Skip to content

Normalize mcp plugin secret/connection refs#520

Draft
RhysSullivan wants to merge 1 commit intors/normalize-openapifrom
rs/normalize-mcp
Draft

Normalize mcp plugin secret/connection refs#520
RhysSullivan wants to merge 1 commit intors/normalize-openapifrom
rs/normalize-mcp

Conversation

@RhysSullivan
Copy link
Copy Markdown
Owner

@RhysSullivan RhysSullivan commented May 4, 2026

Move secret/connection references out of the JSON mcp_source.config
column into:

  • Flat columns on mcp_source: auth_kind, auth_header_name,
    auth_secret_id, auth_secret_prefix, auth_connection_id,
    auth_client_id_secret_id, auth_client_secret_secret_id (each indexed
    where it carries a ref). Replaces the McpConnectionAuth json blob.
  • mcp_source_header / mcp_source_query_param: child tables for the
    remote source's SecretBackedMap entries (same shape as graphql /
    openapi child tables).

The remaining structural fields (transport, endpoint, command, args,
etc.) stay as JSON in config because they're plugin-private and vary
by transport. mcp_binding.binding stays JSON too — McpToolBinding
carries no refs and inputSchema/outputSchema are arbitrary user JSON.

Plugin gains usagesForSecret / usagesForConnection. Migration 0009
backfills via json_extract / json_each, then strips the extracted
fields with json_remove. Three migration tests cover backfill from a
hand-seeded pre-migration DB; two plugin-level tests cover usage
fan-out across header-auth and oauth2 sources.

@RhysSullivan Graphite App
Copy link
Copy Markdown
Owner Author

RhysSullivan commented May 4, 2026
edited
Loading

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

This stack of pull requests is managed by Graphite. Learn more about stacking.

This was referenced May 4, 2026
Draft
Draft
Draft
Open
@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages Bot commented May 4, 2026
edited
Loading

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
✅ Deployment successful!
View logs		 executor-cloud 45caef2 May 04 2026, 07:52 PM

@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages Bot commented May 4, 2026
edited
Loading

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs		 executor-marketing 45caef2 Commit Preview URL

Branch Preview URL		 May 04 2026, 07:52 PM

@pkg-pr-new
Copy link
Copy Markdown

pkg-pr-new Bot commented May 4, 2026
edited
Loading

Open in StackBlitz

@executor-js/cli

npm i https://pkg.pr.new/@executor-js/cli@520

@executor-js/config

npm i https://pkg.pr.new/@executor-js/config@520

@executor-js/execution

npm i https://pkg.pr.new/@executor-js/execution@520

@executor-js/sdk

npm i https://pkg.pr.new/@executor-js/sdk@520

@executor-js/storage-core

npm i https://pkg.pr.new/@executor-js/storage-core@520

@executor-js/codemode-core

npm i https://pkg.pr.new/@executor-js/codemode-core@520

@executor-js/runtime-quickjs

npm i https://pkg.pr.new/@executor-js/runtime-quickjs@520

@executor-js/plugin-file-secrets

npm i https://pkg.pr.new/@executor-js/plugin-file-secrets@520

@executor-js/plugin-google-discovery

npm i https://pkg.pr.new/@executor-js/plugin-google-discovery@520

@executor-js/plugin-graphql

npm i https://pkg.pr.new/@executor-js/plugin-graphql@520

@executor-js/plugin-keychain

npm i https://pkg.pr.new/@executor-js/plugin-keychain@520

@executor-js/plugin-mcp

npm i https://pkg.pr.new/@executor-js/plugin-mcp@520

@executor-js/plugin-onepassword

npm i https://pkg.pr.new/@executor-js/plugin-onepassword@520

@executor-js/plugin-openapi

npm i https://pkg.pr.new/@executor-js/plugin-openapi@520

executor

npm i https://pkg.pr.new/executor@520

commit: 45caef2

@RhysSullivan
Normalize mcp plugin secret/connection refs
45caef2 
Move secret/connection references out of the JSON `mcp_source.config`
column into:
- Flat columns on mcp_source: auth_kind, auth_header_name,
  auth_secret_id, auth_secret_prefix, auth_connection_id,
  auth_client_id_secret_id, auth_client_secret_secret_id (each indexed
  where it carries a ref). Replaces the McpConnectionAuth json blob.
- mcp_source_header / mcp_source_query_param: child tables for the
  remote source's SecretBackedMap entries (same shape as graphql /
  openapi child tables).

The remaining structural fields (transport, endpoint, command, args,
etc.) stay as JSON in `config` because they're plugin-private and vary
by transport. mcp_binding.binding stays JSON too — McpToolBinding
carries no refs and inputSchema/outputSchema are arbitrary user JSON.

Plugin gains usagesForSecret / usagesForConnection. Migration 0009
backfills via json_extract / json_each, then strips the extracted
fields with json_remove. Three migration tests cover backfill from a
hand-seeded pre-migration DB; two plugin-level tests cover usage
fan-out across header-auth and oauth2 sources.
@RhysSullivan RhysSullivan force-pushed the rs/normalize-openapi branch from 8f73b70 to 5a7fa76 Compare May 4, 2026 19:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@RhysSullivan