npm - @kya-os/mcp-i-core - Versions diffs - 1.3.26 → 1.3.27 - Mend

@kya-os/mcp-i-core 1.3.26 → 1.3.27

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/services/access-control.service.js +16 -3
package/package.json +1 -1

package/dist/services/access-control.service.js CHANGED Viewed

@@ -685,18 +685,31 @@ function authorizationMatches(delegationAuth, toolAuth) {
     // No tool auth requirement - allow any delegation
     if (!toolAuth)
         return true;
-    // Compare type
+    // ✅ CROSS-TYPE COMPATIBILITY: credential providers can satisfy oauth requirements
+    // When a credential provider (like email/password) is used:
+    // - Delegation is created with: { type: 'credential', credentialType: 'credentials' }
+    // - Tool protection may specify: { type: 'oauth', provider: 'credentials' }
+    // These should be considered equivalent since they represent the same auth method.
+    const isCredentialToOAuthCompatible = delegationAuth.type === "credential" &&
+        toolAuth.type === "oauth" &&
+        delegationAuth.credentialType &&
+        toolAuth.provider &&
+        delegationAuth.credentialType === toolAuth.provider;
+    if (isCredentialToOAuthCompatible) {
+        return true;
+    }
+    // Compare type (strict match for other cases)
     if (delegationAuth.type !== toolAuth.type)
         return false;
     // For OAuth, compare provider (undefined in toolAuth means "any provider is acceptable")
-    if (delegationAuth.type === 'oauth') {
+    if (delegationAuth.type === "oauth") {
         // If tool doesn't specify a provider, any provider is acceptable
         if (!toolAuth.provider)
             return true;
         return delegationAuth.provider === toolAuth.provider;
     }
     // For credential, compare credentialType (undefined in toolAuth means "any type is acceptable")
-    if (delegationAuth.type === 'credential') {
+    if (delegationAuth.type === "credential") {
         // If tool doesn't specify a credential type, any type is acceptable
         if (!toolAuth.credentialType)
             return true;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@kya-os/mcp-i-core",
-  "version": "1.3.26",
+  "version": "1.3.27",
   "description": "Core runtime and types for MCP-I framework",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",