From 6f52823b8dd711e1ef660f3efacea2060a2f520b Mon Sep 17 00:00:00 2001
From: Artemiy <80065244+nkoorty@users.noreply.github.com>
Date: Mon, 9 Mar 2026 20:59:54 +0000
Subject: [PATCH] fix(cli): include generic auth credentials in permission
 checks

---
 .../credentials-permission-checker.test.ts    | 29 +++++++++++++++++++
 .../credentials-permission-checker.ts         |  8 ++++-
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/packages/cli/src/executions/pre-execution-checks/__tests__/credentials-permission-checker.test.ts b/packages/cli/src/executions/pre-execution-checks/__tests__/credentials-permission-checker.test.ts
index d976f216d19b1..7027c4d164c43 100644
--- a/packages/cli/src/executions/pre-execution-checks/__tests__/credentials-permission-checker.test.ts
+++ b/packages/cli/src/executions/pre-execution-checks/__tests__/credentials-permission-checker.test.ts
@@ -240,6 +240,35 @@ describe('CredentialsPermissionChecker', () => {
 			);
 		});
 
+		it('should check generic auth credential type selected by genericAuthType', async () => {
+			const genericCredentialNode: INode = {
+				...httpRequestNode,
+				parameters: {
+					authentication: 'genericCredentialType',
+					genericAuthType: 'httpBearerAuth',
+				},
+			};
+
+			nodeTypes.getByNameAndVersion.mockReturnValue({
+				description: {
+					credentials: [],
+				},
+			} as never);
+
+			sharedCredentialsRepository.getFilteredAccessibleCredentials.mockResolvedValue([
+				staleCredentialId,
+			]);
+			credentialsRepository.find.mockResolvedValue([]);
+
+			await expect(
+				permissionChecker.check(workflowId, [genericCredentialNode]),
+			).resolves.not.toThrow();
+
+			expect(sharedCredentialsRepository.getFilteredAccessibleCredentials).toHaveBeenCalledWith(
+				[teamProject.id],
+				[staleCredentialId],
+			);
+		});
 		it('should fall back to checking all credentials if node type cannot be resolved', async () => {
 			nodeTypes.getByNameAndVersion.mockImplementation(() => {
 				throw new Error('Unknown node type');
diff --git a/packages/cli/src/executions/pre-execution-checks/credentials-permission-checker.ts b/packages/cli/src/executions/pre-execution-checks/credentials-permission-checker.ts
index c8f00d68c41e3..f6b6f37e93e23 100644
--- a/packages/cli/src/executions/pre-execution-checks/credentials-permission-checker.ts
+++ b/packages/cli/src/executions/pre-execution-checks/credentials-permission-checker.ts
@@ -135,11 +135,17 @@ export class CredentialsPermissionChecker {
 
 			// For nodes using predefined credential type (e.g., HTTP Request node),
 			// the active credential is specified by the nodeCredentialType parameter
-			const { nodeCredentialType } = node.parameters;
+			const { nodeCredentialType, genericAuthType } = node.parameters;
 			if (typeof nodeCredentialType === 'string' && nodeCredentialType) {
 				activeTypes.add(nodeCredentialType);
 			}
 
+			// For nodes using generic credential mode (e.g., HTTP Request node),
+			// the active credential is specified by the genericAuthType parameter
+			if (typeof genericAuthType === 'string' && genericAuthType) {
+				activeTypes.add(genericAuthType);
+			}
+
 			return activeTypes;
 		} catch {
 			// If we can't resolve the node type, fall back to checking all credentials