You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Merge main into cloudflare-mcp-do-hibernation-standalone
Brings the branch up to date with main (78 commits). Non-trivial integration:
main added toolkit-scoped MCP (`/mcp/toolkits/<slug>`, an `McpResource` threaded
through the session flow) while this branch replaced the old session DO with the
hibernatable Agent DO. Ported `resource` onto the new `McpAgentSessionDOBase`
(McpSessionInit + SessionMeta) and threaded it through both agent handlers:
host-cloudflare always serves the default resource (only `/mcp` routes to the
bridge), cloud derives the toolkit resource from the request path.
Kept the four old-impl files deleted (main had modified them; no new consumers).
Add a test seam to skip the first-run "keep Executor running in the background?" consent dialog under automation, matching the existing `confirmResetState` seam. Set `EXECUTOR_TEST_AUTO_CONFIRM_BACKGROUND_SERVICE=1` to keep the background service or any other value to decline. When the variable is unset the dialog is shown exactly as before. Native dialogs cannot be answered from CDP or Playwright, so a packaged first-run boot under automation previously blocked at this prompt with no way to proceed.
Fix the desktop app failing to start its local server when the generated auth token begins with a dash. The token is `randomBytes(32).toString("base64url")`, which can start with "-", and the packaged app passed it to the bundled CLI as a separate argument (`--auth-token`, then the token). The CLI then read the leading-dash token as an unknown flag, printed its help, and exited, so the desktop showed a fatal "local Executor server crashed during startup" dialog. This was persistent (the token is saved) and cross-platform, affecting roughly 1 in 64 fresh installs. The token is now passed in the combined `--auth-token=<value>` form so a leading dash is treated as the value.
Fix the GraphQL plugin generating invalid operations against large schemas, and make field selection caller-controlled instead of a baked-in guess.
6
+
7
+
Previously each tool froze a recursive, depth- and count-bounded selection at sync time. Against a rich schema (GitLab) this produced invalid GraphQL (composite fields with no sub-selection, nested fields missing required arguments) so every call over a rich return type failed, and the arbitrary bound silently truncated which fields came back.
8
+
9
+
Generated tools now default to selecting only scalar/enum leaf fields of the return type (always valid, always within a server's query-complexity budget), and expose an optional `select` input carrying a GraphQL selection set so a caller can request nested or list data per call (including supplying nested required arguments). Fixes #1146.
description: "Build modals/dialogs self-contained: form and in-flight state lives inside, closing unmounts it. Use when writing or reviewing a modal/dialog, especially one that owns async work (OAuth popups, timers, subscriptions, AbortControllers). Catches the stuck-on-Connecting class of lifecycle-leak bugs."
4
+
---
5
+
6
+
# Self-contained modals
7
+
8
+
A modal's **form state and in-flight work live INSIDE the modal**, and **closing
9
+
the modal UNMOUNTS that state** so it is destroyed, not hand-reset. Only the
10
+
**open/route intent** belongs to the parent (deep links, programmatic open,
11
+
reconnect handoffs need it).
12
+
13
+
## Why
14
+
15
+
A hand-written `reset()` has to enumerate every field, and it silently drifts out
16
+
of sync with state owned by **child hooks the parent can't see**. Unmounting
17
+
resets everything for free, including child-hook cleanup effects (cancelling a
18
+
dangling server session, clearing a timer, aborting a fetch).
19
+
20
+
Concrete bug this prevents (executor, add-account-modal): the modal was mounted
21
+
unconditionally, so `useOAuthPopupFlow`'s `busy` survived close. `reset()` zeroed
22
+
its own booleans but never called `oauthPopup.cancel()`. Abandon the OAuth popup,
23
+
close, reopen, and `oauthBusy = false || busy(true) = true`, so the footer is
24
+
wedged on "Connecting…" with Close disabled. Unmounting would have cleared `busy`
25
+
AND run the hook's cleanup that cancels the server OAuth session.
26
+
27
+
## How to apply
28
+
29
+
Default to **genuine conditional unmount**, state inside. When closed the
30
+
component returns `null`, so React destroys all of it and runs every child
31
+
hook's cleanup. This is the cleanest fix and the one to reach for first:
Copy file name to clipboardExpand all lines: apps/cli/CHANGELOG.md
+81Lines changed: 81 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,86 @@
1
1
# executor
2
2
3
+
## 1.5.22
4
+
5
+
### Patch Changes
6
+
7
+
-[#1167](https://github.com/RhysSullivan/executor/pull/1167)[`add2e40`](https://github.com/RhysSullivan/executor/commit/add2e405fca8a5e20aea43d216bc8289c15e2187) Thanks [@RhysSullivan](https://github.com/RhysSullivan)! - Fix the desktop app's main-area title-bar strip pushing page content down so page headers no longer lined up with the sidebar header. The drag strip now overlays the top of the main area (behind page content) instead of reserving its own row, and the Toolkits header uses a fixed title-bar height so its bottom border aligns with the sidebar header again.
8
+
9
+
- Updated dependencies []:
10
+
-@executor-js/local@1.4.4
11
+
-@executor-js/sdk@1.5.22
12
+
-@executor-js/runtime-quickjs@1.5.22
13
+
-@executor-js/api@1.4.42
14
+
15
+
## 1.5.21
16
+
17
+
### Patch Changes
18
+
19
+
-[#1134](https://github.com/RhysSullivan/executor/pull/1134)[`78aa871`](https://github.com/RhysSullivan/executor/commit/78aa8710d774d552d6030eca060c5e72f0899461) Thanks [@RhysSullivan](https://github.com/RhysSullivan)! - Fix OAuth callbacks in cloud so they preserve the URL-selected organization when the session cookie points at another org.
20
+
21
+
- Updated dependencies []:
22
+
-@executor-js/local@1.4.4
23
+
-@executor-js/sdk@1.5.21
24
+
-@executor-js/runtime-quickjs@1.5.21
25
+
-@executor-js/api@1.4.41
26
+
27
+
## 1.5.20
28
+
29
+
### Patch Changes
30
+
31
+
-[#1132](https://github.com/RhysSullivan/executor/pull/1132)[`580fc7f`](https://github.com/RhysSullivan/executor/commit/580fc7f8b2615a0d7760b3a4daddf8d45673ef3f) Thanks [@RhysSullivan](https://github.com/RhysSullivan)! - Fix the PostHog custom MCP OAuth setup flow so Add connection opens PostHog authorization instead of falling back to manual OAuth app registration.
32
+
33
+
- Updated dependencies []:
34
+
-@executor-js/sdk@1.5.20
35
+
-@executor-js/runtime-quickjs@1.5.20
36
+
-@executor-js/local@1.4.4
37
+
-@executor-js/api@1.4.40
38
+
39
+
## 1.5.19
40
+
41
+
### Patch Changes
42
+
43
+
-[#1115](https://github.com/RhysSullivan/executor/pull/1115)[`92bd86c`](https://github.com/RhysSullivan/executor/commit/92bd86cb975ce867b3002ae9bcb6bf60da67cc48) Thanks [@RhysSullivan](https://github.com/RhysSullivan)! - Google media downloads (Drive file contents, exports, and other binary
44
+
endpoints) are now returned as binary responses instead of being decoded as
45
+
text, so files come back intact. Emit them with `emit(result.data)`.
46
+
47
+
-[#1115](https://github.com/RhysSullivan/executor/pull/1115)[`92bd86c`](https://github.com/RhysSullivan/executor/commit/92bd86cb975ce867b3002ae9bcb6bf60da67cc48) Thanks [@RhysSullivan](https://github.com/RhysSullivan)! - The CLI now validates that a URL is `http`/`https` before handing it to the
48
+
operating system's browser opener, and on Windows opens it via
49
+
`rundll32 url.dll,FileProtocolHandler` instead of `cmd /c start`. This removes a
50
+
path where a crafted URL could be interpreted as a shell command. `executor
51
+
login` and the "open in browser" prompts behave the same for normal URLs.
52
+
53
+
-[#1115](https://github.com/RhysSullivan/executor/pull/1115)[`92bd86c`](https://github.com/RhysSullivan/executor/commit/92bd86cb975ce867b3002ae9bcb6bf60da67cc48) Thanks [@RhysSullivan](https://github.com/RhysSullivan)! - Hardened the hosted egress guard. Outbound requests from OAuth token exchanges,
54
+
MCP transports, and GraphQL/Google/Microsoft discovery now all route through the
55
+
guard, and the guard resolves DNS before connecting so a hostname that points at
56
+
a private or loopback address is blocked rather than only literal private IPs.
57
+
This tightens SSRF protection for hosted and cloud execution.
58
+
- Updated dependencies []:
59
+
-@executor-js/sdk@1.5.19
60
+
-@executor-js/runtime-quickjs@1.5.19
61
+
-@executor-js/local@1.4.4
62
+
-@executor-js/api@1.4.39
63
+
64
+
## 1.5.18
65
+
66
+
### Patch Changes
67
+
68
+
-[#1093](https://github.com/RhysSullivan/executor/pull/1093)[`bc24d1a`](https://github.com/RhysSullivan/executor/commit/bc24d1a4924ed8b3f09d64c639b0fe7fe02ed53d) Thanks [@RhysSullivan](https://github.com/RhysSullivan)! - `connections.create` now accepts no-auth connections (the `none` template with
69
+
no credential), which previously failed validation with "Expected exactly one
70
+
provider credential origin". Agents can wire up public, no-auth integrations
71
+
(public MCP servers, public REST APIs) programmatically instead of bouncing
72
+
through the web UI. Templates that take a credential still require exactly one.
73
+
74
+
-[#1093](https://github.com/RhysSullivan/executor/pull/1093)[`bc24d1a`](https://github.com/RhysSullivan/executor/commit/bc24d1a4924ed8b3f09d64c639b0fe7fe02ed53d) Thanks [@RhysSullivan](https://github.com/RhysSullivan)! - OpenAPI tools that return a file now spell out how to emit it directly in the
75
+
tool's description, so an agent sees the `emit(result.data)` contract before its
76
+
first call instead of only discovering it after a failed attempt or by reading
0 commit comments