fix(gateway): add missing validation for custom JWT claim values (#644)

aidandaly24 · web-flow · commit acd300d5956b · 2026-03-25T14:53:19.000-04:00
matchValueString and matchValueStringList items lacked regex validation,
allowing characters (e.g. / :) that the API rejects at deploy time.
Also blocks 'client_id' as a reserved custom claim name (server-side
business rule) and fixes stale mcp.json references in comments.

Validation constraints sourced from the ClaimMatchValueType and
CustomClaimValidationType API reference documentation.

- matchValueString: added regex [A-Za-z0-9_.-]+ and max(255)
- matchValueStringList items: same regex and max(255) per item
- inboundTokenClaimName: added max(255) and reserved name blocklist
- Updated stale mcp.json comment references to agentcore.json
diff --git a/src/cli/operations/fetch-access/fetch-gateway-token.ts b/src/cli/operations/fetch-access/fetch-gateway-token.ts
@@ -206,7 +206,7 @@ function resolveClientId(
     return envClientId;
   }
 
-  // Tier 3: allowedClients[0] from mcp.json (fallback)
+  // Tier 3: allowedClients[0] from agentcore.json (fallback)
   if (jwtConfig.allowedClients && jwtConfig.allowedClients.length > 0) {
     return jwtConfig.allowedClients[0];
   }
diff --git a/src/cli/primitives/PolicyEnginePrimitive.ts b/src/cli/primitives/PolicyEnginePrimitive.ts
@@ -143,7 +143,7 @@ export class PolicyEnginePrimitive extends BasePrimitive<AddPolicyEngineOptions,
   }
 
   /**
-   * Attach a policy engine to the specified gateways in mcp.json.
+   * Attach a policy engine to the specified gateways in agentcore.json.
    */
   async attachToGateways(engineName: string, gatewayNames: string[], mode: 'LOG_ONLY' | 'ENFORCE'): Promise<void> {
     if (gatewayNames.length === 0) return;
diff --git a/src/cli/tui/screens/mcp/__tests__/finishJwtConfig.test.ts b/src/cli/tui/screens/mcp/__tests__/finishJwtConfig.test.ts
@@ -58,9 +58,9 @@ describe('finishJwtConfig data mapping', () => {
         },
       ],
     };
-    // Schema accepts this structurally (both fields are optional at schema level)
-    // but the TUI should map STRING_ARRAY to matchValueStringList, not matchValueString
+    // 'admin,dev' contains a comma which violates the API-documented
+    // pattern [A-Za-z0-9_.-]+ — schema now correctly rejects this
     const result = CustomJwtAuthorizerConfigSchema.safeParse(config);
-    expect(result.success).toBe(true);
+    expect(result.success).toBe(false);
   });
 });
diff --git a/src/schema/schemas/mcp.ts b/src/schema/schemas/mcp.ts
@@ -46,13 +46,28 @@ const OidcDiscoveryUrlSchema = z
 
 // ── Custom Claims Schemas (matches CFN CustomClaimValidationType) ──
 
+// API-documented patterns (from ClaimMatchValueType and CustomClaimValidationType)
+const MATCH_VALUE_PATTERN = /^[A-Za-z0-9_.-]+$/;
+const CLAIM_NAME_PATTERN = /^[A-Za-z0-9_.:-]+$/;
+// Server-side reserved claim names (not regex-documented; API rejects these at deploy time)
+const RESERVED_CLAIM_NAMES = ['client_id'];
+
 export const ClaimMatchOperatorSchema = z.enum(['EQUALS', 'CONTAINS', 'CONTAINS_ANY']);
 export type ClaimMatchOperator = z.infer<typeof ClaimMatchOperatorSchema>;
 
 export const ClaimMatchValueSchema = z
   .object({
-    matchValueString: z.string().min(1).optional(),
-    matchValueStringList: z.array(z.string().min(1)).min(1).max(255).optional(),
+    matchValueString: z
+      .string()
+      .min(1)
+      .max(255)
+      .regex(MATCH_VALUE_PATTERN, 'Match value must match [A-Za-z0-9_.-]+')
+      .optional(),
+    matchValueStringList: z
+      .array(z.string().min(1).max(255).regex(MATCH_VALUE_PATTERN, 'Each match value must match [A-Za-z0-9_.-]+'))
+      .min(1)
+      .max(255)
+      .optional(),
   })
   .refine(data => data.matchValueString !== undefined || data.matchValueStringList !== undefined, {
     message: 'Either matchValueString or matchValueStringList must be provided',
@@ -70,7 +85,11 @@ export const CustomClaimValidationSchema = z
     inboundTokenClaimName: z
       .string()
       .min(1)
-      .regex(/^[A-Za-z0-9_.\-:]+$/, 'Claim name must match [A-Za-z0-9_.-:]+'),
+      .max(255)
+      .regex(CLAIM_NAME_PATTERN, 'Claim name must match [A-Za-z0-9_.-:]+')
+      .refine(name => !RESERVED_CLAIM_NAMES.includes(name), {
+        message: `Claim name cannot be a reserved name (${RESERVED_CLAIM_NAMES.join(', ')})`,
+      }),
     inboundTokenClaimValueType: InboundTokenClaimValueTypeSchema,
     authorizingClaimMatchValue: z.object({
       claimMatchOperator: ClaimMatchOperatorSchema,

Original file line number	Diff line number	Diff line change
`@@ -206,7 +206,7 @@ function resolveClientId(`
`206`	`206`	`return envClientId;`
`207`	`207`	`}`
`208`	`208`
`209`		`- // Tier 3: allowedClients[0] from mcp.json (fallback)`
	`209`	`+ // Tier 3: allowedClients[0] from agentcore.json (fallback)`
`210`	`210`	`if (jwtConfig.allowedClients && jwtConfig.allowedClients.length > 0) {`
`211`	`211`	`return jwtConfig.allowedClients[0];`
`212`	`212`	`}`
Original file line number	Diff line number	Diff line change
`@@ -143,7 +143,7 @@ export class PolicyEnginePrimitive extends BasePrimitive<AddPolicyEngineOptions,`
`143`	`143`	`}`
`144`	`144`
`145`	`145`	`/**`
`146`		`- * Attach a policy engine to the specified gateways in mcp.json.`
	`146`	`+ * Attach a policy engine to the specified gateways in agentcore.json.`
`147`	`147`	`*/`
`148`	`148`	`async attachToGateways(engineName: string, gatewayNames: string[], mode: 'LOG_ONLY' \| 'ENFORCE'): Promise<void> {`
`149`	`149`	`if (gatewayNames.length === 0) return;`