Skip to content

refactor: entitlement JWT runner context#77

Open
JaeLeex wants to merge 1 commit into
mainfrom
refactor/entitlement-jwt
Open

refactor: entitlement JWT runner context#77
JaeLeex wants to merge 1 commit into
mainfrom
refactor/entitlement-jwt

Conversation

@JaeLeex

@JaeLeex JaeLeex commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Add cli/entitlement_jwt.py to verify v1 entitlement snapshots.
  • When gateway forwards x-nunchi-entitlement-jwt, derive runner policy env from the JWT instead of individual x-nunchi tier/network headers.

Test plan

  • pytest tests/test_entitlement_jwt.py tests/test_mcp_annotations.py
  • Pair with mcp-gateway PR; set matching NUNCHI_ENTITLEMENT_JWT_SECRET

Made with Cursor

Prefer x-nunchi-entitlement-jwt over individual policy headers when trusted
gateway context is present, using shared v1 snapshot verification.

Co-authored-by: Cursor <cursoragent@cursor.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant