training-agent: mount /<tenant>/mcp-strict-required + /<tenant>/mcp-strict-forbidden, route signed_requests storyboard at all three

[bokelley]

Summary

Storyboard signed_requests shows 9 skipped vectors on every tenant. 4 are explicit `skipVectors` in `run-storyboards.ts` (007/018/020/025); the remaining 5 skip because they require covers_content_digest: 'required' or 'forbidden' capability profiles. Our current //mcp-strict route advertises 'either', so the runner grades those vectors capability-incompatible.

Scope

The auth primitives already exist in server/src/training-agent/request-signing.ts:

• buildStrictRequiredRequestSigningAuthenticator → 'required' digest mode
• buildStrictForbiddenRequestSigningAuthenticator → 'forbidden' digest mode
• getStrictRequiredRequestSigningCapability / getStrictForbiddenRequestSigningCapability

Three pieces of work:

1. Mount routes in server/src/training-agent/index.ts, mirroring the per-tenant /<tenant>/mcp-strict pattern (PR fix(training-agent): restore per-tenant /<tenant>/mcp-strict, close #3965 Class C #4061):

   • /<tenant>/mcp-strict-required → strict-required authenticator + ctx.digestMode = 'required'
   • /<tenant>/mcp-strict-forbidden → strict-forbidden authenticator + ctx.digestMode = 'forbidden'

2. Route the storyboard sequentially — currently run-storyboards.ts redirects signed_requests to /mcp-strict only. Run it three times, once per route, with the matching request_signing.profile option.

3. Re-grade — vector 007 (missing-content-digest required) fires on /mcp-strict-required; vector 018 (digest-covered-when-forbidden) fires on /mcp-strict-forbidden; etc.

References

• PR fix(training-agent): restore per-tenant /<tenant>/mcp-strict, close #3965 Class C #4061 — established the per-tenant strict route pattern
• request-signing.ts:316-323 — authenticators already implemented

Coverage lift

Tenant	Today	After fix	Δ
signed_requests	31P / 9S	36P / 4S	+5 / -5

Across all six tenants: +30 steps recovered.

[bokelley]

Triage

Classification: Feature request
Bucket(s): compliance-suite
Status: drafting-pr

What the experts said:

• ad-tech-protocol-expert: non-breaking, additive routes only; skipVectors assignments correct per RFC 9421 (007 belongs on /mcp-strict-required, 018 on /mcp-strict-forbidden); vector 027 fixture hardcodes covers_content_digest: 'either' so it grades capability-incompatible on the two new routes — correct behavior, 027 still runs on /mcp-strict
• code-reviewer: correct lazy-auth pattern (separate singleton per variant prevents cross-route capability bleed); factory handler avoids duplicating transport/error-handling; skipVectors per route are sound

My take: All three infrastructure pieces were already in place — authenticators, capabilities, and TrainingContext.digestMode. This is a clean route-mount + storyboard-routing exercise with no ambiguity. Draft PR #4099 implements all three items from the issue scope.

Drafting #4099: mounts /<tenant>/mcp-strict-required and /<tenant>/mcp-strict-forbidden across all six tenants, converts strictMcpHandler to a makeStrictMcpHandler(digestMode?) factory, and updates run-storyboards.ts to run signed_requests sequentially on all three routes with per-route skipVectors. Expected lift: +5 steps recovered per tenant, +30 across all six.

---

Triaged by Claude Code. Session: https://claude.ai/code/session_01KnP4sw6wkheGXwHFTWjrFU

---

Generated by Claude Code