plugins: per-source annotation policy overrides#345
Open
RhysSullivan wants to merge 1 commit intomainfrom
Open
plugins: per-source annotation policy overrides#345RhysSullivan wants to merge 1 commit intomainfrom
RhysSullivan wants to merge 1 commit intomainfrom
Conversation
Deploying with
|
| Status | Name | Latest Commit | Updated (UTC) |
|---|---|---|---|
| ✅ Deployment successful! View logs |
executor-cloud | 8477dd9 | Apr 20 2026, 07:03 PM |
Add per-source override for which tool invocations require approval,
across openapi / graphql / google-discovery / mcp. Each plugin owns its
own policy shape (HTTP methods for openapi/google-discovery, operation
kinds for graphql, requireApprovalForAll switch for mcp) stored in a
separate annotation_policy column so refresh paths don't touch it.
Semantics: undefined on update leaves as-is, null clears, concrete
value pins. When null, plugin's resolveAnnotations falls back to
hardcoded defaults at read time so future default changes propagate.
Shared UX: ApprovalPolicyToggles (chip) and ApprovalPolicySwitch
(on/off) in @executor/react/plugins/approval-policy-field, wired into
each plugin's Add/Edit panels with a Reset-to-defaults affordance.
First interaction materializes the current defaults as an explicit
override so toggling one option doesn't accidentally clear the rest.
Coverage: 34 new tests across pure helpers, storage round-trips, and
full integration via executor.{plugin}.addSource/updateSource.
RhysSullivan
force-pushed
the
rs/annotation-policy-override
branch
from
be88984 to
8477dd9
Compare
@executor/sdk
@executor/plugin-file-secrets
@executor/plugin-google-discovery
@executor/plugin-graphql
@executor/plugin-keychain
@executor/plugin-mcp
@executor/plugin-oauth2
@executor/plugin-onepassword
@executor/plugin-openapi
@executor/plugin-workos-vault
executor
commit: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
requireApprovalForAllswitch) stored in a separateannotation_policycolumnApprovalPolicyToggles(chip) andApprovalPolicySwitch(on/off) reusable UI components wired into each plugin's Add/Edit panels, with a Reset-to-defaults affordanceundefinedon update leaves as-is,nullclears, concrete value pins; default set derived at read time viaresolveAnnotationsso future default changes propagate to non-overridden sourcesTest plan
bun run --cwd packages/plugins/openapi test— 39/39 passbun run --cwd packages/plugins/graphql test— 16/16 passbun run --cwd packages/plugins/mcp test— 24/24 passbun run --cwd packages/plugins/google-discovery test— 17/17 passrequireApprovalForAll, reset to defaults, save