v1.4.12

Highlights

MCP sources honor upstream destructiveHint

MCP sources now read destructiveHint from upstream tool annotations. Tools marked destructive will require approval before running, surfaced via MCP elicitation. Refresh existing sources (or remove + re-add) to pick up annotations on tools added before this change.

Set tool policies from the Tools page

The local UI gains a Policies tab for managing approval rules, plus a per-row action menu on the Tools tree. Hover any tool or category and pick Always run / Require approval / Block / Clear — leaf rows save a rule for the exact tool id, group rows save a prefix.* wildcard. New rules are auto-placed by specificity so a freshly-added group rule never silently shadows an existing leaf rule. The same menu is available from the tool detail header and from any source-detail page.

Per-user OAuth for OpenAPI and MCP sources

OpenAPI and MCP sources now carry first-class Connections — a per-user sign-in state decoupled from the source definition itself.

• Save an OAuth2 OpenAPI or MCP source before signing in; users sign in later from the source page.
• Each connection refreshes independently, with concurrent refreshes deduped across the SDK. When a refresh can't recover, the SDK surfaces an explicit reauth-required signal instead of silently failing.
• The Edit OpenAPI Source page has a new Connections pane showing every user who has signed in and their status. Each source in the sidebar now shows a live connection badge.
• Existing OpenAPI + MCP + google-discovery OAuth rows migrate into Connections automatically on first launch — no user action required.

OpenAPI: client-credentials, non-JSON bodies, source refresh

• Full OAuth2 client-credentials flow end-to-end.
• Non-JSON request bodies dispatch correctly by content type; Executor honors OAS3 encoding and multi-content operations, and lets the caller pick which content type to send.
• Relative OAuth2 URLs resolve against the source's baseUrl.
• Refresh a source by re-fetching its origin URL from the edit page.

Layered scope isolation

Multi-tenant deployments get a proper security primitive. Every read and write now passes through a layered ScopeStack, with the write scope declared explicitly. Plugins have adopted the API; the UI exposes it via CreatableSecretPicker; and WorkOS sources enforce tenant-ownership on every access. Per-scope blob and secret lookups are batched into single IN queries, so the extra check doesn't cost a round-trip.

Natural CLI for tool discovery and invocation

Call tools by path instead of writing TypeScript:

executor call github issues create '{"owner":"octocat","repo":"Hello-World","title":"Hi"}'
executor tools search "send email"
executor tools sources
executor tools describe github.issues.create

executor call <path> --help browses namespaces → resources → methods, with --match <text> --limit <n> to narrow huge namespaces. Errors are normalized for agent consumption, and the resume / help UX is cleaner for non-interactive flows.

Daemon lifecycle

executor daemon run
executor daemon status
executor daemon stop
executor daemon restart

executor call, executor resume, and executor tools … auto-start a local daemon if one isn't running. The daemon pointer is scope-aware, and if the default port is busy the CLI transparently picks an open one — so two projects can run side-by-side without collisions.

executor daemon run now backgrounds by default. Pass --foreground to keep it attached for log inspection.

OpenTelemetry everywhere

Tool dispatch, plugins, storage, schema, and transport are now fully instrumented with OTEL spans, and the runtime is threaded through dispatch so spans actually export in all runtimes.

New presets

• Notion is now a featured MCP preset.

Performance

• buildExecuteDescription no longer calls executor.tools.list, making tool-description generation measurably faster on large workspaces.
• Per-scope blob and secret lookups now use a single IN query instead of N per-scope round-trips.

Fixes

• Upgrade: preserve legacy OAuth connection backfills after the connection.kind column is removed.
• OpenAPI: refreshing or editing sources with legacy inline secret/OAuth config now materializes the new source binding rows instead of dropping credentials.
• Keychain: skip provider registration when the OS backend is unreachable (no more startup failure when running headless on Linux without a keyring).
• Local server: return 404 for missing static assets instead of serving HTML.
• Tests: Windows compatibility across the suite.

Breaking changes

executor call no longer accepts inline code

The old TypeScript-as-argument forms are gone:

executor call '<code>'
executor call --file script.ts
executor call --stdin

Migrate to explicit tool paths:

# before
executor call 'return await tools.github.issues.list({ owner, repo })'
# after
executor call github issues list '{"owner":"octocat","repo":"Hello-World"}'

tools.discover(...) becomes executor tools search "<query>".

sources.add CLI form simplified

Use the dedicated tool:

executor call openapi addSource '{
  "spec": "https://petstore3.swagger.io/api/v3/openapi.json",
  "namespace": "petstore",
  "baseUrl": "https://petstore3.swagger.io/api/v3"
}'

Pass baseUrl when the OpenAPI document has relative servers entries.

SDK: layered scope

Every SDK write now takes an explicit scope. If you have plugins or host code calling the SDK directly, they'll need to adopt the new layered-scope API (see the in-tree plugins for reference — they've all been migrated). This does not affect users of the CLI or web UI.

v1.4.11

Highlights

Per-user OAuth for OpenAPI and MCP sources

OpenAPI and MCP sources now carry first-class Connections — a per-user sign-in state decoupled from the source definition itself.

• Save an OAuth2 OpenAPI or MCP source before signing in; users sign in later from the source page.
• Each connection refreshes independently, with concurrent refreshes deduped across the SDK. When a refresh can't recover, the SDK surfaces an explicit reauth-required signal instead of silently failing.
• The Edit OpenAPI Source page has a new Connections pane showing every user who has signed in and their status. Each source in the sidebar now shows a live connection badge.
• Existing OpenAPI + MCP + google-discovery OAuth rows migrate into Connections automatically on first launch — no user action required.

OpenAPI: client-credentials, non-JSON bodies, source refresh

• Full OAuth2 client-credentials flow end-to-end.
• Non-JSON request bodies dispatch correctly by content type; Executor honors OAS3 encoding and multi-content operations, and lets the caller pick which content type to send.
• Relative OAuth2 URLs resolve against the source's baseUrl.
• Refresh a source by re-fetching its origin URL from the edit page.

Layered scope isolation

Multi-tenant deployments get a proper security primitive. Every read and write now passes through a layered ScopeStack, with the write scope declared explicitly. Plugins have adopted the API; the UI exposes it via CreatableSecretPicker; and WorkOS sources enforce tenant-ownership on every access. Per-scope blob and secret lookups are batched into single IN queries, so the extra check doesn't cost a round-trip.

Natural CLI for tool discovery and invocation

Call tools by path instead of writing TypeScript:

executor call github issues create '{"owner":"octocat","repo":"Hello-World","title":"Hi"}'
executor tools search "send email"
executor tools sources
executor tools describe github.issues.create

executor call <path> --help browses namespaces → resources → methods, with --match <text> --limit <n> to narrow huge namespaces. Errors are normalized for agent consumption, and the resume / help UX is cleaner for non-interactive flows.

Daemon lifecycle

executor daemon run
executor daemon status
executor daemon stop
executor daemon restart

executor call, executor resume, and executor tools … auto-start a local daemon if one isn't running. The daemon pointer is scope-aware, and if the default port is busy the CLI transparently picks an open one — so two projects can run side-by-side without collisions.

executor daemon run now backgrounds by default. Pass --foreground to keep it attached for log inspection.

OpenTelemetry everywhere

Tool dispatch, plugins, storage, schema, and transport are now fully instrumented with OTEL spans, and the runtime is threaded through dispatch so spans actually export in all runtimes.

New presets

• Notion is now a featured MCP preset.

Performance

• buildExecuteDescription no longer calls executor.tools.list, making tool-description generation measurably faster on large workspaces.
• Per-scope blob and secret lookups now use a single IN query instead of N per-scope round-trips.

Fixes

• Upgrade: preserve legacy OAuth connection backfills after the connection.kind column is removed.
• OpenAPI: refreshing or editing sources with legacy inline secret/OAuth config now materializes the new source binding rows instead of dropping credentials.
• Keychain: skip provider registration when the OS backend is unreachable (no more startup failure when running headless on Linux without a keyring).
• Local server: return 404 for missing static assets instead of serving HTML.
• Tests: Windows compatibility across the suite.

Breaking changes

executor call no longer accepts inline code

The old TypeScript-as-argument forms are gone:

executor call '<code>'
executor call --file script.ts
executor call --stdin

Migrate to explicit tool paths:

# before
executor call 'return await tools.github.issues.list({ owner, repo })'
# after
executor call github issues list '{"owner":"octocat","repo":"Hello-World"}'

tools.discover(...) becomes executor tools search "<query>".

sources.add CLI form simplified

Use the dedicated tool:

executor call openapi addSource '{
  "spec": "https://petstore3.swagger.io/api/v3/openapi.json",
  "namespace": "petstore",
  "baseUrl": "https://petstore3.swagger.io/api/v3"
}'

Pass baseUrl when the OpenAPI document has relative servers entries.

SDK: layered scope

Every SDK write now takes an explicit scope. If you have plugins or host code calling the SDK directly, they'll need to adopt the new layered-scope API (see the in-tree plugins for reference — they've all been migrated). This does not affect users of the CLI or web UI.

v1.4.10

Highlights

Per-user OAuth for OpenAPI and MCP sources

OpenAPI and MCP sources now carry first-class Connections — a per-user sign-in state decoupled from the source definition itself.

• Save an OAuth2 OpenAPI or MCP source before signing in; users sign in later from the source page.
• Each connection refreshes independently, with concurrent refreshes deduped across the SDK. When a refresh can't recover, the SDK surfaces an explicit reauth-required signal instead of silently failing.
• The Edit OpenAPI Source page has a new Connections pane showing every user who has signed in and their status. Each source in the sidebar now shows a live connection badge.
• Existing OpenAPI + MCP + google-discovery OAuth rows migrate into Connections automatically on first launch — no user action required.

OpenAPI: client-credentials, non-JSON bodies, source refresh

• Full OAuth2 client-credentials flow end-to-end.
• Non-JSON request bodies dispatch correctly by content type; Executor honors OAS3 encoding and multi-content operations, and lets the caller pick which content type to send.
• Relative OAuth2 URLs resolve against the source's baseUrl.
• Refresh a source by re-fetching its origin URL from the edit page.

Layered scope isolation

Multi-tenant deployments get a proper security primitive. Every read and write now passes through a layered ScopeStack, with the write scope declared explicitly. Plugins have adopted the API; the UI exposes it via CreatableSecretPicker; and WorkOS sources enforce tenant-ownership on every access. Per-scope blob and secret lookups are batched into single IN queries, so the extra check doesn't cost a round-trip.

Natural CLI for tool discovery and invocation

Call tools by path instead of writing TypeScript:

executor call github issues create '{"owner":"octocat","repo":"Hello-World","title":"Hi"}'
executor tools search "send email"
executor tools sources
executor tools describe github.issues.create

executor call <path> --help browses namespaces → resources → methods, with --match <text> --limit <n> to narrow huge namespaces. Errors are normalized for agent consumption, and the resume / help UX is cleaner for non-interactive flows.

Daemon lifecycle

executor daemon run
executor daemon status
executor daemon stop
executor daemon restart

executor call, executor resume, and executor tools … auto-start a local daemon if one isn't running. The daemon pointer is scope-aware, and if the default port is busy the CLI transparently picks an open one — so two projects can run side-by-side without collisions.

executor daemon run now backgrounds by default. Pass --foreground to keep it attached for log inspection.

OpenTelemetry everywhere

Tool dispatch, plugins, storage, schema, and transport are now fully instrumented with OTEL spans, and the runtime is threaded through dispatch so spans actually export in all runtimes.

New presets

• Notion is now a featured MCP preset.

Performance

• buildExecuteDescription no longer calls executor.tools.list, making tool-description generation measurably faster on large workspaces.
• Per-scope blob and secret lookups now use a single IN query instead of N per-scope round-trips.

Fixes

• Upgrade: preserve legacy OAuth connection backfills after the connection.kind column is removed.
• OpenAPI: refreshing or editing sources with legacy inline secret/OAuth config now materializes the new source binding rows instead of dropping credentials.
• Keychain: skip provider registration when the OS backend is unreachable (no more startup failure when running headless on Linux without a keyring).
• Local server: return 404 for missing static assets instead of serving HTML.
• Tests: Windows compatibility across the suite.

Breaking changes

executor call no longer accepts inline code

The old TypeScript-as-argument forms are gone:

executor call '<code>'
executor call --file script.ts
executor call --stdin

Migrate to explicit tool paths:

# before
executor call 'return await tools.github.issues.list({ owner, repo })'
# after
executor call github issues list '{"owner":"octocat","repo":"Hello-World"}'

tools.discover(...) becomes executor tools search "<query>".

sources.add CLI form simplified

Use the dedicated tool:

executor call openapi addSource '{
  "spec": "https://petstore3.swagger.io/api/v3/openapi.json",
  "namespace": "petstore",
  "baseUrl": "https://petstore3.swagger.io/api/v3"
}'

Pass baseUrl when the OpenAPI document has relative servers entries.

SDK: layered scope

Every SDK write now takes an explicit scope. If you have plugins or host code calling the SDK directly, they'll need to adopt the new layered-scope API (see the in-tree plugins for reference — they've all been migrated). This does not affect users of the CLI or web UI.

v1.4.9

Highlights

Per-user OAuth for OpenAPI and MCP sources

OpenAPI and MCP sources now carry first-class Connections — a per-user sign-in state decoupled from the source definition itself.

• Save an OAuth2 OpenAPI or MCP source before signing in; users sign in later from the source page.
• Each connection refreshes independently, with concurrent refreshes deduped across the SDK. When a refresh can't recover, the SDK surfaces an explicit reauth-required signal instead of silently failing.
• The Edit OpenAPI Source page has a new Connections pane showing every user who has signed in and their status. Each source in the sidebar now shows a live connection badge.
• Existing OpenAPI + MCP + google-discovery OAuth rows migrate into Connections automatically on first launch — no user action required.

OpenAPI: client-credentials, non-JSON bodies, source refresh

• Full OAuth2 client-credentials flow end-to-end.
• Non-JSON request bodies dispatch correctly by content type; Executor honors OAS3 encoding and multi-content operations, and lets the caller pick which content type to send.
• Relative OAuth2 URLs resolve against the source's baseUrl.
• Refresh a source by re-fetching its origin URL from the edit page.

Layered scope isolation

Multi-tenant deployments get a proper security primitive. Every read and write now passes through a layered ScopeStack, with the write scope declared explicitly. Plugins have adopted the API; the UI exposes it via CreatableSecretPicker; and WorkOS sources enforce tenant-ownership on every access. Per-scope blob and secret lookups are batched into single IN queries, so the extra check doesn't cost a round-trip.

Natural CLI for tool discovery and invocation

Call tools by path instead of writing TypeScript:

executor call github issues create '{"owner":"octocat","repo":"Hello-World","title":"Hi"}'
executor tools search "send email"
executor tools sources
executor tools describe github.issues.create

executor call <path> --help browses namespaces → resources → methods, with --match <text> --limit <n> to narrow huge namespaces. Errors are normalized for agent consumption, and the resume / help UX is cleaner for non-interactive flows.

Daemon lifecycle

executor daemon run
executor daemon status
executor daemon stop
executor daemon restart

executor call, executor resume, and executor tools … auto-start a local daemon if one isn't running. The daemon pointer is scope-aware, and if the default port is busy the CLI transparently picks an open one — so two projects can run side-by-side without collisions.

OpenTelemetry everywhere

Tool dispatch, plugins, storage, schema, and transport are now fully instrumented with OTEL spans, and the runtime is threaded through dispatch so spans actually export in all runtimes.

New presets

• Notion is now a featured MCP preset.

Performance

• buildExecuteDescription no longer calls executor.tools.list, making tool-description generation measurably faster on large workspaces.
• Per-scope blob and secret lookups now use a single IN query instead of N per-scope round-trips.

Fixes

• Upgrade: preserve legacy OAuth connection backfills after the connection.kind column is removed.
• OpenAPI: refreshing or editing sources with legacy inline secret/OAuth config now materializes the new source binding rows instead of dropping credentials.
• Keychain: skip provider registration when the OS backend is unreachable (no more startup failure when running headless on Linux without a keyring).
• Local server: return 404 for missing static assets instead of serving HTML.
• Tests: Windows compatibility across the suite.

Breaking changes

executor call no longer accepts inline code

The old TypeScript-as-argument forms are gone:

executor call '<code>'
executor call --file script.ts
executor call --stdin

Migrate to explicit tool paths:

# before
executor call 'return await tools.github.issues.list({ owner, repo })'
# after
executor call github issues list '{"owner":"octocat","repo":"Hello-World"}'

tools.discover(...) becomes executor tools search "<query>".

sources.add CLI form simplified

Use the dedicated tool:

executor call openapi addSource '{
  "spec": "https://petstore3.swagger.io/api/v3/openapi.json",
  "namespace": "petstore",
  "baseUrl": "https://petstore3.swagger.io/api/v3"
}'

Pass baseUrl when the OpenAPI document has relative servers entries.

SDK: layered scope

Every SDK write now takes an explicit scope. If you have plugins or host code calling the SDK directly, they'll need to adopt the new layered-scope API (see the in-tree plugins for reference — they've all been migrated). This does not affect users of the CLI or web UI.

v1.4.8

Highlights

Per-user OAuth for OpenAPI and MCP sources

OpenAPI and MCP sources now carry first-class Connections — a per-user sign-in state decoupled from the source definition itself.

• Save an OAuth2 OpenAPI or MCP source before signing in; users sign in later from the source page.
• Each connection refreshes independently, with concurrent refreshes deduped across the SDK. When a refresh can't recover, the SDK surfaces an explicit reauth-required signal instead of silently failing.
• The Edit OpenAPI Source page has a new Connections pane showing every user who has signed in and their status. Each source in the sidebar now shows a live connection badge.
• Existing OpenAPI + MCP + google-discovery OAuth rows migrate into Connections automatically on first launch — no user action required.

OpenAPI: client-credentials, non-JSON bodies, source refresh

• Full OAuth2 client-credentials flow end-to-end.
• Non-JSON request bodies dispatch correctly by content type; Executor honors OAS3 encoding and multi-content operations, and lets the caller pick which content type to send.
• Relative OAuth2 URLs resolve against the source's baseUrl.
• Refresh a source by re-fetching its origin URL from the edit page.

Layered scope isolation

Multi-tenant deployments get a proper security primitive. Every read and write now passes through a layered ScopeStack, with the write scope declared explicitly. Plugins have adopted the API; the UI exposes it via CreatableSecretPicker; and WorkOS sources enforce tenant-ownership on every access. Per-scope blob and secret lookups are batched into single IN queries, so the extra check doesn't cost a round-trip.

Natural CLI for tool discovery and invocation

Call tools by path instead of writing TypeScript:

executor call github issues create '{"owner":"octocat","repo":"Hello-World","title":"Hi"}'
executor tools search "send email"
executor tools sources
executor tools describe github.issues.create

executor call <path> --help browses namespaces → resources → methods, with --match <text> --limit <n> to narrow huge namespaces. Errors are normalized for agent consumption, and the resume / help UX is cleaner for non-interactive flows.

Daemon lifecycle

executor daemon run
executor daemon status
executor daemon stop
executor daemon restart

executor call, executor resume, and executor tools … auto-start a local daemon if one isn't running. The daemon pointer is scope-aware, and if the default port is busy the CLI transparently picks an open one — so two projects can run side-by-side without collisions.

OpenTelemetry everywhere

Tool dispatch, plugins, storage, schema, and transport are now fully instrumented with OTEL spans, and the runtime is threaded through dispatch so spans actually export in all runtimes.

New presets

• Notion is now a featured MCP preset.

Performance

• buildExecuteDescription no longer calls executor.tools.list, making tool-description generation measurably faster on large workspaces.
• Per-scope blob and secret lookups now use a single IN query instead of N per-scope round-trips.

Fixes

• Keychain: skip provider registration when the OS backend is unreachable (no more startup failure when running headless on Linux without a keyring).
• Local server: return 404 for missing static assets instead of serving HTML.
• Tests: Windows compatibility across the suite.

Breaking changes

executor call no longer accepts inline code

The old TypeScript-as-argument forms are gone:

executor call '<code>'
executor call --file script.ts
executor call --stdin

Migrate to explicit tool paths:

# before
executor call 'return await tools.github.issues.list({ owner, repo })'
# after
executor call github issues list '{"owner":"octocat","repo":"Hello-World"}'

tools.discover(...) becomes executor tools search "<query>".

sources.add CLI form simplified

Use the dedicated tool:

executor call openapi addSource '{
  "spec": "https://petstore3.swagger.io/api/v3/openapi.json",
  "namespace": "petstore",
  "baseUrl": "https://petstore3.swagger.io/api/v3"
}'

Pass baseUrl when the OpenAPI document has relative servers entries.

SDK: layered scope

Every SDK write now takes an explicit scope. If you have plugins or host code calling the SDK directly, they'll need to adopt the new layered-scope API (see the in-tree plugins for reference — they've all been migrated). This does not affect users of the CLI or web UI.

v1.4.7

What's Changed

• [codex] simplify cloud org switching by @RhysSullivan in #233
• [codex] Allow underscores while editing source namespaces by @heyglassy in #231
• [codex] Right-align inline secret creation actions by @heyglassy in #232
• Rework cloud org flow: onboarding page + live membership check by @RhysSullivan in #234
• Track MCP tool executions in Autumn billing by @RhysSullivan in #237
• Replace loading text with skeletons in cloud shell by @RhysSullivan in #239
• Disable MCP stdio transport by default by @RhysSullivan in #238
• Remove google-discovery plugin from cloud app by @RhysSullivan in #240
• Support OpenAPI server variables during onboarding by @RhysSullivan in #246
• [codex] Refactor dynamic worker error transport with Effect causes by @heyglassy in #244
• Extract @executor/plugin-oauth2 shared helpers by @RhysSullivan in #247
• Add OAuth popup UI utilities to @executor/plugin-oauth2 by @RhysSullivan in #248
• Add storeOAuthTokens + withRefreshedAccessToken refresh wrapper by @RhysSullivan in #249
• Extract OAuth2 flows from OpenAPI security schemes by @RhysSullivan in #250
• OpenAPI OAuth2 authorization-code onboarding backend by @RhysSullivan in #251
• OpenAPI OAuth2 onboarding UI by @RhysSullivan in #252
• chore: fix data storage by @RhysSullivan in #262
• Allow "Remote"-ing to Executor Web Dashboard by @therealsamyak in #261
• Fix OpenAI and Sentry icons in popular OpenAPI presets by @mrzmyr in #267
• feat: improve mcp install card layout by @mrzmyr in #269
• fix(openapi): use Workers-native fetch for spec URLs by @RhysSullivan in #270
• fix(storage): require createMany on CustomAdapter; drizzle issues chunked bulk INSERT by @RhysSullivan in #275
• perf(secrets): parallelize provider fan-out and header resolution by @RhysSullivan in #276
• fix(cloud): forward /api/sentry-tunnel to Sentry ingest by @RhysSullivan in #277
• test(cloud): exercise addSpec on the full Cloudflare spec through real postgres by @RhysSullivan in #278
• Declarative reactivity keys + optimistic source add by @RhysSullivan in #279
• cloud: wire Effect spans to Axiom via otel-cf-workers by @RhysSullivan in #280
• Polish secret creation UX in header-auth flow by @RhysSullivan in #283
• feat(release): publish execution, cli, and kernel packages to npm by @RhysSullivan in #284
• cloud: share executor stack between HTTP and MCP DO; wire DO telemetry by @RhysSullivan in #281
• Sort source list by name to stop optimistic-add jump by @RhysSullivan in #285
• feat(sdk): typed errors propagate to one edge mapping (StorageError, InternalError, Telemetry) by @RhysSullivan in #282
• execution: add Effect.fn spans for tool-call + code-exec boundaries by @RhysSullivan in #287
• cloud: /mcp on Effect HttpApp + full e2e coverage (workerd pool + real-port Miniflare + elicitation) by @RhysSullivan in #289
• cloud: restore McpSessionDO init/handleRequest span coverage + real-flow telemetry test by @RhysSullivan in #290
• cloud: fix DO telemetry export + rebuild env as lazy Proxy by @RhysSullivan in #291
• cloud: surface JSON-RPC protocol errors on mcp.request span by @RhysSullivan in #293
• ci(pkg-pr-new): skip preview binary build for fork PRs by @mrzmyr in #292
• cloud: expand MCP observability + flip engine to Effect-native by @RhysSullivan in #318
• fix(cloud): propagate OTEL trace context across worker→DO boundary by @RhysSullivan in #320
• Add graphite skill by @matiacone in #319
• Version Packages by @github-actions[bot] in #321

New Contributors

• @heyglassy made their first contribution in #231
• @therealsamyak made their first contribution in #261
• @matiacone made their first contribution in #319

Full Changelog: v1.4.6...v1.4.7

v1.4.7-beta.0

What's Changed

• [codex] simplify cloud org switching by @RhysSullivan in #233
• [codex] Allow underscores while editing source namespaces by @heyglassy in #231
• [codex] Right-align inline secret creation actions by @heyglassy in #232
• Rework cloud org flow: onboarding page + live membership check by @RhysSullivan in #234
• Track MCP tool executions in Autumn billing by @RhysSullivan in #237
• Replace loading text with skeletons in cloud shell by @RhysSullivan in #239
• Disable MCP stdio transport by default by @RhysSullivan in #238
• Remove google-discovery plugin from cloud app by @RhysSullivan in #240
• Support OpenAPI server variables during onboarding by @RhysSullivan in #246
• [codex] Refactor dynamic worker error transport with Effect causes by @heyglassy in #244
• Extract @executor/plugin-oauth2 shared helpers by @RhysSullivan in #247
• Add OAuth popup UI utilities to @executor/plugin-oauth2 by @RhysSullivan in #248
• Add storeOAuthTokens + withRefreshedAccessToken refresh wrapper by @RhysSullivan in #249
• Extract OAuth2 flows from OpenAPI security schemes by @RhysSullivan in #250
• OpenAPI OAuth2 authorization-code onboarding backend by @RhysSullivan in #251
• OpenAPI OAuth2 onboarding UI by @RhysSullivan in #252
• chore: fix data storage by @RhysSullivan in #262
• Allow "Remote"-ing to Executor Web Dashboard by @therealsamyak in #261
• Fix OpenAI and Sentry icons in popular OpenAPI presets by @mrzmyr in #267
• feat: improve mcp install card layout by @mrzmyr in #269
• fix(openapi): use Workers-native fetch for spec URLs by @RhysSullivan in #270
• fix(storage): require createMany on CustomAdapter; drizzle issues chunked bulk INSERT by @RhysSullivan in #275
• perf(secrets): parallelize provider fan-out and header resolution by @RhysSullivan in #276
• fix(cloud): forward /api/sentry-tunnel to Sentry ingest by @RhysSullivan in #277
• test(cloud): exercise addSpec on the full Cloudflare spec through real postgres by @RhysSullivan in #278
• Declarative reactivity keys + optimistic source add by @RhysSullivan in #279
• cloud: wire Effect spans to Axiom via otel-cf-workers by @RhysSullivan in #280
• Polish secret creation UX in header-auth flow by @RhysSullivan in #283
• feat(release): publish execution, cli, and kernel packages to npm by @RhysSullivan in #284
• cloud: share executor stack between HTTP and MCP DO; wire DO telemetry by @RhysSullivan in #281
• Sort source list by name to stop optimistic-add jump by @RhysSullivan in #285
• feat(sdk): typed errors propagate to one edge mapping (StorageError, InternalError, Telemetry) by @RhysSullivan in #282
• execution: add Effect.fn spans for tool-call + code-exec boundaries by @RhysSullivan in #287
• cloud: /mcp on Effect HttpApp + full e2e coverage (workerd pool + real-port Miniflare + elicitation) by @RhysSullivan in #289
• cloud: restore McpSessionDO init/handleRequest span coverage + real-flow telemetry test by @RhysSullivan in #290
• cloud: fix DO telemetry export + rebuild env as lazy Proxy by @RhysSullivan in #291
• cloud: surface JSON-RPC protocol errors on mcp.request span by @RhysSullivan in #293
• ci(pkg-pr-new): skip preview binary build for fork PRs by @mrzmyr in #292
• cloud: expand MCP observability + flip engine to Effect-native by @RhysSullivan in #318

New Contributors

• @heyglassy made their first contribution in #231
• @therealsamyak made their first contribution in #261

Full Changelog: v1.4.6...v1.4.7-beta.0

v1.4.6

What's Changed

• refactor(cloud): recompose API routing with Effect services by @RhysSullivan in #182
• fix(cloud): harden API/plugin error boundaries and prevent MCP leaks by @RhysSullivan in #183
• feat(sources): expose upstream url and render SourceFavicon by @mrzmyr in #167
• feat(react): add CardStack primitive and adopt it across surfaces by @mrzmyr in #165
• feat(react/mcp-install-card): show agent provider logos by @mrzmyr in #164
• feat(react): add global command palette (⌘K) by @mrzmyr in #168
• chore(repo): ignore MCP config file by @aryasaatvik in #193
• feat(cloud): domain verification, team management, and billing gate by @RhysSullivan in #195
• rename /team to /org and standardize Organization naming by @RhysSullivan in #197
• fix: standardize design system tokens and typography by @RhysSullivan in #198
• [codex] Move cloud secret values to WorkOS Vault by @RhysSullivan in #215
• fix(mcp,google-discovery): persist pending OAuth sessions via binding store by @RhysSullivan in #221
• refactor(openapi,graphql): store invocation config on source, not per-tool by @RhysSullivan in #222
• refactor(mcp): store source config once per namespace, not per binding by @RhysSullivan in #223
• feat(react): add UI primitives for source forms by @RhysSullivan in #216
• feat(sources): recover HeadersList + SourceIdentityFields stack into main by @RhysSullivan in #224
• fix: Windows compatibility across postinstall, desktop, plugins, and scripts by @mynameistito in #211
• Version Packages (beta) by @github-actions[bot] in #225
• feat(react): use favicon on connected source list items by @mrzmyr in #226
• feat(openapi): add Exa source presets by @mrzmyr in #228
• Version Packages by @github-actions[bot] in #230

New Contributors

• @mynameistito made their first contribution in #211

Full Changelog: v1.4.5...v1.4.6

v1.4.6-beta.0

What's Changed

• refactor(cloud): recompose API routing with Effect services by @RhysSullivan in #182
• fix(cloud): harden API/plugin error boundaries and prevent MCP leaks by @RhysSullivan in #183
• feat(sources): expose upstream url and render SourceFavicon by @mrzmyr in #167
• feat(react): add CardStack primitive and adopt it across surfaces by @mrzmyr in #165
• feat(react/mcp-install-card): show agent provider logos by @mrzmyr in #164
• feat(react): add global command palette (⌘K) by @mrzmyr in #168
• chore(repo): ignore MCP config file by @aryasaatvik in #193
• feat(cloud): domain verification, team management, and billing gate by @RhysSullivan in #195
• rename /team to /org and standardize Organization naming by @RhysSullivan in #197
• fix: standardize design system tokens and typography by @RhysSullivan in #198
• [codex] Move cloud secret values to WorkOS Vault by @RhysSullivan in #215
• fix(mcp,google-discovery): persist pending OAuth sessions via binding store by @RhysSullivan in #221
• refactor(openapi,graphql): store invocation config on source, not per-tool by @RhysSullivan in #222
• refactor(mcp): store source config once per namespace, not per binding by @RhysSullivan in #223
• feat(react): add UI primitives for source forms by @RhysSullivan in #216
• feat(sources): recover HeadersList + SourceIdentityFields stack into main by @RhysSullivan in #224
• fix: Windows compatibility across postinstall, desktop, plugins, and scripts by @mynameistito in #211
• Version Packages (beta) by @github-actions[bot] in #225

New Contributors

• @mynameistito made their first contribution in #211

Full Changelog: v1.4.5...v1.4.6-beta.0

v1.4.5

What's Changed

• Deploy cloud app to Cloudflare Workers by @RhysSullivan in #119
• Remove PGlite from cloud app by @RhysSullivan in #120
• Fix cloud app hanging on Cloudflare Workers by @RhysSullivan in #121
• Bulk insert/delete in Postgres tool registry by @RhysSullivan in #122
• Fix MCP elicitation detection and multi-resume hang by @RhysSullivan in #126
• Add Dynamic Workers runtime for cloud code execution by @RhysSullivan in #124
• Add cloud MCP server with WorkOS OAuth by @RhysSullivan in #128
• Remove lazy user/team provisioning from API request handler by @RhysSullivan in #129
• Rename team → organization, mirror minimally from WorkOS by @RhysSullivan in #130
• Upgrade WorkOS to v8, fix public auth handler socket reuse by @RhysSullivan in #134
• feat: add build mode flag and react-grab dev tooling by @aryasaatvik in #136
• fix: resolve typecheck errors across packages by @aryasaatvik in #139
• fix(storage-postgres): add dbCredentials to drizzle config by @aryasaatvik in #140
• Tighten HTTP error schemas, keep rich causes internally by @RhysSullivan in #137
• fix: harden oauth popup handshake by @aryasaatvik in #141
• Ship @executor-js/* beta from monorepo with promise wrapper by @RhysSullivan in #142
• feat(mcp): support manual headers for remote sources by @aryasaatvik in #135
• fix: resolve typecheck failures with proper Effect tagged errors by @RhysSullivan in #147
• chore(deps): add @types/node to promise-sdk workspace by @aryasaatvik in #148
• feat(openapi): add edit source configuration support by @RhysSullivan in #143
• feat(graphql): add edit source configuration support by @RhysSullivan in #144
• ci: add lint, typecheck, and test workflow by @RhysSullivan in #149
• feat(mcp): add edit source configuration support by @RhysSullivan in #145
• feat(google-discovery): add edit source configuration support by @RhysSullivan in #146
• Version Packages (beta) by @github-actions[bot] in #150
• feat: switch typecheck to tsgo (native TypeScript) by @RhysSullivan in #151
• fix: resolve CI test failures by @RhysSullivan in #153
• feat(cloud): add Autumn billing integration by @RhysSullivan in #152
• fix: resolve all lint errors and warnings by @RhysSullivan in #154
• feat: add react/forbid-elements lint rule by @RhysSullivan in #156
• feat(cloud): add team management page by @RhysSullivan in #157
• fix: two independent hanging-write bugs in the execution engine and local Bun server by @aryasaatvik in #158
• refactor(ui): adopt Badge component consistently by @mrzmyr in #163
• fix(plugins): correct and backfill preset icon URLs by @mrzmyr in #161
• feat: improve OpenAPI parser and source add flow by @RhysSullivan in #175
• feat(cloud): Sentry, Axiom telemetry, and observability fixes by @RhysSullivan in #174
• refactor: batch KV set and delete operations by @RhysSullivan in #173
• chore(ui): switch sans font from DM Sans to Inter by @mrzmyr in #160
• feat(react): high-contrast syntax highlighting with light/dark pair by @mrzmyr in #162
• fix(ci): typecheck and format fixes by @RhysSullivan in #176
• Version Packages (beta) by @github-actions[bot] in #177
• Version Packages by @github-actions[bot] in #178

New Contributors

• @mrzmyr made their first contribution in #163

Full Changelog: v1.4.4...v1.4.5