Merge pull request #12 from devonartis/fix/broker-url-undefined

devonartis · web-flow · commit ca6e2237ec2c · 2026-04-14T20:05:00.000-04:00
fix: broker_url undefined in code examples (TE-1/TE-2/TE-3)
diff --git a/README.md b/README.md
@@ -185,7 +185,7 @@ delegated = agent_a.delegate(
 )
 
 # Validate: delegated token has only partition-7
-result = validate(broker_url, delegated.access_token)
+result = validate(app.broker_url, delegated.access_token)
 print(result.claims.scope)  # ['read:data:partition-7']
 ```
 
diff --git a/docs/developer-guide.md b/docs/developer-guide.md
@@ -137,7 +137,7 @@ Always validate the delegated token to confirm the broker actually narrowed it:
 ```python
 from agentwrit import validate
 
-result = validate(broker_url, delegated.access_token)
+result = validate(app.broker_url, delegated.access_token)
 assert result.valid
 assert result.claims.scope == ["read:data:partition-7"]
 # partition-8 is NOT in the delegated token
@@ -179,7 +179,7 @@ delegated_ab = agent_a.delegate(
 
 # Hop 2: Use the delegated token to delegate further (raw HTTP)
 resp = httpx.post(
-    f"{broker_url}/v1/delegate",
+    f"{app.broker_url}/v1/delegate",
     json={
         "delegate_to": agent_c.agent_id,
         "scope": ["read:data:partition-7"],
@@ -259,7 +259,7 @@ For zero-trust enforcement, validate the token with the broker AND check scope:
 ```python
 from agentwrit import validate, scope_is_subset
 
-result = validate(broker_url, agent.access_token)
+result = validate(app.broker_url, agent.access_token)
 if result.valid and result.claims:
     # Token is live — now check scope
     if scope_is_subset(required_scope, result.claims.scope):
@@ -351,7 +351,7 @@ If someone sends a fake token to your app, `validate()` handles it gracefully:
 ```python
 from agentwrit import validate
 
-result = validate(broker_url, "completely-fake-not-a-jwt")
+result = validate(app.broker_url, "completely-fake-not-a-jwt")
 print(result.valid)  # False
 print(result.error)  # "token is invalid or expired"
 ```
@@ -406,7 +406,7 @@ Same behavior, but uses the app's broker URL and timeout.
 ### ValidateResult Fields
 
 ```python
-result = validate(broker_url, agent.access_token)
+result = validate(app.broker_url, agent.access_token)
 
 if result.valid:
     print(result.claims.iss)       # "agentwrit"
diff --git a/docs/getting-started.md b/docs/getting-started.md
@@ -115,7 +115,7 @@ Before trusting a token, ask the broker if it's still valid:
 ```python
 from agentwrit import validate
 
-result = validate(broker_url, agent.access_token)
+result = validate(app.broker_url, agent.access_token)
 
 if result.valid:
     print(f"Subject: {result.claims.sub}")     # SPIFFE ID

Original file line number	Diff line number	Diff line change
`@@ -185,7 +185,7 @@ delegated = agent_a.delegate(`
`185`	`185`	`)`
`186`	`186`
`187`	`187`	`# Validate: delegated token has only partition-7`
`188`		`-result = validate(broker_url, delegated.access_token)`
	`188`	`+result = validate(app.broker_url, delegated.access_token)`
`189`	`189`	`print(result.claims.scope) # ['read:data:partition-7']`
`190`	`190`	```
`191`	`191`