Default openapi.addSpec credentialTargetScope to the source's scope

[RhysSullivan]

Summary

addSpecInternal forwarded credentialTargetScope to rebuildSource unchanged. When the caller (notably config-sync, which never sets it) passed undefined, targetScopeForBinding errored with "credentialTargetScope is required when adding direct OpenAPI credentials" — so any OpenAPI source with a header secret in executor.jsonc broke the daemon at startup.

Default to config.scope, matching the pattern already used by:

• refreshSource (packages/plugins/openapi/src/sdk/plugin.ts:972 — hardcodes scope)
• editSource (packages/plugins/openapi/src/sdk/plugin.ts:1090 — input.credentialTargetScope ?? scope)

Repro (before this PR)

// executor.jsonc
{
  "sources": [
    {
      "kind": "openapi",
      "spec": "https://raw.githubusercontent.com/cloudflare/api-schemas/main/openapi.json",
      "namespace": "cloudflare_api",
      "headers": {
        "Authorization": { "value": "secret-public-ref:...", "prefix": "Bearer " }
      }
    }
  ]
}

$ executor web
[config-sync] Failed to load source "cloudflare_api":
  OpenApiOAuthError: credentialTargetScope is required when adding direct OpenAPI credentials

Test plan

• New regression test in plugin.test.ts: addSpec without credentialTargetScope defaults to the source's scope — fails on main, passes after the fix
• Full openapi plugin suite: 90 tests pass (was 89)
• bun run lint clean

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	executor-marketing	75a4714	Commit Preview URL Branch Preview URL	May 10 2026, 05:02 PM

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
✅ Deployment successful! View logs	executor-cloud	75a4714	May 10 2026, 05:02 PM

[pkg-pr-new]

Open in StackBlitz

@executor-js/cli

npm i https://pkg.pr.new/@executor-js/cli@747

@executor-js/config

npm i https://pkg.pr.new/@executor-js/config@747

@executor-js/execution

npm i https://pkg.pr.new/@executor-js/execution@747

@executor-js/sdk

npm i https://pkg.pr.new/@executor-js/sdk@747

@executor-js/storage-core

npm i https://pkg.pr.new/@executor-js/storage-core@747

@executor-js/codemode-core

npm i https://pkg.pr.new/@executor-js/codemode-core@747

@executor-js/runtime-quickjs

npm i https://pkg.pr.new/@executor-js/runtime-quickjs@747

@executor-js/plugin-file-secrets

npm i https://pkg.pr.new/@executor-js/plugin-file-secrets@747

@executor-js/plugin-google-discovery

npm i https://pkg.pr.new/@executor-js/plugin-google-discovery@747

@executor-js/plugin-graphql

npm i https://pkg.pr.new/@executor-js/plugin-graphql@747

@executor-js/plugin-keychain

npm i https://pkg.pr.new/@executor-js/plugin-keychain@747

@executor-js/plugin-mcp

npm i https://pkg.pr.new/@executor-js/plugin-mcp@747

@executor-js/plugin-onepassword

npm i https://pkg.pr.new/@executor-js/plugin-onepassword@747

@executor-js/plugin-openapi

npm i https://pkg.pr.new/@executor-js/plugin-openapi@747

executor

npm i https://pkg.pr.new/executor@747

commit: 75a4714