Carry OAuth scopes through extraction to the invocation credential#1386
Merged
Conversation
Deploying with
|
| Status | Name | Latest Commit | Preview URL | Updated (UTC) |
|---|---|---|---|---|
| ✅ Deployment successful! View logs |
executor-marketing | 90c9a56 | Commit Preview URL Branch Preview URL |
Jul 10 2026, 09:35 AM |
Contributor
Cloudflare previewTorn down — the PR is closed. |
Deploying with
|
| Status | Name | Latest Commit | Updated (UTC) |
|---|---|---|---|
| ✅ Deployment successful! View logs |
executor-cloud | 90c9a56 | Jul 10 2026, 09:36 AM |
@executor-js/cli
@executor-js/config
@executor-js/execution
@executor-js/sdk
@executor-js/codemode-core
@executor-js/runtime-quickjs
@executor-js/plugin-file-secrets
@executor-js/plugin-graphql
@executor-js/plugin-keychain
@executor-js/plugin-mcp
@executor-js/plugin-onepassword
@executor-js/plugin-openapi
executor
commit: |
1dae20c to
6ec24e3
Compare
516719c to
35aba26
Compare
2c2f001 to
b0808e7
Compare
f7ab6a2 to
8503c9f
Compare
65fdf45 to
57352ac
Compare
8503c9f to
ffc3626
Compare
57352ac to
0d85ca8
Compare
ffc3626 to
5cf070e
Compare
0d85ca8 to
17bf091
Compare
08e770c to
228eae9
Compare
17bf091 to
f4e2f48
Compare
228eae9 to
c757a68
Compare
f4e2f48 to
25d7ad2
Compare
c757a68 to
efb13e2
Compare
25d7ad2 to
a226fc3
Compare
efb13e2 to
735d363
Compare
a226fc3 to
1308617
Compare
735d363 to
3ea2889
Compare
1308617 to
085dcb5
Compare
3ea2889 to
a1fafd2
Compare
085dcb5 to
4294a33
Compare
Tool catalogs were compiled with no notion of scope: an operation's security declaration never survived extraction, and the credential built for dispatch never carried what the connection's grant covers. A connection whose grant is narrower than its integration's catalog (the multi-product Google bundle case) exposed every tool as equally invocable, and the eventual upstream 403 could not say which scope was missing versus held. Extract per-operation security scopes into ExtractedOperation and OperationBinding (all three compile paths: whole-tree, streamed, and structure-streamed; optional so stored bindings keep decoding), add grantedScopes to ToolInvocationCredential sourced from the connection row's oauth_scope, and use both to annotate scope-insufficient 403s with the exact required and granted scopes. Advisory-only by design: scope-string containment needs provider semantics (a broad Google scope does not textually contain a narrow one), so nothing is blocked locally and unknown grants fail open. Refs #1384
4294a33 to
90c9a56
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Tool catalogs are compiled with no notion of scope: an operation's security declaration never survives extraction, and the credential built for dispatch never carries what the connection's grant covers.
This extracts per-operation security scopes into ExtractedOperation and OperationBinding (all three compile paths; optional so stored bindings keep decoding), adds grantedScopes to ToolInvocationCredential sourced from the connection row's oauth_scope, and uses both to annotate scope-insufficient 403s with the exact required and granted scopes.
Advisory-only by design: scope-string containment needs provider semantics (a broad Google scope does not textually contain a narrow one), so nothing is blocked locally and unknown grants fail open. Catalog projection by scope can build on this plumbing as a follow-up.
Refs #1384. Stacked on #1385.
Stack