Skip to content

Carry OAuth scopes through extraction to the invocation credential#1386

Draft
RhysSullivan wants to merge 1 commit into
fix-1381-scope-insufficient-codefrom
fix-1384-scope-plumbing
Draft

Carry OAuth scopes through extraction to the invocation credential#1386
RhysSullivan wants to merge 1 commit into
fix-1381-scope-insufficient-codefrom
fix-1384-scope-plumbing

Conversation

@RhysSullivan

Copy link
Copy Markdown
Collaborator

Tool catalogs are compiled with no notion of scope: an operation's security declaration never survives extraction, and the credential built for dispatch never carries what the connection's grant covers.

This extracts per-operation security scopes into ExtractedOperation and OperationBinding (all three compile paths; optional so stored bindings keep decoding), adds grantedScopes to ToolInvocationCredential sourced from the connection row's oauth_scope, and uses both to annotate scope-insufficient 403s with the exact required and granted scopes.

Advisory-only by design: scope-string containment needs provider semantics (a broad Google scope does not textually contain a narrow one), so nothing is blocked locally and unknown grants fail open. Catalog projection by scope can build on this plumbing as a follow-up.

Refs #1384. Stacked on #1385.

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 10, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
executor-marketing 6ec24e3 Commit Preview URL

Branch Preview URL
Jul 10 2026, 03:03 AM

@github-actions

github-actions Bot commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Cloudflare preview

Console https://executor-preview-pr-1386.executor-e2e.workers.dev
MCP https://executor-preview-pr-1386.executor-e2e.workers.dev/mcp
Deployed commit 6ec24e3

Sign-in is Cloudflare Access (one-time PIN to an allowed email). The preview has its own database and encryption key; it is destroyed when this PR closes.

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 10, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
✅ Deployment successful!
View logs
executor-cloud 6ec24e3 Jul 10 2026, 03:06 AM

@pkg-pr-new

pkg-pr-new Bot commented Jul 10, 2026

Copy link
Copy Markdown

Open in StackBlitz

@executor-js/cli

npm i https://pkg.pr.new/@executor-js/cli@1386

@executor-js/config

npm i https://pkg.pr.new/@executor-js/config@1386

@executor-js/execution

npm i https://pkg.pr.new/@executor-js/execution@1386

@executor-js/sdk

npm i https://pkg.pr.new/@executor-js/sdk@1386

@executor-js/codemode-core

npm i https://pkg.pr.new/@executor-js/codemode-core@1386

@executor-js/runtime-quickjs

npm i https://pkg.pr.new/@executor-js/runtime-quickjs@1386

@executor-js/plugin-file-secrets

npm i https://pkg.pr.new/@executor-js/plugin-file-secrets@1386

@executor-js/plugin-graphql

npm i https://pkg.pr.new/@executor-js/plugin-graphql@1386

@executor-js/plugin-keychain

npm i https://pkg.pr.new/@executor-js/plugin-keychain@1386

@executor-js/plugin-mcp

npm i https://pkg.pr.new/@executor-js/plugin-mcp@1386

@executor-js/plugin-onepassword

npm i https://pkg.pr.new/@executor-js/plugin-onepassword@1386

@executor-js/plugin-openapi

npm i https://pkg.pr.new/@executor-js/plugin-openapi@1386

executor

npm i https://pkg.pr.new/executor@1386

commit: 6ec24e3

@RhysSullivan RhysSullivan force-pushed the fix-1384-scope-plumbing branch from 0b23501 to 1dae20c Compare July 10, 2026 02:44
Tool catalogs were compiled with no notion of scope: an operation's
security declaration never survived extraction, and the credential built
for dispatch never carried what the connection's grant covers. A
connection whose grant is narrower than its integration's catalog (the
multi-product Google bundle case) exposed every tool as equally
invocable, and the eventual upstream 403 could not say which scope was
missing versus held.

Extract per-operation security scopes into ExtractedOperation and
OperationBinding (all three compile paths: whole-tree, streamed, and
structure-streamed; optional so stored bindings keep decoding), add
grantedScopes to ToolInvocationCredential sourced from the connection
row's oauth_scope, and use both to annotate scope-insufficient 403s
with the exact required and granted scopes. Advisory-only by design:
scope-string containment needs provider semantics (a broad Google scope
does not textually contain a narrow one), so nothing is blocked locally
and unknown grants fail open.

Refs #1384
@RhysSullivan RhysSullivan force-pushed the fix-1384-scope-plumbing branch from 1dae20c to 6ec24e3 Compare July 10, 2026 03:01
@RhysSullivan RhysSullivan force-pushed the fix-1381-scope-insufficient-code branch from 1d08e44 to 516719c Compare July 10, 2026 03:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant