Reject source writes to personal scopes; visible target selector in add-source forms#511
Draft
RhysSullivan wants to merge 1 commit intors/cloud-workspaces-10-sources-sidebarfrom
Draft
Conversation
…dd-source forms Source-definition writes can only target shareable scopes (org or workspace). Personal scopes (`user_org_*` / `user_workspace_*`) are reserved for credentials, connections, and policies in the v1 product model. The SDK now raises `InvalidSourceWriteTargetError` when `ctx.core.sources.register` is called with a personal scope; the openapi / mcp / graphql / google-discovery API groups expose this as a 422 on their addSource/addSpec endpoints so clients see a typed recoverable error rather than a 500. UI: every add-source form now mounts a `SourceTargetSelector` shared component (`packages/react/src/plugins/source-target-selector.tsx`) that renders Workspace / Global options and passes the selected scope id explicitly to the underlying API call. The selector defaults to the URL context's active write scope and skips personal scopes, so the caller never invents a default that the SDK would reject. The cloud test harness covers the legal write paths (workspace and org targets from workspace context). The personal-scope rejection has SDK test coverage in `executor.test.ts`; the HTTP layer wires the same error through with `httpApiStatus: 422`.
This was referenced May 4, 2026
Owner
Author
Deploying with
|
| Status | Name | Latest Commit | Preview URL | Updated (UTC) |
|---|---|---|---|---|
| ✅ Deployment successful! View logs |
executor-marketing | d05d7cb | Commit Preview URL Branch Preview URL |
May 04 2026, 05:10 PM |
Deploying with
|
| Status | Name | Latest Commit | Updated (UTC) |
|---|---|---|---|
| ✅ Deployment successful! View logs |
executor-cloud | d05d7cb | May 04 2026, 05:10 PM |
@executor-js/cli
@executor-js/config
@executor-js/execution
@executor-js/sdk
@executor-js/storage-core
@executor-js/codemode-core
@executor-js/runtime-quickjs
@executor-js/plugin-file-secrets
@executor-js/plugin-google-discovery
@executor-js/plugin-graphql
@executor-js/plugin-keychain
@executor-js/plugin-mcp
@executor-js/plugin-onepassword
@executor-js/plugin-openapi
executor
commit: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Source-definition writes can only target shareable scopes (org or
workspace). Personal scopes (
user_org_*/user_workspace_*) arereserved for credentials, connections, and policies in the v1 product
model. The SDK now raises
InvalidSourceWriteTargetErrorwhenctx.core.sources.registeris called with a personal scope; theopenapi / mcp / graphql / google-discovery API groups expose this as a
422 on their addSource/addSpec endpoints so clients see a typed
recoverable error rather than a 500.
UI: every add-source form now mounts a
SourceTargetSelectorsharedcomponent (
packages/react/src/plugins/source-target-selector.tsx) thatrenders Workspace / Global options and passes the selected scope id
explicitly to the underlying API call. The selector defaults to the
URL context's active write scope and skips personal scopes, so the
caller never invents a default that the SDK would reject.
The cloud test harness covers the legal write paths (workspace and org
targets from workspace context). The personal-scope rejection has SDK
test coverage in
executor.test.ts; the HTTP layer wires the sameerror through with
httpApiStatus: 422.