Surface overridden sources in sources.list, split sidebar by scope

[RhysSullivan]

The cloud workspace sidebar now splits into a Workspace section and a
Global section, with global sources that a workspace shadows rendered as
muted entries with an Overridden badge.

To make this possible, executor.sources.list() no longer drops shadowed
outer rows. Both the inner (effective) and outer (shadowed) rows ship
back, and the shadowed row carries overriddenBy: <innerScopeId> so the
UI can render the Overridden state without re-deriving the precedence
rule. Tool invocation continues to pick the innermost row (covered by
the existing tools.invoke picks the innermost tool ... test).

The same split lands on the standalone sources page. Local hosts run a
single-scope stack so the bucket render is gated on the presence of a
workspace_* entry in the scope stack.

Adds a node test that creates a workspace source shadowing a global one
and asserts both rows are returned with correct scopeId + overriddenBy
fields.

[RhysSullivan]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• Policies expose the full storage stack with target selector #513
• Visible credential target selector for secret writes; SDK Result import cleanup #512
• Reject source writes to personal scopes; visible target selector in add-source forms #511
• Surface overridden sources in sources.list, split sidebar by scope #510 👈 (View in Graphite)
• Add activeWriteScopeId to scope.info, expose useActiveWriteScopeId #509
• Add /:org/:workspace context for web and API #508
• WIP: move file routes under /$org and reshape auth.me #507 : 1 other dependent PR (#514 )
• Add scope-stack builders, URL-context resolver, workspace executor #506
• Add workspaces CRUD API under OrgHttpApi #505
• Cut over scope ids to deterministic prefixed form #504
• Add organizations.handle and workspaces table #503
• Add cloud id helpers: prefixed local ids, scope id constructors, handle slugifier #502
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	executor-marketing	6bc443a	Commit Preview URL Branch Preview URL	May 04 2026, 05:11 PM

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
✅ Deployment successful! View logs	executor-cloud	6bc443a	May 04 2026, 05:13 PM

[pkg-pr-new]

Open in StackBlitz

@executor-js/codemode-core

npm i https://pkg.pr.new/@executor-js/codemode-core@510

@executor-js/runtime-quickjs

npm i https://pkg.pr.new/@executor-js/runtime-quickjs@510

@executor-js/cli

npm i https://pkg.pr.new/@executor-js/cli@510

@executor-js/config

npm i https://pkg.pr.new/@executor-js/config@510

@executor-js/execution

npm i https://pkg.pr.new/@executor-js/execution@510

@executor-js/sdk

npm i https://pkg.pr.new/@executor-js/sdk@510

@executor-js/storage-core

npm i https://pkg.pr.new/@executor-js/storage-core@510

@executor-js/plugin-file-secrets

npm i https://pkg.pr.new/@executor-js/plugin-file-secrets@510

@executor-js/plugin-google-discovery

npm i https://pkg.pr.new/@executor-js/plugin-google-discovery@510

@executor-js/plugin-graphql

npm i https://pkg.pr.new/@executor-js/plugin-graphql@510

@executor-js/plugin-keychain

npm i https://pkg.pr.new/@executor-js/plugin-keychain@510

@executor-js/plugin-mcp

npm i https://pkg.pr.new/@executor-js/plugin-mcp@510

@executor-js/plugin-onepassword

npm i https://pkg.pr.new/@executor-js/plugin-onepassword@510

@executor-js/plugin-openapi

npm i https://pkg.pr.new/@executor-js/plugin-openapi@510

executor

npm i https://pkg.pr.new/executor@510

commit: 6bc443a