From 59604a267fb0fd7f53a8ab100b7f1ef864ab259b Mon Sep 17 00:00:00 2001
From: Tryingtobeabetterprogrammer <vijaysharu15@gmail.com>
Date: Tue, 3 Mar 2026 14:28:45 +0530
Subject: [PATCH 1/3] docs: add Section 9 for Identity Propagation and Context

Adds technical guidance on propagating user identity (JWT) to backend tools to prevent privilege escalation in AI agents. Closes #2041.
---
 cheatsheets/AI_Agent_Security_Cheat_Sheet.md | 27 ++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/cheatsheets/AI_Agent_Security_Cheat_Sheet.md b/cheatsheets/AI_Agent_Security_Cheat_Sheet.md
index c47b52e202..9583ed3de1 100644
--- a/cheatsheets/AI_Agent_Security_Cheat_Sheet.md
+++ b/cheatsheets/AI_Agent_Security_Cheat_Sheet.md
@@ -660,6 +660,33 @@ class SecureContextBuilder:
         context = "\n---\n".join(protected_docs)
         return context[:max_tokens * 4]  # Rough char estimate
 ```
+### 9. Identity Propagation & Context
+
+-Enforce User Context Propagation: 
+        Require agents to pass the user's original authentication token (e.g., JWT) to any backend tool or API.
+-Validate at the Source: 
+        Ensure backend services validate the user's identity and permissions, preventing the agent from acting as a privileged "super-user".
+-Maintain Audit Trails: 
+        Log all agent actions with the associated user identity to ensure non-repudiation and clear accountability.
+-To ensure the agent only has the same permissions as the user (no "Super-User" powers).
+-Telling the database: This request is coming from User, only show him his own data.
+-Prevent Privilege Escalation: Ensure the agent only possesses the same permissions as the active user by acting as a passthrough for the user's authenticated identity.
+
+Implementation: Passing User Identity to AI Tools (Python/FastAPI)
+```Python
+from fastapi import Header, HTTPException
+async def secure_ai_tool(data: dict, authorization: str = Header(None)):
+    """
+    Ensures the AI Agent acts as a passthrough for the user's identity.
+    """
+    # 1. Extract and validate the HUMAN user's identity from the bearer token
+    user = verify_jwt(authorization) 
+    if not user:
+        raise HTTPException(status_code=401, detail="Valid user context required")
+    # 2. Perform the action using the specific human user's permissions
+    return await db.execute_action(user_id=user.id, **data)
+```
+
 
 ## Do's and Don'ts
 

From 4635666fa977276c027aa87585f0200e40179f70 Mon Sep 17 00:00:00 2001
From: Tryingtobeabetterprogrammer <vijaysharu15@gmail.com>
Date: Tue, 3 Mar 2026 14:30:49 +0530
Subject: [PATCH 2/3] docs: add Section 9 for Identity Propagation and Context

Adds technical guidance on propagating user identity (JWT) to backend tools to prevent privilege escalation in AI agents. Closes #2041.
---
 cheatsheets/AI_Agent_Security_Cheat_Sheet.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/cheatsheets/AI_Agent_Security_Cheat_Sheet.md b/cheatsheets/AI_Agent_Security_Cheat_Sheet.md
index 9583ed3de1..23ab20d1f0 100644
--- a/cheatsheets/AI_Agent_Security_Cheat_Sheet.md
+++ b/cheatsheets/AI_Agent_Security_Cheat_Sheet.md
@@ -662,15 +662,15 @@ class SecureContextBuilder:
 ```
 ### 9. Identity Propagation & Context
 
--Enforce User Context Propagation: 
+- Enforce User Context Propagation: 
         Require agents to pass the user's original authentication token (e.g., JWT) to any backend tool or API.
--Validate at the Source: 
+- Validate at the Source: 
         Ensure backend services validate the user's identity and permissions, preventing the agent from acting as a privileged "super-user".
--Maintain Audit Trails: 
+- Maintain Audit Trails: 
         Log all agent actions with the associated user identity to ensure non-repudiation and clear accountability.
--To ensure the agent only has the same permissions as the user (no "Super-User" powers).
--Telling the database: This request is coming from User, only show him his own data.
--Prevent Privilege Escalation: Ensure the agent only possesses the same permissions as the active user by acting as a passthrough for the user's authenticated identity.
+- To ensure the agent only has the same permissions as the user (no "Super-User" powers).
+- Telling the database: This request is coming from User, only show him his own data.
+- Prevent Privilege Escalation: Ensure the agent only possesses the same permissions as the active user by acting as a passthrough for the user's authenticated identity.
 
 Implementation: Passing User Identity to AI Tools (Python/FastAPI)
 ```Python

From 10748e71c4fa34ced44fb0a60db22136c463eb9a Mon Sep 17 00:00:00 2001
From: Tryingtobeabetterprogrammer <vijaysharu15@gmail.com>
Date: Thu, 5 Mar 2026 00:08:44 +0530
Subject: [PATCH 3/3] docs: fix formatting and spacing in Section 9

Cleaned up Markdown formatting in Section 9 to satisfy CI requirements. Specifically addressed MD009 trailing spaces on bullet points and MD031/MD022 spacing around headings and Python code blocks.
---
 cheatsheets/AI_Agent_Security_Cheat_Sheet.md | 21 +++++++++-----------
 1 file changed, 9 insertions(+), 12 deletions(-)

diff --git a/cheatsheets/AI_Agent_Security_Cheat_Sheet.md b/cheatsheets/AI_Agent_Security_Cheat_Sheet.md
index 23ab20d1f0..4dac124d0c 100644
--- a/cheatsheets/AI_Agent_Security_Cheat_Sheet.md
+++ b/cheatsheets/AI_Agent_Security_Cheat_Sheet.md
@@ -662,34 +662,31 @@ class SecureContextBuilder:
 ```
 ### 9. Identity Propagation & Context
 
-- Enforce User Context Propagation: 
-        Require agents to pass the user's original authentication token (e.g., JWT) to any backend tool or API.
-- Validate at the Source: 
-        Ensure backend services validate the user's identity and permissions, preventing the agent from acting as a privileged "super-user".
-- Maintain Audit Trails: 
-        Log all agent actions with the associated user identity to ensure non-repudiation and clear accountability.
+- Enforce User Context Propagation: Require agents to pass the user's original authentication token (e.g., JWT) to any backend tool or API.
+- Validate at the Source: Ensure backend services validate the user's identity and permissions, preventing the agent from acting as a privileged "super-user".
+- Maintain Audit Trails: Log all agent actions with the associated user identity to ensure non-repudiation and clear accountability.
 - To ensure the agent only has the same permissions as the user (no "Super-User" powers).
 - Telling the database: This request is coming from User, only show him his own data.
-- Prevent Privilege Escalation: Ensure the agent only possesses the same permissions as the active user by acting as a passthrough for the user's authenticated identity.
+- Prevent Privilege Escalation:Ensure the agent only possesses the same permissions as the active user by acting as a passthrough for the users authenticated identity.
+
+### Implementation: Passing User Identity to AI Tools
+
 
-Implementation: Passing User Identity to AI Tools (Python/FastAPI)
 ```Python
 from fastapi import Header, HTTPException
+
 async def secure_ai_tool(data: dict, authorization: str = Header(None)):
     """
     Ensures the AI Agent acts as a passthrough for the user's identity.
     """
     # 1. Extract and validate the HUMAN user's identity from the bearer token
-    user = verify_jwt(authorization) 
+    user = verify_jwt(authorization)
     if not user:
         raise HTTPException(status_code=401, detail="Valid user context required")
     # 2. Perform the action using the specific human user's permissions
     return await db.execute_action(user_id=user.id, **data)
 ```
-
-
 ## Do's and Don'ts
-
 **Do:**
 
 - Apply least privilege to all agent tools and permissions.