Skip to content

[codex] add additional headers workflows to OpenAPI and GraphQL#350

Closed
heyglassy wants to merge 2 commits intoRhysSullivan:mainfrom
heyglassy:codex/openapi-graphql-additional-headers
Closed

[codex] add additional headers workflows to OpenAPI and GraphQL#350
heyglassy wants to merge 2 commits intoRhysSullivan:mainfrom
heyglassy:codex/openapi-graphql-additional-headers

Conversation

@heyglassy
Copy link
Copy Markdown
Contributor

@heyglassy heyglassy commented Apr 20, 2026

Summary

  • add the shared MCP-style plaintext Additional headers UI for OpenAPI and GraphQL
  • partition secret-backed auth headers from plaintext additional headers and merge them back into the existing persisted headers payload
  • add validation for blank additional headers, duplicate header names, and OAuth-managed Authorization conflicts

Why

OpenAPI and GraphQL previously lacked the separate plaintext additional-headers workflow that MCP already exposed, which made the header UX inconsistent and mixed plaintext headers into authentication flows.

Validation

  • bunx vitest run packages/react/src/plugins/additional-headers.test.ts
  • bunx vitest run packages/plugins/graphql/src/sdk/plugin.test.ts
  • bunx vitest run packages/plugins/openapi/src/sdk/plugin.test.ts
  • manual verification in Helium against the local dev server for GraphQL and OpenAPI source edit flows

@heyglassy
mcp oauth error mapping
570d7d3 
Map MCP OAuth session storage failures to McpOAuthError so auth-path backend failures surface a user-readable message instead of being translated into InternalError(traceId) at the HTTP edge. Cover the regression with a plugin test that forces oauth session lookup to fail and asserts the executor surface returns McpOAuthError with the storage message.
@heyglassy
ui: add additional headers workflows to OpenAPI and GraphQL
4908832 
Extract the MCP plaintext additional-headers editor into a shared React plugin module and reuse it across MCP, GraphQL, and OpenAPI forms.

Split stored header state into secret-backed authentication headers and plaintext additional headers for GraphQL and OpenAPI, merge them back into the existing header payload shape on save, and add validation for blank additional-header rows, duplicate header names, and OAuth-managed Authorization conflicts.

Add focused Vitest coverage for the shared header helper plus mixed plaintext/secret-backed header persistence in the GraphQL and OpenAPI plugin tests.
@heyglassy heyglassy marked this pull request as ready for review April 20, 2026 19:49
@RhysSullivan
Copy link
Copy Markdown
Owner

RhysSullivan commented May 4, 2026

Closing — superseded by main's HttpCredentialsEditor refactor. The shared HeadersList / AdditionalHeadersSection shape this PR builds against was rewritten across all five plugin source forms (mcp, openapi, graphql add/edit), so a rebase would be a full rewrite. Plaintext additional headers are partially served by HttpCredentialsEditor's literal-value support; if full parity is wanted, a fresh PR against the new abstraction is the path.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@heyglassy @RhysSullivan