fix(ci): Windows link mismatch + auth-context param leak (#22)

- mcp_authorization_policy.hpp forward-declared EndpointConfig as
  `class` while it is actually a `struct`. MSVC mangles the
  struct/class keyword into function symbol names, so the resulting
  `MCPAuthorizationPolicy::authorize` symbol seen at mcp_tool_handler's
  call site (struct, U-prefix) never matched the one emitted from
  mcp_authorization_policy.cpp (class, V-prefix), producing LNK2019 on
  Windows release while Itanium ABI builds linked cleanly. Fixed by
  changing the forward decl to `struct`.

- RequestValidator::validateRequestFields now skips the reserved
  `__auth_*` prefix used by APIServer to inject auth context. Before
  this fix, write endpoints with validate_before_write enabled rejected
  every authenticated request as containing 5 phantom unknown fields
  (__auth_username/_email/_roles/_type/_authenticated), surfacing as
  the test_write_operations integration regressions on main.

Unit-tested both the positive case (auth-prefix lets through) and the
negative case (a key merely containing __auth_ is still rejected).

Author: jrosskopf

src/include/mcp_authorization_policy.hpp

@@ -5,7 +5,7 @@
 
 namespace flapi {
 
-class EndpointConfig;
+struct EndpointConfig;
 
 class MCPAuthorizationPolicy {
 public:

src/request_validator.cpp

@@ -311,8 +311,14 @@ std::vector<ValidationError> RequestValidator::validateRequestFields(
     knownFields.insert("offset");
     knownFields.insert("limit");
 
-    // Check each parameter against known fields
+    // Check each parameter against known fields. The `__auth_*` prefix is
+    // reserved for the auth-context injection performed by APIServer; those
+    // keys are not user input and must not be flagged as unknown.
+    const std::string kAuthReservedPrefix = "__auth_";
     for (const auto& param : params) {
+        if (param.first.rfind(kAuthReservedPrefix, 0) == 0) {
+            continue;
+        }
         if (knownFields.find(param.first) == knownFields.end()) {
             errors.push_back({
                 param.first,

test/cpp/request_validator_test.cpp

@@ -723,4 +723,33 @@ TEST_CASE("RequestValidator: validateRequestFields", "[request_validator]") {
         REQUIRE(hasUnknownParam);
         REQUIRE(hasInvalidField);
     }
+
+    SECTION("Reserved __auth_* injection keys are not flagged as unknown") {
+        // APIServer injects auth-context fields under the reserved __auth_*
+        // prefix before validation. They are not user input, so the unknown-
+        // parameter check must let them through silently. Without this skip,
+        // every authenticated write request would 400 with phantom errors.
+        std::map<std::string, std::string> params = {
+            {"name", "John"},
+            {"__auth_username", "alice"},
+            {"__auth_email", "alice@example.com"},
+            {"__auth_roles", "admin,analyst"},
+            {"__auth_type", "jwt"},
+            {"__auth_authenticated", "true"}
+        };
+        auto errors = validator.validateRequestFields(requestFields, params);
+        REQUIRE(errors.empty());
+    }
+
+    SECTION("Keys merely containing __auth_ are still flagged if not a prefix") {
+        // The skip is prefix-based, so a key like "user___auth_token" that
+        // contains the marker but does not start with it must still be
+        // rejected — it could otherwise be smuggled past as a phantom field.
+        std::map<std::string, std::string> params = {
+            {"user___auth_token", "value"}
+        };
+        auto errors = validator.validateRequestFields(requestFields, params);
+        REQUIRE(errors.size() == 1);
+        REQUIRE(errors[0].fieldName == "user___auth_token");
+    }
 }