From f5af9e39375a4d02be212d358a575df9f36e6430 Mon Sep 17 00:00:00 2001
From: GitHub Actions Bot <github-actions[bot]@users.noreply.github.com>
Date: Tue, 20 Jan 2026 12:12:08 +0000
Subject: [PATCH] Add debug logging to guard context management

- Added logger.New("guard:context") for debug logging
- Added logging to GetAgentIDFromContext to trace agent ID retrieval
- Added logging to SetAgentIDInContext to track context updates
- Added logging to ExtractAgentIDFromAuthHeader for deprecated path tracking
- Added logging to GetRequestStateFromContext/SetRequestStateInContext
- Enhances visibility into security context flow and agent ID tracking
---
 internal/guard/context.go | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/internal/guard/context.go b/internal/guard/context.go
index 349ced81..7de9775f 100644
--- a/internal/guard/context.go
+++ b/internal/guard/context.go
@@ -26,8 +26,11 @@ import (
 	"context"
 
 	"github.com/githubnext/gh-aw-mcpg/internal/auth"
+	"github.com/githubnext/gh-aw-mcpg/internal/logger"
 )
 
+var log = logger.New("guard:context")
+
 // ContextKey is used for storing values in context
 type ContextKey string
 
@@ -43,13 +46,16 @@ const (
 // Returns "default" if not found
 func GetAgentIDFromContext(ctx context.Context) string {
 	if agentID, ok := ctx.Value(AgentIDContextKey).(string); ok && agentID != "" {
+		log.Printf("Retrieved agent ID from context: %s", agentID)
 		return agentID
 	}
+	log.Print("Agent ID not found in context, returning default")
 	return "default"
 }
 
 // SetAgentIDInContext sets the agent ID in the context
 func SetAgentIDInContext(ctx context.Context, agentID string) context.Context {
+	log.Printf("Setting agent ID in context: %s", agentID)
 	return context.WithValue(ctx, AgentIDContextKey, agentID)
 }
 
@@ -60,18 +66,24 @@ func SetAgentIDInContext(ctx context.Context, agentID string) context.Context {
 //
 // For MCP spec 7.1 compliant parsing with full error handling, use auth.ParseAuthHeader().
 func ExtractAgentIDFromAuthHeader(authHeader string) string {
-	return auth.ExtractAgentID(authHeader)
+	log.Print("Extracting agent ID from auth header (deprecated path)")
+	agentID := auth.ExtractAgentID(authHeader)
+	log.Printf("Extracted agent ID: %s", agentID)
+	return agentID
 }
 
 // GetRequestStateFromContext retrieves guard request state from context
 func GetRequestStateFromContext(ctx context.Context) RequestState {
 	if state, ok := ctx.Value(RequestStateContextKey).(RequestState); ok {
+		log.Print("Retrieved request state from context")
 		return state
 	}
+	log.Print("Request state not found in context")
 	return nil
 }
 
 // SetRequestStateInContext stores guard request state in context
 func SetRequestStateInContext(ctx context.Context, state RequestState) context.Context {
+	log.Print("Setting request state in context")
 	return context.WithValue(ctx, RequestStateContextKey, state)
 }