var loadDereferencedOpenApiDocument = async (input) => {
         value: entry,
         currentDocument,
         currentDocumentUrl,
-        activeRefs
+        activeRefs,
+        preserveLocalRefs
       })
     ])));
   };
@@ -359310,7 +359358,8 @@ var loadDereferencedOpenApiDocument = async (input) => {
     value: input.document,
     currentDocument: input.document,
     currentDocumentUrl: input.documentUrl,
-    activeRefs: new Set
+    activeRefs: new Set,
+    preserveLocalRefs: true
   });
 };
 var preferredContentEntry = (content) => {
@@ -360399,7 +360448,7 @@ var openApiStoredSourceDataFromLocalConfig = (input) => {
   }
   throw new Error("Unsupported OpenAPI local source config.");
 };
-var decodeProviderData4 = decodeUnknownSync(OpenApiToolProviderDataSchema);
+var decodeExecutableBinding = decodeUnknownSync(OpenApiExecutableBindingSchema);
 var asRecord11 = (value7) => typeof value7 === "object" && value7 !== null && !Array.isArray(value7) ? value7 : {};
 var parameterContainerKeys = {
   path: ["path", "pathParams", "params"],
@@ -360685,7 +360734,7 @@ var openApiSdkPlugin = (options7) => defineExecutorSourcePlugin({
           return yield* runtimeEffectError("plugins/openapi/sdk", `OpenAPI source storage missing for ${input.source.id}`);
         }
         const normalizedStored = normalizeStoredSourceData3(input.stored);
-        const providerData = decodeProviderData4(input.executable.binding);
+        const providerData = decodeExecutableBinding(input.executable.binding);
         const args2 = asRecord11(input.args);
         const resolvedPath = replacePathTemplate(providerData.invocation.pathTemplate, args2, providerData.invocation);
         const headers = {
@@ -360745,7 +360794,7 @@ var openApiSdkPlugin = (options7) => defineExecutorSourcePlugin({
         }
         const response = yield* tryPromise2({
           try: () => fetch(finalUrl.toString(), {
-            method: providerData.method.toUpperCase(),
+            method: providerData.invocation.method.toUpperCase(),
             headers: requestHeaders,
             ...body !== undefined ? {
               body: typeof body === "string" ? body : new Uint8Array(body).buffer
@@ -364877,512 +364926,28 @@ var openApiHttpPlugin = () => ({
   })), mapError2(mapPluginStorageError4("openapi.updateSource")))).handle("refreshSource", ({ path: path4 }) => resolveRequestedLocalWorkspace("openapi.refreshSource", path4.workspaceId).pipe(flatMap10(() => executor2.openapi.refreshSource(path4.sourceId)), mapError2(mapPluginStorageError4("openapi.refreshSource")))).handle("removeSource", ({ path: path4 }) => resolveRequestedLocalWorkspace("openapi.removeSource", path4.workspaceId).pipe(flatMap10(() => executor2.openapi.removeSource(path4.sourceId)), map16((removed) => ({ removed })), mapError2(mapPluginStorageError4("openapi.removeSource")))))
 });
 
-// plugins/onepassword/shared/index.ts
-var ONEPASSWORD_SECRET_STORE_KIND = "onepassword";
-var ONEPASSWORD_SECRET_FIELD_ID = "credential";
-var OnePasswordStoreAuthSchema = Union2(Struct({
-  kind: Literal2("desktop-app"),
-  accountName: String$
-}), Struct({
-  kind: Literal2("service-account"),
-  tokenSecretRef: SecretRefSchema2
-}));
-var OnePasswordConnectInputSchema = Struct({
-  kind: Literal2(ONEPASSWORD_SECRET_STORE_KIND),
-  name: String$,
-  vaultId: String$,
-  auth: OnePasswordStoreAuthSchema
-});
-var OnePasswordStoreConfigPayloadSchema = OnePasswordConnectInputSchema;
-var OnePasswordUpdateStoreInputSchema = Struct({
-  storeId: String$,
-  config: OnePasswordStoreConfigPayloadSchema
-});
-var OnePasswordStoredStoreDataSchema = Struct({
-  vaultId: String$,
-  auth: OnePasswordStoreAuthSchema
-});
-var OnePasswordDiscoverVaultsInputSchema = Struct({
-  auth: OnePasswordStoreAuthSchema
-});
-var OnePasswordVaultSchema = Struct({
-  id: String$,
-  name: String$
-});
-var OnePasswordDiscoverVaultsResultSchema = Struct({
-  vaults: Array$(OnePasswordVaultSchema)
-});
-var OnePasswordDiscoverStoreItemsInputSchema = Struct({
-  storeId: String$
-});
-var OnePasswordItemFieldSchema = Struct({
-  id: String$,
-  title: String$,
-  fieldType: String$,
-  sectionId: optional(String$)
-});
-var OnePasswordItemSchema = Struct({
-  id: String$,
-  title: String$,
-  category: String$,
-  fields: optional(Array$(OnePasswordItemFieldSchema))
-});
-var OnePasswordDiscoverStoreItemsResultSchema = Struct({
-  items: Array$(OnePasswordItemSchema)
-});
-var OnePasswordDiscoverItemFieldsInputSchema = Struct({
-  storeId: String$,
-  itemId: String$
-});
-var OnePasswordDiscoverItemFieldsResultSchema = Struct({
-  itemId: String$,
-  fields: Array$(OnePasswordItemFieldSchema)
-});
-var OnePasswordImportSecretInputSchema = Struct({
-  storeId: String$,
-  itemId: String$,
-  fieldId: String$,
-  name: optional(String$)
-});
-var OnePasswordImportSecretResultSchema = Struct({
-  id: String$,
-  name: NullOr(String$),
-  storeId: String$,
-  purpose: String$,
-  createdAt: Number$,
-  updatedAt: Number$
-});
-var workspaceIdParam8 = exports_HttpApiSchema.param("workspaceId", ScopeIdSchema2);
-var onePasswordHttpGroup = exports_HttpApiGroup.make("onepassword").add(exports_HttpApiEndpoint.post("discoverVaults")`/workspaces/${workspaceIdParam8}/plugins/onepassword/vaults/discover`.setPayload(OnePasswordDiscoverVaultsInputSchema).addSuccess(OnePasswordDiscoverVaultsResultSchema)).add(exports_HttpApiEndpoint.post("discoverStoreItems")`/workspaces/${workspaceIdParam8}/plugins/onepassword/stores/discover-items`.setPayload(OnePasswordDiscoverStoreItemsInputSchema).addSuccess(OnePasswordDiscoverStoreItemsResultSchema)).add(exports_HttpApiEndpoint.post("discoverItemFields")`/workspaces/${workspaceIdParam8}/plugins/onepassword/items/discover-fields`.setPayload(OnePasswordDiscoverItemFieldsInputSchema).addSuccess(OnePasswordDiscoverItemFieldsResultSchema)).add(exports_HttpApiEndpoint.post("importSecret")`/workspaces/${workspaceIdParam8}/plugins/onepassword/secrets/import`.setPayload(OnePasswordImportSecretInputSchema).addSuccess(OnePasswordImportSecretResultSchema)).prefix("/v1");
-
-// plugins/onepassword/http/index.ts
-var workspaceIdParam9 = exports_HttpApiSchema.param("workspaceId", ScopeIdSchema2);
-var OnePasswordHttpGroup = exports_HttpApiGroup.make("onepassword").add(exports_HttpApiEndpoint.post("discoverVaults")`/workspaces/${workspaceIdParam9}/plugins/onepassword/vaults/discover`.setPayload(OnePasswordDiscoverVaultsInputSchema).addSuccess(OnePasswordDiscoverVaultsResultSchema).addError(ControlPlaneBadRequestError).addError(ControlPlaneForbiddenError).addError(ControlPlaneStorageError)).add(exports_HttpApiEndpoint.post("discoverStoreItems")`/workspaces/${workspaceIdParam9}/plugins/onepassword/stores/discover-items`.setPayload(OnePasswordDiscoverStoreItemsInputSchema).addSuccess(OnePasswordDiscoverStoreItemsResultSchema).addError(ControlPlaneBadRequestError).addError(ControlPlaneForbiddenError).addError(ControlPlaneStorageError)).add(exports_HttpApiEndpoint.post("discoverItemFields")`/workspaces/${workspaceIdParam9}/plugins/onepassword/items/discover-fields`.setPayload(OnePasswordDiscoverItemFieldsInputSchema).addSuccess(OnePasswordDiscoverItemFieldsResultSchema).addError(ControlPlaneBadRequestError).addError(ControlPlaneForbiddenError).addError(ControlPlaneStorageError)).add(exports_HttpApiEndpoint.post("importSecret")`/workspaces/${workspaceIdParam9}/plugins/onepassword/secrets/import`.setPayload(OnePasswordImportSecretInputSchema).addSuccess(OnePasswordImportSecretResultSchema).addError(ControlPlaneBadRequestError).addError(ControlPlaneForbiddenError).addError(ControlPlaneStorageError)).prefix("/v1");
-var OnePasswordHttpApi = exports_HttpApi.make("executor").add(OnePasswordHttpGroup);
-var toStorageError5 = (operation, cause2) => new ControlPlaneStorageError({
-  operation,
-  message: cause2 instanceof Error ? cause2.message : String(cause2),
-  details: cause2 instanceof Error ? cause2.stack ?? cause2.message : String(cause2)
-});
-var onePasswordHttpPlugin = () => ({
-  key: "onepassword",
-  group: OnePasswordHttpGroup,
-  build: ({ executor: executor2 }) => exports_HttpApiBuilder.group(OnePasswordHttpApi, "onepassword", (handlers) => handlers.handle("discoverVaults", ({ path: path4, payload }) => resolveRequestedLocalWorkspace("onepassword.discoverVaults", path4.workspaceId).pipe(flatMap10(() => executor2.onepassword.discoverVaults(payload)), mapError2((cause2) => toStorageError5("onepassword.discoverVaults", cause2)))).handle("discoverStoreItems", ({ path: path4, payload }) => resolveRequestedLocalWorkspace("onepassword.discoverStoreItems", path4.workspaceId).pipe(flatMap10(() => executor2.onepassword.discoverStoreItems(payload)), mapError2((cause2) => toStorageError5("onepassword.discoverStoreItems", cause2)))).handle("discoverItemFields", ({ path: path4, payload }) => resolveRequestedLocalWorkspace("onepassword.discoverItemFields", path4.workspaceId).pipe(flatMap10(() => executor2.onepassword.discoverItemFields(payload)), mapError2((cause2) => toStorageError5("onepassword.discoverItemFields", cause2)))).handle("importSecret", ({ path: path4, payload }) => resolveRequestedLocalWorkspace("onepassword.importSecret", path4.workspaceId).pipe(flatMap10(() => executor2.onepassword.importSecret(payload)), mapError2((cause2) => toStorageError5("onepassword.importSecret", cause2)))))
-});
-
-// plugins/onepassword/sdk/index.ts
-import {
-  createClient,
-  DesktopAuth,
-  ItemCategory,
-  ItemFieldType
-} from "@1password/sdk";
-var ONEPASSWORD_REQUEST_TIMEOUT_MS = 15000;
-var timedOutOnePasswordRequestError = (operation) => new Error(`1Password ${operation} timed out after ${Math.floor(ONEPASSWORD_REQUEST_TIMEOUT_MS / 1000)} seconds. Approve the request in the 1Password desktop app and try again.`);
-var runOnePasswordRequest = (operation, effect3) => new Promise((resolve5, reject) => {
-  const timeoutId = setTimeout(() => {
-    reject(timedOutOnePasswordRequestError(operation));
-  }, ONEPASSWORD_REQUEST_TIMEOUT_MS);
-  effect3().then((value7) => {
-    clearTimeout(timeoutId);
-    resolve5(value7);
-  }, (cause2) => {
-    clearTimeout(timeoutId);
-    reject(cause2);
-  });
-});
-var resolveServiceAccountToken = (auth2) => gen2(function* () {
-  const resolveSecretMaterial = yield* SecretMaterialResolverService;
-  return yield* resolveSecretMaterial({
-    ref: auth2.tokenSecretRef
-  });
-});
-var makeClientFromAuth = (auth2) => gen2(function* () {
-  const resolvedAuth = auth2.kind === "desktop-app" ? new DesktopAuth(auth2.accountName) : yield* resolveServiceAccountToken(auth2);
-  return yield* tryPromise2({
-    try: () => runOnePasswordRequest("client setup", () => createClient({
-      auth: resolvedAuth,
-      integrationName: "Executor",
-      integrationVersion: "0.0.0"
-    })),
-    catch: (cause2) => cause2 instanceof Error ? cause2 : new Error(String(cause2))
-  });
-});
-var makeClient2 = (stored) => gen2(function* () {
-  if (!stored) {
-    throw new Error("1Password store configuration is missing.");
-  }
-  return yield* makeClientFromAuth(stored.auth);
-});
-var importableFieldTypes = new Set([
-  ItemFieldType.Concealed,
-  ItemFieldType.Text
-]);
-var ONEPASSWORD_BROWSE_ITEM_LIMIT = 12;
-var toImportableFields = (fields) => fields.filter((field) => importableFieldTypes.has(field.fieldType) && field.id.trim().length > 0 && field.value.trim().length > 0).map((field) => ({
-  id: field.id,
-  title: field.title || field.id,
-  fieldType: field.fieldType,
-  ...field.sectionId ? { sectionId: field.sectionId } : {}
-}));
-var secretSelectionKey = (itemId, fieldId) => `secret:${itemId}:${fieldId}`;
-var parseSelectionKey = (value7) => {
-  const itemMatch = /^item:([^:]+)$/.exec(value7);
-  if (itemMatch) {
-    return {
-      kind: "item",
-      itemId: itemMatch[1]
-    };
-  }
-  const secretMatch = /^secret:([^:]+):([^:]+)$/.exec(value7);
-  if (secretMatch) {
-    return {
-      kind: "secret",
-      itemId: secretMatch[1],
-      fieldId: secretMatch[2]
-    };
-  }
-  throw new Error(`Invalid 1Password selection key: ${value7}`);
-};
-var discoverVaults = (input) => flatMap10(makeClientFromAuth(input.auth), (client) => tryPromise2({
-  try: async () => {
-    const vaults = await runOnePasswordRequest("vault discovery", () => client.vaults.list({ decryptDetails: true }));
-    return {
-      vaults: vaults.map((vault) => ({
-        id: vault.id,
-        name: vault.title
-      })).sort((left3, right3) => left3.name.localeCompare(right3.name))
-    };
-  },
-  catch: (cause2) => cause2 instanceof Error ? cause2 : new Error(String(cause2))
-}));
-var discoverStoreItems = (input) => flatMap10(makeClient2(input.stored), (client) => tryPromise2({
-  try: async () => {
-    const overviews = await runOnePasswordRequest("item discovery", () => client.items.list(input.stored.vaultId));
-    return {
-      items: overviews.map((item) => ({
-        id: item.id,
-        title: item.title,
-        category: item.category
-      })).sort((left3, right3) => left3.title.localeCompare(right3.title))
-    };
-  },
-  catch: (cause2) => cause2 instanceof Error ? cause2 : new Error(String(cause2))
-}));
-var discoverItemFields = (input) => flatMap10(makeClient2(input.stored), (client) => tryPromise2({
-  try: async () => {
-    const item = await runOnePasswordRequest("field discovery", () => client.items.get(input.stored.vaultId, input.itemId));
-    return {
-      itemId: item.id,
-      fields: toImportableFields(item.fields)
-    };
-  },
-  catch: (cause2) => cause2 instanceof Error ? cause2 : new Error(String(cause2))
-}));
-var discoverImportableSecrets = (input) => flatMap10(makeClient2(input.stored), (client) => tryPromise2({
-  try: async () => {
-    const normalizedQuery = input.query?.trim().toLowerCase() ?? "";
-    const overviews = await runOnePasswordRequest("item discovery", () => client.items.list(input.stored.vaultId));
-    const filteredItems = overviews.filter((item) => normalizedQuery.length === 0 || item.title.toLowerCase().includes(normalizedQuery)).slice(0, ONEPASSWORD_BROWSE_ITEM_LIMIT);
-    const detailedItems = await Promise.all(filteredItems.map((item) => runOnePasswordRequest("field discovery", () => client.items.get(input.stored.vaultId, item.id))));
-    return {
-      entries: detailedItems.flatMap((item) => toImportableFields(item.fields).filter((field) => normalizedQuery.length === 0 || item.title.toLowerCase().includes(normalizedQuery) || field.title.toLowerCase().includes(normalizedQuery) || field.id.toLowerCase().includes(normalizedQuery)).map((field) => ({
-        key: secretSelectionKey(item.id, field.id),
-        label: `${item.title} · ${field.title}`,
-        description: item.category ?? field.fieldType ?? null,
-        kind: "secret"
-      }))).sort((left3, right3) => left3.label.localeCompare(right3.label))
-    };
-  },
-  catch: (cause2) => cause2 instanceof Error ? cause2 : new Error(String(cause2))
-}));
-var browseSecrets = (input) => gen2(function* () {
-  const normalizedQuery = input.query?.trim().toLowerCase() ?? "";
-  if (!input.parentKey) {
-    return yield* discoverImportableSecrets({
-      ...input,
-      query: normalizedQuery
-    });
-  }
-  const selection = parseSelectionKey(input.parentKey);
-  if (selection.kind !== "item") {
-    throw new Error(`Cannot browse children for selection: ${input.parentKey}`);
-  }
-  const fields = yield* discoverItemFields({
-    ...input,
-    itemId: selection.itemId
-  });
-  return {
-    entries: fields.fields.filter((field) => normalizedQuery.length === 0 || field.title.toLowerCase().includes(normalizedQuery) || field.id.toLowerCase().includes(normalizedQuery)).map((field) => ({
-      key: secretSelectionKey(selection.itemId, field.id),
-      label: field.title,
-      description: field.fieldType ?? null,
-      kind: "secret"
-    }))
-  };
-});
-var importSecretFromSelection = (input) => gen2(function* () {
-  const selection = parseSelectionKey(input.selectionKey);
-  if (selection.kind !== "secret") {
-    throw new Error(`1Password selection is not a secret field: ${input.selectionKey}`);
-  }
-  const items = yield* discoverStoreItems(input);
-  const item = items.items.find((candidate) => candidate.id === selection.itemId);
-  if (!item) {
-    throw new Error(`1Password item not found: ${selection.itemId}`);
-  }
-  const fields = yield* discoverItemFields({
-    ...input,
-    itemId: selection.itemId
-  });
-  const field = fields.fields.find((candidate) => candidate.id === selection.fieldId);
-  if (!field) {
-    throw new Error(`1Password field not found: ${selection.itemId}/${selection.fieldId}`);
-  }
-  return {
-    secretStored: {
-      uri: `op://${input.stored.vaultId}/${item.id}/${field.id}`
-    },
-    name: input.name?.trim() || `${item.title} · ${field.title}`
-  };
-});
-var createImportedSecretRecord2 = (input) => gen2(function* () {
-  const now2 = Date.now();
-  const secret7 = {
-    id: SecretMaterialIdSchema.make(`sec_${crypto.randomUUID()}`),
-    storeId: input.store.id,
-    name: input.name,
-    purpose: input.purpose ?? "auth_material",
-    createdAt: now2,
-    updatedAt: now2
-  };
-  yield* input.executor.runtime.storage.secrets.upsert(secret7);
-  yield* input.executor.runtime.storage.secrets.secretMaterialStoredData.upsert({
-    secretId: secret7.id,
-    data: input.secretStored
-  });
-  return {
-    id: secret7.id,
-    name: secret7.name,
-    storeId: secret7.storeId,
-    purpose: secret7.purpose,
-    createdAt: secret7.createdAt,
-    updatedAt: secret7.updatedAt
-  };
-});
-var parseSecretReference = (uri) => {
-  const match18 = /^op:\/\/([^/]+)\/([^/]+)\/([^/]+)$/.exec(uri);
-  if (!match18) {
-    throw new Error(`Invalid 1Password secret reference: ${uri}`);
-  }
-  return {
-    vaultId: match18[1],
-    itemId: match18[2],
-    fieldId: match18[3]
-  };
-};
-var upsertCredentialField = (item, value7) => {
-  const existing = item.fields.find((field) => field.id === ONEPASSWORD_SECRET_FIELD_ID);
-  if (existing) {
-    existing.value = value7;
-    return item;
-  }
-  item.fields.push({
-    id: ONEPASSWORD_SECRET_FIELD_ID,
-    title: "Credential",
-    fieldType: ItemFieldType.Concealed,
-    value: value7
-  });
-  return item;
-};
-var onePasswordSdkPlugin = (input) => defineExecutorSecretStorePlugin({
-  key: ONEPASSWORD_SECRET_STORE_KIND,
-  secretStore: {
-    kind: ONEPASSWORD_SECRET_STORE_KIND,
-    displayName: "1Password",
-    add: {
-      inputSchema: OnePasswordConnectInputSchema,
-      toConnectInput: (value7) => value7
-    },
-    storage: input.storage,
-    store: {
-      create: (value7) => ({
-        store: {
-          kind: ONEPASSWORD_SECRET_STORE_KIND,
-          name: value7.name,
-          status: "connected",
-          enabled: true
-        },
-        stored: {
-          vaultId: value7.vaultId,
-          auth: value7.auth
-        }
-      }),
-      update: ({ store, config: config4 }) => ({
-        store: {
-          ...store,
-          name: config4.name,
-          status: "connected"
-        },
-        stored: {
-          vaultId: config4.vaultId,
-          auth: config4.auth
-        }
-      }),
-      toConfig: ({ store, stored }) => ({
-        kind: ONEPASSWORD_SECRET_STORE_KIND,
-        name: store.name,
-        vaultId: stored.vaultId,
-        auth: stored.auth
-      }),
-      resolveSecret: ({ secretStored, stored }) => flatMap10(makeClient2(stored), (client) => tryPromise2({
-        try: () => runOnePasswordRequest("secret resolution", () => client.secrets.resolve(secretStored.uri)),
-        catch: (cause2) => cause2 instanceof Error ? cause2 : new Error(String(cause2))
-      })),
-      createSecret: ({ stored, value: value7, name }) => flatMap10(makeClient2(stored), (client) => tryPromise2({
-        try: async () => {
-          const item = await runOnePasswordRequest("secret creation", () => client.items.create({
-            category: ItemCategory.Password,
-            vaultId: stored.vaultId,
-            title: name?.trim() || "Executor Secret",
-            fields: [
-              {
-                id: ONEPASSWORD_SECRET_FIELD_ID,
-                title: "Credential",
-                fieldType: ItemFieldType.Concealed,
-                value: value7
-              }
-            ]
-          }));
-          return {
-            secretStored: {
-              uri: `op://${stored.vaultId}/${item.id}/${ONEPASSWORD_SECRET_FIELD_ID}`
-            },
-            name: item.title
-          };
-        },
-        catch: (cause2) => cause2 instanceof Error ? cause2 : new Error(String(cause2))
-      })),
-      updateSecret: ({ secret: _secret, secretStored, stored, name, value: value7 }) => flatMap10(makeClient2(stored), (client) => tryPromise2({
-        try: async () => {
-          const parsed = parseSecretReference(secretStored.uri);
-          const item = await runOnePasswordRequest("secret update", () => client.items.get(parsed.vaultId, parsed.itemId));
-          if (name !== undefined) {
-            item.title = name?.trim() || item.title;
-          }
-          if (value7 !== undefined) {
-            upsertCredentialField(item, value7);
-          }
-          const updated = await runOnePasswordRequest("secret update", () => client.items.put(item));
-          return {
-            name: updated.title,
-            secretStored
-          };
-        },
-        catch: (cause2) => cause2 instanceof Error ? cause2 : new Error(String(cause2))
-      })),
-      deleteSecret: ({ secretStored, stored }) => flatMap10(makeClient2(stored), (client) => tryPromise2({
-        try: async () => {
-          const parsed = parseSecretReference(secretStored.uri);
-          await runOnePasswordRequest("secret deletion", () => client.items.delete(parsed.vaultId, parsed.itemId));
-          return true;
-        },
-        catch: (cause2) => cause2 instanceof Error ? cause2 : new Error(String(cause2))
-      })),
-      browseSecrets: ({ store, stored, parentKey, query }) => browseSecrets({
-        store,
-        stored,
-        parentKey,
-        query
-      }),
-      importSecret: ({ store, stored, selectionKey, name }) => importSecretFromSelection({
-        store,
-        stored,
-        selectionKey,
-        name
-      }),
-      capabilities: () => ({
-        canCreateSecrets: true,
-        canUpdateSecrets: true,
-        canDeleteSecrets: true,
-        canBrowseSecrets: true,
-        canImportSecrets: true
-      })
-    }
-  },
-  extendExecutor: ({ executor: executor2, secretStore }) => ({
-    getStoreConfig: (storeId) => secretStore.getStoreConfig(storeId),
-    createStore: (value7) => secretStore.createStore(value7),
-    updateStore: (value7) => secretStore.updateStore(value7),
-    removeStore: (storeId) => secretStore.removeStore(storeId),
-    discoverVaults: (value7) => discoverVaults(value7),
-    discoverStoreItems: (value7) => gen2(function* () {
-      const store = yield* secretStore.getStore(value7.storeId);
-      const stored = yield* input.storage.get({
-        scopeId: store.scopeId,
-        storeId: store.id
-      });
-      return yield* discoverStoreItems({
-        store,
-        stored
-      });
-    }),
-    discoverItemFields: (value7) => gen2(function* () {
-      const store = yield* secretStore.getStore(value7.storeId);
-      const stored = yield* input.storage.get({
-        scopeId: store.scopeId,
-        storeId: store.id
-      });
-      return yield* discoverItemFields({
-        store,
-        stored,
-        itemId: value7.itemId
-      });
-    }),
-    importSecret: (value7) => gen2(function* () {
-      const store = yield* secretStore.getStore(value7.storeId);
-      const stored = yield* input.storage.get({
-        scopeId: store.scopeId,
-        storeId: store.id
-      });
-      const imported = yield* importSecretFromSelection({
-        store,
-        stored,
-        selectionKey: secretSelectionKey(value7.itemId, value7.fieldId),
-        name: value7.name?.trim() || null
-      });
-      return yield* createImportedSecretRecord2({
-        executor: executor2,
-        store,
-        secretStored: imported.secretStored,
-        name: imported.name
-      });
-    })
-  })
-});
-
 // packages/platform/api/src/executions/http.ts
 var ExecutorExecutionsLive = exports_HttpApiBuilder.group(ExecutorApi, "executions", (handlers) => handlers.handle("list", ({ path: path4 }) => resolveRequestedLocalWorkspace("executions.list", path4.workspaceId).pipe(flatMap10((executor2) => executor2.executions.list()))).handle("create", ({ path: path4, payload }) => resolveRequestedLocalWorkspace("executions.create", path4.workspaceId).pipe(flatMap10((executor2) => executor2.executions.create(payload)))).handle("get", ({ path: path4 }) => resolveRequestedLocalWorkspace("executions.get", path4.workspaceId).pipe(flatMap10((executor2) => executor2.executions.get(path4.executionId)))).handle("resume", ({ path: path4, payload }) => resolveRequestedLocalWorkspace("executions.resume", path4.workspaceId).pipe(flatMap10((executor2) => executor2.executions.resume(path4.executionId, payload)))));
 
 // packages/platform/api/src/local/http.ts
-var toStorageError6 = (operation) => (cause2) => new ControlPlaneStorageError({
+var toStorageError5 = (operation) => (cause2) => new ControlPlaneStorageError({
   operation,
   message: cause2 instanceof Error ? cause2.message : String(cause2),
   details: cause2 instanceof Error ? cause2.stack ?? cause2.message : String(cause2)
 });
-var ExecutorLocalLive = exports_HttpApiBuilder.group(ExecutorApi, "local", (handlers) => handlers.handle("installation", () => flatMap10(getControlPlaneExecutor(), (executor2) => succeed8(executor2.installation))).handle("config", () => flatMap10(getControlPlaneExecutor(), (executor2) => provideExecutorRuntime(flatMap10(LocalInstanceConfigService, (resolveInstanceConfig) => resolveInstanceConfig()), executor2.runtime).pipe(mapError2(toStorageError6("local.config"))))).handle("listSecretStores", () => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secretStores.list().pipe(mapError2(toStorageError6("local.listSecretStores"))))).handle("createSecretStore", ({ payload }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secretStores.create(payload).pipe(mapError2(toStorageError6("local.createSecretStore"))))).handle("updateSecretStore", ({ path: path4, payload }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secretStores.update({
+var ExecutorLocalLive = exports_HttpApiBuilder.group(ExecutorApi, "local", (handlers) => handlers.handle("installation", () => flatMap10(getControlPlaneExecutor(), (executor2) => succeed8(executor2.installation))).handle("config", () => flatMap10(getControlPlaneExecutor(), (executor2) => provideExecutorRuntime(flatMap10(LocalInstanceConfigService, (resolveInstanceConfig) => resolveInstanceConfig()), executor2.runtime).pipe(mapError2(toStorageError5("local.config"))))).handle("listSecretStores", () => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secretStores.list().pipe(mapError2(toStorageError5("local.listSecretStores"))))).handle("createSecretStore", ({ payload }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secretStores.create(payload).pipe(mapError2(toStorageError5("local.createSecretStore"))))).handle("updateSecretStore", ({ path: path4, payload }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secretStores.update({
   storeId: path4.storeId,
   payload
-}).pipe(mapError2(toStorageError6("local.updateSecretStore"))))).handle("deleteSecretStore", ({ path: path4 }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secretStores.remove(path4.storeId).pipe(mapError2(toStorageError6("local.deleteSecretStore"))))).handle("browseSecretStore", ({ path: path4, payload }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secretStores.browse({
+}).pipe(mapError2(toStorageError5("local.updateSecretStore"))))).handle("deleteSecretStore", ({ path: path4 }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secretStores.remove(path4.storeId).pipe(mapError2(toStorageError5("local.deleteSecretStore"))))).handle("browseSecretStore", ({ path: path4, payload }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secretStores.browse({
   storeId: path4.storeId,
   payload
-}).pipe(mapError2(toStorageError6("local.browseSecretStore"))))).handle("importSecretFromStore", ({ path: path4, payload }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secretStores.import({
+}).pipe(mapError2(toStorageError5("local.browseSecretStore"))))).handle("importSecretFromStore", ({ path: path4, payload }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secretStores.import({
   storeId: path4.storeId,
   payload
-}).pipe(mapError2(toStorageError6("local.importSecretFromStore"))))).handle("listSecrets", () => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secrets.list().pipe(mapError2(toStorageError6("local.listSecrets"))))).handle("createSecret", ({ payload }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secrets.create(payload).pipe(mapError2(toStorageError6("local.createSecret"))))).handle("updateSecret", ({ path: path4, payload }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secrets.update({
+}).pipe(mapError2(toStorageError5("local.importSecretFromStore"))))).handle("listSecrets", () => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secrets.list().pipe(mapError2(toStorageError5("local.listSecrets"))))).handle("createSecret", ({ payload }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secrets.create(payload).pipe(mapError2(toStorageError5("local.createSecret"))))).handle("updateSecret", ({ path: path4, payload }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secrets.update({
   secretId: path4.secretId,
   payload
-}).pipe(mapError2(toStorageError6("local.updateSecret"))))).handle("deleteSecret", ({ path: path4 }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secrets.remove(path4.secretId).pipe(mapError2(toStorageError6("local.deleteSecret"))))));
+}).pipe(mapError2(toStorageError5("local.updateSecret"))))).handle("deleteSecret", ({ path: path4 }) => flatMap10(getControlPlaneExecutor(), (executor2) => executor2.secrets.remove(path4.secretId).pipe(mapError2(toStorageError5("local.deleteSecret"))))));
 
 // packages/platform/api/src/policies/http.ts
 var ExecutorPoliciesLive = exports_HttpApiBuilder.group(ExecutorApi, "policies", (handlers) => handlers.handle("list", ({ path: path4 }) => resolveRequestedLocalWorkspace("policies.list", path4.workspaceId).pipe(flatMap10((executor2) => executor2.policies.list()))).handle("create", ({ path: path4, payload }) => resolveRequestedLocalWorkspace("policies.create", path4.workspaceId).pipe(flatMap10((executor2) => executor2.policies.create(payload)))).handle("get", ({ path: path4 }) => resolveRequestedLocalWorkspace("policies.get", path4.workspaceId).pipe(flatMap10((executor2) => executor2.policies.get(path4.policyId)))).handle("update", ({ path: path4, payload }) => resolveRequestedLocalWorkspace("policies.update", path4.workspaceId).pipe(flatMap10((executor2) => executor2.policies.update(path4.policyId, payload)))).handle("remove", ({ path: path4 }) => resolveRequestedLocalWorkspace("policies.remove", path4.workspaceId).pipe(flatMap10((executor2) => executor2.policies.remove(path4.policyId)), map16((removed) => ({ removed })))));
@@ -366337,32 +365902,6 @@ var createFileOpenApiSourceStorage = (input) => ({
   }))
 });
 
-// packages/platform/server/src/onepassword-store-storage.ts
-var createFileOnePasswordStoreStorage = (input) => ({
-  get: ({ scopeId, storeId }) => readJsonFile({
-    path: pluginSourceStoragePath({
-      rootDir: input.rootDir,
-      scopeId,
-      sourceId: storeId
-    }),
-    schema: OnePasswordStoredStoreDataSchema
-  }),
-  put: ({ scopeId, storeId, value: value7 }) => writeJsonFile({
-    path: pluginSourceStoragePath({
-      rootDir: input.rootDir,
-      scopeId,
-      sourceId: storeId
-    }),
-    schema: OnePasswordStoredStoreDataSchema,
-    value: value7
-  }),
-  remove: ({ scopeId, storeId }) => removeJsonFile(pluginSourceStoragePath({
-    rootDir: input.rootDir,
-    scopeId,
-    sourceId: storeId
-  }))
-});
-
 // packages/platform/server/src/index.ts
 var EXECUTOR_NPM_DIST_TAGS_PATHNAME = "/v1/app/npm/dist-tags";
 var EXECUTOR_NPM_DIST_TAGS_URL = "https://registry.npmjs.org/-/package/executor/dist-tags";
@@ -366370,7 +365909,6 @@ var executorHttpPlugins = [
   graphqlHttpPlugin(),
   googleDiscoveryHttpPlugin(),
   mcpHttpPlugin(),
-  onePasswordHttpPlugin(),
   openApiHttpPlugin()
 ];
 var disposeExecutor = (executor2) => tryPromise2({
@@ -366412,11 +365950,6 @@ var createExecutorRuntime = (localDataDir, getLocalServerBaseUrl, options7) => c
       storage: createFileOpenApiSourceStorage({
         rootDir: resolve6(localDataDir, "plugins", "openapi", "sources")
       })
-    }),
-    onePasswordSdkPlugin({
-      storage: createFileOnePasswordStoreStorage({
-        rootDir: resolve6(localDataDir, "plugins", "onepassword", "stores")
-      })
     })
   ],
   executionResolver: options7.executionResolver,