fix(control-plane): credential session unblock + project namespace cleanup + CLI credential verbs

[markturansky]

Summary

• fix(control-plane): Remove ensureCredentialRoleBindings from kube_reconciler.go — this was creating K8s RoleBinding objects referencing a non-existent credential:token-reader ClusterRole, blocking session provisioning. The runner authenticates via BOT_TOKEN (control-plane JWT injected as a secret), not K8s SA token, so the binding was vestigial and served no purpose.
• fix(control-plane): project_reconciler.go EventDeleted now calls DeprovisionNamespace instead of logging "namespace retained for safety" (was a deliberate no-op that was never wired up).
• feat(cli): Wire credentials into generic acpctl get/delete/describe verbs (was returning "unknown resource type").
• feat(cli): Add kind: Credential support to acpctl apply.
• feat(cli): Add -o json to acpctl agent start.
• feat(cli): Add demo-github.sh — end-to-end GitHub credential demo script alongside demo-kind.sh.

Test plan

• Start a session with a credential bound to an agent — should no longer fail with clusterroles.rbac.authorization.k8s.io "credential:token-reader" not found
• Delete a project — namespace should be deprovisioned (previously retained indefinitely)
• acpctl get credentials / acpctl describe credential <id> / acpctl delete credential <id> work as generic verbs
• acpctl apply with a kind: Credential YAML creates/patches the credential
• acpctl agent start <agent> -o json returns JSON session object
• ./components/ambient-cli/demo-github.sh runs end-to-end with a GitHub PAT

🤖 Generated with Claude Code

Summary by CodeRabbit

Release Notes

• New Features

  • Added JSON output format (--output/-o) for agent start command
  • Added credential management: create, list, view, and delete credentials via CLI
  • Included demo script for GitHub credential workflow

• Improvements

  • Projects now automatically clean up their namespaces upon deletion

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

This PR adds credential management capabilities to the Ambient CLI through acpctl commands (create/read/update/delete), includes a GitHub PAT demonstration script, removes credential RBAC role binding provisioning from the reconciler, and implements namespace cleanup on project deletion.

Changes

Cohort / File(s)	Summary
CLI Credential CRUD components/ambient-cli/cmd/acpctl/apply/cmd.go, delete/cmd.go, describe/cmd.go, get/cmd.go	Added credential resource support across apply, delete, describe, and get commands. Apply implements create-or-update semantics with patch diffing; delete removes credentials; describe fetches and displays as JSON; get lists credentials with table rendering (ID, NAME, PROVIDER, DESCRIPTION, AGE).
Agent Output Formatting components/ambient-cli/cmd/acpctl/agent/cmd.go	Added --output/-o flag to agent start command; when set to json, outputs session or response as JSON instead of human-readable text.
Demo Script components/ambient-cli/demo-github.sh	New Bash script demonstrating end-to-end GitHub PAT credential workflow: project/agent creation, credential setup, role-binding, agent session execution with timeout handling, and cleanup.
Reconciler Changes components/ambient-control-plane/internal/reconciler/kube_reconciler.go, project_reconciler.go	Removed credential RBAC role binding provisioning (ensureCredentialRoleBindings method) from session reconciliation; added active namespace deprovisioning on project deletion in project reconciler.

Sequence Diagram(s)

sequenceDiagram
    actor User
    participant CLI as acpctl<br/>(Demo Script)
    participant CP as Control Plane<br/>(API)
    participant K8s as Kubernetes
    participant Agent as Ambient Agent

    User->>CLI: demo-github.sh with GITHUB_TOKEN
    
    CLI->>CP: Create project
    CP-->>CLI: Project created
    
    CLI->>CP: Create agent
    CP-->>CLI: Agent created
    
    CLI->>CP: Create GitHub credential
    CP-->>CLI: Credential created
    
    CLI->>CP: Get credential:reader role ID
    CP-->>CLI: Role ID
    
    CLI->>CP: Create role-binding (user → credential:reader)
    CP-->>CLI: Binding created
    
    CLI->>CP: Start agent session<br/>(with prompt)
    CP->>K8s: Deploy session pod<br/>(with CREDENTIAL_IDS env)
    K8s->>Agent: Launch container
    CP-->>CLI: Session ID
    
    CLI->>CP: Poll session phase
    loop Until Running
        CP-->>CLI: Phase status
    end
    
    CLI->>CP: Stream session messages
    loop Until RUN_FINISHED/RUN_ERROR
        Agent->>CP: Send execution updates
        CP-->>CLI: Message stream
    end
    
    CLI->>CP: Stop session
    CLI->>CP: Delete credential
    CLI->>CP: Delete project
    CP-->>CLI: Cleanup complete
    
    CLI-->>User: Demo results & cleanup summary

Loading

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error, 1 warning)

Check name	Status	Explanation	Resolution
Security And Secret Handling	❌ Error	demo-github.sh exposes GitHub PAT tokens via command arguments visible in ps output and logs session transcripts with sensitive data unmasked.	Pass tokens via stdin or environment variables, and filter sensitive fields from logged session transcripts before output.
Docstring Coverage	⚠️ Warning	Docstring coverage is 7.14% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	Title follows Conventional Commits format with type(scope): description pattern and accurately summarizes the three main changes: credential session unblocking, project namespace cleanup, and CLI credential verb support.
Performance And Algorithmic Complexity	✅ Passed	No performance regressions detected. List operations use pagination (default limit 100), API flows make single calls per resource with no N+1 patterns, polling loops are bounded with explicit timeouts, and credential RBAC operations were removed.
Kubernetes Resource Safety	✅ Passed	PR safely manages Kubernetes resources with proper namespace scoping, container resource limits/requests, pod security contexts, and appropriately scoped RBAC (specific verbs/resources, no wildcards). Improvements made by removing broken ensureCredentialRoleBindings code.

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/cp-credential-rolebinding-and-project-delete

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch fix/cp-credential-rolebinding-and-project-delete

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}