feat: credential MCP sidecar isolation with CI/CD pipeline support

[markturansky]

Summary

• Credential sidecar architecture: Isolates credential-bearing MCP servers (GitHub, Jira, K8s, Google) into per-provider sidecar containers injected by the control plane, replacing the previous in-runner credential fetching approach
• CI/CD pipeline support: Adds all 4 credential sidecar components to the Build and Push and Release Pipeline workflows, including build matrix entries, path triggers, and deploy-time image tag pinning on the control plane deployment
• Full-stack updates: CLI credential management, pr-test scripts, manifest overlays, migration ordering fixes, and acp backend MCP tools fallback when the sidecar is absent

Test plan

• Runner tests pass (549 tests, 66 MCP tests)
• CI builds all 4 credential sidecar images successfully
• PR test environment deploys with credential sidecars injected
• Session pods start with 5/5 containers (runner + 4 credential sidecars)
• CLI credential commands work end-to-end

🤖 Generated with Claude Code

Summary by CodeRabbit

Release Notes

• New Features

  • Real-time session event streaming with activity monitoring pane
  • RoleBinding manifest support in apply command
  • Service account authentication via client credentials flow
  • API URL override flag for CLI routing
  • Token display option in whoami command
  • Credential sidecar injection for enhanced agent isolation

• Bug Fixes

  • Corrected database migration ID sequencing
  • Added table existence validation for safer migrations

• Documentation

  • Updated deployment guide with credential sidecar configuration

[netlify]

✅ Deploy Preview for cheerful-kitten-f556a0 ready!

Name	Link
🔨 Latest commit	d04533a
🔍 Latest deploy log	https://app.netlify.com/projects/cheerful-kitten-f556a0/deploys/6a1d9e1a6bc9a4000898f37c
😎 Deploy Preview	https://deploy-preview-1623--cheerful-kitten-f556a0.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
🤖 Make changes	Run an agent on this branch

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

This PR integrates credential sidecars (MCP containers per provider) from build through control-plane injection, adds real-time SSE streaming with split-pane activity display to the TUI, expands CLI testing and role-binding support across commands, introduces service-account OAuth2 login, and updates migration IDs with defensive schema checks.

Changes

Credential Sidecars: Build Pipeline & Control-Plane Injection

Layer / File(s)	Summary
Build & Deployment Workflows .github/workflows/components-build-deploy.yml, .github/workflows/prod-release-deploy.yaml, components/pr-test/build.sh	Workflow matrices and manual dispatch inputs now include credential sidecars (GitHub/Jira/K8s/Google); deployment steps set MCP image env vars pinned to commit/release SHAs; build.sh constructs PR-tagged images with platform and version args.
Control-Plane Credential Sidecar Injection components/ambient-control-plane/internal/kubeclient/kubeclient.go, components/ambient-control-plane/internal/reconciler/kube_reconciler.go, components/manifests/.../*ambient-control-plane*	KubeReconciler extends KubeReconcilerConfig with per-provider MCP image tags and credential token handling; injects provider-specific sidecar containers into session pods with credential MCP URLs; updates network policy ingress to include CP runtime namespace; manages credential sidecar volumes and image-pull secrets.
PR Test Infrastructure components/pr-test/build.sh, components/pr-test/install-standard.sh, components/pr-test/install.sh, components/pr-test/provision.sh	Scripts provision ephemeral PR environments: build.sh tags and pushes PR images; install.sh deploys via kustomize with secret/kubeconfig setup and health checks; provision.sh manages instance lifecycle with capacity limits and ArgoCD cleanup.

TUI Live SSE Streaming & Split-Pane Activity Display

Layer / File(s)	Summary
SSE Client & Event Model components/ambient-cli/cmd/acpctl/ambient/tui/client.go, components/ambient-cli/cmd/acpctl/ambient/tui/model_new.go	TUIClient.OpenSSEStream opens SSE, scans/buffers multi-line data payloads, and forwards parsed events over a channel; AppModel stores SSE connection state (event channel, cancel context, active flag, sequence counter, text delta buffer) and provides lifecycle methods.
ActivityPane Implementation components/ambient-cli/cmd/acpctl/ambient/tui/views/activity.go	New ActivityPane buffers and flushes event deltas (text/reasoning/tool-args) on end markers; manages scroll, focus, and message count; renders entries by type with styled tags and wrapped text.
SSE Event Routing & AppModel Lifecycle components/ambient-cli/cmd/acpctl/ambient/tui/model_new.go	AppModel.Update consumes SSE events: extracts assistant snapshots, accumulates text deltas, routes conversation vs activity events to appropriate panes, schedules reconnect on stream end.
Split-Mode Messages View & SSE Integration components/ambient-cli/cmd/acpctl/ambient/tui/views/messages.go	MessageStream embeds ActivityPane with split-mode enabled by default; input routing targets focused pane (conversation/activity toggled via Tab); rendering splits height and border separately for each pane; event filtering separates conversation from activity.
Session Messages SSE Rendering components/ambient-cli/cmd/acpctl/session/messages.go	renderSSEStream introduces color-aware rendering with styled event output; buffers and flushes tool-call args; manages text-state transitions; compactWriter de-duplicates newlines.

CLI Enhancements: Testing, Role-Bindings, Authentication

Layer / File(s)	Summary
Agent CLI Command Tests components/ambient-cli/cmd/acpctl/agent/cmd_test.go	Integration test suite (25+ tests) for acpctl agent covering list, get, create, update, delete, start, stop, preview, and sessions with success paths, JSON output, validation errors, and request-body verification.
Credential CLI Tests & Role-Binding Apply Support components/ambient-cli/cmd/acpctl/credential/cmd_test.go, components/ambient-cli/cmd/acpctl/apply/cmd.go	Credential tests (25+ functions) verify CRUD, token, and bind subcommands; apply command adds role-binding resource support with manifest parsing, role/scope ID resolution, idempotency checking, and display-name generation.
Role-Binding Display, Client-Credentials Login & Token Display components/ambient-cli/cmd/acpctl/get/cmd.go, components/ambient-cli/cmd/acpctl/login/authcode.go, components/ambient-cli/cmd/acpctl/login/cmd.go, components/ambient-cli/cmd/acpctl/main.go, components/ambient-cli/cmd/acpctl/whoami/cmd.go	Get command resolves role/credential names for role-binding display; login adds client-credentials OAuth2 flow for service accounts; whoami adds --show-token flag; main.go adds persistent --api-url override flag.

Database Migrations & Documentation

Layer / File(s)	Summary
Migration ID Updates components/ambient-api-server/plugins/credentials/migration.go, components/ambient-api-server/plugins/projects/migration.go, components/ambient-api-server/plugins/roleBindings/migration.go	Migration IDs updated to reflect latest timestamps (credentials: 202605060003, projects: 202605060002); role-bindings migration adds table-existence check before schema changes.
Installer Skill Documentation skills/control-plane/ambient/SKILL.md	Documentation updated to describe credential sidecar container injection with provider-to-image mapping and deployment configuration for MCP image environment variables.

Possibly Related PRs

• ambient-code/platform#1548: Updates dropDisplayNameMigration ID and migration behavior, overlapping with this PR's projects migration ID update.
• ambient-code/platform#1599: Covers credential sidecar architecture and isolation specifications that directly map to this PR's control-plane injection and pod assembly changes.
• ambient-code/platform#1546: Modifies kube_reconciler.go for MCP sidecar mounting (service-ca, SSL_CERT_FILE), overlapping with this PR's credential sidecar volume and environment setup.

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (2 errors, 2 warnings)

Check name	Status	Explanation	Resolution
Performance And Algorithmic Complexity	❌ Error	Missing pagination in RoleBinding list (apply/cmd.go), parallel polling+SSE duplicate rendering, snapshot entries reuse seq values, silent error swallowing in name resolver.	Implement pagination loop in applyRoleBinding; disable polling when SSE active; increment baseSeq per entry; return errors from buildRoleBindingNameResolver.
Security And Secret Handling	❌ Error	Four security violations: token exposure via --show-token stdout leak, SQL injection in apply/cmd.go Search, plaintext tokens in credential API responses, K8s Secrets missing ownerReferences.	Mask --show-token output; escape Search() inputs; redact tokens from API responses; add ownerReferences to K8s Secrets; validate user input in backend queries.
Docstring Coverage	⚠️ Warning	Docstring coverage is 5.77% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Kubernetes Resource Safety	⚠️ Warning	Child resources (Pods, Secrets) created by control-plane reconciler lack OwnerReferences, causing orphaned resources and preventing automatic garbage collection on parent deletion.	Add OwnerReferences to pod and secret metadata in kube_reconciler.go—reference the owning AgenticSession or parent Deployment to enable automatic cleanup when sessions terminate.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	Title follows Conventional Commits format (feat: description) and clearly describes the main change—credential MCP sidecar isolation with CI/CD pipeline support, which aligns with the substantial architectural changes across control plane, CLI, runners, and deployment pipelines.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch credential-mcp-sidecar

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch credential-mcp-sidecar

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[mergify]

Merge Queue Status

• ✅ Entered queue — 2026-06-01 15:12 UTC · Rule: default
• ✅ Checks skipped · PR is already up-to-date
• ✅ Merged — 2026-06-01 15:13 UTC · at d04533a1bf7535f54220e82da891e348bd319ebe · squash

This pull request spent 48 seconds in the queue, including 10 seconds running CI.

Required conditions to merge

[jsell-rh]

RCA: Credential Sidecar Docker Build Failure on main

Symptom: CI fails building credential sidecar images with:

failed to calculate checksum of ref: "/components/credential-sidecars/entrypoint": not found
failed to calculate checksum of ref: "/components/ambient-mcp": not found

Root Cause: Build-context mismatch between the Dockerfiles and the CI matrix.

The Dockerfiles (e.g. components/credential-sidecars/github/Dockerfile) use repo-root-relative COPY paths:

COPY components/credential-sidecars/entrypoint/ ./entrypoint/
COPY components/ambient-mcp/ ./ambient-mcp/

But the CI matrix in components-build-deploy.yml sets context to ./components:

{"name":"credential-github","context":"./components",...}

Docker resolves COPY paths relative to the build context, so it looks for ./components/components/credential-sidecars/entrypoint/ — which doesn't exist.

Affected components: All four credential sidecars (github, jira, k8s, google).

Fix: Change the build context from "./components" to "." (repo root) for all credential-sidecar matrix entries, since the Dockerfiles expect repo-root-relative paths.