From 953e7b44d4b14f4b8a5a9008a84b6a60fb64e0a4 Mon Sep 17 00:00:00 2001 From: Rhys Sullivan <39114868+RhysSullivan@users.noreply.github.com> Date: Mon, 11 May 2026 14:20:56 -0700 Subject: [PATCH] Release notes + changeset for 1.4.19 --- .changeset/executor-1.4.19.md | 5 +++++ apps/cli/release-notes/next.md | 12 +++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 .changeset/executor-1.4.19.md diff --git a/.changeset/executor-1.4.19.md b/.changeset/executor-1.4.19.md new file mode 100644 index 000000000..6958f2404 --- /dev/null +++ b/.changeset/executor-1.4.19.md @@ -0,0 +1,5 @@ +--- +"executor": patch +--- + +Source state stays in sync between executor.jsonc and the runtime DB; variadic tool path arguments no longer crash. See `apps/cli/release-notes/next.md`. diff --git a/apps/cli/release-notes/next.md b/apps/cli/release-notes/next.md index d8a9a47fa..1fe399c31 100644 --- a/apps/cli/release-notes/next.md +++ b/apps/cli/release-notes/next.md @@ -1,3 +1,13 @@ ## Fixes -- 1Password vault items now appear in the secrets list without first being bound. `executor.secrets.list()` fans out to each provider's `list()` after collecting core routing rows, so read-only providers (1Password, file-secrets, workos-vault) surface their inventory directly. Core rows still win on id collisions; connection-owned ids stay hidden. +### Source state stays in sync between `executor.jsonc` and the runtime DB + +Two regressions kept `executor.jsonc` and the runtime DB from agreeing on which sources exist and how they authenticate. Together they caused deleted sources to come back after a restart and authenticated MCP sources to silently lose their credentials on boot. + +- Removing a source from the UI (or via `executor.{openapi,mcp,graphql}.removeSource`) now writes the deletion through to `executor.jsonc`, so the source stays gone after a reboot. Thanks @RyanNg1403 (#408) +- Boot-time replay of remote MCP sources now threads the `auth` block from `executor.jsonc` into `executor.mcp.addSource`, so header-auth and OAuth2 sources connect with credentials on the first request after startup instead of failing the SSE handshake unauthenticated. Thanks @RyanNg1403 (#408) +- Updating an MCP source's auth from the UI (e.g. re-linking an OAuth connection) now writes the change back to `executor.jsonc`, so the new binding survives the next restart instead of being overwritten by stale file state. Thanks @aryasaatvik (#709) + +### Variadic tool path arguments no longer crash + +Calling a tool with multiple positional path arguments (`executor path/a path/b ...`) no longer panics in the CLI argument parser. Thanks @grfwings (#761)