fix(a2a): add type validation for email extraction in list_agents_for_user

[bogdanmariusc10]

🔗 Related Issue

Closes #4670

---

📝 Summary

Root Cause Fix: Adds type validation for email extraction in the deprecated list_agents_for_user() method to prevent passing dict objects to SQL queries.

Problem: The method was extracting email from user_info dict without validating it was a string. When the "email" key contained a nested dict or other object, it was passed directly to SQL queries, causing:

Error binding parameter 1: type 'dict' is not supported

Solution: Added type validation immediately after email extraction (lines 1118-1126). If a non-string is detected:

• Logs a warning with type information for debugging
• Uses empty string (public-only access, fail-safe)
• Prevents SQL binding error

Defense-in-Depth: This fix complements the defensive validation added in PR #4637 at the get_rpc_filter_context() level. Both layers follow security best practices.

Why Other Code Paths Are Safe:

• Other service methods accept user_email: str parameters, not dicts
• The get_user_email() helper already has proper type validation
• Endpoint handlers receive validated dicts from get_current_user_with_permissions()

---

🏷️ Type of Change

• Bug fix
• Feature / Enhancement
• Documentation
• Refactor
• Chore (deps, CI, tooling)
• Other (describe below)

---

🧪 Verification

Check	Command	Status
Lint suite	make lint	✅ Pass
Unit tests	make test	✅ Pass
Coverage ≥ 80%	make coverage	✅ Pass

---

✅ Checklist

• Code formatted (make black isort pre-commit)
• Tests added/updated for changes
• Documentation updated (if applicable)
• No secrets or credentials committed

---

📓 Notes

Investigation Methodology:

1. Traced error from TeamManagementService.get_user_teams() back through call chain
2. Examined all 31 calls to get_user_teams() across the codebase
3. Searched for all 74 occurrences of .get("email") patterns
4. Identified list_agents_for_user() as the only vulnerable code path

Code Change (lines 1118-1126):

# BEFORE (buggy):
user_email = user_info.get("email", "")

# AFTER (fixed):
email_value = user_info.get("email", "")
# SECURITY: Ensure email is a string, not a nested dict or other object
# This prevents passing entire user dicts to SQL queries
if isinstance(email_value, str):
    user_email = email_value
else:
    logger.warning(
        f"list_agents_for_user: user_info['email'] is non-string type {type(email_value).__name__}, using empty string"
    )
    user_email = ""

Security Consideration: Setting user_email to empty string when type validation fails results in public-only access, which is the secure default per the two-layer security model documented in AGENTS.md.

Test Coverage: PR #4637 added comprehensive test coverage for the symptom at the get_rpc_filter_context() level. This root cause fix ensures those tests continue to pass, but warning logs should not fire in normal operation since the issue is now prevented at the source.

Added tests for type validation logic: /tests/unit/mcpgateway/services/test_a2a_service.py::TestListAgentsForUserTypeValidation