diff --git a/apps/cloud/executor.config.ts b/apps/cloud/executor.config.ts
index c0a3fb0e9..b2cbb0ecf 100644
--- a/apps/cloud/executor.config.ts
+++ b/apps/cloud/executor.config.ts
@@ -2,24 +2,52 @@ import { defineExecutorConfig } from "@executor-js/sdk";
 import { openApiPlugin } from "@executor-js/plugin-openapi";
 import { mcpPlugin } from "@executor-js/plugin-mcp";
 import { graphqlPlugin } from "@executor-js/plugin-graphql";
-import { workosVaultPlugin } from "@executor-js/plugin-workos-vault";
+import {
+  workosVaultPlugin,
+  type WorkOSVaultClient,
+} from "@executor-js/plugin-workos-vault";
 
 // ---------------------------------------------------------------------------
-// Executor config for CLI schema generation.
+// Single source of truth for the cloud app's plugin list.
 //
-// The CLI reads `plugins` + `dialect` to produce a drizzle schema file.
-// Plugin credentials are stubs — the CLI only reads `plugin.schema`,
-// never calls the plugin at runtime.
+// Consumed by:
+//   - the schema-gen CLI (reads `plugin.schema` only; calls `plugins({})`)
+//   - the host runtime (calls `plugins({ workosCredentials })` per request)
+//   - the test harness (calls `plugins({ workosVaultClient })` per test)
+//
+// `TDeps` is inferred directly from the factory parameter annotation —
+// no global `declare module "@executor-js/sdk"` augmentation. Each
+// caller (runtime / CLI / tests) passes whatever subset of the deps it
+// has; all fields are optional so the CLI's `plugins({})` keeps working.
+//
+// Cloud only ships plugins safe to run in a multi-tenant setting — no
+// stdio MCP, no keychain/file-secrets/1password/google-discovery.
 // ---------------------------------------------------------------------------
 
+interface CloudPluginDeps {
+  /** WorkOS vault credentials. Provided per-request from `env.WORKOS_*`
+   *  in production; the test harness leaves this undefined and uses
+   *  `workosVaultClient` to inject an in-memory fake instead. */
+  readonly workosCredentials?: {
+    readonly apiKey: string;
+    readonly clientId: string;
+  };
+  /** Pluggable WorkOS Vault HTTP client — set by the test harness to
+   *  bypass the real WorkOS API. Production leaves this undefined and
+   *  falls back to the credential-driven default. */
+  readonly workosVaultClient?: WorkOSVaultClient;
+}
+
 export default defineExecutorConfig({
   dialect: "pg",
-  plugins: [
-    openApiPlugin(),
-    mcpPlugin({ dangerouslyAllowStdioMCP: false }),
-    graphqlPlugin(),
-    workosVaultPlugin({
-      credentials: { apiKey: "", clientId: "" },
-    }),
-  ],
+  plugins: ({ workosCredentials, workosVaultClient }: CloudPluginDeps = {}) =>
+    [
+      openApiPlugin(),
+      mcpPlugin({ dangerouslyAllowStdioMCP: false }),
+      graphqlPlugin(),
+      workosVaultPlugin({
+        credentials: workosCredentials ?? { apiKey: "", clientId: "" },
+        ...(workosVaultClient ? { client: workosVaultClient } : {}),
+      }),
+    ] as const,
 });
diff --git a/apps/cloud/package.json b/apps/cloud/package.json
index 15a1c2aca..74d33ffc8 100644
--- a/apps/cloud/package.json
+++ b/apps/cloud/package.json
@@ -13,7 +13,7 @@
     "db:studio": "drizzle-kit studio",
     "db:studio:prod": "op run --env-file=.env.production -- drizzle-kit studio",
     "db:migrate:prod": "op run --env-file=.env.production -- drizzle-kit migrate",
-    "build": "vite build",
+    "build": "turbo run build --filter @executor-js/vite-plugin && vite build",
     "preview": "vite preview",
     "deploy": "op run --env-file=.env.production -- bun run build && op run --env-file=.env.production -- wrangler deploy",
     "cf-typegen": "wrangler types",
@@ -40,6 +40,7 @@
     "@executor-js/sdk": "workspace:*",
     "@executor-js/storage-core": "workspace:*",
     "@executor-js/storage-postgres": "workspace:*",
+    "@executor-js/vite-plugin": "workspace:*",
     "@microlabs/otel-cf-workers": "^1.0.0-rc.52",
     "@modelcontextprotocol/sdk": "^1.29.0",
     "@opentelemetry/api": "~1.9.0",
diff --git a/apps/cloud/src/api.request-scope.node.test.ts b/apps/cloud/src/api.request-scope.node.test.ts
index 959212550..8d2908360 100644
--- a/apps/cloud/src/api.request-scope.node.test.ts
+++ b/apps/cloud/src/api.request-scope.node.test.ts
@@ -152,8 +152,8 @@ describe("HttpRouter.toWebHandler request scoping", () => {
       handler(new Request("http://test.local/")),
     ]);
 
-    const aBody = await a.json();
-    const bBody = await b.json();
+    const aBody = (await a.json()) as { id: number };
+    const bBody = (await b.json()) as { id: number };
     // Two concurrent requests must see two distinct acquired counters.
     // Otherwise both fibers share one postgres socket -> Cloudflare
     // Workers I/O isolation crash in prod.
diff --git a/apps/cloud/src/api/cloud-plugins.ts b/apps/cloud/src/api/cloud-plugins.ts
new file mode 100644
index 000000000..c4f006e0e
--- /dev/null
+++ b/apps/cloud/src/api/cloud-plugins.ts
@@ -0,0 +1,17 @@
+// Single shared instantiation of the cloud plugin list.
+//
+// `executor.config.ts`'s `plugins()` factory is safe to call at
+// module-eval time without runtime credentials: the heavy per-request
+// dependencies (WorkOS Vault credentials, vault HTTP client) are only
+// consumed when the plugin's extension is actually constructed inside
+// `createScopedExecutor`. Both the API composition (`protected-layers.ts`)
+// and the per-request middleware (`protected.ts` + the test harness)
+// derive their typed views — `composePluginApi(cloudPlugins)`,
+// `composePluginHandlerLayer(cloudPlugins)`,
+// `providePluginExtensions(cloudPlugins)`, `PluginExtensionServices<typeof
+// cloudPlugins>` — from this one tuple, so adding/removing a plugin is
+// still a single `executor.config.ts` edit.
+import executorConfig from "../../executor.config";
+
+export const cloudPlugins = executorConfig.plugins();
+export type CloudPlugins = typeof cloudPlugins;
diff --git a/apps/cloud/src/api/protected-layers.ts b/apps/cloud/src/api/protected-layers.ts
index 1b5685141..bcaeec70d 100644
--- a/apps/cloud/src/api/protected-layers.ts
+++ b/apps/cloud/src/api/protected-layers.ts
@@ -7,15 +7,14 @@ import { HttpApiBuilder } from "effect/unstable/httpapi";
 import { HttpRouter, HttpServer } from "effect/unstable/http";
 import { Layer } from "effect";
 
+import { observabilityMiddleware } from "@executor-js/api";
 import {
-  CoreExecutorApi,
-  observabilityMiddleware,
-} from "@executor-js/api";
-import { CoreHandlers } from "@executor-js/api/server";
-import { OpenApiGroup, OpenApiHandlers } from "@executor-js/plugin-openapi/api";
-import { McpGroup, McpHandlers } from "@executor-js/plugin-mcp/api";
-import { GraphqlGroup, GraphqlHandlers } from "@executor-js/plugin-graphql/api";
+  CoreHandlers,
+  composePluginApi,
+  composePluginHandlerLayer,
+} from "@executor-js/api/server";
 
+import { cloudPlugins } from "./cloud-plugins";
 import { UserStoreService } from "../auth/context";
 import { WorkOSAuth } from "../auth/workos";
 import { AutumnService } from "../services/autumn";
@@ -30,9 +29,13 @@ import { ErrorCaptureLive } from "../observability";
 // it INSIDE the router middleware (wrong order), and added a second auth
 // pass on top of the existing one in `protected.ts`'s outer effect. The
 // router-middleware approach folds both into one place.
-export const ProtectedCloudApi = CoreExecutorApi.add(OpenApiGroup)
-  .add(McpGroup)
-  .add(GraphqlGroup);
+//
+// `composePluginApi(cloudPlugins)` returns a precisely typed `HttpApi`
+// — the group union is derived from `typeof cloudPlugins` via the
+// plugin spec's `TGroup` generic. Test harness clients type via
+// `HttpApiClient.ForApi<typeof ProtectedCloudApi>` directly, with no
+// per-plugin Group imports at the host.
+export const ProtectedCloudApi = composePluginApi(cloudPlugins);
 
 const ObservabilityLive = observabilityMiddleware(ProtectedCloudApi);
 
@@ -49,14 +52,14 @@ export const SharedServices = Layer.mergeAll(
 
 export const RouterConfig = Layer.succeed(HttpRouter.RouterConfig)({ maxParamLength: 1000 });
 
-// Every handler the ProtectedCloudApi routes to. The test harness builds
-// its own api-live by merging this with its own per-request middleware
-// fakes; prod uses `ProtectedCloudApiLive` below.
+// Every handler the ProtectedCloudApi routes to. Plugin handler layers
+// are late-binding — they require their plugin's `extensionService`
+// Tag, which the per-request `ExecutionStackMiddleware` satisfies via
+// `providePluginExtensions`. The test harness mirrors this; nothing
+// else needs to know which plugins are wired.
 export const ProtectedCloudApiHandlers = Layer.mergeAll(
   CoreHandlers,
-  OpenApiHandlers,
-  McpHandlers,
-  GraphqlHandlers,
+  composePluginHandlerLayer(cloudPlugins),
 );
 
 // `ErrorCaptureLive` is provided above the handler + middleware layers
diff --git a/apps/cloud/src/api/protected.ts b/apps/cloud/src/api/protected.ts
index 608eed7a7..bbdc096e7 100644
--- a/apps/cloud/src/api/protected.ts
+++ b/apps/cloud/src/api/protected.ts
@@ -12,11 +12,11 @@ import { Effect, Layer } from "effect";
 import {
   ExecutionEngineService,
   ExecutorService,
+  providePluginExtensions,
+  type PluginExtensionServices,
 } from "@executor-js/api/server";
-import { OpenApiExtensionService } from "@executor-js/plugin-openapi/api";
-import { McpExtensionService } from "@executor-js/plugin-mcp/api";
-import { GraphqlExtensionService } from "@executor-js/plugin-graphql/api";
 
+import { cloudPlugins, type CloudPlugins } from "./cloud-plugins";
 import { AuthContext } from "../auth/middleware";
 import { authorizeOrganization } from "../auth/authorize-organization";
 import { UserStoreService } from "../auth/context";
@@ -33,23 +33,10 @@ import {
 } from "./protected-layers";
 import { requestScopedMiddleware } from "./request-scoped";
 
-// One `HttpRouter` middleware that:
-//   1. authenticates the WorkOS sealed session,
-//   2. verifies live org membership (closes the JWT-cache gap — see
-//      `auth/authorize-organization.ts`),
-//   3. resolves the org name,
-//   4. builds the per-request executor + engine,
-//   5. provides `AuthContext` + the execution-stack services to the handler.
-//
-// Replaces both the old outer `Effect.gen` in this file (which did its own
-// WorkOS lookup) and the per-route `OrgAuth` HttpApiMiddleware (which did
-// a second one).
-//
-// Errors are NOT caught here: failures propagate as typed errors and are
-// rendered to a JSON response by the framework's `Respondable` pipeline
-// (see `HttpResponseError` in `./error-response.ts`). Letting `unhandled`
-// pass through is what satisfies `HttpRouter.middleware`'s brand check
-// without any type casts.
+// Pre-compute the per-plugin `Effect.provideService(extensionService,
+// executor[id])` chain. The plugin spec carries the Service tag so
+// this file doesn't import each plugin's `*/api` directly.
+const provideExecutorExtensions = providePluginExtensions(cloudPlugins);
 
 // One `HttpRouter` middleware that:
 //   1. authenticates the WorkOS sealed session,
@@ -74,13 +61,15 @@ import { requestScopedMiddleware } from "./request-scoped";
 // fresh per request so the postgres.js socket lives in the request
 // fiber's scope, not the worker's boot scope.
 const ExecutionStackMiddleware = HttpRouter.middleware<{
+  // The plugin extension Services this middleware satisfies are derived
+  // from `typeof cloudPlugins` — no per-plugin `*ExtensionService`
+  // imports at the host. Runtime binding mirrors the type:
+  // `providePluginExtensions(cloudPlugins)(executor)` below.
   provides:
     | AuthContext
     | ExecutorService
     | ExecutionEngineService
-    | OpenApiExtensionService
-    | McpExtensionService
-    | GraphqlExtensionService;
+    | PluginExtensionServices<CloudPlugins>;
 }>()(
   Effect.gen(function* () {
     const longLived = yield* Effect.context<WorkOSAuth | AutumnService>();
@@ -117,9 +106,7 @@ const ExecutionStackMiddleware = HttpRouter.middleware<{
           Effect.provideService(AuthContext, auth),
           Effect.provideService(ExecutorService, executor),
           Effect.provideService(ExecutionEngineService, engine),
-          Effect.provideService(OpenApiExtensionService, executor.openapi),
-          Effect.provideService(McpExtensionService, executor.mcp),
-          Effect.provideService(GraphqlExtensionService, executor.graphql),
+          provideExecutorExtensions(executor),
         );
       }).pipe(Effect.provideContext(longLived));
   }),
diff --git a/apps/cloud/src/mcp-session.e2e.node.test.ts b/apps/cloud/src/mcp-session.e2e.node.test.ts
index a7dfdcb2c..0f8eac095 100644
--- a/apps/cloud/src/mcp-session.e2e.node.test.ts
+++ b/apps/cloud/src/mcp-session.e2e.node.test.ts
@@ -37,11 +37,7 @@ import {
   makePostgresAdapter,
   makePostgresBlobStore,
 } from "@executor-js/storage-postgres";
-import { openApiPlugin } from "@executor-js/plugin-openapi";
-import { mcpPlugin } from "@executor-js/plugin-mcp";
-import { graphqlPlugin } from "@executor-js/plugin-graphql";
-import { workosVaultPlugin } from "@executor-js/plugin-workos-vault";
-
+import executorConfig from "../executor.config";
 import { DbService } from "./services/db";
 import { makeFakeVaultClient } from "./services/__test-harness__/api-harness";
 
@@ -105,12 +101,9 @@ const buildScopedExecutor = (
 ) =>
   Effect.gen(function* () {
     const { db } = yield* DbService;
-    const basePlugins = [
-      openApiPlugin(),
-      mcpPlugin({ dangerouslyAllowStdioMCP: false }),
-      graphqlPlugin(),
-      workosVaultPlugin({ client: makeFakeVaultClient() }),
-    ] as const;
+    const basePlugins = executorConfig.plugins({
+      workosVaultClient: makeFakeVaultClient(),
+    });
     const plugins = options.withElicitingPlugin
       ? ([...basePlugins, elicitingTestPlugin()] as const)
       : basePlugins;
diff --git a/apps/cloud/src/routes/__root.tsx b/apps/cloud/src/routes/__root.tsx
index 8b81b5c2b..5374743dc 100644
--- a/apps/cloud/src/routes/__root.tsx
+++ b/apps/cloud/src/routes/__root.tsx
@@ -7,6 +7,8 @@ import { PostHogProvider } from "posthog-js/react";
 import { ExecutorProvider } from "@executor-js/react/api/provider";
 import { Skeleton } from "@executor-js/react/components/skeleton";
 import { Toaster } from "@executor-js/react/components/sonner";
+import { ExecutorPluginsProvider } from "@executor-js/sdk/client";
+import { plugins as clientPlugins } from "virtual:executor/plugins-client";
 import { AuthProvider, useAuth } from "../web/auth";
 import { LoginPage } from "../web/pages/login";
 import { OnboardingPage } from "../web/pages/onboarding";
@@ -161,8 +163,10 @@ function AuthGate() {
   return (
     <AutumnProvider pathPrefix="/api/autumn">
       <ExecutorProvider fallback={<ShellSkeleton />}>
-        <Shell />
-        <Toaster />
+        <ExecutorPluginsProvider plugins={clientPlugins}>
+          <Shell />
+          <Toaster />
+        </ExecutorPluginsProvider>
       </ExecutorProvider>
     </AutumnProvider>
   );
diff --git a/apps/cloud/src/routes/index.tsx b/apps/cloud/src/routes/index.tsx
index ad2a93e7e..01273b87a 100644
--- a/apps/cloud/src/routes/index.tsx
+++ b/apps/cloud/src/routes/index.tsx
@@ -1,11 +1,6 @@
 import { createFileRoute } from "@tanstack/react-router";
 import { SourcesPage } from "@executor-js/react/pages/sources";
-import { openApiSourcePlugin } from "@executor-js/plugin-openapi/react";
-import { mcpSourcePlugin } from "@executor-js/plugin-mcp/react";
-import { graphqlSourcePlugin } from "@executor-js/plugin-graphql/react";
-
-const sourcePlugins = [openApiSourcePlugin, mcpSourcePlugin, graphqlSourcePlugin];
 
 export const Route = createFileRoute("/")({
-  component: () => <SourcesPage sourcePlugins={sourcePlugins} />,
+  component: SourcesPage,
 });
diff --git a/apps/cloud/src/routes/secrets.tsx b/apps/cloud/src/routes/secrets.tsx
index 40904354c..aff164652 100644
--- a/apps/cloud/src/routes/secrets.tsx
+++ b/apps/cloud/src/routes/secrets.tsx
@@ -4,7 +4,6 @@ import { SecretsPage } from "@executor-js/react/pages/secrets";
 export const Route = createFileRoute("/secrets")({
   component: () => (
     <SecretsPage
-      secretProviderPlugins={[]}
       addSecretDescription="Store a credential or API key for this organization."
       showProviderInfo={false}
       storageOptions={[{ value: "workos-vault", label: "WorkOS Vault" }]}
diff --git a/apps/cloud/src/routes/sources.$namespace.tsx b/apps/cloud/src/routes/sources.$namespace.tsx
index bc2f336b3..2bcdcce73 100644
--- a/apps/cloud/src/routes/sources.$namespace.tsx
+++ b/apps/cloud/src/routes/sources.$namespace.tsx
@@ -1,14 +1,9 @@
 import { createFileRoute } from "@tanstack/react-router";
 import { SourceDetailPage } from "@executor-js/react/pages/source-detail";
-import { openApiSourcePlugin } from "@executor-js/plugin-openapi/react";
-import { mcpSourcePlugin } from "@executor-js/plugin-mcp/react";
-import { graphqlSourcePlugin } from "@executor-js/plugin-graphql/react";
-
-const sourcePlugins = [openApiSourcePlugin, mcpSourcePlugin, graphqlSourcePlugin];
 
 export const Route = createFileRoute("/sources/$namespace")({
   component: () => {
     const { namespace } = Route.useParams();
-    return <SourceDetailPage namespace={namespace} sourcePlugins={sourcePlugins} />;
+    return <SourceDetailPage namespace={namespace} />;
   },
 });
diff --git a/apps/cloud/src/routes/sources.add.$pluginKey.tsx b/apps/cloud/src/routes/sources.add.$pluginKey.tsx
index f6a849eaa..9d5043201 100644
--- a/apps/cloud/src/routes/sources.add.$pluginKey.tsx
+++ b/apps/cloud/src/routes/sources.add.$pluginKey.tsx
@@ -1,11 +1,6 @@
 import { Schema } from "effect";
 import { createFileRoute } from "@tanstack/react-router";
 import { SourcesAddPage } from "@executor-js/react/pages/sources-add";
-import { openApiSourcePlugin } from "@executor-js/plugin-openapi/react";
-import { mcpSourcePlugin } from "@executor-js/plugin-mcp/react";
-import { graphqlSourcePlugin } from "@executor-js/plugin-graphql/react";
-
-const sourcePlugins = [openApiSourcePlugin, mcpSourcePlugin, graphqlSourcePlugin];
 
 const SearchParams = Schema.toStandardSchemaV1(
   Schema.Struct({
@@ -26,7 +21,6 @@ export const Route = createFileRoute("/sources/add/$pluginKey")({
         url={url}
         preset={preset}
         namespace={namespace}
-        sourcePlugins={sourcePlugins}
       />
     );
   },
diff --git a/apps/cloud/src/services/__test-harness__/api-harness.ts b/apps/cloud/src/services/__test-harness__/api-harness.ts
index 2810ed5da..3183f34ab 100644
--- a/apps/cloud/src/services/__test-harness__/api-harness.ts
+++ b/apps/cloud/src/services/__test-harness__/api-harness.ts
@@ -26,6 +26,8 @@ import {
 import {
   ExecutionEngineService,
   ExecutorService,
+  providePluginExtensions,
+  type PluginExtensionServices,
 } from "@executor-js/api/server";
 import { createExecutionEngine } from "@executor-js/execution";
 import { makeQuickJsExecutor } from "@executor-js/runtime-quickjs";
@@ -39,20 +41,14 @@ import {
   makePostgresAdapter,
   makePostgresBlobStore,
 } from "@executor-js/storage-postgres";
-import { openApiPlugin } from "@executor-js/plugin-openapi";
-import { mcpPlugin } from "@executor-js/plugin-mcp";
-import { graphqlPlugin } from "@executor-js/plugin-graphql";
 import {
-  workosVaultPlugin,
   WorkOSVaultClientError,
   type WorkOSVaultClient,
   type WorkOSVaultObject,
   type WorkOSVaultObjectMetadata,
 } from "@executor-js/plugin-workos-vault";
-import { OpenApiExtensionService } from "@executor-js/plugin-openapi/api";
-import { McpExtensionService } from "@executor-js/plugin-mcp/api";
-import { GraphqlExtensionService } from "@executor-js/plugin-graphql/api";
 
+import executorConfig from "../../../executor.config";
 import { AuthContext } from "../../auth/middleware";
 import {
   ProtectedCloudApi,
@@ -174,6 +170,7 @@ export const makeFakeVaultClient = (): WorkOSVaultClient => {
 // ---------------------------------------------------------------------------
 
 const fakeVault = makeFakeVaultClient();
+const testPlugins = executorConfig.plugins({ workosVaultClient: fakeVault });
 
 const createTestScopedExecutor = (
   userId: string,
@@ -182,12 +179,7 @@ const createTestScopedExecutor = (
 ) =>
   Effect.gen(function* () {
     const { db } = yield* DbService;
-    const plugins = [
-      openApiPlugin(),
-      mcpPlugin({ dangerouslyAllowStdioMCP: false }),
-      graphqlPlugin(),
-      workosVaultPlugin({ client: fakeVault }),
-    ] as const;
+    const plugins = testPlugins;
     const schema = collectSchemas(plugins);
     const adapter = makePostgresAdapter({ db, schema });
     const blobs = makePostgresBlobStore({ db });
@@ -225,15 +217,14 @@ const TestExecutionStackMiddleware = HttpRouter.middleware<{
     | AuthContext
     | ExecutorService
     | ExecutionEngineService
-    | OpenApiExtensionService
-    | McpExtensionService
-    | GraphqlExtensionService;
+    | PluginExtensionServices<typeof testPlugins>;
 }>()(
   // Layer-time setup — captures `DbService` so the per-request function
   // only depends on `HttpRouter`-Provided context. See `api/protected.ts`
   // for the same pattern.
   Effect.gen(function* () {
     const context = yield* Effect.context<DbService>();
+    const provideExecutorExtensions = providePluginExtensions(testPlugins);
     return (httpEffect) =>
       Effect.gen(function* () {
         const request = yield* HttpServerRequest.HttpServerRequest;
@@ -265,9 +256,7 @@ const TestExecutionStackMiddleware = HttpRouter.middleware<{
           ),
           Effect.provideService(ExecutorService, executor),
           Effect.provideService(ExecutionEngineService, engine),
-          Effect.provideService(OpenApiExtensionService, executor.openapi),
-          Effect.provideService(McpExtensionService, executor.mcp),
-          Effect.provideService(GraphqlExtensionService, executor.graphql),
+          provideExecutorExtensions(executor),
         );
       }).pipe(Effect.provideContext(context));
   }),
diff --git a/apps/cloud/src/services/executor.ts b/apps/cloud/src/services/executor.ts
index eaf6848a0..33d9d8f54 100644
--- a/apps/cloud/src/services/executor.ts
+++ b/apps/cloud/src/services/executor.ts
@@ -20,36 +20,27 @@ import {
   makePostgresAdapter,
   makePostgresBlobStore,
 } from "@executor-js/storage-postgres";
-import { openApiPlugin } from "@executor-js/plugin-openapi";
-import { mcpPlugin } from "@executor-js/plugin-mcp";
-import { graphqlPlugin } from "@executor-js/plugin-graphql";
-import { workosVaultPlugin } from "@executor-js/plugin-workos-vault";
 
 import { env } from "cloudflare:workers";
+import executorConfig from "../../executor.config";
 import { DbService } from "./db";
 
 // ---------------------------------------------------------------------------
-// Plugin list — one place, used for both the runtime and the CLI config
-// (executor.config.ts). No stdio MCP in cloud; no keychain/file-secrets/
-// 1password/google-discovery.
-//
-// NOTE: the CLI config (executor.config.ts) imports these same plugins with
-// stub credentials because it only reads `plugin.schema`. Here we pass
-// real credentials from the env.
+// Plugin list lives in `executor.config.ts` — that file is the single
+// source of truth, also consumed by the schema-gen CLI and the test
+// harness. Per-request runtime values (WorkOS credentials from the
+// Worker env) are passed through the factory's `deps` parameter.
 // ---------------------------------------------------------------------------
 
-const createOrgPlugins = () =>
-  [
-    openApiPlugin(),
-    mcpPlugin({ dangerouslyAllowStdioMCP: false }),
-    graphqlPlugin(),
-    workosVaultPlugin({
-      credentials: {
-        apiKey: env.WORKOS_API_KEY,
-        clientId: env.WORKOS_CLIENT_ID,
-      },
-    }),
-  ] as const;
+export type CloudPlugins = ReturnType<typeof executorConfig.plugins>;
+
+const orgPlugins = (): CloudPlugins =>
+  executorConfig.plugins({
+    workosCredentials: {
+      apiKey: env.WORKOS_API_KEY,
+      clientId: env.WORKOS_CLIENT_ID,
+    },
+  });
 
 // ---------------------------------------------------------------------------
 // Create a fresh executor for a (user, org) pair (stateless, per-request).
@@ -74,7 +65,7 @@ export const createScopedExecutor = (
   Effect.gen(function* () {
     const { db } = yield* DbService;
 
-    const plugins = createOrgPlugins();
+    const plugins = orgPlugins();
     const schema = collectSchemas(plugins);
     const adapter = makePostgresAdapter({ db, schema });
     const blobs = makePostgresBlobStore({ db });
diff --git a/apps/cloud/src/vite-env.d.ts b/apps/cloud/src/vite-env.d.ts
index 11f02fe2a..4c4f44cb3 100644
--- a/apps/cloud/src/vite-env.d.ts
+++ b/apps/cloud/src/vite-env.d.ts
@@ -1 +1,6 @@
 /// <reference types="vite/client" />
+
+declare module "virtual:executor/plugins-client" {
+  import type { ClientPluginSpec } from "@executor-js/sdk/client";
+  export const plugins: readonly ClientPluginSpec[];
+}
diff --git a/apps/cloud/src/web/shell.tsx b/apps/cloud/src/web/shell.tsx
index d42602499..a8f4825d9 100644
--- a/apps/cloud/src/web/shell.tsx
+++ b/apps/cloud/src/web/shell.tsx
@@ -29,9 +29,6 @@ import {
 } from "@executor-js/react/components/dropdown-menu";
 import { SourceFavicon } from "@executor-js/react/components/source-favicon";
 import { CommandPalette } from "@executor-js/react/components/command-palette";
-import { openApiSourcePlugin } from "@executor-js/plugin-openapi/react";
-import { mcpSourcePlugin } from "@executor-js/plugin-mcp/react";
-import { graphqlSourcePlugin } from "@executor-js/plugin-graphql/react";
 import { authWriteKeys } from "@executor-js/react/api/reactivity-keys";
 import { AUTH_PATHS } from "../auth/api";
 import { organizationsAtom, switchOrganization, useAuth } from "./auth";
@@ -40,8 +37,6 @@ import {
   useCreateOrganizationForm,
 } from "./components/create-organization-form";
 
-const sourcePlugins = [openApiSourcePlugin, mcpSourcePlugin, graphqlSourcePlugin];
-
 // ── NavItem ──────────────────────────────────────────────────────────────
 
 function NavItem(props: { to: string; label: string; active: boolean; onNavigate?: () => void }) {
@@ -430,7 +425,7 @@ export function Shell() {
 
   return (
     <div className="flex h-screen overflow-hidden">
-      <CommandPalette sourcePlugins={sourcePlugins} />
+      <CommandPalette />
       {/* Desktop sidebar */}
       <aside className="hidden w-52 shrink-0 border-r border-sidebar-border bg-sidebar md:flex md:flex-col lg:w-56">
         <SidebarContent pathname={pathname} />
diff --git a/apps/cloud/vite.config.ts b/apps/cloud/vite.config.ts
index e915bd205..4e32daad2 100644
--- a/apps/cloud/vite.config.ts
+++ b/apps/cloud/vite.config.ts
@@ -3,6 +3,7 @@ import { cloudflare } from "@cloudflare/vite-plugin";
 import { tanstackStart } from "@tanstack/react-start/plugin/vite";
 import react from "@vitejs/plugin-react";
 import tailwindcss from "@tailwindcss/vite";
+import executorVitePlugin from "@executor-js/vite-plugin";
 
 // Dev-only: the cloudflare vite-plugin bridges outbound fetches (JWKS,
 // OAuth metadata proxy, etc.) through node undici in the host process. If
@@ -36,6 +37,7 @@ export default defineConfig({
   plugins: [
     devCrashGuard(),
     tailwindcss(),
+    executorVitePlugin(),
     cloudflare({ viteEnvironment: { name: "ssr" }, inspectorPort: false }),
     tanstackStart(),
     react(),
diff --git a/apps/local/executor.config.ts b/apps/local/executor.config.ts
index eac67f07e..47999e4e2 100644
--- a/apps/local/executor.config.ts
+++ b/apps/local/executor.config.ts
@@ -1,23 +1,38 @@
 import { defineExecutorConfig } from "@executor-js/sdk";
+import type { ConfigFileSink } from "@executor-js/config";
 import { openApiPlugin } from "@executor-js/plugin-openapi";
 import { mcpPlugin } from "@executor-js/plugin-mcp";
 import { googleDiscoveryPlugin } from "@executor-js/plugin-google-discovery";
 import { graphqlPlugin } from "@executor-js/plugin-graphql";
+import { keychainPlugin } from "@executor-js/plugin-keychain";
+import { fileSecretsPlugin } from "@executor-js/plugin-file-secrets";
+import { onepasswordPlugin } from "@executor-js/plugin-onepassword";
 
 // ---------------------------------------------------------------------------
-// Executor config for CLI schema generation (local / sqlite).
+// Single source of truth for the local app's plugin list.
 //
-// The CLI reads `plugins` + `dialect` to produce a drizzle schema file.
-// Only plugins with a `schema` need to be listed — keychain,
-// file-secrets, and onepassword are runtime-only (no DB tables).
+// Consumed by:
+//   - the schema-gen CLI (reads `plugin.schema` only; calls `plugins({})`)
+//   - the host runtime (calls `plugins({ configFile })` with a real sink)
+//
+// `TDeps` is inferred from the factory parameter annotation directly.
+// First-party and third-party plugins use the same import-and-call flow.
 // ---------------------------------------------------------------------------
 
+interface LocalPluginDeps {
+  readonly configFile?: ConfigFileSink;
+}
+
 export default defineExecutorConfig({
   dialect: "sqlite",
-  plugins: [
-    openApiPlugin(),
-    mcpPlugin({ dangerouslyAllowStdioMCP: true }),
-    googleDiscoveryPlugin(),
-    graphqlPlugin(),
-  ],
+  plugins: ({ configFile }: LocalPluginDeps = {}) =>
+    [
+      openApiPlugin({ configFile }),
+      mcpPlugin({ dangerouslyAllowStdioMCP: true, configFile }),
+      googleDiscoveryPlugin(),
+      graphqlPlugin({ configFile }),
+      keychainPlugin(),
+      fileSecretsPlugin(),
+      onepasswordPlugin(),
+    ] as const,
 });
diff --git a/apps/local/package.json b/apps/local/package.json
index 53ddc2ae7..0d2f88af6 100644
--- a/apps/local/package.json
+++ b/apps/local/package.json
@@ -10,7 +10,7 @@
     "dev": "bun run dev:proxy && bun run dev:vite",
     "dev:proxy": "portless proxy start --multiplex --port 1355 || true",
     "dev:vite": "portless --name executor-local bunx --bun vite dev",
-    "build": "bunx --bun vite build",
+    "build": "turbo run build --filter @executor-js/vite-plugin && bunx --bun vite build",
     "start": "bun run src/serve.ts",
     "db:schema": "node --import jiti/register ../../packages/core/cli/src/index.ts generate --config ./executor.config.ts --output ./src/server/executor-schema.ts",
     "db:generate": "drizzle-kit generate",
@@ -37,6 +37,7 @@
     "@executor-js/runtime-quickjs": "workspace:*",
     "@executor-js/sdk": "workspace:*",
     "@executor-js/storage-file": "workspace:*",
+    "@executor-js/vite-plugin": "workspace:*",
     "@modelcontextprotocol/sdk": "^1.12.1",
     "@tanstack/react-router": "catalog:",
     "drizzle-orm": "catalog:",
diff --git a/apps/local/src/routeTree.gen.ts b/apps/local/src/routeTree.gen.ts
index 6be174a26..d238fcfda 100644
--- a/apps/local/src/routeTree.gen.ts
+++ b/apps/local/src/routeTree.gen.ts
@@ -16,6 +16,7 @@ import { Route as ConnectionsRouteImport } from './routes/connections'
 import { Route as IndexRouteImport } from './routes/index'
 import { Route as SourcesNamespaceRouteImport } from './routes/sources.$namespace'
 import { Route as SourcesAddPluginKeyRouteImport } from './routes/sources.add.$pluginKey'
+import { Route as PluginsPluginIdSplatRouteImport } from './routes/plugins.$pluginId.$'
 
 const ToolsRoute = ToolsRouteImport.update({
   id: '/tools',
@@ -52,6 +53,11 @@ const SourcesAddPluginKeyRoute = SourcesAddPluginKeyRouteImport.update({
   path: '/sources/add/$pluginKey',
   getParentRoute: () => rootRouteImport,
 } as any)
+const PluginsPluginIdSplatRoute = PluginsPluginIdSplatRouteImport.update({
+  id: '/plugins/$pluginId/$',
+  path: '/plugins/$pluginId/$',
+  getParentRoute: () => rootRouteImport,
+} as any)
 
 export interface FileRoutesByFullPath {
   '/': typeof IndexRoute
@@ -60,6 +66,7 @@ export interface FileRoutesByFullPath {
   '/secrets': typeof SecretsRoute
   '/tools': typeof ToolsRoute
   '/sources/$namespace': typeof SourcesNamespaceRoute
+  '/plugins/$pluginId/$': typeof PluginsPluginIdSplatRoute
   '/sources/add/$pluginKey': typeof SourcesAddPluginKeyRoute
 }
 export interface FileRoutesByTo {
@@ -69,6 +76,7 @@ export interface FileRoutesByTo {
   '/secrets': typeof SecretsRoute
   '/tools': typeof ToolsRoute
   '/sources/$namespace': typeof SourcesNamespaceRoute
+  '/plugins/$pluginId/$': typeof PluginsPluginIdSplatRoute
   '/sources/add/$pluginKey': typeof SourcesAddPluginKeyRoute
 }
 export interface FileRoutesById {
@@ -79,6 +87,7 @@ export interface FileRoutesById {
   '/secrets': typeof SecretsRoute
   '/tools': typeof ToolsRoute
   '/sources/$namespace': typeof SourcesNamespaceRoute
+  '/plugins/$pluginId/$': typeof PluginsPluginIdSplatRoute
   '/sources/add/$pluginKey': typeof SourcesAddPluginKeyRoute
 }
 export interface FileRouteTypes {
@@ -90,6 +99,7 @@ export interface FileRouteTypes {
     | '/secrets'
     | '/tools'
     | '/sources/$namespace'
+    | '/plugins/$pluginId/$'
     | '/sources/add/$pluginKey'
   fileRoutesByTo: FileRoutesByTo
   to:
@@ -99,6 +109,7 @@ export interface FileRouteTypes {
     | '/secrets'
     | '/tools'
     | '/sources/$namespace'
+    | '/plugins/$pluginId/$'
     | '/sources/add/$pluginKey'
   id:
     | '__root__'
@@ -108,6 +119,7 @@ export interface FileRouteTypes {
     | '/secrets'
     | '/tools'
     | '/sources/$namespace'
+    | '/plugins/$pluginId/$'
     | '/sources/add/$pluginKey'
   fileRoutesById: FileRoutesById
 }
@@ -118,6 +130,7 @@ export interface RootRouteChildren {
   SecretsRoute: typeof SecretsRoute
   ToolsRoute: typeof ToolsRoute
   SourcesNamespaceRoute: typeof SourcesNamespaceRoute
+  PluginsPluginIdSplatRoute: typeof PluginsPluginIdSplatRoute
   SourcesAddPluginKeyRoute: typeof SourcesAddPluginKeyRoute
 }
 
@@ -172,6 +185,13 @@ declare module '@tanstack/react-router' {
       preLoaderRoute: typeof SourcesAddPluginKeyRouteImport
       parentRoute: typeof rootRouteImport
     }
+    '/plugins/$pluginId/$': {
+      id: '/plugins/$pluginId/$'
+      path: '/plugins/$pluginId/$'
+      fullPath: '/plugins/$pluginId/$'
+      preLoaderRoute: typeof PluginsPluginIdSplatRouteImport
+      parentRoute: typeof rootRouteImport
+    }
   }
 }
 
@@ -182,6 +202,7 @@ const rootRouteChildren: RootRouteChildren = {
   SecretsRoute: SecretsRoute,
   ToolsRoute: ToolsRoute,
   SourcesNamespaceRoute: SourcesNamespaceRoute,
+  PluginsPluginIdSplatRoute: PluginsPluginIdSplatRoute,
   SourcesAddPluginKeyRoute: SourcesAddPluginKeyRoute,
 }
 export const routeTree = rootRouteImport
diff --git a/apps/local/src/routes/__root.tsx b/apps/local/src/routes/__root.tsx
index e21cc9674..a4938bc78 100644
--- a/apps/local/src/routes/__root.tsx
+++ b/apps/local/src/routes/__root.tsx
@@ -1,6 +1,8 @@
 import React from "react";
 import { createRootRoute } from "@tanstack/react-router";
 import { ExecutorProvider } from "@executor-js/react/api/provider";
+import { ExecutorPluginsProvider } from "@executor-js/sdk/client";
+import { plugins as clientPlugins } from "virtual:executor/plugins-client";
 import { Shell } from "../web/shell";
 
 export const Route = createRootRoute({
@@ -10,7 +12,9 @@ export const Route = createRootRoute({
 function RootComponent() {
   return (
     <ExecutorProvider>
-      <Shell />
+      <ExecutorPluginsProvider plugins={clientPlugins}>
+        <Shell />
+      </ExecutorPluginsProvider>
     </ExecutorProvider>
   );
 }
diff --git a/apps/local/src/routes/index.tsx b/apps/local/src/routes/index.tsx
index b6439dcc7..01273b87a 100644
--- a/apps/local/src/routes/index.tsx
+++ b/apps/local/src/routes/index.tsx
@@ -1,19 +1,6 @@
 import { createFileRoute } from "@tanstack/react-router";
 import { SourcesPage } from "@executor-js/react/pages/sources";
-import { openApiSourcePlugin } from "@executor-js/plugin-openapi/react";
-import { createMcpSourcePlugin } from "@executor-js/plugin-mcp/react";
-
-const mcpSourcePlugin = createMcpSourcePlugin({ allowStdio: true });
-import { googleDiscoverySourcePlugin } from "@executor-js/plugin-google-discovery/react";
-import { graphqlSourcePlugin } from "@executor-js/plugin-graphql/react";
-
-const sourcePlugins = [
-  openApiSourcePlugin,
-  mcpSourcePlugin,
-  googleDiscoverySourcePlugin,
-  graphqlSourcePlugin,
-];
 
 export const Route = createFileRoute("/")({
-  component: () => <SourcesPage sourcePlugins={sourcePlugins} />,
+  component: SourcesPage,
 });
diff --git a/apps/local/src/routes/plugins.$pluginId.$.tsx b/apps/local/src/routes/plugins.$pluginId.$.tsx
new file mode 100644
index 000000000..0682db09c
--- /dev/null
+++ b/apps/local/src/routes/plugins.$pluginId.$.tsx
@@ -0,0 +1,41 @@
+import { createFileRoute, notFound } from "@tanstack/react-router";
+import { useClientPlugins } from "@executor-js/sdk/client";
+
+// ---------------------------------------------------------------------------
+// /plugins/<pluginId>/<rest>
+//
+// Mounts pages contributed by client plugins. The host's
+// `<ExecutorPluginsProvider>` (set up at the root) materialises the
+// list of `ClientPluginSpec` from `virtual:executor/plugins-client`,
+// and this route reads it via `useClientPlugins()` — so adding a
+// plugin to `executor.config.ts` is sufficient for its pages to mount
+// here, with no per-route imports.
+//
+// Match logic is intentionally tiny: exact path equality between the URL
+// remainder and a `PageDecl.path`, with `""` and `/` treated as the
+// same root. Plugins that want parameterized paths can build their own
+// in-component routing for now.
+// ---------------------------------------------------------------------------
+
+export const Route = createFileRoute("/plugins/$pluginId/$")({
+  component: PluginRouteComponent,
+});
+
+function normalizePath(input: string): string {
+  if (!input || input === "/") return "/";
+  return input.startsWith("/") ? input : `/${input}`;
+}
+
+function PluginRouteComponent() {
+  const { pluginId, _splat: rest } = Route.useParams();
+  const plugins = useClientPlugins();
+  const plugin = plugins.find((p) => p.id === pluginId);
+  if (!plugin) throw notFound();
+
+  const target = normalizePath(rest ?? "/");
+  const page = plugin.pages?.find((p) => normalizePath(p.path) === target);
+  if (!page) throw notFound();
+
+  const Component = page.component;
+  return <Component />;
+}
diff --git a/apps/local/src/routes/secrets.tsx b/apps/local/src/routes/secrets.tsx
index 6e1e3b65a..0b69f0b50 100644
--- a/apps/local/src/routes/secrets.tsx
+++ b/apps/local/src/routes/secrets.tsx
@@ -1,9 +1,6 @@
 import { createFileRoute } from "@tanstack/react-router";
 import { SecretsPage } from "@executor-js/react/pages/secrets";
-import { onePasswordSecretProviderPlugin } from "@executor-js/plugin-onepassword/react";
-
-const secretProviderPlugins = [onePasswordSecretProviderPlugin];
 
 export const Route = createFileRoute("/secrets")({
-  component: () => <SecretsPage secretProviderPlugins={secretProviderPlugins} />,
+  component: SecretsPage,
 });
diff --git a/apps/local/src/routes/sources.$namespace.tsx b/apps/local/src/routes/sources.$namespace.tsx
index 0d817dda8..2bcdcce73 100644
--- a/apps/local/src/routes/sources.$namespace.tsx
+++ b/apps/local/src/routes/sources.$namespace.tsx
@@ -1,22 +1,9 @@
 import { createFileRoute } from "@tanstack/react-router";
 import { SourceDetailPage } from "@executor-js/react/pages/source-detail";
-import { openApiSourcePlugin } from "@executor-js/plugin-openapi/react";
-import { createMcpSourcePlugin } from "@executor-js/plugin-mcp/react";
-
-const mcpSourcePlugin = createMcpSourcePlugin({ allowStdio: true });
-import { googleDiscoverySourcePlugin } from "@executor-js/plugin-google-discovery/react";
-import { graphqlSourcePlugin } from "@executor-js/plugin-graphql/react";
-
-const sourcePlugins = [
-  openApiSourcePlugin,
-  mcpSourcePlugin,
-  googleDiscoverySourcePlugin,
-  graphqlSourcePlugin,
-];
 
 export const Route = createFileRoute("/sources/$namespace")({
   component: () => {
     const { namespace } = Route.useParams();
-    return <SourceDetailPage namespace={namespace} sourcePlugins={sourcePlugins} />;
+    return <SourceDetailPage namespace={namespace} />;
   },
 });
diff --git a/apps/local/src/routes/sources.add.$pluginKey.tsx b/apps/local/src/routes/sources.add.$pluginKey.tsx
index d6bb92fc1..a1618a00a 100644
--- a/apps/local/src/routes/sources.add.$pluginKey.tsx
+++ b/apps/local/src/routes/sources.add.$pluginKey.tsx
@@ -1,19 +1,6 @@
 import { Schema } from "effect";
 import { createFileRoute } from "@tanstack/react-router";
 import { SourcesAddPage } from "@executor-js/react/pages/sources-add";
-import { openApiSourcePlugin } from "@executor-js/plugin-openapi/react";
-import { createMcpSourcePlugin } from "@executor-js/plugin-mcp/react";
-
-const mcpSourcePlugin = createMcpSourcePlugin({ allowStdio: true });
-import { googleDiscoverySourcePlugin } from "@executor-js/plugin-google-discovery/react";
-import { graphqlSourcePlugin } from "@executor-js/plugin-graphql/react";
-
-const sourcePlugins = [
-  openApiSourcePlugin,
-  mcpSourcePlugin,
-  googleDiscoverySourcePlugin,
-  graphqlSourcePlugin,
-];
 
 const SearchParams = Schema.toStandardSchemaV1(
   Schema.Struct({
@@ -27,13 +14,6 @@ export const Route = createFileRoute("/sources/add/$pluginKey")({
   component: () => {
     const { pluginKey } = Route.useParams();
     const { url, preset } = Route.useSearch();
-    return (
-      <SourcesAddPage
-        pluginKey={pluginKey}
-        url={url}
-        preset={preset}
-        sourcePlugins={sourcePlugins}
-      />
-    );
+    return <SourcesAddPage pluginKey={pluginKey} url={url} preset={preset} />;
   },
 });
diff --git a/apps/local/src/server/executor-schema.ts b/apps/local/src/server/executor-schema.ts
index 9643e422c..7edf427c7 100644
--- a/apps/local/src/server/executor-schema.ts
+++ b/apps/local/src/server/executor-schema.ts
@@ -235,3 +235,4 @@ export const blob = sqliteTable("blob", {
 }, (table) => [
   primaryKey({ columns: [table.namespace, table.key] }),
 ]);
+
diff --git a/apps/local/src/server/executor.ts b/apps/local/src/server/executor.ts
index 6e2e716bd..c36c0f461 100644
--- a/apps/local/src/server/executor.ts
+++ b/apps/local/src/server/executor.ts
@@ -27,17 +27,11 @@ import {
   makeSqliteBlobStore,
 } from "@executor-js/storage-file";
 import * as NodeFileSystem from "@effect/platform-node/NodeFileSystem";
-import { makeFileConfigSink, type ConfigFileSink } from "@executor-js/config";
+import { makeFileConfigSink } from "@executor-js/config";
 import * as executorSchema from "./executor-schema";
 
 import { syncFromConfig, resolveConfigPath } from "./config-sync";
-import { openApiPlugin } from "@executor-js/plugin-openapi";
-import { mcpPlugin } from "@executor-js/plugin-mcp";
-import { googleDiscoveryPlugin } from "@executor-js/plugin-google-discovery";
-import { graphqlPlugin } from "@executor-js/plugin-graphql";
-import { keychainPlugin } from "@executor-js/plugin-keychain";
-import { fileSecretsPlugin } from "@executor-js/plugin-file-secrets";
-import { onepasswordPlugin } from "@executor-js/plugin-onepassword";
+import executorConfig from "../../executor.config";
 
 // In dev mode the drizzle folder sits next to the source tree. In a compiled
 // binary the files are inlined via the build-time gen module below, and we
@@ -93,25 +87,18 @@ const makeScopeId = (cwd: string): string => {
   return `${folder}-${hash}`;
 };
 
-const createLocalPlugins = (configFile: ConfigFileSink) =>
-  [
-    openApiPlugin({ configFile }),
-    mcpPlugin({ dangerouslyAllowStdioMCP: true, configFile }),
-    googleDiscoveryPlugin(),
-    graphqlPlugin({ configFile }),
-    keychainPlugin(),
-    fileSecretsPlugin(),
-    onepasswordPlugin(),
-  ] as const;
+type LocalPlugins = ReturnType<typeof executorConfig.plugins>;
 
-type LocalPlugins = ReturnType<typeof createLocalPlugins>;
+interface LocalExecutorBundle {
+  readonly executor: Effect.Success<ReturnType<typeof createExecutor<LocalPlugins>>>;
+  readonly plugins: LocalPlugins;
+}
 
-class LocalExecutorTag extends Context.Service<
-  LocalExecutorTag,
-  Effect.Success<ReturnType<typeof createExecutor<LocalPlugins>>>
->()("@executor-js/local/Executor") {}
+class LocalExecutorTag extends Context.Service<LocalExecutorTag, LocalExecutorBundle>()(
+  "@executor-js/local/Executor",
+) {}
 
-export type LocalExecutor = Context.Service.Shape<typeof LocalExecutorTag>;
+export type LocalExecutor = LocalExecutorBundle["executor"];
 
 const createLocalExecutorLayer = () => {
   const { path: dbPath, legacySecrets } = resolveDbPath();
@@ -145,7 +132,7 @@ const createLocalExecutorLayer = () => {
         fsLayer: NodeFileSystem.layer,
       });
 
-      const plugins = createLocalPlugins(configFile);
+      const plugins = executorConfig.plugins({ configFile });
       const schema = collectSchemas(plugins);
       const adapter = makeSqliteAdapter({ db, schema });
       const blobs = makeSqliteBlobStore({ db });
@@ -170,7 +157,7 @@ const createLocalExecutorLayer = () => {
       // contains them.
       yield* syncFromConfig(executor, configPath);
 
-      return executor;
+      return { executor, plugins };
     }),
   );
 };
@@ -178,12 +165,13 @@ const createLocalExecutorLayer = () => {
 export const createExecutorHandle = async () => {
   const layer = createLocalExecutorLayer();
   const runtime = ManagedRuntime.make(layer);
-  const executor = await runtime.runPromise(LocalExecutorTag.asEffect());
+  const bundle = await runtime.runPromise(LocalExecutorTag.asEffect());
 
   return {
-    executor,
+    executor: bundle.executor,
+    plugins: bundle.plugins,
     dispose: async () => {
-      await Effect.runPromise(executor.close()).catch(() => undefined);
+      await Effect.runPromise(bundle.executor.close()).catch(() => undefined);
       await runtime.dispose().catch(() => undefined);
     },
   };
@@ -201,6 +189,7 @@ const loadSharedHandle = () => {
 };
 
 export const getExecutor = () => loadSharedHandle().then((handle) => handle.executor);
+export const getExecutorBundle = () => loadSharedHandle();
 
 export const disposeExecutor = async (): Promise<void> => {
   const currentHandlePromise = sharedHandlePromise;
diff --git a/apps/local/src/server/main.ts b/apps/local/src/server/main.ts
index 5f89a6170..3064da0e3 100644
--- a/apps/local/src/server/main.ts
+++ b/apps/local/src/server/main.ts
@@ -2,44 +2,36 @@ import { HttpApiBuilder, HttpApiSwagger } from "effect/unstable/httpapi";
 import { HttpRouter, HttpServer } from "effect/unstable/http";
 import { Context, Effect, Layer, ManagedRuntime } from "effect";
 
-import { addGroup, observabilityMiddleware } from "@executor-js/api";
-import { CoreHandlers, ExecutorService, ExecutionEngineService } from "@executor-js/api/server";
+import { observabilityMiddleware } from "@executor-js/api";
+import {
+  CoreHandlers,
+  ExecutorService,
+  ExecutionEngineService,
+  composePluginApi,
+  composePluginHandlers,
+} from "@executor-js/api/server";
 import { createExecutionEngine } from "@executor-js/execution";
 import { makeQuickJsExecutor } from "@executor-js/runtime-quickjs";
-import {
-  OpenApiGroup,
-  OpenApiHandlers,
-  OpenApiExtensionService,
-} from "@executor-js/plugin-openapi/api";
-import { McpGroup, McpHandlers, McpExtensionService } from "@executor-js/plugin-mcp/api";
-import {
-  GoogleDiscoveryGroup,
-  GoogleDiscoveryHandlers,
-  GoogleDiscoveryExtensionService,
-} from "@executor-js/plugin-google-discovery/api";
-import {
-  OnePasswordGroup,
-  OnePasswordHandlers,
-  OnePasswordExtensionService,
-} from "@executor-js/plugin-onepassword/api";
-import {
-  GraphqlGroup,
-  GraphqlHandlers,
-  GraphqlExtensionService,
-} from "@executor-js/plugin-graphql/api";
-import { getExecutor } from "./executor";
+import executorConfig from "../../executor.config";
+import { getExecutorBundle } from "./executor";
 import { createMcpRequestHandler, type McpRequestHandler } from "./mcp";
 import { ErrorCaptureLive } from "./observability";
 
 // ---------------------------------------------------------------------------
-// Local server API — core + all plugin groups
+// Local server API.
+//
+// Every plugin contributes its `HttpApiGroup` and handler `Layer` through
+// the spec (`routes()` / `handlers(self)` on `PluginSpec`); the host folds
+// the group list into a single `HttpApi` and merges the handler layers
+// into the runtime. No per-plugin imports here — adding a plugin to
+// `executor.config.ts` is sufficient.
+//
+// `plugins({})` is safe at module-eval time: `.routes()` doesn't touch
+// host deps; the `configFile` parameter only matters at runtime
+// invocation. The schema-gen CLI relies on the same property.
 // ---------------------------------------------------------------------------
 
-const LocalApi = addGroup(OpenApiGroup)
-  .add(McpGroup)
-  .add(GoogleDiscoveryGroup)
-  .add(OnePasswordGroup)
-  .add(GraphqlGroup);
+const LocalApi = composePluginApi(executorConfig.plugins());
 
 // `ErrorCaptureLive` logs causes to the console and returns a short
 // correlation id. Provided above the handler + middleware layers so
@@ -50,15 +42,6 @@ const LocalObservability = observabilityMiddleware(LocalApi);
 
 const LocalApiBase = HttpApiBuilder.layer(LocalApi).pipe(
   Layer.provide(CoreHandlers),
-  Layer.provide(
-    Layer.mergeAll(
-      OpenApiHandlers,
-      McpHandlers,
-      GoogleDiscoveryHandlers,
-      OnePasswordHandlers,
-      GraphqlHandlers,
-    ),
-  ),
   Layer.provide(LocalObservability),
   Layer.provide(ErrorCaptureLive),
 );
@@ -83,22 +66,20 @@ const closeServerHandlers = async (handlers: ServerHandlers): Promise<void> => {
 };
 
 export const createServerHandlers = async (): Promise<ServerHandlers> => {
-  const executor = await getExecutor();
+  const { executor, plugins } = await getExecutorBundle();
   const engine = createExecutionEngine({ executor, codeExecutor: makeQuickJsExecutor() });
 
-  // Handlers wrap their own bodies with `capture(...)` — the edge
-  // translation lives per-handler, not at service construction.
-  const pluginExtensions = Layer.mergeAll(
-    Layer.succeed(OpenApiExtensionService)(executor.openapi),
-    Layer.succeed(McpExtensionService)(executor.mcp),
-    Layer.succeed(GoogleDiscoveryExtensionService)(executor.googleDiscovery),
-    Layer.succeed(OnePasswordExtensionService)(executor.onepassword),
-    Layer.succeed(GraphqlExtensionService)(executor.graphql),
-  );
+  // Spec-based plugin handlers — each plugin's `handlers(self)` Layer is
+  // built against its own bundled HttpApi for full type safety inside the
+  // plugin, and merges into the runtime `LocalApi` by group identity.
+  // Each plugin's handler bodies that yield its `*ExtensionService` are
+  // satisfied because `composePluginHandlers` provides `executor[id]` to
+  // the plugin's own `Layer.succeed(*ExtensionService)(self)` wiring.
+  const SpecPluginHandlers = composePluginHandlers(plugins, executor);
 
   const localApiLayer = LocalApiBase.pipe(
     Layer.provideMerge(HttpApiSwagger.layer(LocalApi, { path: "/docs" })),
-    Layer.provideMerge(pluginExtensions),
+    Layer.provideMerge(SpecPluginHandlers),
     Layer.provideMerge(Layer.succeed(ExecutorService)(executor)),
     Layer.provideMerge(Layer.succeed(ExecutionEngineService)(engine)),
     Layer.provideMerge(HttpServer.layerServices),
diff --git a/apps/local/src/vite-env.d.ts b/apps/local/src/vite-env.d.ts
index 11f02fe2a..4c4f44cb3 100644
--- a/apps/local/src/vite-env.d.ts
+++ b/apps/local/src/vite-env.d.ts
@@ -1 +1,6 @@
 /// <reference types="vite/client" />
+
+declare module "virtual:executor/plugins-client" {
+  import type { ClientPluginSpec } from "@executor-js/sdk/client";
+  export const plugins: readonly ClientPluginSpec[];
+}
diff --git a/apps/local/src/web/shell.tsx b/apps/local/src/web/shell.tsx
index d0376cfff..be6e7804c 100644
--- a/apps/local/src/web/shell.tsx
+++ b/apps/local/src/web/shell.tsx
@@ -8,19 +8,7 @@ import { useScope, useScopeInfo } from "@executor-js/react/api/scope-context";
 import { Button } from "@executor-js/react/components/button";
 import { SourceFavicon } from "@executor-js/react/components/source-favicon";
 import { CommandPalette } from "@executor-js/react/components/command-palette";
-import { openApiSourcePlugin } from "@executor-js/plugin-openapi/react";
-import { createMcpSourcePlugin } from "@executor-js/plugin-mcp/react";
-
-const mcpSourcePlugin = createMcpSourcePlugin({ allowStdio: true });
-import { googleDiscoverySourcePlugin } from "@executor-js/plugin-google-discovery/react";
-import { graphqlSourcePlugin } from "@executor-js/plugin-graphql/react";
-
-const sourcePlugins = [
-  openApiSourcePlugin,
-  mcpSourcePlugin,
-  googleDiscoverySourcePlugin,
-  graphqlSourcePlugin,
-];
+import { useClientPlugins } from "@executor-js/sdk/client";
 
 // ── Env ─────────────────────────────────────────────────────────────────
 
@@ -222,6 +210,53 @@ function NavItem(props: { to: string; label: string; active: boolean; onNavigate
   );
 }
 
+// ── PluginNav ────────────────────────────────────────────────────────────
+//
+// Renders one nav link per plugin page that opted in via
+// `pages[].nav.label`. The catch-all `/plugins/$pluginId/$` route is the
+// mount point; the splat is the page's relative path with the leading
+// slash stripped.
+
+function PluginNav(props: { pathname: string; onNavigate?: () => void }) {
+  const plugins = useClientPlugins();
+  const entries = plugins.flatMap((plugin) =>
+    (plugin.pages ?? [])
+      .filter((page) => page.nav)
+      .map((page) => {
+        const splat = page.path.replace(/^\//, "");
+        const href = `/plugins/${plugin.id}${splat ? `/${splat}` : "/"}`;
+        return {
+          key: `${plugin.id}:${page.path}`,
+          pluginId: plugin.id,
+          splat,
+          href,
+          label: page.nav!.label,
+        };
+      }),
+  );
+  if (entries.length === 0) return null;
+  return (
+    <>
+      {entries.map((entry) => (
+        <Link
+          key={entry.key}
+          to="/plugins/$pluginId/$"
+          params={{ pluginId: entry.pluginId, _splat: entry.splat }}
+          onClick={props.onNavigate}
+          className={[
+            "flex items-center gap-2.5 rounded-md px-2.5 py-1.5 text-sm transition-colors",
+            props.pathname === entry.href || props.pathname.startsWith(`${entry.href}/`)
+              ? "bg-sidebar-active text-foreground font-medium"
+              : "text-sidebar-foreground hover:bg-sidebar-active/60 hover:text-foreground",
+          ].join(" ")}
+        >
+          {entry.label}
+        </Link>
+      ))}
+    </>
+  );
+}
+
 // ── SourceList ───────────────────────────────────────────────────────────
 
 function SourceList(props: { pathname: string; onNavigate?: () => void }) {
@@ -334,6 +369,8 @@ function SidebarContent(props: {
           onNavigate={props.onNavigate}
         />
 
+        <PluginNav pathname={props.pathname} onNavigate={props.onNavigate} />
+
         {/* Sources list */}
         <div className="mt-5 mb-1 px-2.5 text-xs font-medium uppercase tracking-widest text-muted-foreground">
           <span>Sources</span>
@@ -419,7 +456,7 @@ export function Shell() {
 
   return (
     <div className="flex h-screen overflow-hidden">
-      <CommandPalette sourcePlugins={sourcePlugins} />
+      <CommandPalette />
       {/* Desktop sidebar */}
       <aside className="hidden w-52 shrink-0 border-r border-sidebar-border bg-sidebar md:flex md:flex-col lg:w-56">
         <SidebarContent
diff --git a/apps/local/vite.config.ts b/apps/local/vite.config.ts
index aeb59c76a..22b3e2bba 100644
--- a/apps/local/vite.config.ts
+++ b/apps/local/vite.config.ts
@@ -4,6 +4,7 @@ import { defineConfig, type Plugin } from "vite";
 import react from "@vitejs/plugin-react";
 import tailwindcss from "@tailwindcss/vite";
 import { tanstackRouter } from "@tanstack/router-plugin/vite";
+import executorVitePlugin from "@executor-js/vite-plugin";
 
 const rootPackage = JSON.parse(
   readFileSync(new URL("../../package.json", import.meta.url), "utf8"),
@@ -109,6 +110,7 @@ export default defineConfig({
   },
   plugins: [
     tailwindcss(),
+    executorVitePlugin(),
     tanstackRouter({
       target: "react",
       autoCodeSplitting: true,
diff --git a/bun.lock b/bun.lock
index 66ae5cd86..5c7f07b5c 100644
--- a/bun.lock
+++ b/bun.lock
@@ -66,6 +66,7 @@
         "@executor-js/sdk": "workspace:*",
         "@executor-js/storage-core": "workspace:*",
         "@executor-js/storage-postgres": "workspace:*",
+        "@executor-js/vite-plugin": "workspace:*",
         "@microlabs/otel-cf-workers": "^1.0.0-rc.52",
         "@modelcontextprotocol/sdk": "^1.29.0",
         "@opentelemetry/api": "~1.9.0",
@@ -145,6 +146,7 @@
         "@executor-js/runtime-quickjs": "workspace:*",
         "@executor-js/sdk": "workspace:*",
         "@executor-js/storage-file": "workspace:*",
+        "@executor-js/vite-plugin": "workspace:*",
         "@modelcontextprotocol/sdk": "^1.12.1",
         "@tanstack/react-router": "catalog:",
         "drizzle-orm": "catalog:",
@@ -306,12 +308,23 @@
         "oauth4webapi": "^3.8.5",
       },
       "devDependencies": {
+        "@effect/atom-react": "catalog:",
         "@effect/vitest": "catalog:",
         "@types/node": "catalog:",
+        "@types/react": "catalog:",
+        "react": "catalog:",
         "tsup": "catalog:",
         "typescript": "catalog:",
         "vitest": "catalog:",
       },
+      "peerDependencies": {
+        "@effect/atom-react": "catalog:",
+        "react": "catalog:",
+      },
+      "optionalPeers": [
+        "@effect/atom-react",
+        "react",
+      ],
     },
     "packages/core/storage-core": {
       "name": "@executor-js/storage-core",
@@ -389,6 +402,25 @@
         "vitest": "catalog:",
       },
     },
+    "packages/core/vite-plugin": {
+      "name": "@executor-js/vite-plugin",
+      "version": "0.0.1",
+      "dependencies": {
+        "@executor-js/sdk": "workspace:*",
+        "jiti": "^2.6.1",
+      },
+      "devDependencies": {
+        "@effect/vitest": "catalog:",
+        "@types/node": "catalog:",
+        "tsup": "catalog:",
+        "typescript": "catalog:",
+        "vite": "catalog:",
+        "vitest": "catalog:",
+      },
+      "peerDependencies": {
+        "vite": "catalog:",
+      },
+    },
     "packages/hosts/mcp": {
       "name": "@executor-js/host-mcp",
       "version": "1.4.4",
@@ -499,6 +531,29 @@
         "vitest": "catalog:",
       },
     },
+    "packages/plugins/example": {
+      "name": "@executor-js/plugin-example",
+      "version": "0.0.1",
+      "dependencies": {
+        "@executor-js/sdk": "workspace:*",
+      },
+      "devDependencies": {
+        "@effect/vitest": "catalog:",
+        "@types/node": "catalog:",
+        "@types/react": "catalog:",
+        "bun-types": "catalog:",
+        "react": "catalog:",
+        "tsup": "catalog:",
+        "typescript": "catalog:",
+        "vitest": "catalog:",
+      },
+      "peerDependencies": {
+        "react": "catalog:",
+      },
+      "optionalPeers": [
+        "react",
+      ],
+    },
     "packages/plugins/file-secrets": {
       "name": "@executor-js/plugin-file-secrets",
       "version": "0.0.2",
@@ -1203,6 +1258,8 @@
 
     "@executor-js/marketing": ["@executor-js/marketing@workspace:apps/marketing"],
 
+    "@executor-js/plugin-example": ["@executor-js/plugin-example@workspace:packages/plugins/example"],
+
     "@executor-js/plugin-file-secrets": ["@executor-js/plugin-file-secrets@workspace:packages/plugins/file-secrets"],
 
     "@executor-js/plugin-google-discovery": ["@executor-js/plugin-google-discovery@workspace:packages/plugins/google-discovery"],
@@ -1239,6 +1296,8 @@
 
     "@executor-js/storage-postgres": ["@executor-js/storage-postgres@workspace:packages/core/storage-postgres"],
 
+    "@executor-js/vite-plugin": ["@executor-js/vite-plugin@workspace:packages/core/vite-plugin"],
+
     "@floating-ui/core": ["@floating-ui/core@1.7.5", "", { "dependencies": { "@floating-ui/utils": "^0.2.11" } }, "sha512-1Ih4WTWyw0+lKyFMcBHGbb5U5FtuHJuujoyyr5zTaWS5EYMeT6Jb2AuDeftsCsEuchO+mM2ij5+q9crhydzLhQ=="],
 
     "@floating-ui/dom": ["@floating-ui/dom@1.7.6", "", { "dependencies": { "@floating-ui/core": "^1.7.5", "@floating-ui/utils": "^0.2.11" } }, "sha512-9gZSAI5XM36880PPMm//9dfiEngYoC6Am2izES1FF406YFsjvyBMmeJ2g4SAju3xWwtuynNRFL2s9hgxpLI5SQ=="],
diff --git a/notes/dynamic-plugin-loading-v1.md b/notes/dynamic-plugin-loading-v1.md
new file mode 100644
index 000000000..709947d0e
--- /dev/null
+++ b/notes/dynamic-plugin-loading-v1.md
@@ -0,0 +1,1039 @@
+# Dynamic Plugin Loading — v1
+
+Date: 2026-05-02 (revised)
+
+> **Status: shipped.** The implementation lives on `main`. This doc was
+> revised after the fact to match what actually shipped — three things
+> changed from the original design:
+>
+> 1. `handlers(self) => Layer` became late-binding `handlers() => Layer`
+>    plus a `extensionService` Service tag on the spec. Cloud's
+>    per-request executor pattern needed the Tag to be satisfied at
+>    request time, not bake-in time. Local satisfies it eagerly via
+>    `composePluginHandlers`, cloud satisfies it per request via
+>    `providePluginExtensions`.
+> 2. `<ExecutorPluginsProvider>` was added in `@executor-js/sdk/client`
+>    so frontend pages read `useSourcePlugins()` / `useSecretProviderPlugins()`
+>    / `useClientPlugins()` from React context instead of taking
+>    plugin lists as props. Routes/shells stop importing per-app
+>    aggregator files.
+> 3. `SourcePlugin` and `SecretProviderPlugin` types moved to
+>    `@executor-js/sdk/client` and are populated as fields on
+>    `defineClientPlugin({ sourcePlugin, secretProviderPlugin })` so
+>    everything frontend-facing flows through `virtual:executor/plugins-client`.
+
+## Context
+
+Before this work, plugins were workspace deps statically imported in
+`apps/local/src/server/executor.ts` inside a `createLocalPlugins()`
+factory; the cloud app had its own equivalent in
+`apps/cloud/src/services/executor.ts`. They register secret providers,
+connection providers, and dynamic tools through `definePlugin`. The DX
+of authoring one was good — the problem was that adding a plugin meant
+editing host source. The goal: install plugins from npm and pick them
+up by editing config alone.
+
+The existing in-process plugin model already gets a lot right and we want to
+keep it: Effect-native everything, end-to-end type inference from schema →
+storage → extension → consumer (`executor[pluginId]`), scope-aware ctx, closure
+methods, zero-allocation static tools delegating via `staticSources(self) =>
+[...]`. Whatever changes here must preserve those properties.
+
+What's missing is registration of three new surfaces from a plugin:
+
+- **API routes** — HTTP endpoints owned by the plugin, contributed as an
+  `HttpApiGroup` so they compose into the host's existing typed `HttpApi`
+- **Frontend** — pages/widgets/components contributed to the host UI, with
+  reactive `AtomHttpApi`-backed clients matching the existing `toolsAtom` /
+  `sourcesAtom` pattern in `packages/react/src/api/atoms.tsx`
+- **SDK** — already present via `extension`; the new HTTP routes give the
+  frontend a typed reactive client without hand-written fetch glue
+
+## Goal and non-goals
+
+**v1 goals:**
+
+- A plugin is a single npm package. `bun add @executor-js/plugin-foo`,
+  add it to `executor.config.ts`, restart, and it works.
+- Plugins can register: extension methods (today), API routes (new),
+  frontend pages/widgets (new).
+- Frontend half gets a typed reactive client from the plugin's `HttpApiGroup`
+  via the same `AtomHttpApi` pattern the core uses today.
+- A plugin author can write the whole thing importing only from
+  `@executor-js/sdk` (and `@executor-js/sdk/client` on the frontend). Effect
+  imports are optional — for authors who want them, not required for those
+  who don't.
+- `executor.config.ts` is the single source of truth — same file consumed by
+  the schema-gen CLI and the runtime.
+- Type inference end-to-end stays intact (`executor.foo.method()` autocompletes).
+
+**Non-goals for v1:**
+
+- Cloud / multi-tenant deployment.
+- Electron desktop dynamism. Desktop builds bake plugins at build time.
+- Sandboxing, capability enforcement, marketplace, signing.
+- Hot reload of plugin code (restart is fine).
+- Loading plugins by string spec at runtime (we use import-and-call instead;
+  see decision #1).
+
+## Reference research summary
+
+Surveyed five plugin systems in `.reference/`:
+
+- **pi-mono** — filesystem scanning + jiti, factory function + ExtensionAPI.
+  Two-phase load (registration vs. action) is a clean idea.
+- **opencode** — string specs in JSONC, dynamic `import()`, hook trigger
+  pattern with `(input, output)` mutation.
+- **openclaw** — manifest-first control plane (`openclaw.plugin.json` declares
+  capabilities statically so the host can plan activation without loading code).
+- **emdash** — **closest match to our setup.** Astro/Vite + React, plugins are
+  npm packages with separate `./` and `./admin` exports, registered via
+  import-and-call in `astro.config.mjs`. `definePlugin({ id, hooks, routes,
+  admin })` declarative shape.
+- **dynamic-software** — most ambitious; Cloudflare Worker Loader for cloud
+  isolation, iframe + postMessage RPC for UI, Proxy-based typed API client.
+
+The pattern that fits us cleanest is emdash's: import-and-call in a config
+file, single npm package with separate server/client exports, host integrates
+via Vite. We don't need dynamic-software's Proxy RPC client because
+`@effect/platform` already gives us `HttpApiClient` plus `AtomHttpApi` for
+the reactive React side — both already used heavily in
+`packages/core/api/src/api.ts` and `packages/react/src/api/`.
+
+## Decisions
+
+### 1. Config is import-and-call, not string specs
+
+`executor.config.ts` holds real imports of plugin factory functions. Type
+inference flows naturally; no codegen step.
+
+```ts
+// apps/local/executor.config.ts (after)
+import { defineExecutorConfig } from "@executor-js/sdk"
+import { openApiPlugin } from "@executor-js/plugin-openapi"
+import { mcpPlugin } from "@executor-js/plugin-mcp"
+import { fileSecretsPlugin } from "@executor-js/plugin-file-secrets"
+
+export default defineExecutorConfig({
+  dialect: "sqlite",
+  plugins: [
+    openApiPlugin(),
+    mcpPlugin({ dangerouslyAllowStdioMCP: true }),
+    fileSecretsPlugin(),
+  ] as const,
+})
+```
+
+"Dynamic" means npm-installable, not load-by-string-name. Same model as emdash.
+Codegen-based string specs (TanStack Router style) deferred to later if remote
+config becomes a need.
+
+### 2. Plugin = single npm package, two exports
+
+```jsonc
+// @executor-js/plugin-foo/package.json
+{
+  "name": "@executor-js/plugin-foo",
+  "type": "module",
+  "exports": {
+    "./server": "./dist/server.js",
+    "./client": "./dist/client.js"
+  },
+  "executor": {
+    "id": "foo",
+    "version": "0.1.0"
+  }
+}
+```
+
+```
+@executor-js/plugin-foo/
+├── package.json
+├── src/
+│   ├── server.ts    # Effect, Node deps, definePlugin
+│   ├── client.tsx   # React, defineClientPlugin
+│   └── shared.ts    # Schemas, types shared across the boundary
+└── dist/
+```
+
+Strict separation: server bundle never imports React, client bundle never
+imports Effect/Node modules. Shared types live in `src/shared.ts` and are
+imported by both halves.
+
+### 3. Extend `PluginSpec` with optional `routes`; add parallel `defineClientPlugin`
+
+Server side: keep `definePlugin`. Add optional `routes` field (the
+`HttpApiGroup`) and `handlers` field (the typed `Layer`). No frontend
+concepts on the server side.
+
+Client side: separate primitive `defineClientPlugin` lives in
+`@executor-js/sdk/client`. Can only be imported in the `./client` entry, so
+React types never leak into server bundles.
+
+**Layering — extension is the canonical SDK; routes/handlers is optional HTTP transport.**
+The HTTP layer is *not a peer* of the SDK; it's a transport over it. Plugin
+authors should treat extension as the implementation and write handlers as
+thin wrappers that delegate via the `self` parameter (same pattern as
+`staticSources(self) => [...]` already in the codebase). This keeps:
+
+- a single source of truth for the plugin's behavior
+- in-process callers paying zero serialization cost
+- HTTP callers getting auth/scope/observability middleware
+- error contracts identical across the two surfaces
+
+Three plugin shapes fall out of this layering:
+
+- **SDK-only.** Pure programmatic. No `routes`, no `handlers`, no `./client`
+  export. Examples: file-secrets, keychain, onepassword, anything that's a
+  utility for other plugins or scripts. CLI/embedded consumers use
+  `executor.<id>.method()`. Vite plugin notices no `./client` and skips the
+  plugin in the frontend bundle entirely.
+- **Both.** Extension *and* routes/handlers *and* a `./client`. Examples:
+  openapi, mcp, anything that needs a frontend. Routes are thin wrappers
+  over extension methods.
+- **HTTP-only.** Rare — webhook receivers, OAuth callback URLs. Routes
+  without a meaningful in-process equivalent. May or may not have an
+  extension.
+
+### 4. Routes are an `HttpApiGroup`; client uses `AtomHttpApi`
+
+Plugins ship the same primitive the core uses (`HttpApiGroup` from
+`effect/unstable/httpapi`). The host composes via the existing `addGroup`
+helper at `packages/core/api/src/api.ts:21`. OpenAPI annotations and docs
+flow automatically.
+
+For the frontend, plugins build a per-plugin `AtomHttpApi.Service` against
+their own group, wrapped behind a `createPluginAtomClient(group, opts)`
+helper. The resulting atoms are consumed via the existing
+`useAtomValue` / `useAtomSet` + `AsyncResult.match` idiom — same pattern
+as `toolsAtom`, `sourcesAtom`, etc.
+
+### 5. SDK re-exports the Effect HttpApi/Schema primitives
+
+Plugin authors can write a complete plugin importing only from
+`@executor-js/sdk` (server) and `@executor-js/sdk/client` (frontend). The SDK
+re-exports `Schema`, `HttpApi`, `HttpApiGroup`, `HttpApiEndpoint`,
+`HttpApiBuilder`, `Effect` so authors who don't want to dig into Effect
+don't have to. Authors who *do* want Effect-native code keep importing from
+`effect` directly. This keeps the door open without forcing the dependency.
+
+### 6. Skip `capabilities` declaration for v1
+
+`["read:secrets", "network:fetch"]` style declarations are useful for sandboxing
+but unenforced metadata is just noise. Add when there's a real isolation story.
+
+### 7. `executor.config.ts` is the single source of truth
+
+Today the schema-gen CLI reads `executor.config.ts` but the runtime hardcodes
+`createLocalPlugins()` in `apps/local/src/server/executor.ts:96`. Consolidate:
+the runtime imports from `executor.config.ts` too. One list, two consumers.
+
+### 8. Canary plugin: build new tiny one first, then migrate openapi
+
+Validate the shape with a minimal `@executor-js/plugin-example` (one extension
+method, one route, one widget) before changing real plugins.
+
+### 9. Cross-plugin pluggable capabilities: per-capability typed fields
+
+Some capabilities (secrets, eventually artifacts, maybe more) are
+"pluggable" — many plugins can implement them, the host swaps between
+providers via config, consumer code stays agnostic.
+
+Don't generalize this. The existing `secretProviders` field on the spec
+already handles this exact pattern for secrets and works fine:
+
+```ts
+// what plugins do today
+secretProviders: (ctx) => [makeScopedProvider(...)]
+```
+
+Each new pluggable capability gets its *own* typed field on `PluginSpec`,
+same shape. When artifacts lands, that's `artifactStore: () =>
+ArtifactStore`. If connection providers want to be modeled this way, the
+existing `connectionProviders` field already is.
+
+No `provides` / `requires` / `service` machinery, no Effect-Tag-as-generic-
+primitive abstraction, no "protocols" concept, no naming debate. The
+artifacts note's "protocol" framing translates directly to "the v2
+`artifactStore` field on `PluginSpec`."
+
+If we eventually have 5–6 of these and the boilerplate genuinely screams
+for generalization, we generalize then. Likely won't.
+
+For v1 nothing changes here — `secretProviders` is what it is, and
+artifacts aren't shipping yet.
+
+## New type sketches
+
+### `PluginSpec` extension
+
+Existing fields unchanged. Three new fields:
+
+```ts
+// packages/core/sdk/src/plugin.ts (extension)
+import type { Context, Layer } from "effect"
+import type { HttpApiGroup } from "effect/unstable/httpapi"
+
+export interface PluginSpec<
+  TId, TExtension, TStore, TSchema,
+  TExtensionService extends Context.Service<any, any> | undefined = undefined,
+  THandlersLayer extends Layer.Layer<any, any, any> = Layer.Layer<unknown, never, never>,
+> {
+  // ... existing: id, schema, storage, extension, staticSources,
+  //     invokeTool, secretProviders, etc.
+
+  /** npm package name. The Vite plugin emits
+   *  `import "${packageName}/client"` into the frontend bundle, so the
+   *  same `executor.config.ts` drives both server and client. Author
+   *  writes the same string they publish to npm — no transforms, no
+   *  scope conventions, no fallbacks. Required for plugins that ship
+   *  a `./client` entry; omit for SDK-only plugins. */
+  readonly packageName?: string
+
+  /** HttpApiGroup contributed by this plugin. Composed into the host's
+   *  HttpApi via the `composePluginApi` helper at runtime. The host
+   *  serves it under whatever base URL the host wires (`/api` for the
+   *  local app's vite middleware) and supplies auth + scope
+   *  middleware. Endpoints automatically appear in the executor OpenAPI
+   *  doc and the typed client. */
+  readonly routes?: () => HttpApiGroup.Any
+
+  /** Late-binding handlers Layer for this plugin's group. The layer
+   *  leaves the plugin's extension as a Service Tag requirement (see
+   *  `extensionService` below). The host satisfies it however its
+   *  runtime wants:
+   *    - local: at boot via `Layer.succeed(extensionService)(executor[id])`
+   *      inside `composePluginHandlers(plugins, executor)`
+   *    - cloud: per request via `Effect.provideService(extensionService,
+   *      requestExecutor[id])` inside the auth middleware via
+   *      `providePluginExtensions(plugins)(executor)` */
+  readonly handlers?: () => THandlersLayer
+
+  /** Service tag the plugin's `handlers` layer requires. The established
+   *  pattern in each plugin's `*/api/handlers.ts`: `*Handlers` reads
+   *  `*ExtensionService`. The host binds the tag to the live extension —
+   *  at boot for local, per request for cloud. Pairs with `handlers`;
+   *  either both fields are set or neither. */
+  readonly extensionService?: TExtensionService
+}
+```
+
+**Why late-binding (`handlers()` not `handlers(self)`).** The original
+design had `handlers(self) => Layer` so the host called the factory
+with the boot-time extension and got a fully-resolved Layer. That fits
+local fine — one executor at boot, one Layer. Cloud builds a fresh
+executor per HTTP request (Cloudflare Workers + Hyperdrive needs
+fresh DB connections per request), so the executor that satisfies the
+extension Service is per-request, not per-boot. The late-binding
+shape lets the same plugin spec satisfy both: the `*Handlers` Layer is
+built once and consumes `*ExtensionService` from context; local
+provides it at boot via `Layer.succeed`, cloud provides it per request
+via `Effect.provideService`.
+
+Example plugin shape — group definition in `shared.ts` so client and
+server both import it:
+
+```ts
+// @executor-js/plugin-foo/src/shared.ts
+import { HttpApiEndpoint, HttpApiGroup, Schema } from "@executor-js/sdk"
+
+export const Thing = Schema.Struct({
+  id: Schema.String,
+  name: Schema.String,
+})
+
+export const FooApi = HttpApiGroup.make("foo")
+  .add(
+    HttpApiEndpoint.get("listThings")`/things`
+      .addSuccess(Schema.Array(Thing)),
+  )
+  .add(
+    HttpApiEndpoint.post("syncThing")`/sync/:id`
+      .setPath(Schema.Struct({ id: Schema.String }))
+      .addSuccess(Thing)
+      .addError(SyncError),
+  )
+```
+
+```ts
+// @executor-js/plugin-foo/src/server.ts
+import {
+  Context, definePlugin, Effect, HttpApi, HttpApiBuilder,
+} from "@executor-js/sdk"
+import { FooApi } from "./shared"
+
+// Bundle the group into a small HttpApi *for typing purposes only*. The
+// handlers Layer is keyed by the FooApi group's identity, so it composes
+// cleanly into the host's FullApi at runtime regardless of what other
+// groups are around it.
+const FooApiBundle = HttpApi.make("foo").add(FooApi)
+
+interface FooExtension {
+  readonly listThings: () => Effect.Effect<readonly Thing[]>
+  readonly syncThing: (id: string) => Effect.Effect<Thing>
+}
+
+// Service tag for late-binding — the host satisfies this at boot
+// (local) or per request (cloud). Same pattern as the established
+// `*ExtensionService` in each plugin's `*/api/handlers.ts`.
+export class FooExtensionService extends Context.Service<
+  FooExtensionService, FooExtension,
+>()("FooExtensionService") {}
+
+const FooHandlers = HttpApiBuilder.group(FooApiBundle, "foo", (h) =>
+  h
+    .handle("listThings", () =>
+      Effect.gen(function* () {
+        const ext = yield* FooExtensionService
+        return yield* ext.listThings()
+      }),
+    )
+    .handle("syncThing", ({ path }) =>
+      Effect.gen(function* () {
+        const ext = yield* FooExtensionService
+        return yield* ext.syncThing(path.id)
+      }),
+    ),
+)
+
+export const fooPlugin = definePlugin((opts?: FooConfig) => ({
+  id: "foo" as const,
+  packageName: "@executor-js/plugin-foo",
+  storage: () => ({ /* ... */ }),
+
+  // Canonical implementation. CLI/tests/embedded callers and the HTTP
+  // handlers all hit this same code path.
+  extension: (ctx): FooExtension => ({
+    listThings: () => /* Effect — canonical impl */,
+    syncThing: (id: string) => /* Effect — canonical impl */,
+  }),
+
+  routes: () => FooApi,
+  handlers: () => FooHandlers,
+  extensionService: FooExtensionService,
+}))
+```
+
+Why `routes` and `handlers` are split: `routes` is the API description (a
+group), `handlers` is the implementation Layer keyed by group identity.
+The host needs the group at composition time (to build `FullApi`) and
+the Layer at serve time (to provide handler implementations).
+`extensionService` is the third leg: the bridge that lets the host bind
+the live extension (at boot or per request) without the plugin author
+having to write two handler shapes.
+
+### `defineClientPlugin`
+
+Lives in `@executor-js/sdk/client`. Server bundles cannot import this module.
+
+```ts
+// packages/core/sdk/src/client.ts
+export interface ClientPluginSpec<TId extends string = string> {
+  readonly id: TId
+
+  /** Pages contributed to the host's TanStack router. Mounted under
+   *  /plugins/{id}/{path}. Sidebar nav metadata declared on the route. */
+  readonly pages?: readonly PageDecl[]
+
+  /** Dashboard / overview widgets the host can render in known slots. */
+  readonly widgets?: readonly WidgetDecl[]
+
+  /** Components the host can render in named slots (e.g., source-detail
+   *  panels, secret-picker variants). Slot names are part of the host
+   *  contract — plugin opts in by registering. */
+  readonly slots?: Record<string, SlotComponent>
+
+  /** Source-plugin contribution — populated by plugins that expose
+   *  `kind` rows in the core `source` table (openapi, mcp, graphql,
+   *  google-discovery). The host's sources page derives its provider
+   *  list from the union of every loaded plugin's `sourcePlugin`
+   *  via `useSourcePlugins()`. */
+  readonly sourcePlugin?: SourcePlugin
+
+  /** Secret-provider-plugin contribution — populated by plugins that
+   *  also ship a `secretProviders` server-side capability AND want to
+   *  expose a settings card on the host's secrets page. Surfaced via
+   *  `useSecretProviderPlugins()`. */
+  readonly secretProviderPlugin?: SecretProviderPlugin
+}
+
+type PageDecl = {
+  path: string                          // "/", "/edit/$id"
+  component: ComponentType
+  nav?: { label: string; section?: string }
+}
+
+type WidgetDecl = {
+  id: string
+  component: ComponentType<WidgetProps>
+  size?: "half" | "full"
+}
+
+export const defineClientPlugin = <TId extends string>(
+  spec: ClientPluginSpec<TId>,
+) => spec
+```
+
+### `createPluginAtomClient` — typed reactive client per plugin
+
+Plugins build their own `AtomHttpApi.Service` against their own group
+bundled into a small `HttpApi`. A helper hides the boilerplate so plugin
+authors write one line per atom. Same shape as the existing
+`ExecutorApiClient` in `packages/react/src/api/client.tsx:11`.
+
+```ts
+// packages/core/sdk/src/client.ts (helper)
+import { HttpApi } from "effect/unstable/httpapi"
+import { FetchHttpClient } from "effect/unstable/http"
+import * as AtomHttpApi from "effect/unstable/reactivity/AtomHttpApi"
+
+export const createPluginAtomClient = <G extends HttpApiGroup.Any>(
+  group: G,
+  opts: { pluginId: string },
+) => {
+  const bundle = HttpApi.make(`plugin-${opts.pluginId}`).add(group)
+  return AtomHttpApi.Service<`Plugin_${string}Client`>()(
+    `Plugin_${opts.pluginId}Client`,
+    {
+      api: bundle,
+      httpClient: FetchHttpClient.layer,
+      baseUrl: `/_executor/plugins/${opts.pluginId}`,
+    },
+  )
+}
+```
+
+Plugin author writes:
+
+```tsx
+// @executor-js/plugin-foo/src/client.tsx
+import {
+  defineClientPlugin,
+  createPluginAtomClient,
+  useAtomValue,
+  useAtomSet,
+  AsyncResult,
+} from "@executor-js/sdk/client"
+import { FooApi } from "./shared"
+
+const FooClient = createPluginAtomClient(FooApi, { pluginId: "foo" })
+
+export const fooThingsAtom = FooClient.query("foo", "listThings", {
+  timeToLive: "30 seconds",
+  reactivityKeys: ["foo:things"],
+})
+
+export const fooSync = FooClient.mutation("foo", "syncThing")
+
+const FooPage = () => {
+  const things = useAtomValue(fooThingsAtom)
+  const doSync = useAtomSet(fooSync, { mode: "promise" })
+
+  return AsyncResult.match(things, {
+    onInitial: () => <Skeleton />,
+    onFailure: () => <p>Failed to load</p>,
+    onSuccess: ({ value }) => (
+      <Table
+        rows={value}
+        onSync={(id) => doSync({ path: { id } })}
+      />
+    ),
+  })
+}
+
+export default defineClientPlugin({
+  id: "foo" as const,
+  pages: [{ path: "/", component: FooPage, nav: { label: "Foo" } }],
+  widgets: [{ id: "foo-status", component: FooStatus, size: "half" }],
+})
+```
+
+Type inference: `FooClient.query("foo", "listThings", ...)` is fully typed
+against `FooApi` — same checks the existing `ExecutorApiClient.query("tools",
+"list", ...)` performs. No codegen, no host-wide composed-API typing
+required. Each plugin is self-contained in its client typing.
+
+Server-side composition: the host calls four helpers in
+`@executor-js/api` (also re-exported from `@executor-js/api/server`).
+Each plugin's handlers Layer is keyed by its group's identity, so it
+slots into the composed API without the host needing the typed structure.
+
+```ts
+import {
+  composePluginApi,         // routes() → composed HttpApi
+  composePluginHandlers,    // handlers() + extensionService bound eagerly
+  composePluginHandlerLayer, // handlers() merged, Tag still unbound
+  providePluginExtensions,  // per-request Tag binding
+} from "@executor-js/api/server"
+
+// Local — single boot-time executor; satisfy Tags eagerly.
+const FullApi = composePluginApi(plugins)
+const SpecHandlers = composePluginHandlers(plugins, executor) // self bound
+const ServerLive = HttpApiBuilder.layer(FullApi).pipe(
+  Layer.provide(CoreHandlers),
+  Layer.provide(SpecHandlers),
+  // ...
+)
+
+// Cloud — per-request executor; satisfy Tags inside an HttpRouter middleware.
+const FullApi = composePluginApi(plugins)
+const SpecHandlers = composePluginHandlerLayer(plugins) // Tag still unbound
+const provideExt = providePluginExtensions(plugins)
+
+const ExecutionStackMiddleware = HttpRouter.middleware<{
+  provides: AuthContext | ExecutorService | ExecutionEngineService
+    | <PluginExtensionService union>,
+}>()(
+  Effect.gen(function* () {
+    return (httpEffect) =>
+      Effect.gen(function* () {
+        const executor = yield* makeExecutionStack(...)
+        return yield* httpEffect.pipe(
+          Effect.provideService(ExecutorService, executor),
+          provideExt(executor),         // binds each plugin's Tag per request
+        )
+      })
+  }),
+)
+```
+
+Effect errors flow through the existing typed-error machinery — same as
+core handlers in `packages/core/api/src/handlers/`.
+
+### Loader: `executor.config.ts` → runtime + frontend bundle
+
+Single config, two consumers.
+
+**Backend** (replaces `createLocalPlugins`):
+
+```ts
+// apps/local/src/server/executor.ts (after)
+import config from "../../executor.config.ts"
+
+const executor = yield* createExecutor({
+  scopes: [scope],
+  adapter,
+  blobs,
+  plugins: config.plugins,
+  onElicitation: "accept-all",
+})
+```
+
+The plugins are already configured (factory called) by the time
+`executor.config.ts` is evaluated, so no async loader needed.
+
+**Frontend** — Vite plugin reads the same config, resolves each plugin's
+`./client` export, exposes a virtual module:
+
+```ts
+// packages/vite-plugin-executor/src/index.ts (pseudocode)
+export default function executorVite(): Plugin {
+  return {
+    name: "executor-plugins",
+    resolveId(id) {
+      if (id === "virtual:executor/plugins-client") return "\0" + id
+    },
+    async load(id) {
+      if (id !== "\0virtual:executor/plugins-client") return
+      const config = await loadExecutorConfig()
+      const imports = config.plugins
+        .map((p, i) => `import p${i} from "${p.id}/client"`)
+        .join("\n")
+      const list = config.plugins.map((_, i) => `p${i}`).join(", ")
+      return `${imports}\nexport const plugins = [${list}]`
+    },
+  }
+}
+```
+
+Host app consumes via `<ExecutorPluginsProvider>` at the root, then
+focused hooks (`useSourcePlugins` / `useSecretProviderPlugins` /
+`useClientPlugins`) inside pages and shared components. The host's
+routes don't import the virtual module or any per-app aggregator
+file — `__root.tsx` is the only place that touches
+`virtual:executor/plugins-client`.
+
+```tsx
+// apps/local/src/routes/__root.tsx
+import { createRootRoute } from "@tanstack/react-router"
+import { ExecutorProvider } from "@executor-js/react/api/provider"
+import { ExecutorPluginsProvider } from "@executor-js/sdk/client"
+import { plugins as clientPlugins } from "virtual:executor/plugins-client"
+import { Shell } from "../web/shell"
+
+export const Route = createRootRoute({
+  component: () => (
+    <ExecutorProvider>
+      <ExecutorPluginsProvider plugins={clientPlugins}>
+        <Shell />
+      </ExecutorPluginsProvider>
+    </ExecutorProvider>
+  ),
+})
+```
+
+```tsx
+// e.g. inside packages/react/src/pages/sources.tsx
+import { useSourcePlugins } from "@executor-js/sdk/client"
+
+export function SourcesPage() {
+  const sourcePlugins = useSourcePlugins()
+  // ...
+}
+```
+
+The catch-all `/plugins/$pluginId/$` route uses `useClientPlugins()`
+to look up which plugin's pages to mount.
+
+HMR works because the virtual module is part of Vite's graph. Adding a plugin
+needs a Vite restart (not a hot update — config changed).
+
+## End-to-end example plugin
+
+```
+@executor-js/plugin-example/
+├── package.json
+└── src/
+    ├── server.ts
+    ├── client.tsx
+    └── shared.ts
+```
+
+```ts
+// src/shared.ts — only @executor-js/sdk imports, no raw effect imports
+import { HttpApiEndpoint, HttpApiGroup, Schema } from "@executor-js/sdk"
+
+export const Greeting = Schema.Struct({
+  message: Schema.String,
+  count: Schema.Number,
+})
+export type Greeting = typeof Greeting.Type
+
+export const ExampleApi = HttpApiGroup.make("example").add(
+  HttpApiEndpoint.post("greet", "/greet", {
+    payload: Schema.Struct({ name: Schema.String }),
+    success: Greeting,
+  }),
+)
+```
+
+```ts
+// src/server.ts
+import {
+  Context, definePlugin, Effect, HttpApi, HttpApiBuilder,
+} from "@executor-js/sdk"
+import { ExampleApi } from "./shared"
+
+const ExampleApiBundle = HttpApi.make("example").add(ExampleApi)
+
+interface ExampleExtension {
+  readonly greet: (
+    name: string,
+  ) => Effect.Effect<{ readonly message: string; readonly count: number }>
+}
+
+export class ExampleExtensionService extends Context.Service<
+  ExampleExtensionService, ExampleExtension,
+>()("ExampleExtensionService") {}
+
+const ExampleHandlers = HttpApiBuilder.group(ExampleApiBundle, "example", (h) =>
+  h.handle("greet", ({ payload }) =>
+    Effect.gen(function* () {
+      const ext = yield* ExampleExtensionService
+      return yield* ext.greet(payload.name)
+    }),
+  ),
+)
+
+export const examplePlugin = definePlugin(() => ({
+  id: "example" as const,
+  packageName: "@executor-js/plugin-example",
+  storage: () => ({ count: 0 }),
+
+  // Canonical implementation lives here.
+  extension: (ctx): ExampleExtension => ({
+    greet: (name: string) =>
+      Effect.sync(() => {
+        ctx.storage.count += 1
+        return {
+          message: `hello ${name}`,
+          count: ctx.storage.count,
+        }
+      }),
+  }),
+
+  routes: () => ExampleApi,
+  handlers: () => ExampleHandlers,
+  extensionService: ExampleExtensionService,
+}))
+
+export default examplePlugin
+```
+
+```tsx
+// src/client.tsx
+import {
+  defineClientPlugin,
+  createPluginAtomClient,
+  useAtomSet,
+} from "@executor-js/sdk/client"
+import { useState } from "react"
+import { ExampleApi } from "./shared"
+
+const ExampleClient = createPluginAtomClient(ExampleApi, { pluginId: "example" })
+
+const greetAtom = ExampleClient.mutation("example", "greet")
+
+const ExamplePage = () => {
+  const [name, setName] = useState("world")
+  const [result, setResult] = useState<string>()
+  const doGreet = useAtomSet(greetAtom, { mode: "promise" })
+
+  return (
+    <div>
+      <input value={name} onChange={(e) => setName(e.target.value)} />
+      <button onClick={async () => {
+        const g = await doGreet({ payload: { name } })
+        setResult(`${g.message} (#${g.count})`)
+      }}>Greet</button>
+      {result && <pre>{result}</pre>}
+    </div>
+  )
+}
+
+export default defineClientPlugin({
+  id: "example" as const,
+  pages: [{ path: "/", component: ExamplePage, nav: { label: "Example" } }],
+})
+```
+
+```jsonc
+// package.json
+{
+  "name": "@executor-js/plugin-example",
+  "type": "module",
+  "exports": {
+    "./server": "./dist/server.js",
+    "./client": "./dist/client.js"
+  },
+  "executor": { "id": "example", "version": "0.1.0" },
+  "peerDependencies": {
+    "@executor-js/sdk": "workspace:*",
+    "react": "catalog:"
+  }
+}
+```
+
+User adds it:
+
+```ts
+// apps/local/executor.config.ts
+import { examplePlugin } from "@executor-js/plugin-example/server"
+plugins: [/* ... */, examplePlugin()]
+```
+
+## SDK-only plugin example
+
+Many plugins don't need HTTP at all — utilities, providers, anything used
+purely from other plugins or scripts. The plugin shape collapses to one
+file with no `./client` export, no `routes`, no `handlers`.
+
+```
+@executor-js/plugin-rate-limiter/
+├── package.json
+└── src/
+    └── server.ts
+```
+
+```jsonc
+// package.json
+{
+  "name": "@executor-js/plugin-rate-limiter",
+  "type": "module",
+  "exports": { "./server": "./dist/server.js" },
+  "executor": { "id": "rateLimiter", "version": "0.1.0" },
+  "peerDependencies": { "@executor-js/sdk": "workspace:*" }
+}
+```
+
+```ts
+// src/server.ts
+import { definePlugin, defineSchema, Effect, Schema } from "@executor-js/sdk"
+
+interface RateLimiterConfig {
+  defaultLimit?: number
+}
+
+class RateLimitExceeded extends Schema.TaggedError<RateLimitExceeded>()(
+  "RateLimitExceeded",
+  { key: Schema.String, retryAfterMs: Schema.Number },
+) {}
+
+export const rateLimiterPlugin = definePlugin(
+  (opts: RateLimiterConfig = {}) => ({
+    id: "rateLimiter" as const,
+
+    schema: defineSchema({
+      rate_buckets: {
+        fields: {
+          key: { type: "string", primary: true },
+          tokens: { type: "number" },
+          updated_at: { type: "number" },
+        },
+      },
+    }),
+
+    storage: ({ adapter }) => ({
+      adapter,
+      defaultLimit: opts.defaultLimit ?? 60,
+    }),
+
+    extension: (ctx) => ({
+      check: (key: string, cost = 1) =>
+        Effect.gen(function* () {
+          const bucket = yield* readOrCreateBucket(ctx.storage, key)
+          const refilled = refill(bucket, ctx.storage.defaultLimit)
+          if (refilled.tokens < cost) {
+            return yield* new RateLimitExceeded({
+              key,
+              retryAfterMs: estimateRetry(refilled),
+            })
+          }
+          yield* writeBucket(ctx.storage, key, refilled.tokens - cost)
+          return { allowed: true, remaining: refilled.tokens - cost }
+        }),
+
+      reset: (key: string) =>
+        Effect.tryPromise(() =>
+          ctx.storage.adapter.delete({
+            model: "rate_buckets",
+            where: [["key", "=", key]],
+          }),
+        ),
+    }),
+  }),
+)
+```
+
+Pure programmatic consumption — works identically from CLI, tests,
+embedded library use, or another plugin's `extension`:
+
+```ts
+const result = yield* executor.rateLimiter.check("user-123", 5)
+//    ^? { allowed: true; remaining: number }
+
+yield* executor.rateLimiter.check("user-123", 1000).pipe(
+  Effect.catchTag("RateLimitExceeded", (err) =>
+    Effect.log(`hit limit on ${err.key}, retry in ${err.retryAfterMs}ms`),
+  ),
+)
+```
+
+What the host does with this plugin:
+
+- **Backend** composes it into `createExecutor`, exposes `executor.rateLimiter.*`. ✅
+- **HTTP server** sees no `routes`/`handlers` — mounts nothing. ✅
+- **Vite plugin** sees no `./client` export in `package.json`'s exports map — adds nothing to the frontend bundle. ✅
+- **CLI** uses `executor.rateLimiter.*` directly. ✅
+
+The plugin is invisible to anything not calling it — no HTTP surface, no
+frontend bundle cost, no auth surface to review.
+
+## Sequencing
+
+Build order — all shipped.
+
+1. ✅ **Consolidate config.** `apps/local/src/server/executor.ts` reads
+   from `executor.config.ts`. `createLocalPlugins` deleted. The cloud
+   app's equivalent (`createOrgPlugins` in `apps/cloud/src/services/executor.ts`)
+   also gone — driven from `apps/cloud/executor.config.ts` via a
+   `(deps) => plugins` factory shape.
+2. ✅ **SDK re-exports.** `Context`, `Effect`, `Layer`, `Schema`,
+   `Data`, `Option` plus `HttpApi*` re-exported from `@executor-js/sdk`.
+   `@executor-js/sdk/client` mirrors with `Schema`, `HttpApi*`,
+   `AsyncResult`, `Atom`, `AtomHttpApi`, and React hooks.
+3. ✅ **`routes` + `handlers` + `extensionService` on `PluginSpec`.**
+   Host-side composition lives in
+   `packages/core/api/src/plugin-routes.ts`: `composePluginApi`,
+   `composePluginHandlers`, `composePluginHandlerLayer`,
+   `providePluginExtensions`. The local app uses the eager pair
+   (`composePluginHandlers`); cloud uses the late-binding pair
+   (`composePluginHandlerLayer` + `providePluginExtensions` per request).
+4. ✅ **`defineClientPlugin` + `createPluginAtomClient` + Vite plugin.**
+   `@executor-js/sdk/client` exports the factory and helper.
+   `@executor-js/vite-plugin` resolves each plugin's `./client` from
+   `executor.config.ts` and exposes `virtual:executor/plugins-client`.
+5. ✅ **`@executor-js/plugin-example`.** End-to-end proof: shared
+   group, server with extension/routes/handlers/extensionService,
+   client with `defineClientPlugin` + reactive page.
+6. ✅ **Migrate every plugin.** `openapi`, `mcp`, `google-discovery`,
+   `onepassword`, `graphql`, `workos-vault`, `keychain`, `file-secrets`
+   all driven by spec. Each that ships UI also has a `./client`
+   `defineClientPlugin` exposing its `sourcePlugin` /
+   `secretProviderPlugin`.
+7. ✅ **`<ExecutorPluginsProvider>` + hooks.** Host wraps once at
+   `__root.tsx`; pages call `useSourcePlugins()` /
+   `useSecretProviderPlugins()` / `useClientPlugins()`. Per-route
+   imports of plugin lists are gone.
+
+## Open questions / deferred
+
+- **Pluggable artifacts.** When workflows lands, add an `artifactStore`
+  field on `PluginSpec` shaped like `secretProviders` — typed, no generic
+  abstraction. The artifacts note's "protocol package + provider plugin +
+  feature plugin" translates to "shared interface package + provider
+  plugin's `artifactStore` field + consumer plugin reading from `ctx`."
+- **Codegen-based string specs.** If we ever want config from a database or
+  remote URL, switch to strings + a TanStack-Router-style generated `.d.ts`.
+  Not needed until multi-tenant.
+- **Electron dynamism.** Currently desktop bakes plugins at build time. To let
+  desktop users install plugins post-ship, would need either a runtime ESM
+  story (import maps) or a "plugin pack" prebuilt-bundle model. Out of scope
+  for v1.
+- **Sandboxing.** Plugins run in-process with full host trust. Worth revisiting
+  when we have untrusted plugins (marketplace) — likely via dynamic-software's
+  Worker Loader pattern or similar.
+- **Per-version plugin isolation.** Cloud-only concern.
+- **Hot reload of plugin code.** Restart is fine for v1; would be nice but
+  costs significant design effort.
+
+## References
+
+**Reference research (pre-design):**
+- emdash: `astro.config.mjs` import-and-call pattern, `package.json` exports
+  for separate admin entry — see `.reference/emdash/demos/plugins-demo/`.
+- dynamic-software: PluginManifest + capability declarations idea (deferred);
+  Worker Loader for cloud isolation — see `.reference/dynamic-software/`.
+- openclaw: manifest-first control plane idea (deferred but worth revisiting
+  when we add capability enforcement).
+
+**Shipped code:**
+- Plugin contract: `packages/core/sdk/src/plugin.ts` (`PluginSpec`,
+  `definePlugin`).
+- Client contract: `packages/core/sdk/src/client.ts`
+  (`defineClientPlugin`, `ExecutorPluginsProvider`,
+  `useSourcePlugins`, `useSecretProviderPlugins`, `useClientPlugins`,
+  `createPluginAtomClient`).
+- Host composition helpers: `packages/core/api/src/plugin-routes.ts`
+  (`composePluginApi`, `composePluginHandlers`,
+  `composePluginHandlerLayer`, `providePluginExtensions`).
+- Vite plugin: `packages/core/vite-plugin/src/index.ts`.
+- Canary plugin: `packages/plugins/example/`.
+- Local config + wiring: `apps/local/executor.config.ts`,
+  `apps/local/src/server/main.ts`, `apps/local/src/routes/__root.tsx`.
+- Cloud config + wiring: `apps/cloud/executor.config.ts`,
+  `apps/cloud/src/api/protected-layers.ts`,
+  `apps/cloud/src/api/protected.ts`,
+  `apps/cloud/src/routes/__root.tsx`.
+- Pluggable-capability precedent: existing `secretProviders` field on
+  `PluginSpec`. When artifacts ship, the new `artifactStore` field
+  follows the same per-capability-typed-field pattern.
+
+**Adjacent plans:**
+- `notes/artifacts-workflows-and-generated-ui.md` — the artifacts/workflows
+  plan. Uses "protocol" terminology that we're not adopting; read its
+  "ArtifactStoreProtocol" as "the typed interface that goes into the
+  `artifactStore` field." See decision #9.
+- Earlier plugin first-principles thinking:
+  `personal-notes/plugin-system-first-principles.md`,
+  `personal-notes/plugin-system-primitive-and-use-cases.md`.
diff --git a/packages/core/api/src/index.ts b/packages/core/api/src/index.ts
index cf868ff33..53a81190b 100644
--- a/packages/core/api/src/index.ts
+++ b/packages/core/api/src/index.ts
@@ -1,4 +1,11 @@
 export { ExecutorApi, CoreExecutorApi, addGroup } from "./api";
+export {
+  composePluginApi,
+  composePluginHandlers,
+  composePluginHandlerLayer,
+  providePluginExtensions,
+  type PluginExtensionServices,
+} from "./plugin-routes";
 export { ToolsApi } from "./tools/api";
 export { SourcesApi } from "./sources/api";
 export { SecretsApi } from "./secrets/api";
diff --git a/packages/core/api/src/plugin-routes.ts b/packages/core/api/src/plugin-routes.ts
new file mode 100644
index 000000000..bca6efde8
--- /dev/null
+++ b/packages/core/api/src/plugin-routes.ts
@@ -0,0 +1,220 @@
+// ---------------------------------------------------------------------------
+// Plugin-contributed HttpApi composition.
+//
+// The host iterates plugins, calls each plugin's `routes()` to get its
+// `HttpApiGroup`, and reduces them into a single `HttpApi` for the runtime.
+// Each plugin's `handlers()` returns a late-binding Layer keyed by the
+// plugin's group identity, with the plugin's `extensionService` Tag left
+// as a Layer requirement. The host satisfies that Tag — at boot for
+// local (`composePluginHandlers(plugins, executor)`), per-request for
+// cloud (`providePluginExtensions(plugins)(executor)` in the auth
+// middleware).
+//
+// Static typing is intentionally loose here: the host composes a
+// runtime-arbitrary set of plugin groups, so `FullApi` can't be tracked
+// at compile time. Per-endpoint typing lives inside each plugin (its
+// own bundled `HttpApi.make(id).add(group)` and its
+// `createPluginAtomClient` frontend client). The host only needs the
+// runtime composition.
+// ---------------------------------------------------------------------------
+
+import { Effect, Layer } from "effect";
+import type { Context } from "effect";
+import type { HttpApi, HttpApiGroup } from "effect/unstable/httpapi";
+import type { AnyPlugin, PluginExtensions } from "@executor-js/sdk";
+
+import { CoreExecutorApi } from "./api";
+
+// ---------------------------------------------------------------------------
+// Type helpers
+// ---------------------------------------------------------------------------
+
+/** Extract the Service-tag identifier (the class itself) from a plugin's
+ *  `extensionService` field — used to populate the `provides` clause of
+ *  `HttpRouter.middleware<{ provides: ... }>()` from the plugin tuple
+ *  without enumerating each Tag by hand at the host.
+ *
+ *  Helper type indirection (`ExtractServiceId`) forces distribution over
+ *  the union of plugin tags — TS only distributes conditionals when the
+ *  LHS is a naked type parameter, not a derived type expression. */
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+type ExtractServiceId<S> = S extends Context.Service<infer Id, any> ? Id : never;
+
+export type PluginExtensionServices<TPlugins extends readonly AnyPlugin[]> =
+  ExtractServiceId<NonNullable<TPlugins[number]["extensionService"]>>;
+
+/** Extract the precise `HttpApiGroup` type carried by a plugin's
+ *  `routes()` field. Plugins without a `routes()` field contribute
+ *  nothing to the union (filtered out by `Extract<..., HttpApiGroup.Any>`). */
+type ExtractPluginGroup<P> = P extends { readonly routes?: () => infer G }
+  ? Extract<G, HttpApiGroup.Any>
+  : never;
+
+/** Union of every plugin's contributed group — combined with the core
+ *  executor groups to type `composePluginApi(plugins)` precisely. */
+export type PluginGroups<TPlugins extends readonly AnyPlugin[]> =
+  ExtractPluginGroup<TPlugins[number]>;
+
+/** Group identities baked into `CoreExecutorApi` (tools, sources, secrets,
+ *  …). Extracted via inference so adding a core group flows through
+ *  without touching this helper. */
+type CoreGroups =
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  typeof CoreExecutorApi extends HttpApi.HttpApi<any, infer G> ? G : never;
+
+/** Result of `composePluginApi(plugins)` — the core API extended with
+ *  every plugin group from `TPlugins`. */
+export type ComposedExecutorApi<TPlugins extends readonly AnyPlugin[]> =
+  HttpApi.HttpApi<"executor", CoreGroups | PluginGroups<TPlugins>>;
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+type AnyLayer = Layer.Layer<any, any, any>;
+
+// Use the field accessor + NonNullable rather than `extends { handlers: ... }`
+// because the spec marks `handlers` optional (`handlers?:`); the conditional
+// form would fail the match because the field type includes `undefined`.
+type ExtractHandlerLayer<P> = NonNullable<
+  P extends { readonly handlers?: infer F } ? F : never
+> extends () => infer L
+  ? L
+  : never;
+
+// Compute the union of every plugin's handler-Layer type. Each plugin's
+// `handlers()` returns a specific `Layer<Group, never, ExtensionService>`;
+// we union them so `Layer.mergeAll(...)`'s output type can be extracted
+// without erasing per-plugin requirements.
+type PluginHandlerLayers<TPlugins extends readonly AnyPlugin[]> =
+  ExtractHandlerLayer<TPlugins[number]>;
+
+// Distribute over the union of handler layers to extract each channel
+// individually, then re-pack into a single `Layer<UnionROut, UnionE,
+// UnionRIn>` matching what `Layer.mergeAll` produces at runtime. Naive
+// `Union extends Layer<infer A, ...>` would distribute and yield a
+// union of layers, not a merged layer — these helpers fold instead.
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+type LayerROut<L> = L extends Layer.Layer<infer ROut, any, any> ? ROut : never;
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+type LayerE<L> = L extends Layer.Layer<any, infer E, any> ? E : never;
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+type LayerRIn<L> = L extends Layer.Layer<any, any, infer RIn> ? RIn : never;
+
+type MergedHandlerLayer<TPlugins extends readonly AnyPlugin[]> = Layer.Layer<
+  LayerROut<PluginHandlerLayers<TPlugins>>,
+  LayerE<PluginHandlerLayers<TPlugins>>,
+  LayerRIn<PluginHandlerLayers<TPlugins>>
+>;
+
+/**
+ * Compose plugin-contributed `HttpApiGroup`s into the core executor API.
+ * Plugins without a `routes()` field are skipped.
+ *
+ * Returns a precisely typed `HttpApi<"executor", CoreGroups |
+ * PluginGroups<TPlugins>>`. Hosts that need `HttpApiClient.ForApi<typeof
+ * ProtectedCloudApi>` get exact endpoint types without per-plugin
+ * `import type { …Group }` statements at the host.
+ */
+export const composePluginApi = <TPlugins extends readonly AnyPlugin[]>(
+  plugins: TPlugins,
+): ComposedExecutorApi<TPlugins> => {
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  let api: any = CoreExecutorApi;
+  for (const plugin of plugins) {
+    if (plugin.routes) {
+      const group = plugin.routes();
+      api = api.add(group);
+    }
+  }
+  return api as ComposedExecutorApi<TPlugins>;
+};
+
+/**
+ * Build the merged Layer of plugin handler implementations, satisfying
+ * each plugin's `extensionService` Tag eagerly from `executor[id]`.
+ *
+ * Suitable for hosts (like local) that have a single, boot-time
+ * executor. Hosts with per-request executors (cloud) should use
+ * `composePluginHandlerLayer` + `providePluginExtensions` instead.
+ */
+export const composePluginHandlers = <TPlugins extends readonly AnyPlugin[]>(
+  plugins: TPlugins,
+  extensions: PluginExtensions<TPlugins>,
+): AnyLayer => {
+  const layers: AnyLayer[] = [];
+  for (const p of plugins) {
+    if (!p.handlers) continue;
+    const handlerLayer = p.handlers();
+    if (!p.extensionService) {
+      layers.push(handlerLayer);
+      continue;
+    }
+    const ext = (extensions as Record<string, unknown>)[p.id];
+    layers.push(
+      handlerLayer.pipe(
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        Layer.provide(Layer.succeed(p.extensionService)(ext as any)),
+      ),
+    );
+  }
+  // `Layer.empty` is `Layer<never, never, never>`; widening to `AnyLayer`
+  // (`Layer<any, any, any>`) needs the unknown step because TS can't see
+  // through Layer's variance markers without it.
+  // oxlint-disable-next-line executor/no-double-cast
+  if (layers.length === 0) return Layer.empty as unknown as AnyLayer;
+  return Layer.mergeAll(...(layers as [AnyLayer, ...AnyLayer[]]));
+};
+
+/**
+ * Build the merged late-binding Layer of plugin handler implementations
+ * WITHOUT satisfying their `extensionService` Tags. Compose into
+ * `HttpApiBuilder.layer(FullApi)` at boot; satisfy the Tags per-request
+ * via `providePluginExtensions` in an `HttpRouter` middleware.
+ *
+ * The return type is the union of each plugin's `handlers()` Layer
+ * type — that preserves the per-plugin requirements (typically
+ * `*ExtensionService` Tags) so the host's `HttpRouter.middleware`
+ * recognises them as per-request requires.
+ */
+export const composePluginHandlerLayer = <
+  TPlugins extends readonly AnyPlugin[],
+>(
+  plugins: TPlugins,
+): MergedHandlerLayer<TPlugins> => {
+  const layers = plugins.flatMap((p) => (p.handlers ? [p.handlers()] : []));
+  // `MergedHandlerLayer<TPlugins>` is computed from the plugin tuple at
+  // the type level — TS can't witness that `Layer.mergeAll(...layers)` /
+  // `Layer.empty` actually produces it without the unknown bridge.
+  if (layers.length === 0) {
+    // oxlint-disable-next-line executor/no-double-cast
+    return Layer.empty as unknown as MergedHandlerLayer<TPlugins>;
+  }
+  // oxlint-disable-next-line executor/no-double-cast
+  return Layer.mergeAll(
+    ...(layers as [AnyLayer, ...AnyLayer[]]),
+  ) as unknown as MergedHandlerLayer<TPlugins>;
+};
+
+/**
+ * Per-request helper: fold each plugin's `extensionService` Tag onto an
+ * effect via `Effect.provideService(tag, executor[id])`. The plugin
+ * spec carries the Tag so the host doesn't import each plugin's
+ * `<plugin>/api` subpath directly.
+ *
+ *   const provide = providePluginExtensions(plugins);
+ *   return yield* httpEffect.pipe(provide(requestExecutor));
+ */
+export const providePluginExtensions =
+  <TPlugins extends readonly AnyPlugin[]>(plugins: TPlugins) =>
+  (extensions: PluginExtensions<TPlugins>) =>
+  <A, E, R>(
+    effect: Effect.Effect<A, E, R>,
+  ): Effect.Effect<A, E, Exclude<R, PluginExtensionServices<TPlugins>>> => {
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    let out: Effect.Effect<A, E, any> = effect;
+    for (const plugin of plugins) {
+      if (!plugin.extensionService) continue;
+      const ext = (extensions as Record<string, unknown>)[plugin.id];
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      out = out.pipe(Effect.provideService(plugin.extensionService, ext as any));
+    }
+    return out as Effect.Effect<A, E, Exclude<R, PluginExtensionServices<TPlugins>>>;
+  };
diff --git a/packages/core/api/src/server.ts b/packages/core/api/src/server.ts
index 0ed5ca2a9..a2ca278ca 100644
--- a/packages/core/api/src/server.ts
+++ b/packages/core/api/src/server.ts
@@ -7,3 +7,10 @@ export {
   ScopeHandlers,
   ExecutionsHandlers,
 } from "./handlers";
+export {
+  composePluginApi,
+  composePluginHandlers,
+  composePluginHandlerLayer,
+  providePluginExtensions,
+  type PluginExtensionServices,
+} from "./plugin-routes";
diff --git a/packages/core/cli/src/commands/generate.ts b/packages/core/cli/src/commands/generate.ts
index 4aa5e95a8..da9da25d5 100644
--- a/packages/core/cli/src/commands/generate.ts
+++ b/packages/core/cli/src/commands/generate.ts
@@ -26,7 +26,11 @@ async function generateAction(opts: {
     process.exit(1);
   }
 
-  const schema = collectSchemas(config.plugins);
+  // The CLI never reaches plugin runtime — `plugins()` is called with
+  // no host deps and only `plugin.schema` is read. Each plugin's
+  // factory tolerates missing host deps for this introspection-only
+  // path; runtime callers (apps) pass real deps.
+  const schema = collectSchemas(config.plugins());
 
   const result = await generateDrizzleSchema({
     schema,
diff --git a/packages/core/sdk/package.json b/packages/core/sdk/package.json
index 3b41908d9..669204766 100644
--- a/packages/core/sdk/package.json
+++ b/packages/core/sdk/package.json
@@ -18,7 +18,8 @@
   "exports": {
     ".": "./src/index.ts",
     "./core": "./src/index.ts",
-    "./promise": "./src/promise.ts"
+    "./promise": "./src/promise.ts",
+    "./client": "./src/client.ts"
   },
   "publishConfig": {
     "access": "public",
@@ -34,6 +35,12 @@
           "types": "./dist/index.d.ts",
           "default": "./dist/core.js"
         }
+      },
+      "./client": {
+        "import": {
+          "types": "./dist/client.d.ts",
+          "default": "./dist/client.js"
+        }
       }
     }
   },
@@ -49,9 +56,20 @@
     "oauth4webapi": "^3.8.5",
     "fractional-indexing": "^3.2.0"
   },
+  "peerDependencies": {
+    "@effect/atom-react": "catalog:",
+    "react": "catalog:"
+  },
+  "peerDependenciesMeta": {
+    "@effect/atom-react": { "optional": true },
+    "react": { "optional": true }
+  },
   "devDependencies": {
+    "@effect/atom-react": "catalog:",
     "@effect/vitest": "catalog:",
     "@types/node": "catalog:",
+    "@types/react": "catalog:",
+    "react": "catalog:",
     "tsup": "catalog:",
     "typescript": "catalog:",
     "vitest": "catalog:"
diff --git a/packages/core/sdk/src/client.test.ts b/packages/core/sdk/src/client.test.ts
new file mode 100644
index 000000000..0e8bf9b74
--- /dev/null
+++ b/packages/core/sdk/src/client.test.ts
@@ -0,0 +1,68 @@
+// Regression coverage for `createPluginAtomClient`. The change that
+// triggered this test is dropping the explicit `pluginId` option in
+// favour of reading `group.identifier`. The properties under test are:
+//
+//   1. The synthetic `AtomHttpApi.Service` Tag's `.key` is
+//      `Plugin_<groupId>Client` — a non-empty Tag id is what makes
+//      caching/invalidation work (atoms are deduped per Tag identity;
+//      reactivity invalidations are routed by Tag).
+//   2. Two clients built from groups with different identifiers get
+//      distinct Tag keys — so plugins coexist in one React tree
+//      without sharing atom state across plugin boundaries.
+//   3. `.query` / `.mutation` return Atom-shaped descriptors —
+//      confirms the wrapper still composes the per-plugin `HttpApi`
+//      bundle correctly so AtomHttpApi can build the client.
+//
+// React Testing Library is intentionally not used here. The change
+// affected the Tag-derivation path inside `createPluginAtomClient`,
+// not the React side of `@effect/atom-react`. Verifying the Tag
+// identity + atom shape is what catches a regression in the area we
+// modified; mounting components would test `@effect/atom-react`,
+// which we did not touch.
+
+import { describe, expect, it } from "@effect/vitest";
+import { Schema } from "effect";
+import { HttpApiEndpoint, HttpApiGroup } from "effect/unstable/httpapi";
+
+import { createPluginAtomClient } from "./client";
+
+const FooGroup = HttpApiGroup.make("foo").add(
+  HttpApiEndpoint.get("ping", "/ping", { success: Schema.String }),
+);
+
+const BarGroup = HttpApiGroup.make("bar").add(
+  HttpApiEndpoint.post("set", "/set", {
+    payload: Schema.Struct({ value: Schema.String }),
+    success: Schema.String,
+  }),
+);
+
+describe("createPluginAtomClient", () => {
+  it("derives the Service Tag id from group.identifier", () => {
+    const FooClient = createPluginAtomClient(FooGroup);
+    expect(FooClient.key).toBe("Plugin_fooClient");
+  });
+
+  it("produces non-colliding Tag ids for groups with different identifiers", () => {
+    const A = createPluginAtomClient(FooGroup);
+    const B = createPluginAtomClient(BarGroup);
+    expect(A.key).not.toBe(B.key);
+    expect(A.key).toBe("Plugin_fooClient");
+    expect(B.key).toBe("Plugin_barClient");
+  });
+
+  it("returns Atom descriptors from `.query` and `.mutation`", () => {
+    const FooClient = createPluginAtomClient(FooGroup);
+    const BarClient = createPluginAtomClient(BarGroup);
+
+    const ping = FooClient.query("foo", "ping", {});
+    const set = BarClient.mutation("bar", "set");
+
+    // Atoms are reachable values — the exact shape is internal to
+    // `@effect-atom/atom`. A regression in pluginId derivation would
+    // typically surface as a missing-Tag throw inside the runtime
+    // before these factories returned anything.
+    expect(ping).toBeTruthy();
+    expect(set).toBeTruthy();
+  });
+});
diff --git a/packages/core/sdk/src/client.ts b/packages/core/sdk/src/client.ts
new file mode 100644
index 000000000..3424f7d07
--- /dev/null
+++ b/packages/core/sdk/src/client.ts
@@ -0,0 +1,295 @@
+// ---------------------------------------------------------------------------
+// @executor-js/sdk/client — frontend half of the plugin SDK.
+//
+// Plugins import from this entry to register pages/widgets and consume
+// their own typed reactive client. Server bundles must NOT import this
+// module — it pulls in React + @effect/atom-react. Plugin packages should
+// keep React/atom imports inside `./client.tsx` and Effect/Node imports
+// inside `./server.ts`; shared schema definitions go in `./shared.ts` and
+// can be imported from both halves.
+// ---------------------------------------------------------------------------
+
+import {
+  createContext,
+  createElement,
+  useContext,
+  useMemo,
+  type ComponentType,
+  type ReactNode,
+} from "react";
+import { HttpApi } from "effect/unstable/httpapi";
+import type { HttpApiEndpoint, HttpApiGroup } from "effect/unstable/httpapi";
+import { FetchHttpClient } from "effect/unstable/http";
+import * as AtomHttpApi from "effect/unstable/reactivity/AtomHttpApi";
+
+// ---------------------------------------------------------------------------
+// Re-exports — the curated set of primitives a plugin author needs to
+// build a typed reactive UI without reaching into `effect/*` directly.
+// ---------------------------------------------------------------------------
+
+export { Schema } from "effect";
+export { HttpApi, HttpApiEndpoint, HttpApiGroup } from "effect/unstable/httpapi";
+
+export * as AsyncResult from "effect/unstable/reactivity/AsyncResult";
+export * as Atom from "effect/unstable/reactivity/Atom";
+export * as AtomHttpApi from "effect/unstable/reactivity/AtomHttpApi";
+
+export {
+  useAtomValue,
+  useAtomSet,
+  useAtomMount,
+  useAtomRefresh,
+} from "@effect/atom-react";
+
+// ---------------------------------------------------------------------------
+// defineClientPlugin — declarative spec for the frontend half of a plugin.
+//
+// Mirror of `definePlugin` on the server, but everything here is React /
+// browser-only. The host treats the value as data: collects routes,
+// widgets, and slot components from every loaded plugin and mounts them
+// alongside the host's own UI.
+// ---------------------------------------------------------------------------
+
+export interface PageDecl {
+  /** Path relative to the plugin's mount point, e.g. `/`, `/edit/$id`. */
+  readonly path: string;
+  readonly component: ComponentType;
+  /** Optional sidebar nav metadata — the host renders these alongside its
+   *  own nav links. Omit to register a page without a nav entry. */
+  readonly nav?: {
+    readonly label: string;
+    readonly section?: string;
+  };
+}
+
+export interface WidgetProps {
+  readonly scopeId?: string;
+}
+
+export interface WidgetDecl {
+  readonly id: string;
+  readonly component: ComponentType<WidgetProps>;
+  readonly size?: "half" | "full";
+}
+
+/**
+ * Open record of host-defined slot components a plugin can fill. Slot
+ * names are part of the host UI contract — plugins opt in by registering
+ * a component for the slot they care about. Adding a slot is a host-side
+ * change; plugin authors don't define new slots.
+ */
+export type SlotComponent = ComponentType<Record<string, unknown>>;
+
+// ---------------------------------------------------------------------------
+// SourcePlugin / SourcePreset — UI contract for plugins that expose
+// "sources" (OpenAPI specs, MCP servers, GraphQL endpoints, etc.). The
+// host owns the source list / detail chrome; the plugin owns the
+// add-flow, edit form, and (optional) summary + sign-in buttons.
+//
+// Lives here, not in `@executor-js/react`, so it's part of the plugin
+// contract: a plugin's `./client` entry assembles its `sourcePlugin`
+// alongside `pages`/`widgets`, and the host derives the union list
+// from `virtual:executor/plugins-client`.
+// ---------------------------------------------------------------------------
+
+export interface SourcePreset {
+  /** Unique id (e.g. "stripe", "github-graphql"). */
+  readonly id: string;
+  readonly name: string;
+  readonly summary: string;
+  /** URL passed as `initialUrl` to the add form. Omit for presets that
+   *  don't use a URL (e.g. stdio MCP presets). */
+  readonly url?: string;
+  /** Optional icon URL (favicon, logo). */
+  readonly icon?: string;
+  /** Shown in the top-level grid on the sources page when true. */
+  readonly featured?: boolean;
+}
+
+export interface SourcePlugin {
+  /** Unique key matching the SDK plugin id (e.g. "openapi"). */
+  readonly key: string;
+  readonly label: string;
+  readonly add: ComponentType<{
+    readonly onComplete: () => void;
+    readonly onCancel: () => void;
+    readonly initialUrl?: string;
+    readonly initialPreset?: string;
+    readonly initialNamespace?: string;
+  }>;
+  readonly edit: ComponentType<{
+    readonly sourceId: string;
+    readonly onSave: () => void;
+  }>;
+  readonly summary?: ComponentType<{
+    readonly sourceId: string;
+    readonly variant?: "badge" | "panel";
+    readonly onAction?: () => void;
+  }>;
+  readonly signIn?: ComponentType<{
+    readonly sourceId: string;
+  }>;
+  readonly presets?: readonly SourcePreset[];
+}
+
+// ---------------------------------------------------------------------------
+// SecretProviderPlugin — UI contract for plugins that contribute secret
+// providers (1Password, WorkOS Vault, etc.). The host owns the secrets
+// page chrome; the plugin owns the settings card rendered inside.
+// ---------------------------------------------------------------------------
+
+export interface SecretProviderPlugin {
+  /** Unique key matching the SDK plugin id (e.g. "onepassword"). */
+  readonly key: string;
+  readonly label: string;
+  readonly settings: ComponentType<Record<string, never>>;
+}
+
+export interface ClientPluginSpec<TId extends string = string> {
+  readonly id: TId;
+  readonly pages?: readonly PageDecl[];
+  readonly widgets?: readonly WidgetDecl[];
+  readonly slots?: Record<string, SlotComponent>;
+  /** Source plugin contribution — populated by plugins that expose
+   *  `kind` rows in the core `source` table (openapi, mcp, graphql,
+   *  google-discovery). The host's sources page derives its provider
+   *  list from the union of every loaded plugin's `sourcePlugin`. */
+  readonly sourcePlugin?: SourcePlugin;
+  /** Secret provider plugin contribution — populated by plugins that
+   *  also ship a `secretProviders` (or related) server-side capability
+   *  AND want to expose a settings card on the host's secrets page. */
+  readonly secretProviderPlugin?: SecretProviderPlugin;
+}
+
+/**
+ * Identity factory — returns the spec unchanged but pins the inferred
+ * literal type of `id` so the host can index plugin records by id with
+ * full autocomplete. Plugins export this as their package's default
+ * (or named) export from `./client`.
+ */
+export const defineClientPlugin = <const TId extends string>(
+  spec: ClientPluginSpec<TId>,
+): ClientPluginSpec<TId> => spec;
+
+// ---------------------------------------------------------------------------
+// createPluginAtomClient — typed reactive HTTP client for one plugin.
+//
+// Wraps the plugin's `HttpApiGroup` in a per-plugin `HttpApi`, then
+// hands back an `AtomHttpApi.Service` keyed to that bundle. The
+// resulting service exposes `.query("group", "endpoint", opts)` and
+// `.mutation("group", "endpoint")` factories — same shape as the host's
+// existing `ExecutorApiClient` (see packages/react/src/api/client.tsx).
+// Per-endpoint payload/response/error types flow through from the
+// imported group, so plugin client code typechecks without codegen.
+//
+// The plugin id (used for the Service Tag and the synthetic API id) is
+// read from `group.identifier` — the same string the plugin passed to
+// `HttpApiGroup.make("foo")`. No second-source duplication.
+// ---------------------------------------------------------------------------
+
+export interface CreatePluginAtomClientOptions {
+  /** Override the base URL. Defaults to `/api` (host strips this prefix
+   *  when forwarding to the Effect handler) — same convention as the
+   *  core `ExecutorApiClient`. */
+  readonly baseUrl?: string;
+}
+
+/**
+ * Build a typed reactive client for a plugin's HttpApiGroup.
+ *
+ *   const FooClient = createPluginAtomClient(FooApi)
+ *   export const fooThings = FooClient.query("foo", "listThings", { ... })
+ *   export const fooSync   = FooClient.mutation("foo", "syncThing")
+ *
+ * Each plugin gets a private service Tag (`Plugin_<id>Client`) keyed by
+ * the group's `identifier`, so multiple plugins coexist in the same
+ * React tree without colliding.
+ */
+export const createPluginAtomClient = <
+  G extends HttpApiGroup.HttpApiGroup<string, HttpApiEndpoint.Any, boolean>,
+>(
+  group: G,
+  options: CreatePluginAtomClientOptions = {},
+) => {
+  const { baseUrl = "/api" } = options;
+  const pluginId = group.identifier;
+  const bundle = HttpApi.make(`plugin-${pluginId}`).add(group);
+  return AtomHttpApi.Service<`Plugin_${G["identifier"]}Client`>()(
+    `Plugin_${pluginId}Client`,
+    {
+      api: bundle,
+      httpClient: FetchHttpClient.layer,
+      baseUrl,
+    },
+  );
+};
+
+// ---------------------------------------------------------------------------
+// ExecutorPluginsProvider + hooks — host-level distribution of the loaded
+// `ClientPluginSpec[]` via React context.
+//
+// The host wraps once at the root of its tree (typically reading from
+// `virtual:executor/plugins-client`); pages and shared components consume
+// via the focused hooks (`useSourcePlugins` etc.) so they don't import
+// from any host-app aggregator file. Pages stay portable across hosts —
+// the same component renders against whatever plugin set the surrounding
+// `<ExecutorPluginsProvider>` provides.
+//
+// Hooks throw if no provider is in scope so missing setup fails loudly;
+// matches the pattern of `useScope` / `useAuth` already in the codebase.
+// ---------------------------------------------------------------------------
+
+interface ExecutorPluginsContextValue {
+  readonly plugins: readonly ClientPluginSpec[];
+  readonly sourcePlugins: readonly SourcePlugin[];
+  readonly secretProviderPlugins: readonly SecretProviderPlugin[];
+}
+
+const ExecutorPluginsContext = createContext<
+  ExecutorPluginsContextValue | null
+>(null);
+ExecutorPluginsContext.displayName = "ExecutorPluginsContext";
+
+export interface ExecutorPluginsProviderProps {
+  readonly plugins: readonly ClientPluginSpec[];
+  readonly children: ReactNode;
+}
+
+export function ExecutorPluginsProvider(
+  props: ExecutorPluginsProviderProps,
+): ReturnType<typeof createElement> {
+  const { plugins, children } = props;
+  const value = useMemo<ExecutorPluginsContextValue>(
+    () => ({
+      plugins,
+      sourcePlugins: plugins.flatMap((p) => (p.sourcePlugin ? [p.sourcePlugin] : [])),
+      secretProviderPlugins: plugins.flatMap((p) =>
+        p.secretProviderPlugin ? [p.secretProviderPlugin] : [],
+      ),
+    }),
+    [plugins],
+  );
+  return createElement(ExecutorPluginsContext.Provider, { value }, children);
+}
+
+const usePluginsCtx = (hookName: string): ExecutorPluginsContextValue => {
+  const ctx = useContext(ExecutorPluginsContext);
+  if (!ctx) {
+    throw new Error(
+      `${hookName} must be called inside an <ExecutorPluginsProvider>.`,
+    );
+  }
+  return ctx;
+};
+
+/** Full list of loaded `ClientPluginSpec` values. */
+export const useClientPlugins = (): readonly ClientPluginSpec[] =>
+  usePluginsCtx("useClientPlugins").plugins;
+
+/** Source plugins extracted from `clientPlugins[].sourcePlugin`. */
+export const useSourcePlugins = (): readonly SourcePlugin[] =>
+  usePluginsCtx("useSourcePlugins").sourcePlugins;
+
+/** Secret-provider plugins extracted from `clientPlugins[].secretProviderPlugin`. */
+export const useSecretProviderPlugins = (): readonly SecretProviderPlugin[] =>
+  usePluginsCtx("useSecretProviderPlugins").secretProviderPlugins;
diff --git a/packages/core/sdk/src/config.ts b/packages/core/sdk/src/config.ts
index 7713a26a9..6da51540c 100644
--- a/packages/core/sdk/src/config.ts
+++ b/packages/core/sdk/src/config.ts
@@ -1,28 +1,57 @@
 // ---------------------------------------------------------------------------
-// defineExecutorConfig — typed config declaration for the CLI.
+// defineExecutorConfig — typed config declaration consumed by both the
+// schema-gen CLI and the host runtime. Single source of truth for the
+// plugin list. First-party and third-party plugins go through the same
+// `bun add @executor-js/plugin-foo` + import-and-call flow.
 //
-// Analogous to better-auth's `auth.ts` config file. The CLI loads this
-// to read the plugin list and dialect without constructing a real executor
-// (which needs a live database connection). Plugin factories may receive
-// stub credentials here — the CLI only reads `plugin.schema`, never calls
-// the plugin at runtime.
+// `plugins` is always a factory `(deps?) => readonly AnyPlugin[]`. Some
+// plugins want runtime values from the host (e.g., the openapi plugin's
+// `configFile` sink, which is keyed to the active scope cwd and so can't
+// be constructed at module-eval time). Deps are optional — the
+// schema-gen CLI and Vite plugin call `plugins()` with no args (they
+// read `plugin.schema` / `plugin.packageName` only); runtime callers
+// pass concrete deps.
+//
+// Each app declares its own deps shape inline on the factory parameter
+// — TS infers `TDeps` from there, so apps don't reach into the SDK's
+// types via `declare module`.
 // ---------------------------------------------------------------------------
 
 import type { AnyPlugin } from "./plugin";
 
 export type ExecutorDialect = "pg" | "sqlite" | "mysql";
 
-export interface ExecutorCliConfig {
+export type ExecutorPluginsFactory<
+  TDeps extends object = object,
+  TPlugins extends readonly AnyPlugin[] = readonly AnyPlugin[],
+> = (deps?: TDeps) => TPlugins;
+
+export interface ExecutorCliConfig<
+  TDeps extends object = object,
+  TPlugins extends readonly AnyPlugin[] = readonly AnyPlugin[],
+> {
   readonly dialect: ExecutorDialect;
-  readonly plugins: readonly AnyPlugin[];
+  readonly plugins: ExecutorPluginsFactory<TDeps, TPlugins>;
 }
 
 /**
- * Declare an executor config for the CLI to consume. The CLI imports
- * this file via jiti and reads `plugins` + `dialect` to generate the
- * drizzle schema. Plugin runtime credentials can be stubs — only
- * `plugin.schema` is read.
+ * Declare an executor config. The CLI imports this file via jiti and
+ * reads `plugins` + `dialect` to generate the drizzle schema; the host
+ * runtime imports the same file to instantiate plugins. Plugin runtime
+ * credentials passed to the factory may be stubs from the CLI — only
+ * `plugin.schema` is read there.
+ *
+ * The `const TPlugins` modifier preserves the tuple-literal inference
+ * from the factory's return so per-plugin extension typing flows through
+ * (`ReturnType<typeof config.plugins>` keeps `[OpenApi, Mcp, ...]`).
+ *
+ * `TDeps` is inferred from the factory's parameter — apps annotate
+ * the destructure (e.g., `({ configFile }: { configFile?: ConfigFileSink })`)
+ * directly. No global module augmentation needed.
  */
-export const defineExecutorConfig = <const T extends ExecutorCliConfig>(
-  config: T,
-): T => config;
+export const defineExecutorConfig = <
+  TDeps extends object,
+  const TPlugins extends readonly AnyPlugin[],
+>(
+  config: ExecutorCliConfig<TDeps, TPlugins>,
+): ExecutorCliConfig<TDeps, TPlugins> => config;
diff --git a/packages/core/sdk/src/index.ts b/packages/core/sdk/src/index.ts
index 7e055104d..67a1957bf 100644
--- a/packages/core/sdk/src/index.ts
+++ b/packages/core/sdk/src/index.ts
@@ -2,6 +2,21 @@
 // @executor-js/sdk — public surface
 // ---------------------------------------------------------------------------
 
+// Re-export the Effect/Schema/HttpApi primitives plugin authors need so a
+// plugin can be written importing only from `@executor-js/sdk`. Authors who
+// want to reach for additional Effect APIs keep importing from `effect/*`
+// directly — these re-exports are the curated minimum.
+export { Context, Effect, Layer, Schema, Data, Option } from "effect";
+export {
+  HttpApi,
+  HttpApiBuilder,
+  HttpApiClient,
+  HttpApiEndpoint,
+  HttpApiGroup,
+  HttpApiMiddleware,
+  HttpApiSchema,
+} from "effect/unstable/httpapi";
+
 // Storage adapter interface types (re-exported from @executor-js/storage-core
 // so plugin authors can write adapters against a single public surface
 // without depending on storage-core directly).
@@ -240,8 +255,13 @@ export {
   collectSchemas,
 } from "./executor";
 
-// CLI config
-export { defineExecutorConfig, type ExecutorCliConfig, type ExecutorDialect } from "./config";
+// CLI / runtime config
+export {
+  defineExecutorConfig,
+  type ExecutorCliConfig,
+  type ExecutorDialect,
+  type ExecutorPluginsFactory,
+} from "./config";
 
 // Test helper
 export { makeTestConfig } from "./testing";
diff --git a/packages/core/sdk/src/plugin.ts b/packages/core/sdk/src/plugin.ts
index a5f6be419..0f690f561 100644
--- a/packages/core/sdk/src/plugin.ts
+++ b/packages/core/sdk/src/plugin.ts
@@ -1,4 +1,5 @@
-import type { Effect } from "effect";
+import type { Context, Effect, Layer } from "effect";
+import type { HttpApiGroup } from "effect/unstable/httpapi";
 import type {
   DBAdapter,
   DBSchema,
@@ -305,13 +306,38 @@ export interface SourceLifecycleInput<TStore = unknown> {
 // PluginSpec — what a `definePlugin(factory)` call returns.
 // ---------------------------------------------------------------------------
 
+// Defaults are `any` for slots that surface in contravariant positions
+// (storage/extension callbacks consume `TStore`/`TSchema`; `staticSources`
+// closes over `TExtension` via `NoInfer`). `any` is bivariant, so
+// `Plugin<string>` is a structural supertype of every concrete plugin
+// — `AnyPlugin = Plugin<string>` keeps the generic explosion contained
+// to this single declaration. Concrete specs ignore the defaults; TS
+// infers each slot from the literal returned by the author factory.
+//
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
 export interface PluginSpec<
   TId extends string = string,
-  TExtension extends object = Record<string, never>,
-  TStore = unknown,
-  TSchema extends DBSchema | undefined = DBSchema | undefined,
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  TExtension extends object = any,
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  TStore = any,
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  TSchema extends DBSchema | undefined = any,
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  TExtensionService extends Context.Service<any, any> | undefined = any,
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  THandlersLayer extends Layer.Layer<any, any, any> = any,
+  TGroup extends HttpApiGroup.Any = HttpApiGroup.Any,
 > {
   readonly id: TId;
+  /** npm package name. The Vite plugin uses this to derive the
+   *  `./client` import path for the frontend bundle (so the same
+   *  `executor.config.ts` drives both server and client) — `${packageName}/client`
+   *  is what gets bundled. The author writes the same string they
+   *  publish to npm; no transforms, no scope conventions. Required for
+   *  plugins that ship a `./client` entry; can be omitted for SDK-only
+   *  plugins (no client bundle = nothing to resolve). */
+  readonly packageName?: string;
   /** Plugin-declared schema. Merged with coreSchema and other plugins'
    *  schemas at executor startup via `collectSchemas`. The type flows
    *  into the `storage` factory's `deps.adapter` as a `TypedAdapter<TSchema>`
@@ -339,6 +365,56 @@ export interface PluginSpec<
     self: NoInfer<TExtension>,
   ) => readonly StaticSourceDecl<TStore>[];
 
+  /** HttpApiGroup contributed by this plugin. Composed into the host's
+   *  `HttpApi` via the `addGroup` helper at runtime. The host mounts
+   *  the group at `/_executor/plugins/{id}/...` (or wherever the
+   *  plugin declares its base path) with the host's auth + scope
+   *  middleware applied. Endpoints automatically appear in the
+   *  executor OpenAPI doc and the typed reactive client.
+   *
+   *  TGroup is inferred from the plugin's own group declaration so the
+   *  precise group identity flows through `composePluginApi(plugins)` —
+   *  the host's typed `HttpApi<"executor", CoreGroups | PluginGroups>`
+   *  is derived from the plugin tuple alone, with no per-plugin Group
+   *  imports at the host. Per-endpoint typing already lives inside the
+   *  plugin — its `handlers` Layer is built against its own bundled
+   *  `HttpApi.make("foo").add(FooApi)` for full `.handle("name", ...)`
+   *  inference, and its client imports the same group directly. */
+  readonly routes?: () => TGroup;
+
+  /** Handlers Layer for this plugin's group. Built by the plugin against
+   *  its own bundled API for full type safety on `.handle("name", ...)`,
+   *  composes into the host's runtime `FullApi` because
+   *  `HttpApiBuilder.group` keys the layer by group identity, not by the
+   *  surrounding API.
+   *
+   *  Late-binding: the layer leaves the plugin's extension as a Service
+   *  Tag requirement (see `extensionService` below). The host satisfies
+   *  it however its runtime wants:
+   *    - local: at boot via `Layer.succeed(extensionService)(executor[id])`
+   *      (see `composePluginHandlers`)
+   *    - cloud: per-request via `Effect.provideService(extensionService,
+   *      requestExecutor[id])` in the auth middleware
+   *
+   *  The Layer's channels are typed `any` because `Layer<RIn, E, ROut>`'s
+   *  `ROut` is contravariant — the host accepts any layer here and merges
+   *  them; per-plugin requirements flow through the merge. */
+  readonly handlers?: () => THandlersLayer;
+
+  /** Service tag the plugin's `handlers` layer requires. Set by plugins
+   *  whose handlers consume their extension via a `Context.Service` tag
+   *  (the established pattern: `*Handlers` reads `*ExtensionService`).
+   *  The host binds the tag to the live extension — at boot for local,
+   *  per request for cloud. Pairs with `handlers`; either both fields
+   *  are set or neither.
+   *
+   *  Inferred via the `TExtensionService` generic so the per-plugin
+   *  Service class identity propagates through `composePluginHandlers`,
+   *  `composePluginHandlerLayer`, and `providePluginExtensions` —
+   *  cloud's per-request middleware needs the precise tag for layer
+   *  satisfaction. */
+  readonly extensionService?: TExtensionService;
+
   /** Invoke a dynamic tool. Called when the executor's static-handler
    *  map doesn't have the toolId. The plugin reads its own enrichment
    *  via `ctx.storage` and returns the result. Optional — plugins with
@@ -424,10 +500,26 @@ export interface PluginSpec<
 
 export interface Plugin<
   TId extends string = string,
-  TExtension extends object = Record<string, never>,
-  TStore = unknown,
-  TSchema extends DBSchema | undefined = DBSchema | undefined,
-> extends PluginSpec<TId, TExtension, TStore, TSchema> {}
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  TExtension extends object = any,
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  TStore = any,
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  TSchema extends DBSchema | undefined = any,
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  TExtensionService extends Context.Service<any, any> | undefined = any,
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  THandlersLayer extends Layer.Layer<any, any, any> = any,
+  TGroup extends HttpApiGroup.Any = HttpApiGroup.Any,
+> extends PluginSpec<
+    TId,
+    TExtension,
+    TStore,
+    TSchema,
+    TExtensionService,
+    THandlersLayer,
+    TGroup
+  > {}
 
 // ---------------------------------------------------------------------------
 // definePlugin — factory-returning-spec. Options from the author factory
@@ -441,11 +533,24 @@ export type ConfiguredPlugin<
   TStore,
   TOptions extends object,
   TSchema extends DBSchema | undefined,
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  TExtensionService extends Context.Service<any, any> | undefined = undefined,
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  THandlersLayer extends Layer.Layer<any, any, any> = Layer.Layer<unknown, never, never>,
+  TGroup extends HttpApiGroup.Any = HttpApiGroup.Any,
 > = (
   options?: TOptions & {
     readonly storage?: (deps: StorageDeps<TSchema>) => TStore;
   },
-) => Plugin<TId, TExtension, TStore, TSchema>;
+) => Plugin<
+  TId,
+  TExtension,
+  TStore,
+  TSchema,
+  TExtensionService,
+  THandlersLayer,
+  TGroup
+>;
 
 // eslint-disable-next-line @typescript-eslint/ban-types
 export function definePlugin<
@@ -454,11 +559,33 @@ export function definePlugin<
   TStore,
   TSchema extends DBSchema | undefined = undefined,
   TOptions extends object = {},
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  TExtensionService extends Context.Service<any, any> | undefined = undefined,
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  THandlersLayer extends Layer.Layer<any, any, any> = Layer.Layer<unknown, never, never>,
+  TGroup extends HttpApiGroup.Any = HttpApiGroup.Any,
 >(
   authorFactory: (
     options?: TOptions,
-  ) => PluginSpec<TId, TExtension, TStore, TSchema>,
-): ConfiguredPlugin<TId, TExtension, TStore, TOptions, TSchema> {
+  ) => PluginSpec<
+    TId,
+    TExtension,
+    TStore,
+    TSchema,
+    TExtensionService,
+    THandlersLayer,
+    TGroup
+  >,
+): ConfiguredPlugin<
+  TId,
+  TExtension,
+  TStore,
+  TOptions,
+  TSchema,
+  TExtensionService,
+  THandlersLayer,
+  TGroup
+> {
   return (options) => {
     const {
       storage: storageOverride,
@@ -484,17 +611,15 @@ export function definePlugin<
 // AnyPlugin / PluginExtensions — type-level glue for the Executor surface.
 // ---------------------------------------------------------------------------
 
-// eslint-disable-next-line @typescript-eslint/no-explicit-any
-export type AnyPlugin = Plugin<string, any, any, any>;
+// `Plugin<string>` (with all subsequent slots taking their wide defaults)
+// is structurally any concrete plugin — the `any` cascade stays inside
+// the spec's defaults instead of leaking into every consumer.
+export type AnyPlugin = Plugin<string>;
 
 export type PluginExtensions<TPlugins extends readonly AnyPlugin[]> = {
   readonly [P in TPlugins[number] as P["id"]]: P extends Plugin<
     string,
-    infer TExt,
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    any,
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    any
+    infer TExt
   >
     ? TExt
     : never;
diff --git a/packages/core/sdk/tsup.config.ts b/packages/core/sdk/tsup.config.ts
index 8059c7137..4fa1c0749 100644
--- a/packages/core/sdk/tsup.config.ts
+++ b/packages/core/sdk/tsup.config.ts
@@ -4,10 +4,11 @@ export default defineConfig({
   entry: {
     index: "src/promise.ts",
     core: "src/index.ts",
+    client: "src/client.ts",
   },
   format: ["esm"],
   dts: false,
   sourcemap: true,
   clean: true,
-  external: [/^effect/, /^@effect\//],
+  external: [/^effect/, /^@effect\//, "react"],
 });
diff --git a/packages/core/vite-plugin/package.json b/packages/core/vite-plugin/package.json
new file mode 100644
index 000000000..6ff21589a
--- /dev/null
+++ b/packages/core/vite-plugin/package.json
@@ -0,0 +1,57 @@
+{
+  "name": "@executor-js/vite-plugin",
+  "version": "0.0.1",
+  "homepage": "https://github.com/RhysSullivan/executor/tree/main/packages/core/vite-plugin",
+  "bugs": {
+    "url": "https://github.com/RhysSullivan/executor/issues"
+  },
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/RhysSullivan/executor.git",
+    "directory": "packages/core/vite-plugin"
+  },
+  "files": [
+    "dist"
+  ],
+  "type": "module",
+  "exports": {
+    ".": {
+      "types": "./src/index.ts",
+      "bun": "./src/index.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "publishConfig": {
+    "access": "public",
+    "exports": {
+      ".": {
+        "import": {
+          "types": "./dist/index.d.ts",
+          "default": "./dist/index.js"
+        }
+      }
+    }
+  },
+  "scripts": {
+    "build": "tsup && (tsc --declaration --emitDeclarationOnly --outDir dist --rootDir src || true)",
+    "typecheck": "tsgo --noEmit",
+    "test": "vitest run",
+    "typecheck:slow": "tsc --noEmit"
+  },
+  "dependencies": {
+    "@executor-js/sdk": "workspace:*",
+    "jiti": "^2.6.1"
+  },
+  "peerDependencies": {
+    "vite": "catalog:"
+  },
+  "devDependencies": {
+    "@effect/vitest": "catalog:",
+    "@types/node": "catalog:",
+    "tsup": "catalog:",
+    "typescript": "catalog:",
+    "vite": "catalog:",
+    "vitest": "catalog:"
+  }
+}
diff --git a/packages/core/vite-plugin/src/index.ts b/packages/core/vite-plugin/src/index.ts
new file mode 100644
index 000000000..3462a9bd0
--- /dev/null
+++ b/packages/core/vite-plugin/src/index.ts
@@ -0,0 +1,185 @@
+// ---------------------------------------------------------------------------
+// @executor-js/vite-plugin — wires `executor.config.ts` into the host's
+// Vite build so plugin-contributed pages, widgets, and slot components
+// are bundled automatically. The host imports
+// `virtual:executor/plugins-client` and gets a typed list of every
+// loaded plugin's `defineClientPlugin(...)` value.
+//
+// Resolution model (one config, two consumers):
+//   - The server already imports plugin factories from
+//     `executor.config.ts` and runs them via `plugins({ configFile })`.
+//   - This Vite plugin loads the same `executor.config.ts` at build/dev
+//     start, calls `plugins({})` to enumerate them (factories must be
+//     side-effect free for inspection — same contract the schema-gen
+//     CLI relies on), reads each spec's `packageName`, and emits an
+//     import for `${packageName}/client`.
+//   - Plugins without a `packageName` are SDK-only and contribute
+//     nothing to the frontend bundle — they're skipped.
+//   - No conventions, no scope assumptions, no name transforms. The
+//     plugin author writes the same package name they publish to npm.
+//
+// HMR: the virtual module is part of Vite's graph. Changing
+// `executor.config.ts` invalidates it and triggers a hot update for
+// plugin-list consumers; adding/removing a plugin requires a Vite
+// restart (because npm dep graph changed).
+// ---------------------------------------------------------------------------
+
+import { existsSync } from "node:fs";
+import { createRequire } from "node:module";
+import { dirname, isAbsolute, resolve as resolvePath } from "node:path";
+import { pathToFileURL } from "node:url";
+import type { Plugin } from "vite";
+import type { ExecutorCliConfig } from "@executor-js/sdk";
+
+const VIRTUAL_ID = "virtual:executor/plugins-client";
+const RESOLVED_ID = `\0${VIRTUAL_ID}`;
+
+const DEFAULT_CONFIG_CANDIDATES = [
+  "executor.config.ts",
+  "executor.config.js",
+  "executor.config.mjs",
+  "src/executor.config.ts",
+  "src/executor.config.js",
+];
+
+const tryResolveClient = (
+  packageName: string,
+  fromDir: string,
+): string | null => {
+  const require = createRequire(resolvePath(fromDir, "_anchor.js"));
+  try {
+    return require.resolve(`${packageName}/client`);
+  } catch {
+    return null;
+  }
+};
+
+interface ExecutorVitePluginOptions {
+  /**
+   * Path to the executor config file. Resolved relative to the Vite
+   * project root if not absolute. Defaults to the first match of
+   * `executor.config.ts` / `.js` / `.mjs` (with a fallback under
+   * `src/`).
+   */
+  readonly configPath?: string;
+}
+
+export default function executorVitePlugin(
+  options: ExecutorVitePluginOptions = {},
+): Plugin {
+  let projectRoot: string = process.cwd();
+  let resolvedConfigPath: string | null = null;
+  let cachedSource: string | null = null;
+
+  const resolveConfigPath = (): string | null => {
+    if (resolvedConfigPath) return resolvedConfigPath;
+    const candidates = options.configPath
+      ? [options.configPath]
+      : DEFAULT_CONFIG_CANDIDATES;
+    for (const candidate of candidates) {
+      const abs = isAbsolute(candidate)
+        ? candidate
+        : resolvePath(projectRoot, candidate);
+      if (existsSync(abs)) {
+        resolvedConfigPath = abs;
+        return abs;
+      }
+    }
+    return null;
+  };
+
+  const loadVirtualSource = async (): Promise<string> => {
+    if (cachedSource !== null) return cachedSource;
+
+    const configPath = resolveConfigPath();
+    if (!configPath) {
+      cachedSource =
+        "// no executor.config.ts found — empty plugin list\n" +
+        "export const plugins = [];\n";
+      return cachedSource;
+    }
+
+    // jiti is a dev dep of consumers; importing dynamically lets the
+    // plugin be lazy-loaded and avoids a hard requirement when the
+    // host doesn't actually use plugins yet.
+    const { createJiti } = await import("jiti");
+    const jiti = createJiti(pathToFileURL(configPath).href, {
+      interopDefault: true,
+      moduleCache: false,
+    });
+    const mod = (await jiti.import(configPath)) as
+      | { default?: ExecutorCliConfig }
+      | ExecutorCliConfig;
+    const config = ("default" in mod && mod.default ? mod.default : mod) as ExecutorCliConfig;
+
+    const specs = config.plugins();
+    const fromDir = dirname(configPath);
+    const lines: string[] = [];
+    const exportNames: string[] = [];
+
+    for (const spec of specs) {
+      // SDK-only plugins (no `packageName`) contribute nothing to the
+      // frontend bundle — skip silently.
+      if (!spec.packageName) continue;
+      const resolved = tryResolveClient(spec.packageName, fromDir);
+      if (!resolved) {
+        // packageName was set but didn't resolve. Likely culprits:
+        // a typo, a package that hasn't published `./client` in its
+        // exports map yet, or the package isn't installed. Warn
+        // loudly so the dev sees their plugin's UI is missing instead
+        // of silently shipping a host without it.
+        console.warn(
+          `[@executor-js/vite-plugin] plugin "${spec.id}" set packageName ` +
+            `"${spec.packageName}" but ${spec.packageName}/client could ` +
+            `not be resolved from ${fromDir}. The plugin's UI will not be ` +
+            `bundled. Check that the package is installed and exports a ` +
+            `\`./client\` subpath in its package.json.`,
+        );
+        continue;
+      }
+      const ident = `__executor_plugin_${exportNames.length}`;
+      lines.push(`import ${ident} from ${JSON.stringify(`${spec.packageName}/client`)};`);
+      exportNames.push(ident);
+    }
+
+    cachedSource =
+      `${lines.join("\n")}\n` +
+      `export const plugins = [${exportNames.join(", ")}];\n`;
+    return cachedSource;
+  };
+
+  return {
+    name: "@executor-js/vite-plugin",
+    enforce: "pre",
+    configResolved(config) {
+      projectRoot = config.root;
+    },
+    resolveId(id) {
+      if (id === VIRTUAL_ID) return RESOLVED_ID;
+      return undefined;
+    },
+    async load(id) {
+      if (id !== RESOLVED_ID) return undefined;
+      return loadVirtualSource();
+    },
+    handleHotUpdate(ctx) {
+      const configPath = resolveConfigPath();
+      if (!configPath || ctx.file !== configPath) return undefined;
+      cachedSource = null;
+      const mod = ctx.server.moduleGraph.getModuleById(RESOLVED_ID);
+      return mod ? [mod] : undefined;
+    },
+  };
+}
+
+// Consumers wanting strong typing for `virtual:executor/plugins-client`
+// should add the following to a `vite-env.d.ts` (or any ambient `.d.ts`):
+//
+//   declare module "virtual:executor/plugins-client" {
+//     import type { ClientPluginSpec } from "@executor-js/sdk/client";
+//     export const plugins: readonly ClientPluginSpec[];
+//   }
+//
+// We don't ship the augmentation from this package because TS module
+// augmentation can only target modules TS already resolves, and Vite
+// virtual ids aren't resolvable by the type checker on their own.
diff --git a/packages/core/vite-plugin/tsconfig.json b/packages/core/vite-plugin/tsconfig.json
new file mode 100644
index 000000000..66c6c2905
--- /dev/null
+++ b/packages/core/vite-plugin/tsconfig.json
@@ -0,0 +1,23 @@
+{
+  "compilerOptions": {
+    "target": "ESNext",
+    "module": "ESNext",
+    "moduleResolution": "bundler",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "outDir": "dist",
+    "rootDir": "src",
+    "declaration": true,
+    "declarationMap": true,
+    "sourceMap": true,
+    "types": ["node"],
+    "plugins": [
+      {
+        "name": "@effect/language-service",
+        "diagnosticSeverity": {}
+      }
+    ]
+  },
+  "include": ["src"]
+}
diff --git a/packages/core/vite-plugin/tsup.config.ts b/packages/core/vite-plugin/tsup.config.ts
new file mode 100644
index 000000000..1254c0462
--- /dev/null
+++ b/packages/core/vite-plugin/tsup.config.ts
@@ -0,0 +1,12 @@
+import { defineConfig } from "tsup";
+
+export default defineConfig({
+  entry: {
+    index: "src/index.ts",
+  },
+  format: ["esm"],
+  dts: false,
+  sourcemap: true,
+  clean: true,
+  external: [/^@executor-js\//, /^effect/, /^@effect\//, "vite"],
+});
diff --git a/packages/core/vite-plugin/vitest.config.ts b/packages/core/vite-plugin/vitest.config.ts
new file mode 100644
index 000000000..5bfa2d586
--- /dev/null
+++ b/packages/core/vite-plugin/vitest.config.ts
@@ -0,0 +1,8 @@
+import { defineConfig } from "vitest/config";
+
+export default defineConfig({
+  test: {
+    include: ["src/**/*.test.ts"],
+    passWithNoTests: true,
+  },
+});
diff --git a/packages/plugins/example/package.json b/packages/plugins/example/package.json
new file mode 100644
index 000000000..ac96174c4
--- /dev/null
+++ b/packages/plugins/example/package.json
@@ -0,0 +1,71 @@
+{
+  "name": "@executor-js/plugin-example",
+  "version": "0.0.1",
+  "homepage": "https://github.com/RhysSullivan/executor/tree/main/packages/plugins/example",
+  "bugs": {
+    "url": "https://github.com/RhysSullivan/executor/issues"
+  },
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/RhysSullivan/executor.git",
+    "directory": "packages/plugins/example"
+  },
+  "files": [
+    "dist"
+  ],
+  "type": "module",
+  "exports": {
+    "./server": "./src/server.ts",
+    "./client": "./src/client.tsx",
+    "./shared": "./src/shared.ts"
+  },
+  "publishConfig": {
+    "access": "public",
+    "exports": {
+      "./server": {
+        "import": {
+          "types": "./dist/server.d.ts",
+          "default": "./dist/server.js"
+        }
+      },
+      "./client": {
+        "import": {
+          "types": "./dist/client.d.ts",
+          "default": "./dist/client.js"
+        }
+      },
+      "./shared": {
+        "import": {
+          "types": "./dist/shared.d.ts",
+          "default": "./dist/shared.js"
+        }
+      }
+    }
+  },
+  "scripts": {
+    "build": "tsup && (tsc --declaration --emitDeclarationOnly --outDir dist --rootDir src || true)",
+    "typecheck": "tsgo --noEmit",
+    "test": "vitest run",
+    "typecheck:slow": "tsc --noEmit"
+  },
+  "dependencies": {
+    "@executor-js/sdk": "workspace:*"
+  },
+  "peerDependencies": {
+    "react": "catalog:"
+  },
+  "peerDependenciesMeta": {
+    "react": { "optional": true }
+  },
+  "devDependencies": {
+    "@effect/vitest": "catalog:",
+    "@types/node": "catalog:",
+    "@types/react": "catalog:",
+    "bun-types": "catalog:",
+    "react": "catalog:",
+    "tsup": "catalog:",
+    "typescript": "catalog:",
+    "vitest": "catalog:"
+  }
+}
diff --git a/packages/plugins/example/src/client.tsx b/packages/plugins/example/src/client.tsx
new file mode 100644
index 000000000..01bb5d3f0
--- /dev/null
+++ b/packages/plugins/example/src/client.tsx
@@ -0,0 +1,88 @@
+// ---------------------------------------------------------------------------
+// @executor-js/plugin-example/client
+//
+// Frontend half: a single page that calls the plugin's `greet` mutation
+// and renders the response. Demonstrates the typed reactive client
+// pattern — `ExampleClient.mutation(...)` is fully typed against
+// `ExampleApi` from `./shared` with no codegen.
+//
+// Server-only deps (Effect, Node, executor.config) MUST NOT be imported
+// here — the Vite plugin bundles this entry into the frontend.
+// ---------------------------------------------------------------------------
+
+import { useState } from "react";
+import {
+  defineClientPlugin,
+  createPluginAtomClient,
+  useAtomSet,
+} from "@executor-js/sdk/client";
+
+import { ExampleApi } from "./shared";
+
+const ExampleClient = createPluginAtomClient(ExampleApi);
+
+const greetAtom = ExampleClient.mutation("example", "greet");
+
+function ExamplePage() {
+  const [name, setName] = useState("world");
+  const [result, setResult] = useState<string>();
+  const doGreet = useAtomSet(greetAtom, { mode: "promise" });
+
+  return (
+    <div style={{ maxWidth: 480, margin: "2rem auto", padding: "1rem" }}>
+      <h1 style={{ fontSize: "1.25rem", marginBottom: "1rem" }}>Example plugin</h1>
+      <div style={{ display: "flex", gap: 8 }}>
+        {/* The example plugin demonstrates the SDK in isolation, so it
+            uses raw HTML controls instead of `@executor-js/react`'s
+            wrapped components — third-party plugin authors don't have
+            to depend on the host's component library. */}
+        {/* oxlint-disable-next-line react/forbid-elements */}
+        <input
+          value={name}
+          onChange={(e) => setName(e.target.value)}
+          style={{
+            flex: 1,
+            padding: "0.5rem 0.75rem",
+            border: "1px solid #ccc",
+            borderRadius: 6,
+          }}
+        />
+        {/* oxlint-disable-next-line react/forbid-elements */}
+        <button
+          type="button"
+          onClick={async () => {
+            // Mutation has no shared state to invalidate — explicit
+            // empty `reactivityKeys` documents the intent for the
+            // `require-reactivity-keys` rule.
+            const g = await doGreet({ payload: { name }, reactivityKeys: [] });
+            setResult(`${g.message} (#${g.count})`);
+          }}
+          style={{
+            padding: "0.5rem 0.75rem",
+            border: "1px solid #ccc",
+            borderRadius: 6,
+            cursor: "pointer",
+          }}
+        >
+          Greet
+        </button>
+      </div>
+      {result && (
+        <pre style={{ marginTop: "1rem", padding: "0.5rem", background: "#f5f5f5" }}>
+          {result}
+        </pre>
+      )}
+    </div>
+  );
+}
+
+export default defineClientPlugin({
+  id: "example" as const,
+  pages: [
+    {
+      path: "/",
+      component: ExamplePage,
+      nav: { label: "Example" },
+    },
+  ],
+});
diff --git a/packages/plugins/example/src/server.ts b/packages/plugins/example/src/server.ts
new file mode 100644
index 000000000..78b06608c
--- /dev/null
+++ b/packages/plugins/example/src/server.ts
@@ -0,0 +1,75 @@
+// ---------------------------------------------------------------------------
+// @executor-js/plugin-example/server
+//
+// The server half of the example plugin. Demonstrates:
+//   - extension methods that hold the canonical implementation
+//   - an HttpApiGroup contributed via `routes`
+//   - a late-binding `handlers` Layer that consumes the plugin's
+//     extension via a Service tag (`ExampleExtensionService`); the host
+//     binds the tag at boot for local or per request for cloud
+//
+// React and other browser-only deps live in `./client` — never here.
+// ---------------------------------------------------------------------------
+
+import {
+  Context,
+  definePlugin,
+  Effect,
+  HttpApi,
+  HttpApiBuilder,
+} from "@executor-js/sdk";
+
+import { ExampleApi } from "./shared";
+
+// Bundle the group into a single-group HttpApi for typing purposes only.
+// The runtime composition uses group identity to merge into the host's
+// FullApi, so this bundle never touches the host's wiring.
+const ExampleApiBundle = HttpApi.make("example").add(ExampleApi);
+
+interface ExampleExtension {
+  readonly greet: (
+    name: string,
+  ) => Effect.Effect<{ readonly message: string; readonly count: number }>;
+}
+
+export class ExampleExtensionService extends Context.Service<
+  ExampleExtensionService,
+  ExampleExtension
+>()("ExampleExtensionService") {}
+
+const ExampleHandlers = HttpApiBuilder.group(ExampleApiBundle, "example", (h) =>
+  h.handle("greet", ({ payload }) =>
+    Effect.gen(function* () {
+      const ext = yield* ExampleExtensionService;
+      return yield* ext.greet(payload.name);
+    }),
+  ),
+);
+
+export const examplePlugin = definePlugin(() => ({
+  id: "example" as const,
+  packageName: "@executor-js/plugin-example",
+
+  // No DB schema — the counter lives in plugin storage (in-memory) so
+  // the example plugin doesn't pull in migration plumbing.
+  storage: () => ({ count: 0 }),
+
+  // Canonical implementation. CLI/tests/embedded callers and the HTTP
+  // handler all hit this same code path.
+  extension: (ctx): ExampleExtension => ({
+    greet: (name: string) =>
+      Effect.sync(() => {
+        ctx.storage.count += 1;
+        return {
+          message: `hello ${name}`,
+          count: ctx.storage.count,
+        };
+      }),
+  }),
+
+  routes: () => ExampleApi,
+  handlers: () => ExampleHandlers,
+  extensionService: ExampleExtensionService,
+}));
+
+export default examplePlugin;
diff --git a/packages/plugins/example/src/shared.ts b/packages/plugins/example/src/shared.ts
new file mode 100644
index 000000000..0e7a3041a
--- /dev/null
+++ b/packages/plugins/example/src/shared.ts
@@ -0,0 +1,25 @@
+// ---------------------------------------------------------------------------
+// @executor-js/plugin-example/shared
+//
+// Schemas and the HttpApiGroup definition shared between the server and
+// client halves. Both `./server` and `./client` import from here so the
+// frontend's typed reactive client and the backend's handlers see the
+// exact same payload/response/error contracts.
+//
+// No React or Node imports here — server and client both import this.
+// ---------------------------------------------------------------------------
+
+import { HttpApiEndpoint, HttpApiGroup, Schema } from "@executor-js/sdk";
+
+export const Greeting = Schema.Struct({
+  message: Schema.String,
+  count: Schema.Number,
+});
+export type Greeting = typeof Greeting.Type;
+
+export const ExampleApi = HttpApiGroup.make("example").add(
+  HttpApiEndpoint.post("greet", "/greet", {
+    payload: Schema.Struct({ name: Schema.String }),
+    success: Greeting,
+  }),
+);
diff --git a/packages/plugins/example/tsconfig.json b/packages/plugins/example/tsconfig.json
new file mode 100644
index 000000000..0deffe992
--- /dev/null
+++ b/packages/plugins/example/tsconfig.json
@@ -0,0 +1,23 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "ESNext",
+    "moduleResolution": "Bundler",
+    "strict": true,
+    "skipLibCheck": true,
+    "jsx": "react-jsx",
+    "lib": ["ES2022", "DOM"],
+    "types": ["bun-types", "node"],
+    "noUnusedLocals": true,
+    "noImplicitOverride": true,
+    "plugins": [
+      {
+        "name": "@effect/language-service",
+        "diagnosticSeverity": {
+          "preferSchemaOverJson": "off"
+        }
+      }
+    ]
+  },
+  "include": ["src/**/*.ts", "src/**/*.tsx"]
+}
diff --git a/packages/plugins/example/tsup.config.ts b/packages/plugins/example/tsup.config.ts
new file mode 100644
index 000000000..e2364096c
--- /dev/null
+++ b/packages/plugins/example/tsup.config.ts
@@ -0,0 +1,14 @@
+import { defineConfig } from "tsup";
+
+export default defineConfig({
+  entry: {
+    server: "src/server.ts",
+    client: "src/client.tsx",
+    shared: "src/shared.ts",
+  },
+  format: ["esm"],
+  dts: false,
+  sourcemap: true,
+  clean: true,
+  external: [/^@executor-js\//, /^effect/, /^@effect\//, "react", "react/jsx-runtime"],
+});
diff --git a/packages/plugins/example/vitest.config.ts b/packages/plugins/example/vitest.config.ts
new file mode 100644
index 000000000..5bfa2d586
--- /dev/null
+++ b/packages/plugins/example/vitest.config.ts
@@ -0,0 +1,8 @@
+import { defineConfig } from "vitest/config";
+
+export default defineConfig({
+  test: {
+    include: ["src/**/*.test.ts"],
+    passWithNoTests: true,
+  },
+});
diff --git a/packages/plugins/google-discovery/package.json b/packages/plugins/google-discovery/package.json
index ee8538f69..866a656ba 100644
--- a/packages/plugins/google-discovery/package.json
+++ b/packages/plugins/google-discovery/package.json
@@ -20,7 +20,8 @@
     "./promise": "./src/promise.ts",
     "./api": "./src/api/index.ts",
     "./react": "./src/react/index.ts",
-    "./presets": "./src/sdk/presets.ts"
+    "./presets": "./src/sdk/presets.ts",
+    "./client": "./src/react/plugin-client.tsx"
   },
   "publishConfig": {
     "access": "public",
diff --git a/packages/plugins/google-discovery/src/react/client.ts b/packages/plugins/google-discovery/src/react/client.ts
index 927ba8e81..4b296f6d1 100644
--- a/packages/plugins/google-discovery/src/react/client.ts
+++ b/packages/plugins/google-discovery/src/react/client.ts
@@ -1,16 +1,8 @@
-import * as AtomHttpApi from "effect/unstable/reactivity/AtomHttpApi";
-import { FetchHttpClient } from "effect/unstable/http";
-import { addGroup } from "@executor-js/api";
+import { createPluginAtomClient } from "@executor-js/sdk/client";
 import { getBaseUrl } from "@executor-js/react/api/base-url";
 import { GoogleDiscoveryGroup } from "../api/group";
 
-const GoogleDiscoveryApi = addGroup(GoogleDiscoveryGroup);
-
-export const GoogleDiscoveryClient = AtomHttpApi.Service<"GoogleDiscoveryClient">()(
-  "GoogleDiscoveryClient",
-  {
-    api: GoogleDiscoveryApi,
-    httpClient: FetchHttpClient.layer,
-    baseUrl: getBaseUrl(),
-  },
+export const GoogleDiscoveryClient = createPluginAtomClient(
+  GoogleDiscoveryGroup,
+  { baseUrl: getBaseUrl() },
 );
diff --git a/packages/plugins/google-discovery/src/react/plugin-client.tsx b/packages/plugins/google-discovery/src/react/plugin-client.tsx
new file mode 100644
index 000000000..685237406
--- /dev/null
+++ b/packages/plugins/google-discovery/src/react/plugin-client.tsx
@@ -0,0 +1,8 @@
+import { defineClientPlugin } from "@executor-js/sdk/client";
+
+import { googleDiscoverySourcePlugin } from "./source-plugin";
+
+export default defineClientPlugin({
+  id: "googleDiscovery" as const,
+  sourcePlugin: googleDiscoverySourcePlugin,
+});
diff --git a/packages/plugins/google-discovery/src/react/source-plugin.ts b/packages/plugins/google-discovery/src/react/source-plugin.ts
index 682a4a0ff..2cc478311 100644
--- a/packages/plugins/google-discovery/src/react/source-plugin.ts
+++ b/packages/plugins/google-discovery/src/react/source-plugin.ts
@@ -1,5 +1,5 @@
 import { lazy } from "react";
-import type { SourcePlugin } from "@executor-js/react/plugins/source-plugin";
+import type { SourcePlugin } from "@executor-js/sdk/client";
 import { googleDiscoveryPresets } from "../sdk/presets";
 
 export const googleDiscoverySourcePlugin: SourcePlugin = {
diff --git a/packages/plugins/google-discovery/src/sdk/plugin.ts b/packages/plugins/google-discovery/src/sdk/plugin.ts
index 6255308ad..db5aea6bc 100644
--- a/packages/plugins/google-discovery/src/sdk/plugin.ts
+++ b/packages/plugins/google-discovery/src/sdk/plugin.ts
@@ -9,6 +9,12 @@ import {
   type ToolAnnotations,
 } from "@executor-js/sdk/core";
 
+import { GoogleDiscoveryGroup } from "../api/group";
+import {
+  GoogleDiscoveryExtensionService,
+  GoogleDiscoveryHandlers,
+} from "../api/handlers";
+
 import {
   googleDiscoverySchema,
   makeGoogleDiscoveryStore,
@@ -300,6 +306,7 @@ const registerManifest = (
 
 export const googleDiscoveryPlugin = definePlugin(() => ({
   id: "googleDiscovery" as const,
+  packageName: "@executor-js/plugin-google-discovery",
   schema: googleDiscoverySchema,
   storage: (deps) => makeGoogleDiscoveryStore(deps),
 
@@ -497,4 +504,8 @@ export const googleDiscoveryPlugin = definePlugin(() => ({
   // connection's providerState (stamped at `ctx.oauth.start` time with
   // the `authorization-code` strategy's tokenEndpoint), so refresh
   // reaches Google through the unified code path.
+
+  routes: () => GoogleDiscoveryGroup,
+  handlers: () => GoogleDiscoveryHandlers,
+  extensionService: GoogleDiscoveryExtensionService,
 }));
diff --git a/packages/plugins/graphql/package.json b/packages/plugins/graphql/package.json
index ec10f4861..ec955162d 100644
--- a/packages/plugins/graphql/package.json
+++ b/packages/plugins/graphql/package.json
@@ -20,7 +20,8 @@
     "./promise": "./src/promise.ts",
     "./api": "./src/api/index.ts",
     "./react": "./src/react/index.ts",
-    "./presets": "./src/sdk/presets.ts"
+    "./presets": "./src/sdk/presets.ts",
+    "./client": "./src/react/plugin-client.tsx"
   },
   "publishConfig": {
     "access": "public",
diff --git a/packages/plugins/graphql/src/react/client.ts b/packages/plugins/graphql/src/react/client.ts
index b432e8703..986ec8842 100644
--- a/packages/plugins/graphql/src/react/client.ts
+++ b/packages/plugins/graphql/src/react/client.ts
@@ -1,17 +1,7 @@
-import * as AtomHttpApi from "effect/unstable/reactivity/AtomHttpApi";
-import { FetchHttpClient } from "effect/unstable/http";
-import { addGroup } from "@executor-js/api";
+import { createPluginAtomClient } from "@executor-js/sdk/client";
 import { getBaseUrl } from "@executor-js/react/api/base-url";
 import { GraphqlGroup } from "../api/group";
 
-// ---------------------------------------------------------------------------
-// GraphQL-aware client — core routes + graphql routes
-// ---------------------------------------------------------------------------
-
-const GraphqlApi = addGroup(GraphqlGroup);
-
-export const GraphqlClient = AtomHttpApi.Service<"GraphqlClient">()("GraphqlClient", {
-  api: GraphqlApi,
-  httpClient: FetchHttpClient.layer,
+export const GraphqlClient = createPluginAtomClient(GraphqlGroup, {
   baseUrl: getBaseUrl(),
 });
diff --git a/packages/plugins/graphql/src/react/plugin-client.tsx b/packages/plugins/graphql/src/react/plugin-client.tsx
new file mode 100644
index 000000000..955fff503
--- /dev/null
+++ b/packages/plugins/graphql/src/react/plugin-client.tsx
@@ -0,0 +1,8 @@
+import { defineClientPlugin } from "@executor-js/sdk/client";
+
+import { graphqlSourcePlugin } from "./source-plugin";
+
+export default defineClientPlugin({
+  id: "graphql" as const,
+  sourcePlugin: graphqlSourcePlugin,
+});
diff --git a/packages/plugins/graphql/src/react/source-plugin.ts b/packages/plugins/graphql/src/react/source-plugin.ts
index 19a18ef6d..2b234123d 100644
--- a/packages/plugins/graphql/src/react/source-plugin.ts
+++ b/packages/plugins/graphql/src/react/source-plugin.ts
@@ -1,5 +1,5 @@
 import { lazy } from "react";
-import type { SourcePlugin } from "@executor-js/react/plugins/source-plugin";
+import type { SourcePlugin } from "@executor-js/sdk/client";
 import { graphqlPresets } from "../sdk/presets";
 
 export const graphqlSourcePlugin: SourcePlugin = {
diff --git a/packages/plugins/graphql/src/sdk/plugin.ts b/packages/plugins/graphql/src/sdk/plugin.ts
index 8b94b0b74..450d66a68 100644
--- a/packages/plugins/graphql/src/sdk/plugin.ts
+++ b/packages/plugins/graphql/src/sdk/plugin.ts
@@ -1,6 +1,9 @@
 import { Effect, Option } from "effect";
-import { FetchHttpClient, HttpClient } from "effect/unstable/http";
 import type { Layer } from "effect";
+import { FetchHttpClient, HttpClient } from "effect/unstable/http";
+
+import { GraphqlGroup } from "../api/group";
+import { GraphqlExtensionService, GraphqlHandlers } from "../api/handlers";
 
 import {
   definePlugin,
@@ -322,6 +325,7 @@ export const graphqlPlugin = definePlugin((options?: GraphqlPluginOptions) => {
 
   return {
     id: "graphql" as const,
+    packageName: "@executor-js/plugin-graphql",
     schema: graphqlSchema,
     storage: (deps): GraphqlStore => makeDefaultGraphqlStore(deps),
 
@@ -657,5 +661,9 @@ export const graphqlPlugin = definePlugin((options?: GraphqlPluginOptions) => {
           namespace: name,
         });
       }),
+
+    routes: () => GraphqlGroup,
+    handlers: () => GraphqlHandlers,
+    extensionService: GraphqlExtensionService,
   };
 });
diff --git a/packages/plugins/keychain/src/index.ts b/packages/plugins/keychain/src/index.ts
index 92dfeedb8..2f87c2301 100644
--- a/packages/plugins/keychain/src/index.ts
+++ b/packages/plugins/keychain/src/index.ts
@@ -71,13 +71,7 @@ const scopedServiceName = (
 ): string =>
   `${resolveServiceName(options?.serviceName)}/${ctx.scopes[0]!.id as string}`;
 
-export const keychainPlugin = definePlugin<
-  "keychain",
-  KeychainExtension,
-  {},
-  undefined,
-  KeychainPluginConfig
->(
+export const keychainPlugin = definePlugin(
   (options?: KeychainPluginConfig) => ({
     id: "keychain" as const,
     storage: () => ({}),
diff --git a/packages/plugins/mcp/package.json b/packages/plugins/mcp/package.json
index 7ba5954f8..0de0cb34e 100644
--- a/packages/plugins/mcp/package.json
+++ b/packages/plugins/mcp/package.json
@@ -20,7 +20,8 @@
     "./promise": "./src/promise.ts",
     "./api": "./src/api/index.ts",
     "./react": "./src/react/index.ts",
-    "./presets": "./src/sdk/presets.ts"
+    "./presets": "./src/sdk/presets.ts",
+    "./client": "./src/react/plugin-client.tsx"
   },
   "publishConfig": {
     "access": "public",
diff --git a/packages/plugins/mcp/src/react/client.ts b/packages/plugins/mcp/src/react/client.ts
index 97a06c827..0d024dd35 100644
--- a/packages/plugins/mcp/src/react/client.ts
+++ b/packages/plugins/mcp/src/react/client.ts
@@ -1,17 +1,7 @@
-import * as AtomHttpApi from "effect/unstable/reactivity/AtomHttpApi";
-import { FetchHttpClient } from "effect/unstable/http";
-import { addGroup } from "@executor-js/api";
+import { createPluginAtomClient } from "@executor-js/sdk/client";
 import { getBaseUrl } from "@executor-js/react/api/base-url";
 import { McpGroup } from "../api/group";
 
-// ---------------------------------------------------------------------------
-// MCP-aware client — core routes + mcp routes
-// ---------------------------------------------------------------------------
-
-const McpApi = addGroup(McpGroup);
-
-export const McpClient = AtomHttpApi.Service<"McpClient">()("McpClient", {
-  api: McpApi,
-  httpClient: FetchHttpClient.layer,
+export const McpClient = createPluginAtomClient(McpGroup, {
   baseUrl: getBaseUrl(),
 });
diff --git a/packages/plugins/mcp/src/react/plugin-client.tsx b/packages/plugins/mcp/src/react/plugin-client.tsx
new file mode 100644
index 000000000..0cc24d7d6
--- /dev/null
+++ b/packages/plugins/mcp/src/react/plugin-client.tsx
@@ -0,0 +1,21 @@
+// ---------------------------------------------------------------------------
+// @executor-js/plugin-mcp/client — `defineClientPlugin` entry.
+//
+// Bakes `allowStdio: true` into the source plugin shipped via the
+// virtual `plugins-client` module — that's the local-app default and
+// the source plugin's UI options only matter when the server-side flag
+// is also on. Hosts that want stdio off can keep importing
+// `createMcpSourcePlugin({ allowStdio: false })` from `./react`
+// directly and bypass the virtual module.
+// ---------------------------------------------------------------------------
+
+import { defineClientPlugin } from "@executor-js/sdk/client";
+
+import { createMcpSourcePlugin } from "./source-plugin";
+
+const mcpSourcePlugin = createMcpSourcePlugin({ allowStdio: true });
+
+export default defineClientPlugin({
+  id: "mcp" as const,
+  sourcePlugin: mcpSourcePlugin,
+});
diff --git a/packages/plugins/mcp/src/react/source-plugin.tsx b/packages/plugins/mcp/src/react/source-plugin.tsx
index 09d3e9e13..45f79efd4 100644
--- a/packages/plugins/mcp/src/react/source-plugin.tsx
+++ b/packages/plugins/mcp/src/react/source-plugin.tsx
@@ -1,5 +1,5 @@
 import { lazy, type ComponentProps, type ComponentType } from "react";
-import type { SourcePlugin } from "@executor-js/react/plugins/source-plugin";
+import type { SourcePlugin } from "@executor-js/sdk/client";
 import { mcpPresets } from "../sdk/presets";
 
 const LazyAddMcpSource = lazy(() => import("./AddMcpSource"));
diff --git a/packages/plugins/mcp/src/sdk/plugin.ts b/packages/plugins/mcp/src/sdk/plugin.ts
index 511cd5c5b..ed7d3b811 100644
--- a/packages/plugins/mcp/src/sdk/plugin.ts
+++ b/packages/plugins/mcp/src/sdk/plugin.ts
@@ -2,6 +2,9 @@ import { Duration, Effect, Exit, Result, Scope, ScopedCache } from "effect";
 
 import type { OAuthClientProvider } from "@modelcontextprotocol/sdk/client/auth.js";
 
+import { McpGroup } from "../api/group";
+import { McpExtensionService, McpHandlers } from "../api/handlers";
+
 import {
   SourceDetectionResult,
   definePlugin,
@@ -414,13 +417,7 @@ const toMcpConfigEntry = (
   return entry;
 };
 
-export const mcpPlugin = definePlugin<
-  "mcp",
-  McpPluginExtension,
-  McpBindingStore,
-  typeof mcpSchema,
-  McpPluginOptions
->((options?: McpPluginOptions) => {
+export const mcpPlugin = definePlugin((options?: McpPluginOptions) => {
   const allowStdio = options?.dangerouslyAllowStdioMCP ?? false;
   // Per-plugin-instance runtime holder. Captured by closures in
   // `extension`, `invokeTool`, and `close`, so all three see the same
@@ -440,6 +437,7 @@ export const mcpPlugin = definePlugin<
 
   return {
     id: "mcp" as const,
+    packageName: "@executor-js/plugin-mcp",
     schema: mcpSchema,
     storage: (deps): McpBindingStore => makeMcpStore(deps),
 
@@ -1005,6 +1003,13 @@ export const mcpPlugin = definePlugin<
           runtimeRef.current = null;
         }
       }).pipe(Effect.withSpan("mcp.plugin.close")),
+
+    // HTTP transport. `McpHandlers` requires `McpExtensionService`; the
+    // host satisfies it via the `extensionService` Tag — at boot for
+    // local, per request for cloud.
+    routes: () => McpGroup,
+    handlers: () => McpHandlers,
+    extensionService: McpExtensionService,
   };
 });
 
diff --git a/packages/plugins/onepassword/package.json b/packages/plugins/onepassword/package.json
index 72a932f4d..abbd3ac5d 100644
--- a/packages/plugins/onepassword/package.json
+++ b/packages/plugins/onepassword/package.json
@@ -19,7 +19,8 @@
     ".": "./src/sdk/index.ts",
     "./promise": "./src/promise.ts",
     "./api": "./src/api/index.ts",
-    "./react": "./src/react/index.ts"
+    "./react": "./src/react/index.ts",
+    "./client": "./src/react/plugin-client.tsx"
   },
   "publishConfig": {
     "access": "public",
diff --git a/packages/plugins/onepassword/src/react/client.ts b/packages/plugins/onepassword/src/react/client.ts
index 7609ab79e..adaebba2b 100644
--- a/packages/plugins/onepassword/src/react/client.ts
+++ b/packages/plugins/onepassword/src/react/client.ts
@@ -1,17 +1,7 @@
-import * as AtomHttpApi from "effect/unstable/reactivity/AtomHttpApi";
-import { FetchHttpClient } from "effect/unstable/http";
-import { addGroup } from "@executor-js/api";
+import { createPluginAtomClient } from "@executor-js/sdk/client";
 import { getBaseUrl } from "@executor-js/react/api/base-url";
 import { OnePasswordGroup } from "../api/group";
 
-// ---------------------------------------------------------------------------
-// 1Password-aware client — core routes + onepassword routes
-// ---------------------------------------------------------------------------
-
-const OnePasswordApi = addGroup(OnePasswordGroup);
-
-export const OnePasswordClient = AtomHttpApi.Service<"OnePasswordClient">()("OnePasswordClient", {
-  api: OnePasswordApi,
-  httpClient: FetchHttpClient.layer,
+export const OnePasswordClient = createPluginAtomClient(OnePasswordGroup, {
   baseUrl: getBaseUrl(),
 });
diff --git a/packages/plugins/onepassword/src/react/plugin-client.tsx b/packages/plugins/onepassword/src/react/plugin-client.tsx
new file mode 100644
index 000000000..b290d707b
--- /dev/null
+++ b/packages/plugins/onepassword/src/react/plugin-client.tsx
@@ -0,0 +1,8 @@
+import { defineClientPlugin } from "@executor-js/sdk/client";
+
+import { onePasswordSecretProviderPlugin } from "./secret-provider-plugin";
+
+export default defineClientPlugin({
+  id: "onepassword" as const,
+  secretProviderPlugin: onePasswordSecretProviderPlugin,
+});
diff --git a/packages/plugins/onepassword/src/react/secret-provider-plugin.ts b/packages/plugins/onepassword/src/react/secret-provider-plugin.ts
index cfb8caace..7910c29d0 100644
--- a/packages/plugins/onepassword/src/react/secret-provider-plugin.ts
+++ b/packages/plugins/onepassword/src/react/secret-provider-plugin.ts
@@ -1,5 +1,5 @@
 import { lazy } from "react";
-import type { SecretProviderPlugin } from "@executor-js/react/plugins/secret-provider-plugin";
+import type { SecretProviderPlugin } from "@executor-js/sdk/client";
 
 export const onePasswordSecretProviderPlugin: SecretProviderPlugin = {
   key: "onepassword",
diff --git a/packages/plugins/onepassword/src/sdk/plugin.ts b/packages/plugins/onepassword/src/sdk/plugin.ts
index 3bbef125f..ebb77de56 100644
--- a/packages/plugins/onepassword/src/sdk/plugin.ts
+++ b/packages/plugins/onepassword/src/sdk/plugin.ts
@@ -9,6 +9,12 @@ import {
   type StorageFailure,
 } from "@executor-js/sdk/core";
 
+import { OnePasswordGroup } from "../api/group";
+import {
+  OnePasswordExtensionService,
+  OnePasswordHandlers,
+} from "../api/handlers";
+
 import { OnePasswordConfig, Vault, ConnectionStatus } from "./types";
 import type { OnePasswordAuth } from "./types";
 import { OnePasswordError } from "./errors";
@@ -271,6 +277,7 @@ export const onepasswordPlugin = definePlugin(
 
     return {
       id: "onepassword" as const,
+      packageName: "@executor-js/plugin-onepassword",
       storage: ({ blobs, scopes }) =>
         makeOnePasswordStore(blobs, scopes.at(-1)!.id as string),
 
@@ -341,6 +348,10 @@ export const onepasswordPlugin = definePlugin(
       },
 
       secretProviders: (ctx) => [makeProvider(ctx, timeoutMs, preferSdk)],
+
+      routes: () => OnePasswordGroup,
+      handlers: () => OnePasswordHandlers,
+      extensionService: OnePasswordExtensionService,
     };
   },
 );
diff --git a/packages/plugins/openapi/package.json b/packages/plugins/openapi/package.json
index 34b4975a5..b035d7e25 100644
--- a/packages/plugins/openapi/package.json
+++ b/packages/plugins/openapi/package.json
@@ -20,6 +20,7 @@
     "./promise": "./src/promise.ts",
     "./api": "./src/api/index.ts",
     "./react": "./src/react/index.ts",
+    "./client": "./src/react/plugin-client.tsx",
     "./presets": "./src/sdk/presets.ts"
   },
   "publishConfig": {
diff --git a/packages/plugins/openapi/src/react/client.ts b/packages/plugins/openapi/src/react/client.ts
index 807f5e8f8..b6af64f21 100644
--- a/packages/plugins/openapi/src/react/client.ts
+++ b/packages/plugins/openapi/src/react/client.ts
@@ -1,17 +1,7 @@
-import * as AtomHttpApi from "effect/unstable/reactivity/AtomHttpApi";
-import { FetchHttpClient } from "effect/unstable/http";
-import { addGroup } from "@executor-js/api";
+import { createPluginAtomClient } from "@executor-js/sdk/client";
 import { getBaseUrl } from "@executor-js/react/api/base-url";
 import { OpenApiGroup } from "../api/group";
 
-// ---------------------------------------------------------------------------
-// OpenAPI-aware client — core routes + openapi routes
-// ---------------------------------------------------------------------------
-
-const OpenApiApi = addGroup(OpenApiGroup);
-
-export const OpenApiClient = AtomHttpApi.Service<"OpenApiClient">()("OpenApiClient", {
-  api: OpenApiApi,
-  httpClient: FetchHttpClient.layer,
+export const OpenApiClient = createPluginAtomClient(OpenApiGroup, {
   baseUrl: getBaseUrl(),
 });
diff --git a/packages/plugins/openapi/src/react/plugin-client.tsx b/packages/plugins/openapi/src/react/plugin-client.tsx
new file mode 100644
index 000000000..310ff682f
--- /dev/null
+++ b/packages/plugins/openapi/src/react/plugin-client.tsx
@@ -0,0 +1,20 @@
+// ---------------------------------------------------------------------------
+// @executor-js/plugin-openapi/client — `defineClientPlugin` entry.
+//
+// Aggregates the openapi plugin's frontend contributions into a single
+// declarative spec. The host's Vite plugin reads this via
+// `virtual:executor/plugins-client`, so the host's sources page derives
+// the openapi entry from here without a direct `*/react` import.
+//
+// The richer add/edit/summary components still live in `./react`; this
+// module just imports them and bundles them into the spec.
+// ---------------------------------------------------------------------------
+
+import { defineClientPlugin } from "@executor-js/sdk/client";
+
+import { openApiSourcePlugin } from "./source-plugin";
+
+export default defineClientPlugin({
+  id: "openapi" as const,
+  sourcePlugin: openApiSourcePlugin,
+});
diff --git a/packages/plugins/openapi/src/react/source-plugin.ts b/packages/plugins/openapi/src/react/source-plugin.ts
index 3da2c111f..eec86fcec 100644
--- a/packages/plugins/openapi/src/react/source-plugin.ts
+++ b/packages/plugins/openapi/src/react/source-plugin.ts
@@ -1,5 +1,5 @@
 import { lazy } from "react";
-import type { SourcePlugin } from "@executor-js/react/plugins/source-plugin";
+import type { SourcePlugin } from "@executor-js/sdk/client";
 import { openApiPresets } from "../sdk/presets";
 
 export const openApiSourcePlugin: SourcePlugin = {
diff --git a/packages/plugins/openapi/src/sdk/plugin.ts b/packages/plugins/openapi/src/sdk/plugin.ts
index 76b3dd8c8..dddab6c22 100644
--- a/packages/plugins/openapi/src/sdk/plugin.ts
+++ b/packages/plugins/openapi/src/sdk/plugin.ts
@@ -1,6 +1,9 @@
 import { Effect, Option, Schema } from "effect";
-import { FetchHttpClient, HttpClient } from "effect/unstable/http";
 import type { Layer } from "effect";
+import { FetchHttpClient, HttpClient } from "effect/unstable/http";
+
+import { OpenApiGroup } from "../api/group";
+import { OpenApiExtensionService, OpenApiHandlers } from "../api/handlers";
 
 import {
   ConnectionId,
@@ -576,13 +579,7 @@ const toOpenApiSourceConfig = (
 
 const isHttpUrl = (s: string): boolean => s.startsWith("http://") || s.startsWith("https://");
 
-export const openApiPlugin = definePlugin<
-  "openapi",
-  OpenApiPluginExtension,
-  OpenapiStore,
-  typeof openapiSchema,
-  OpenApiPluginOptions
->((options?: OpenApiPluginOptions) => {
+export const openApiPlugin = definePlugin((options?: OpenApiPluginOptions) => {
   const httpClientLayer = options?.httpClientLayer ?? FetchHttpClient.layer;
 
   type RebuildInput = {
@@ -734,6 +731,7 @@ export const openApiPlugin = definePlugin<
 
   return {
     id: "openapi" as const,
+    packageName: "@executor-js/plugin-openapi",
     schema: openapiSchema,
     storage: (deps): OpenapiStore => makeDefaultOpenapiStore(deps),
 
@@ -1070,5 +1068,14 @@ export const openApiPlugin = definePlugin<
           namespace,
         });
       }),
+
+    // HTTP transport. `OpenApiHandlers` is the existing late-binding
+    // Layer that requires `OpenApiExtensionService`; the host satisfies
+    // it via the spec's `extensionService` Tag — at boot for local
+    // (`composePluginHandlers(plugins, executor)`), per-request for
+    // cloud (`providePluginExtensions(plugins)(executor)`).
+    routes: () => OpenApiGroup,
+    handlers: () => OpenApiHandlers,
+    extensionService: OpenApiExtensionService,
   };
 });
diff --git a/packages/plugins/workos-vault/package.json b/packages/plugins/workos-vault/package.json
index 7108cb8a2..94d5bd8de 100644
--- a/packages/plugins/workos-vault/package.json
+++ b/packages/plugins/workos-vault/package.json
@@ -18,7 +18,8 @@
   "exports": {
     ".": "./src/sdk/index.ts",
     "./promise": "./src/promise.ts",
-    "./react": "./src/react/index.ts"
+    "./react": "./src/react/index.ts",
+    "./client": "./src/react/plugin-client.tsx"
   },
   "publishConfig": {
     "access": "public",
diff --git a/packages/plugins/workos-vault/src/react/plugin-client.tsx b/packages/plugins/workos-vault/src/react/plugin-client.tsx
new file mode 100644
index 000000000..2d76439c0
--- /dev/null
+++ b/packages/plugins/workos-vault/src/react/plugin-client.tsx
@@ -0,0 +1,8 @@
+import { defineClientPlugin } from "@executor-js/sdk/client";
+
+import { workosVaultSecretProviderPlugin } from "./secret-provider-plugin";
+
+export default defineClientPlugin({
+  id: "workosVault" as const,
+  secretProviderPlugin: workosVaultSecretProviderPlugin,
+});
diff --git a/packages/plugins/workos-vault/src/react/secret-provider-plugin.ts b/packages/plugins/workos-vault/src/react/secret-provider-plugin.ts
index 568d9cc68..e64e33c87 100644
--- a/packages/plugins/workos-vault/src/react/secret-provider-plugin.ts
+++ b/packages/plugins/workos-vault/src/react/secret-provider-plugin.ts
@@ -1,5 +1,5 @@
 import { lazy } from "react";
-import type { SecretProviderPlugin } from "@executor-js/react/plugins/secret-provider-plugin";
+import type { SecretProviderPlugin } from "@executor-js/sdk/client";
 
 export const workosVaultSecretProviderPlugin: SecretProviderPlugin = {
   key: "workosVault",
diff --git a/packages/plugins/workos-vault/src/sdk/plugin.ts b/packages/plugins/workos-vault/src/sdk/plugin.ts
index b9f9f2dff..077aad260 100644
--- a/packages/plugins/workos-vault/src/sdk/plugin.ts
+++ b/packages/plugins/workos-vault/src/sdk/plugin.ts
@@ -63,6 +63,7 @@ const buildClient = (
 export const workosVaultPlugin = definePlugin(
   (options?: WorkOSVaultPluginOptions) => ({
     id: "workosVault" as const,
+    packageName: "@executor-js/plugin-workos-vault",
     schema: workosVaultSchema,
     storage: (deps): WorkosVaultPluginStore => makeWorkosVaultStore(deps),
 
diff --git a/packages/react/src/components/command-palette.tsx b/packages/react/src/components/command-palette.tsx
index 1082a089b..917636309 100644
--- a/packages/react/src/components/command-palette.tsx
+++ b/packages/react/src/components/command-palette.tsx
@@ -6,7 +6,7 @@ import { PlusIcon } from "lucide-react";
 import { SourceFavicon } from "./source-favicon";
 import { sourcesAtom } from "../api/atoms";
 import { useScope } from "../hooks/use-scope";
-import type { SourcePlugin } from "../plugins/source-plugin";
+import { useSourcePlugins } from "@executor-js/sdk/client";
 import {
   CommandDialog,
   CommandEmpty,
@@ -27,8 +27,8 @@ import {
 //   3. Popular sources (plugin presets)
 // ---------------------------------------------------------------------------
 
-export function CommandPalette(props: { sourcePlugins: readonly SourcePlugin[] }) {
-  const { sourcePlugins } = props;
+export function CommandPalette() {
+  const sourcePlugins = useSourcePlugins();
   const [open, setOpen] = useState(false);
   const navigate = useNavigate();
   const scopeId = useScope();
diff --git a/packages/react/src/pages/secrets.tsx b/packages/react/src/pages/secrets.tsx
index 46a6720ce..be9adb754 100644
--- a/packages/react/src/pages/secrets.tsx
+++ b/packages/react/src/pages/secrets.tsx
@@ -3,7 +3,7 @@ import { useAtomValue, useAtomSet } from "@effect/atom-react";
 import * as AsyncResult from "effect/unstable/reactivity/AsyncResult";
 import { secretsAtom, setSecret, removeSecret } from "../api/atoms";
 import { secretWriteKeys } from "../api/reactivity-keys";
-import type { SecretProviderPlugin } from "../plugins/secret-provider-plugin";
+import { useSecretProviderPlugins } from "@executor-js/sdk/client";
 import { SecretId } from "@executor-js/sdk";
 import { useScope } from "../hooks/use-scope";
 import {
@@ -280,7 +280,6 @@ function SecretRow(props: {
 export function SecretsPage(props: {
   addSecretDescription?: string;
   showProviderInfo?: boolean;
-  secretProviderPlugins: readonly SecretProviderPlugin[];
   storageOptions?: readonly SecretStorageOption[];
 }) {
   const storageOptions = props.storageOptions ?? defaultStorageOptions;
@@ -288,7 +287,7 @@ export function SecretsPage(props: {
   const addSecretDescription =
     props.addSecretDescription ??
     "Store a credential or API key. Values are kept in your system keychain when available, with a local encrypted file fallback.";
-  const { secretProviderPlugins } = props;
+  const secretProviderPlugins = useSecretProviderPlugins();
   const [addOpen, setAddOpen] = useState(false);
   const scopeId = useScope();
   const secrets = useAtomValue(secretsAtom(scopeId));
diff --git a/packages/react/src/pages/source-detail.tsx b/packages/react/src/pages/source-detail.tsx
index 0ff193361..8ab2d5b9b 100644
--- a/packages/react/src/pages/source-detail.tsx
+++ b/packages/react/src/pages/source-detail.tsx
@@ -17,16 +17,14 @@ import { ToolDetail, ToolDetailEmpty } from "../components/tool-detail";
 import type { ToolSummary } from "../components/tool-tree";
 import { useScope } from "../hooks/use-scope";
 import { usePolicyActions } from "../hooks/use-policy-actions";
-import type { SourcePlugin } from "../plugins/source-plugin";
+import { useSourcePlugins } from "@executor-js/sdk/client";
 import { Button } from "../components/button";
 import { Badge } from "../components/badge";
 import { Skeleton } from "../components/skeleton";
 
-export function SourceDetailPage(props: {
-  namespace: string;
-  sourcePlugins?: readonly SourcePlugin[];
-}) {
-  const { namespace, sourcePlugins } = props;
+export function SourceDetailPage(props: { namespace: string }) {
+  const { namespace } = props;
+  const sourcePlugins = useSourcePlugins();
   const scopeId = useScope();
   const source = useAtomValue(sourceAtom(namespace, scopeId));
   const tools = useAtomValue(sourceToolsAtom(namespace, scopeId));
@@ -64,7 +62,7 @@ export function SourceDetailPage(props: {
 
   // Find the plugin edit component based on source kind
   const editPlugin = useMemo(() => {
-    if (!sourceData || !sourcePlugins) return null;
+    if (!sourceData) return null;
     return sourcePlugins.find((p) => p.key === sourceData.kind) ?? null;
   }, [sourceData, sourcePlugins]);
 
diff --git a/packages/react/src/pages/sources-add.tsx b/packages/react/src/pages/sources-add.tsx
index 7eb663a7b..86c8a151c 100644
--- a/packages/react/src/pages/sources-add.tsx
+++ b/packages/react/src/pages/sources-add.tsx
@@ -1,6 +1,6 @@
 import { Suspense } from "react";
 import { Link, useNavigate } from "@tanstack/react-router";
-import type { SourcePlugin } from "../plugins/source-plugin";
+import { useSourcePlugins } from "@executor-js/sdk/client";
 
 // ---------------------------------------------------------------------------
 // Page
@@ -11,10 +11,10 @@ export function SourcesAddPage(props: {
   url?: string;
   preset?: string;
   namespace?: string;
-  sourcePlugins: readonly SourcePlugin[];
 }) {
-  const { pluginKey, url, preset, namespace, sourcePlugins } = props;
+  const { pluginKey, url, preset, namespace } = props;
   const navigate = useNavigate();
+  const sourcePlugins = useSourcePlugins();
 
   const plugin = sourcePlugins.find((p) => p.key === pluginKey);
 
diff --git a/packages/react/src/pages/sources.tsx b/packages/react/src/pages/sources.tsx
index 8f2b8c137..14a25fe7c 100644
--- a/packages/react/src/pages/sources.tsx
+++ b/packages/react/src/pages/sources.tsx
@@ -3,10 +3,14 @@ import { Link, useNavigate } from "@tanstack/react-router";
 import { useAtomSet } from "@effect/atom-react";
 import * as AsyncResult from "effect/unstable/reactivity/AsyncResult";
 import type { SourceDetectionResult } from "@executor-js/sdk";
+import {
+  useSourcePlugins,
+  type SourcePlugin,
+  type SourcePreset,
+} from "@executor-js/sdk/client";
 import { detectSource } from "../api/atoms";
 import { useSourcesWithPending } from "../api/optimistic";
 import { useScope } from "../hooks/use-scope";
-import type { SourcePlugin, SourcePreset } from "../plugins/source-plugin";
 import { McpInstallCard } from "../components/mcp-install-card";
 import { Button } from "../components/button";
 import { Badge } from "../components/badge";
@@ -48,8 +52,8 @@ const bestDetection = (
 // Page
 // ---------------------------------------------------------------------------
 
-export function SourcesPage(props: { sourcePlugins: readonly SourcePlugin[] }) {
-  const { sourcePlugins } = props;
+export function SourcesPage() {
+  const sourcePlugins = useSourcePlugins();
   const [url, setUrl] = useState("");
   const [detecting, setDetecting] = useState(false);
   const [error, setError] = useState<string | null>(null);
@@ -199,7 +203,7 @@ export function SourcesPage(props: { sourcePlugins: readonly SourcePlugin[] }) {
               <div className="mb-8 space-y-8">
                 {connectedSources.length > 0 && (
                   <section className="space-y-3">
-                    <SourceGrid sources={connectedSources} sourcePlugins={sourcePlugins} />
+                    <SourceGrid sources={connectedSources} />
                   </section>
                 )}
               </div>
@@ -209,7 +213,7 @@ export function SourcesPage(props: { sourcePlugins: readonly SourcePlugin[] }) {
 
         <div className="mb-8 border-t border-border/50" />
 
-        <PresetGrid plugins={sourcePlugins} />
+        <PresetGrid />
       </div>
     </div>
   );
@@ -225,10 +229,11 @@ type PresetEntry = {
   pluginLabel: string;
 };
 
-function PresetGrid(props: { plugins: readonly SourcePlugin[] }) {
+function PresetGrid() {
+  const plugins = useSourcePlugins();
   const allPresets = useMemo(() => {
     const entries: PresetEntry[] = [];
-    for (const plugin of props.plugins) {
+    for (const plugin of plugins) {
       for (const preset of plugin.presets ?? []) {
         entries.push({
           preset,
@@ -238,7 +243,7 @@ function PresetGrid(props: { plugins: readonly SourcePlugin[] }) {
       }
     }
     return entries;
-  }, [props.plugins]);
+  }, [plugins]);
 
   if (allPresets.length === 0) return null;
 
@@ -300,13 +305,13 @@ function SourceGrid(props: {
     url?: string;
     runtime?: boolean;
   }[];
-  sourcePlugins: readonly SourcePlugin[];
 }) {
+  const sourcePlugins = useSourcePlugins();
   const pluginByKind = useMemo(() => {
     const out = new Map<string, SourcePlugin>();
-    for (const p of props.sourcePlugins) out.set(p.key, p);
+    for (const p of sourcePlugins) out.set(p.key, p);
     return out;
-  }, [props.sourcePlugins]);
+  }, [sourcePlugins]);
 
   return (
     <CardStack searchable>
diff --git a/packages/react/src/plugins/secret-provider-plugin.tsx b/packages/react/src/plugins/secret-provider-plugin.tsx
deleted file mode 100644
index f25cb98a9..000000000
--- a/packages/react/src/plugins/secret-provider-plugin.tsx
+++ /dev/null
@@ -1,26 +0,0 @@
-import type { ComponentType } from "react";
-
-/**
- * Contract between the shell and secret provider plugins.
- *
- * The shell owns:
- * - Secrets page layout (list of secrets, add secret dialog)
- * - Common CRUD actions
- *
- * The plugin owns:
- * - Its settings/configuration UI (rendered as a card on the Secrets page)
- * - Any setup flows (e.g. vault discovery, auth config)
- */
-export interface SecretProviderPlugin {
-  /** Unique key matching the SDK plugin key (e.g. "onepassword") */
-  readonly key: string;
-
-  /** Display label (e.g. "1Password", "Vault") */
-  readonly label: string;
-
-  /**
-   * Settings card rendered on the Secrets page.
-   * Plugin controls the entire experience inside the card.
-   */
-  readonly settings: ComponentType<Record<string, never>>;
-}
diff --git a/packages/react/src/plugins/source-plugin.tsx b/packages/react/src/plugins/source-plugin.tsx
deleted file mode 100644
index 4173e70c7..000000000
--- a/packages/react/src/plugins/source-plugin.tsx
+++ /dev/null
@@ -1,94 +0,0 @@
-import type { ComponentType } from "react";
-
-/**
- * A curated preset — a well-known API/service that can be added with one click.
- * Each plugin provides its own presets.
- */
-export interface SourcePreset {
-  /** Unique id (e.g. "stripe", "github-graphql") */
-  readonly id: string;
-  /** Display name */
-  readonly name: string;
-  /** One-line description */
-  readonly summary: string;
-  /**
-   * URL passed as `initialUrl` to the add form.
-   * Omit for presets that don't use a URL (e.g. stdio MCP presets).
-   */
-  readonly url?: string;
-  /** Optional icon URL (favicon, logo) */
-  readonly icon?: string;
-  /** When true, this preset is shown in the top-level grid on the sources page. */
-  readonly featured?: boolean;
-}
-
-/**
- * Contract between the shell and source plugins.
- *
- * The shell owns:
- * - Source list page (renders all sources, common delete action, "add" button)
- * - Source detail chrome (title bar, edit/delete buttons)
- * - Routing between sources
- *
- * The plugin owns:
- * - Everything inside `add` (could be 1 step or a multi-step wizard)
- * - Everything inside `edit` (the config view for that source type)
- * - Optional `summary` for the source list item
- */
-export interface SourcePlugin {
-  /** Unique key matching the SDK plugin key (e.g. "openapi") */
-  readonly key: string;
-
-  /** Display label (e.g. "OpenAPI", "GraphQL") */
-  readonly label: string;
-
-  /**
-   * The "add source" flow.
-   * Plugin controls the entire experience.
-   * Call `onComplete` when done, `onCancel` to bail out.
-   * `initialUrl` is provided when the user arrived via URL auto-detection.
-   * `initialPreset` is provided when the user clicked a preset card.
-   */
-  readonly add: ComponentType<{
-    readonly onComplete: () => void;
-    readonly onCancel: () => void;
-    readonly initialUrl?: string;
-    readonly initialPreset?: string;
-    readonly initialNamespace?: string;
-  }>;
-
-  /**
-   * The source edit/detail view.
-   * Rendered inside the shell's detail chrome.
-   */
-  readonly edit: ComponentType<{
-    readonly sourceId: string;
-    readonly onSave: () => void;
-  }>;
-
-  /**
-   * Optional summary for the source list item.
-   * If not provided, the shell renders a default.
-   */
-  readonly summary?: ComponentType<{
-    readonly sourceId: string;
-    readonly variant?: "badge" | "panel";
-    readonly onAction?: () => void;
-  }>;
-
-  /**
-   * Optional top-bar action for signing in / reconnecting to the source.
-   * Rendered by the shell next to Edit when present. Plugins that don't
-   * support interactive sign-in (no OAuth etc.) simply omit this.
-   *
-   * Deliberately separate from `edit` — edit is source config, sign-in is
-   * the user-level connection lifecycle. A source can be valid-to-edit
-   * while its sign-in is expired / missing, and vice versa.
-   */
-  readonly signIn?: ComponentType<{
-    readonly sourceId: string;
-  }>;
-
-  /** Curated presets shown on the sources page for quick-add */
-  readonly presets?: readonly SourcePreset[];
-}