Release CLI 1.4.16

[RhysSullivan]

Summary

• Adds .changeset/executor-1.4.16.md ("executor": patch) to trigger the Version Packages PR for the CLI.
• Replaces stale apps/cli/release-notes/next.md (which described 1.4.15 stories) with curated 1.4.16 release notes scoped to what ships in the executor CLI binary (apps/cli, apps/local, packages/**). Cloud / marketing changes are intentionally excluded.

Highlights covered in next.md

• Unified credential bindings — CredentialBinding* SDK surface + drizzle 0007/0008/0010 cutover, shared credential slot UI primitives in @executor-js/react.
• New executor.usages SDK surface — powers "used in N places" UI and the SecretInUseError / ConnectionInUseError toasts.
• MCP probe robustness — bearer-auth detection, RFC 6750 body-accept, resource_metadata= 401 handling, 29-server live-snapshot regression suite, source-identity-keyed connection pool.
• TypeScript stripping in runtime-dynamic-worker and runtime-quickjs.
• OpenAPI source UX rework — editable OAuth2 endpoint URLs, removed import size limit, restored favicons, listSourceBindings 500 fix.
• OAuth reliability pass — DCR scope declaration, exact-scope refresh, id_token strip, omit-empty-scope, endpoint URL validation, popup hardening, token-error HTTP summary.
• Source-registration tools require approval by default.
• Older CLI builds get a clean "newer schema" error instead of a SQLite mismatch crash.
• Fixes: executeWithPause failure propagation (fix: prevent 180s timeout cascade on dynamic worker failures #523), isDevMode compiled bun binary (Thanks @grfwings Fix isDevMode not checking for compiled Bun binary #699), drizzle migration handling (Thanks @grfwings Add error handling for outdated clients running against newer DB schemas #741), frontend / decode error reporting, source-form local errors, remove-in-use toast ([codex] Add remove in-use toasts #530).

Breaking changes

• makeTestConfig deep import path moved (./testing → ./test-config); package-root re-export unchanged.
• Per-plugin credential shapes superseded by the new CredentialBinding* surface — in-tree plugins migrated, end users unaffected (rows migrate automatically).

Test plan

• bun run lint:release-notes — clean
• Inspect Version Packages PR opened by release.yml after merge — verify it bumps apps/cli/package.json to 1.4.16 and no other package version changed
• After Version Packages PR merge: confirm publish-executor-package.yml ran, GitHub Release v1.4.16 body matches next.md, npm executor@latest is 1.4.16

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	executor-marketing	59cfe71	Commit Preview URL Branch Preview URL	May 10 2026, 05:34 AM