Skip to content

feat: credential MCP sidecar isolation with CI/CD pipeline support#1623

Merged
mergify[bot] merged 1 commit into
mainfrom
credential-mcp-sidecar
Jun 1, 2026
Merged

feat: credential MCP sidecar isolation with CI/CD pipeline support#1623
mergify[bot] merged 1 commit into
mainfrom
credential-mcp-sidecar

Conversation

@markturansky
Copy link
Copy Markdown
Contributor

@markturansky markturansky commented Jun 1, 2026
edited by coderabbitai Bot
Loading

Summary

  • Credential sidecar architecture: Isolates credential-bearing MCP servers (GitHub, Jira, K8s, Google) into per-provider sidecar containers injected by the control plane, replacing the previous in-runner credential fetching approach
  • CI/CD pipeline support: Adds all 4 credential sidecar components to the Build and Push and Release Pipeline workflows, including build matrix entries, path triggers, and deploy-time image tag pinning on the control plane deployment
  • Full-stack updates: CLI credential management, pr-test scripts, manifest overlays, migration ordering fixes, and acp backend MCP tools fallback when the sidecar is absent

Test plan

  • Runner tests pass (549 tests, 66 MCP tests)
  • CI builds all 4 credential sidecar images successfully
  • PR test environment deploys with credential sidecars injected
  • Session pods start with 5/5 containers (runner + 4 credential sidecars)
  • CLI credential commands work end-to-end

🤖 Generated with Claude Code

Summary by CodeRabbit

Release Notes

  • New Features

    • Real-time session event streaming with activity monitoring pane
    • RoleBinding manifest support in apply command
    • Service account authentication via client credentials flow
    • API URL override flag for CLI routing
    • Token display option in whoami command
    • Credential sidecar injection for enhanced agent isolation

  • Bug Fixes

    • Corrected database migration ID sequencing
    • Added table existence validation for safer migrations

  • Documentation

    • Updated deployment guide with credential sidecar configuration

@netlify
Copy link
Copy Markdown

netlify Bot commented Jun 1, 2026
edited
Loading

Deploy Preview for cheerful-kitten-f556a0 ready!

Name Link
🔨 Latest commit d04533a
🔍 Latest deploy log https://app.netlify.com/projects/cheerful-kitten-f556a0/deploys/6a1d9e1a6bc9a4000898f37c
😎 Deploy Preview https://deploy-preview-1623--cheerful-kitten-f556a0.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
🤖 Make changes Run an agent on this branch

To edit notification comments on pull requests, go to your Netlify project configuration.

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Jun 1, 2026
edited
Loading

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

This PR integrates credential sidecars (MCP containers per provider) from build through control-plane injection, adds real-time SSE streaming with split-pane activity display to the TUI, expands CLI testing and role-binding support across commands, introduces service-account OAuth2 login, and updates migration IDs with defensive schema checks.

Changes

Credential Sidecars: Build Pipeline & Control-Plane Injection

Layer / File(s) Summary
Build & Deployment Workflows
.github/workflows/components-build-deploy.yml, .github/workflows/prod-release-deploy.yaml, components/pr-test/build.sh		 Workflow matrices and manual dispatch inputs now include credential sidecars (GitHub/Jira/K8s/Google); deployment steps set MCP image env vars pinned to commit/release SHAs; build.sh constructs PR-tagged images with platform and version args.
Control-Plane Credential Sidecar Injection
components/ambient-control-plane/internal/kubeclient/kubeclient.go, components/ambient-control-plane/internal/reconciler/kube_reconciler.go, components/manifests/.../*ambient-control-plane*		 KubeReconciler extends KubeReconcilerConfig with per-provider MCP image tags and credential token handling; injects provider-specific sidecar containers into session pods with credential MCP URLs; updates network policy ingress to include CP runtime namespace; manages credential sidecar volumes and image-pull secrets.
PR Test Infrastructure
components/pr-test/build.sh, components/pr-test/install-standard.sh, components/pr-test/install.sh, components/pr-test/provision.sh		 Scripts provision ephemeral PR environments: build.sh tags and pushes PR images; install.sh deploys via kustomize with secret/kubeconfig setup and health checks; provision.sh manages instance lifecycle with capacity limits and ArgoCD cleanup.

TUI Live SSE Streaming & Split-Pane Activity Display

Layer / File(s) Summary
SSE Client & Event Model
components/ambient-cli/cmd/acpctl/ambient/tui/client.go, components/ambient-cli/cmd/acpctl/ambient/tui/model_new.go		 TUIClient.OpenSSEStream opens SSE, scans/buffers multi-line data payloads, and forwards parsed events over a channel; AppModel stores SSE connection state (event channel, cancel context, active flag, sequence counter, text delta buffer) and provides lifecycle methods.
ActivityPane Implementation
components/ambient-cli/cmd/acpctl/ambient/tui/views/activity.go		 New ActivityPane buffers and flushes event deltas (text/reasoning/tool-args) on end markers; manages scroll, focus, and message count; renders entries by type with styled tags and wrapped text.
SSE Event Routing & AppModel Lifecycle
components/ambient-cli/cmd/acpctl/ambient/tui/model_new.go		 AppModel.Update consumes SSE events: extracts assistant snapshots, accumulates text deltas, routes conversation vs activity events to appropriate panes, schedules reconnect on stream end.
Split-Mode Messages View & SSE Integration
components/ambient-cli/cmd/acpctl/ambient/tui/views/messages.go		 MessageStream embeds ActivityPane with split-mode enabled by default; input routing targets focused pane (conversation/activity toggled via Tab); rendering splits height and border separately for each pane; event filtering separates conversation from activity.
Session Messages SSE Rendering
components/ambient-cli/cmd/acpctl/session/messages.go		 renderSSEStream introduces color-aware rendering with styled event output; buffers and flushes tool-call args; manages text-state transitions; compactWriter de-duplicates newlines.

CLI Enhancements: Testing, Role-Bindings, Authentication

Layer / File(s) Summary
Agent CLI Command Tests
components/ambient-cli/cmd/acpctl/agent/cmd_test.go		 Integration test suite (25+ tests) for acpctl agent covering list, get, create, update, delete, start, stop, preview, and sessions with success paths, JSON output, validation errors, and request-body verification.
Credential CLI Tests & Role-Binding Apply Support
components/ambient-cli/cmd/acpctl/credential/cmd_test.go, components/ambient-cli/cmd/acpctl/apply/cmd.go		 Credential tests (25+ functions) verify CRUD, token, and bind subcommands; apply command adds role-binding resource support with manifest parsing, role/scope ID resolution, idempotency checking, and display-name generation.
Role-Binding Display, Client-Credentials Login & Token Display
components/ambient-cli/cmd/acpctl/get/cmd.go, components/ambient-cli/cmd/acpctl/login/authcode.go, components/ambient-cli/cmd/acpctl/login/cmd.go, components/ambient-cli/cmd/acpctl/main.go, components/ambient-cli/cmd/acpctl/whoami/cmd.go		 Get command resolves role/credential names for role-binding display; login adds client-credentials OAuth2 flow for service accounts; whoami adds --show-token flag; main.go adds persistent --api-url override flag.

Database Migrations & Documentation

Layer / File(s) Summary
Migration ID Updates
components/ambient-api-server/plugins/credentials/migration.go, components/ambient-api-server/plugins/projects/migration.go, components/ambient-api-server/plugins/roleBindings/migration.go		 Migration IDs updated to reflect latest timestamps (credentials: 202605060003, projects: 202605060002); role-bindings migration adds table-existence check before schema changes.
Installer Skill Documentation
skills/control-plane/ambient/SKILL.md		 Documentation updated to describe credential sidecar container injection with provider-to-image mapping and deployment configuration for MCP image environment variables.

Possibly Related PRs

  • ambient-code/platform#1548: Updates dropDisplayNameMigration ID and migration behavior, overlapping with this PR's projects migration ID update.
  • ambient-code/platform#1599: Covers credential sidecar architecture and isolation specifications that directly map to this PR's control-plane injection and pod assembly changes.
  • ambient-code/platform#1546: Modifies kube_reconciler.go for MCP sidecar mounting (service-ca, SSL_CERT_FILE), overlapping with this PR's credential sidecar volume and environment setup.

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (2 errors, 2 warnings)

Check name Status Explanation Resolution
Performance And Algorithmic Complexity ❌ Error Missing pagination in RoleBinding list (apply/cmd.go), parallel polling+SSE duplicate rendering, snapshot entries reuse seq values, silent error swallowing in name resolver. Implement pagination loop in applyRoleBinding; disable polling when SSE active; increment baseSeq per entry; return errors from buildRoleBindingNameResolver.
Security And Secret Handling ❌ Error Four security violations: token exposure via --show-token stdout leak, SQL injection in apply/cmd.go Search, plaintext tokens in credential API responses, K8s Secrets missing ownerReferences. Mask --show-token output; escape Search() inputs; redact tokens from API responses; add ownerReferences to K8s Secrets; validate user input in backend queries.
Docstring Coverage ⚠️ Warning Docstring coverage is 5.77% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
Kubernetes Resource Safety ⚠️ Warning Child resources (Pods, Secrets) created by control-plane reconciler lack OwnerReferences, causing orphaned resources and preventing automatic garbage collection on parent deletion. Add OwnerReferences to pod and secret metadata in kube_reconciler.go—reference the owning AgenticSession or parent Deployment to enable automatic cleanup when sessions terminate.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed Title follows Conventional Commits format (feat: description) and clearly describes the main change—credential MCP sidecar isolation with CI/CD pipeline support, which aligns with the substantial architectural changes across control plane, CLI, runners, and deployment pipelines.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch credential-mcp-sidecar
✨ Simplify code
  • Create PR with simplified code
  • Commit simplified code in branch credential-mcp-sidecar

Comment @coderabbitai help to get the list of available commands and usage tips.

@claude
feat: credential MCP sidecar isolation with CI/CD pipeline support
d04533a 
Isolate credential-bearing MCP servers (GitHub, Jira, K8s, Google) into
per-provider sidecar containers injected by the control plane. Add all 4
credential sidecar components to CI/CD build and deploy pipelines.

Key changes:
- Credential sidecar Dockerfiles, entrypoint, and token refresh via CP exchange
- Control plane per-credential sidecar injection with hardened SecurityContext
- Runner SSE sidecar transport for credential MCP servers
- Add credential-github/jira/k8s/google to build matrix and deploy steps
- CLI credential management, RoleBinding support, activity view
- Restore acp backend MCP tools as fallback when sidecar is absent
- Migration ordering fix for roleBindings plugin
- pr-test build/install/provision scripts

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
@markturansky markturansky force-pushed the credential-mcp-sidecar branch from b787aa5 to d04533a Compare June 1, 2026 14:58
@mergify mergify Bot added the queued label Jun 1, 2026
@mergify
Copy link
Copy Markdown
Contributor

mergify Bot commented Jun 1, 2026
edited
Loading

Merge Queue Status

  • Entered queue2026-06-01 15:12 UTC · Rule: default
  • Checks skipped · PR is already up-to-date
  • Merged2026-06-01 15:13 UTC · at d04533a1bf7535f54220e82da891e348bd319ebe · squash

This pull request spent 48 seconds in the queue, including 10 seconds running CI.

Required conditions to merge

@mergify mergify Bot merged commit f6efa98 into main Jun 1, 2026
34 of 64 checks passed
@mergify mergify Bot deleted the credential-mcp-sidecar branch June 1, 2026 15:13
@mergify mergify Bot removed the queued label Jun 1, 2026
@jsell-rh
Copy link
Copy Markdown
Contributor

jsell-rh commented Jun 1, 2026

RCA: Credential Sidecar Docker Build Failure on main

Symptom: CI fails building credential sidecar images with:

failed to calculate checksum of ref: "/components/credential-sidecars/entrypoint": not found
failed to calculate checksum of ref: "/components/ambient-mcp": not found

Root Cause: Build-context mismatch between the Dockerfiles and the CI matrix.

The Dockerfiles (e.g. components/credential-sidecars/github/Dockerfile) use repo-root-relative COPY paths:

COPY components/credential-sidecars/entrypoint/ ./entrypoint/
COPY components/ambient-mcp/ ./ambient-mcp/

But the CI matrix in components-build-deploy.yml sets context to ./components:

{"name":"credential-github","context":"./components",...}

Docker resolves COPY paths relative to the build context, so it looks for ./components/components/credential-sidecars/entrypoint/ — which doesn't exist.

Affected components: All four credential sidecars (github, jira, k8s, google).

Fix: Change the build context from "./components" to "." (repo root) for all credential-sidecar matrix entries, since the Dockerfiles expect repo-root-relative paths.

@markturansky markturansky mentioned this pull request Jun 1, 2026
Merged
2 tasks
mergify Bot added a commit that referenced this pull request Jun 1, 2026
@markturansky @claude @mergify
fix: correct COPY paths in credential sidecar Dockerfiles for CI buil…
2efb2db 
…d context (#1627)

## Summary

- All 4 credential sidecar Dockerfiles (github, jira, k8s, google) used
`COPY components/...` paths, but the CI workflow sets the Docker build
context to `./components`, causing paths to resolve to the non-existent
`./components/components/...`
- Removed the `components/` prefix so COPY paths are relative to the
`./components` build context, matching the pattern used by
`ambient-control-plane` and `ambient-ui` Dockerfiles
- This fixes the broken credential sidecar builds on main introduced in
#1623

## Test plan
- [ ] CI credential sidecar builds pass (github, jira, k8s, google)
- [ ] Verify built images start correctly

🤖 Generated with [Claude Code](https://claude.ai/code)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
* Updated build configuration for credential sidecar services to adjust
source paths during the build process. No changes to runtime
functionality.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Co-authored-by: user <u@example.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@markturansky @jsell-rh