feat: ambient control plane with gRPC runner integration#975
Merged
Gkrumbach07 merged 3 commits intomainfrom Mar 20, 2026
Merged
feat: ambient control plane with gRPC runner integration#975Gkrumbach07 merged 3 commits intomainfrom
Gkrumbach07 merged 3 commits intomainfrom
Conversation
Contributor
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
WalkthroughThis pull request introduces Changes
Sequence Diagram(s)sequenceDiagram
participant API as API Server
participant CP as Control Plane
participant Informer as Informer/Cache
participant Reconciler as Reconcilers
participant K8s as Kubernetes
API->>CP: gRPC Watch Stream (sessions)
CP->>Informer: Register handlers
loop Initial List Sync
Informer->>API: List sessions (paginated)
API-->>Informer: sessions batch
Informer->>Informer: Populate cache
Informer->>Reconciler: Dispatch ADDED event
end
loop Watch Stream
API->>CP: Session created/updated/deleted
CP->>Informer: Receive watch event
Informer->>Informer: Update cache
Informer->>Reconciler: Dispatch event
alt EventAdded or Modified
Reconciler->>K8s: Get/Create namespace
Reconciler->>K8s: Get/Create secret
Reconciler->>K8s: Get/Create ServiceAccount
Reconciler->>K8s: Get/Create Pod
Reconciler->>K8s: Get/Create Service
K8s-->>Reconciler: Resources created
Reconciler->>API: UpdateStatus (PhaseRunning)
end
alt EventDeleted
Reconciler->>K8s: Delete pods/secrets/services
K8s-->>Reconciler: Deleted
end
end
sequenceDiagram
participant Runner as Runner/FastAPI
participant gRPC as gRPC Client
participant API as API Server
participant SSE as SSE Listener
Runner->>gRPC: AmbientGRPCClient.from_env()
alt Initial Prompt via gRPC
Runner->>gRPC: session_messages.push(event_type="user")
gRPC->>API: PushSessionMessage
API-->>gRPC: Response with seq
gRPC-->>Runner: SessionMessage
end
Runner->>SSE: Create queue in _active_streams[thread_id]
Runner->>gRPC: session_messages.watch(after_seq)
loop Watch Stream
API->>gRPC: SessionMessage (event_type="user")
gRPC->>SSE: Enqueue message
SSE->>Runner: Return to GET /events/{thread_id}
end
loop Run Processing
Runner->>Runner: bridge.run(input)
Runner->>gRPC: push MESSAGES_SNAPSHOT
gRPC->>API: PushSessionMessage
Runner->>gRPC: push RUN_FINISHED
gRPC->>API: PushSessionMessage
end
🎯 4 (Complex) | ⏱️ ~75 minutes ✨ Finishing Touches🧪 Generate unit tests (beta)
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 61
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
components/runners/ambient-runner/ambient_runner/bridges/claude/bridge.py (1)
184-192:⚠️ Potential issue | 🟠 MajorHarden shutdown so one cleanup failure does not block the rest.
At Line 187, if
self._grpc_listener.stop()throws,self._session_manager.shutdown()andself._obs.finalize()are skipped. That can leave state unflushed during process termination.Suggested fix
async def shutdown(self) -> None: """Graceful shutdown: persist sessions, finalise tracing.""" - if self._grpc_listener: - await self._grpc_listener.stop() - if self._session_manager: - await self._session_manager.shutdown() - if self._obs: - await self._obs.finalize() + if self._grpc_listener: + try: + await self._grpc_listener.stop() + except Exception: + logger.exception("ClaudeBridge: failed stopping gRPC listener") + if self._session_manager: + try: + await self._session_manager.shutdown() + except Exception: + logger.exception("ClaudeBridge: failed shutting down session manager") + if self._obs: + try: + await self._obs.finalize() + except Exception: + logger.exception("ClaudeBridge: failed finalizing observability") logger.info("ClaudeBridge: shutdown complete")As per coding guidelines, "Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/runners/ambient-runner/ambient_runner/bridges/claude/bridge.py` around lines 184 - 192, The shutdown coroutine in ClaudeBridge currently awaits self._grpc_listener.stop(), self._session_manager.shutdown(), and self._obs.finalize() sequentially so an exception in one prevents the others from running; update the shutdown method to call each cleanup (self._grpc_listener.stop, self._session_manager.shutdown, self._obs.finalize) in its own try/except block (or gather/await with return_exceptions=True) and log any exceptions so a failure in one step does not skip the remaining cleanup operations, and still log "ClaudeBridge: shutdown complete" after attempting all three.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/ambient-control-plane-tests.yml:
- Around line 1-3: Add an explicit permissions block to the "Control Plane Unit
Tests" workflow to grant least-privilege tokens; update the top-level workflow
(the job that begins under the "Control Plane Unit Tests" name and the existing
on: trigger) to include a permissions: section that only grants the scopes your
tests require (for example: permissions: contents: read and any other minimal
scopes such as packages: read or id-token: write if your jobs need them),
removing the default broad token privileges.
In `@components/ambient-control-plane/cmd/ambient-control-plane/main.go`:
- Around line 180-188: grpcCredentials currently calls loadServiceCAPool() which
re-reads the service CA file; instead accept or reuse the already-loaded cert
pool to avoid repeated file reads. Change grpcCredentials(useTLS bool) to
grpcCredentials(useTLS bool, pool *x509.CertPool) (or use a package-level
cachedPool set in main()), and when useTLS is true construct
credentials.NewTLS(&tls.Config{MinVersion: tls.VersionTLS12, RootCAs: pool}) so
callers (e.g., main) pass the pool loaded at startup from loadServiceCAPool;
update all grpcCredentials call sites accordingly.
- Around line 171-178: installServiceCAIntoDefaultTransport currently replaces
http.DefaultTransport with a brand-new http.Transport which discards proxy,
timeouts, keep-alive, and pooling; instead, obtain the existing transport by
type-asserting http.DefaultTransport to *http.Transport (fall back to
http.DefaultTransport.(*http.Transport) safely), clone it (use the Clone method
if available) or shallow-copy it, then set/ensure TLSClientConfig with
MinVersion tls.VersionTLS12 and RootCAs = pool and finally assign the modified
clone back to http.DefaultTransport so all original defaults (proxy, timeouts,
connection pooling) are preserved.
In `@components/ambient-control-plane/Dockerfile`:
- Line 17: The Dockerfile uses an unstable base image tag ("FROM
registry.access.redhat.com/ubi9/ubi-minimal:latest") which makes builds
non-reproducible; replace the ":latest" with an immutable version tag or digest
(e.g., the same pinned tag/digest style used by public-api, ambient-runner,
state-sync) so the FROM directive is deterministic and audited—update the
Dockerfile's FROM line to reference that specific tag or sha256 digest and
verify the image checksum matches the repository policy.
In `@components/ambient-control-plane/Dockerfile.simple`:
- Line 1: The Dockerfile.simple currently uses an unpinned base image
"registry.access.redhat.com/ubi9/ubi-minimal:latest"; replace that with a
specific released tag or an immutable digest (for example
"registry.access.redhat.com/ubi9/ubi-minimal:<RELEASE_TAG>" or
"registry.access.redhat.com/ubi9/ubi-minimal@sha256:<DIGEST>") and update the
build pipeline to inject/verify that tag or digest so rebuilds are deterministic
and do not drift across identical commits.
In `@components/ambient-control-plane/docs/api-surface.md`:
- Around line 136-145: The docs currently describe query params `search` (SQL
WHERE fragment) and `orderBy` (SQL ORDER BY fragment), which exposes a SQL
injection surface; update the API surface docs to remove raw SQL examples and
instead describe a structured `filters` parameter (e.g., JSON or repeated
key/value pairs with explicit operators) and a `sort` parameter that only
accepts an allow-listed set of sortable field names and directions (e.g.,
`field:asc|desc`), and document validation/tenant-scoping rules for these
parameters so callers cannot supply arbitrary SQL; reference the `search` and
`orderBy` entries and replace them with the new `filters` and `sort` parameter
descriptions and examples plus mention of server-side allow-listing and operator
constraints.
In `@components/ambient-control-plane/internal/informer/informer.go`:
- Line 105: The Run() startup currently calls initialSync() which writes ADDED
events into eventCh (buffered 256) before dispatchLoop() and watch handlers are
running, allowing dispatchBlocking() to deadlock and causing missed mutations;
fix by starting the dispatcher and wiring watch handlers (i.e., start
dispatchLoop() / its goroutine and any watch handler registration) before
calling initialSync(), and ensure watches are started with the snapshot's
resourceVersion (handoff) so watch requests resume from the snapshot; update
code paths referencing initialSync(), dispatchLoop(), dispatchBlocking(), and
eventCh to reflect this ordering change.
In `@components/ambient-control-plane/internal/reconciler/kube_reconciler.go`:
- Around line 210-240: ensureNamespaceExists currently skips calling
ensureImagePullAccess when a namespace already exists and
ensureImagePullAccess/create logic always uses the same RoleBinding name
(ambient-image-puller) in RunnerImageNamespace, so later namespaces never get
added as subjects; change ensureNamespaceExists to always call
ensureImagePullAccess(namespace) regardless of whether the namespace pre-exists,
and modify ensureImagePullAccess to reconcile (Get then Create/Update) the
RoleBinding in RunnerImageNamespace: ensure the RoleBinding's subjects include
the ServiceAccount (or namespace-scoped subject) for the passed namespace
instead of only attempting a Create and ignoring AlreadyExists; alternatively
make the RoleBinding name unique per target namespace (include the target
namespace in the RoleBinding name) so each session namespace is granted pull
access. Ensure these changes touch ensureNamespaceExists and
ensureImagePullAccess and the use of RunnerImageNamespace / ambient-image-puller
RoleBinding reconciliation.
- Around line 425-429: The runner currently unconditionally sets
AMBIENT_GRPC_CA_CERT_FILE, SSL_CERT_FILE, and REQUESTS_CA_BUNDLE to
/etc/pki/ca-trust/extracted/pem/service-ca.crt even though the "service-ca"
ConfigMap key "openshift-service-ca.crt" is optional; modify the reconciler
logic in kube_reconciler.go so those env vars are only added when the service-ca
configmap/key is actually present or successfully mounted (i.e., check existence
of the ConfigMap/key before adding the volume/volumeMount and env vars),
otherwise omit the env vars (or leave them unset) to avoid pointing TLS clients
at a missing file; update the same conditional behavior where env vars are
currently set (references: the "service-ca" configMap entry and the
AMBIENT_GRPC_CA_CERT_FILE, SSL_CERT_FILE, REQUESTS_CA_BUNDLE env var
assignments).
In
`@components/ambient-control-plane/internal/reconciler/project_settings_reconciler.go`:
- Around line 190-199: The mapRoleToClusterRole function currently maps any
unknown role to "ambient-project-view", which can silently grant unintended
access; change mapRoleToClusterRole to validate inputs and not silently
default—either return an error (e.g., change signature to (string) (string,
error)) or return an explicit sentinel like "" and log a warning when role is
unrecognized, and update callers to handle the error/sentinel (in functions that
call mapRoleToClusterRole) by rejecting the request or applying a safe fallback;
reference the mapRoleToClusterRole function name and adjust its callers to
surface logging (use existing logger) or propagate the error rather than
assuming view access.
- Around line 130-138: The loop that iterates over entries currently logs errors
from ensureGroupRoleBinding but returns nil, hiding failures; change this to
propagate errors by collecting failures and returning an aggregated error (or
return immediately on first failure if you prefer atomic behavior).
Specifically, in the method containing the for _, entry := range entries loop,
keep calling ensureGroupRoleBinding(ctx, namespace, entry.GroupName, entry.Role)
but on error append it to an error slice (or wrap it into a multi-error using
fmt.Errorf or an errors.Join-equivalent) and continue, then after the loop
return the combined error if any (while retaining the existing r.logger.Error()
calls for visibility); alternatively implement the early-return variant by
returning the first non-nil error from ensureGroupRoleBinding immediately.
- Around line 67-71: The namespace derived in ensureProjectSettings currently
uses strings.ToLower(ps.ProjectID) which doesn't remove invalid characters
(e.g., underscores) and will break Kubernetes API calls; replace that
construction with the existing sanitizer (call
sanitizeK8sName(strings.ToLower(ps.ProjectID))) used in project_reconciler.go so
the name is stripped/truncated to a valid k8s namespace, and make the same
change in namespaceForSession (shared.go) which kube_reconciler.go relies on so
all namespaces are normalized to the k8s-safe form.
In `@components/ambient-control-plane/internal/reconciler/stress_test.go`:
- Around line 344-347: The test currently calls t.Errorf inside goroutines
(where tallyReconciler.Reconcile is invoked), which causes data races; change
this by creating an errors channel (e.g., errs := make(chan string, N)) or a
slice protected by a mutex, have each goroutine send its formatted error string
(using index, err, etc.) to that channel instead of calling t.Errorf, close the
channel after wg.Wait() (or send to a buffered channel and then wg.Wait() then
close), and after wg.Wait() range over errs and call t.Errorf for each collected
message so all test failure reporting happens on the main test goroutine. Ensure
references to tallyReconciler.Reconcile(ctx, event) and the loop index are
preserved when building the error message.
In `@components/ambient-control-plane/internal/reconciler/tally_reconciler.go`:
- Around line 98-106: The deletion handler in SessionTallyReconciler
(handleSessionDeleted) decrements r.tally.TotalSessions unconditionally which
can drive TotalSessions negative for orphaned delete events; guard the decrement
by checking r.tally.TotalSessions > 0 before doing r.tally.TotalSessions-- (or
clamp to 0 if you prefer), leaving the existing SessionsByPhase logic as-is (it
already checks >0); update only the decrement for r.tally.TotalSessions to
prevent negative counts.
In `@components/ambient-control-plane/internal/reconciler/tally.go`:
- Around line 26-44: The TallyReconciler currently stores an unused sdk
*sdkclient.Client field and accepts it in NewTallyReconciler; remove the unused
field and constructor parameter to avoid confusion: delete the sdk field from
the TallyReconciler struct, change NewTallyReconciler to no longer accept the
sdk *sdkclient.Client parameter and adjust its return instantiation accordingly,
and update all call sites that invoke NewTallyReconciler to stop passing an
sdkclient.Client; if you intend to keep the field for future use, alternatively
mark it clearly with a comment and prefix it with an underscore (e.g., _sdk) so
linters and readers know it is intentionally unused.
In `@components/ambient-control-plane/Makefile`:
- Around line 11-13: The binary target fails on a clean checkout because the
parent directory for $(BINARY_NAME) (e.g., bin/) is removed elsewhere and the
binary target never recreates it; update the binary target (refer to target name
"binary" and variable "BINARY_NAME") to ensure the output directory exists
before running go build—create the parent directory (e.g., via mkdir -p on the
directory of $(BINARY_NAME)) as a prerequisite or as a pre-build step so go
build can write the output successfully.
In `@components/manifests/base/ambient-control-plane-service.yml`:
- Around line 17-46: The pod spec using serviceAccountName ambient-control-plane
must be hardened: add a pod-level securityContext and a container-level
securityContext for the container named ambient-control-plane that set
runAsNonRoot: true (and a non-root runAsUser), set allowPrivilegeEscalation:
false, readOnlyRootFilesystem: true, drop capabilities to ["ALL"], and set
seccompProfile: { type: RuntimeDefault }; ensure these fields are added
alongside the existing resources/env entries so the pod and container
securityContext blocks are present and correctly indented.
In `@components/manifests/base/core/ambient-api-server-service.yml`:
- Around line 81-82: The manifest currently points --https-cert-file and
--https-key-file at /secrets/tls/... which doesn't exist; update the flag values
to the mounted secret path (/etc/tls/tls.crt and /etc/tls/tls.key) wherever
these flags appear (the arg entries for --https-cert-file and --https-key-file
in the server container spec, including the duplicate occurrence later in the
args block) so the server loads the certificate pair from the actual tls-certs
mount.
In `@components/manifests/base/platform/ambient-api-server-db.yml`:
- Around line 61-62: The image field currently uses an unstable tag
("registry.redhat.io/rhel9/postgresql-16:latest"); update the image in this
manifest to a fixed, immutable reference (either a specific release tag or a
sha256 digest) and keep imagePullPolicy as needed—edit the image value in the
same resource where image and imagePullPolicy are defined to use a tested
release tag (e.g., postgresql-16:<version>) or the full digest (sha256:...) so
pod recreations are deterministic.
In `@components/manifests/base/rbac/control-plane-clusterrole.yaml`:
- Around line 21-27: The ClusterRole currently grants cluster-wide
create/update/patch/delete rights for namespace resources (apiGroups: [""],
resources: ["secrets","serviceaccounts","services","pods"]) and batch jobs
(apiGroups: ["batch"], resources: ["jobs"]); remove those dangerous verbs from
the ClusterRole and restrict it to only read verbs (["get","list","watch"]) for
those resources and only keep the minimal ability to bootstrap namespaces (e.g.,
allow "create" on the "namespaces" resource) so the control plane cannot act as
cluster-wide workload admin. Move all create/update/patch/delete permissions for
pods/jobs/services/secrets/serviceaccounts into a separate namespaced Role and
bind it with a RoleBinding only in the controller-owned namespaces your
controller manages. Update the entries referencing apiGroups: [""] resources:
["secrets","serviceaccounts","services","pods"] and apiGroups: ["batch"]
resources: ["jobs"] accordingly and add the namespaced Role/RoleBinding for
those create/delete operations.
In `@components/manifests/base/rbac/control-plane-sa.yaml`:
- Around line 7-14: Remove the static Secret manifest
`ambient-control-plane-token` and stop using `secretKeyRef:
ambient-control-plane-token` for `AMBIENT_API_TOKEN`; instead modify the
control-plane Pod/Deployment to mount a projected serviceAccountToken volume
(use a volume with projected.sources.serviceAccountToken, set the
`serviceAccountName` to `ambient-control-plane`, specify `expirationSeconds` and
an appropriate `audience`) and mount it into the container (e.g.
/var/run/secrets/tokens/ambient-control-plane-token); then update the container
to obtain `AMBIENT_API_TOKEN` from that mounted file (have the process read the
token file path at startup or wire a small wrapper/entrypoint to export it into
the env), ensuring you keep the `ambient-control-plane` ServiceAccount and
remove the `kubernetes.io/service-account-token` Secret manifest.
In `@components/manifests/base/rbac/kustomization.yaml`:
- Around line 20-21: The file components/manifests/base/rbac/kustomization.yaml
contains trailing blank lines causing YAML lint "too many blank lines"; open
kustomization.yaml and remove any extra empty lines at the end of the file so
the file ends immediately after the final YAML document/content (no blank
newline sequences), then save to ensure YAMLlint passes.
In `@components/manifests/deploy`:
- Around line 272-291: The script writes secrets to OAUTH_ENV_FILE and mutates
overlays/production in place without guaranteed cleanup; change it to create a
temporary working directory and temp oauth file (e.g., with mktemp and a WORKDIR
variable), set OAUTH_ENV_FILE to that temp path, copy overlays/production into
WORKDIR and run kustomize/edit/build against that copy, and install a trap 'rm
-rf "$WORKDIR" "$OAUTH_ENV_FILE"' on EXIT before any secret/file operations so
CLIENT_SECRET_VALUE and COOKIE_SECRET_VALUE are written outside the repo and
always removed on failure or exit; update any later references that expect
overlays/production or OAUTH_ENV_FILE to point to the temp copies.
- Around line 97-109: The fallback block prints the live OAuth client secret
(CLIENT_SECRET_VALUE) which leaks credentials; update the fallback instructions
inside the OAUTH_APPLY_RC error branch so it does not echo the real secret (used
for ambient-frontend) — replace the printed secret line with a safe placeholder
(e.g., "secret: <REDACTED>" or instructions to generate/set a secret) or omit
the secret line and note "set secret manually" so the real CLIENT_SECRET_VALUE
is never written to stdout or CI logs; ensure references to ambient-frontend and
frontend-oauth-config remain clear so an admin knows which resource to update.
- Around line 73-90: The oauth_setup currently warns when ROUTE_HOST is empty
but continues to create an OAuthClient with a broken redirectURI; change the
logic so oauth_setup (the block that checks ROUTE_HOST and then writes
/tmp/ambient-frontend-oauthclient.yaml) exits with a non-zero status if
ROUTE_HOST is empty instead of proceeding — i.e., after the empty check for
ROUTE_HOST, call echo to stderr and run exit 1 (or return a failure from the
enclosing function) so the redirectURIs line (-
https://${ROUTE_HOST}/oauth/callback) is only written when ROUTE_HOST is
non-empty.
In `@components/manifests/deploy-no-api-server.sh`:
- Around line 9-10: The script currently uses "set -e" but not pipefail, so
failures on the left side of pipelines (e.g., the pipeline feeding "oc apply")
can be ignored; enable pipefail before any pipelines by changing the top-level
settings (replace or augment the existing "set -e" with a form that enables
pipefail, e.g., add "set -o pipefail" or use "set -euo pipefail") so that
failures in the pipeline feeding "oc apply" will cause the script to exit.
- Around line 73-76: The script mutates the checked-in overlay by running
`kustomize edit set namespace "$NAMESPACE"` directly when `NAMESPACE` is not
"ambient-code"; change this to operate on a temporary copy of the overlay (or
save the original file and restore it with an EXIT trap) instead of editing the
repo in-place, i.e. copy the overlay directory or its kustomization.yaml to a
temp location, run `kustomize edit set namespace` against that temp copy, and
ensure you restore or remove the temp on any exit (use a trap 'EXIT' handler);
apply the same change for the other occurrence that edits the overlay (the block
around lines 135-140) so the checked-in kustomization.yaml is never left
modified after failures.
In `@components/manifests/overlays/kind/control-plane-env-patch.yaml`:
- Around line 11-12: The RUNNER_IMAGE environment value in the control-plane
overlay is using "localhost/vteam_claude_runner:latest" which doesn't match the
image name loaded into kind; update the RUNNER_IMAGE value to exactly
"vteam_claude_runner:latest" so it matches the image imported by
e2e/scripts/load-images.sh (change the entry named RUNNER_IMAGE in the manifest
patch used by the control plane).
In `@components/manifests/overlays/no-api-server/api-server-image-patch.yaml`:
- Around line 10-13: The patch currently uses mutable :latest tags for the main
container image and the initContainer named "migration" (the two image lines in
the diff); replace both occurrences with an immutable reference—preferably an
image digest (image@sha256:...) or a fixed version tag—to ensure reproducible
releases and safe rollbacks: locate the image fields for the primary container
(image: image-registry.../vteam_api_server:latest) and the initContainer entry
(name: migration, image: image-registry.../vteam_api_server:latest), obtain the
appropriate digest or pinned tag from your registry, and update both image
strings to use that immutable identifier.
In `@components/manifests/overlays/no-api-server/control-plane-image-patch.yaml`:
- Around line 9-10: The manifest uses a mutable image tag for the
ambient-control-plane container; replace the image value for the container named
"ambient-control-plane" (and the corresponding entry in kustomization.yaml
images section) so it points to an immutable reference (either a concrete
versioned tag or an image@sha256:<digest>) instead of ":latest", ensuring both
the patch (control-plane-image-patch.yaml) and the kustomization images mapping
use the same immutable reference for reproducible manifests.
In `@components/manifests/overlays/no-api-server/exclude-api-server-patch.yaml`:
- Around line 2-6: The orphaned JSON6902 patch file
exclude-api-server-patch.yaml is unused and invalid: it embeds a `target:`
inside the op payload and removes only `/spec/template/spec/containers/0` which
would produce an invalid PodSpec for the Deployment named ambient-api-server;
either delete exclude-api-server-patch.yaml from the overlay, or properly
convert it to a patchesJson6902 entry in kustomization.yaml by moving the target
(name: ambient-api-server, kind: Deployment) into the patchesJson6902 list and
change the operation to safely remove the entire containers array or otherwise
update a valid field (not `/spec/template/spec/containers/0`); remove the
illegal `target:` key from the patch file if you keep it and ensure the patch
path is valid for kustomize.
In
`@components/manifests/overlays/no-api-server/frontend-oauth-deployment-patch.yaml`:
- Around line 22-71: The oauth-proxy container is missing an explicit
securityContext; update the oauth-proxy container spec to add a securityContext
block (under the container named "oauth-proxy") that enforces least privilege:
set runAsNonRoot: true and runAsUser to a non-root uid, set
allowPrivilegeEscalation: false, drop all capabilities (capabilities: drop:
["ALL"]), set readOnlyRootFilesystem: true, ensure privileged: false, and add a
seccompProfile (type: RuntimeDefault) and appropriate fsGroup/runAsGroup if
needed for mounts; apply these fields to the oauth-proxy container definition to
harden the sidecar.
In `@components/manifests/overlays/no-api-server/frontend-oauth-patch.yaml`:
- Around line 12-15: The patch currently sets the oauth-proxy to HTTP-only by
leaving args entry `--https-address=` empty while still mounting TLS artifacts
and requesting a serving certificate; either remove the unused TLS plumbing
(drop the TLS `volumeMounts` entries, the TLS `volumes` block, and the Service
serving-cert annotation) or configure the proxy to use the mounted cert by
adding `--tls-cert-file=/etc/tls/private/tls.crt` and
`--tls-key-file=/etc/tls/private/tls.key` to the container `args` so the
oauth-proxy (image quay.io/openshift/origin-oauth-proxy:4.14) actually serves
HTTPS.
In `@components/manifests/overlays/no-api-server/github-app-secret.yaml`:
- Around line 11-14: Remove the PEM-shaped placeholder under the
GITHUB_PRIVATE_KEY entry so the manifest does not contain a non-empty fake
private key; leave the value empty (or remove the block value) and rely on your
secret manager / deployment pipeline to inject the real RSA private key at
deploy time, updating the GITHUB_PRIVATE_KEY field accordingly.
In `@components/manifests/overlays/no-api-server/kustomization.yaml`:
- Around line 10-19: The overlay kustomization currently includes ../../base
which brings in ambient-api-server-* resources but never references the
exclusion patch; update the kustomization.yaml to add the existing
exclude-api-server-patch.yaml to the patches (or
resources/patchesStrategicMerge) so the ambient-api-server-secrets.yml,
ambient-api-server-db.yml and ambient-api-server-service.yml are removed;
specifically modify the kustomization entry that lists resources (and/or
patchesStrategicMerge) to include exclude-api-server-patch.yaml so the API
server artifacts are actually excluded when building the no-api-server overlay.
In `@components/manifests/overlays/no-api-server/unleash-init-db-patch.yaml`:
- Around line 33-37: The psql commands used to check/create the unleash DB omit
an explicit target DB, so they connect to a DB named after the user and can fail
if that DB doesn't exist; update the two psql invocations in the init script
(the psql check line and the psql CREATE DATABASE line) to include an explicit
admin database with -d (for example -d postgres or -d "$PGDATABASE") so both the
existence check and CREATE DATABASE run against a known admin DB instead of the
connecting user's default.
In
`@components/manifests/overlays/production/ambient-api-server-jwt-args-patch.yaml`:
- Line 19: Enabling authz via the --enable-authz=true flag requires browsers to
send an Authorization header, but the CORS allowlist still only permits the
X-Ambient-Project header; update the CORS configuration that currently lists
X-Ambient-Project (line referencing that header) to also allow Authorization
(and the preflight Access-Control-Request-Headers if applicable) so preflight
requests succeed when --enable-authz=true is enabled. Ensure the Authorization
token header is included in the allowed headers list alongside X-Ambient-Project
and verify preflight handling respects it.
In `@components/manifests/overlays/production/api-server-image-patch.yaml`:
- Around line 10-13: The production overlay is using mutable :latest tags for
both the main container image and the migration initContainer; update the two
image fields (the image entry under the main container and the image entry under
initContainers -> name: migration) to use immutable image digests instead of
:latest (e.g., replace tag with `@sha256`:<digest>) so deployments are
deterministic and cannot drift; ensure both occurrences are updated and verify
the digest corresponds to the correct vteam_api_server build before committing.
In `@components/manifests/overlays/production/control-plane-env-patch.yaml`:
- Around line 15-16: The RUNNER_IMAGE environment variable in
control-plane-env-patch.yaml is pinned to the mutable :latest tag which can
introduce silent behavioral changes; update the RUNNER_IMAGE value to the
CI-produced immutable artifact (specific tag or digest) instead of ":latest" and
adjust your deployment pipeline to inject that CI tag/digest (e.g., via your
manifest templating step or kustomize/helm image substitution) so the control
plane always launches the tested runner image.
In `@components/manifests/overlays/production/control-plane-image-patch.yaml`:
- Around line 9-10: The production overlay currently pins the
ambient-control-plane container image to the mutable tag
"ambient_control_plane:latest"; update the image field for the
ambient-control-plane entry to use an immutable reference (preferably the image
digest e.g. `@sha256`:<digest>) or a fixed release tag instead of :latest so
deployments are reproducible and rollbacks/audits are reliable.
In `@components/runners/ambient-runner/ambient_runner/_grpc_client.py`:
- Around line 122-125: The close() method currently closes and clears
self._channel but leaves the stale stub in self._session_messages; update
close() (method close) to also clear the session stub (set
self._session_messages to None or an appropriate sentinel) so subsequent
accesses to the session_messages property will not return a stub bound to the
closed channel; ensure you clear the same attribute name (_session_messages)
used when creating the stub so callers will either get a fresh stub or a clear
error.
In `@components/runners/ambient-runner/ambient_runner/_session_messages_api.py`:
- Around line 193-202: The _decode_varint function currently reads bytes without
bounds checks and can raise IndexError on truncated/malformed input; update
_decode_varint to check pos < len(data) before each data[pos] access and if the
buffer is exhausted raise a clear exception (e.g., ValueError("truncated
varint")) instead of allowing IndexError, and also guard against overly long
varints by limiting shift (e.g., max 10 bytes for 64-bit) to prevent infinite
loops; make these changes inside the _decode_varint implementation to ensure
robust parsing.
- Around line 273-274: The parser currently silently breaks on unknown wire
types at the loop containing the "else: break" (in the message parsing routine
in ambient_runner/_session_messages_api.py); change this to log a warning and
skip the unknown field instead of breaking: inspect the wire type value and skip
bytes accordingly (wire type 0: read and discard a varint; 1: skip 8 bytes; 2:
read length as varint then skip that many bytes; 3/4: handle start/end group by
skipping until matching end-group or treat as unsupported with a safe break/skip
to avoid infinite loops; 5: skip 4 bytes). Use the existing logger used in this
module to emit a warning referencing the field tag/wire type, and ensure the
skip logic is implemented where the "else: break" currently sits so the parser
continues parsing remaining fields safely.
In `@components/runners/ambient-runner/ambient_runner/app.py`:
- Around line 330-332: The gRPC branch currently calls
_push_initial_prompt_via_grpc(prompt, session_id) once and only logs failures;
restore the HTTP path's retry/backoff semantics by wrapping the gRPC push in the
same retry loop/backoff used for the HTTP initial-prompt path (retry transient
errors with the existing backoff strategy) and ensure the gRPC client is closed
in a finally block so resources are always released; update the branch guarded
by grpc_url to call the retried push (using the same error checks and backoff
variables) and close the gRPC client in finally to match the reliability of the
HTTP path.
- Around line 123-130: Wrap the awaiting of the gRPC listener readiness in
asyncio.wait_for to avoid indefinite blocking: replace the direct await
bridge._grpc_listener.ready.wait() call (after bridge._setup_platform()) with a
try/except using asyncio.wait_for(..., timeout=YOUR_TIMEOUT_SECONDS) and catch
asyncio.TimeoutError; on timeout, log a clear error including session_id (using
logger) and either fail fast by raising an exception or continue startup with a
fallback path — choose and implement the desired fallback behavior consistently.
Ensure asyncio is imported and keep references to bridge._setup_platform,
bridge._grpc_listener.ready.wait, session_id, and logger when adding the timeout
handling and logging.
In `@components/runners/ambient-runner/ambient_runner/bridge.py`:
- Around line 230-248: The base inject_message method currently silently no-ops;
change it to emit a clear warning instead so dropped inbound messages are
visible: in the inject_message implementation (method inject_message in the
bridge base class) log a warning including the session_id and event_type (and
avoid logging full payload — log payload size or truncated preview) using the
class logger (self.logger.warning) or module logger if no instance logger
exists; if your bridge subclass supports explicit capability gating, check a
capability flag (e.g. supports_inbound_messages) and only log when the bridge
truly doesn't handle inbound messages to avoid noisy logs.
In
`@components/runners/ambient-runner/ambient_runner/bridges/claude/grpc_transport.py`:
- Around line 132-133: The code currently calls asyncio.get_event_loop() to
obtain the loop (creating a local variable `loop`) inside the coroutine/context
in grpc_transport.py; replace that call with asyncio.get_running_loop() so the
coroutine uses the running event loop (leave the
ThreadPoolExecutor(max_workers=1) creation as-is), i.e. change
asyncio.get_event_loop() → asyncio.get_running_loop() where the `loop` variable
is set (ensure this change is applied where `loop` and `executor` are defined in
the gRPC transport logic).
- Around line 335-339: The call to the synchronous blocking gRPC method
self._grpc_client.session_messages.push(...) (used with self._session_id and
payload) is being invoked from an async context and can block the event loop;
change the invocation to run in a thread/executor (e.g., await
asyncio.to_thread(self._grpc_client.session_messages.push, self._session_id,
event_type="assistant", payload=payload) or use loop.run_in_executor) so the
unary RPC executes off the event loop and the async method remains non-blocking.
In `@components/runners/ambient-runner/ambient_runner/endpoints/events.py`:
- Around line 158-184: Both endpoints define nearly identical async generator
logic in event_stream(); extract that loop into a shared helper (e.g., async def
_event_stream(queue, request, thread_id):) and have the existing event_stream
functions simply return or delegate to it. The helper should reuse
_event_type_str, _FILTER_TYPES, _CLOSE_TYPES, import and use EventEncoder the
same way, perform the same heartbeat timeout behavior, log encoder exceptions
via logger.warning, and ensure the finally block removes thread_id from
active_streams; then replace the duplicated bodies in the original event_stream
functions with calls to the new helper.
- Around line 89-93: The import and construction of EventEncoder are happening
inside the event loop (the lines with "from ag_ui.encoder import EventEncoder",
"encoder = EventEncoder(accept=\"text/event-stream\")" and
"encoder.encode(event)"); move the import statement to module-level or to the
top of the surrounding function and instantiate a single encoder
(EventEncoder(accept="text/event-stream")) once before the loop, then call
encoder.encode(event) inside the loop to avoid repeated import/creation
overhead.
In `@components/runners/ambient-runner/ambient_runner/endpoints/run.py`:
- Around line 182-227: The variables inbound_queue and stop_watch and the helper
drain_inbound() are dead since the per-request watcher block (the run of
_watch_inbound_messages into inbound_queue and creation of watch_future) is
commented out; either remove inbound_queue, stop_watch, drain_inbound (and the
unused ThreadPoolExecutor/executor and event_count/grpc_pushed counters) to
eliminate dead code, or explicitly mark them with a TODO comment explaining they
are intentionally retained for a future re-enable and reference the watcher
logic (_watch_inbound_messages, watch_future) and bridge.inject_message so
reviewers know why they exist; ensure no unused variables remain after the
change.
- Around line 19-28: The module-level _grpc_client created via
AmbientGRPCClient.from_env() can go stale; change to lazy/reconnect behavior by
adding a helper (e.g., get_grpc_client()) that checks if _grpc_client is None or
unhealthy (use an availability/health check or catch channel errors) and if so
attempts to recreate it with AmbientGRPCClient.from_env(), assigning back to
_grpc_client; call this helper at the start of push() and watch() (or inline the
same logic) so each request will reinitialize or reconnect transparently before
attempting client.push() or client.watch(), and ensure failures still degrade
gracefully and log the recreated-attempt error.
In `@components/runners/ambient-runner/tests/test_bridge_claude.py`:
- Around line 53-88: Tests for ClaudeBridge gRPC setup are not invoking the real
_setup_platform, so they miss regressions; update the two tests
(test_setup_platform_starts_grpc_listener_when_url_set and
test_setup_platform_no_grpc_listener_without_url) to call the actual
ClaudeBridge._setup_platform coroutine instead of manually setting or inspecting
_grpc_listener: in the positive test, patch GRPCSessionListener with a MagicMock
class (mock_listener_cls), set the AMBIENT_GRPC_URL in the environment, await
bridge._setup_platform(), assert mock_listener_cls was instantiated/called and
bridge._grpc_listener is the returned instance; in the negative test, ensure
AMBIENT_GRPC_URL is absent, await bridge._setup_platform(), and assert
GRPCSessionListener was not instantiated and bridge._grpc_listener remains None
(or not set). Use the existing symbols ClaudeBridge, _setup_platform,
GRPCSessionListener, and _grpc_listener to locate and modify the tests.
In `@components/runners/ambient-runner/tests/test_events_endpoint.py`:
- Around line 66-80: The test_registers_queue_before_streaming currently never
attaches the prefilled q to active_streams and thus doesn't verify the
endpoint's registration; modify the test to wait for the bridge/endpoint to
create and register a queue under key "t-1" in active_streams (e.g., poll
active_streams for "t-1" after opening the stream via client.stream("GET",
"/events/t-1")), then assert that active_streams["t-1"] is a queue (or is not
None) and only then put the terminal event into that registered queue so the
test proves the endpoint registered the queue before streaming closed. Ensure
you reference the existing helpers _make_bridge, active_streams, and
client.stream in the updated logic.
In `@docs/internal/design/blackboard-api.md`:
- Around line 438-453: The CTE latest_checkins runs before applying the project
filter so the snapshot still scans global check-ins; fix by either pushing the
project restriction into the inner CTE (filter session_checkins by project_id)
or denormalizing project_id onto SessionCheckIn and adding a supporting index;
specifically update the query that references latest_checkins/session_checkins
so it includes WHERE project_id = ? inside the CTE or add project_id to the
SessionCheckIn model and create an index (e.g. on (project_id, agent_id,
created_at DESC)) to make the read O(agents) per project; ensure the join still
uses lc.agent_id = a.id and keep ORDER BY a.name.
In `@docs/internal/developer/agent-workflow.md`:
- Around line 122-125: Update the documentation so the namespace discovery
commands and the cleanup recipe use the same namespace naming contract: replace
hard-coded "session-*" in the "Session namespaces (runner pods land here)"
section with the actual project namespace pattern used elsewhere (e.g., the
provisioned project namespace "smoke-test" or the canonical namespace variable),
and update the kubectl examples (kubectl get namespaces | grep ...) and any
references in the cleanup recipe to reference that canonical namespace pattern
or variable instead of "session-*"; ensure the doc text clearly states the
single namespace contract name/variable to be used consistently across observe
and cleanup steps.
In `@e2e/scripts/load-images.sh`:
- Line 53: The post-load verification step currently filters images by the
pattern 'vteam_' and thus misses the newly added ambient_control_plane:latest;
update the verification command in load-images.sh (the post-load
verification/generation of the final check) to include ambient_control_plane by
using a combined pattern (e.g., extend the grep to grep -E
'vteam_|ambient_control_plane' or otherwise include both names) so that
ambient_control_plane:latest is validated alongside existing vteam_ images.
In `@REMOVE_CRDs.md`:
- Around line 52-54: The document currently mixes a rejected design with an
actionable Migration Plan; extract the superseded detailed migration plan and
8-week timeline (the content under the "## Migration Plan" and "### Phase 1:
Extend Control Plane with Kubernetes Resource Management" headings that follow
the paragraph stating the original design has critical flaws) and move it into a
new clearly labeled appendix titled "Rejected approach" (or delete the timeline
entirely), leaving only the recommended path in the main Migration Plan so
readers cannot mistake the rejected approach for approved guidance.
- Around line 462-470: The RBAC example is misleading because Kubernetes RBAC
cannot restrict list/watch/create by label selector; update the YAML and
accompanying text to remove the comment "Restricted by label selector in code"
and either remove the empty `resourceNames: []` line or replace it with a clear
note that RBAC decisions are evaluated by the API server and do not support
label-scoped restrictions, and then add guidance pointing readers to proper
alternatives (namespace isolation, dedicated service accounts per pod identity,
or admission policies such as CEL/webhooks) and reference the `rules`,
`apiGroups`, `resources`, `verbs`, and `resourceNames` symbols so reviewers can
locate the changed example.
In `@test-e2e-control-plane.sh`:
- Around line 21-22: TIMEOUT_SECONDS and CHECK_INTERVAL are declared but never
used; either remove these unused variables or update the polling loops that
perform waits to reference them instead of hard-coded values. Locate the polling
loops that currently use literal timeout/interval values (the loops that perform
repeated checks/waits), replace the hard-coded numbers with $TIMEOUT_SECONDS and
$CHECK_INTERVAL, and ensure the variables are defined/exported before the loops
so the shell references are valid. If removing, delete both TIMEOUT_SECONDS and
CHECK_INTERVAL declarations and any comments referencing them.
- Line 226: The final duration print uses start_time which was overwritten
during steps; introduce a persistent global start time (e.g., global_start_time)
set once at the very start of the script before any step resets, keep the
existing per-step start_time resets for step-level timing, and change the final
summary echo (the line that currently references start_time) to compute duration
using global_start_time so the printed total reflects the full test run.
---
Outside diff comments:
In `@components/runners/ambient-runner/ambient_runner/bridges/claude/bridge.py`:
- Around line 184-192: The shutdown coroutine in ClaudeBridge currently awaits
self._grpc_listener.stop(), self._session_manager.shutdown(), and
self._obs.finalize() sequentially so an exception in one prevents the others
from running; update the shutdown method to call each cleanup
(self._grpc_listener.stop, self._session_manager.shutdown, self._obs.finalize)
in its own try/except block (or gather/await with return_exceptions=True) and
log any exceptions so a failure in one step does not skip the remaining cleanup
operations, and still log "ClaudeBridge: shutdown complete" after attempting all
three.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 16a4c805-1445-4ed7-92cd-dcd479fd2620
⛔ Files ignored due to path filters (2)
components/ambient-control-plane/go.sumis excluded by!**/*.sumcomponents/runners/ambient-runner/uv.lockis excluded by!**/*.lock
📒 Files selected for processing (90)
.github/workflows/ambient-control-plane-tests.ymlREMOVE_CRDs.mdcomponents/ambient-control-plane/.gitignorecomponents/ambient-control-plane/CLAUDE.mdcomponents/ambient-control-plane/Dockerfilecomponents/ambient-control-plane/Dockerfile.simplecomponents/ambient-control-plane/Makefilecomponents/ambient-control-plane/cmd/ambient-control-plane/main.gocomponents/ambient-control-plane/docs/api-surface.mdcomponents/ambient-control-plane/docs/architecture.mdcomponents/ambient-control-plane/go.modcomponents/ambient-control-plane/internal/config/config.gocomponents/ambient-control-plane/internal/informer/informer.gocomponents/ambient-control-plane/internal/kubeclient/kubeclient.gocomponents/ambient-control-plane/internal/kubeclient/kubeclient_test.gocomponents/ambient-control-plane/internal/reconciler/kube_reconciler.gocomponents/ambient-control-plane/internal/reconciler/project_reconciler.gocomponents/ambient-control-plane/internal/reconciler/project_settings_reconciler.gocomponents/ambient-control-plane/internal/reconciler/shared.gocomponents/ambient-control-plane/internal/reconciler/stress_test.gocomponents/ambient-control-plane/internal/reconciler/tally.gocomponents/ambient-control-plane/internal/reconciler/tally_reconciler.gocomponents/ambient-control-plane/internal/reconciler/tally_test.gocomponents/ambient-control-plane/internal/watcher/watcher.gocomponents/manifests/base/ambient-api-server-grpc-route.ymlcomponents/manifests/base/ambient-control-plane-service.ymlcomponents/manifests/base/core/ambient-api-server-service.ymlcomponents/manifests/base/kustomization.yamlcomponents/manifests/base/platform/ambient-api-server-db.ymlcomponents/manifests/base/rbac/control-plane-clusterrole.yamlcomponents/manifests/base/rbac/control-plane-clusterrolebinding.yamlcomponents/manifests/base/rbac/control-plane-sa.yamlcomponents/manifests/base/rbac/kustomization.yamlcomponents/manifests/deploycomponents/manifests/deploy-no-api-server.shcomponents/manifests/deploy.shcomponents/manifests/overlays/kind-local/control-plane-env-patch.yamlcomponents/manifests/overlays/kind-local/kustomization.yamlcomponents/manifests/overlays/kind/ambient-api-server-jwks-patch.yamlcomponents/manifests/overlays/kind/backend-ambient-api-patch.yamlcomponents/manifests/overlays/kind/control-plane-env-patch.yamlcomponents/manifests/overlays/kind/frontend-test-patch.yamlcomponents/manifests/overlays/kind/kustomization.yamlcomponents/manifests/overlays/kind/local-image-pull-policy-patch.yamlcomponents/manifests/overlays/no-api-server/ambient-api-server-route.yamlcomponents/manifests/overlays/no-api-server/api-server-image-patch.yamlcomponents/manifests/overlays/no-api-server/backend-route.yamlcomponents/manifests/overlays/no-api-server/control-plane-image-patch.yamlcomponents/manifests/overlays/no-api-server/exclude-api-server-patch.yamlcomponents/manifests/overlays/no-api-server/frontend-oauth-deployment-patch.yamlcomponents/manifests/overlays/no-api-server/frontend-oauth-patch.yamlcomponents/manifests/overlays/no-api-server/frontend-oauth-service-patch.yamlcomponents/manifests/overlays/no-api-server/github-app-secret.yamlcomponents/manifests/overlays/no-api-server/kustomization.yamlcomponents/manifests/overlays/no-api-server/namespace-patch.yamlcomponents/manifests/overlays/no-api-server/operator-config-openshift.yamlcomponents/manifests/overlays/no-api-server/postgresql-json-patch.yamlcomponents/manifests/overlays/no-api-server/public-api-route.yamlcomponents/manifests/overlays/no-api-server/route.yamlcomponents/manifests/overlays/no-api-server/unleash-init-db-patch.yamlcomponents/manifests/overlays/no-api-server/unleash-route.yamlcomponents/manifests/overlays/production/ambient-api-server-jwt-args-patch.yamlcomponents/manifests/overlays/production/ambient-api-server-route.yamlcomponents/manifests/overlays/production/api-server-image-patch.yamlcomponents/manifests/overlays/production/control-plane-env-patch.yamlcomponents/manifests/overlays/production/control-plane-image-patch.yamlcomponents/manifests/overlays/production/kustomization.yamlcomponents/runners/ambient-runner/ambient_runner/_grpc_client.pycomponents/runners/ambient-runner/ambient_runner/_session_messages_api.pycomponents/runners/ambient-runner/ambient_runner/app.pycomponents/runners/ambient-runner/ambient_runner/bridge.pycomponents/runners/ambient-runner/ambient_runner/bridges/claude/bridge.pycomponents/runners/ambient-runner/ambient_runner/bridges/claude/grpc_transport.pycomponents/runners/ambient-runner/ambient_runner/bridges/claude/mcp.pycomponents/runners/ambient-runner/ambient_runner/bridges/claude/prompts.pycomponents/runners/ambient-runner/ambient_runner/bridges/claude/session.pycomponents/runners/ambient-runner/ambient_runner/bridges/claude/tools.pycomponents/runners/ambient-runner/ambient_runner/endpoints/events.pycomponents/runners/ambient-runner/ambient_runner/endpoints/run.pycomponents/runners/ambient-runner/ambient_runner/platform/prompts.pycomponents/runners/ambient-runner/architecture.mdcomponents/runners/ambient-runner/pyproject.tomlcomponents/runners/ambient-runner/tests/test_app_initial_prompt.pycomponents/runners/ambient-runner/tests/test_bridge_claude.pycomponents/runners/ambient-runner/tests/test_events_endpoint.pycomponents/runners/ambient-runner/tests/test_grpc_transport.pydocs/internal/design/blackboard-api.mddocs/internal/developer/agent-workflow.mde2e/scripts/load-images.shtest-e2e-control-plane.sh
💤 Files with no reviewable changes (3)
- components/runners/ambient-runner/ambient_runner/bridges/claude/tools.py
- components/manifests/overlays/kind/ambient-api-server-jwks-patch.yaml
- components/manifests/overlays/kind/frontend-test-patch.yaml
Comment on lines
+136
to
+145
| All list endpoints accept these query parameters: | ||
|
|
||
| | Parameter | Type | Default | Description | | ||
| |---|---|---|---| | ||
| | `page` | integer | 1 | 1-indexed page number | | ||
| | `size` | integer | 100 | Max records per page | | ||
| | `search` | string | — | SQL WHERE clause (e.g. `name like 'foo%'`) | | ||
| | `orderBy` | string | — | SQL ORDER BY (e.g. `name asc, created_at desc`) | | ||
| | `fields` | string | — | Field projection (e.g. `id,name,href`) | | ||
|
|
Contributor
There was a problem hiding this comment.
Don't make filtering and sorting raw SQL.
Documenting search as a WHERE fragment and orderBy as an ORDER BY fragment turns the API into a SQL injection surface and makes tenant scoping brittle. Use structured filters and an allow-listed set of sortable fields and directions instead.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/ambient-control-plane/docs/api-surface.md` around lines 136 - 145,
The docs currently describe query params `search` (SQL WHERE fragment) and
`orderBy` (SQL ORDER BY fragment), which exposes a SQL injection surface; update
the API surface docs to remove raw SQL examples and instead describe a
structured `filters` parameter (e.g., JSON or repeated key/value pairs with
explicit operators) and a `sort` parameter that only accepts an allow-listed set
of sortable field names and directions (e.g., `field:asc|desc`), and document
validation/tenant-scoping rules for these parameters so callers cannot supply
arbitrary SQL; reference the `search` and `orderBy` entries and replace them
with the new `filters` and `sort` parameter descriptions and examples plus
mention of server-side allow-listing and operator constraints.
Comment on lines
+26
to
+44
| type TallyReconciler struct { | ||
| resource string | ||
| sdk *sdkclient.Client | ||
| logger zerolog.Logger | ||
|
|
||
| mu sync.RWMutex | ||
| tally EventTally | ||
| seenIDs map[string]struct{} | ||
| lastEventAt time.Time | ||
| } | ||
|
|
||
| func NewTallyReconciler(resource string, sdk *sdkclient.Client, logger zerolog.Logger) *TallyReconciler { | ||
| return &TallyReconciler{ | ||
| resource: resource, | ||
| sdk: sdk, | ||
| logger: logger.With().Str("reconciler", "tally-"+resource).Logger(), | ||
| seenIDs: make(map[string]struct{}), | ||
| } | ||
| } |
Contributor
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
Unused sdk field in TallyReconciler.
The sdk *sdkclient.Client field is stored in the struct (line 28) and passed to the constructor (line 37) but never used anywhere in the reconciler. If this is for future use, consider removing it until needed to avoid confusion.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/ambient-control-plane/internal/reconciler/tally.go` around lines
26 - 44, The TallyReconciler currently stores an unused sdk *sdkclient.Client
field and accepts it in NewTallyReconciler; remove the unused field and
constructor parameter to avoid confusion: delete the sdk field from the
TallyReconciler struct, change NewTallyReconciler to no longer accept the sdk
*sdkclient.Client parameter and adjust its return instantiation accordingly, and
update all call sites that invoke NewTallyReconciler to stop passing an
sdkclient.Client; if you intend to keep the field for future use, alternatively
mark it clearly with a comment and prefix it with an underscore (e.g., _sdk) so
linters and readers know it is intentionally unused.
Comment on lines
+438
to
+453
| The Blackboard snapshot endpoint returns the latest check-in for every agent in a project in a single query — no client-side joining required: | ||
|
|
||
| ```sql | ||
| WITH latest_checkins AS ( | ||
| SELECT DISTINCT ON (agent_id) * | ||
| FROM session_checkins | ||
| ORDER BY agent_id, created_at DESC | ||
| ) | ||
| SELECT a.*, lc.* | ||
| FROM agents a | ||
| LEFT JOIN latest_checkins lc ON lc.agent_id = a.id | ||
| WHERE a.project_id = ? | ||
| ORDER BY a.name | ||
| ``` | ||
|
|
||
| `agent_id` is denormalized onto `SessionCheckIn` specifically to make this query O(agents) rather than O(sessions × checkins). |
Contributor
There was a problem hiding this comment.
The snapshot query still scales with global check-in history.
latest_checkins is computed before the project filter, so one project's dashboard refresh can still walk latest rows for every agent in every project. If the goal is project-scoped O(agents) reads, push the project restriction into the inner query, or denormalize project_id onto SessionCheckIn, and capture the supporting index in the schema.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@docs/internal/design/blackboard-api.md` around lines 438 - 453, The CTE
latest_checkins runs before applying the project filter so the snapshot still
scans global check-ins; fix by either pushing the project restriction into the
inner CTE (filter session_checkins by project_id) or denormalizing project_id
onto SessionCheckIn and adding a supporting index; specifically update the query
that references latest_checkins/session_checkins so it includes WHERE project_id
= ? inside the CTE or add project_id to the SessionCheckIn model and create an
index (e.g. on (project_id, agent_id, created_at DESC)) to make the read
O(agents) per project; ensure the join still uses lc.agent_id = a.id and keep
ORDER BY a.name.
Comment on lines
+122
to
+125
| # Session namespaces (runner pods land here) | ||
| kubectl get namespaces | grep session- | ||
| kubectl get pods -A | grep session- | ||
| ``` |
Contributor
There was a problem hiding this comment.
Align namespace discovery with the actual namespace model.
These commands hard-code session-* namespaces, but the same workflow later provisions the project namespace smoke-test and expects the runner there. That mismatch will make the observe path here—and the cleanup recipe at Line 362—miss active sessions or target the wrong namespaces. Please document one namespace contract and use it consistently.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@docs/internal/developer/agent-workflow.md` around lines 122 - 125, Update the
documentation so the namespace discovery commands and the cleanup recipe use the
same namespace naming contract: replace hard-coded "session-*" in the "Session
namespaces (runner pods land here)" section with the actual project namespace
pattern used elsewhere (e.g., the provisioned project namespace "smoke-test" or
the canonical namespace variable), and update the kubectl examples (kubectl get
namespaces | grep ...) and any references in the cleanup recipe to reference
that canonical namespace pattern or variable instead of "session-*"; ensure the
doc text clearly states the single namespace contract name/variable to be used
consistently across observe and cleanup steps.
| "vteam_operator:latest" | ||
| "vteam_claude_runner:latest" | ||
| "vteam_state_sync:latest" | ||
| "ambient_control_plane:latest" |
Contributor
There was a problem hiding this comment.
Post-load verification does not include the newly added control-plane image.
ambient_control_plane:latest is now loaded, but the final check still filters only vteam_, so this image isn’t validated in script output.
Proposed fix (outside this changed line range)
-$CONTAINER_ENGINE exec "${KIND_CLUSTER_NAME}-control-plane" crictl images | grep vteam_ | head -n 5
+$CONTAINER_ENGINE exec "${KIND_CLUSTER_NAME}-control-plane" crictl images | grep -E 'vteam_|ambient_control_plane' | head -n 10🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@e2e/scripts/load-images.sh` at line 53, The post-load verification step
currently filters images by the pattern 'vteam_' and thus misses the newly added
ambient_control_plane:latest; update the verification command in load-images.sh
(the post-load verification/generation of the final check) to include
ambient_control_plane by using a combined pattern (e.g., extend the grep to grep
-E 'vteam_|ambient_control_plane' or otherwise include both names) so that
ambient_control_plane:latest is validated alongside existing vteam_ images.
Comment on lines
+52
to
+54
| ## Migration Plan | ||
|
|
||
| ### Phase 1: Extend Control Plane with Kubernetes Resource Management |
Contributor
There was a problem hiding this comment.
Separate the rejected plan from the recommended one.
After Line 7 says the original design has critical flaws, the document still lays out a detailed migration plan and 8-week timeline for that rejected approach. That makes the file easy to misread as approval. Please move the superseded plan into a clearly marked "Rejected approach" appendix—or delete the timeline—so only the recommended path reads as executable guidance.
Also applies to: 287-308
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@REMOVE_CRDs.md` around lines 52 - 54, The document currently mixes a rejected
design with an actionable Migration Plan; extract the superseded detailed
migration plan and 8-week timeline (the content under the "## Migration Plan"
and "### Phase 1: Extend Control Plane with Kubernetes Resource Management"
headings that follow the paragraph stating the original design has critical
flaws) and move it into a new clearly labeled appendix titled "Rejected
approach" (or delete the timeline entirely), leaving only the recommended path
in the main Migration Plan so readers cannot mistake the rejected approach for
approved guidance.
Comment on lines
+462
to
+470
| ```yaml | ||
| # Restricted to specific label selectors | ||
| rules: | ||
| - apiGroups: [""] | ||
| resources: ["pods"] | ||
| verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] | ||
| resourceNames: [] # Restricted by label selector in code | ||
| # Only pods with ambient.created-by=control-plane labels | ||
| ``` |
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
Does Kubernetes RBAC support restricting access by label selector, or using resourceNamesto scopelist, watch, or create permissions?
💡 Result:
No, Kubernetes RBAC does not support restricting access by label selector in Role or ClusterRole rules. RBAC rules use fields like apiGroups, resources, verbs, and resourceNames, but there is no field for label selectors in the PolicyRule spec. Requests with label selectors (like list/watch) are authorized based on the resource type and verbs, without considering the selector content for RBAC decisions. A separate feature, AuthorizeWithSelectors (stable in v1.34), passes label/field selectors to authorization webhooks, but this does not apply to built-in RBAC. Yes, RBAC supports using resourceNames to scope list and watch permissions (but not top-level create). When resourceNames is specified for list/watch, it restricts to requests using a fieldSelector=metadata.name matching one of the names (e.g., kubectl get pods --field-selector=metadata.name=my-pod). Top-level create cannot use resourceNames because the name is unknown at authorization time.
Citations:
- 1: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
- 2: https://kubernetes.io/docs/reference/access-authn-authz/rbac
- 3: https://kubernetes.io/docs/reference/kubernetes-api/authorization-resources/role-v1
- 4: https://stackoverflow.com/questions/62274122/kubernetes-rbac-roles-with-resourcename-and-listing-objects
- 5: https://stackoverflow.com/questions/65202615/proper-use-of-role-rules-resourcenames-for-creating-pods-with-limited-access-to
- 6: https://kep.k8s.io/4601
- 7: support label selector in RBAC kubernetes/kubernetes#44703
- 8: add field and label selectors to authorization kubernetes/kubernetes#125571
This RBAC example describes guarantees Kubernetes does not provide.
The empty resourceNames: [] is unrestricted—Kubernetes RBAC cannot constrain list, watch, or create by label selector. The comment "restricted by label selector in code" is misleading because RBAC authorization decisions cannot be overridden by application-level filtering; they occur at the API server layer before code execution. If you need label-scoped access control, use namespace isolation, dedicated service accounts per pod identity, or admission policies (e.g., CEL or webhooks) instead.
🧰 Tools
🪛 markdownlint-cli2 (0.21.0)
[warning] 462-462: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@REMOVE_CRDs.md` around lines 462 - 470, The RBAC example is misleading
because Kubernetes RBAC cannot restrict list/watch/create by label selector;
update the YAML and accompanying text to remove the comment "Restricted by label
selector in code" and either remove the empty `resourceNames: []` line or
replace it with a clear note that RBAC decisions are evaluated by the API server
and do not support label-scoped restrictions, and then add guidance pointing
readers to proper alternatives (namespace isolation, dedicated service accounts
per pod identity, or admission policies such as CEL/webhooks) and reference the
`rules`, `apiGroups`, `resources`, `verbs`, and `resourceNames` symbols so
reviewers can locate the changed example.
Comment on lines
+171
to
+178
| func installServiceCAIntoDefaultTransport(pool *x509.CertPool) { | ||
| http.DefaultTransport = &http.Transport{ | ||
| TLSClientConfig: &tls.Config{ | ||
| MinVersion: tls.VersionTLS12, | ||
| RootCAs: pool, | ||
| }, | ||
| } | ||
| } |
Contributor
There was a problem hiding this comment.
Replacing http.DefaultTransport discards important default settings.
Creating a new http.Transport from scratch loses the default's proxy settings, timeouts, keep-alive configuration, and connection pooling. Consider cloning the default transport and only modifying TLSClientConfig.
🔧 Proposed fix to preserve default transport settings
func installServiceCAIntoDefaultTransport(pool *x509.CertPool) {
- http.DefaultTransport = &http.Transport{
- TLSClientConfig: &tls.Config{
- MinVersion: tls.VersionTLS12,
- RootCAs: pool,
- },
- }
+ // Clone default transport to preserve timeouts, proxy, keep-alive settings
+ defaultTransport := http.DefaultTransport.(*http.Transport).Clone()
+ defaultTransport.TLSClientConfig = &tls.Config{
+ MinVersion: tls.VersionTLS12,
+ RootCAs: pool,
+ }
+ http.DefaultTransport = defaultTransport
}🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/ambient-control-plane/cmd/ambient-control-plane/main.go` around
lines 171 - 178, installServiceCAIntoDefaultTransport currently replaces
http.DefaultTransport with a brand-new http.Transport which discards proxy,
timeouts, keep-alive, and pooling; instead, obtain the existing transport by
type-asserting http.DefaultTransport to *http.Transport (fall back to
http.DefaultTransport.(*http.Transport) safely), clone it (use the Clone method
if available) or shallow-copy it, then set/ensure TLSClientConfig with
MinVersion tls.VersionTLS12 and RootCAs = pool and finally assign the modified
clone back to http.DefaultTransport so all original defaults (proxy, timeouts,
connection pooling) are preserved.
Comment on lines
+180
to
+188
| func grpcCredentials(useTLS bool) credentials.TransportCredentials { | ||
| if !useTLS { | ||
| return insecure.NewCredentials() | ||
| } | ||
| return credentials.NewTLS(&tls.Config{ | ||
| MinVersion: tls.VersionTLS12, | ||
| RootCAs: loadServiceCAPool(), | ||
| }) | ||
| } |
Contributor
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
Consider reusing the certificate pool instead of re-reading the file.
grpcCredentials() calls loadServiceCAPool() which re-reads /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt. The pool was already loaded at startup in main(). Consider passing the pool as a parameter or caching it.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/ambient-control-plane/cmd/ambient-control-plane/main.go` around
lines 180 - 188, grpcCredentials currently calls loadServiceCAPool() which
re-reads the service CA file; instead accept or reuse the already-loaded cert
pool to avoid repeated file reads. Change grpcCredentials(useTLS bool) to
grpcCredentials(useTLS bool, pool *x509.CertPool) (or use a package-level
cachedPool set in main()), and when useTLS is true construct
credentials.NewTLS(&tls.Config{MinVersion: tls.VersionTLS12, RootCAs: pool}) so
callers (e.g., main) pass the pool loaded at startup from loadServiceCAPool;
update all grpcCredentials call sites accordingly.
| watchManager: watchManager, | ||
| handlers: make(map[string][]EventHandler), | ||
| logger: logger.With().Str("component", "informer").Logger(), | ||
| eventCh: make(chan ResourceEvent, 256), |
Contributor
There was a problem hiding this comment.
Run() can block forever before the watches come up.
initialSync() enqueues ADDED events into eventCh, but dispatchLoop() is only started afterwards. Once the initial snapshot exceeds the 256-slot buffer, dispatchBlocking() blocks and the watch handlers are never wired. Because the watch requests also have no resume/resourceVersion handoff, this ordering leaves a startup window where mutations can be missed.
Also applies to: 118-130, 201-206, 237-241, 272-276, 400-404
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/ambient-control-plane/internal/informer/informer.go` at line 105,
The Run() startup currently calls initialSync() which writes ADDED events into
eventCh (buffered 256) before dispatchLoop() and watch handlers are running,
allowing dispatchBlocking() to deadlock and causing missed mutations; fix by
starting the dispatcher and wiring watch handlers (i.e., start dispatchLoop() /
its goroutine and any watch handler registration) before calling initialSync(),
and ensure watches are started with the snapshot's resourceVersion (handoff) so
watch requests resume from the snapshot; update code paths referencing
initialSync(), dispatchLoop(), dispatchBlocking(), and eventCh to reflect this
ordering change.
Comment on lines
+210
to
+240
| func (r *SimpleKubeReconciler) ensureNamespaceExists(ctx context.Context, namespace string, session types.Session) error { | ||
| if _, err := r.kube.GetNamespace(ctx, namespace); err == nil { | ||
| return nil | ||
| } | ||
|
|
||
| ns := &unstructured.Unstructured{ | ||
| Object: map[string]interface{}{ | ||
| "apiVersion": "v1", | ||
| "kind": "Namespace", | ||
| "metadata": map[string]interface{}{ | ||
| "name": namespace, | ||
| "labels": map[string]interface{}{ | ||
| LabelManaged: "true", | ||
| LabelProjectID: session.ProjectID, | ||
| LabelManagedBy: "ambient-control-plane", | ||
| }, | ||
| }, | ||
| }, | ||
| } | ||
|
|
||
| if _, err := r.kube.CreateNamespace(ctx, ns); err != nil && !k8serrors.IsAlreadyExists(err) { | ||
| return fmt.Errorf("creating namespace %s: %w", namespace, err) | ||
| } | ||
|
|
||
| r.logger.Info().Str("namespace", namespace).Msg("namespace created for session") | ||
|
|
||
| if r.cfg.RunnerImageNamespace != "" { | ||
| if err := r.ensureImagePullAccess(ctx, namespace); err != nil { | ||
| r.logger.Warn().Err(err).Str("namespace", namespace).Msg("failed to grant image pull access") | ||
| } | ||
| } |
Contributor
There was a problem hiding this comment.
Image-pull access only works for the first session namespace.
ensureNamespaceExists() skips ensureImagePullAccess() whenever the namespace already exists, so retries never repair missing access. Even on first create, ensureImagePullAccess() always uses the same ambient-image-puller RoleBinding name in RunnerImageNamespace; after the first namespace, later reconciles hit AlreadyExists and keep the old subject set, so new session namespaces cannot pull the runner image.
Also applies to: 245-271
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/ambient-control-plane/internal/reconciler/kube_reconciler.go`
around lines 210 - 240, ensureNamespaceExists currently skips calling
ensureImagePullAccess when a namespace already exists and
ensureImagePullAccess/create logic always uses the same RoleBinding name
(ambient-image-puller) in RunnerImageNamespace, so later namespaces never get
added as subjects; change ensureNamespaceExists to always call
ensureImagePullAccess(namespace) regardless of whether the namespace pre-exists,
and modify ensureImagePullAccess to reconcile (Get then Create/Update) the
RoleBinding in RunnerImageNamespace: ensure the RoleBinding's subjects include
the ServiceAccount (or namespace-scoped subject) for the passed namespace
instead of only attempting a Create and ignoring AlreadyExists; alternatively
make the RoleBinding name unique per target namespace (include the target
namespace in the RoleBinding name) so each session namespace is granted pull
access. Ensure these changes touch ensureNamespaceExists and
ensureImagePullAccess and the use of RunnerImageNamespace / ambient-image-puller
RoleBinding reconciliation.
Comment on lines
+425
to
+429
| "name": "service-ca", | ||
| "configMap": map[string]interface{}{ | ||
| "name": "openshift-service-ca.crt", | ||
| "optional": true, | ||
| }, |
Contributor
There was a problem hiding this comment.
Do not hard-wire an optional OpenShift CA file into every runner.
The service-ca ConfigMap is optional, but the runner still unconditionally exports AMBIENT_GRPC_CA_CERT_FILE, SSL_CERT_FILE, and REQUESTS_CA_BUNDLE to /etc/pki/ca-trust/extracted/pem/service-ca.crt. On clusters without openshift-service-ca.crt, TLS-enabled runners will point at a missing file and fail outbound HTTPS/gRPC before they can reach the API server/control plane.
Also applies to: 449-454, 523-527
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/ambient-control-plane/internal/reconciler/kube_reconciler.go`
around lines 425 - 429, The runner currently unconditionally sets
AMBIENT_GRPC_CA_CERT_FILE, SSL_CERT_FILE, and REQUESTS_CA_BUNDLE to
/etc/pki/ca-trust/extracted/pem/service-ca.crt even though the "service-ca"
ConfigMap key "openshift-service-ca.crt" is optional; modify the reconciler
logic in kube_reconciler.go so those env vars are only added when the service-ca
configmap/key is actually present or successfully mounted (i.e., check existence
of the ConfigMap/key before adding the volume/volumeMount and env vars),
otherwise omit the env vars (or leave them unset) to avoid pointing TLS clients
at a missing file; update the same conditional behavior where env vars are
currently set (references: the "service-ca" configMap entry and the
AMBIENT_GRPC_CA_CERT_FILE, SSL_CERT_FILE, REQUESTS_CA_BUNDLE env var
assignments).
Comment on lines
+89
to
+93
| try: | ||
| from ag_ui.encoder import EventEncoder | ||
|
|
||
| encoder = EventEncoder(accept="text/event-stream") | ||
| encoded = encoder.encode(event) |
Contributor
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
Move import outside the loop for efficiency.
from ag_ui.encoder import EventEncoder is inside the event loop, causing repeated import lookups. Move it to the top of the function or module level.
♻️ Proposed fix
+from ag_ui.encoder import EventEncoder
+
`@router.get`("/events/{thread_id}")
async def get_events(thread_id: str, request: Request):
...
async def event_stream() -> AsyncIterator[str]:
try:
+ encoder = EventEncoder(accept="text/event-stream")
while True:
...
try:
- from ag_ui.encoder import EventEncoder
-
- encoder = EventEncoder(accept="text/event-stream")
encoded = encoder.encode(event)🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/runners/ambient-runner/ambient_runner/endpoints/events.py` around
lines 89 - 93, The import and construction of EventEncoder are happening inside
the event loop (the lines with "from ag_ui.encoder import EventEncoder",
"encoder = EventEncoder(accept=\"text/event-stream\")" and
"encoder.encode(event)"); move the import statement to module-level or to the
top of the surrounding function and instantiate a single encoder
(EventEncoder(accept="text/event-stream")) once before the loop, then call
encoder.encode(event) inside the loop to avoid repeated import/creation
overhead.
Comment on lines
+158
to
+184
| async def event_stream() -> AsyncIterator[str]: | ||
| try: | ||
| while True: | ||
| if await request.is_disconnected(): | ||
| break | ||
| try: | ||
| event = await asyncio.wait_for(queue.get(), timeout=30.0) | ||
| except asyncio.TimeoutError: | ||
| yield ": heartbeat\n\n" | ||
| continue | ||
|
|
||
| et = _event_type_str(event) | ||
| if et in _FILTER_TYPES: | ||
| continue | ||
|
|
||
| try: | ||
| from ag_ui.encoder import EventEncoder | ||
|
|
||
| encoder = EventEncoder(accept="text/event-stream") | ||
| yield encoder.encode(event) | ||
| except Exception as enc_err: | ||
| logger.warning("[SSE TAP WAIT] Encode error: %s", enc_err) | ||
|
|
||
| if et in _CLOSE_TYPES: | ||
| break | ||
| finally: | ||
| active_streams.pop(thread_id, None) |
Contributor
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
Consider extracting shared streaming logic.
The event_stream() generator in both endpoints is nearly identical. Extracting to a shared helper would reduce duplication and maintenance burden.
🧰 Tools
🪛 Ruff (0.15.6)
[warning] 178-178: Do not catch blind exception: Exception
(BLE001)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/runners/ambient-runner/ambient_runner/endpoints/events.py` around
lines 158 - 184, Both endpoints define nearly identical async generator logic in
event_stream(); extract that loop into a shared helper (e.g., async def
_event_stream(queue, request, thread_id):) and have the existing event_stream
functions simply return or delegate to it. The helper should reuse
_event_type_str, _FILTER_TYPES, _CLOSE_TYPES, import and use EventEncoder the
same way, perform the same heartbeat timeout behavior, log encoder exceptions
via logger.warning, and ensure the finally block removes thread_id from
active_streams; then replace the duplicated bodies in the original event_stream
functions with calls to the new helper.
Comment on lines
+19
to
+28
| try: | ||
| from ambient_runner._grpc_client import AmbientGRPCClient | ||
|
|
||
| _grpc_client: Optional[AmbientGRPCClient] = AmbientGRPCClient.from_env() | ||
| except Exception as _grpc_init_err: | ||
| logger.warning( | ||
| "gRPC client unavailable, session messages will not be pushed: %s", | ||
| _grpc_init_err, | ||
| ) | ||
| _grpc_client = None |
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Check how other endpoints or modules handle gRPC client lifecycle
rg -n "AmbientGRPCClient" --type=py -A3 -B1Repository: ambient-code/platform
Length of output: 10058
🏁 Script executed:
#!/bin/bash
# Read the run.py file to see how _grpc_client is used
wc -l components/runners/ambient-runner/ambient_runner/endpoints/run.pyRepository: ambient-code/platform
Length of output: 134
🏁 Script executed:
# Read lines 19-150 to understand the usage pattern
sed -n '19,150p' components/runners/ambient-runner/ambient_runner/endpoints/run.pyRepository: ambient-code/platform
Length of output: 4859
🏁 Script executed:
# Search for any health check or reconnection logic in the codebase
rg -n "health|reconnect|channel|close" --type=py components/runners/ambient-runner/ambient_runner/_grpc_client.py -B2 -A2Repository: ambient-code/platform
Length of output: 2448
🏁 Script executed:
# Check if there's error handling around gRPC client usage in run.py
rg -n "_grpc_client" components/runners/ambient-runner/ambient_runner/endpoints/run.py -B3 -A3Repository: ambient-code/platform
Length of output: 1765
Module-level gRPC client lacks reconnection handling.
The _grpc_client is initialized once at module import time and shared across all requests. If the gRPC channel becomes unhealthy during runtime, subsequent push() and watch() calls will fail until the process restarts. While failures are caught and logged with graceful degradation, consider lazy initialization per-request or adding a reconnection mechanism for improved resilience in long-running deployments.
🧰 Tools
🪛 Ruff (0.15.6)
[warning] 23-23: Do not catch blind exception: Exception
(BLE001)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/runners/ambient-runner/ambient_runner/endpoints/run.py` around
lines 19 - 28, The module-level _grpc_client created via
AmbientGRPCClient.from_env() can go stale; change to lazy/reconnect behavior by
adding a helper (e.g., get_grpc_client()) that checks if _grpc_client is None or
unhealthy (use an availability/health check or catch channel errors) and if so
attempts to recreate it with AmbientGRPCClient.from_env(), assigning back to
_grpc_client; call this helper at the start of push() and watch() (or inline the
same logic) so each request will reinitialize or reconnect transparently before
attempting client.push() or client.watch(), and ensure failures still degrade
gracefully and log the recreated-attempt error.
Comment on lines
+21
to
+22
| TIMEOUT_SECONDS=300 # 5 minutes | ||
| CHECK_INTERVAL=5 # Check every 5 seconds |
Contributor
There was a problem hiding this comment.
Unused variables TIMEOUT_SECONDS and CHECK_INTERVAL.
These configuration variables are declared but never used. Either remove them or integrate them into the polling loops (lines 90, 122).
🔧 Proposed fix: use the variables or remove them
-TIMEOUT_SECONDS=300 # 5 minutes
-CHECK_INTERVAL=5 # Check every 5 seconds
+# These could be used in the polling loops below
+CR_TIMEOUT_SECONDS=30
+RUNNER_TIMEOUT_SECONDS=60Then update line 90:
-while [[ $(($(date +%s) - start_time)) -lt 30 ]]; do
+while [[ $(($(date +%s) - start_time)) -lt $CR_TIMEOUT_SECONDS ]]; do🧰 Tools
🪛 Shellcheck (0.11.0)
[warning] 21-21: TIMEOUT_SECONDS appears unused. Verify use (or export if used externally).
(SC2034)
[warning] 22-22: CHECK_INTERVAL appears unused. Verify use (or export if used externally).
(SC2034)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@test-e2e-control-plane.sh` around lines 21 - 22, TIMEOUT_SECONDS and
CHECK_INTERVAL are declared but never used; either remove these unused variables
or update the polling loops that perform waits to reference them instead of
hard-coded values. Locate the polling loops that currently use literal
timeout/interval values (the loops that perform repeated checks/waits), replace
the hard-coded numbers with $TIMEOUT_SECONDS and $CHECK_INTERVAL, and ensure the
variables are defined/exported before the loops so the shell references are
valid. If removing, delete both TIMEOUT_SECONDS and CHECK_INTERVAL declarations
and any comments referencing them.
| echo -e " • API endpoints working correctly" | ||
| echo "" | ||
| echo -e "${BLUE}📊 Test Summary:${NC}" | ||
| echo -e " • Duration: $(($(date +%s) - start_time)) seconds" |
Contributor
There was a problem hiding this comment.
Duration calculation uses wrong start time.
start_time is reset at line 87 (step 2) and again at line 119 (step 4), so the final duration on line 226 only reflects time since step 4, not the full test duration.
🔧 Proposed fix
Add a global start time variable at the beginning:
+TEST_START_TIME=$(date +%s)
+
echo -e "${BLUE}🚀 Starting End-to-End Control Plane Test${NC}"Then use it in the summary:
-echo -e " • Duration: $(($(date +%s) - start_time)) seconds"
+echo -e " • Duration: $(($(date +%s) - TEST_START_TIME)) seconds"🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@test-e2e-control-plane.sh` at line 226, The final duration print uses
start_time which was overwritten during steps; introduce a persistent global
start time (e.g., global_start_time) set once at the very start of the script
before any step resets, keep the existing per-step start_time resets for
step-level timing, and change the final summary echo (the line that currently
references start_time) to compute duration using global_start_time so the
printed total reflects the full test run.
markturansky
force-pushed
the
feat/grpc-python-runner
branch
3 times, most recently
from
60b8a3a to
251e68a
Compare
Contributor
There was a problem hiding this comment.
Actionable comments posted: 22
♻️ Duplicate comments (27)
docs/internal/developer/agent-workflow.md (1)
122-125:⚠️ Potential issue | 🟠 MajorUnify namespace contract across observe and cleanup commands.
Line 123-Line 124 still target
session-*, while the documented E2E flow uses project namespaces likesmoke-test(for example Line 261 and Line 316). Line 362 also cleans up bygrep session, which can miss active test namespaces and leave stale resources. Please define one canonical namespace selector/variable and use it consistently in both sections.Also applies to: 358-363
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/internal/developer/agent-workflow.md` around lines 122 - 125, Replace the hardcoded namespace selector "session-*" with a single canonical selector/variable (e.g., TEST_NAMESPACE or NAMESPACE_SELECTOR) and use it consistently across the observe and cleanup command examples; update occurrences of "kubectl get namespaces | grep session-", "kubectl get pods -A | grep session-", and the cleanup "grep session" lines to reference that variable (or a representative pattern like "smoke-test" if your e2e uses project namespaces) so all sections (observe and cleanup) use the same namespace contract.components/manifests/overlays/production/control-plane-image-patch.yaml (1)
10-10:⚠️ Potential issue | 🟠 MajorAvoid mutable
:latestimage in production overlay.At Line 10, using
:latestmakes deployments non-reproducible and weakens rollback guarantees. Pin an immutable digest (preferred) or a fixed release tag.Suggested fix
- image: image-registry.openshift-image-registry.svc:5000/ambient-code/ambient_control_plane:latest + image: image-registry.openshift-image-registry.svc:5000/ambient-code/ambient_control_plane@sha256:<immutable-digest>As per coding guidelines, "Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/overlays/production/control-plane-image-patch.yaml` at line 10, The deployment image currently uses a mutable tag "image: image-registry.openshift-image-registry.svc:5000/ambient-code/ambient_control_plane:latest" which makes production unreproducible; replace the :latest tag with an immutable image reference (preferred: an image digest like `@sha256`:...) or at minimum a fixed release tag (e.g., v1.2.3) in the production overlay so rollbacks and audits are deterministic.components/manifests/overlays/no-api-server/exclude-api-server-patch.yaml (1)
2-6:⚠️ Potential issue | 🟠 MajorInvalid/unsafe API-server exclusion patch.
At Line 3, removing only
/spec/template/spec/containers/0can leave an invalid Deployment pod template.
At Line 4,targetis embedded in the op payload instead of being set in overlay patch targeting config, which makes this patch brittle/non-standard.Suggested safer patch content for this file
-# This patch excludes the ambient-api-server deployment since it's already running -- op: remove - path: /spec/template/spec/containers/0 - target: - kind: Deployment - name: ambient-api-server +# Scale down ambient-api-server in no-api-server overlay +- op: replace + path: /spec/replicas + value: 0Run this to verify how the patch is wired and whether it is currently effective:
#!/bin/bash set -euo pipefail # Inspect overlay wiring fd 'kustomization.yaml' components/manifests/overlays/no-api-server --exec sed -n '1,260p' {} # Check if this patch file is referenced and how targets are specified rg -n -C3 'exclude-api-server-patch.yaml|patchesJson6902|patches:' components/manifests/overlays/no-api-server # Inspect current patch file sed -n '1,120p' components/manifests/overlays/no-api-server/exclude-api-server-patch.yamlAs per coding guidelines, "Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/overlays/no-api-server/exclude-api-server-patch.yaml` around lines 2 - 6, The current patch file embeds a non-standard "target" inside the patch and uses a brittle remove by index (/spec/template/spec/containers/0); instead convert this to a proper kustomize patch: remove the embedded target from exclude-api-server-patch.yaml and change the operation to replace the containers list (e.g., op: replace, path: /spec/template/spec/containers, value: [] ) so you don't rely on an index, then register this file in the overlay's kustomization.yaml under patchesJson6902 (or patches) with a target that explicitly identifies the Deployment (group: apps, version: v1, kind: Deployment, name: ambient-api-server); update kustomization.yaml accordingly so the patch is applied via kustomize targeting rather than embedding "target" in the patch payload.components/manifests/base/rbac/control-plane-sa.yaml (1)
7-14:⚠️ Potential issue | 🟠 MajorRemove static ServiceAccount token Secret usage.
Line 8 to Line 14 creates a long-lived SA token Secret (
kubernetes.io/service-account-token). Replace this with projected short-lived tokens (TokenRequest) mounted into the Pod.As per coding guidelines, "Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/base/rbac/control-plane-sa.yaml` around lines 7 - 14, The manifest creates a static long-lived Secret named ambient-control-plane-token tied to serviceAccount ambient-control-plane; remove this Secret resource and instead use a projected short-lived service account token (TokenRequest) mounted into pods: update the consuming Pod/Deployment to set serviceAccountName: ambient-control-plane and add a projected volume of type projected->serviceAccountToken with appropriate audience and expirationSeconds so the runtime gets a short-lived token; delete the kubernetes.io/service-account-token Secret resource (ambient-control-plane-token) and ensure any references to it are replaced to read the token from the mounted projected volume.components/manifests/overlays/no-api-server/github-app-secret.yaml (1)
11-14:⚠️ Potential issue | 🟠 MajorDo not keep a PEM-shaped placeholder in repo manifests.
Line 11 to Line 14 should be empty and injected at deploy time by secret management; this placeholder is risky and misleading.
Proposed fix
- GITHUB_PRIVATE_KEY: | - -----BEGIN RSA PRIVATE KEY----- - # paste key or leave empty and set via your secret manager - -----END RSA PRIVATE KEY----- + GITHUB_PRIVATE_KEY: ""As per coding guidelines, "Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/overlays/no-api-server/github-app-secret.yaml` around lines 11 - 14, Remove the inline PEM-shaped placeholder under the GITHUB_PRIVATE_KEY entry (the "-----BEGIN RSA PRIVATE KEY-----" block) and replace it with an empty/cleared value so no fake private key remains in the manifest; instead ensure the manifest expects the real key to be injected at deploy time via your secret manager or Kubernetes Secret (update any references to GITHUB_PRIVATE_KEY in deployment templates or Secret/ExternalSecret config to use the injected secret name).components/ambient-control-plane/Dockerfile (1)
17-17:⚠️ Potential issue | 🟠 MajorPin runtime base image to immutable tag or digest.
Line 17 uses
:latest, which makes builds non-reproducible and weakens supply-chain control.#!/bin/bash set -euo pipefail echo "== current runtime base image ==" sed -n '15,22p' components/ambient-control-plane/Dockerfile echo "== all Dockerfiles using :latest in FROM ==" rg -n '^\s*FROM\s+.+:latest\b' --glob '**/Dockerfile'As per coding guidelines, "Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/ambient-control-plane/Dockerfile` at line 17, The Dockerfile uses a floating image tag "registry.access.redhat.com/ubi9/ubi-minimal:latest" in the FROM instruction; replace the ":latest" with a specific immutable tag or a content digest (e.g., a versioned tag or sha256 digest) to make builds reproducible and improve supply-chain security—edit the FROM line in components/ambient-control-plane/Dockerfile to reference the chosen immutable tag/digest and update any CI/build docs if you roll forward the base image..github/workflows/ambient-control-plane-tests.yml (1)
1-3:⚠️ Potential issue | 🟠 MajorSet explicit least-privilege workflow permissions.
This workflow should declare a minimal
permissionsblock to avoid broad default token scopes.Proposed fix
name: Control Plane Unit Tests +permissions: + contents: read + on:As per coding guidelines, "Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/ambient-control-plane-tests.yml around lines 1 - 3, Add an explicit top-level permissions block to the "Control Plane Unit Tests" workflow to avoid broad default token scopes: declare the minimal permissions required by the job(s) under the top-level permissions key (for example, permissions: contents: read and any other specific scopes your tests need such as actions: read or id-token: write) and remove reliance on default/full token scopes; update the workflow header where "name: Control Plane Unit Tests" and the top-level "on:" key appear to include this permissions block.components/runners/ambient-runner/ambient_runner/app.py (2)
336-383:⚠️ Potential issue | 🟠 MajorRestore retry semantics for the gRPC initial-prompt path.
The HTTP path (lines 386-444) retries with exponential backoff on exceptions, but the gRPC path does a single push and only logs errors. A transient control-plane/API hiccup now drops
INITIAL_PROMPTpermanently. Apply similar retry logic to the gRPC path and close the client in afinallyblock.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/runners/ambient-runner/ambient_runner/app.py` around lines 336 - 383, The gRPC path in _push_initial_prompt_via_grpc currently does a single client.session_messages.push and logs errors, which can drop INITIAL_PROMPT on transient failures; modify _push_initial_prompt_via_grpc to wrap the push in a retry loop with exponential backoff (matching the HTTP path semantics) that catches exceptions and retries a few times before failing, include jitter/doubling backoff and log each retry, and ensure AmbientGRPCClient (created via AmbientGRPCClient.from_env) is closed in a finally block (client.close) so the client is always cleaned up even on error.
123-130:⚠️ Potential issue | 🟠 MajorBound the gRPC listener readiness wait with a timeout.
await bridge._grpc_listener.ready.wait()blocks startup indefinitely if the gRPC stream never becomes ready. The pod will hang without booting. Wrap inasyncio.wait_for(..., timeout=X)and fail fast or fall back.Suggested fix
if grpc_url and isinstance(bridge, ClaudeBridge): await bridge._setup_platform() - await bridge._grpc_listener.ready.wait() + try: + await asyncio.wait_for(bridge._grpc_listener.ready.wait(), timeout=30.0) + except asyncio.TimeoutError: + logger.error("gRPC listener failed to become ready within 30s for session %s", session_id) + raise logger.info( "gRPC listener ready for session %s — proceeding to INITIAL_PROMPT", session_id, )🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/runners/ambient-runner/ambient_runner/app.py` around lines 123 - 130, The current unconditional await bridge._grpc_listener.ready.wait() can hang indefinitely; wrap it in asyncio.wait_for(..., timeout=...) (e.g., read timeout from an env var like AMBIENT_GRPC_READY_TIMEOUT with a sensible default such as 30s) when called after bridge._setup_platform(), and catch asyncio.TimeoutError to handle failures: log an error including session_id and bridge type, then either raise/exit to fail startup fast or implement a clear fallback path (choose one and implement consistently). Update the code around bridge._setup_platform and bridge._grpc_listener.ready.wait to use this timed wait and the TimeoutError handling.components/ambient-control-plane/Makefile (1)
11-13:⚠️ Potential issue | 🟠 Major
make binaryfails from a clean checkout.After
make cleanremovesbin/, thebinarytarget writes to$(BINARY_NAME)without recreating the parent directory.Proposed fix
binary: `@echo` "Building $(BINARY_NAME) version: $(build_version)" + `@mkdir` -p $(dir $(BINARY_NAME)) go build -ldflags="$(ldflags)" -o $(BINARY_NAME) ./cmd/ambient-control-plane🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/ambient-control-plane/Makefile` around lines 11 - 13, The binary Makefile target `binary` fails when `bin/` is removed because it writes to $(BINARY_NAME) without ensuring the parent directory exists; update the `binary` target to create the output directory (e.g. `mkdir -p $(dir $(BINARY_NAME))`) before running `go build -ldflags="$(ldflags)" -o $(BINARY_NAME) ./cmd/ambient-control-plane` so the parent directory for BINARY_NAME is present even after `make clean`.components/manifests/base/ambient-control-plane-service.yml (1)
17-46:⚠️ Potential issue | 🟠 MajorHarden the control-plane pod security context.
The deployment runs with cluster-wide RBAC (can create namespaces, secrets, jobs, RBAC) but lacks pod/container security hardening. Add
securityContextat both pod and container levels withrunAsNonRoot: true,allowPrivilegeEscalation: false,readOnlyRootFilesystem: true, dropALLcapabilities, and setseccompProfile: RuntimeDefault.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/base/ambient-control-plane-service.yml` around lines 17 - 46, Add a pod-level and container-level securityContext to the ambient-control-plane pod spec: under spec add podSecurityContext with runAsNonRoot: true and seccompProfile: { type: RuntimeDefault } (or equivalent), and inside the container named "ambient-control-plane" add securityContext with runAsNonRoot: true, allowPrivilegeEscalation: false, readOnlyRootFilesystem: true, capabilities: { drop: ["ALL"] }, and seccompProfile: { type: RuntimeDefault } so the control plane cannot run as root, cannot escalate privileges, has a read-only rootfs, drops all capabilities, and uses the RuntimeDefault seccomp profile.components/manifests/overlays/no-api-server/frontend-oauth-deployment-patch.yaml (1)
22-71:⚠️ Potential issue | 🟠 MajorAdd security context to the
oauth-proxysidecar.This sidecar terminates auth traffic but runs with default container privileges. Add
securityContextwithallowPrivilegeEscalation: false,capabilities.drop: [ALL], andseccompProfile.type: RuntimeDefault.Suggested hardening
- name: oauth-proxy image: quay.io/openshift/origin-oauth-proxy:4.14 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault args:🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/overlays/no-api-server/frontend-oauth-deployment-patch.yaml` around lines 22 - 71, Add a Pod securityContext for the oauth-proxy container by inserting a securityContext block under the container named "oauth-proxy" that sets allowPrivilegeEscalation: false, capabilities: { drop: ["ALL"] }, and seccompProfile: { type: "RuntimeDefault" }; ensure this block is placed alongside the existing ports/livenessProbe/readinessProbe/resources/volumeMounts in the oauth-proxy container spec so the sidecar runs with dropped capabilities and seccomp enabled.components/manifests/overlays/production/control-plane-env-patch.yaml (1)
15-16:⚠️ Potential issue | 🟠 MajorPin
RUNNER_IMAGEto an immutable tag or digest.Using
:latestforRUNNER_IMAGEallows the runner behavior to change without a control-plane rollout. This is risky for the new gRPC contract. Use a CI-produced immutable tag or digest instead.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/overlays/production/control-plane-env-patch.yaml` around lines 15 - 16, The RUNNER_IMAGE env var is pinned to :latest; replace it with an immutable image reference (a CI-produced semantic tag or an image digest) so the control plane can't silently change; update the value for the RUNNER_IMAGE environment variable in the control-plane env patch (replace "image-registry.openshift-image-registry.svc:5000/ambient-code/vteam_claude_runner:latest" with a fixed tag like "...:vYYYYMMDD-<build>" or a digest form "...@sha256:<digest>") and ensure your CI pipeline publishes and injects that exact tag/digest for deployments.components/manifests/overlays/no-api-server/kustomization.yaml (1)
10-19:⚠️ Potential issue | 🟠 MajorThe
no-api-serveroverlay does not actually exclude API server resources.The overlay imports
../../base(which includesambient-api-server-*.ymlresources) but never references the existingexclude-api-server-patch.yamlin its patches. The API server components will still be deployed despite the overlay's name.Add the exclusion patch to the
patchessection or use a different exclusion mechanism.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/overlays/no-api-server/kustomization.yaml` around lines 10 - 19, The overlay kustomization (no-api-server) currently lists resources but never applies the exclusion patch; add the existing exclude-api-server-patch.yaml to the overlay's patches (e.g., under the patches or patchStrategicMerge key) so the ambient-api-server-* resources from the base are removed; update the no-api-server kustomization to reference exclude-api-server-patch.yaml (the patch file) so the API server components are excluded when this overlay is built.components/runners/ambient-runner/ambient_runner/_grpc_client.py (1)
122-125:⚠️ Potential issue | 🟠 MajorReset the cached session stub in
close().
close()clears_channelbut keeps_session_messagesbound to the dead channel. Any latersession_messagesaccess reuses a stale stub instead of rebuilding it.Minimal fix
def close(self) -> None: if self._channel is not None: self._channel.close() - self._channel = None + self._channel = None + self._session_messages = None🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/runners/ambient-runner/ambient_runner/_grpc_client.py` around lines 122 - 125, The close() method on the gRPC client clears self._channel but leaves the cached session stub self._session_messages pointing at a dead channel; update close() (method name: close) to also reset/clear the cached stub (self._session_messages = None or equivalent) so that subsequent accesses to session_messages rebuild a fresh stub bound to a new channel; locate the _session_messages attribute and the session_messages property/initializer and ensure the cached stub is invalidated in close().components/manifests/deploy (3)
73-90:⚠️ Potential issue | 🟠 MajorFail
oauth_setupwhen the Route host is empty.This warning path still renders
https:///oauth/callbackinto theOAuthClient, leaving broken auth config behind instead of stopping.Minimal fix
ROUTE_HOST=$(oc -n ${NAMESPACE} get route ${ROUTE_NAME} -o jsonpath='{.spec.host}' 2>/dev/null || true) if [[ -z "$ROUTE_HOST" ]]; then - echo -e "${YELLOW}Route host is empty; OAuthClient redirect URI may be incomplete.${NC}" - else - echo -e "${GREEN}Route host: https://${ROUTE_HOST}${NC}" + echo -e "${RED}❌ Route host is empty; cannot configure OAuth redirect URI.${NC}" + return 1 fi + echo -e "${GREEN}Route host: https://${ROUTE_HOST}${NC}"🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/deploy` around lines 73 - 90, The script currently proceeds even when ROUTE_HOST is empty, producing an invalid redirect URI; update the oauth setup to abort early: after computing ROUTE_HOST check if it is empty and if so print an error and exit non-zero (e.g., use echo + exit 1) instead of continuing, so the block that creates /tmp/ambient-frontend-oauthclient.yaml and the OAuthClient 'ambient-frontend' is not executed; ensure the check references ROUTE_HOST and that CLIENT_SECRET_VALUE and redirectURIs are only written when ROUTE_HOST is non-empty.
197-227:⚠️ Potential issue | 🟠 MajorMove secret files and overlay edits out of the repo working tree.
The
secretspath and the full deploy path both write plaintext OAuth material tooauth-secret.envand mutateoverlays/productionin place, but cleanup only happens on the happy path. Any failingoc/kustomizecall can leave credentials on disk andkustomization.yamldirty.Safer direction
+WORKDIR="$(mktemp -d)" +OAUTH_ENV_FILE="$(mktemp)" +trap 'rm -rf "$WORKDIR" "$OAUTH_ENV_FILE"' EXIT + +cp -R overlays/production "$WORKDIR/production" +cd "$WORKDIR/production"Run
kustomize edit/kustomize buildagainst the temp copy, and keep the generated OAuth env file outside the repository tree.Also applies to: 270-320, 403-442
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/deploy` around lines 197 - 227, The script writes plaintext OAuth secrets to OAUTH_ENV_FILE ("oauth-secret.env") inside the repo and mutates overlays in place, leaving secrets or dirty kustomization.yaml on failure; change it to create a secure temporary directory (e.g., via mktemp -d), write the CLIENT_SECRET_VALUE/COOKIE_SECRET_VALUE into an env file in that tempdir (not the repo), and run any kustomize edit/build or overlay changes against a temp copy of overlays/production, not the repo tree; ensure you set a trap to rm -rf the tempdir on EXIT so oauth_setup and any failing oc/kustomize calls cannot leave secrets or repo modifications behind, and update references to OAUTH_ENV_FILE and oauth_setup to use the temp paths.
97-109:⚠️ Potential issue | 🔴 CriticalDo not print the live OAuth client secret.
The fallback instructions echo
CLIENT_SECRET_VALUEto stdout. In CI or shared terminals that leaks the same credential later stored infrontend-oauth-config.Safer fallback
- echo "secret: ${CLIENT_SECRET_VALUE}" + echo "secret: <reuse the configured ambient-frontend client secret>"🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/deploy` around lines 97 - 109, The fallback block prints the live OAuth client secret (CLIENT_SECRET_VALUE) to stdout when OAUTH_APPLY_RC != 0, leaking credentials; change the echo that outputs "secret: ${CLIENT_SECRET_VALUE}" to not expose the real secret—either emit a placeholder (e.g. "secret: <REDACTED_CLIENT_SECRET>") or omit the secret line and add a clear instruction to create/insert the secret into the OAuthClient manifest or into frontend-oauth-config manually, and ensure the printed manifest references the ambient-frontend client name so admins can safely apply it without exposing CLIENT_SECRET_VALUE.components/runners/ambient-runner/tests/test_events_endpoint.py (1)
66-100:⚠️ Potential issue | 🟠 MajorThese
GET /events/{thread_id}tests are feeding the wrong queue.The endpoint creates a fresh queue on connect, so the local
qin the registration test is unused and the preloaded queues in the filtering tests can be overwritten. That means these cases can pass or hang without proving registration, cleanup, or filtering on the live queue. Wait foractive_streams[thread_id]to appear after opening the stream, then push the terminal event through that registered queue.Also applies to: 115-170
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/runners/ambient-runner/tests/test_events_endpoint.py` around lines 66 - 100, The tests test_registers_queue_before_streaming and test_queue_removed_after_stream_closes (and similar cases around lines 115-170) are pushing events into a local Queue that the endpoint never uses because the endpoint creates a fresh queue on connect; change each test to open the stream first (using client.stream or TestClient stream), wait until a queue is registered in active_streams with the target thread id (poll active_streams["t-..."] or await a short retry loop), then push the terminal event into that registered queue (the value from active_streams) via put_nowait(make_run_finished()); ensure you reference active_streams, make_run_finished(), client.stream/TestClient and router/FastAPI where applicable so the tests exercise the live queue the endpoint actually uses and verify removal after the stream closes.components/runners/ambient-runner/ambient_runner/_session_messages_api.py (2)
193-202:⚠️ Potential issue | 🟠 MajorGuard
_decode_varint()against truncated input.
data[pos]is read without checkingpos < len(data), so a truncated frame raisesIndexErrorfrom the parser instead of a clean decode error.Minimal fix
def _decode_varint(data: bytes, pos: int) -> tuple[int, int]: result = 0 shift = 0 while True: + if pos >= len(data): + raise ValueError("truncated varint") + if shift >= 64: + raise ValueError("varint too long") b = data[pos] pos += 1 result |= (b & 0x7F) << shift🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/runners/ambient-runner/ambient_runner/_session_messages_api.py` around lines 193 - 202, _guard _decode_varint against reading past the end of the input by checking pos < len(data) before accessing data[pos) and raise a clear decode error (e.g., ValueError("truncated varint") or a project DecodeError) instead of letting IndexError bubble up; update the _decode_varint function to validate bounds at each loop iteration (and optionally guard against excessively long varints by limiting shift/byte count) so callers get a clean, descriptive error on truncated frames.
251-274:⚠️ Potential issue | 🟠 MajorDon't stop parsing on unsupported wire types.
else: breaksilently abandons the rest of the message. During client/server version skew, a new fixed32/fixed64 field would truncate later known fields likeevent_typeorpayload.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/runners/ambient-runner/ambient_runner/_session_messages_api.py` around lines 251 - 274, The parser currently stops parsing on an unsupported wire type due to "else: break", which truncates remaining fields; update the loop that reads tag_varint (the while pos < len(data): ... block using _decode_varint) to skip unknown fields instead of breaking: for wire_type 0/varint already handled; add handling for wire_type 1 (skip 8 bytes for fixed64), wire_type 2 (read length via _decode_varint and advance pos by length), wire_type 5 (skip 4 bytes for fixed32), and for any other unexpected wire types advance or raise a clear error; ensure you perform bounds checks on pos when skipping and continue the main loop so later known fields like event_type/payload/created_at are still parsed (references: _decode_varint, _parse_timestamp, and the msg fields id/session_id/seq/event_type/payload/created_at).components/ambient-control-plane/internal/reconciler/stress_test.go (1)
344-347:⚠️ Potential issue | 🟠 MajorKeep
testing.Twrites on the main goroutine.Calling
t.Errorffrom worker goroutines can race test bookkeeping and report failures after the test has already finished. Collect errors into a channel or protected slice and assert afterwg.Wait().Proposed fix
+ errCh := make(chan error, sessionCount) + for i := 0; i < sessionCount; i++ { wg.Add(1) go func(index int) { defer wg.Done() @@ err := tallyReconciler.Reconcile(ctx, event) if err != nil { - t.Errorf("Reconcile failed for session %d: %v", index, err) + errCh <- fmt.Errorf("Reconcile failed for session %d: %v", index, err) } }(i) } wg.Wait() + close(errCh) + for err := range errCh { + t.Error(err) + } duration := time.Since(startTime)🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/ambient-control-plane/internal/reconciler/stress_test.go` around lines 344 - 347, The test currently calls t.Errorf from worker goroutines inside the loop that invokes tallyReconciler.Reconcile; change this to send errors into a buffered channel (or append to a mutex-protected slice) from the goroutine instead of calling t.Errorf directly, then after wg.Wait() drain the channel (or read the slice) on the main goroutine and call t.Errorf for each collected error; reference tallyReconciler.Reconcile for where to capture the error and wg.Wait for where to perform the assertions.components/ambient-control-plane/internal/reconciler/project_settings_reconciler.go (2)
67-69:⚠️ Potential issue | 🔴 CriticalSanitize Kubernetes object names derived from project and group identifiers.
strings.ToLower(ps.ProjectID)still allows characters Kubernetes rejects in namespace names, andrbNameuses rawgroupNamedirectly. Valid upstream IDs/groups containing_,:, spaces, etc. will fail namespace or RoleBinding reconciliation unless both names are normalized with the existing K8s-name sanitizer while keeping the original group name insubjects.Also applies to: 116-117, 141-143
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/ambient-control-plane/internal/reconciler/project_settings_reconciler.go` around lines 67 - 69, The namespace and RoleBinding names must be sanitized with the existing Kubernetes-name sanitizer instead of using raw strings; in ensureProjectSettings replace strings.ToLower(ps.ProjectID) with the sanitizer-applied name and also construct rbName from the sanitized group name (not the raw groupName), while keeping the original groupName value in the RoleBinding subjects; apply the same sanitizer usage at the other places noted around the rbName/namespace creation (lines referenced 116-117 and 141-143) so all K8s object names are valid.
190-197:⚠️ Potential issue | 🟠 MajorReject unknown roles instead of silently granting
view.Typos or unsupported values currently still produce a RoleBinding. That turns malformed input into real access; return an error or explicit sentinel and surface it in reconciliation instead of defaulting.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/ambient-control-plane/internal/reconciler/project_settings_reconciler.go` around lines 190 - 197, The current mapRoleToClusterRole silently maps unknown/typo roles to "ambient-project-view"; change mapRoleToClusterRole to return an explicit error (or a (string, bool) sentinel) instead of a default, so callers can reject malformed input in reconciliation; update any callers of mapRoleToClusterRole in project_settings_reconciler.go to check the error/boolean and surface a reconciliation failure (or requeue) rather than creating a RoleBinding for unknown roles.components/manifests/base/core/ambient-api-server-service.yml (1)
81-82:⚠️ Potential issue | 🔴 CriticalPoint the HTTPS flags at the mounted TLS secret.
tls-certsis mounted at/etc/tls, but these flags still reference/secrets/tls/.... The server will fail when it tries to load the HTTPS certificate pair from a path that does not exist in this pod.Proposed fix
- - --https-cert-file=/secrets/tls/tls.crt - - --https-key-file=/secrets/tls/tls.key + - --https-cert-file=/etc/tls/tls.crt + - --https-key-file=/etc/tls/tls.key🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/base/core/ambient-api-server-service.yml` around lines 81 - 82, Update the command-line flags --https-cert-file and --https-key-file to point at the actual mounted TLS secret path; they currently reference /secrets/tls/..., but the secret tls-certs is mounted at /etc/tls, so change the flag values to /etc/tls/tls.crt and /etc/tls/tls.key respectively so the server can load the certificate pair.components/ambient-control-plane/cmd/ambient-control-plane/main.go (1)
171-178:⚠️ Potential issue | 🟠 MajorPreserve the default HTTP transport settings when injecting the CA pool.
Replacing
http.DefaultTransportwith a freshhttp.Transportdrops proxy handling, dial/timeouts, keep-alives, pooling, and HTTP/2 defaults. Clone the existing transport and only overrideTLSClientConfig.Proposed fix
func installServiceCAIntoDefaultTransport(pool *x509.CertPool) { - http.DefaultTransport = &http.Transport{ - TLSClientConfig: &tls.Config{ - MinVersion: tls.VersionTLS12, - RootCAs: pool, - }, - } + transport, ok := http.DefaultTransport.(*http.Transport) + if !ok { + transport = &http.Transport{} + } else { + transport = transport.Clone() + } + transport.TLSClientConfig = &tls.Config{ + MinVersion: tls.VersionTLS12, + RootCAs: pool, + } + http.DefaultTransport = transport }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/ambient-control-plane/cmd/ambient-control-plane/main.go` around lines 171 - 178, The current installServiceCAIntoDefaultTransport replaces http.DefaultTransport wholesale and discards important defaults (proxy, timeouts, HTTP/2). Change it to detect and clone the existing transport (type-assert http.DefaultTransport to *http.Transport), shallow-copy it, then only replace/merge its TLSClientConfig: if TLSClientConfig is nil, set one with MinVersion tls.VersionTLS12 and RootCAs=pool; if present, ensure MinVersion is set and append/merge the provided pool into TLSClientConfig.RootCAs. Finally assign the cloned transport back to http.DefaultTransport; if the existing DefaultTransport is not a *http.Transport, fall back to creating a transport that preserves defaults as above.components/runners/ambient-runner/ambient_runner/bridges/claude/grpc_transport.py (1)
335-339:⚠️ Potential issue | 🟠 MajorMove the blocking gRPC push off the event loop.
session_messages.push()is a synchronous unary RPC inside an async method. A slow gRPC server will stall SSE fan-out and listener progress until the RPC returns.Proposed fix
- self._grpc_client.session_messages.push( - self._session_id, - event_type="assistant", - payload=payload, - ) + await asyncio.to_thread( + self._grpc_client.session_messages.push, + self._session_id, + event_type="assistant", + payload=payload, + )🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/runners/ambient-runner/ambient_runner/bridges/claude/grpc_transport.py` around lines 335 - 339, The call to the synchronous unary RPC self._grpc_client.session_messages.push(...) inside an async method blocks the event loop; move this blocking gRPC push into a thread executor so it doesn't stall SSE fan-out. Replace the direct call to self._grpc_client.session_messages.push(self._session_id, event_type="assistant", payload=payload) with an offloaded invocation via asyncio (e.g., asyncio.get_running_loop().run_in_executor(...) or asyncio.to_thread(...)) so the RPC runs on a worker thread and the async method returns immediately; keep the same arguments and preserve error handling/logging around the offloaded call.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 4fab6c7a-ae69-470b-acdf-c41f08da6f4b
⛔ Files ignored due to path filters (2)
components/ambient-control-plane/go.sumis excluded by!**/*.sumcomponents/runners/ambient-runner/uv.lockis excluded by!**/*.lock
📒 Files selected for processing (90)
.github/workflows/ambient-control-plane-tests.ymlREMOVE_CRDs.mdcomponents/ambient-control-plane/.gitignorecomponents/ambient-control-plane/CLAUDE.mdcomponents/ambient-control-plane/Dockerfilecomponents/ambient-control-plane/Dockerfile.simplecomponents/ambient-control-plane/Makefilecomponents/ambient-control-plane/README.mdcomponents/ambient-control-plane/cmd/ambient-control-plane/main.gocomponents/ambient-control-plane/go.modcomponents/ambient-control-plane/internal/config/config.gocomponents/ambient-control-plane/internal/informer/informer.gocomponents/ambient-control-plane/internal/kubeclient/kubeclient.gocomponents/ambient-control-plane/internal/kubeclient/kubeclient_test.gocomponents/ambient-control-plane/internal/reconciler/kube_reconciler.gocomponents/ambient-control-plane/internal/reconciler/project_reconciler.gocomponents/ambient-control-plane/internal/reconciler/project_settings_reconciler.gocomponents/ambient-control-plane/internal/reconciler/shared.gocomponents/ambient-control-plane/internal/reconciler/stress_test.gocomponents/ambient-control-plane/internal/reconciler/tally.gocomponents/ambient-control-plane/internal/reconciler/tally_reconciler.gocomponents/ambient-control-plane/internal/reconciler/tally_test.gocomponents/ambient-control-plane/internal/watcher/watcher.gocomponents/manifests/base/ambient-api-server-grpc-route.ymlcomponents/manifests/base/ambient-control-plane-service.ymlcomponents/manifests/base/core/ambient-api-server-service.ymlcomponents/manifests/base/kustomization.yamlcomponents/manifests/base/platform/ambient-api-server-db.ymlcomponents/manifests/base/rbac/control-plane-clusterrole.yamlcomponents/manifests/base/rbac/control-plane-clusterrolebinding.yamlcomponents/manifests/base/rbac/control-plane-sa.yamlcomponents/manifests/base/rbac/kustomization.yamlcomponents/manifests/deploycomponents/manifests/deploy-no-api-server.shcomponents/manifests/deploy.shcomponents/manifests/overlays/kind-local/control-plane-env-patch.yamlcomponents/manifests/overlays/kind-local/kustomization.yamlcomponents/manifests/overlays/kind/ambient-api-server-jwks-patch.yamlcomponents/manifests/overlays/kind/backend-ambient-api-patch.yamlcomponents/manifests/overlays/kind/control-plane-env-patch.yamlcomponents/manifests/overlays/kind/frontend-test-patch.yamlcomponents/manifests/overlays/kind/kustomization.yamlcomponents/manifests/overlays/kind/local-image-pull-policy-patch.yamlcomponents/manifests/overlays/no-api-server/ambient-api-server-route.yamlcomponents/manifests/overlays/no-api-server/api-server-image-patch.yamlcomponents/manifests/overlays/no-api-server/backend-route.yamlcomponents/manifests/overlays/no-api-server/control-plane-image-patch.yamlcomponents/manifests/overlays/no-api-server/exclude-api-server-patch.yamlcomponents/manifests/overlays/no-api-server/frontend-oauth-deployment-patch.yamlcomponents/manifests/overlays/no-api-server/frontend-oauth-patch.yamlcomponents/manifests/overlays/no-api-server/frontend-oauth-service-patch.yamlcomponents/manifests/overlays/no-api-server/github-app-secret.yamlcomponents/manifests/overlays/no-api-server/kustomization.yamlcomponents/manifests/overlays/no-api-server/namespace-patch.yamlcomponents/manifests/overlays/no-api-server/operator-config-openshift.yamlcomponents/manifests/overlays/no-api-server/postgresql-json-patch.yamlcomponents/manifests/overlays/no-api-server/public-api-route.yamlcomponents/manifests/overlays/no-api-server/route.yamlcomponents/manifests/overlays/no-api-server/unleash-init-db-patch.yamlcomponents/manifests/overlays/no-api-server/unleash-route.yamlcomponents/manifests/overlays/production/ambient-api-server-jwt-args-patch.yamlcomponents/manifests/overlays/production/ambient-api-server-route.yamlcomponents/manifests/overlays/production/api-server-image-patch.yamlcomponents/manifests/overlays/production/control-plane-env-patch.yamlcomponents/manifests/overlays/production/control-plane-image-patch.yamlcomponents/manifests/overlays/production/kustomization.yamlcomponents/runners/ambient-runner/ambient_runner/_grpc_client.pycomponents/runners/ambient-runner/ambient_runner/_session_messages_api.pycomponents/runners/ambient-runner/ambient_runner/app.pycomponents/runners/ambient-runner/ambient_runner/bridge.pycomponents/runners/ambient-runner/ambient_runner/bridges/claude/bridge.pycomponents/runners/ambient-runner/ambient_runner/bridges/claude/grpc_transport.pycomponents/runners/ambient-runner/ambient_runner/bridges/claude/mcp.pycomponents/runners/ambient-runner/ambient_runner/bridges/claude/prompts.pycomponents/runners/ambient-runner/ambient_runner/bridges/claude/session.pycomponents/runners/ambient-runner/ambient_runner/bridges/claude/tools.pycomponents/runners/ambient-runner/ambient_runner/endpoints/events.pycomponents/runners/ambient-runner/ambient_runner/endpoints/run.pycomponents/runners/ambient-runner/ambient_runner/platform/prompts.pycomponents/runners/ambient-runner/architecture.mdcomponents/runners/ambient-runner/pyproject.tomlcomponents/runners/ambient-runner/tests/test_app_initial_prompt.pycomponents/runners/ambient-runner/tests/test_bridge_claude.pycomponents/runners/ambient-runner/tests/test_events_endpoint.pycomponents/runners/ambient-runner/tests/test_grpc_transport.pydocs/internal/design/agent-api.mddocs/internal/design/blackboard-api.mddocs/internal/developer/agent-workflow.mde2e/scripts/load-images.shtest-e2e-control-plane.sh
💤 Files with no reviewable changes (3)
- components/manifests/overlays/kind/frontend-test-patch.yaml
- components/runners/ambient-runner/ambient_runner/bridges/claude/tools.py
- components/manifests/overlays/kind/ambient-api-server-jwks-patch.yaml
| github.com/ambient-code/platform/components/ambient-api-server v0.0.0 | ||
| github.com/ambient-code/platform/components/ambient-sdk/go-sdk v0.0.0 | ||
| github.com/rs/zerolog v1.34.0 | ||
| google.golang.org/grpc v1.79.1 |
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
What is the first patched version of google.golang.org/grpc for GHSA-p77j-4mvh-x3m3 (missing leading slash in :path authorization bypass)?
💡 Result:
The first patched version of google.golang.org/grpc for GHSA-p77j-4mvh-x3m3 is v1.79.3.
Citations:
- 1: https://github.com/grpc/grpc-go/releases/tag/v1.79.3
- 2: https://github.com/grpc/grpc-go/releases
- 3: https://github.com/grpc/grpc-go/security/advisories
Upgrade vulnerable gRPC dependency to v1.79.3 or later.
Line 11 pins google.golang.org/grpc v1.79.1, which is affected by GHSA-p77j-4mvh-x3m3 (authorization bypass due to missing leading slash in :path). Upgrade to v1.79.3 and refresh go.sum.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/ambient-control-plane/go.mod` at line 11, The go.mod pins a
vulnerable dependency "google.golang.org/grpc v1.79.1"; update the grpc module
version to at least v1.79.3 in go.mod (change the google.golang.org/grpc line)
and then run the module commands to refresh checksums (e.g., run go get
google.golang.org/grpc@v1.79.3 and go mod tidy) so go.sum is updated; if you use
vendoring, run go mod vendor afterwards.
Comment on lines
+93
to
+97
| home, _ := os.UserHomeDir() | ||
| localPath := home + "/.kube/config" | ||
| if _, err := os.Stat(localPath); err == nil { | ||
| return clientcmd.BuildConfigFromFlags("", localPath) | ||
| } |
Contributor
There was a problem hiding this comment.
Handle os.UserHomeDir() error to avoid unexpected fallback path.
If UserHomeDir() fails and returns an empty string, localPath becomes "/.kube/config", which could unexpectedly exist on some systems. Consider logging or falling through to in-cluster config directly on error.
🛠️ Proposed fix
- home, _ := os.UserHomeDir()
- localPath := home + "/.kube/config"
- if _, err := os.Stat(localPath); err == nil {
- return clientcmd.BuildConfigFromFlags("", localPath)
+ if home, err := os.UserHomeDir(); err == nil {
+ localPath := home + "/.kube/config"
+ if _, err := os.Stat(localPath); err == nil {
+ return clientcmd.BuildConfigFromFlags("", localPath)
+ }
}🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/ambient-control-plane/internal/kubeclient/kubeclient.go` around
lines 93 - 97, The code currently calls os.UserHomeDir() and constructs
localPath which can become "/.kube/config" if UserHomeDir() returns an empty
string; update the logic in the function that builds the kube config to check
and handle the error/empty result from os.UserHomeDir() before using localPath:
if os.UserHomeDir() returns an error or empty string, log or return that error
(or skip the filesystem check) and fall through to obtaining in-cluster config
instead of checking "/.kube/config"; keep the existing
clientcmd.BuildConfigFromFlags("", localPath) usage only when a valid home
directory is obtained and the file actually exists.
Comment on lines
+221
to
+227
| func (kc *KubeClient) GetResource(ctx context.Context, gvr schema.GroupVersionResource, namespace, name string) (*unstructured.Unstructured, error) { | ||
| return kc.dynamic.Resource(gvr).Namespace(namespace).Get(ctx, name, metav1.GetOptions{}) | ||
| } | ||
|
|
||
| func (kc *KubeClient) CreateResource(ctx context.Context, gvr schema.GroupVersionResource, namespace string, obj *unstructured.Unstructured) (*unstructured.Unstructured, error) { | ||
| return kc.dynamic.Resource(gvr).Namespace(namespace).Create(ctx, obj, metav1.CreateOptions{}) | ||
| } |
Contributor
There was a problem hiding this comment.
Generic methods assume namespaced resources.
GetResource and CreateResource always call .Namespace(namespace), which will not work correctly for cluster-scoped resources (e.g., Namespaces). The existing typed GetNamespace/CreateNamespace methods handle this correctly, but callers using the generic methods with cluster-scoped GVRs may encounter unexpected behavior.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/ambient-control-plane/internal/kubeclient/kubeclient.go` around
lines 221 - 227, GetResource and CreateResource always call
.Namespace(namespace), which fails for cluster-scoped GVRs; update these methods
(GetResource and CreateResource in kubeclient.go) to detect cluster-scoped calls
by checking if the provided namespace is empty (or otherwise determining scope)
and, when namespace == "", call kc.dynamic.Resource(gvr).Get/Create directly on
the cluster-scoped resource instead of
kc.dynamic.Resource(gvr).Namespace(namespace).Get/Create; otherwise keep using
the namespaced .Namespace(namespace) path so both namespaced and cluster-scoped
resources are handled correctly.
Comment on lines
+559
to
+561
| if session.RepoURL != "" { | ||
| env = append(env, envVar("REPOS_JSON", fmt.Sprintf(`[{"url":%q}]`, session.RepoURL))) | ||
| } |
Contributor
There was a problem hiding this comment.
JSON injection risk in REPOS_JSON construction.
Using %q with fmt.Sprintf for JSON embedding can produce invalid JSON if session.RepoURL contains certain characters. Consider using json.Marshal for proper escaping.
Suggested fix
+import "encoding/json"
+
// In buildEnv:
if session.RepoURL != "" {
- env = append(env, envVar("REPOS_JSON", fmt.Sprintf(`[{"url":%q}]`, session.RepoURL)))
+ urlBytes, _ := json.Marshal(session.RepoURL)
+ env = append(env, envVar("REPOS_JSON", fmt.Sprintf(`[{"url":%s}]`, urlBytes)))
}🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/ambient-control-plane/internal/reconciler/kube_reconciler.go`
around lines 559 - 561, The REPOS_JSON construction using fmt.Sprintf and %q
risks producing invalid JSON when session.RepoURL contains special characters;
change the logic in the kube_reconciler where envVar("REPOS_JSON", ...) is set
to build a proper JSON value by marshaling a Go value (e.g. a struct type {URL
string `json:"url"`} or a []map[string]string containing session.RepoURL) with
json.Marshal and using the resulting bytes as the env value instead of
fmt.Sprintf; update the code referencing session.RepoURL and envVar to handle
marshal errors and only append the env var when marshaling succeeds.
Comment on lines
+660
to
+665
| func min(a, b int) int { | ||
| if a < b { | ||
| return a | ||
| } | ||
| return b | ||
| } |
Contributor
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
🧩 Analysis chain
🌐 Web query:
What Go version introduced the builtin min function?
💡 Result:
Go 1.21 introduced the builtin min function.
Citations:
- 1: https://pkg.go.dev/builtin
- 2: https://go.dev/doc/go1.21
- 3: https://go.dev/ref/spec
- 4: https://go.dev/blog/go1.21
- 5: https://go.dev/doc/devel/release.html
- 6: https://pkg.go.dev/builtin@go1.21.1
🏁 Script executed:
# Check the target Go version from go.mod
cat components/ambient-control-plane/internal/reconciler/go.mod 2>/dev/null || \
find . -name "go.mod" -type f | head -5 | xargs grep "^go " 2>/dev/null | head -1Repository: ambient-code/platform
Length of output: 113
🏁 Script executed:
# If top-level go.mod exists, check it
[ -f "go.mod" ] && grep "^go " go.modRepository: ambient-code/platform
Length of output: 47
🏁 Script executed:
# Look at the actual min function and surrounding context
cat -n components/ambient-control-plane/internal/reconciler/kube_reconciler.go | sed -n '655,670p'Repository: ambient-code/platform
Length of output: 221
🏁 Script executed:
# Search for uses of the min function in the file
rg "min\(" components/ambient-control-plane/internal/reconciler/kube_reconciler.go -A 2 -B 2Repository: ambient-code/platform
Length of output: 232
Remove shadowing of builtin min function.
The project targets Go 1.24.0, which includes the builtin min function introduced in Go 1.21. This local definition shadows it. Remove this function and use the builtin instead (e.g., sessionID[:min(len(sessionID), 40)] works directly with the builtin).
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/ambient-control-plane/internal/reconciler/kube_reconciler.go`
around lines 660 - 665, Remove the local min function (named min) to avoid
shadowing the Go builtin; delete the min(a, b int) implementation and update all
call sites (e.g., any code using min like sessionID[:min(len(sessionID), 40)])
to rely on the builtin min from the standard library so they compile under Go
1.24—search for references to the local min symbol in this file (and repo) and
replace them with direct calls to the builtin min(len(...), ...) accordingly.
Comment on lines
+83
to
+89
| def _watch_in_thread( | ||
| self, | ||
| msg_queue: asyncio.Queue, | ||
| loop: asyncio.AbstractEventLoop, | ||
| stop_event: asyncio.Event, | ||
| last_seq: int, | ||
| ) -> None: |
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
cd components/runners/ambient-runner && head -200 ambient_runner/bridges/claude/grpc_transport.py | tail -150Repository: ambient-code/platform
Length of output: 5407
🏁 Script executed:
cd components/runners/ambient-runner && sed -n '75,150p' ambient_runner/bridges/claude/grpc_transport.pyRepository: ambient-code/platform
Length of output: 2717
🏁 Script executed:
cd components/runners/ambient-runner && sed -n '105,115p' ambient_runner/bridges/claude/grpc_transport.pyRepository: ambient-code/platform
Length of output: 468
🏁 Script executed:
cd components/runners/ambient-runner && sed -n '125,140p' ambient_runner/bridges/claude/grpc_transport.pyRepository: ambient-code/platform
Length of output: 572
Use threading.Event instead of asyncio.Event for cross-thread signaling.
_watch_in_thread() runs in a ThreadPoolExecutor and calls stop_event.is_set() at line 109. However, stop_event is an asyncio.Event created in the async context and may be modified (.set()) from the event loop thread. asyncio.Event is not thread-safe—it assumes single-threaded access within an event loop. Replace with threading.Event for safe cross-thread coordination.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In
`@components/runners/ambient-runner/ambient_runner/bridges/claude/grpc_transport.py`
around lines 83 - 89, The thread watcher currently accepts an asyncio.Event
which is not thread-safe; change the stop_event parameter type in
_watch_in_thread to threading.Event, create/pass a threading.Event from the
async context where you submit the task to the ThreadPoolExecutor, and update
all uses to the threading.Event API (e.g., stop_event.is_set(),
stop_event.set()). Ensure you import threading and remove any awaits like await
stop_event.wait() (if present) or replace them with thread-safe alternatives;
when the async loop needs to signal the thread, call stop_event.set()
(thread-safe) and when the thread needs to schedule back into the loop use
loop.call_soon_threadsafe for any coroutine callbacks.
Comment on lines
+236
to
+257
| try: | ||
| async for event in self._bridge.run(input_data): | ||
| active_streams: dict = getattr(self._bridge, "_active_streams", {}) | ||
| stream_queue = active_streams.get(thread_id) | ||
| if stream_queue is not None: | ||
| try: | ||
| stream_queue.put_nowait(event) | ||
| except asyncio.QueueFull: | ||
| logger.warning( | ||
| "[GRPC LISTENER] SSE tap queue full, dropping event: thread=%s", | ||
| thread_id, | ||
| ) | ||
| await writer.consume(event) | ||
| except Exception as exc: | ||
| logger.error( | ||
| "[GRPC LISTENER] bridge.run() failed: session=%s error=%s", | ||
| self._session_id, | ||
| exc, | ||
| exc_info=True, | ||
| ) | ||
| finally: | ||
| active_streams = getattr(self._bridge, "_active_streams", {}) |
Contributor
There was a problem hiding this comment.
Guarantee a terminal push when bridge.run() aborts.
GRPCMessageWriter only persists output on RUN_FINISHED / RUN_ERROR events. If bridge.run() raises before emitting one of those, this path only logs and exits, so the session can be left without a durable terminal status. Add an exception-path write, guarded so it still emits at most once.
🧰 Tools
🪛 Ruff (0.15.6)
[warning] 250-250: Logging .exception(...) should be used instead of .error(..., exc_info=True)
(G201)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In
`@components/runners/ambient-runner/ambient_runner/bridges/claude/grpc_transport.py`
around lines 236 - 257, When bridge.run() raises, emit a terminal RUN_ERROR
event to GRPCMessageWriter so sessions always get a durable terminal status;
inside the except block (where you log the failure) build a terminal error event
and await writer.consume(...) to push it, but guard emission so it happens at
most once by using the per-thread entry in self._bridge._active_streams (e.g.,
check/set a sentinel like stream_queue._terminal_sent or a "_terminal_sent" key
on the stored dict for thread_id) before emitting; reference
self._bridge._active_streams, thread_id, writer.consume, and self._session_id
when locating where to add the guarded terminal write.
Comment on lines
+155
to
+184
| queue = active_streams[thread_id] | ||
| logger.info("[SSE TAP WAIT] Queue found after %.1fs: thread=%s", elapsed, thread_id) | ||
|
|
||
| async def event_stream() -> AsyncIterator[str]: | ||
| try: | ||
| while True: | ||
| if await request.is_disconnected(): | ||
| break | ||
| try: | ||
| event = await asyncio.wait_for(queue.get(), timeout=30.0) | ||
| except asyncio.TimeoutError: | ||
| yield ": heartbeat\n\n" | ||
| continue | ||
|
|
||
| et = _event_type_str(event) | ||
| if et in _FILTER_TYPES: | ||
| continue | ||
|
|
||
| try: | ||
| from ag_ui.encoder import EventEncoder | ||
|
|
||
| encoder = EventEncoder(accept="text/event-stream") | ||
| yield encoder.encode(event) | ||
| except Exception as enc_err: | ||
| logger.warning("[SSE TAP WAIT] Encode error: %s", enc_err) | ||
|
|
||
| if et in _CLOSE_TYPES: | ||
| break | ||
| finally: | ||
| active_streams.pop(thread_id, None) |
Contributor
There was a problem hiding this comment.
/wait should not unregister a queue it did not create.
This handler attaches to active_streams[thread_id], but its finally block removes that shared entry. If another SSE consumer or the producer still depends on the same registration, fan-out stops mid-turn and later events are dropped. Cleanup here should be limited to resources this endpoint owns.
🧰 Tools
🪛 Ruff (0.15.6)
[warning] 178-178: Do not catch blind exception: Exception
(BLE001)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/runners/ambient-runner/ambient_runner/endpoints/events.py` around
lines 155 - 184, The handler currently always removes the shared
active_streams[thread_id] in the event_stream() finally clause which can
unregister a queue it did not create; change the cleanup to only remove the
mapping if this endpoint actually created/owns that queue by checking identity
(e.g. if active_streams.get(thread_id) is queue) or an ownership flag set when
inserting, and only then call active_streams.pop(thread_id, None); keep other
behavior unchanged (references: active_streams, thread_id, event_stream).
Comment on lines
+23
to
+31
| ``` | ||
| 1. RESET → Overlord resets feat/integration to main | ||
| 2. PICK → Overlord cherry-picks all commits from API and CP branches | ||
| 3. BUILD → Overlord runs: make kind-up LOCAL_IMAGES=true (or kind-rebuild if cluster exists) | ||
| 4. OBSERVE → All agents observe logs, errors, pod status | ||
| 5. FIX → API fixes API-owned components; CP fixes CP-owned components | ||
| 6. COMMIT → API and CP commit fixes to their respective branches | ||
| 7. GOTO 1 → Overlord resets and cherry-picks again for a clean build verification | ||
| ``` |
Contributor
There was a problem hiding this comment.
Fix markdownlint violations for fenced code blocks.
Static analysis findings are valid here: fenced blocks at Line 23, Line 139, and Line 156 are missing language identifiers (MD040), and blocks near Line 139 and Line 156 need surrounding blank lines (MD031).
Also applies to: 139-142, 156-159
🧰 Tools
🪛 markdownlint-cli2 (0.21.0)
[warning] 23-23: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@docs/internal/developer/agent-workflow.md` around lines 23 - 31, Add missing
fenced-code-block language identifiers and ensure blank lines surround fenced
blocks to satisfy MD040 and MD031: update the triple-backtick blocks that
contain the workflow list (the block starting with "1. RESET → Overlord resets
feat/integration to main" and the other two fenced blocks referenced in the
review) by changing ``` to ```text (or ```bash if preferred) and ensure there is
a blank line before and after each fenced block so the renderer and markdownlint
no longer raise MD040/MD031 violations.
Comment on lines
+107
to
+114
| log "${BLUE}📋 Step 3: Verifying control plane detected the session${NC}" | ||
|
|
||
| if oc logs deployment/ambient-control-plane -n ${NAMESPACE} --tail=50 | grep -q "${SESSION_ID}"; then | ||
| log "${GREEN}✅ Control plane logs show session detection${NC}" | ||
| else | ||
| log "${RED}❌ Session not found in control plane logs${NC}" | ||
| exit 1 | ||
| fi |
Contributor
There was a problem hiding this comment.
The session-detection log check is flaky.
Using oc logs --tail=50 makes the result depend on log volume; the relevant line can fall out of the last 50 entries even when reconciliation succeeded. Capture a test-start timestamp and use --since-time, or rely on the created CR/status instead of a bounded log tail.
More stable direction
+TEST_START_TIME="$(date -Iseconds)"
@@
-if oc logs deployment/ambient-control-plane -n ${NAMESPACE} --tail=50 | grep -q "${SESSION_ID}"; then
+if oc logs deployment/ambient-control-plane -n ${NAMESPACE} --since-time="${TEST_START_TIME}" | grep -q "${SESSION_ID}"; then🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@test-e2e-control-plane.sh` around lines 107 - 114, The log check using `oc
logs deployment/ambient-control-plane -n ${NAMESPACE} --tail=50` for
`${SESSION_ID}` is flaky because the matching line can roll out of the last 50
lines; modify the test to record a test-start timestamp (or use `date -u
+"%Y-%m-%dT%H:%M:%SZ"`) before creating the session and then call `oc logs ...
--since-time` with that timestamp when grepping for `${SESSION_ID}`, or
alternatively replace the log-grep entirely by querying the created CR/status
(e.g., via `oc get <resource> -n ${NAMESPACE} -o jsonpath=...` or `oc get ... -o
yaml`) to assert the session was observed; update the check around `oc logs
deployment/ambient-control-plane` and any follow-up exit logic to use the new
timestamp- or CR-based verification.
8f04a4a to
57812fa
Compare
Contributor
There was a problem hiding this comment.
Actionable comments posted: 9
♻️ Duplicate comments (25)
components/runners/ambient-runner/ambient_runner/bridge.py (1)
230-248:⚠️ Potential issue | 🟠 MajorDon't silently drop inbound session messages.
This hook now sits on the inbound gRPC message path. Leaving the base implementation as a silent no-op means a bridge that forgets to override it will discard user input with no signal. Emit at least a warning with
session_id/event_typeandpayload_lenso misconfiguration is visible.Suggested fix
async def inject_message( self, session_id: str, event_type: str, payload: str ) -> None: @@ - pass + _bridge_logger.warning( + "Inbound session message dropped by %s (session_id=%s, event_type=%s, payload_len=%d)", + self.__class__.__name__, + session_id, + event_type, + len(payload), + )🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/runners/ambient-runner/ambient_runner/bridge.py` around lines 230 - 248, The base inject_message implementation currently silently drops inbound messages; update the async method inject_message to emit a warning instead of no-op by logging the session_id, event_type, and payload length (payload_len = len(payload or "")) so misconfigured bridges are visible; use the existing logger instance (or create/get one used in this module) and include a clear message like "Dropping inbound session message" plus the three fields, then return None as before.components/runners/ambient-runner/ambient_runner/_session_messages_api.py (2)
193-202:⚠️ Potential issue | 🟠 MajorHarden
_decode_varintagainst truncated protobuf data.
data[pos]is unchecked here, so a truncated or malformed frame raisesIndexErrorfrom inside the parser and tears down message decoding. Add apos < len(data)guard before each read and cap the varint length; since this file is generated, fix the generator too.Suggested fix
def _decode_varint(data: bytes, pos: int) -> tuple[int, int]: result = 0 shift = 0 while True: + if pos >= len(data): + raise ValueError("truncated varint") + if shift >= 70: + raise ValueError("varint too long") b = data[pos] pos += 1 result |= (b & 0x7F) << shift if not (b & 0x80): return result, pos shift += 7🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/runners/ambient-runner/ambient_runner/_session_messages_api.py` around lines 193 - 202, The _decode_varint function reads bytes without bounds checking and can IndexError on truncated/malformed frames; update _decode_varint to check pos < len(data) before each byte read, enforce a maximum varint length (e.g., cap shifts/bytes to 10 for 64-bit varints) and raise a clear parsing error (ValueError or a custom DecodeError) when data ends or the varint is overly long; also propagate this change back to the protobuf generator so generated code includes the same bounds/length guard and explicit error raising.
77-84:⚠️ Potential issue | 🟠 MajorKeep session payloads out of INFO logs.
Both paths log payload previews at INFO. Those previews can contain raw user prompts or model output and will be emitted on every push/watch event. Keep INFO logs metadata-only and move any preview to DEBUG with redaction. Since this file is generated, the generator/template needs the same change.
Suggested fix
- payload_preview = payload[:120] + "..." if len(payload) > 120 else payload logger.info( - "[GRPC PUSH→] session=%s event_type=%s payload_len=%d preview=%r", + "[GRPC PUSH→] session=%s event_type=%s payload_len=%d", session_id, event_type, len(payload), - payload_preview, ) + if logger.isEnabledFor(logging.DEBUG): + payload_preview = payload[:120] + "..." if len(payload) > 120 else payload + logger.debug("[GRPC PUSH→] preview=%r", payload_preview) @@ - payload_preview = ( - msg.payload[:80] + "..." if len(msg.payload) > 80 else msg.payload - ) logger.info( - "[GRPC WATCH←] Message #%d received: session=%s seq=%d event_type=%s payload_len=%d preview=%r", + "[GRPC WATCH←] Message #%d received: session=%s seq=%d event_type=%s payload_len=%d", msg_count, msg.session_id, msg.seq, msg.event_type, len(msg.payload), - payload_preview, ) + if logger.isEnabledFor(logging.DEBUG): + payload_preview = ( + msg.payload[:80] + "..." if len(msg.payload) > 80 else msg.payload + ) + logger.debug( + "[GRPC WATCH←] preview: session=%s seq=%d preview=%r", + msg.session_id, + msg.seq, + payload_preview, + )Also applies to: 136-147
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/runners/ambient-runner/ambient_runner/_session_messages_api.py` around lines 77 - 84, The INFO log currently emits payload previews (payload_preview) which may contain sensitive user prompts; change the logger.info calls that include payload_preview to log only metadata (session_id, event_type, payload_len) at INFO, move the preview output to logger.debug and apply redaction (e.g., mask or truncate with "[REDACTED]" when sensitive) before logging; update both occurrences that construct payload_preview and call logger.info (the GRPC PUSH→ logging block and the similar block around the later logger.info usage) so INFO contains no payload content and DEBUG contains a redacted preview.components/manifests/overlays/kind-local/control-plane-env-patch.yaml (1)
15-16:⚠️ Potential issue | 🟠 MajorAlign
RUNNER_IMAGEwith the image ref that kind actually loads.
load-images.shpreloadsvteam_claude_runner:latest, but this overlay makes the control plane create Jobs withlocalhost/vteam_claude_runner:latest. Kind/containerd treats those as different refs, so session Jobs will miss the preloaded image and fall back to pulling from a nonexistent local registry.Suggested fix
- name: RUNNER_IMAGE - value: "localhost/vteam_claude_runner:latest" + value: "vteam_claude_runner:latest"🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/overlays/kind-local/control-plane-env-patch.yaml` around lines 15 - 16, The RUNNER_IMAGE value in the control plane overlay is pointed at "localhost/vteam_claude_runner:latest" which doesn't match the image preloaded by load-images.sh; update the RUNNER_IMAGE value used in the control plane Jobs/patch (the RUNNER_IMAGE env var referenced in the overlay) to the exact tag loaded by load-images.sh (e.g., "vteam_claude_runner:latest") so kind/containerd will use the preloaded image instead of trying to pull from a nonexistent local registry.components/manifests/overlays/production/control-plane-image-patch.yaml (1)
9-10:⚠️ Potential issue | 🟠 MajorAvoid mutable
:latesttag in production overlay.Using
:latestmakes deployments non-reproducible and weakens rollback/audit guarantees. Consider pinning to an immutable digest or release tag.Suggested fix
- image: image-registry.openshift-image-registry.svc:5000/ambient-code/ambient_control_plane:latest + image: image-registry.openshift-image-registry.svc:5000/ambient-code/ambient_control_plane@sha256:<immutable-digest>🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/overlays/production/control-plane-image-patch.yaml` around lines 9 - 10, The image reference for the container named "ambient-control-plane" uses the mutable ":latest" tag which breaks reproducibility; update the image field for ambient-control-plane to an immutable reference (either a release tag like vX.Y.Z or an image digest e.g. `@sha256`:...) instead of ":latest", and ensure any deployment automation or manifests that set this value (e.g., image: image-registry.openshift-image-registry.svc:5000/ambient-code/ambient_control_plane:latest) are updated to substitute the pinned tag/digest so rollbacks and audits are deterministic.components/runners/ambient-runner/tests/test_bridge_claude.py (1)
53-88:⚠️ Potential issue | 🟠 MajorTests do not exercise actual
_setup_platformbehavior.Both tests mock or bypass
_setup_platformentirely:
test_setup_platform_starts_grpc_listener_when_url_set(lines 68-71) patches out_setup_platformand manually assigns_grpc_listenertest_setup_platform_no_grpc_listener_without_url(lines 77-88) never calls_setup_platformThese tests will pass even if the gRPC setup logic in
_setup_platformregresses.Suggested approach
async def test_setup_platform_starts_grpc_listener_when_url_set(self): bridge = ClaudeBridge() ctx = RunnerContext(session_id="sess-grpc", workspace_path="/workspace") bridge.set_context(ctx) mock_listener_instance = MagicMock() mock_listener_cls = MagicMock(return_value=mock_listener_instance) with ( patch.dict("os.environ", {"AMBIENT_GRPC_URL": "localhost:9000"}), patch( "ambient_runner.bridges.claude.bridge.GRPCSessionListener", mock_listener_cls, create=True, ), - patch( - "ambient_runner.bridges.claude.bridge.ClaudeBridge._setup_platform", - new_callable=AsyncMock, - ) as mock_setup, + # Patch other _setup_platform dependencies as needed ): - mock_setup.return_value = None - bridge._grpc_listener = mock_listener_instance - assert bridge._grpc_listener is mock_listener_instance + await bridge._setup_platform() + mock_listener_cls.assert_called_once() + assert bridge._grpc_listener is mock_listener_instancecomponents/manifests/overlays/production/ambient-api-server-jwt-args-patch.yaml (1)
19-19:⚠️ Potential issue | 🟠 MajorCORS configuration may reject browser requests with Authorization header.
With
--enable-authz=trueenabled, browsers will sendAuthorizationheaders. However,--cors-allowed-headers=X-Ambient-Projectdoesn't includeAuthorization, causing CORS preflight failures.Suggested fix
- - --cors-allowed-headers=X-Ambient-Project + - --cors-allowed-headers=X-Ambient-Project,AuthorizationAlso applies to: 39-39
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/overlays/production/ambient-api-server-jwt-args-patch.yaml` at line 19, The CORS settings currently set `--cors-allowed-headers=X-Ambient-Project` will cause preflight failures when `--enable-authz=true` allows browsers to send an Authorization header; update the manifest entries that set `--cors-allowed-headers` to include `Authorization` (e.g., `--cors-allowed-headers=X-Ambient-Project,Authorization`) wherever `--enable-authz=true` is present so preflight requests succeed.components/manifests/overlays/production/control-plane-env-patch.yaml (1)
15-16:⚠️ Potential issue | 🟠 MajorPin
RUNNER_IMAGEto the tested artifact.
latestlets a later registry push change runner behavior without any control-plane rollout, which is especially risky for the new gRPC session contract. Feed the CI-produced immutable tag or digest into this env var instead.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/overlays/production/control-plane-env-patch.yaml` around lines 15 - 16, Update the RUNNER_IMAGE environment variable in the control-plane env patch: replace the mutable "…:latest" tag with the CI-produced immutable artifact (either the specific image tag or digest) so the control plane uses the tested runner artifact; modify the value string for the RUNNER_IMAGE entry in the manifest (the RUNNER_IMAGE env var in production/control-plane-env-patch.yaml) to reference the exact tag or `@sha256` digest emitted by your CI pipeline.components/runners/ambient-runner/ambient_runner/endpoints/run.py (1)
28-37:⚠️ Potential issue | 🟠 MajorDon't freeze gRPC delivery on the first startup failure.
AmbientGRPCClient.from_env()is executed once at import time and_grpc_clientis never recreated. A transient startup failure—or a later broken channel—turns every_push_event()into a permanent no-op until the pod restarts, so CP-managed sessions silently stop publishing snapshots and completion.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/runners/ambient-runner/ambient_runner/endpoints/run.py` around lines 28 - 37, AmbientGRPCClient.from_env() is called only at import time and _grpc_client is never recreated, so transient failures make _push_event() permanently no-op; change initialization to lazy/retry: in _push_event (or the helper that sends messages) check if _grpc_client is None or its channel is unhealthy and attempt to recreate it by calling AmbientGRPCClient.from_env() inside a try/except, falling back to logging on failure but not permanently disabling delivery; ensure you reference AmbientGRPCClient.from_env, the module-level _grpc_client, and the _push_event call site and make the recreate logic thread-safe (e.g., brief lock or atomic swap) to avoid races.docs/internal/design/blackboard-api.md (1)
438-453:⚠️ Potential issue | 🟠 MajorThe snapshot query still scales with global check-in history.
latest_checkinsis computed before the project filter at Line 449, so one project's dashboard refresh still walks latest rows for every agent in every project. Push the project restriction into the CTE or denormalize/indexproject_idonsession_checkins.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/internal/design/blackboard-api.md` around lines 438 - 453, The CTE latest_checkins currently runs across all session_checkins before applying WHERE a.project_id = ?, causing the snapshot to scan global check-in history; fix by restricting the CTE to the project (e.g., filter session_checkins by project_id or join agents in the CTE) or alternatively denormalize and index project_id on session_checkins so the DISTINCT ON (agent_id) scan is limited to the project's rows; update the SQL around latest_checkins and the session_checkins schema/index accordingly (referencing latest_checkins, session_checkins, agent_id, and the outer WHERE on a.project_id).components/manifests/deploy-no-api-server.sh (2)
9-10:⚠️ Potential issue | 🟠 MajorEnable
pipefailbefore the deploy pipelines.With
set -ealone, the pipelines at Line 80 and Line 116 can still look successful when the left-hand command fails. That can turn a broken build or failed log check into a partial rollout that appears healthy.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/deploy-no-api-server.sh` around lines 9 - 10, The script currently only uses "set -e", which doesn't catch failures in piped commands used in the deploy pipelines; add pipefail to the shell options so any failure in a pipeline aborts the script (e.g., change the top options to "set -euo pipefail" or add "set -o pipefail" alongside the existing "set -e"), ensuring this is set before the deploy pipeline commands referenced in the script (the deploy pipeline invocations around the deploy sections) so a failed left-hand command will cause the script to exit.
73-76:⚠️ Potential issue | 🟠 MajorDon't mutate the checked-in overlay in place.
kustomize edit set namespacerewritesoverlays/no-api-server/kustomization.yamland only restores it on the happy path. Any earlier exit leaves the working tree dirty and can point the next deploy at the wrong namespace. Use a temp copy or anEXITtrap instead.Also applies to: 135-140
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/deploy-no-api-server.sh` around lines 73 - 76, The script currently runs kustomize edit set namespace which mutates the checked-in overlay (kustomization.yaml) and can leave the repo dirty on early exits; change this to operate on a temporary copy or restore on exit by creating a temp directory or copying overlays/no-api-server/kustomization.yaml to a temp file and running kustomize against that, or add an EXIT trap that always reverts the change (e.g., capture original file, run kustomize edit set namespace "$NAMESPACE" and on EXIT move the original back); update both occurrences around the NAMESPACE logic and the block at lines ~135-140 to use the same temp-copy-or-trap approach so the working tree is never left mutated.components/runners/ambient-runner/tests/test_events_endpoint.py (1)
66-80:⚠️ Potential issue | 🟠 MajorThis registration test still never drives the queue it is supposed to verify.
The prefilled
qis never attached toactive_streams, there is no assertion thatactive_streams["t-1"]was created, andresp.read()now depends on whatever the endpoint does with an empty queue. Wait for the endpoint to register its queue, assert it, then push the terminal event through that registered queue.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/runners/ambient-runner/tests/test_events_endpoint.py` around lines 66 - 80, The test test_registers_queue_before_streaming never uses the prefilled q or asserts the endpoint-created queue; change the flow so after opening the stream with client.stream("GET", "/events/t-1") you wait until active_streams contains the key "t-1" (poll with a short timeout), assert that active_streams["t-1"] is a Queue, then put the terminal event (make_run_finished()) into that registered queue (active_streams["t-1"].put_nowait(...)) before calling resp.read() so the response body is driven by the queue the endpoint actually registered.components/manifests/base/rbac/control-plane-clusterrole.yaml (1)
21-27:⚠️ Potential issue | 🟠 MajorReduce the cluster-wide workload blast radius.
These verbs let the control-plane token create, update, and delete Secrets, Services, Pods, and Jobs in every namespace. If it leaks or the reconciler misfires, that is cluster-wide workload admin. Keep only namespace bootstrap in the
ClusterRoleand move session workload mutation into a namespacedRolebound only in controller-owned namespaces.components/runners/ambient-runner/ambient_runner/endpoints/events.py (1)
61-63:⚠️ Potential issue | 🟠 MajorOnly unregister the stream entry if it still points at your queue.
Both endpoints call
active_streams.pop(thread_id, None)unconditionally. A reconnect or overlapping consumer can replace the mapping first; then the older handler removes the live queue and later events are dropped. Guard cleanup with an identity check.♻️ Minimal fix
finally: - active_streams.pop(thread_id, None) + if active_streams.get(thread_id) is queue: + active_streams.pop(thread_id, None) logger.info("[SSE TAP] Queue removed: thread=%s", thread_id) @@ finally: - active_streams.pop(thread_id, None) + if active_streams.get(thread_id) is queue: + active_streams.pop(thread_id, None)Also applies to: 109-110, 155-185
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/runners/ambient-runner/ambient_runner/endpoints/events.py` around lines 61 - 63, When registering a per-thread queue in active_streams (the assignment active_streams[thread_id] = queue), ensure cleanup only removes the mapping if it still references the same queue: before calling active_streams.pop(thread_id, None) in the event handler/cleanup paths, check that active_streams.get(thread_id) is queue and only then pop; apply the same guard to all occurrences around lines handling active_streams (e.g., the branches near 61-63, 109-110 and the cleanup in the long-running handler 155-185) so a newer consumer isn't accidentally unregistered by an older handler.components/manifests/base/core/ambient-api-server-service.yml (1)
81-82:⚠️ Potential issue | 🔴 CriticalPoint the HTTPS cert flags at the mounted TLS secret.
tls-certsis mounted at/etc/tls, but these args still reference/secrets/tls/.... The API server will fail to start HTTPS because that path does not exist in this pod.🔧 Direct fix
- - --https-cert-file=/secrets/tls/tls.crt - - --https-key-file=/secrets/tls/tls.key + - --https-cert-file=/etc/tls/tls.crt + - --https-key-file=/etc/tls/tls.keyAlso applies to: 124-126
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/base/core/ambient-api-server-service.yml` around lines 81 - 82, The container args for the API server currently point --https-cert-file and --https-key-file at /secrets/tls/tls.crt and /secrets/tls/tls.key which don't exist because the tls-certs secret is mounted at /etc/tls; update the flags in the manifest (look for the --https-cert-file and --https-key-file arguments in the pod spec and the duplicate occurrence later) to reference /etc/tls/tls.crt and /etc/tls/tls.key so the server can find the mounted TLS secret.components/manifests/deploy (3)
97-109:⚠️ Potential issue | 🟠 MajorDo not print the live OAuth client secret in fallback instructions.
The error path echoes
CLIENT_SECRET_VALUEto stdout. In CI or shared terminals that leaks the same credential later stored infrontend-oauth-config.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/deploy` around lines 97 - 109, The fallback block that runs when OAUTH_APPLY_RC != 0 prints the live CLIENT_SECRET_VALUE to stdout (echo "secret: ${CLIENT_SECRET_VALUE}"), which can leak credentials; change the output to not include the real secret—either omit the secret line or replace it with a placeholder like "<REDACTED_CLIENT_SECRET>" and add a note to instruct admins to provide the actual secret when applying the manifest; update the fallback echo statements that reference CLIENT_SECRET_VALUE so they never interpolate the real value.
197-228:⚠️ Potential issue | 🟠 MajorSecret material and overlay edits need guaranteed cleanup on failure.
Both the
secretssubcommand and the main deploy path writeoauth-secret.envunder the repo and mutateoverlays/productionin place, but cleanup only happens at the end of the happy path. Any failingocorkustomizecall leaves credentials on disk and the working tree dirty. Use temp files/directories plus anEXITtrap before the first write/edit.Also applies to: 272-320, 403-442
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/deploy` around lines 197 - 228, The deploy script writes oauth-secret.env and mutates overlays/production but only cleans up on the happy path; add a safe temp-file/dir flow and an EXIT trap at the top of the secrets subcommand (before the first write/edit) to guarantee cleanup on any failure: create OAUTH_ENV_FILE via mktemp (or a temp dir) instead of a repo-relative path, stage overlay edits into a temporary copy and only move/apply them atomically on success, register a trap handler that removes the temp oauth env file and restores or discards overlay changes (e.g., rm -f "$OAUTH_ENV_FILE"; revert overlay temp copy) and ensure oauth_setup and any oc/kustomize failures trigger exit so the trap runs; update references to OAUTH_ENV_FILE and overlays/production and ensure final cleanup still removes any temps and leaves the repo unmodified on error.
73-90:⚠️ Potential issue | 🟠 MajorFail fast when the frontend Route has no host.
This branch only warns, then writes
https:///oauth/callbackinto theOAuthClient. That leaves a broken redirect URI behind instead of stopping the deployment.🛠️ Minimal fix
ROUTE_HOST=$(oc -n ${NAMESPACE} get route ${ROUTE_NAME} -o jsonpath='{.spec.host}' 2>/dev/null || true) if [[ -z "$ROUTE_HOST" ]]; then - echo -e "${YELLOW}Route host is empty; OAuthClient redirect URI may be incomplete.${NC}" - else - echo -e "${GREEN}Route host: https://${ROUTE_HOST}${NC}" + echo -e "${RED}❌ Route host is empty; cannot configure OAuth redirect URI.${NC}" >&2 + return 1 fi + echo -e "${GREEN}Route host: https://${ROUTE_HOST}${NC}"🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/deploy` around lines 73 - 90, The script currently only warns when ROUTE_HOST is empty but still writes an OAuthClient with an invalid redirect URI; change the logic after computing ROUTE_HOST so that if ROUTE_HOST is empty the script fails fast (exit non-zero) instead of proceeding to create the OAuthClient; specifically, update the branch that checks ROUTE_HOST (the ROUTE_HOST variable and the block that echoes the warning and later writes /tmp/ambient-frontend-oauthclient.yaml) to call exit 1 (or return a non-zero status) with a clear error message so the OAuthClient creation step (writing redirectURIs: - https://${ROUTE_HOST}/oauth/callback) is never executed when ROUTE_HOST is blank.components/runners/ambient-runner/ambient_runner/bridges/claude/grpc_transport.py (3)
83-89:⚠️ Potential issue | 🟠 MajorUse a thread-safe stop signal for the watch worker.
_watch_in_thread()runs insideThreadPoolExecutor, butstop_eventis anasyncio.Eventcreated on the event-loop thread.asyncio.Eventis not safe for cross-thread coordination, so cancellation/reconnect can race or leave the watch thread stuck. Usethreading.Eventfor this boundary.Also applies to: 108-109, 131-132, 170-172
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/runners/ambient-runner/ambient_runner/bridges/claude/grpc_transport.py` around lines 83 - 89, The watch worker uses an asyncio.Event (stop_event) across ThreadPoolExecutor boundaries which is not thread-safe; change the stop signal to a threading.Event: update the _watch_in_thread signature and any related functions (e.g., where _watch_in_thread is invoked and the helpers around lines referenced) to accept and check a threading.Event instead of asyncio.Event, adjust type hints and imports (import threading), and ensure the creator/owner on the event-loop side constructs a threading.Event and sets it from the loop when canceling/reconnecting so cross-thread coordination uses threading.Event semantics rather than asyncio.Event.
310-339:⚠️ Potential issue | 🟠 MajorRun the gRPC
push()call off the event loop.
_write_message()is async but invokes the blocking unary RPC directly. A slow network or server timeout here stalls the listener loop and delays other turns or cancellation handling.♻️ Minimal fix
- self._grpc_client.session_messages.push( - self._session_id, - event_type="assistant", - payload=payload, - ) + await asyncio.to_thread( + self._grpc_client.session_messages.push, + self._session_id, + event_type="assistant", + payload=payload, + )🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/runners/ambient-runner/ambient_runner/bridges/claude/grpc_transport.py` around lines 310 - 339, The _write_message coroutine calls the blocking unary RPC self._grpc_client.session_messages.push(...) directly, which can block the event loop; change it to run the push call off the loop using the running event loop's executor (e.g., asyncio.get_running_loop().run_in_executor or loop.run_in_executor) so the blocking push executes in a threadpool, await the future, and preserve existing logging and error handling; target the _write_message method and the self._grpc_client.session_messages.push invocation and ensure any exceptions from the push are caught/logged and do not block the listener loop.
236-257:⚠️ Potential issue | 🟠 MajorPersist a terminal error when
bridge.run()aborts before emitting one.
GRPCMessageWriteronly writes onRUN_FINISHED/RUN_ERRORevents seen inside the loop. Ifbridge.run()raises before yielding a terminal event, this path just logs and exits, so the session never gets a durable terminal assistant message/status. Emit one guarded error write from theexceptpath.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/runners/ambient-runner/ambient_runner/bridges/claude/grpc_transport.py` around lines 236 - 257, When bridge.run() raises before emitting a terminal event, we must emit a durable terminal RUN_ERROR event so GRPCMessageWriter records session termination; in the except block construct a terminal error event (type RUN_ERROR) containing the thread_id, self._session_id and the exception details, then await writer.consume(error_event) (same API used inside the loop) inside a guarded try/except so emitting the synthetic terminal event never raises; reference GRPCMessageWriter behavior, bridge.run, writer.consume, _session_id and thread_id when locating where to add this emission.REMOVE_CRDs.md (2)
462-470:⚠️ Potential issue | 🟠 MajorThis RBAC example claims guarantees Kubernetes RBAC does not provide.
resourceNames: []is unrestricted, and built-in RBAC does not narrowlist/watch/createby label selector “in code”. Leaving this as the “secure design” overstates the isolation readers will get. Replace it with a supported scope boundary such as namespace isolation, per-workload service accounts, or admission policy enforcement.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@REMOVE_CRDs.md` around lines 462 - 470, The RBAC snippet's use of resourceNames: [] together with a comment claiming label-selector enforcement is misleading because Kubernetes RBAC cannot restrict list/watch/create by label; update the rules block (the rules: entry and its resources/verbs) to use a supported scope boundary instead—for example restrict by namespace (move this rule into a Role/RoleBinding scoped to the target namespace), or bind to per-workload ServiceAccount (use subjects: - kind: ServiceAccount name: <svc>), or state that admission policy (e.g., a validating/mutating AdmissionController) is required; remove the misleading comment about label selectors and replace it with one of these supported approaches and concrete identifiers (namespace name or serviceAccount name) so readers see an enforceable boundary instead of resourceNames: [] + label-selector claim.
52-308:⚠️ Potential issue | 🟠 MajorSeparate the rejected design from the recommended path.
Line 7 says the original proposal has critical flaws, but the next sections still present a concrete migration plan and 8-week schedule for that same approach. That makes the document easy to execute incorrectly. Move the superseded plan into a clearly labeled appendix, or delete it from the main flow.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@REMOVE_CRDs.md` around lines 52 - 308, The document mixes a rejected design claim with a full migration plan—separate the superseded approach from the recommended path by moving the detailed Migration Plan (sections starting at "## Migration Plan" including "Phase 1"/"Phase 2"/"Phase 3"/"Phase 4" and the implementation timeline) into a clearly labeled appendix like "Appendix A: Deprecated Migration Plan" or remove it entirely from the main flow; update the introduction around the sentence that flags the original proposal (the paragraph referencing "critical flaws" near the top) to point readers to the appendix for the old plan and ensure the main document only contains the endorsed recommendation and operational guidance.docs/internal/developer/agent-workflow.md (1)
122-125:⚠️ Potential issue | 🟠 MajorUse one namespace contract throughout this workflow.
These commands still assume
session-*, but the end-to-end flow later provisions runners in the project namespace (smoke-test). Following them will miss live sessions, and the cleanup recipe targets the wrong namespaces. Replace both sections with the same project namespace variable/pattern.Also applies to: 358-362
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/internal/developer/agent-workflow.md` around lines 122 - 125, The workflow uses two different namespace patterns (commands using "session-") while the end-to-end flow provisions runners into the project namespace (e.g., "smoke-test"); update both occurrences (the session namespace listings and the cleanup recipe) to use a single namespace variable/pattern (for example PROJECT_NAMESPACE or the literal "smoke-test") and change the kubectl commands to target that namespace (use -n $PROJECT_NAMESPACE or grep for the same pattern) so all listings, session detection, and cleanup consistently reference the same namespace.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@components/manifests/base/platform/ambient-api-server-db.yml`:
- Around line 59-104: The postgresql container in ambient-api-server-db.yml is
missing resources.requests and resources.limits; add a resources block under the
container named "postgresql" that defines both requests (minimum cpu/memory for
scheduling, e.g. cpu and memory) and limits (upper bounds to avoid OOMs/CPU
exhaustion) — set sensible values for your workload (e.g. requests: cpu/memory
and limits: cpu/memory) and ensure the keys are resources.requests and
resources.limits so the scheduler can place the pod and Kubernetes can enforce
resource caps.
In `@components/manifests/overlays/production/kustomization.yaml`:
- Around line 81-83: The kustomization overlay currently pins the image with
newName: quay.io/ambient_code/ambient_control_plane and newTag: latest, which is
unsafe for production; change the image reference in this kustomization to a
specific release tag or digest instead of "latest" (e.g., replace newTag: latest
with newTag: <RELEASE_TAG> or use newDigest: sha256:<DIGEST>) so deployments are
deterministic; update the entry that references
quay.io/ambient_code/ambient_control_plane (the newName/newTag pair) and ensure
your CI or deployment pipeline injects the concrete tag/digest if you need to
keep the file generic.
In `@components/runners/ambient-runner/ambient_runner/app.py`:
- Around line 363-369: The synchronous gRPC call
client.session_messages.push(session_id, event_type="user",
payload=_json.dumps(payload)) is being invoked inside an async function and will
block the event loop; change it to run in a thread pool by awaiting its
execution via asyncio.get_event_loop().run_in_executor(...) or
asyncio.to_thread(...) so the call executes off the event loop and the returned
value is preserved in result; import asyncio if needed and replace the direct
call with an awaited run_in_executor/to_thread wrapper around
client.session_messages.push while keeping the same arguments (session_id,
event_type="user", payload=_json.dumps(payload)).
In
`@components/runners/ambient-runner/ambient_runner/bridges/claude/grpc_transport.py`:
- Around line 241-247: The current put_nowait call drops events (including
terminal RUN_FINISHED / RUN_ERROR) when stream_queue is full; instead, on
QueueFull check if event.type is a terminal (RUN_FINISHED or RUN_ERROR) and if
so free space by evicting older non-terminal items from stream_queue (use
stream_queue.get_nowait in a loop until there's capacity or only terminal items
remain) before retrying put_nowait; only log a warning when you drop a
non-terminal event (keep thread_id in the log) and ensure terminal events are
always enqueued so /events receives the close signal.
In `@components/runners/ambient-runner/ambient_runner/endpoints/run.py`:
- Around line 40-60: The current _push_event function filters out everything
except MESSAGES_SNAPSHOT and RUN_FINISHED so RunErrorEvent never gets persisted
or pushed to gRPC consumers; modify _push_event to treat RUN_ERROR like the
other terminal events by allowing event_type_str == "RUN_ERROR" (persisting it
to the session stream), and ensure the exception path that builds a
RunErrorEvent pushes/persists that RUN_ERROR fallback to the gRPC stream (via
_push_event) before yielding it to SSE; update any related logic that builds the
fallback RunErrorEvent to call _push_event(session_id, run_error_event) prior to
returning/raising so CP-managed sessions receive a terminal gRPC event.
- Around line 173-189: Remove user prompt text from info-level logs: in the
logging around msg_count/last_role (using run_agent_input.thread_id and
run_agent_input.run_id) stop passing last_content_preview to logger.info and
only log high-level metadata (thread_id, run_id, msg_count, last_role). Move the
detailed prompt preview into a logger.debug call that redacts or summarizes
content (e.g., show "<redacted>" or content length) using the existing
last_content_preview variable. Do the same for per-event "[OUTBOUND SSE]"
tracing (make those debug-level and redact full prompt chunks) so prompt text is
not written to info logs and event traces are aggregated/redacted.
In `@components/runners/ambient-runner/tests/test_grpc_transport.py`:
- Around line 152-208: Both tests are not asserting the behaviors they claim: in
test_user_message_triggers_bridge_run you must verify that GRPCSessionListener
actually invoked bridge.run, and in test_invalid_json_payload_skipped_gracefully
you must prove the listener stayed alive after a bad payload. Fix by replacing
the dummy bridge.run with a coroutine that sets an asyncio.Event or increments a
counter (e.g., create an asyncio.Event named run_called and assign bridge.run to
an async function that sets run_called.set()), then await/run_called.wait() and
assert it was set in test_user_message_triggers_bridge_run; for
test_invalid_json_payload_skipped_gracefully send a subsequent valid message (or
set a follow-up event) and assert the listener still processes it (or that
listener.ready is still set and no exception occurred), using the same pattern
to detect bridge.run invocations on valid messages via GRPCSessionListener and
bridge.run.
In `@test-e2e-control-plane.sh`:
- Around line 149-164: The test currently masks failures and uses an outdated
request body for the session messages endpoint: update the POST to
/api/ambient/v1/sessions/${SESSION_ID}/messages (the curl call that sets
MESSAGE_RESPONSE) to send the current request shape required to trigger the gRPC
path, remove the trailing "|| true" so failures surface, and keep the existing
jq check for '.id' (which assigns MESSAGE_ID) so the test will fail if the API
doesn't return the expected message metadata.
- Around line 48-52: The test currently asserts on the legacy AgenticSession CR
(CR_NAME) in namespace "default"—replace those checks and cleanup that reference
AgenticSession with assertions against the new direct-control-plane outputs:
verify the created project namespace exists (check for the namespace name
produced by the test), verify the runner workload (the runner
Pod/Deployment/ReplicaSet created for the session) is present and Ready in that
project namespace, and verify the session status via the new session resource or
pod annotations/labels that indicate session success; update any delete/cleanup
steps to remove the project namespace and runner workload rather than deleting
AgenticSession, and remove all references to agenticsessions.vteam.ambient-code
and CR_NAME usage throughout (also apply same changes where AgenticSession
checks appear at the other ranges noted).
---
Duplicate comments:
In `@components/manifests/base/core/ambient-api-server-service.yml`:
- Around line 81-82: The container args for the API server currently point
--https-cert-file and --https-key-file at /secrets/tls/tls.crt and
/secrets/tls/tls.key which don't exist because the tls-certs secret is mounted
at /etc/tls; update the flags in the manifest (look for the --https-cert-file
and --https-key-file arguments in the pod spec and the duplicate occurrence
later) to reference /etc/tls/tls.crt and /etc/tls/tls.key so the server can find
the mounted TLS secret.
In `@components/manifests/deploy`:
- Around line 97-109: The fallback block that runs when OAUTH_APPLY_RC != 0
prints the live CLIENT_SECRET_VALUE to stdout (echo "secret:
${CLIENT_SECRET_VALUE}"), which can leak credentials; change the output to not
include the real secret—either omit the secret line or replace it with a
placeholder like "<REDACTED_CLIENT_SECRET>" and add a note to instruct admins to
provide the actual secret when applying the manifest; update the fallback echo
statements that reference CLIENT_SECRET_VALUE so they never interpolate the real
value.
- Around line 197-228: The deploy script writes oauth-secret.env and mutates
overlays/production but only cleans up on the happy path; add a safe
temp-file/dir flow and an EXIT trap at the top of the secrets subcommand (before
the first write/edit) to guarantee cleanup on any failure: create OAUTH_ENV_FILE
via mktemp (or a temp dir) instead of a repo-relative path, stage overlay edits
into a temporary copy and only move/apply them atomically on success, register a
trap handler that removes the temp oauth env file and restores or discards
overlay changes (e.g., rm -f "$OAUTH_ENV_FILE"; revert overlay temp copy) and
ensure oauth_setup and any oc/kustomize failures trigger exit so the trap runs;
update references to OAUTH_ENV_FILE and overlays/production and ensure final
cleanup still removes any temps and leaves the repo unmodified on error.
- Around line 73-90: The script currently only warns when ROUTE_HOST is empty
but still writes an OAuthClient with an invalid redirect URI; change the logic
after computing ROUTE_HOST so that if ROUTE_HOST is empty the script fails fast
(exit non-zero) instead of proceeding to create the OAuthClient; specifically,
update the branch that checks ROUTE_HOST (the ROUTE_HOST variable and the block
that echoes the warning and later writes /tmp/ambient-frontend-oauthclient.yaml)
to call exit 1 (or return a non-zero status) with a clear error message so the
OAuthClient creation step (writing redirectURIs: -
https://${ROUTE_HOST}/oauth/callback) is never executed when ROUTE_HOST is
blank.
In `@components/manifests/deploy-no-api-server.sh`:
- Around line 9-10: The script currently only uses "set -e", which doesn't catch
failures in piped commands used in the deploy pipelines; add pipefail to the
shell options so any failure in a pipeline aborts the script (e.g., change the
top options to "set -euo pipefail" or add "set -o pipefail" alongside the
existing "set -e"), ensuring this is set before the deploy pipeline commands
referenced in the script (the deploy pipeline invocations around the deploy
sections) so a failed left-hand command will cause the script to exit.
- Around line 73-76: The script currently runs kustomize edit set namespace
which mutates the checked-in overlay (kustomization.yaml) and can leave the repo
dirty on early exits; change this to operate on a temporary copy or restore on
exit by creating a temp directory or copying
overlays/no-api-server/kustomization.yaml to a temp file and running kustomize
against that, or add an EXIT trap that always reverts the change (e.g., capture
original file, run kustomize edit set namespace "$NAMESPACE" and on EXIT move
the original back); update both occurrences around the NAMESPACE logic and the
block at lines ~135-140 to use the same temp-copy-or-trap approach so the
working tree is never left mutated.
In `@components/manifests/overlays/kind-local/control-plane-env-patch.yaml`:
- Around line 15-16: The RUNNER_IMAGE value in the control plane overlay is
pointed at "localhost/vteam_claude_runner:latest" which doesn't match the image
preloaded by load-images.sh; update the RUNNER_IMAGE value used in the control
plane Jobs/patch (the RUNNER_IMAGE env var referenced in the overlay) to the
exact tag loaded by load-images.sh (e.g., "vteam_claude_runner:latest") so
kind/containerd will use the preloaded image instead of trying to pull from a
nonexistent local registry.
In
`@components/manifests/overlays/production/ambient-api-server-jwt-args-patch.yaml`:
- Line 19: The CORS settings currently set
`--cors-allowed-headers=X-Ambient-Project` will cause preflight failures when
`--enable-authz=true` allows browsers to send an Authorization header; update
the manifest entries that set `--cors-allowed-headers` to include
`Authorization` (e.g., `--cors-allowed-headers=X-Ambient-Project,Authorization`)
wherever `--enable-authz=true` is present so preflight requests succeed.
In `@components/manifests/overlays/production/control-plane-env-patch.yaml`:
- Around line 15-16: Update the RUNNER_IMAGE environment variable in the
control-plane env patch: replace the mutable "…:latest" tag with the CI-produced
immutable artifact (either the specific image tag or digest) so the control
plane uses the tested runner artifact; modify the value string for the
RUNNER_IMAGE entry in the manifest (the RUNNER_IMAGE env var in
production/control-plane-env-patch.yaml) to reference the exact tag or `@sha256`
digest emitted by your CI pipeline.
In `@components/manifests/overlays/production/control-plane-image-patch.yaml`:
- Around line 9-10: The image reference for the container named
"ambient-control-plane" uses the mutable ":latest" tag which breaks
reproducibility; update the image field for ambient-control-plane to an
immutable reference (either a release tag like vX.Y.Z or an image digest e.g.
`@sha256`:...) instead of ":latest", and ensure any deployment automation or
manifests that set this value (e.g., image:
image-registry.openshift-image-registry.svc:5000/ambient-code/ambient_control_plane:latest)
are updated to substitute the pinned tag/digest so rollbacks and audits are
deterministic.
In `@components/runners/ambient-runner/ambient_runner/_session_messages_api.py`:
- Around line 193-202: The _decode_varint function reads bytes without bounds
checking and can IndexError on truncated/malformed frames; update _decode_varint
to check pos < len(data) before each byte read, enforce a maximum varint length
(e.g., cap shifts/bytes to 10 for 64-bit varints) and raise a clear parsing
error (ValueError or a custom DecodeError) when data ends or the varint is
overly long; also propagate this change back to the protobuf generator so
generated code includes the same bounds/length guard and explicit error raising.
- Around line 77-84: The INFO log currently emits payload previews
(payload_preview) which may contain sensitive user prompts; change the
logger.info calls that include payload_preview to log only metadata (session_id,
event_type, payload_len) at INFO, move the preview output to logger.debug and
apply redaction (e.g., mask or truncate with "[REDACTED]" when sensitive) before
logging; update both occurrences that construct payload_preview and call
logger.info (the GRPC PUSH→ logging block and the similar block around the later
logger.info usage) so INFO contains no payload content and DEBUG contains a
redacted preview.
In `@components/runners/ambient-runner/ambient_runner/bridge.py`:
- Around line 230-248: The base inject_message implementation currently silently
drops inbound messages; update the async method inject_message to emit a warning
instead of no-op by logging the session_id, event_type, and payload length
(payload_len = len(payload or "")) so misconfigured bridges are visible; use the
existing logger instance (or create/get one used in this module) and include a
clear message like "Dropping inbound session message" plus the three fields,
then return None as before.
In
`@components/runners/ambient-runner/ambient_runner/bridges/claude/grpc_transport.py`:
- Around line 83-89: The watch worker uses an asyncio.Event (stop_event) across
ThreadPoolExecutor boundaries which is not thread-safe; change the stop signal
to a threading.Event: update the _watch_in_thread signature and any related
functions (e.g., where _watch_in_thread is invoked and the helpers around lines
referenced) to accept and check a threading.Event instead of asyncio.Event,
adjust type hints and imports (import threading), and ensure the creator/owner
on the event-loop side constructs a threading.Event and sets it from the loop
when canceling/reconnecting so cross-thread coordination uses threading.Event
semantics rather than asyncio.Event.
- Around line 310-339: The _write_message coroutine calls the blocking unary RPC
self._grpc_client.session_messages.push(...) directly, which can block the event
loop; change it to run the push call off the loop using the running event loop's
executor (e.g., asyncio.get_running_loop().run_in_executor or
loop.run_in_executor) so the blocking push executes in a threadpool, await the
future, and preserve existing logging and error handling; target the
_write_message method and the self._grpc_client.session_messages.push invocation
and ensure any exceptions from the push are caught/logged and do not block the
listener loop.
- Around line 236-257: When bridge.run() raises before emitting a terminal
event, we must emit a durable terminal RUN_ERROR event so GRPCMessageWriter
records session termination; in the except block construct a terminal error
event (type RUN_ERROR) containing the thread_id, self._session_id and the
exception details, then await writer.consume(error_event) (same API used inside
the loop) inside a guarded try/except so emitting the synthetic terminal event
never raises; reference GRPCMessageWriter behavior, bridge.run, writer.consume,
_session_id and thread_id when locating where to add this emission.
In `@components/runners/ambient-runner/ambient_runner/endpoints/events.py`:
- Around line 61-63: When registering a per-thread queue in active_streams (the
assignment active_streams[thread_id] = queue), ensure cleanup only removes the
mapping if it still references the same queue: before calling
active_streams.pop(thread_id, None) in the event handler/cleanup paths, check
that active_streams.get(thread_id) is queue and only then pop; apply the same
guard to all occurrences around lines handling active_streams (e.g., the
branches near 61-63, 109-110 and the cleanup in the long-running handler
155-185) so a newer consumer isn't accidentally unregistered by an older
handler.
In `@components/runners/ambient-runner/ambient_runner/endpoints/run.py`:
- Around line 28-37: AmbientGRPCClient.from_env() is called only at import time
and _grpc_client is never recreated, so transient failures make _push_event()
permanently no-op; change initialization to lazy/retry: in _push_event (or the
helper that sends messages) check if _grpc_client is None or its channel is
unhealthy and attempt to recreate it by calling AmbientGRPCClient.from_env()
inside a try/except, falling back to logging on failure but not permanently
disabling delivery; ensure you reference AmbientGRPCClient.from_env, the
module-level _grpc_client, and the _push_event call site and make the recreate
logic thread-safe (e.g., brief lock or atomic swap) to avoid races.
In `@components/runners/ambient-runner/tests/test_events_endpoint.py`:
- Around line 66-80: The test test_registers_queue_before_streaming never uses
the prefilled q or asserts the endpoint-created queue; change the flow so after
opening the stream with client.stream("GET", "/events/t-1") you wait until
active_streams contains the key "t-1" (poll with a short timeout), assert that
active_streams["t-1"] is a Queue, then put the terminal event
(make_run_finished()) into that registered queue
(active_streams["t-1"].put_nowait(...)) before calling resp.read() so the
response body is driven by the queue the endpoint actually registered.
In `@docs/internal/design/blackboard-api.md`:
- Around line 438-453: The CTE latest_checkins currently runs across all
session_checkins before applying WHERE a.project_id = ?, causing the snapshot to
scan global check-in history; fix by restricting the CTE to the project (e.g.,
filter session_checkins by project_id or join agents in the CTE) or
alternatively denormalize and index project_id on session_checkins so the
DISTINCT ON (agent_id) scan is limited to the project's rows; update the SQL
around latest_checkins and the session_checkins schema/index accordingly
(referencing latest_checkins, session_checkins, agent_id, and the outer WHERE on
a.project_id).
In `@docs/internal/developer/agent-workflow.md`:
- Around line 122-125: The workflow uses two different namespace patterns
(commands using "session-") while the end-to-end flow provisions runners into
the project namespace (e.g., "smoke-test"); update both occurrences (the session
namespace listings and the cleanup recipe) to use a single namespace
variable/pattern (for example PROJECT_NAMESPACE or the literal "smoke-test") and
change the kubectl commands to target that namespace (use -n $PROJECT_NAMESPACE
or grep for the same pattern) so all listings, session detection, and cleanup
consistently reference the same namespace.
In `@REMOVE_CRDs.md`:
- Around line 462-470: The RBAC snippet's use of resourceNames: [] together with
a comment claiming label-selector enforcement is misleading because Kubernetes
RBAC cannot restrict list/watch/create by label; update the rules block (the
rules: entry and its resources/verbs) to use a supported scope boundary
instead—for example restrict by namespace (move this rule into a
Role/RoleBinding scoped to the target namespace), or bind to per-workload
ServiceAccount (use subjects: - kind: ServiceAccount name: <svc>), or state that
admission policy (e.g., a validating/mutating AdmissionController) is required;
remove the misleading comment about label selectors and replace it with one of
these supported approaches and concrete identifiers (namespace name or
serviceAccount name) so readers see an enforceable boundary instead of
resourceNames: [] + label-selector claim.
- Around line 52-308: The document mixes a rejected design claim with a full
migration plan—separate the superseded approach from the recommended path by
moving the detailed Migration Plan (sections starting at "## Migration Plan"
including "Phase 1"/"Phase 2"/"Phase 3"/"Phase 4" and the implementation
timeline) into a clearly labeled appendix like "Appendix A: Deprecated Migration
Plan" or remove it entirely from the main flow; update the introduction around
the sentence that flags the original proposal (the paragraph referencing
"critical flaws" near the top) to point readers to the appendix for the old plan
and ensure the main document only contains the endorsed recommendation and
operational guidance.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 445a6187-66e4-4bc4-b82a-623f2b57739a
⛔ Files ignored due to path filters (1)
components/runners/ambient-runner/uv.lockis excluded by!**/*.lock
📒 Files selected for processing (51)
.github/workflows/ambient-control-plane-tests.ymlREMOVE_CRDs.mdcomponents/manifests/base/ambient-api-server-grpc-route.ymlcomponents/manifests/base/ambient-control-plane-service.ymlcomponents/manifests/base/core/ambient-api-server-service.ymlcomponents/manifests/base/kustomization.yamlcomponents/manifests/base/platform/ambient-api-server-db.ymlcomponents/manifests/base/rbac/control-plane-clusterrole.yamlcomponents/manifests/base/rbac/control-plane-clusterrolebinding.yamlcomponents/manifests/base/rbac/control-plane-sa.yamlcomponents/manifests/base/rbac/kustomization.yamlcomponents/manifests/deploycomponents/manifests/deploy-no-api-server.shcomponents/manifests/deploy.shcomponents/manifests/overlays/kind-local/control-plane-env-patch.yamlcomponents/manifests/overlays/kind-local/kustomization.yamlcomponents/manifests/overlays/kind/ambient-api-server-jwks-patch.yamlcomponents/manifests/overlays/kind/backend-ambient-api-patch.yamlcomponents/manifests/overlays/kind/control-plane-env-patch.yamlcomponents/manifests/overlays/kind/frontend-test-patch.yamlcomponents/manifests/overlays/kind/kustomization.yamlcomponents/manifests/overlays/kind/local-image-pull-policy-patch.yamlcomponents/manifests/overlays/production/ambient-api-server-jwt-args-patch.yamlcomponents/manifests/overlays/production/ambient-api-server-route.yamlcomponents/manifests/overlays/production/api-server-image-patch.yamlcomponents/manifests/overlays/production/control-plane-env-patch.yamlcomponents/manifests/overlays/production/control-plane-image-patch.yamlcomponents/manifests/overlays/production/kustomization.yamlcomponents/runners/ambient-runner/ambient_runner/_grpc_client.pycomponents/runners/ambient-runner/ambient_runner/_session_messages_api.pycomponents/runners/ambient-runner/ambient_runner/app.pycomponents/runners/ambient-runner/ambient_runner/bridge.pycomponents/runners/ambient-runner/ambient_runner/bridges/claude/bridge.pycomponents/runners/ambient-runner/ambient_runner/bridges/claude/grpc_transport.pycomponents/runners/ambient-runner/ambient_runner/bridges/claude/mcp.pycomponents/runners/ambient-runner/ambient_runner/bridges/claude/prompts.pycomponents/runners/ambient-runner/ambient_runner/bridges/claude/session.pycomponents/runners/ambient-runner/ambient_runner/bridges/claude/tools.pycomponents/runners/ambient-runner/ambient_runner/endpoints/events.pycomponents/runners/ambient-runner/ambient_runner/endpoints/run.pycomponents/runners/ambient-runner/ambient_runner/platform/prompts.pycomponents/runners/ambient-runner/architecture.mdcomponents/runners/ambient-runner/pyproject.tomlcomponents/runners/ambient-runner/tests/test_app_initial_prompt.pycomponents/runners/ambient-runner/tests/test_bridge_claude.pycomponents/runners/ambient-runner/tests/test_events_endpoint.pycomponents/runners/ambient-runner/tests/test_grpc_transport.pydocs/internal/design/blackboard-api.mddocs/internal/developer/agent-workflow.mde2e/scripts/load-images.shtest-e2e-control-plane.sh
💤 Files with no reviewable changes (3)
- components/runners/ambient-runner/ambient_runner/bridges/claude/tools.py
- components/manifests/overlays/kind/frontend-test-patch.yaml
- components/manifests/overlays/kind/ambient-api-server-jwks-patch.yaml
Comment on lines
59
to
+104
| containers: | ||
| - name: postgresql | ||
| image: postgres:16 | ||
| ports: | ||
| - containerPort: 5432 | ||
| name: postgresql | ||
| image: registry.redhat.io/rhel9/postgresql-16:latest | ||
| imagePullPolicy: IfNotPresent | ||
| env: | ||
| - name: POSTGRES_USER | ||
| - name: POSTGRESQL_USER | ||
| valueFrom: | ||
| secretKeyRef: | ||
| key: db.user | ||
| name: ambient-api-server-db | ||
| - name: POSTGRES_PASSWORD | ||
| - name: POSTGRESQL_PASSWORD | ||
| valueFrom: | ||
| secretKeyRef: | ||
| key: db.password | ||
| name: ambient-api-server-db | ||
| - name: POSTGRES_DB | ||
| - name: POSTGRESQL_DATABASE | ||
| valueFrom: | ||
| secretKeyRef: | ||
| key: db.name | ||
| name: ambient-api-server-db | ||
| - name: PGDATA | ||
| value: /var/lib/postgresql/data/pgdata | ||
| volumeMounts: | ||
| - name: ambient-api-server-db-data | ||
| mountPath: /var/lib/postgresql/data | ||
| readinessProbe: | ||
| exec: | ||
| command: | ||
| - /bin/sh | ||
| - -c | ||
| - pg_isready -U "$POSTGRES_USER" | ||
| initialDelaySeconds: 10 | ||
| periodSeconds: 10 | ||
| timeoutSeconds: 5 | ||
| ports: | ||
| - containerPort: 5432 | ||
| protocol: TCP | ||
| livenessProbe: | ||
| tcpSocket: | ||
| port: 5432 | ||
| initialDelaySeconds: 120 | ||
| timeoutSeconds: 10 | ||
| readinessProbe: | ||
| exec: | ||
| command: | ||
| - /bin/sh | ||
| - -c | ||
| - pg_isready -U "$POSTGRES_USER" | ||
| initialDelaySeconds: 30 | ||
| periodSeconds: 30 | ||
| timeoutSeconds: 5 | ||
| - exec pg_isready -U $POSTGRESQL_USER -d $POSTGRESQL_DATABASE -h localhost -p 5432 | ||
| initialDelaySeconds: 5 | ||
| timeoutSeconds: 1 | ||
| volumeMounts: | ||
| - mountPath: /var/lib/pgsql/data | ||
| name: ambient-api-server-db-data | ||
| securityContext: | ||
| allowPrivilegeEscalation: false | ||
| readOnlyRootFilesystem: false | ||
| runAsNonRoot: true | ||
| capabilities: | ||
| drop: | ||
| - ALL |
Contributor
There was a problem hiding this comment.
Add resource requests and limits for the PostgreSQL container.
The container lacks resources.requests and resources.limits. Without these, the scheduler cannot make informed placement decisions, and the pod risks OOMKill or starvation under load.
Proposed fix
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
runAsNonRoot: true
capabilities:
drop:
- ALL
+ resources:
+ requests:
+ cpu: 100m
+ memory: 256Mi
+ limits:
+ cpu: 500m
+ memory: 512Mi
volumes:🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/manifests/base/platform/ambient-api-server-db.yml` around lines 59
- 104, The postgresql container in ambient-api-server-db.yml is missing
resources.requests and resources.limits; add a resources block under the
container named "postgresql" that defines both requests (minimum cpu/memory for
scheduling, e.g. cpu and memory) and limits (upper bounds to avoid OOMs/CPU
exhaustion) — set sensible values for your workload (e.g. requests: cpu/memory
and limits: cpu/memory) and ensure the keys are resources.requests and
resources.limits so the scheduler can place the pod and Kubernetes can enforce
resource caps.
Comment on lines
+81
to
+83
| - name: quay.io/ambient_code/ambient_control_plane:latest | ||
| newName: quay.io/ambient_code/ambient_control_plane | ||
| newTag: latest |
Contributor
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
Consider pinning to a specific image tag for production.
Using newTag: latest in production can lead to non-deterministic deployments. While CI may set specific tags at deploy time, the base overlay should ideally reference a release tag or digest for reproducibility.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/manifests/overlays/production/kustomization.yaml` around lines 81
- 83, The kustomization overlay currently pins the image with newName:
quay.io/ambient_code/ambient_control_plane and newTag: latest, which is unsafe
for production; change the image reference in this kustomization to a specific
release tag or digest instead of "latest" (e.g., replace newTag: latest with
newTag: <RELEASE_TAG> or use newDigest: sha256:<DIGEST>) so deployments are
deterministic; update the entry that references
quay.io/ambient_code/ambient_control_plane (the newName/newTag pair) and ensure
your CI or deployment pipeline injects the concrete tag/digest if you need to
keep the file generic.
Comment on lines
+363
to
+369
| import json as _json | ||
|
|
||
| result = client.session_messages.push( | ||
| session_id, | ||
| event_type="user", | ||
| payload=_json.dumps(payload), | ||
| ) |
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Check if AmbientGRPCClient and session_messages.push are sync or async
ast-grep --pattern $'def push($$$) {
$$$
}'
rg -n -A10 'class.*SessionMessagesAPI|def push' components/runners/ambient-runner/ambient_runner/_session_messages_api.py components/runners/ambient-runner/ambient_runner/_grpc_client.pyRepository: ambient-code/platform
Length of output: 2689
🏁 Script executed:
#!/bin/bash
# Get context around lines 363-369 in app.py to see if it's in an async function
sed -n '340,390p' components/runners/ambient-runner/ambient_runner/app.pyRepository: ambient-code/platform
Length of output: 1623
🏁 Script executed:
#!/bin/bash
# Check if AmbientGRPCClient has async capabilities
rg -n 'async.*push|aio|AsyncIO' components/runners/ambient-runner/ambient_runner/_grpc_client.py components/runners/ambient-runner/ambient_runner/_session_messages_api.py
# Also check imports and how the channel is created
sed -n '1,80p' components/runners/ambient-runner/ambient_runner/_grpc_client.pyRepository: ambient-code/platform
Length of output: 2862
🏁 Script executed:
#!/bin/bash
# Check how the channel and session_messages are created, and if there are any executor patterns
rg -n 'session_messages|_build_channel|Executor' components/runners/ambient-runner/ambient_runner/_grpc_client.py -A5
# Also check the full structure of AmbientGRPCClient
grep -n 'self.session_messages\|def __init__' components/runners/ambient-runner/ambient_runner/_grpc_client.py | head -20Repository: ambient-code/platform
Length of output: 1656
Move synchronous gRPC call to thread pool executor.
client.session_messages.push(...) is a synchronous blocking call being invoked without await inside an async function. The gRPC client uses synchronous stubs (grpc.Channel with channel.unary_unary()), which will block the event loop.
Wrap the call in asyncio.get_event_loop().run_in_executor() to execute it in a thread pool, or refactor the function to be synchronous if it doesn't need to be async.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/runners/ambient-runner/ambient_runner/app.py` around lines 363 -
369, The synchronous gRPC call client.session_messages.push(session_id,
event_type="user", payload=_json.dumps(payload)) is being invoked inside an
async function and will block the event loop; change it to run in a thread pool
by awaiting its execution via asyncio.get_event_loop().run_in_executor(...) or
asyncio.to_thread(...) so the call executes off the event loop and the returned
value is preserved in result; import asyncio if needed and replace the direct
call with an awaited run_in_executor/to_thread wrapper around
client.session_messages.push while keeping the same arguments (session_id,
event_type="user", payload=_json.dumps(payload)).
Comment on lines
+241
to
+247
| try: | ||
| stream_queue.put_nowait(event) | ||
| except asyncio.QueueFull: | ||
| logger.warning( | ||
| "[GRPC LISTENER] SSE tap queue full, dropping event: thread=%s", | ||
| thread_id, | ||
| ) |
Contributor
There was a problem hiding this comment.
Never drop the terminal SSE event on QueueFull.
put_nowait() drops any event when the tap queue is full, including RUN_FINISHED / RUN_ERROR. If one of those is dropped, /events never sees a close signal and can hang until disconnect even though the turn already completed. Preserve terminal events, even if older non-terminal chunks have to be evicted first.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In
`@components/runners/ambient-runner/ambient_runner/bridges/claude/grpc_transport.py`
around lines 241 - 247, The current put_nowait call drops events (including
terminal RUN_FINISHED / RUN_ERROR) when stream_queue is full; instead, on
QueueFull check if event.type is a terminal (RUN_FINISHED or RUN_ERROR) and if
so free space by evicting older non-terminal items from stream_queue (use
stream_queue.get_nowait in a loop until there's capacity or only terminal items
remain) before retrying put_nowait; only log a warning when you drop a
non-terminal event (keep thread_id in the log) and ensure terminal events are
always enqueued so /events receives the close signal.
Comment on lines
+40
to
+60
| def _push_event(session_id: Optional[str], event: Any) -> None: | ||
| """Push an AG-UI MESSAGES_SNAPSHOT event to the session messages stream. | ||
|
|
||
| Only MESSAGES_SNAPSHOT and RUN_FINISHED events are persisted. | ||
| MESSAGES_SNAPSHOT contains the full structured conversation after each run. | ||
| RUN_FINISHED is the completion signal consumers (e.g. acpctl) wait on. | ||
| All other AG-UI events (per-token deltas, RUN_STARTED, etc.) are streamed to SSE | ||
| consumers only and are not stored. | ||
|
|
||
| Best-effort; never raises. | ||
| """ | ||
| if _grpc_client is None or not session_id: | ||
| return | ||
| try: | ||
| event_type = getattr(event, "type", None) | ||
| if event_type is None: | ||
| return | ||
| event_type_str = ( | ||
| event_type.value if hasattr(event_type, "value") else str(event_type) | ||
| ) | ||
| if event_type_str not in ("MESSAGES_SNAPSHOT", "RUN_FINISHED"): |
Contributor
There was a problem hiding this comment.
Failed runs never publish a terminal gRPC event.
Only MESSAGES_SNAPSHOT and RUN_FINISHED survive the filter, and the RunErrorEvent built in the exception path is yielded straight to SSE. For CP-managed sessions, a failed run can therefore leave gRPC consumers waiting forever for completion. Persist RUN_ERROR too and push the fallback error event before yielding it.
Also applies to: 296-314
🧰 Tools
🪛 Ruff (0.15.6)
[warning] 40-40: Dynamically typed expressions (typing.Any) are disallowed in event
(ANN401)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/runners/ambient-runner/ambient_runner/endpoints/run.py` around
lines 40 - 60, The current _push_event function filters out everything except
MESSAGES_SNAPSHOT and RUN_FINISHED so RunErrorEvent never gets persisted or
pushed to gRPC consumers; modify _push_event to treat RUN_ERROR like the other
terminal events by allowing event_type_str == "RUN_ERROR" (persisting it to the
session stream), and ensure the exception path that builds a RunErrorEvent
pushes/persists that RUN_ERROR fallback to the gRPC stream (via _push_event)
before yielding it to SSE; update any related logic that builds the fallback
RunErrorEvent to call _push_event(session_id, run_error_event) prior to
returning/raising so CP-managed sessions receive a terminal gRPC event.
Comment on lines
+173
to
189
| msg_count = len(input_data.messages) | ||
| last_role = ( | ||
| input_data.messages[-1].get("role", "?") if input_data.messages else "(none)" | ||
| ) | ||
| last_content_preview = "" | ||
| if input_data.messages: | ||
| raw = input_data.messages[-1].get("content", "") | ||
| text = raw if isinstance(raw, str) else str(raw) | ||
| last_content_preview = text[:100] + "..." if len(text) > 100 else text | ||
| logger.info( | ||
| f"Run: thread_id={run_agent_input.thread_id}, run_id={run_agent_input.run_id}" | ||
| "[► RUN START] thread_id=%s run_id=%s msg_count=%d last_role=%s last_content=%r", | ||
| run_agent_input.thread_id, | ||
| run_agent_input.run_id, | ||
| msg_count, | ||
| last_role, | ||
| last_content_preview, | ||
| ) |
Contributor
There was a problem hiding this comment.
Dial back the new info-level run logging.
last_content_preview writes user prompt text to pod logs, and the per-event [OUTBOUND SSE] line runs for every AG-UI chunk. That leaks prompt data and can explode log volume on long generations. Keep high-level metadata at info, but move prompt previews and per-event traces to redacted debug logging or aggregate counters.
Also applies to: 252-258
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/runners/ambient-runner/ambient_runner/endpoints/run.py` around
lines 173 - 189, Remove user prompt text from info-level logs: in the logging
around msg_count/last_role (using run_agent_input.thread_id and
run_agent_input.run_id) stop passing last_content_preview to logger.info and
only log high-level metadata (thread_id, run_id, msg_count, last_role). Move the
detailed prompt preview into a logger.debug call that redacts or summarizes
content (e.g., show "<redacted>" or content length) using the existing
last_content_preview variable. Do the same for per-event "[OUTBOUND SSE]"
tracing (make those debug-level and redact full prompt chunks) so prompt text is
not written to info logs and event traces are aggregated/redacted.
Comment on lines
+152
to
+208
| async def test_user_message_triggers_bridge_run(self): | ||
| payload = _make_runner_payload(thread_id="t-1", run_id="r-1") | ||
| msgs = [_make_session_message("user", payload, seq=1)] | ||
| client = _make_grpc_client(messages=msgs) | ||
| bridge = _make_bridge() | ||
|
|
||
| events = [make_text_start(), make_text_content(), make_run_finished()] | ||
|
|
||
| async def fake_run(input_data): | ||
| for e in events: | ||
| yield e | ||
|
|
||
| bridge.run = fake_run | ||
| bridge._active_streams = {} | ||
|
|
||
| listener = GRPCSessionListener( | ||
| bridge=bridge, session_id="s-1", grpc_url="localhost:9000" | ||
| ) | ||
| listener._grpc_client = client | ||
|
|
||
| task = asyncio.create_task(listener._listen_loop()) | ||
| try: | ||
| await asyncio.wait_for(listener.ready.wait(), timeout=2.0) | ||
| await asyncio.sleep(0.3) | ||
| finally: | ||
| task.cancel() | ||
| try: | ||
| await task | ||
| except asyncio.CancelledError: | ||
| pass | ||
|
|
||
| async def test_invalid_json_payload_skipped_gracefully(self): | ||
| msgs = [_make_session_message("user", "not-json", seq=1)] | ||
| client = _make_grpc_client(messages=msgs) | ||
| bridge = _make_bridge() | ||
|
|
||
| async def fake_run(input_data): | ||
| return | ||
| yield | ||
|
|
||
| bridge.run = fake_run | ||
|
|
||
| listener = GRPCSessionListener( | ||
| bridge=bridge, session_id="s-1", grpc_url="localhost:9000" | ||
| ) | ||
| listener._grpc_client = client | ||
|
|
||
| task = asyncio.create_task(listener._listen_loop()) | ||
| try: | ||
| await asyncio.wait_for(listener.ready.wait(), timeout=2.0) | ||
| await asyncio.sleep(0.1) | ||
| finally: | ||
| task.cancel() | ||
| try: | ||
| await task | ||
| except asyncio.CancelledError: | ||
| pass |
Contributor
There was a problem hiding this comment.
These filtering tests don't assert the behavior they name.
test_user_message_triggers_bridge_run never checks that bridge.run() was invoked, and test_invalid_json_payload_skipped_gracefully only sleeps without proving the listener stayed alive after the bad payload. Both can pass even if the listener drops the message path entirely.
🧰 Tools
🪛 Ruff (0.15.6)
[warning] 160-160: Missing return type annotation for private function fake_run
(ANN202)
[warning] 160-160: Unused function argument: input_data
(ARG001)
[warning] 178-181: Use contextlib.suppress(asyncio.CancelledError) instead of try-except-pass
Replace try-except-pass with with contextlib.suppress(asyncio.CancelledError): ...
(SIM105)
[warning] 188-188: Missing return type annotation for private function fake_run
(ANN202)
[warning] 188-188: Unused function argument: input_data
(ARG001)
[warning] 205-208: Use contextlib.suppress(asyncio.CancelledError) instead of try-except-pass
Replace try-except-pass with with contextlib.suppress(asyncio.CancelledError): ...
(SIM105)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/runners/ambient-runner/tests/test_grpc_transport.py` around lines
152 - 208, Both tests are not asserting the behaviors they claim: in
test_user_message_triggers_bridge_run you must verify that GRPCSessionListener
actually invoked bridge.run, and in test_invalid_json_payload_skipped_gracefully
you must prove the listener stayed alive after a bad payload. Fix by replacing
the dummy bridge.run with a coroutine that sets an asyncio.Event or increments a
counter (e.g., create an asyncio.Event named run_called and assign bridge.run to
an async function that sets run_called.set()), then await/run_called.wait() and
assert it was set in test_user_message_triggers_bridge_run; for
test_invalid_json_payload_skipped_gracefully send a subsequent valid message (or
set a follow-up event) and assert the listener still processes it (or that
listener.ready is still set and no exception occurred), using the same pattern
to detect bridge.run invocations on valid messages via GRPCSessionListener and
bridge.run.
Comment on lines
+48
to
+52
| # Delete AgenticSession CR if it exists | ||
| if [[ -n "$CR_NAME" ]]; then | ||
| log "Deleting AgenticSession CR ${CR_NAME}..." | ||
| oc delete agenticsessions.vteam.ambient-code "${CR_NAME}" -n default --ignore-not-found=true || true | ||
| fi |
Contributor
There was a problem hiding this comment.
This test still targets the legacy AgenticSession / operator flow.
It waits for an AgenticSession in default, checks operator-created state, deletes the CR in cleanup, and reports success based on that object. The PR’s control-plane path reconciles sessions directly into Kubernetes resources, so this will false-fail even when the new behavior works. Assert on the direct outputs instead: project namespace, runner workload, and session status.
Also applies to: 83-104, 116-136, 166-185, 221-229
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@test-e2e-control-plane.sh` around lines 48 - 52, The test currently asserts
on the legacy AgenticSession CR (CR_NAME) in namespace "default"—replace those
checks and cleanup that reference AgenticSession with assertions against the new
direct-control-plane outputs: verify the created project namespace exists (check
for the namespace name produced by the test), verify the runner workload (the
runner Pod/Deployment/ReplicaSet created for the session) is present and Ready
in that project namespace, and verify the session status via the new session
resource or pod annotations/labels that indicate session success; update any
delete/cleanup steps to remove the project namespace and runner workload rather
than deleting AgenticSession, and remove all references to
agenticsessions.vteam.ambient-code and CR_NAME usage throughout (also apply same
changes where AgenticSession checks appear at the other ranges noted).
Comment on lines
+149
to
+164
| # Step 6: Try to send a message to the session (if it supports it) | ||
| log "${BLUE}💬 Step 6: Testing session interaction${NC}" | ||
|
|
||
| MESSAGE_RESPONSE=$(oc exec deployment/backend-api -n ${NAMESPACE} -- curl -s -X POST \ | ||
| -H "Content-Type: application/json" \ | ||
| -H "Authorization: Bearer $(oc whoami -t)" \ | ||
| -H "X-Ambient-Project: ${NAMESPACE}" \ | ||
| -d "{\"content\":\"Test message from e2e test\"}" \ | ||
| "${API_SERVER_URL}/api/ambient/v1/sessions/${SESSION_ID}/messages" 2>/dev/null || true) | ||
|
|
||
| if echo "$MESSAGE_RESPONSE" | jq -e '.id' >/dev/null 2>&1; then | ||
| MESSAGE_ID=$(echo "$MESSAGE_RESPONSE" | jq -r '.id') | ||
| log "${GREEN}✅ Successfully sent message: ${MESSAGE_ID}${NC}" | ||
| else | ||
| log "${YELLOW}⚠️ Message sending not available or failed (expected for current implementation)${NC}" | ||
| fi |
Contributor
There was a problem hiding this comment.
Step 6 can pass without covering the new session-messages path.
This POST still sends {"content": ...} and masks failures with || true, then treats the absence of .id as expected. For this PR, /sessions/{id}/messages is the gRPC-triggering path; the test should use the current request shape and fail unless the API returns the expected message metadata.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@test-e2e-control-plane.sh` around lines 149 - 164, The test currently masks
failures and uses an outdated request body for the session messages endpoint:
update the POST to /api/ambient/v1/sessions/${SESSION_ID}/messages (the curl
call that sets MESSAGE_RESPONSE) to send the current request shape required to
trigger the gRPC path, remove the trailing "|| true" so failures surface, and
keep the existing jq check for '.id' (which assigns MESSAGE_ID) so the test will
fail if the API doesn't return the expected message metadata.
Contributor
There was a problem hiding this comment.
Actionable comments posted: 7
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
components/runners/ambient-runner/ambient_runner/bridges/claude/bridge.py (1)
184-191:⚠️ Potential issue | 🟠 MajorEnsure the rest of teardown still runs if gRPC listener shutdown fails.
A failure in
await self._grpc_listener.stop()currently skipsSessionManager.shutdown()and observability finalization, which can lose persisted session IDs and traces on the same shutdown path.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/runners/ambient-runner/ambient_runner/bridges/claude/bridge.py` around lines 184 - 191, The shutdown method currently aborts further teardown if await self._grpc_listener.stop() raises; change shutdown in ambient_runner.bridges.claude.bridge.Bridge to run each teardown step in its own try/except so a failure in one (e.g., self._grpc_listener.stop()) does not prevent subsequent calls to self._session_manager.shutdown() and self._obs.finalize(); log exceptions with the bridge's logger (e.g., self._logger.error or similar) including context (which step failed) and continue to the next teardown step so session persistence and observability finalization always get attempted.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@components/ambient-control-plane/internal/reconciler/project_reconciler.go`:
- Around line 237-238: namespaceForProject currently only lowercases project.ID
which can leave characters invalid for Kubernetes namespaces; update
namespaceForProject to sanitize project.ID by: converting to lowercase,
replacing any characters not in [a-z0-9-] (e.g., underscores, dots, spaces) with
'-', collapsing consecutive '-' into a single '-', trimming leading/trailing '-'
to ensure it starts/ends with an alphanumeric character, truncating to 63
characters per Kubernetes limits, and if the result is empty or invalid provide
a deterministic fallback (e.g., "proj-<short-hash-of-project.ID>"); ensure
references to namespaceForProject and usage of project.ID reflect this sanitized
value.
In `@components/ambient-control-plane/README.md`:
- Around line 108-113: The README currently downplays the list-then-watch gap;
update the control plane design to ensure no permanent misses by either adopting
a resumable cursor/revision model (persist last-seen revision and resume the
watch from that revision) or by performing an immediate second diff pass after
establishing the gRPC watch before reporting the system as "ready"; make sure to
reference the initial sync and gRPC stream establishment points in the design
text and explicitly state that readiness is only reported after the second-diff
or resume-from-revision validation completes so resources created in the gap are
reconciled.
In `@components/manifests/base/kustomization.yaml`:
- Around line 29-30: The image mapping in kustomization.yaml uses a mutable tag
(name: quay.io/ambient_code/ambient_control_plane with newTag: latest) which
makes builds non-deterministic; update that mapping to use a fixed, immutable
identifier (replace newTag: latest with a specific release tag or immutable
digest) so the base render is reproducible and cannot drift across commits.
In `@components/runners/ambient-runner/ambient_runner/bridges/claude/bridge.py`:
- Around line 381-395: The code assigns self._grpc_listener before calling
start(), which can leave a broken non-None value if GRPCSessionListener.start()
raises and prevent future reinitialization in _setup_platform(); to fix, create
the GRPCSessionListener instance in a local variable (e.g., listener =
GRPCSessionListener(...)), call listener.start() and only set
self._grpc_listener = listener after start() completes successfully, and ensure
any exceptions from listener.start() are propagated or logged so
_setup_platform() can retry initialization.
In
`@components/runners/ambient-runner/ambient_runner/bridges/claude/grpc_transport.py`:
- Around line 46-70: GRPCSessionListener currently ignores the grpc_url stored
on construction because start() always calls AmbientGRPCClient.from_env();
change start() to construct the AmbientGRPCClient using the stored
self._grpc_url (e.g., use the appropriate factory or constructor such as
AmbientGRPCClient.from_url(self._grpc_url) or AmbientGRPCClient(self._grpc_url)
depending on the AmbientGRPCClient API) so the listener actually connects to the
configured endpoint, or if you intend not to support per-listener URLs, remove
the grpc_url parameter from __init__ and all usages; update the call site in
start() and keep the existing logging of self._grpc_url.
In `@docs/internal/design/agent-api.md`:
- Around line 254-260: The docs list collection/watch CLI mappings (GET
/sessions and acpctl get sessions -w) but the API reference lacks a
collection/watch endpoint; either add documentation for the sessions collection
and watch endpoints (e.g., GET /sessions with query params, pagination, and a
watch/streaming variant) including request/response shapes and behavior, or
remove the CLI mappings from the table (the rows referencing GET /sessions and
acpctl get sessions[-w]) so the CLI/SDK contract matches the item-scoped session
routes (GET/DELETE /sessions/{id} and describe). Ensure updates reference the
same operation names used in the file (GET /sessions, GET /sessions/{id}, acpctl
get sessions, acpctl get sessions -w) so reviewers can locate the changes.
In `@docs/internal/design/blackboard-api.md`:
- Around line 225-238: The design must prevent races on the denormalized pointer
current_session_id when sessions re-ignite; implement a compare-and-clear/update
rule so Session completion only clears or updates current_session_id if
current_session_id == completing_session_id (i.e., perform atomic CAS on
current_session_id), or alternatively declare and enforce a
single-active-session invariant for Agent so ignitions are serialized; reference
Agent, Session, and SessionCheckIn where current_session_id is read/updated and
document the chosen rule (compare-and-clear or single-active-session) and its
atomicity semantics in the spec.
---
Outside diff comments:
In `@components/runners/ambient-runner/ambient_runner/bridges/claude/bridge.py`:
- Around line 184-191: The shutdown method currently aborts further teardown if
await self._grpc_listener.stop() raises; change shutdown in
ambient_runner.bridges.claude.bridge.Bridge to run each teardown step in its own
try/except so a failure in one (e.g., self._grpc_listener.stop()) does not
prevent subsequent calls to self._session_manager.shutdown() and
self._obs.finalize(); log exceptions with the bridge's logger (e.g.,
self._logger.error or similar) including context (which step failed) and
continue to the next teardown step so session persistence and observability
finalization always get attempted.
---
Duplicate comments:
In `@components/ambient-control-plane/cmd/ambient-control-plane/main.go`:
- Around line 171-178: installServiceCAIntoDefaultTransport currently replaces
http.DefaultTransport with a fresh *http.Transport and thus discards default
proxy, keep-alive, pooling, timeouts and HTTP/2 settings; change it to detect
and clone the existing transport: type-assert http.DefaultTransport to
*http.Transport, call Clone() to get a copy, set the
clonedTransport.TLSClientConfig = &tls.Config{MinVersion: tls.VersionTLS12,
RootCAs: pool}, and then assign the clone back to http.DefaultTransport; if the
type assertion fails (unlikely), construct a new *http.Transport that preserves
common defaults (at minimum set Proxy: http.ProxyFromEnvironment and other
standard fields matching net/http's default transport) and set its
TLSClientConfig before assigning. Ensure you update
installServiceCAIntoDefaultTransport to use Clone() on the existing
*http.Transport rather than creating a brand new transport.
In `@components/ambient-control-plane/go.mod`:
- Line 11: The go.mod currently pins the vulnerable module
"google.golang.org/grpc v1.79.1"; update that requirement to a patched release
(e.g., the latest non-vulnerable v1.80.x or newer) and run "go get" / "go mod
tidy" to refresh go.sum so checksums are updated; ensure the line containing
"google.golang.org/grpc v1.79.1" is replaced with the new version and commit
both go.mod and the regenerated go.sum.
In
`@components/ambient-control-plane/internal/reconciler/project_settings_reconciler.go`:
- Around line 112-138: reconcileGroupAccess currently treats empty/invalid
ps.GroupAccess and failures from ensureGroupRoleBinding as success and never
removes stale managed RoleBindings; change it to treat the parsed entries as the
desired state: build a set of desired bindings from ps.GroupAccess (and if
ps.GroupAccess is empty or JSON fails, treat desired state as empty), list
existing RoleBindings in namespace filtered by the ProjectSettings manager label
(use the same label your controller uses), call ensureGroupRoleBinding for each
desired entry, compute extras by diffing existing managed RoleBindings against
the desired set and delete those extras, and aggregate any create/delete errors
(return a combined error) instead of swallowing them so retries occur on partial
failure; reference reconcileGroupAccess, ensureGroupRoleBinding, and the managed
RoleBinding label when locating code to change.
- Around line 141-143: ensureGroupRoleBinding currently uses
mapRoleToClusterRole and silently falls back to "ambient-project-view" for
unknown roles; update the logic to reject unknown/invalid role strings instead
of granting view. Change mapRoleToClusterRole to return an explicit success flag
or error (e.g., (string, bool) or (string, error)), then in
ensureGroupRoleBinding (and the similar block around the other function at lines
~190-197) check that the mapping succeeded before creating rbName and the
RoleBinding; if the role is invalid return an error (or skip and surface it)
rather than mapping to "ambient-project-view". Ensure you reference
mapRoleToClusterRole and ensureGroupRoleBinding when making the check so unknown
inputs cannot be escalated to view permissions.
In `@components/ambient-control-plane/internal/reconciler/shared.go`:
- Around line 88-95: The namespaceForSession function lowercases ProjectID
directly causing inconsistent namespace derivation; extract and promote the
existing sanitizer (e.g., sanitizeK8sName) into shared package code and have
namespaceForSession call that sanitizer for session.ProjectID instead of
strings.ToLower, then update all reconcilers that derive a namespace from
ProjectID (including ProjectSettingsReconciler and any other sites where
strings.ToLower(session.ProjectID) or namespaceForSession is used) to call the
shared sanitizer so truncation/cleanup rules are applied consistently across
reconcilers.
In `@components/ambient-control-plane/internal/reconciler/tally_reconciler.go`:
- Around line 58-65: The modify/delete handlers currently operate only on the
incoming session, so implement a last-seen session cache (map keyed by session
ID) and use it inside handleSessionModified and handleSessionDeleted to compute
deltas: lookup previous := lastSeen[session.ID], apply tally changes by removing
previous's buckets and adding the incoming session's buckets (for modify), and
for delete apply removal of previous's buckets and remove the ID from lastSeen;
also update lastSeen[session.ID] on add/modify and ensure TotalSessions cannot
go below zero when decrementing. Update references in the switch and functions
handleSessionAdded, handleSessionModified, and handleSessionDeleted to use this
previous-state logic.
In `@components/ambient-control-plane/internal/reconciler/tally.go`:
- Around line 53-76: The code currently holds r.mu while performing
r.logger.Info(), causing contention; change the function so the mutex only
protects state mutation: acquire r.mu, update r.tally
(r.tally.Added/Modified/Deleted), r.seenIDs, and r.lastEventAt, then copy the
values you need for logging (event.Type, resourceID, added, modified, deleted)
into local variables, release the lock (call r.mu.Unlock() or return from the
locked section) and only then call r.logger.Info() with the copied locals; keep
references to r.tally, r.seenIDs, r.lastEventAt, r.mu and r.logger.Info() to
locate the code to change.
In `@components/manifests/base/core/ambient-api-server-service.yml`:
- Around line 81-82: Update the --https-cert-file and --https-key-file flag
values so they point at the mounted TLS volume (/etc/tls) instead of
/secrets/tls; specifically, replace occurrences of
--https-cert-file=/secrets/tls/tls.crt and --https-key-file=/secrets/tls/tls.key
with --https-cert-file=/etc/tls/tls.crt and --https-key-file=/etc/tls/tls.key
(apply the same change for the other occurrence later in the manifest).
In `@components/manifests/base/platform/ambient-api-server-db.yml`:
- Around line 57-104: Pin the container image instead of using `:latest` and add
resource requests/limits for the `postgresql` container to make scheduling
deterministic and prevent OOM/starvation: replace the `image:
registry.redhat.io/rhel9/postgresql-16:latest` value with a specific, immutable
registry tag (e.g., the exact minor/patch or digest) and add a `resources:`
block under the `containers:` entry for the container named `postgresql`
containing both `requests` (cpu/memory) and `limits` (cpu/memory) appropriate
for a small DB (e.g., nonzero CPU and memory request and a higher limit),
keeping existing securityContext fields (`runAsNonRoot`,
`allowPrivilegeEscalation`, `capabilities.drop`) intact.
In `@components/manifests/base/rbac/control-plane-clusterrole.yaml`:
- Around line 17-27: The ClusterRole currently grants cluster-wide mutating
verbs for namespaced resources (rolebindings, secrets, serviceaccounts,
services, pods, jobs) which is too permissive; update the ClusterRole
(control-plane-clusterrole) to limit its verbs for those resources to read-only
(e.g., get/list/watch) or remove those resource entries entirely, keeping
cluster-scoped permissions only for session CRs and namespace bootstrap
operations, and then create a separate namespaced Role (and corresponding
RoleBinding) that grants create/update/patch/delete for secrets,
serviceaccounts, services, pods, jobs and rolebindings only inside
controller-owned namespaces; ensure the new Role/RoleBinding targets the
controller serviceAccount used by the control-plane so write access is confined
to controller-managed namespaces.
In `@components/manifests/base/rbac/control-plane-sa.yaml`:
- Around line 7-14: The manifest is creating a long-lived Secret named
ambient-control-plane-token of type kubernetes.io/service-account-token for the
ambient-control-plane service account; remove that Secret and switch consumers
to use a projected serviceAccountToken volume (TokenRequest API) instead: ensure
a ServiceAccount named ambient-control-plane exists (or create it), delete the
Secret resource ambient-control-plane-token, and update any
Pod/DaemonSet/Deployment specs that consumed that Secret to mount a projected
volume with projected.serviceAccountToken (set audience and expirationSeconds as
needed) so tokens are short-lived and auto-rotated.
In `@components/manifests/deploy`:
- Around line 73-90: The script currently proceeds to generate
/tmp/ambient-frontend-oauthclient.yaml even when ROUTE_HOST is empty, producing
an invalid redirect URI; update the oauth setup logic around the ROUTE_HOST
variable so that if ROUTE_HOST is empty you print a clear error and exit
non-zero (e.g., use echo + exit 1) before creating the OAuthClient manifest (the
block that writes to /tmp/ambient-frontend-oauthclient.yaml and the redirectURIs
entry), ensuring you only write the redirectURIs when ROUTE_HOST is populated.
- Around line 97-109: The fallback block that runs when OAUTH_APPLY_RC is
non-zero currently echoes CLIENT_SECRET_VALUE which leaks the live OAuth client
secret; update the fallback so it does not print the secret (do not echo
CLIENT_SECRET_VALUE). Instead emit a placeholder or instruct the admin to
generate/set the secret (e.g., show "secret: <REDACTED>" or omit the secret
line) when printing the oc apply snippet for the ambient-frontend OAuthClient
and keep other fields like redirectURIs/ROUTE_HOST intact.
- Around line 197-227: The deploy script writes plaintext OAuth secrets
(OAUTH_ENV_FILE) and mutates overlays/production in-place but only cleans up on
the happy path; update the script to create secrets and any overlay edits in
temporary files/dirs (use mktemp for OAUTH_ENV_FILE and temp overlay copies),
register a cleanup function via trap 'cleanup' EXIT that removes temp files and
restores overlays/production (e.g., revert changes or operate on the temp
overlay), and ensure oauth_setup and the "secrets" subcommand operate against
those temp paths so any failure still triggers the EXIT trap to remove secrets
and undo overlay mutations.
In `@components/manifests/deploy-no-api-server.sh`:
- Around line 73-76: The script currently mutates the checked-in overlay by
running `kustomize edit set namespace "$NAMESPACE"` (when `NAMESPACE` !=
"ambient-code") and only resets it on the happy path, which can leave the repo
modified on failure; instead, make the deployment operate on a temporary copy or
ensure cleanup on any exit by using an EXIT trap: copy the
`overlays/no-api-server` overlay into a temp directory (or stash/restore the
original) before running `kustomize edit set namespace` and register a trap
handler (trap cleanup EXIT) that always removes the temp copy or restores the
original, so `kustomize edit` never mutates the checked-in files and cleanup
runs even on errors.
- Around line 9-10: The script currently only uses "set -e" which doesn't
protect the "kustomize build . | oc apply -f -" pipeline from failures in the
left-hand command; enable pipefail by updating the shell options (e.g., add "set
-o pipefail" or change the existing "set -e" to a combined safe set like "set
-euo pipefail") before the pipeline so that a failure in "kustomize build . | oc
apply -f -" causes the script to fail; ensure the change is placed near the
existing "set -e" declaration so the "kustomize build . | oc apply -f -"
invocation is covered.
In `@components/manifests/overlays/kind-local/kustomization.yaml`:
- Around line 52-55: The overlay references control-plane-env-patch.yaml which
uses inconsistent local image names (localhost/ambient_control_plane vs
localhost/vteam_claude_runner) causing ImagePullBackOff in kind; update the
manifest(s) so the Deployment named ambient-control-plane and the
control-plane-env-patch.yaml use the same local registry prefix and image
basenames end-to-end (e.g., change the image entries in
control-plane-env-patch.yaml to match localhost/ambient_control_plane or
retag/load both images with the identical localhost/... names before kind load),
and/or add a kustomize image transformer in kustomization.yaml that normalizes
the image name for ambient-control-plane and vteam_claude_runner so Docker/Kind
won’t attempt external pulls.
In `@components/manifests/overlays/kind/kustomization.yaml`:
- Around line 135-141: Remove the localhost remaps for the two production images
so the shared kind overlay uses the default quay.io images: delete the mapping
entries that set newName: localhost/vteam_api_server newTag: latest for name:
quay.io/ambient_code/vteam_api_server and the mapping that sets newName:
localhost/ambient_control_plane newTag: latest for name:
quay.io/ambient_code/ambient_control_plane; instead place those localhost remaps
only in the kind-local overlay so non-local kind runs keep the quay.io
production images.
In
`@components/manifests/overlays/production/ambient-api-server-jwt-args-patch.yaml`:
- Line 19: When --enable-authz=true is present, update the corresponding
--cors-allowed-headers flag(s) so the header list includes Authorization in
addition to X-Ambient-Project; find the entries that set --enable-authz and the
sibling --cors-allowed-headers (the flags named "--enable-authz" and
"--cors-allowed-headers" in this YAML) and add Authorization to the allowed
headers value for each occurrence so browser preflight requests with the Bearer
token are accepted.
In `@components/manifests/overlays/production/api-server-image-patch.yaml`:
- Line 10: The patch currently pins the API image to a mutable tag ("image:
.../vteam_api_server:latest"); update the production overlay so both the main
container and the migration initContainer use an immutable image digest instead
of :latest (replace "vteam_api_server:latest" with the corresponding sha256
digest for the built artifact), and ensure both container image fields reference
the exact same digest to guarantee identical binaries across deployments.
In `@components/manifests/overlays/production/control-plane-env-patch.yaml`:
- Around line 15-16: Replace the unpinned RUNNER_IMAGE value
("quay.io/ambient_code/vteam_claude_runner:latest") with the CI-produced
immutable reference (a specific tag or digest) so control-plane pods/jobs use
the tested artifact; update the RUNNER_IMAGE env var value to be injected from
CI (e.g., a pipeline variable like CI_RUNNER_IMAGE_TAG or an image@sha256
digest) and ensure any templating or kustomize substitution that sets
RUNNER_IMAGE is wired to the CI output.
In `@components/manifests/overlays/production/control-plane-image-patch.yaml`:
- Around line 9-10: The image for the container named "ambient-control-plane" is
pinned to the mutable tag ":latest", which undermines reproducible production
rollouts; change the image field for the "ambient-control-plane" container to an
immutable reference (preferably an image digest like
image-registry.openshift-image-registry.svc:5000/ambient-code/ambient_control_plane@sha256:<digest>
or a specific versioned tag such as :vX.Y.Z) so deployments reference a fixed
artifact and enable reliable rollbacks and audits.
In `@components/runners/ambient-runner/ambient_runner/_grpc_client.py`:
- Around line 122-125: The close() method currently closes and clears
self._channel but leaves the cached stub self._session_messages pointing at a
stub bound to the old channel; update close() to also clear the cached session
stub (set self._session_messages to None or equivalent) so subsequent uses
recreate a fresh stub tied to a new channel; reference the close() method and
the _session_messages attribute when making this change.
In `@components/runners/ambient-runner/ambient_runner/_session_messages_api.py`:
- Around line 77-84: The logger currently emits message payload previews at INFO
(the payload_preview variable logged via logger.info alongside session_id,
event_type, payload_len), which exposes user content; change both the push and
watch code paths so the INFO-level log only includes metadata (session_id,
event_type, payload_len) and move the payload_preview/redacted content to a
DEBUG-level log (e.g., logger.debug) so previews are not shipped at info. Locate
the logger.info calls that reference payload_preview in _session_messages_api
(and the analogous watch path) and remove payload_preview from the info log,
adding a separate logger.debug that logs payload_preview when needed.
- Around line 193-202: The inline varint decoder _decode_varint must be
hardened: add bounds checks before reading data[pos], enforce a maximum varint
length (e.g., 10 bytes) and raise a clear exception (e.g., ValueError or custom
ParseError) on truncation or overflow instead of indexing out of range or
looping forever; similarly update the inline wire-type parsers in this file that
iterate fields to validate bounds before each read, to skip
unknown/forward-compatible wire types by using their
length-delimited/varint/fixed-size semantics rather than stopping parsing, and
to raise on truncated frames so the watch loop can handle errors safely. Ensure
the exception type is consistent (e.g., ParseError) and is used by the code
paths that consume _decode_varint so malformed/newer frames are detected and
handled instead of causing crashes or silent skips.
In `@components/runners/ambient-runner/ambient_runner/app.py`:
- Around line 335-338: The gRPC branch currently calls
_push_initial_prompt_via_grpc(prompt, session_id) once while the HTTP branch
uses exponential retry/backoff; reinstate the same retry/backoff behavior for
the gRPC path by wrapping the call to _push_initial_prompt_via_grpc in the same
retry loop or helper used for the HTTP path (or extract a shared retry helper)
and ensure failures retry with exponential backoff and eventual logging/raise
semantics consistent with the HTTP flow; update the grpc_url branch where
_push_initial_prompt_via_grpc is invoked so transient control-plane/API blips
don't permanently drop the INITIAL_PROMPT.
- Around line 128-135: The startup currently awaits
bridge._grpc_listener.ready.wait() indefinitely; change this to a bounded wait
using asyncio.wait_for with a configurable timeout (e.g., GRPC_READY_TIMEOUT env
var) when called after bridge._setup_platform(), catch asyncio.TimeoutError, log
an error including session_id and the timeout value, and then fail startup
(raise/exit) so FastAPI doesn't hang; update the code paths in
ambient_runner.app where bridge._setup_platform() and
bridge._grpc_listener.ready.wait() are used to implement the timeout and error
handling.
- Around line 341-381: The async function _push_initial_prompt_via_grpc is
performing blocking gRPC I/O (client.session_messages.push and client.close) on
the event loop; move the synchronous push call into asyncio.to_thread(...) so it
runs off the loop and ensure the AmbientGRPCClient is closed in a finally block
(call client.close inside finally) to guarantee cleanup even on error; locate
AmbientGRPCClient.from_env(), client.session_messages.push(...), and
client.close() in _push_initial_prompt_via_grpc to implement these changes.
In `@components/runners/ambient-runner/ambient_runner/bridge.py`:
- Around line 230-248: The base inject_message hook currently no-ops and
silently drops inbound messages; update inject_message to log a warning (e.g.
using self.logger or the module logger) that includes safe metadata—session_id,
event_type, and a harmless indicator of payload size/truncated length—but not
the full payload content—so bridges that don't override inject_message will emit
a visible warning; keep the method signature and behavior otherwise unchanged so
subclasses still override as needed.
In
`@components/runners/ambient-runner/ambient_runner/bridges/claude/grpc_transport.py`:
- Around line 310-339: The synchronous call to
self._grpc_client.session_messages.push inside _write_message blocks the event
loop; move that RPC off the loop by calling it in a thread/executor (e.g. await
asyncio.to_thread(...) or await loop.run_in_executor(None, ...)) and await the
result so _write_message remains async-safe; use the same args
(self._session_id, event_type="assistant", payload=payload), wrap the call with
try/except to log failures, and reference _write_message and
session_messages.push when making the change.
- Around line 236-256: The current loop drops terminal events when
stream_queue.put_nowait() raises QueueFull and also fails to emit a terminal if
bridge.run() raises; modify the loop in grpc_transport.py around
self._bridge.run(input_data) so that when stream_queue exists you: (1) if the
event is a terminal type (RUN_FINISHED or RUN_ERROR) use await
stream_queue.put(event) (or otherwise block/retry) to guarantee it is enqueued
instead of dropping it, and for non-terminal events keep the non-blocking
behavior with a logged drop; and (2) in the except Exception exc: handler,
detect whether a terminal event was already enqueued for thread_id and if not
create and enqueue a synthetic RUN_ERROR terminal event (including error
details) and call writer.consume(...) for that synthetic event so
GRPCMessageWriter persists a final assistant record.
- Around line 83-89: The watcher function _watch_in_thread currently accepts an
asyncio.Event stop_event which is not thread-safe; change the stop signal to a
threading.Event (update the type hints and any callers that construct/pass
stop_event) so the ThreadPoolExecutor worker can safely check
stop_event.is_set() from the thread; keep using loop.call_soon_threadsafe(...)
for any cross-thread handoff into the asyncio loop (e.g., placing messages onto
msg_queue or scheduling callbacks). Also update the other watcher usages
referenced (the functions/blocks around the occurrences at lines ~131-140,
~170-171, ~186-187) to construct a threading.Event in the event-loop thread and
pass it into _watch_in_thread, and remove any await/asyncio-specific operations
on the stop flag inside the thread. Ensure all references to stop_event use
threading.Event methods (is_set/set/clear) and adjust type annotations
accordingly.
In `@components/runners/ambient-runner/ambient_runner/endpoints/events.py`:
- Around line 61-63: The handlers currently unconditionally remove
active_streams[thread_id] in their finally blocks which can delete another
handler's queue; change the cleanup to be ownership-based by checking that
active_streams.get(thread_id) is the same queue object created in this handler
before popping it (e.g., if active_streams.get(thread_id) is queue:
active_streams.pop(thread_id, None)). Apply this pattern for all places where a
handler creates queue: asyncio.Queue and later removes active_streams[thread_id]
(including the blocks around active_streams assignment and finally cleanup).
In `@components/runners/ambient-runner/ambient_runner/endpoints/run.py`:
- Around line 57-60: The _push_event function currently filters events to only
persist "MESSAGES_SNAPSHOT" and "RUN_FINISHED", causing RunErrorEvent/RUN_ERROR
to be sent to SSE clients but not written to the session stream; update the
event_type check(s) in _push_event (and the other occurrences around the same
logic) to also allow/persist "RUN_ERROR" (and any RunErrorEvent variants where
event_type may be an enum or string) so that terminal error events are written
to the session stream and CP-managed consumers receive a terminal gRPC event.
- Around line 173-189: The info-level logging currently includes prompt content
previews; change the logger.info that logs
msg_count/last_role/last_content_preview to log only metadata at info
(msg_count, last_role, run_id, thread_id) and move the last_content_preview to
logger.debug with redaction (e.g., replace actual content with "<redacted>" or
include only a safe length hash) so prompts are not written at info. Do the same
for the per-event streamer logging (the info call that emits each streamed
event): lower it to debug and ensure event payloads are redacted/hashed rather
than full content. Locate and update the logger.info calls referencing
msg_count, last_role, last_content_preview and the per-event logger that prints
streamed events.
In `@components/runners/ambient-runner/tests/test_bridge_claude.py`:
- Around line 53-88: The tests currently patch ClaudeBridge._setup_platform and
never exercise it; instead, remove the patch that mocks _setup_platform and
actually call await bridge._setup_platform() in both tests: in
test_setup_platform_starts_grpc_listener_when_url_set, set AMBIENT_GRPC_URL in
env, patch ambient_runner.bridges.claude.bridge.GRPCSessionListener to return a
MagicMock instance, then await bridge._setup_platform(), assert
bridge._grpc_listener is the mock instance and that GRPCSessionListener was
constructed/called as expected; in
test_setup_platform_no_grpc_listener_without_url, ensure AMBIENT_GRPC_URL is
absent from os.environ, await bridge._setup_platform(), and assert
bridge._grpc_listener is still None. Ensure you reference
ClaudeBridge._setup_platform, ClaudeBridge._grpc_listener and
GRPCSessionListener in the changes.
In `@components/runners/ambient-runner/tests/test_events_endpoint.py`:
- Around line 66-80: The test currently never checks that the endpoint
registered a queue because the prefilled local queue `q` is not attached to
`active_streams`; change the test in `test_registers_queue_before_streaming` to
assert registration after the client connects but before consuming the body:
after opening the stream with `client.stream("GET", "/events/t-1")` and
verifying `resp.status_code == 200`, assert that `active_streams` contains the
key "t-1" and that `active_streams["t-1"]` is an `asyncio.Queue` (or otherwise
has the expected behavior), then call `resp.read()` to finish the response; this
ensures the endpoint created and registered its own queue instead of relying on
the unused local `q`.
In `@components/runners/ambient-runner/tests/test_grpc_transport.py`:
- Around line 152-208: Both tests lack assertions proving the listener behavior:
in test_user_message_triggers_bridge_run you must verify
GRPCSessionListener._listen_loop actually invoked bridge.run by replacing
bridge.run with a spy/stub that sets an asyncio.Event or increments a counter
and awaiting that event after listener.ready; in
test_invalid_json_payload_skipped_gracefully you must send a subsequent valid
message (e.g., a second _make_session_message with a valid payload) and assert
the listener still processes it (use a stubbed bridge.run that records calls or
sets an Event) to prove the listener stayed alive after the bad payload; update
the tests to await those events/flags and assert expected call counts on
bridge.run.
In `@docs/internal/design/blackboard-api.md`:
- Around line 438-453: The CTE latest_checkins is computing DISTINCT
ON(agent_id) over all session_checkins, causing the query to scan global
history; move the project filter into the CTE (i.e., restrict session_checkins
with WHERE project_id = ?) so DISTINCT ON only considers checkins for the
requested project, and ensure the ORDER BY in the CTE still uses agent_id,
created_at DESC; alternatively, if project-scoped reads are required everywhere,
denormalize and add an index on project_id in the SessionCheckIn model/table to
avoid global scans.
In `@docs/internal/developer/agent-workflow.md`:
- Around line 122-125: The docs use hard-coded namespace pattern "session-*" in
the kubectl inspection/cleanup commands which conflicts with the canonical
project namespace used later (e.g., "smoke-test"); update those commands to
reference the same canonical project namespace variable/name used elsewhere in
the document (replace "session-*" with the project namespace variable or
"smoke-test") so kubectl get namespaces and kubectl get pods target the correct
namespace; apply the same replacement to the other occurrences noted (lines
≈358-362).
In `@REMOVE_CRDs.md`:
- Around line 461-470: The RBAC snippet incorrectly implies label-selector or
resourceNames-based scoping for verbs like create/list/watch is enforced by
Kubernetes; update the documentation and example to remove the misleading claim
and show a correct approach: either (a) remove the comment about "Restricted by
label selector" and clarify that resourceNames: [] does not restrict
list/watch/create, or (b) replace the example with a valid pattern (e.g.,
namespace/serviceAccount-scoped RoleBindings or mention using an
AdmissionController/OPA/Gatekeeper to enforce label-based restrictions).
Reference the RBAC fields in the diff such as rules, apiGroups, resources:
["pods"], verbs: ["get","list","watch","create","update","patch","delete"], and
resourceNames so reviewers can find and correct the misleading lines.
- Around line 7-8: The document currently flags the proposal as critically
flawed but still leaves the detailed four-phase migration plan and 8-week
timeline in the main body; move that superseded plan and timeline into a new
clearly labeled "Rejected approach" appendix (or remove the timeline entirely)
and replace the main body with the recommended, corrected guidance only; update
or add a brief note at the top referencing the relocated appendix so readers are
not misled by the outdated plan (search for the "four-phase migration plan",
"8-week timeline", and the sentence starting with "⚠️ CRITICAL" to find the
sections to move).
In `@test-e2e-control-plane.sh`:
- Around line 106-114: Replace the fragile tail-based log check that uses oc
logs deployment/ambient-control-plane -n ${NAMESPACE} --tail=50 | grep -q
"${SESSION_ID}" with a time-window or resource-based assertion: use oc logs ...
--since or --since-time with a timestamp window that covers when the session was
created (still grepping for ${SESSION_ID}), or better, assert on the reconciled
resource/status (e.g., query the controller-managed CR or its status via oc
get/<kind> -n ${NAMESPACE> -o jsonpath and check for ${SESSION_ID}) so success
isn't gated on the last 50 log lines.
- Around line 149-164: The test currently posts a simple {"content":...} and
silences transport failures with "|| true", so it can pass without exercising
the gRPC session-messages contract; update the curl payload in the
MESSAGE_RESPONSE/curl invocation to send the expected event structure (include
event_type and payload fields matching the
/api/ambient/v1/sessions/${SESSION_ID}/messages contract) and remove the "||
true" suppression so curl/oc failures propagate; then keep the existing jq check
on MESSAGE_RESPONSE (.id) and fail the script (non-zero exit or log error) when
the API returns an error or no id is present so the step breaks when the
contract is violated.
- Around line 48-52: The test currently validates the legacy AgenticSession CR
(agenticsessions.vteam.ambient-code) in the default namespace—delete/read/wait
logic around that CR should be replaced to assert on the new control-plane
behavior: instead of looking for AgenticSession CRs, wait for the created
project namespace and the runner workload (Job/Pod) readiness for the session;
update all occurrences that reference AgenticSession or
agenticsessions.vteam.ambient-code (including the blocks at lines referenced) to
check the project namespace existence and then poll the runner Job/Pod status
(ready/completed conditions) and perform cleanup by deleting the runner Job/Pod
and namespace rather than the AgenticSession CR.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 1ad03b9b-12b0-4cd2-9935-e3df0d3a2ce3
⛔ Files ignored due to path filters (2)
components/ambient-control-plane/go.sumis excluded by!**/*.sumcomponents/runners/ambient-runner/uv.lockis excluded by!**/*.lock
📒 Files selected for processing (74)
.github/workflows/ambient-control-plane-tests.ymlREMOVE_CRDs.mdcomponents/ambient-control-plane/.gitignorecomponents/ambient-control-plane/CLAUDE.mdcomponents/ambient-control-plane/Dockerfilecomponents/ambient-control-plane/Dockerfile.simplecomponents/ambient-control-plane/Makefilecomponents/ambient-control-plane/README.mdcomponents/ambient-control-plane/cmd/ambient-control-plane/main.gocomponents/ambient-control-plane/go.modcomponents/ambient-control-plane/internal/config/config.gocomponents/ambient-control-plane/internal/informer/informer.gocomponents/ambient-control-plane/internal/kubeclient/kubeclient.gocomponents/ambient-control-plane/internal/kubeclient/kubeclient_test.gocomponents/ambient-control-plane/internal/reconciler/kube_reconciler.gocomponents/ambient-control-plane/internal/reconciler/project_reconciler.gocomponents/ambient-control-plane/internal/reconciler/project_settings_reconciler.gocomponents/ambient-control-plane/internal/reconciler/shared.gocomponents/ambient-control-plane/internal/reconciler/stress_test.gocomponents/ambient-control-plane/internal/reconciler/tally.gocomponents/ambient-control-plane/internal/reconciler/tally_reconciler.gocomponents/ambient-control-plane/internal/reconciler/tally_test.gocomponents/ambient-control-plane/internal/watcher/watcher.gocomponents/manifests/base/ambient-api-server-grpc-route.ymlcomponents/manifests/base/ambient-control-plane-service.ymlcomponents/manifests/base/core/ambient-api-server-service.ymlcomponents/manifests/base/kustomization.yamlcomponents/manifests/base/platform/ambient-api-server-db.ymlcomponents/manifests/base/rbac/control-plane-clusterrole.yamlcomponents/manifests/base/rbac/control-plane-clusterrolebinding.yamlcomponents/manifests/base/rbac/control-plane-sa.yamlcomponents/manifests/base/rbac/kustomization.yamlcomponents/manifests/components/ambient-api-server-db/ambient-api-server-db-json-patch.yamlcomponents/manifests/deploycomponents/manifests/deploy-no-api-server.shcomponents/manifests/deploy.shcomponents/manifests/overlays/kind-local/control-plane-env-patch.yamlcomponents/manifests/overlays/kind-local/kustomization.yamlcomponents/manifests/overlays/kind/ambient-api-server-jwks-patch.yamlcomponents/manifests/overlays/kind/backend-ambient-api-patch.yamlcomponents/manifests/overlays/kind/control-plane-env-patch.yamlcomponents/manifests/overlays/kind/frontend-test-patch.yamlcomponents/manifests/overlays/kind/kustomization.yamlcomponents/manifests/overlays/kind/local-image-pull-policy-patch.yamlcomponents/manifests/overlays/production/ambient-api-server-jwt-args-patch.yamlcomponents/manifests/overlays/production/ambient-api-server-route.yamlcomponents/manifests/overlays/production/api-server-image-patch.yamlcomponents/manifests/overlays/production/control-plane-env-patch.yamlcomponents/manifests/overlays/production/control-plane-image-patch.yamlcomponents/manifests/overlays/production/kustomization.yamlcomponents/runners/ambient-runner/ambient_runner/_grpc_client.pycomponents/runners/ambient-runner/ambient_runner/_session_messages_api.pycomponents/runners/ambient-runner/ambient_runner/app.pycomponents/runners/ambient-runner/ambient_runner/bridge.pycomponents/runners/ambient-runner/ambient_runner/bridges/claude/bridge.pycomponents/runners/ambient-runner/ambient_runner/bridges/claude/grpc_transport.pycomponents/runners/ambient-runner/ambient_runner/bridges/claude/mcp.pycomponents/runners/ambient-runner/ambient_runner/bridges/claude/prompts.pycomponents/runners/ambient-runner/ambient_runner/bridges/claude/session.pycomponents/runners/ambient-runner/ambient_runner/bridges/claude/tools.pycomponents/runners/ambient-runner/ambient_runner/endpoints/events.pycomponents/runners/ambient-runner/ambient_runner/endpoints/run.pycomponents/runners/ambient-runner/ambient_runner/platform/prompts.pycomponents/runners/ambient-runner/architecture.mdcomponents/runners/ambient-runner/pyproject.tomlcomponents/runners/ambient-runner/tests/test_app_initial_prompt.pycomponents/runners/ambient-runner/tests/test_bridge_claude.pycomponents/runners/ambient-runner/tests/test_events_endpoint.pycomponents/runners/ambient-runner/tests/test_grpc_transport.pydocs/internal/design/agent-api.mddocs/internal/design/blackboard-api.mddocs/internal/developer/agent-workflow.mde2e/scripts/load-images.shtest-e2e-control-plane.sh
💤 Files with no reviewable changes (3)
- components/runners/ambient-runner/ambient_runner/bridges/claude/tools.py
- components/manifests/overlays/kind/ambient-api-server-jwks-patch.yaml
- components/manifests/overlays/kind/frontend-test-patch.yaml
Comment on lines
+237
to
+238
| func namespaceForProject(project types.Project) string { | ||
| return strings.ToLower(project.ID) |
Contributor
There was a problem hiding this comment.
Namespace name may contain invalid characters.
namespaceForProject only lowercases project.ID but does not sanitize characters. If project.ID contains underscores, dots, or other characters invalid for Kubernetes namespace names (must match [a-z0-9]([-a-z0-9]*[a-z0-9])?), namespace creation will fail.
Suggested fix
+var k8sNameInvalidChars = regexp.MustCompile(`[^a-z0-9-]`)
+
func namespaceForProject(project types.Project) string {
- return strings.ToLower(project.ID)
+ sanitized := k8sNameInvalidChars.ReplaceAllString(strings.ToLower(project.ID), "-")
+ sanitized = strings.Trim(sanitized, "-")
+ if len(sanitized) > 63 {
+ sanitized = sanitized[:63]
+ }
+ return sanitized
}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| func namespaceForProject(project types.Project) string { | |
| return strings.ToLower(project.ID) | |
| var k8sNameInvalidChars = regexp.MustCompile(`[^a-z0-9-]`) | |
| func namespaceForProject(project types.Project) string { | |
| sanitized := k8sNameInvalidChars.ReplaceAllString(strings.ToLower(project.ID), "-") | |
| sanitized = strings.Trim(sanitized, "-") | |
| if len(sanitized) > 63 { | |
| sanitized = sanitized[:63] | |
| } | |
| return sanitized | |
| } |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/ambient-control-plane/internal/reconciler/project_reconciler.go`
around lines 237 - 238, namespaceForProject currently only lowercases project.ID
which can leave characters invalid for Kubernetes namespaces; update
namespaceForProject to sanitize project.ID by: converting to lowercase,
replacing any characters not in [a-z0-9-] (e.g., underscores, dots, spaces) with
'-', collapsing consecutive '-' into a single '-', trimming leading/trailing '-'
to ensure it starts/ends with an alphanumeric character, truncating to 63
characters per Kubernetes limits, and if the result is empty or invalid provide
a deterministic fallback (e.g., "proj-<short-hash-of-project.ID>"); ensure
references to namespaceForProject and usage of project.ID reflect this sanitized
value.
Comment on lines
+108
to
+113
| ## Known Limitations | ||
|
|
||
| - **List-then-watch gap**: Resources created between initial sync and gRPC stream establishment may be missed until the next watch event. | ||
| - **`any` type in events**: `ResourceEvent.Object` uses `any`, requiring type assertions in reconcilers. Generics would be more robust. | ||
| - **In-memory cache only**: Cache is rebuilt on each restart from a full initial sync. | ||
| - **Write-back echo is timestamp-based**: Relies on `UpdatedAt` microsecond equality. A resource-version approach would be more robust. |
Contributor
There was a problem hiding this comment.
The bootstrap gap can permanently miss resources.
Treating the list-then-watch gap as a “known limitation” understates the impact: anything created after the initial list and before the watch is established may never reconcile unless it changes again. The control plane needs a resumable cursor/revision model, or a second diff pass before reporting ready.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/ambient-control-plane/README.md` around lines 108 - 113, The
README currently downplays the list-then-watch gap; update the control plane
design to ensure no permanent misses by either adopting a resumable
cursor/revision model (persist last-seen revision and resume the watch from that
revision) or by performing an immediate second diff pass after establishing the
gRPC watch before reporting the system as "ready"; make sure to reference the
initial sync and gRPC stream establishment points in the design text and
explicitly state that readiness is only reported after the second-diff or
resume-from-revision validation completes so resources created in the gap are
reconciled.
Comment on lines
+29
to
+30
| - name: quay.io/ambient_code/ambient_control_plane | ||
| newTag: latest |
Contributor
There was a problem hiding this comment.
Avoid mutable latest for base image mapping.
newTag: latest makes base renders non-deterministic and can drift across identical commits. Pin to a release tag or immutable digest.
🔧 Proposed fix
- name: quay.io/ambient_code/ambient_control_plane
- newTag: latest
+ newTag: "0.4.0"As per coding guidelines, "Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity."
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| - name: quay.io/ambient_code/ambient_control_plane | |
| newTag: latest | |
| - name: quay.io/ambient_code/ambient_control_plane | |
| newTag: "0.4.0" |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/manifests/base/kustomization.yaml` around lines 29 - 30, The image
mapping in kustomization.yaml uses a mutable tag (name:
quay.io/ambient_code/ambient_control_plane with newTag: latest) which makes
builds non-deterministic; update that mapping to use a fixed, immutable
identifier (replace newTag: latest with a specific release tag or immutable
digest) so the base render is reproducible and cannot drift across commits.
Comment on lines
+381
to
+395
| # gRPC listener — start eagerly so ready event fires before initial prompt | ||
| grpc_url = os.getenv("AMBIENT_GRPC_URL", "").strip() | ||
| if grpc_url and self._grpc_listener is None: | ||
| from ambient_runner.bridges.claude.grpc_transport import GRPCSessionListener | ||
|
|
||
| self._grpc_listener = GRPCSessionListener( | ||
| bridge=self, | ||
| session_id=self._context.session_id, | ||
| grpc_url=grpc_url, | ||
| ) | ||
| self._grpc_listener.start() | ||
| logger.info( | ||
| "ClaudeBridge: gRPC listener started for session %s", | ||
| self._context.session_id, | ||
| ) |
Contributor
There was a problem hiding this comment.
Only cache the listener after start() succeeds.
self._grpc_listener is assigned before start() runs. If start() raises, later _setup_platform() calls will skip reinitialization because the field is no longer None.
Suggested fix
- self._grpc_listener = GRPCSessionListener(
+ listener = GRPCSessionListener(
bridge=self,
session_id=self._context.session_id,
grpc_url=grpc_url,
)
- self._grpc_listener.start()
+ listener.start()
+ self._grpc_listener = listener📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| # gRPC listener — start eagerly so ready event fires before initial prompt | |
| grpc_url = os.getenv("AMBIENT_GRPC_URL", "").strip() | |
| if grpc_url and self._grpc_listener is None: | |
| from ambient_runner.bridges.claude.grpc_transport import GRPCSessionListener | |
| self._grpc_listener = GRPCSessionListener( | |
| bridge=self, | |
| session_id=self._context.session_id, | |
| grpc_url=grpc_url, | |
| ) | |
| self._grpc_listener.start() | |
| logger.info( | |
| "ClaudeBridge: gRPC listener started for session %s", | |
| self._context.session_id, | |
| ) | |
| # gRPC listener — start eagerly so ready event fires before initial prompt | |
| grpc_url = os.getenv("AMBIENT_GRPC_URL", "").strip() | |
| if grpc_url and self._grpc_listener is None: | |
| from ambient_runner.bridges.claude.grpc_transport import GRPCSessionListener | |
| listener = GRPCSessionListener( | |
| bridge=self, | |
| session_id=self._context.session_id, | |
| grpc_url=grpc_url, | |
| ) | |
| listener.start() | |
| self._grpc_listener = listener | |
| logger.info( | |
| "ClaudeBridge: gRPC listener started for session %s", | |
| self._context.session_id, | |
| ) |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/runners/ambient-runner/ambient_runner/bridges/claude/bridge.py`
around lines 381 - 395, The code assigns self._grpc_listener before calling
start(), which can leave a broken non-None value if GRPCSessionListener.start()
raises and prevent future reinitialization in _setup_platform(); to fix, create
the GRPCSessionListener instance in a local variable (e.g., listener =
GRPCSessionListener(...)), call listener.start() and only set
self._grpc_listener = listener after start() completes successfully, and ensure
any exceptions from listener.start() are propagated or logged so
_setup_platform() can retry initialization.
Comment on lines
+46
to
+70
| def __init__( | ||
| self, | ||
| bridge: "PlatformBridge", | ||
| session_id: str, | ||
| grpc_url: str, | ||
| ) -> None: | ||
| self._bridge = bridge | ||
| self._session_id = session_id | ||
| self._grpc_url = grpc_url | ||
| self._grpc_client: Optional["AmbientGRPCClient"] = None | ||
| self.ready = asyncio.Event() | ||
| self._task: Optional[asyncio.Task] = None | ||
|
|
||
| def start(self) -> None: | ||
| from ambient_runner._grpc_client import AmbientGRPCClient | ||
|
|
||
| self._grpc_client = AmbientGRPCClient.from_env() | ||
| self._task = asyncio.create_task( | ||
| self._listen_loop(), name="grpc-session-listener" | ||
| ) | ||
| logger.info( | ||
| "[GRPC LISTENER] Started: session=%s url=%s", | ||
| self._session_id, | ||
| self._grpc_url, | ||
| ) |
Contributor
There was a problem hiding this comment.
grpc_url is ignored after construction.
GRPCSessionListener stores and logs grpc_url, but start() always calls AmbientGRPCClient.from_env() and never passes self._grpc_url through. That lets config/tests believe one endpoint is in use while the listener actually connects to another. Either build the client from self._grpc_url or drop the parameter entirely.
🧰 Tools
🪛 Ruff (0.15.6)
[warning] 55-55: Remove quotes from type annotation
Remove quotes
(UP037)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In
`@components/runners/ambient-runner/ambient_runner/bridges/claude/grpc_transport.py`
around lines 46 - 70, GRPCSessionListener currently ignores the grpc_url stored
on construction because start() always calls AmbientGRPCClient.from_env();
change start() to construct the AmbientGRPCClient using the stored
self._grpc_url (e.g., use the appropriate factory or constructor such as
AmbientGRPCClient.from_url(self._grpc_url) or AmbientGRPCClient(self._grpc_url)
depending on the AmbientGRPCClient API) so the listener actually connects to the
configured endpoint, or if you intend not to support per-listener URLs, remove
the grpc_url parameter from __init__ and all usages; update the call site in
start() and keep the existing logging of self._grpc_url.
Comment on lines
+254
to
+260
| | REST API | `acpctl` Command | Notes | | ||
| |---|---|---| | ||
| | `GET /sessions` | `acpctl get sessions` | Table: ID, NAME, PROJECT, PHASE, MODEL, AGE | | ||
| | `GET /sessions` | `acpctl get sessions -w` | Live watch mode | | ||
| | `GET /sessions/{id}` | `acpctl get session <id>` | | | ||
| | `GET /sessions/{id}` | `acpctl describe session <id>` | Full JSON output | | ||
| | `DELETE /sessions/{id}` | `acpctl delete session <id>` | Also `acpctl stop <id>` | |
Contributor
There was a problem hiding this comment.
Document the sessions collection/watch endpoint or drop the CLI mapping.
Lines 256-257 advertise acpctl get sessions and watch mode, but the API reference only documents item-scoped session routes. That leaves the approved contract internally inconsistent for CLI/SDK implementers.
Also applies to: 330-340
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@docs/internal/design/agent-api.md` around lines 254 - 260, The docs list
collection/watch CLI mappings (GET /sessions and acpctl get sessions -w) but the
API reference lacks a collection/watch endpoint; either add documentation for
the sessions collection and watch endpoints (e.g., GET /sessions with query
params, pagination, and a watch/streaming variant) including request/response
shapes and behavior, or remove the CLI mappings from the table (the rows
referencing GET /sessions and acpctl get sessions[-w]) so the CLI/SDK contract
matches the item-scoped session routes (GET/DELETE /sessions/{id} and describe).
Ensure updates reference the same operation names used in the file (GET
/sessions, GET /sessions/{id}, acpctl get sessions, acpctl get sessions -w) so
reviewers can locate the changes.
Comment on lines
+225
to
+238
| ### Agent Lifecycle | ||
|
|
||
| ``` | ||
| Agent ──ignite──► Session ──runs──► completes / fails | ||
| │ │ | ||
| │◄── current_session_id (denormalized) | ||
| │ | ||
| └── ignite again ──► new Session | ||
| │ | ||
| prior Session preserved in history | ||
| ``` | ||
|
|
||
| `current_session_id` is a denormalized pointer updated on every ignite and on session completion. It enables the Blackboard snapshot to read `Agent + latest SessionCheckIn` without joining through sessions. | ||
|
|
Contributor
There was a problem hiding this comment.
Define the concurrent update rule for current_session_id.
Re-ignition is explicitly supported, so an older session can finish after a newer one starts. If completion blindly clears or rewrites current_session_id, the pointer can move backwards or go null while a newer run is active. Specify a compare-and-clear rule (clear only if current_session_id == completing_session_id) or make single-active-session an invariant.
🧰 Tools
🪛 markdownlint-cli2 (0.21.0)
[warning] 227-227: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@docs/internal/design/blackboard-api.md` around lines 225 - 238, The design
must prevent races on the denormalized pointer current_session_id when sessions
re-ignite; implement a compare-and-clear/update rule so Session completion only
clears or updates current_session_id if current_session_id ==
completing_session_id (i.e., perform atomic CAS on current_session_id), or
alternatively declare and enforce a single-active-session invariant for Agent so
ignitions are serialized; reference Agent, Session, and SessionCheckIn where
current_session_id is read/updated and document the chosen rule
(compare-and-clear or single-active-session) and its atomicity semantics in the
spec.
…etes reconciliation New Go microservice that reconciles Projects, ProjectSettings, and Sessions between the ambient-api-server and Kubernetes. Implements: - Informer-based watch loop against the API server SDK - Kube reconciler: creates namespaces, runner Jobs, Secrets, and RoleBindings - Project/ProjectSettings reconcilers with operator parity - TLS/gRPC support for AMBIENT_GRPC_URL injection into runner Jobs - IfNotPresent pull policy for localhost images - Tally reconciler for session state sync - Stress and unit tests 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
…observability Adds gRPC-based AG-UI event push from the Python runner to the ambient-api-server: - _grpc_client.py: gRPC client with bearer token metadata, TLS support, AMBIENT_GRPC_URL env override, and insecure fallback - _session_messages_api.py: PushSessionMessage wrapper with retry logic - grpc_transport.py: bridge between Claude Code SSE output and gRPC stream - endpoints/events.py: SSE endpoint for AG-UI event fan-out - Only forwards MESSAGES_SNAPSHOT events to gRPC (not per-token AG-UI events) - RUN_FINISHED serialized as JSON via model_dump - Structured logging throughout (observability-ready) - Per-request gRPC watch disabled (replaced by streaming push model) - Default agent preamble injected into system prompt - Unit tests for gRPC transport, events endpoint, and initial prompt 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
markturansky
force-pushed
the
feat/grpc-python-runner
branch
4 times, most recently
from
a8fe1a1 to
cb90f6f
Compare
Contributor
There was a problem hiding this comment.
Actionable comments posted: 13
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
components/manifests/components/ambient-api-server-db/ambient-api-server-db-json-patch.yaml (1)
4-30:⚠️ Potential issue | 🟠 MajorDatabase deployment missing health probes after patch.
Per the AI summary, this patch no longer overrides
readinessProbeandlivenessProbewithpg_isreadycommands. If the base manifest also lacks probes, the database pod won't have health checks, risking traffic routing to unhealthy instances.Consider adding probes appropriate for the RHEL PostgreSQL image:
🔧 Suggested probe addition
- op: add path: /spec/template/spec/containers/0/readinessProbe value: exec: command: - /bin/sh - -c - pg_isready -U "$POSTGRESQL_USER" -d "$POSTGRESQL_DATABASE" initialDelaySeconds: 5 periodSeconds: 10 - op: add path: /spec/template/spec/containers/0/livenessProbe value: exec: command: - /bin/sh - -c - pg_isready -U "$POSTGRESQL_USER" -d "$POSTGRESQL_DATABASE" initialDelaySeconds: 30 periodSeconds: 10🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/components/ambient-api-server-db/ambient-api-server-db-json-patch.yaml` around lines 4 - 30, Add readinessProbe and livenessProbe entries to the JSON patch so the PostgreSQL container (container index 0) uses pg_isready with the POSTGRESQL_USER and POSTGRESQL_DATABASE env vars; specifically add ops at /spec/template/spec/containers/0/readinessProbe and /spec/template/spec/containers/0/livenessProbe that use an exec command like "sh -c pg_isready -U \"$POSTGRESQL_USER\" -d \"$POSTGRESQL_DATABASE\"" and set sensible timings (e.g., readiness initialDelaySeconds 5, periodSeconds 10; liveness initialDelaySeconds 30, periodSeconds 10) to ensure proper health checks for the RHEL PostgreSQL image.
♻️ Duplicate comments (38)
docs/internal/design/agent-api.md (1)
254-260:⚠️ Potential issue | 🟠 MajorUnresolved: Document the sessions collection endpoint or remove the CLI mapping.
The CLI mapping table (lines 256-257) advertises
GET /sessionsfor bothacpctl get sessionsand watch mode (-w), but the API Reference section (lines 334-340) documents only item-scoped session routes (GET /sessions/{id},DELETE /sessions/{id}, etc.). This leaves CLI and SDK implementers without a contract for the collection and watch operations.Either add the missing endpoint documentation to the API Reference section (e.g.,
GET /api/ambient/v1/sessionswith pagination, filtering, and watch/streaming semantics), or remove lines 256-257 from the CLI mapping table to align with the item-scoped session model.Also applies to: 334-340
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/internal/design/agent-api.md` around lines 254 - 260, The CLI mapping advertises collection/watch routes (GET /sessions and acpctl get sessions[-w]) but the API Reference only documents item-scoped routes (GET /sessions/{id}, DELETE /sessions/{id}), causing a mismatch; either add a documented collection endpoint (e.g., GET /api/ambient/v1/sessions) with its contract (pagination, filtering query params, and watch/streaming semantics) to the API Reference section or remove the two CLI table rows that reference GET /sessions/acpctl get sessions (and the watch variant) so the CLI mapping matches the documented item-scoped session model; update the docs in both the CLI mapping table and the API Reference so they remain consistent (search for the strings "GET /sessions", "acpctl get sessions", and the API Reference block showing "GET /sessions/{id}" to locate the spots to edit).components/runners/ambient-runner/ambient_runner/bridges/claude/bridge.py (1)
386-391:⚠️ Potential issue | 🟠 MajorOnly cache the listener after
start()succeeds.
self._grpc_listeneris assigned at Line 386 beforestart()is called at Line 391. Ifstart()raises, subsequent_setup_platform()calls will skip reinitialization because the field is no longerNone.Suggested fix
- self._grpc_listener = GRPCSessionListener( + listener = GRPCSessionListener( bridge=self, session_id=self._context.session_id, grpc_url=grpc_url, ) - self._grpc_listener.start() + listener.start() + self._grpc_listener = listener🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/runners/ambient-runner/ambient_runner/bridges/claude/bridge.py` around lines 386 - 391, The code assigns self._grpc_listener before calling start(), which can leave a non-started listener set if start() raises; change _setup_platform() to instantiate the listener into a local variable (e.g., listener = GRPCSessionListener(...)), call listener.start(), and only if start() succeeds assign self._grpc_listener = listener so subsequent calls will retry initialization if start() failed; reference GRPCSessionListener, its start() method, and the _setup_platform()/self._grpc_listener field when making the change.components/ambient-control-plane/go.mod (1)
11-11:⚠️ Potential issue | 🔴 CriticalUpgrade vulnerable gRPC dependency to v1.79.3 or later.
The pinned
google.golang.org/grpc v1.79.1is affected by GHSA-p77j-4mvh-x3m3 (authorization bypass via missing leading slash in:path). The first patched version is v1.79.3.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/ambient-control-plane/go.mod` at line 11, The go.mod currently pins google.golang.org/grpc at v1.79.1 which is vulnerable; update the grpc module entry to v1.79.3 or later (e.g., run `go get google.golang.org/grpc@v1.79.3` and then `go mod tidy`) so the module graph and go.sum are updated, and then rebuild/run tests to verify nothing breaks; ensure the dependency string `google.golang.org/grpc v1.79.1` is replaced with the new version `v1.79.3` (or higher).components/manifests/overlays/production/control-plane-image-patch.yaml (1)
9-10:⚠️ Potential issue | 🟠 MajorAvoid mutable
:latesttag in production overlays.Using
:latestmakes deployments non-reproducible and weakens rollback/audit guarantees. Pin an immutable digest or release tag.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/overlays/production/control-plane-image-patch.yaml` around lines 9 - 10, The image reference for the container named "ambient-control-plane" currently uses the mutable tag "ambient_control_plane:latest"; change this to an immutable identifier by pinning to a specific release tag or image digest (e.g. replace "ambient_control_plane:latest" with a semantic version tag or "ambient_control_plane@sha256:<digest>") so production overlays are reproducible and rollbacks/audits are reliable.components/manifests/overlays/production/kustomization.yaml (1)
81-83: 🧹 Nitpick | 🔵 TrivialConsider pinning to a specific image tag for production.
Using
newTag: latestin production can lead to non-deterministic deployments. This pattern is consistent with other images in this file, but production overlays ideally should reference release tags.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/overlays/production/kustomization.yaml` around lines 81 - 83, Replace the floating image tag for quay.io/ambient_code/ambient_control_plane (currently using newTag: latest) with a pinned release tag (e.g., vX.Y.Z) so production kustomization is deterministic; update the newTag value for the ambient_control_plane entry and, if you use a shared image version variable in this file, set that variable to the chosen release tag and ensure any imagePullPolicy or deployment manifests are compatible with the pinned tag.components/runners/ambient-runner/tests/test_bridge_claude.py (1)
53-88:⚠️ Potential issue | 🟠 MajorgRPC setup tests do not exercise actual
_setup_platformbehavior.Both tests patch or bypass
_setup_platformentirely:
test_setup_platform_starts_grpc_listener_when_url_setmocks_setup_platformand manually assigns_grpc_listenertest_setup_platform_no_grpc_listener_without_urlnever calls_setup_platformThese tests will pass even if the setup logic regresses. They should call the real
_setup_platformwith appropriate mocks for its dependencies.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/runners/ambient-runner/tests/test_bridge_claude.py` around lines 53 - 88, Update the tests to exercise the real setup logic by calling ClaudeBridge._setup_platform instead of patching it: in test_setup_platform_starts_grpc_listener_when_url_set remove the patch of _setup_platform, patch ambient_runner.bridges.claude.bridge.GRPCSessionListener to return a MagicMock instance, set os.environ["AMBIENT_GRPC_URL"], then await bridge._setup_platform() and assert bridge._grpc_listener is the mock listener; similarly, in test_setup_platform_no_grpc_listener_without_url ensure AMBIENT_GRPC_URL is absent (pop it), call await bridge._setup_platform(), and assert bridge._grpc_listener is None. Include references to ClaudeBridge._setup_platform, GRPCSessionListener, and bridge._grpc_listener when locating the code to change.components/manifests/base/rbac/control-plane-sa.yaml (1)
7-14:⚠️ Potential issue | 🟠 MajorReplace static ServiceAccount token Secret with projected token.
The
kubernetes.io/service-account-tokenSecret creates a long-lived credential that cannot be easily rotated. Use the Kubernetes TokenRequest API with projected volumes instead.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/base/rbac/control-plane-sa.yaml` around lines 7 - 14, The manifest creates a long‑lived Secret (kind: Secret, name: ambient-control-plane-token, annotation kubernetes.io/service-account.name: ambient-control-plane, type: kubernetes.io/service-account-token) which must be replaced by using a projected serviceAccountToken; remove this Secret manifest and instead update the Pod/Deployment that used it to mount a projected volume with serviceAccountToken (set serviceAccountName: ambient-control-plane on the Pod spec, add a volume of type projected -> serviceAccountToken with appropriate audience and expirationSeconds and a path) so tokens are short‑lived and rotatable.components/runners/ambient-runner/ambient_runner/app.py (3)
350-352:⚠️ Potential issue | 🟠 MajorRestore retry/backoff for the gRPC initial-prompt path.
When
grpc_urlis set, Lines 350-352 do one gRPC push and_push_initial_prompt_via_grpc()swallows both exceptions andNoneresults. A transient control-plane/API hiccup now dropsINITIAL_PROMPTpermanently, andclient.close()is skipped on failure because it is not in afinally.Also applies to: 391-403
129-131:⚠️ Potential issue | 🟠 MajorBound the gRPC listener wait during startup.
If the listener never becomes ready,
await bridge._grpc_listener.ready.wait()blocks FastAPI startup forever and the pod just hangs. Put a timeout around it and fail explicitly.Minimal fix
if grpc_url and isinstance(bridge, ClaudeBridge): await bridge._setup_platform() - await bridge._grpc_listener.ready.wait() + try: + await asyncio.wait_for(bridge._grpc_listener.ready.wait(), timeout=30) + except asyncio.TimeoutError: + logger.error( + "Timed out waiting for gRPC listener readiness: session=%s", + session_id, + ) + raise logger.info( "gRPC listener ready for session %s — proceeding to INITIAL_PROMPT", session_id,🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/runners/ambient-runner/ambient_runner/app.py` around lines 129 - 131, The startup currently awaits bridge._grpc_listener.ready.wait() with no timeout, which can hang startup; modify the if-block that checks grpc_url and isinstance(bridge, ClaudeBridge) (around ClaudeBridge._setup_platform and the _grpc_listener.ready.wait call) to wrap the wait in an asyncio timeout (e.g., asyncio.wait_for) with a sensible timeout value and handle TimeoutError by logging/raising a clear error or exiting so startup fails fast instead of hanging; ensure you still call bridge._setup_platform() before the timed wait and surface the failure (raise or processLogger.error + sys.exit) so the pod fails explicitly.
380-384:⚠️ Potential issue | 🟠 MajorMove the gRPC push off the event loop if the client is synchronous.
_push_initial_prompt_via_grpc()is async, but Lines 380-384 callclient.session_messages.push(...)directly. If_grpc_client.pystill uses synchronous stubs, this blocks the event loop on network I/O during startup.This verifies whether
push()is synchronous and backed by a normalgrpc.Channel. If so, wrap it inasyncio.to_thread(...)or switch to an async client.#!/bin/bash set -euo pipefail sed -n '356,396p' components/runners/ambient-runner/ambient_runner/app.py sed -n '1,220p' components/runners/ambient-runner/ambient_runner/_grpc_client.py sed -n '1,220p' components/runners/ambient-runner/ambient_runner/_session_messages_api.py rg -n 'class AmbientGRPCClient|def push|unary_unary|grpc\.aio|to_thread|run_in_executor' \ components/runners/ambient-runner/ambient_runner/_grpc_client.py \ components/runners/ambient-runner/ambient_runner/_session_messages_api.py \ components/runners/ambient-runner/ambient_runner/app.py🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/runners/ambient-runner/ambient_runner/app.py` around lines 380 - 384, The call to client.session_messages.push inside _push_initial_prompt_via_grpc may be a blocking synchronous gRPC call and can block the event loop; change the call to run off the event loop by wrapping client.session_messages.push(...) in asyncio.to_thread(...) (or use loop.run_in_executor) unless the _grpc_client/SessionMessages API provides an async push; locate _push_initial_prompt_via_grpc and the session_messages.push invocation and replace the direct call with an await of asyncio.to_thread(lambda: client.session_messages.push(session_id, event_type="user", payload=_json.dumps(payload))) (or switch to the async grpc.aio client implementation in _grpc_client.py and call its async push directly).components/manifests/overlays/kind/kustomization.yaml (1)
135-141:⚠️ Potential issue | 🔴 CriticalKeep localhost remaps out of the default kind overlay.
Lines 135-141 contradict the "use Quay.io production images by default" contract above and force kind to depend on preloaded
localhost/...:latestimages. That makes non-local kind runs fragile, andambient-api-serverstill keepslatestpull semantics, so it can fall intoImagePullBackOff. These remaps belong inoverlays/kind-local, not the default kind overlay.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/overlays/kind/kustomization.yaml` around lines 135 - 141, Remove the explicit localhost remaps for the images "quay.io/ambient_code/vteam_api_server" and "quay.io/ambient_code/ambient_control_plane" from the kind overlay kustomization (the entries setting newName: localhost/... and newTag: latest) so the overlay continues to use Quay production images by default; instead place those remap entries into the overlays/kind-local kustomization so local kind runs can opt into preloaded localhost images without changing the default kind overlay.components/manifests/overlays/production/control-plane-env-patch.yaml (1)
15-16:⚠️ Potential issue | 🟠 MajorPin
RUNNER_IMAGEto the tested artifact.The control plane launches runner Jobs after it has already been deployed. Leaving this on
:latestlets a later registry push change runner behavior and the gRPC contract without any control-plane rollout or manifest diff.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/overlays/production/control-plane-env-patch.yaml` around lines 15 - 16, The RUNNER_IMAGE environment variable is pinned to :latest which allows registry updates to change runtime behavior; update the RUNNER_IMAGE value in the manifest to an immutable, tested artifact (either a specific semantic version tag or a sha256 image digest) so the control-plane will always launch the exact vetted runner (change the value for the RUNNER_IMAGE entry in this YAML from "quay.io/ambient_code/vteam_claude_runner:latest" to the chosen tag or digest).components/manifests/base/platform/ambient-api-server-db.yml (2)
59-104:⚠️ Potential issue | 🟠 MajorDefine requests and limits for the database container.
The
postgresqlcontainer still has noresourcesblock. Without requests the scheduler has no reservation for this stateful workload, and without limits a spike can starve or OOM the database pod.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/base/platform/ambient-api-server-db.yml` around lines 59 - 104, Add a resources block to the postgresql container (the container with name: postgresql under containers) to set both requests and limits so the scheduler reserves capacity and pods can’t be OOM-killed by bursts; include at minimum cpu and memory under resources.requests (e.g., cpu: "250m", memory: "512Mi") and resources.limits (e.g., cpu: "1", memory: "2Gi") or values appropriate for your environment, and place this resources block at the same indentation level as ports, livenessProbe, readinessProbe, volumeMounts and securityContext for the postgresql container.
61-62:⚠️ Potential issue | 🟠 MajorPin the PostgreSQL image instead of using
:latest.
registry.redhat.io/rhel9/postgresql-16:latestwithIfNotPresentmakes pod recreations non-deterministic. A restart can silently move the base database deployment to a different engine build than the one you validated.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/base/platform/ambient-api-server-db.yml` around lines 61 - 62, Replace the floating image tag in the manifest—change the image value currently set to "registry.redhat.io/rhel9/postgresql-16:latest" (alongside the existing imagePullPolicy: IfNotPresent) to a pinned, immutable reference (either a specific versioned tag or a digest SHA, e.g. registry.redhat.io/rhel9/postgresql-16:<fixed-tag> or registry.redhat.io/rhel9/postgresql-16@sha256:<digest>) so pod restarts use the exact validated engine build; update the "image" field in this manifest accordingly and keep the imagePullPolicy as appropriate.components/manifests/deploy-no-api-server.sh (2)
73-76:⚠️ Potential issue | 🟠 MajorDon't mutate the checked-in overlay in place.
If this script exits after
kustomize edit set namespace "$NAMESPACE", the repository is left dirty and the next run can deploy to the wrong namespace. Build from a temporary copy ofoverlays/no-api-server, or restore the original state with anEXITtrap instead of editing tracked files directly.Also applies to: 135-140
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/deploy-no-api-server.sh` around lines 73 - 76, The script currently mutates the checked-in overlay by running kustomize edit set namespace "$NAMESPACE" (lines using kustomize edit set namespace and the overlays/no-api-server overlay), which can leave the repo dirty; change the script to operate on a temporary copy of overlays/no-api-server (e.g., copy overlay to a temp dir and run kustomize edit there) or, if you must edit in-place, add an EXIT trap that restores the original overlay state before exit; ensure all occurrences of kustomize edit set namespace (including the block around lines 135-140) are adjusted to use the temporary copy or are reverted in the trap so the repository files are never permanently mutated by the script.
9-10:⚠️ Potential issue | 🟠 MajorEnable
pipefailfor the apply pipeline.
set -ealone will not fail this script ifkustomize buildbreaks whileoc applyexits successfully after consuming partial input. That can turn a broken render into a partial rollout that still looks successful. Useset -euo pipefail(or at leastset -o pipefail) before the first pipeline.Also applies to: 80-80
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/deploy-no-api-server.sh` around lines 9 - 10, The script currently uses only "set -e" which doesn't catch failures in piped commands; update the shell options so the script uses "set -euo pipefail" (or at minimum add "set -o pipefail") before any pipeline is executed—replace the existing "set -e" invocation in the top-level of the deploy-no-api-server.sh script (the line that currently reads set -e) with the expanded options to ensure pipelines like kustomize build | oc apply will fail on any upstream error.components/ambient-control-plane/internal/reconciler/tally.go (1)
53-76:⚠️ Potential issue | 🟠 MajorDo not keep the mutex held across structured logging.
Reconcile()holdsr.muthroughr.logger.Info(), so log I/O becomes part of the critical section. Under concurrent reconcile load that serializes otherwise independent updates behind the logger. Capture the counters while locked, unlock, then emit the log line.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/ambient-control-plane/internal/reconciler/tally.go` around lines 53 - 76, The mutex r.mu is held across the structured log call, serializing reconcilers; inside the reconciler method (the block that currently uses r.mu.Lock()/defer r.mu.Unlock()), capture all needed values while locked—event.Type (or string(event.Type)), resourceID, r.tally.Added/Modified/Deleted, and any mutation to r.seenIDs—and then release the lock before calling r.logger.Info(); i.e., perform state updates and copy counters to local variables under r.mu, unlock, then emit the structured log using those locals (references: r.mu, r.tally, r.seenIDs, r.lastEventAt, and r.logger.Info).components/runners/ambient-runner/ambient_runner/endpoints/run.py (2)
40-60:⚠️ Potential issue | 🟠 MajorFailed runs still never publish a terminal gRPC event.
_push_event()filters outRUN_ERROR, and both fallback error paths only yieldRunErrorEventto SSE. On control-plane-managed sessions, gRPC consumers can therefore wait forever for completion after a failed run or oversized event. PersistRUN_ERRORtoo, and call_push_event(session_id, run_error_event)before yielding those fallbacks.Also applies to: 283-314
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/runners/ambient-runner/ambient_runner/endpoints/run.py` around lines 40 - 60, _pushevent currently filters out RUN_ERROR causing failed runs to never emit a terminal gRPC event; modify the persistence logic inside _push_event to include "RUN_ERROR" alongside "MESSAGES_SNAPSHOT" and "RUN_FINISHED" so RUN_ERROR is persisted, and in the two fallback paths that currently yield a RunErrorEvent to SSE (the oversized-event and generic failure fallbacks) call _push_event(session_id, run_error_event) before yielding/returning the RunErrorEvent so control-plane gRPC consumers receive the terminal event; locate references to _push_event, RUN_ERROR, and RunErrorEvent to update both the filter set and the two fallback locations (also apply same change to the duplicate block at the other location).
173-189:⚠️ Potential issue | 🟠 MajorStop logging prompt content and every outbound event at info level.
last_content_previewwrites user message content to pod logs, and the per-event[OUTBOUND SSE]line emits once per streamed event. That is both a privacy leak and an avoidable log-volume spike on long runs. Keep high-level run metadata at info, but move content previews and per-event traces to redacted debug logging or aggregate them in the completion summary.Also applies to: 252-258
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/runners/ambient-runner/ambient_runner/endpoints/run.py` around lines 173 - 189, The info-level log currently prints message content via last_content_preview and per-event outbound traces; change logger.info(...) to only include high-level metadata (thread_id, run_id, msg_count, last_role) and remove last_content_preview from that call, then log the content preview using logger.debug with redaction (e.g., show "<redacted>" or first N chars only) by updating the last_content_preview assignment and its use; also locate the outbound SSE tracing (the "[OUTBOUND SSE]" log emission) and demote those per-event logs from info to debug or aggregate them into a single summary at the end (apply same change to the similar block referenced at lines 252-258), ensuring you update references to last_content_preview, run_agent_input, and any "[OUTBOUND SSE]" logging sites.REMOVE_CRDs.md (2)
462-470:⚠️ Potential issue | 🟠 MajorThis RBAC example documents a guarantee Kubernetes RBAC does not provide.
resourceNames: []is unrestricted, and built-in RBAC does not scopelist,watch, orcreateby label selector. Leaving this example here will push the implementation toward isolation the API server never enforces. Replace it with real controls such as namespace isolation, dedicated service accounts, or admission policies.Does Kubernetes RBAC support restricting Role or ClusterRole access by label selector, or using resourceNames to constrain list, watch, or create requests?🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@REMOVE_CRDs.md` around lines 462 - 470, The RBAC example incorrectly suggests scoping via label selectors and uses resourceNames: [] to imply restriction for list/watch/create; update the documentation by removing or replacing that rules: block (the resourceNames field and the verbs ["get","list","watch","create","update","patch","delete"]) with correct guidance: explain that Kubernetes RBAC cannot restrict list/watch/create by label selector or resourceNames, and instead recommend concrete alternatives such as namespace isolation, dedicated ServiceAccounts with narrowly-scoped Roles/ClusterRoles, and AdmissionController/ValidatingAdmissionWebhook policies to enforce label-based constraints.
52-54:⚠️ Potential issue | 🟠 MajorSeparate the rejected design from the executable plan.
Line 7 says the original proposal has significant architectural flaws, but the main body still includes a concrete migration plan and 8-week timeline for that same approach. That makes the document easy to misread as approval. Move the superseded plan/timeline into a clearly marked "Rejected approach" appendix, or remove it from the main path entirely.
Also applies to: 287-308
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@REMOVE_CRDs.md` around lines 52 - 54, The document currently mixes a rejected architecture with an active migration path under the "Migration Plan" and the "Phase 1: Extend Control Plane with Kubernetes Resource Management" headings; extract the superseded approach and its 8‑week timeline into a new clearly marked "Rejected approach" appendix (or delete it entirely) so the main plan only contains approved, executable steps, and update any references or the table of contents that point to the moved/removed sections to avoid confusion.components/manifests/base/rbac/control-plane-clusterrole.yaml (1)
17-27:⚠️ Potential issue | 🟠 MajorReduce the control plane's cluster-wide blast radius.
This
ClusterRolecan create/update/deleterolebindings,secrets,serviceaccounts,services,pods, andjobsin every namespace. A leaked service-account token would effectively become cluster-wide workload admin. Keep theClusterRolelimited to namespace bootstrap and read access, and move namespace-scoped mutating permissions into aRolethat is bound only inside namespaces the controller owns.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/base/rbac/control-plane-clusterrole.yaml` around lines 17 - 27, The ClusterRole currently grants cluster-wide mutating permissions for resources like rolebindings, secrets, serviceaccounts, services, pods, and jobs; change it to read/bootstrap-only (remove create/update/patch/delete/deletecollection verbs for those resources and keep only get/list/watch and any necessary readonly verbs) and create a namespaced Role (e.g., control-plane-namespace-role) that contains the mutating verbs for resources ["rolebindings","secrets","serviceaccounts","services","pods","jobs"]; then ensure the controller binds that Role into each owned namespace with a RoleBinding (rather than leaving cluster-scoped create/update/delete on the ClusterRole), and update any controller code that assumes cluster-wide mutation to instead create per-namespace RoleBindings for namespaces it owns.components/ambient-control-plane/README.md (1)
108-110:⚠️ Potential issue | 🟠 MajorTreat the list/watch gap as a correctness bug, not a soft limitation.
A resource created after the initial list and before the watch is established can be missed forever if it never changes again. The design needs either a resumable cursor/revision or a second diff pass before reporting readiness; otherwise the controller can silently fail to reconcile valid resources.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/ambient-control-plane/README.md` around lines 108 - 110, Update the README and controller design to treat the list-then-watch gap as a correctness bug and implement one of two fixes: either make the watch resumable using server-side revision/cursor (use the resourceVersion/continue token from syncInitialList() and pass it to establishWatchStream()) or perform a deterministic second diff pass (call syncInitialList() a second time and reconcile differences before reportReady()/reconcileLoop() starts); reference syncInitialList(), establishWatchStream(), and reportReady() in the docs and design notes so implementers know where to add the resume token handling or the extra-list reconciliation step.components/ambient-control-plane/cmd/ambient-control-plane/main.go (1)
171-178:⚠️ Potential issue | 🟠 MajorClone
http.DefaultTransportinstead of replacing it.This overwrites the standard transport with a bare
http.Transport, which drops the default proxy, keep-alive, idle-connection, timeout, and HTTP/2 settings. Clone the existing transport and only replaceTLSClientConfig.In Go's net/http package, if http.DefaultTransport is replaced with a new &http.Transport{TLSClientConfig: ...}, are the default proxy, keep-alive, idle-connection, timeout, and HTTP/2 settings preserved or lost?🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/ambient-control-plane/cmd/ambient-control-plane/main.go` around lines 171 - 178, installServiceCAIntoDefaultTransport currently replaces http.DefaultTransport with a bare &http.Transport, losing default proxy, keep-alive, idle-connection, timeouts, and HTTP/2 settings; change it to clone the existing transport instead: assert http.DefaultTransport to *http.Transport, call its Clone() to get a copy, modify the clone's TLSClientConfig (set MinVersion and RootCAs or merge with existing TLSClientConfig), then reassign the cloned transport to http.DefaultTransport; include a safe fallback if the type assertion fails (e.g., create a new transport initialized similarly) and ensure you only replace TLSClientConfig while preserving other fields in installServiceCAIntoDefaultTransport.components/manifests/base/core/ambient-api-server-service.yml (1)
81-82:⚠️ Potential issue | 🔴 CriticalPoint
--https-*-fileat the mounted TLS secret.This pod only mounts
tls-certsat/etc/tls, so/secrets/tls/...does not exist. HTTPS startup will fail when the server tries to load the certificate pair.Suggested fix
- - --https-cert-file=/secrets/tls/tls.crt - - --https-key-file=/secrets/tls/tls.key + - --https-cert-file=/etc/tls/tls.crt + - --https-key-file=/etc/tls/tls.keyAlso applies to: 124-126
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manifests/base/core/ambient-api-server-service.yml` around lines 81 - 82, The startup flags --https-cert-file and --https-key-file currently point to /secrets/tls/... which does not exist; update both occurrences of the flags in ambient-api-server-service.yml to reference the mounted secret path /etc/tls/tls.crt and /etc/tls/tls.key (ensure you update the first occurrence around the 81–82 block and the duplicate occurrence around the 124–126 block) so the server loads the certificate pair from the mounted tls-certs volume.components/ambient-control-plane/internal/reconciler/tally_reconciler.go (1)
58-65:⚠️ Potential issue | 🟠 MajorTrack prior session state on updates.
EventModifiedonly logs, soSessionsByPhaseandSessionsByUserdrift as soon as a session changes phase or owner. The later delete path then decrements whichever values are on the final event, not the buckets that were previously incremented. Keep the last seen session by ID so modify/delete can apply deltas correctly.Also applies to: 91-113
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/ambient-control-plane/internal/reconciler/tally_reconciler.go` around lines 58 - 65, EventModified currently treats updates as no-ops so SessionsByPhase and SessionsByUser drift and deletes decrement only the final state; store the last-seen session by ID (e.g. maintain a map lastSessions keyed by session.ID) and update it in handleSessionAdded/handleSessionModified/handleSessionDeleted, computing deltas by comparing previous and current Session (phase and owner) to decrement previous buckets and increment new ones (adjust SessionsByPhase and SessionsByUser accordingly), then replace/remove the entry; ensure access to lastSessions is synchronized the same way as other reconciler state.components/ambient-control-plane/internal/reconciler/stress_test.go (1)
65-95:⚠️ Potential issue | 🟠 MajorMake
TestSessionAPIStressTestopt-in.This still defaults to
http://localhost:8000and a dummy token, so normalgo testruns will issue 100 real requests or fail when no API server is present. Gate it behind an explicit env var or build tag and skip by default.Also applies to: 279-304
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/ambient-control-plane/internal/reconciler/stress_test.go` around lines 65 - 95, TestSessionAPIStressTest currently runs by default and issues real network calls; make it opt-in by checking an explicit environment variable (e.g. ENABLE_STRESS_TESTS) or build tag at the start of TestSessionAPIStressTest (and the similar test around lines 279-304) and call t.Skip(...) when the variable/tag is not set so normal `go test` won't run it; update NewTallyReconciler/mock informer setup to remain unchanged and only run SDK client creation and request loops when the opt-in check passes.components/ambient-control-plane/internal/reconciler/project_settings_reconciler.go (4)
190-197:⚠️ Potential issue | 🟠 MajorDon't grant fallback access for unknown roles.
Defaulting every unrecognized role to
ambient-project-viewsilently materializes access for typos and unexpected inputs like"none". Reject or skip unknown roles explicitly instead of treating them as view.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/ambient-control-plane/internal/reconciler/project_settings_reconciler.go` around lines 190 - 197, mapRoleToClusterRole must not default unknown roles to "ambient-project-view"; change its signature from mapRoleToClusterRole(role string) string to mapRoleToClusterRole(role string) (string, bool) and only return (clusterRole, true) for the known cases "admin" -> "ambient-project-admin" and "edit" -> "ambient-project-edit"; for anything else return ("", false). Update callers that consume mapRoleToClusterRole (e.g., wherever mapRoleToClusterRole is called in project_settings_reconciler) to skip or reject roles when the boolean is false instead of granting a view role.
130-138:⚠️ Potential issue | 🟠 MajorReturn RoleBinding failures so the controller retries.
Per-entry errors are only logged here, then
Reconcile()still returnsnil. That leaves namespaces partially reconciled with no retry signal. Aggregate these failures (or fail fast) and return them.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/ambient-control-plane/internal/reconciler/project_settings_reconciler.go` around lines 130 - 138, The loop over entries currently logs failures from ensureGroupRoleBinding but always returns nil, preventing Reconcile from retrying; change the logic to propagate errors (either fail-fast or aggregate): when ensureGroupRoleBinding(ctx, namespace, entry.GroupName, entry.Role) returns an error, collect that error (or immediately return it) instead of only logging, and then return a non-nil aggregated/first error from the function so the controller will retry; update the loop in the method that contains the entries iteration (the code calling ensureGroupRoleBinding) to return the error(s) rather than nil.
67-69:⚠️ Potential issue | 🔴 CriticalSanitize Kubernetes names derived from
ProjectIDandgroupName.Lowercasing
ps.ProjectIDis not enough for namespaces, andrbName := fmt.Sprintf("%s-%s", groupName, role)will reject common group names containing@,:,/, spaces, or uppercase characters. Generate Kubernetes-safe names for both resources while keeping the originalgroupNameonly in the RBAC subject.Also applies to: 116-118, 141-143
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/ambient-control-plane/internal/reconciler/project_settings_reconciler.go` around lines 67 - 69, The code currently lowercases ps.ProjectID and builds rbName from groupName and role directly; instead, generate Kubernetes-safe DNS-1123 labels for any names used as a namespace or resource name: normalize ps.ProjectID -> namespace using a sanitizer that lowercases, replaces invalid chars (anything other than a-z0-9-) with '-', collapses consecutive '-' and trims to 63 chars and no leading/trailing '-', and fallback to a safe default if empty; do the same for rbName (sanitize the concatenation of groupName and role) but keep the original groupName value when creating RBAC Subject entries; apply the same sanitizer to the other instances mentioned around ensureProjectSettings (refs to namespace creation and rbName creation at the other locations) so all Kubernetes resource names conform to DNS-1123.
112-138:⚠️ Potential issue | 🔴 CriticalRevoke removed or downgraded group access.
This reconcile path only ensures current RoleBindings exist. If
group_accessdrops a group or changesadmintoview, the old managed binding survives and the higher privilege remains active. Reconcile managed RoleBindings as desired state and delete/update extras on modify.Also applies to: 141-187
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/ambient-control-plane/internal/reconciler/project_settings_reconciler.go` around lines 112 - 138, reconcileGroupAccess currently only creates/update RoleBindings but never removes or downgrades ones that were removed or changed in ps.GroupAccess; update reconcileGroupAccess to treat the parsed entries as the desired state: list existing managed RoleBindings in the namespace (those created by this controller, e.g. via your controller label/annotation), build a map of desired group->role from entries, for each existing managed binding if group not in desired map delete the RoleBinding, and if group exists but role differs update the RoleBinding to the desired role (or delete+recreate via ensureGroupRoleBinding). Use the existing ensureGroupRoleBinding helper for create/update and add a helper or use the Kubernetes client to list and delete bindings so old/higher-privilege bindings are removed when ps.GroupAccess is modified.components/ambient-control-plane/internal/reconciler/project_reconciler.go (1)
64-66:⚠️ Potential issue | 🔴 CriticalSanitize
project.IDbefore turning it into a namespace.
namespaceForProject()only lowercases the ID, so valid project IDs with_,., or spaces can still produce invalid Kubernetes namespaces and break the rest of this reconciler.Also applies to: 237-238
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/ambient-control-plane/internal/reconciler/project_reconciler.go` around lines 64 - 66, Sanitize project.ID before creating a k8s namespace: update namespaceForProject (or call a new sanitizer from ensureNamespace and the other use at lines 237-238) to not only lowercase but also replace/strip invalid DNS-1123 characters (e.g., replace spaces, underscores, dots, and uppercase with hyphens or remove disallowed chars), trim to 63 chars, and ensure it starts/ends with an alphanumeric character; adjust ensureNamespace(ctx, project types.Project) to pass the sanitized name and use that same sanitizer where namespaceForProject is used elsewhere to guarantee valid Kubernetes namespace names.components/ambient-control-plane/internal/reconciler/shared.go (1)
88-95:⚠️ Potential issue | 🔴 CriticalDon't derive session namespaces by only lowercasing the project ID.
Project IDs accepted upstream can still contain characters Kubernetes namespaces reject, so this helper can hand invalid namespace names to every downstream session reconciliation path. Sanitize the project-derived namespace before using it here.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/ambient-control-plane/internal/reconciler/shared.go` around lines 88 - 95, The namespaceForSession function currently returns strings.ToLower(session.ProjectID) which can produce invalid Kubernetes namespace names; update namespaceForSession to sanitize the project-derived name before returning by applying Kubernetes namespace rules (lowercase, replace or remove invalid characters, trim to 63 chars, ensure it starts and ends with an alphanumeric character) and fall back to session.KubeNamespace or "default" if sanitization yields an empty/invalid name; implement or call a helper named something like sanitizeK8sName and use that on session.ProjectID (keep existing session.KubeNamespace handling intact).components/ambient-control-plane/internal/informer/informer.go (1)
118-130:⚠️ Potential issue | 🔴 CriticalBring up dispatch/watch handling before queuing the initial snapshot.
initialSync()enqueues every listed object intoeventCh, butdispatchLoop()and the watches are started afterwards. Once the snapshot exceeds the 256-item buffer, startup deadlocks indispatchBlocking(), and even smaller snapshots still leave a list-to-watch gap where mutations can be missed.Also applies to: 201-206, 236-241, 271-276, 400-404
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/ambient-control-plane/internal/informer/informer.go` around lines 118 - 130, Start the dispatch and watch handling before queuing the initial snapshot to avoid blocking in dispatchBlocking when eventCh fills: in Informer.Run, call go inf.dispatchLoop(ctx), inf.wireWatchHandlers(), and inf.watchManager.Run(ctx) before invoking inf.initialSync(ctx) (or run initialSync in a separate goroutine after those components are up); preserve the existing error logging from inf.initialSync but ensure initialSync does not enqueue into eventCh until dispatchLoop and the watchers are started. Ensure the same change is applied to other start-up sequences that call initialSync (the other occurrences around the referenced blocks) so event consumers are always up before enqueuing.components/runners/ambient-runner/ambient_runner/_session_messages_api.py (1)
77-84:⚠️ Potential issue | 🟠 MajorRemove payload previews from INFO logs.
These previews contain prompt/model content and will be emitted on every push/watch event. Keep INFO logs to metadata only and move any redacted preview behind DEBUG so normal runner logs do not capture session content by default.
Also applies to: 136-147
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/runners/ambient-runner/ambient_runner/_session_messages_api.py` around lines 77 - 84, The INFO log that currently builds and emits payload_preview (constructed from payload and logged via logger.info in the push/watch handlers) must be changed to avoid logging prompt/model content: remove payload_preview from the logger.info call so INFO only logs metadata (session_id, event_type, payload length) and move the payload preview construction and logging behind logger.debug with redaction; update both occurrences where payload_preview is created and logged (the push/watch handlers using variables session_id, event_type, payload, payload_preview) to only compute the preview for debug-level output and ensure INFO never includes the preview string.components/ambient-control-plane/internal/reconciler/kube_reconciler.go (2)
210-240:⚠️ Potential issue | 🟠 MajorReconcile image-pull access per namespace, not as a one-shot create.
ensureNamespaceExists()skipsensureImagePullAccess()once the namespace already exists, andensureImagePullAccess()always creates the sameambient-image-pullerRoleBinding inRunnerImageNamespace. After the first namespace, later reconciles hitAlreadyExistsand never add the new subject, so those sessions cannot pull private runner images.Also applies to: 245-273
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/ambient-control-plane/internal/reconciler/kube_reconciler.go` around lines 210 - 240, ensureNamespaceExists currently skips calling ensureImagePullAccess when the namespace already exists, and ensureImagePullAccess creates a static RoleBinding that hits AlreadyExists on subsequent reconciles without adding the new subject; change ensureNamespaceExists to always call ensureImagePullAccess(ctx, namespace) whether or not the namespace pre-existed, and modify ensureImagePullAccess to perform an upsert: fetch the RoleBinding named "ambient-image-puller" (in r.cfg.RunnerImageNamespace), if not found create it with the ServiceAccount subject for the target namespace, otherwise update the existing RoleBinding's subjects to append the ServiceAccount subject for the target namespace if it's not already present and then update the RoleBinding rather than failing on AlreadyExists; use the existing functions/variables (ensureNamespaceExists, ensureImagePullAccess, r.cfg.RunnerImageNamespace, LabelManaged, LabelProjectID, LabelManagedBy) to locate and implement this logic.
418-429:⚠️ Potential issue | 🟠 MajorDo not replace the runner's global CA bundle with the OpenShift service CA.
The mount/envs are wired unconditionally. On clusters without
openshift-service-ca.crt, the pod points at a missing file; when the bundle does exist,SSL_CERT_FILEandREQUESTS_CA_BUNDLEreplace the process-wide public trust store with the internal service CA, which breaks outbound HTTPS to public endpoints. Only add this mount/env trio when the bundle is present, and avoid overriding global TLS defaults.Also applies to: 443-454, 523-527
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/ambient-control-plane/internal/reconciler/kube_reconciler.go` around lines 418 - 429, The current buildVolumes (and the companion container mount/env wiring) unconditionally mounts the OpenShift service CA and sets SSL_CERT_FILE/REQUESTS_CA_BUNDLE, which can replace the process-wide trust store; change buildVolumes and the code that adds the corresponding volumeMounts and env vars so the mount + the two env vars are only injected when the service CA actually exists in-cluster (i.e. detect the presence of the openshift-service-ca.crt configMap/key via the reconciler before adding them) and stop setting SSL_CERT_FILE/REQUESTS_CA_BUNDLE as global overrides; instead conditionally add a mount and, if needed, set process-local TLS configuration or a non-global env only when the bundle is present (refer to buildVolumes and the code path that constructs the runner container/volumeMounts and env vars).components/ambient-control-plane/internal/kubeclient/kubeclient.go (1)
221-226:⚠️ Potential issue | 🟠 MajorHandle cluster-scoped GVRs in the generic helpers.
GetResource()andCreateResource()always call.Namespace(namespace). Passing a cluster-scoped GVR such asNamespaceGVRwith an empty namespace still produces a namespaced request, so the generic API is incorrect for cluster-scoped resources.Possible fix
func (kc *KubeClient) GetResource(ctx context.Context, gvr schema.GroupVersionResource, namespace, name string) (*unstructured.Unstructured, error) { - return kc.dynamic.Resource(gvr).Namespace(namespace).Get(ctx, name, metav1.GetOptions{}) + resource := kc.dynamic.Resource(gvr) + if namespace == "" { + return resource.Get(ctx, name, metav1.GetOptions{}) + } + return resource.Namespace(namespace).Get(ctx, name, metav1.GetOptions{}) } func (kc *KubeClient) CreateResource(ctx context.Context, gvr schema.GroupVersionResource, namespace string, obj *unstructured.Unstructured) (*unstructured.Unstructured, error) { - return kc.dynamic.Resource(gvr).Namespace(namespace).Create(ctx, obj, metav1.CreateOptions{}) + resource := kc.dynamic.Resource(gvr) + if namespace == "" { + return resource.Create(ctx, obj, metav1.CreateOptions{}) + } + return resource.Namespace(namespace).Create(ctx, obj, metav1.CreateOptions{}) }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/ambient-control-plane/internal/kubeclient/kubeclient.go` around lines 221 - 226, GetResource and CreateResource always call .Namespace(namespace), which breaks for cluster-scoped GVRs; update both functions (GetResource and CreateResource) to choose between namespaced and cluster-scoped resource interfaces: obtain the dynamic resource via kc.dynamic.Resource(gvr) and only call .Namespace(namespace) when the target GVR is namespaced (i.e., namespace != "" and the GVR is known to be namespaced via your RESTMapper/discovery check); for cluster-scoped resources call Get/Create on the top-level Resource(gvr) result instead. Use the existing RESTMapper/discovery on kc (or add a helper like isNamespaced(gvr)) to determine scope so both functions handle cluster-scoped GVRs correctly.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: fb69b8c2-7f06-4a13-8f79-21280a550516
⛔ Files ignored due to path filters (2)
components/ambient-control-plane/go.sumis excluded by!**/*.sumcomponents/runners/ambient-runner/uv.lockis excluded by!**/*.lock
📒 Files selected for processing (71)
.github/workflows/ambient-control-plane-tests.ymlREMOVE_CRDs.mdcomponents/ambient-control-plane/.gitignorecomponents/ambient-control-plane/CLAUDE.mdcomponents/ambient-control-plane/Dockerfilecomponents/ambient-control-plane/Dockerfile.simplecomponents/ambient-control-plane/Makefilecomponents/ambient-control-plane/README.mdcomponents/ambient-control-plane/cmd/ambient-control-plane/main.gocomponents/ambient-control-plane/go.modcomponents/ambient-control-plane/internal/config/config.gocomponents/ambient-control-plane/internal/informer/informer.gocomponents/ambient-control-plane/internal/kubeclient/kubeclient.gocomponents/ambient-control-plane/internal/kubeclient/kubeclient_test.gocomponents/ambient-control-plane/internal/reconciler/kube_reconciler.gocomponents/ambient-control-plane/internal/reconciler/project_reconciler.gocomponents/ambient-control-plane/internal/reconciler/project_settings_reconciler.gocomponents/ambient-control-plane/internal/reconciler/shared.gocomponents/ambient-control-plane/internal/reconciler/stress_test.gocomponents/ambient-control-plane/internal/reconciler/tally.gocomponents/ambient-control-plane/internal/reconciler/tally_reconciler.gocomponents/ambient-control-plane/internal/reconciler/tally_test.gocomponents/ambient-control-plane/internal/watcher/watcher.gocomponents/manifests/base/ambient-api-server-grpc-route.ymlcomponents/manifests/base/ambient-control-plane-service.ymlcomponents/manifests/base/core/ambient-api-server-service.ymlcomponents/manifests/base/kustomization.yamlcomponents/manifests/base/platform/ambient-api-server-db.ymlcomponents/manifests/base/rbac/control-plane-clusterrole.yamlcomponents/manifests/base/rbac/control-plane-clusterrolebinding.yamlcomponents/manifests/base/rbac/control-plane-sa.yamlcomponents/manifests/base/rbac/kustomization.yamlcomponents/manifests/components/ambient-api-server-db/ambient-api-server-db-json-patch.yamlcomponents/manifests/deploycomponents/manifests/deploy-no-api-server.shcomponents/manifests/deploy.shcomponents/manifests/overlays/kind-local/control-plane-env-patch.yamlcomponents/manifests/overlays/kind-local/kustomization.yamlcomponents/manifests/overlays/kind/ambient-api-server-jwks-patch.yamlcomponents/manifests/overlays/kind/backend-ambient-api-patch.yamlcomponents/manifests/overlays/kind/control-plane-env-patch.yamlcomponents/manifests/overlays/kind/frontend-test-patch.yamlcomponents/manifests/overlays/kind/kustomization.yamlcomponents/manifests/overlays/kind/local-image-pull-policy-patch.yamlcomponents/manifests/overlays/production/ambient-api-server-jwt-args-patch.yamlcomponents/manifests/overlays/production/ambient-api-server-route.yamlcomponents/manifests/overlays/production/api-server-image-patch.yamlcomponents/manifests/overlays/production/control-plane-env-patch.yamlcomponents/manifests/overlays/production/control-plane-image-patch.yamlcomponents/manifests/overlays/production/kustomization.yamlcomponents/runners/ambient-runner/ambient_runner/_grpc_client.pycomponents/runners/ambient-runner/ambient_runner/_session_messages_api.pycomponents/runners/ambient-runner/ambient_runner/app.pycomponents/runners/ambient-runner/ambient_runner/bridge.pycomponents/runners/ambient-runner/ambient_runner/bridges/claude/bridge.pycomponents/runners/ambient-runner/ambient_runner/bridges/claude/grpc_transport.pycomponents/runners/ambient-runner/ambient_runner/bridges/claude/prompts.pycomponents/runners/ambient-runner/ambient_runner/endpoints/events.pycomponents/runners/ambient-runner/ambient_runner/endpoints/run.pycomponents/runners/ambient-runner/ambient_runner/platform/prompts.pycomponents/runners/ambient-runner/architecture.mdcomponents/runners/ambient-runner/pyproject.tomlcomponents/runners/ambient-runner/tests/test_app_initial_prompt.pycomponents/runners/ambient-runner/tests/test_bridge_claude.pycomponents/runners/ambient-runner/tests/test_events_endpoint.pycomponents/runners/ambient-runner/tests/test_grpc_transport.pydocs/internal/design/agent-api.mddocs/internal/design/blackboard-api.mddocs/internal/developer/agent-workflow.mde2e/scripts/load-images.shtest-e2e-control-plane.sh
💤 Files with no reviewable changes (2)
- components/manifests/overlays/kind/frontend-test-patch.yaml
- components/manifests/overlays/kind/ambient-api-server-jwks-patch.yaml
Comment on lines
+6
to
+15
| paths: | ||
| - 'components/ambient-control-plane/**' | ||
| - 'components/ambient-sdk/go-sdk/**' | ||
| - '.github/workflows/ambient-control-plane-tests.yml' | ||
| pull_request: | ||
| branches: [main] | ||
| paths: | ||
| - 'components/ambient-control-plane/**' | ||
| - 'components/ambient-sdk/go-sdk/**' | ||
| - '.github/workflows/ambient-control-plane-tests.yml' |
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
sed -n '1,20p' .github/workflows/ambient-control-plane-tests.yml
rg -n --type go 'pkg/api/grpc' components/ambient-control-planeRepository: ambient-code/platform
Length of output: 854
Add shared gRPC package path to workflow filters.
The control plane imports the shared gRPC contract from components/ambient-api-server/pkg/api/grpc/ambient/v1 (verified in watcher.go and informer.go). Changes to this shared package will not trigger this workflow since the current filters only watch components/ambient-control-plane/** and components/ambient-sdk/go-sdk/**.
Add 'components/ambient-api-server/pkg/api/grpc/**' to both the push and pull_request path filters to ensure contract changes are tested.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/ambient-control-plane-tests.yml around lines 6 - 15, The
workflow filters are missing the shared gRPC contract path used by the control
plane; edit .github/workflows/ambient-control-plane-tests.yml and add
'components/ambient-api-server/pkg/api/grpc/**' to both the push.paths and
pull_request.paths arrays (alongside the existing
'components/ambient-control-plane/**' and 'components/ambient-sdk/go-sdk/**'
entries) so changes to the shared gRPC package trigger the
ambient-control-plane-tests workflow.
Comment on lines
+58
to
+69
| switch cfg.Mode { | ||
| case "kube": | ||
| if err := runKubeMode(ctx, cfg); err != nil { | ||
| log.Fatal().Err(err).Msg("kube mode failed") | ||
| } | ||
| case "test": | ||
| if err := runTestMode(ctx, cfg); err != nil { | ||
| log.Fatal().Err(err).Msg("test mode failed") | ||
| } | ||
| default: | ||
| log.Fatal().Str("mode", cfg.Mode).Msg("unknown mode") | ||
| } |
Contributor
There was a problem hiding this comment.
MODE=local is advertised but not runnable.
The entrypoint only handles "kube" and "test", so configuring "local" exits via "unknown mode". That makes one of the documented operating modes unusable until a runLocalMode branch is wired here or the mode is removed from config/docs.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/ambient-control-plane/cmd/ambient-control-plane/main.go` around
lines 58 - 69, The switch on cfg.Mode currently handles only "kube" and "test",
causing MODE=local to hit the default branch; add a case "local" that calls
runLocalMode(ctx, cfg) and mirrors the existing error handling pattern (if err
:= runLocalMode(ctx, cfg); err != nil { log.Fatal().Err(err).Msg("local mode
failed") }) or remove the "local" mode from config/docs if you intend it
unsupported; reference cfg.Mode and the new runLocalMode function to locate
where to add the branch.
Comment on lines
+1
to
+35
| FROM registry.access.redhat.com/ubi9/go-toolset:1.24 AS builder | ||
|
|
||
| WORKDIR /build | ||
|
|
||
| USER 0 | ||
|
|
||
| COPY ambient-api-server/ ./ambient-api-server/ | ||
| COPY ambient-sdk/ ./ambient-sdk/ | ||
| COPY ambient-control-plane/ ./ambient-control-plane/ | ||
|
|
||
| WORKDIR /build/ambient-control-plane | ||
|
|
||
| RUN go mod download && \ | ||
| CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" \ | ||
| -o ambient-control-plane ./cmd/ambient-control-plane | ||
|
|
||
| FROM registry.access.redhat.com/ubi9/ubi-minimal:9.7 | ||
|
|
||
| RUN microdnf install -y util-linux && microdnf clean all | ||
|
|
||
| WORKDIR /app | ||
|
|
||
| COPY --from=builder /build/ambient-control-plane/ambient-control-plane . | ||
|
|
||
| RUN chmod +x ./ambient-control-plane && chmod 775 /app | ||
|
|
||
| USER 1001 | ||
|
|
||
| LABEL name="ambient-control-plane" \ | ||
| vendor="Ambient" \ | ||
| version="0.0.1" \ | ||
| summary="Ambient Control Plane" \ | ||
| description="Kubernetes reconciler for the Ambient Code Platform" | ||
|
|
||
| ENTRYPOINT ["./ambient-control-plane"] |
Contributor
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
Consider adding HEALTHCHECK or relying on Kubernetes probes.
No HEALTHCHECK instruction is defined. If Kubernetes liveness/readiness probes are configured in the Deployment manifest, this is acceptable. Otherwise, consider adding a HEALTHCHECK for standalone Docker usage.
🧰 Tools
🪛 Checkov (3.2.508)
[low] 1-35: Ensure that HEALTHCHECK instructions have been added to container images
(CKV_DOCKER_2)
🪛 Hadolint (2.14.0)
[warning] 5-5: Last USER should not be root
(DL3002)
[warning] 19-19: Specify version with dnf install -y <package>-<version>.
(DL3041)
🪛 Trivy (0.69.3)
[info] 1-1: No HEALTHCHECK defined
Add HEALTHCHECK instruction in your Dockerfile
Rule: DS-0026
(IaC/Dockerfile)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/ambient-control-plane/Dockerfile` around lines 1 - 35, Add a
container-level health probe to the Dockerfile: insert a HEALTHCHECK instruction
after ENTRYPOINT (or before switching to USER 1001) that runs a command to
verify the ambient-control-plane process is healthy (for example invoking the
binary with a health endpoint/flag or curling a local HTTP health endpoint
exposed by ambient-control-plane), using CMD-SHELL and sensible settings
(--interval, --timeout, --start-period, --retries); ensure the command runs as
the non-root USER 1001 or place the HEALTHCHECK earlier so it can execute
successfully. If you intentionally rely on Kubernetes liveness/readiness probes
instead, document that choice in the Dockerfile comment and omit the
HEALTHCHECK.
Comment on lines
+3
to
+5
| go 1.24.0 | ||
|
|
||
| toolchain go1.24.9 |
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
What is the latest Go 1.24.x patch release and which CVEs does it fix?
💡 Result:
The latest Go 1.24.x patch release is Go 1.24.13, released on 2026-02-04. It includes security fixes to the go command and the crypto/tls package, as well as bug fixes to the crypto/x509 package. Specific CVEs are not listed in the release summary; details are in the Go 1.24.13 milestone on the Go issue tracker. Earlier patches like 1.24.12 fixed CVEs in go command, archive/zip (CVE-2025-61728), crypto/tls, and net/url. 1.24.11 fixed two CVEs in crypto/x509 (CVE-2025-61729, CVE-2025-61727). No later patch like 1.24.14 is mentioned as of 2026-03-20.
Citations:
- 1: https://go.dev/doc/devel/release.html
- 2: https://go.dev/doc/devel/release
- 3: https://devblogs.microsoft.com/go/go-1-25-7-1-and-1-24-13-1-microsoft-builds-now-available/
- 4: https://go.dev/dl/
Upgrade Go toolchain to 1.24.13 to address stdlib security fixes.
Go 1.24.9 contains unpatched vulnerabilities in crypto/x509, crypto/tls, net/url, and archive/zip. Upgrade to Go 1.24.13 (latest 1.24.x patch, released 2026-02-04) which includes security fixes to these packages.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/ambient-control-plane/go.mod` around lines 3 - 5, The go.mod
currently pins the toolchain to "go1.24.9" which has known stdlib security
fixes; update the toolchain entry to "go1.24.13" (and keep the existing "go
1.24.0" module line) so the project builds with the patched Go 1.24.x runtime;
locate the go.mod file and replace the "toolchain go1.24.9" token with
"toolchain go1.24.13" and commit the change.
Comment on lines
+60
to
+64
| switch cfg.Mode { | ||
| case "kube", "test": | ||
| default: | ||
| return nil, fmt.Errorf("unknown MODE %q: must be one of kube, test", cfg.Mode) | ||
| } |
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Check if "local" mode is referenced elsewhere in the control plane code
rg -n -C2 '"local"' components/ambient-control-plane/Repository: ambient-code/platform
Length of output: 47
🏁 Script executed:
# First, read the config.go file to see the full context around the mode validation
cat -n components/ambient-control-plane/internal/config/config.go | head -80Repository: ambient-code/platform
Length of output: 3408
🏁 Script executed:
# Search for "local" mode without quotes - could be in variable names or constants
rg -n -i 'local' components/ambient-control-plane/internal/config/ | head -20Repository: ambient-code/platform
Length of output: 363
🏁 Script executed:
# Search for mode references more broadly to understand all supported modes
rg -n 'case.*kube\|case.*test' components/ambient-control-plane/ -A 2 -B 2Repository: ambient-code/platform
Length of output: 47
🏁 Script executed:
# Check if there's documentation or PR description mentioning modes
fd -t f -e md -e txt -e rst components/ambient-control-plane/ | xargs grep -l -i "mode" 2>/dev/null | head -10Repository: ambient-code/platform
Length of output: 502
🏁 Script executed:
# Search entire repository for "local" mode in a mode-related context
rg -i '(mode|modes)' --type go --type md | grep -i local | head -20Repository: ambient-code/platform
Length of output: 1320
🏁 Script executed:
# Check git log for any mentions of "local" mode in commit messages
git log --oneline --all --grep="local.*mode\|mode.*local" 2>/dev/null | head -20Repository: ambient-code/platform
Length of output: 47
🏁 Script executed:
# Search for any PR/review documentation or README files mentioning modes
fd . --type f \( -name "README*" -o -name "*.md" -o -name "CHANGELOG*" \) | xargs grep -l -i "mode\|local" 2>/dev/null | head -10Repository: ambient-code/platform
Length of output: 295
🏁 Script executed:
# Check if local_session.go and other local mode files exist and are being used
ls -la components/ambient-control-plane/internal/reconciler/local_session.go 2>/dev/null || echo "File not found"
ls -la components/ambient-control-plane/internal/proxy/agui_proxy.go 2>/dev/null || echo "File not found"Repository: ambient-code/platform
Length of output: 94
🏁 Script executed:
# Search for actual usage of "local" mode in the codebase
rg -i '"local"' components/ambient-control-plane/internal/ --type go | head -20Repository: ambient-code/platform
Length of output: 47
🏁 Script executed:
# Check what the README says about MODE configuration
cat -n components/ambient-control-plane/README.md | grep -A 10 -B 5 "Operating mode"Repository: ambient-code/platform
Length of output: 1059
🏁 Script executed:
# Check the exact validation code again
cat -n components/ambient-control-plane/internal/config/config.go | sed -n '60,64p'Repository: ambient-code/platform
Length of output: 234
🏁 Script executed:
# Confirm the README documentation
cat -n components/ambient-control-plane/README.md | sed -n '66p'Repository: ambient-code/platform
Length of output: 136
Mode validation doesn't allow the documented "local" mode.
The README explicitly documents that MODE supports "kube", "local", or "test", but the validation here only permits "kube" and "test". Add "local" to the switch case and update the error message on line 63 to include it.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/ambient-control-plane/internal/config/config.go` around lines 60 -
64, The switch over cfg.Mode in config validation currently only accepts "kube"
and "test"; add "local" as an accepted case (i.e., include case "local":
alongside "kube" and "test") and update the error returned by fmt.Errorf to list
all three allowed modes ("kube", "local", "test") so the message and validation
align with the README.
Comment on lines
+113
to
+130
| func (r *ProjectReconciler) ensureCreatorRoleBinding(ctx context.Context, project types.Project) error { | ||
| if project.Annotations == "" { | ||
| return nil | ||
| } | ||
|
|
||
| var anns map[string]string | ||
| if err := json.Unmarshal([]byte(project.Annotations), &anns); err != nil { | ||
| r.logger.Warn().Str("project_id", project.ID).Err(err).Msg("failed to parse project annotations JSON; skipping creator RoleBinding") | ||
| return nil | ||
| } | ||
|
|
||
| createdBy := strings.TrimSpace(anns["ambient-code.io/created-by"]) | ||
| if createdBy == "" { | ||
| return nil | ||
| } | ||
|
|
||
| namespace := namespaceForProject(project) | ||
| rbName := creatorRoleBindingName(createdBy) |
Contributor
There was a problem hiding this comment.
Remove stale creator admin bindings on project updates.
This path is create-only. If ambient-code.io/created-by changes or is removed, the old managed RoleBinding remains and the previous subject keeps admin access. Reconcile managed creator bindings as desired state, not write-once state.
Also applies to: 132-190
Comment on lines
+5
to
+8
| labels: | ||
| app: ambient-api-server | ||
| component: api | ||
| name: ambient-api-server-grpc |
Contributor
There was a problem hiding this comment.
Label inconsistency: component: api should likely be component: grpc.
This route serves the gRPC endpoint, but uses component: api label. The production overlay's equivalent route uses component: grpc. This inconsistency may cause issues with label selectors or monitoring queries.
🔧 Proposed fix
labels:
app: ambient-api-server
- component: api
+ component: grpc
name: ambient-api-server-grpc📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| labels: | |
| app: ambient-api-server | |
| component: api | |
| name: ambient-api-server-grpc | |
| labels: | |
| app: ambient-api-server | |
| component: grpc | |
| name: ambient-api-server-grpc |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/manifests/base/ambient-api-server-grpc-route.yml` around lines 5 -
8, The route resource named "ambient-api-server-grpc" has a label mismatch: it
uses "component: api" but should be "component: grpc"; update the labels section
of the ambient-api-server-grpc manifest to set component: grpc (and verify any
related selectors/monitoring queries expect component: grpc) so labels match the
production overlay.
Comment on lines
+12
to
+13
| tls: | ||
| termination: passthrough |
Contributor
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
Consider adding insecureEdgeTerminationPolicy for explicit HTTP handling.
Similar to the production route, with termination: passthrough, HTTP requests won't be automatically handled. Adding insecureEdgeTerminationPolicy: None explicitly rejects insecure connections.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/manifests/base/ambient-api-server-grpc-route.yml` around lines 12
- 13, The route's TLS block currently sets termination: passthrough which
doesn't handle HTTP; update the TLS spec to explicitly reject insecure HTTP by
adding insecureEdgeTerminationPolicy: None alongside tls. Locate the tls section
(the termination: passthrough entry) in the manifest
(ambient-api-server-grpc-route.yml) and add insecureEdgeTerminationPolicy: None
so insecure connections are explicitly refused.
Comment on lines
+15
to
+16
| tls: | ||
| termination: reencrypt | ||
| insecureEdgeTerminationPolicy: Redirect | ||
| termination: passthrough |
Contributor
There was a problem hiding this comment.
Missing insecureEdgeTerminationPolicy may allow plaintext HTTP traffic.
With termination: passthrough, the router forwards encrypted traffic directly to the backend. However, removing insecureEdgeTerminationPolicy: Redirect means HTTP requests on port 80 won't be automatically redirected to HTTPS, potentially allowing unencrypted access attempts.
Consider adding insecureEdgeTerminationPolicy: None to explicitly reject insecure connections:
🔧 Proposed fix
tls:
termination: passthrough
+ insecureEdgeTerminationPolicy: None📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| tls: | |
| termination: reencrypt | |
| insecureEdgeTerminationPolicy: Redirect | |
| termination: passthrough | |
| tls: | |
| termination: passthrough | |
| insecureEdgeTerminationPolicy: None |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/manifests/overlays/production/ambient-api-server-route.yaml`
around lines 15 - 16, The TLS section uses termination: passthrough but omits
insecureEdgeTerminationPolicy, which can allow plaintext HTTP to reach the
router; update the TLS stanza in the manifest to include an explicit
insecureEdgeTerminationPolicy (e.g., set insecureEdgeTerminationPolicy: None to
reject insecure connections or insecureEdgeTerminationPolicy: Redirect to
enforce HTTPS) so the router behavior is deterministic; modify the tls block
(the tls key with termination: passthrough) to add the chosen
insecureEdgeTerminationPolicy value.
Comment on lines
+128
to
+153
| req = _WatchRequest() | ||
| req.session_id = session_id | ||
| req.after_seq = after_seq | ||
| stream = self._watch_rpc(req, timeout=timeout, metadata=self._metadata) | ||
| msg_count = 0 | ||
| for pb in stream: | ||
| msg = SessionMessage._from_proto(pb) | ||
| msg_count += 1 | ||
| payload_preview = ( | ||
| msg.payload[:80] + "..." if len(msg.payload) > 80 else msg.payload | ||
| ) | ||
| logger.info( | ||
| "[GRPC WATCH←] Message #%d received: session=%s seq=%d event_type=%s payload_len=%d preview=%r", | ||
| msg_count, | ||
| msg.session_id, | ||
| msg.seq, | ||
| msg.event_type, | ||
| len(msg.payload), | ||
| payload_preview, | ||
| ) | ||
| yield msg | ||
| logger.info( | ||
| "[GRPC WATCH←] Stream ended: session=%s total_messages=%d", | ||
| session_id, | ||
| msg_count, | ||
| ) |
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
rg -n -C3 'def push|except grpc\.RpcError|def watch|stream = self\._watch_rpc|for pb in stream' \
components/runners/ambient-runner/ambient_runner/_session_messages_api.pyRepository: ambient-code/platform
Length of output: 1027
🏁 Script executed:
cat -n components/runners/ambient-runner/ambient_runner/_session_messages_api.py | sed -n '115,160p'Repository: ambient-code/platform
Length of output: 2018
🏁 Script executed:
cat -n components/runners/ambient-runner/ambient_runner/_session_messages_api.py | sed -n '67,114p'Repository: ambient-code/platform
Length of output: 2036
Catch stream failures inside watch().
Unlike push(), this generator lacks exception handling for RPC setup and stream-iteration failures. A transient gRPC failure during stream = self._watch_rpc(...) or the for pb in stream: loop will propagate to the caller instead of ending the stream cleanly with a warning log.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@components/runners/ambient-runner/ambient_runner/_session_messages_api.py`
around lines 128 - 153, The watch() generator currently calls
self._watch_rpc(...) and iterates over the returned stream without error
handling; wrap the RPC setup in a try/except (catch Exception as e) to log a
warning including e and return/stop the generator if creation fails, and wrap
the for pb in stream: loop in a try/except to catch iteration/runtime errors
(log a warning with the exception and any context like session_id and after_seq)
then break to end iteration cleanly; ensure the existing
SessionMessage._from_proto, logger.info logging and yield msg remain unchanged
and that the final "[GRPC WATCH←] Stream ended..." logger.info still runs after
normal or exception-driven termination.
37ed639 to
40d9afc
Compare
…overlays, and CI New and updated Kustomize resources for the ambient-control-plane deployment: - RBAC: ClusterRole, ClusterRoleBinding, ServiceAccount for the control plane - gRPC Route: ambient-api-server-grpc-route for OpenShift passthrough - control-plane Service manifest - no-api-server overlay: full standalone deployment without ambient-api-server - kind overlay: env patches, image pull policy patches, localhost image remaps - kind-local overlay: api-server and control-plane local image patches - production overlay: control-plane image and env patches - Makefile: build-control-plane, _build-and-load, local-rebuild, and kind load targets - CI: ambient-control-plane-tests workflow - deploy scripts and e2e image loader updates 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
markturansky
force-pushed
the
feat/grpc-python-runner
branch
from
40d9afc to
7e9b330
Compare
Gkrumbach07
approved these changes
Mar 20, 2026
Gkrumbach07
added a commit
that referenced
this pull request
Mar 20, 2026
This reverts commit 3bce2e6.
Gkrumbach07
added a commit
that referenced
this pull request
Mar 20, 2026
8 tasks
markturansky
added a commit
that referenced
this pull request
Mar 24, 2026
…ner event streaming Re-introduces the work from PR #975 (reverted in #980). - feat(control-plane): New ambient-control-plane Go microservice — Kubernetes reconciler that watches the ambient-api-server via gRPC streams and reconciles Sessions, Projects, and ProjectSettings into K8s (namespaces, runner Pods, Secrets, RoleBindings). Informer-based watch loop, TLS/gRPC support, tally reconciler, stress and unit tests. - feat(runner): gRPC AG-UI event streaming — _grpc_client.py, _session_messages_api.py, grpc_transport.py bridge between Claude Code SSE output and gRPC push stream, /events SSE endpoint for AG-UI fan-out. Structured logging throughout. - feat(manifests): Control-plane RBAC, gRPC Route, kind/production overlays, CI workflow (ambient-control-plane-tests). 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
5 tasks
markturansky
added a commit
that referenced
this pull request
Mar 24, 2026
…ner event streaming Re-introduces the work from PR #975 (reverted in #980). - feat(control-plane): New ambient-control-plane Go microservice — Kubernetes reconciler that watches the ambient-api-server via gRPC streams and reconciles Sessions, Projects, and ProjectSettings into K8s (namespaces, runner Pods, Secrets, RoleBindings). Informer-based watch loop, TLS/gRPC support, tally reconciler, stress and unit tests. - feat(runner): gRPC AG-UI event streaming — _grpc_client.py, _session_messages_api.py, grpc_transport.py bridge between Claude Code SSE output and gRPC push stream, /events SSE endpoint for AG-UI fan-out. Structured logging throughout. - feat(manifests): Control-plane RBAC, gRPC Route, kind/production overlays, CI workflow (ambient-control-plane-tests). 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
jeremyeder
pushed a commit
to jeremyeder/platform
that referenced
this pull request
Mar 26, 2026
…e#975) ## Summary - **Control Plane**: New `ambient-control-plane` Go service that watches the ambient-api-server via gRPC streams and reconciles desired state into Kubernetes (sessions → Jobs, projects → Namespaces/RoleBindings). Supports `kube`, `local`, and `test` modes. - **Runner**: gRPC-based AG-UI event streaming for the Python runner — `GRPCSessionListener` watches inbound session messages, `GRPCMessageWriter` pushes structured AG-UI events back, with full structured logging and observability. - **Manifests**: RBAC, gRPC Service/Route, kind/production overlays, and CI image build for the control plane. ## Components changed < /dev/null | Component | Change | |---|---| | `components/ambient-control-plane/` | New Go service (informer, reconciler, kubeclient, watcher) | | `components/runners/ambient-runner/` | gRPC transport layer (`grpc_transport.py`, `_grpc_client.py`, `_session_messages_api.py`) | | `components/manifests/` | RBAC, gRPC route, kind overlay patches, CI workflow | ## Test plan - [x] `go fmt`, `go vet`, `golangci-lint` — all clean - [x] `go test ./...` — all packages pass - [x] `ruff format` + `ruff check` — all clean - [x] `python -m pytest tests/` — 70 tests pass (3 test files; 2 pre-existing hang unrelated to this PR) - [x] Images built and loaded into running kind cluster - [x] `deployment/ambient-control-plane` rolled out successfully 🤖 Generated with [Claude Code](https://claude.ai/code) --------- Co-authored-by: Claude <noreply@anthropic.com>
jeremyeder
pushed a commit
to jeremyeder/platform
that referenced
this pull request
Mar 26, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
ambient-control-planeGo service that watches the ambient-api-server via gRPC streams and reconciles desired state into Kubernetes (sessions → Jobs, projects → Namespaces/RoleBindings). Supportskube,local, andtestmodes.GRPCSessionListenerwatches inbound session messages,GRPCMessageWriterpushes structured AG-UI events back, with full structured logging and observability.Components changed
< /dev/null | Component | Change |
|---|---|
|
components/ambient-control-plane/| New Go service (informer, reconciler, kubeclient, watcher) ||
components/runners/ambient-runner/| gRPC transport layer (grpc_transport.py,_grpc_client.py,_session_messages_api.py) ||
components/manifests/| RBAC, gRPC route, kind overlay patches, CI workflow |Test plan
go fmt,go vet,golangci-lint— all cleango test ./...— all packages passruff format+ruff check— all cleanpython -m pytest tests/— 70 tests pass (3 test files; 2 pre-existing hang unrelated to this PR)deployment/ambient-control-planerolled out successfully🤖 Generated with Claude Code