fix: preserve Google Workspace MCP credentials and add runner feedback route#1234
Open
ambient-code[bot] wants to merge 4 commits intomainfrom
Open
fix: preserve Google Workspace MCP credentials and add runner feedback route#1234ambient-code[bot] wants to merge 4 commits intomainfrom
ambient-code[bot] wants to merge 4 commits intomainfrom
Conversation
…runner feedback route (#1222) Three fixes for issues reported in #1222: 1. **Google Workspace MCP auth**: Stop deleting the credentials file (`credentials.json`) in `clear_runtime_credentials()`. The workspace-mcp process reads from this file continuously; removing it between turns forces it into an inaccessible localhost OAuth flow. The file is overwritten with fresh tokens at the start of each run anyway. 2. **Credential refresh diagnostics**: After refreshing credentials, the `refresh_credentials` tool now checks MCP server auth status and includes diagnostic warnings in its response. This prevents false positives where the tool reports success but MCP servers still can't authenticate. 3. **Feedback endpoint auth**: Add a runner-accessible feedback route at `/api/projects/:projectName/agentic-sessions/:sessionName/runner/feedback` that bypasses `ValidateProjectContext()` middleware. In-session workflows (e.g. Amber) can now submit feedback using BOT_TOKEN without requiring a user OAuth token. The handler still performs its own SSAR auth check. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
adalton
pushed a commit
that referenced
this pull request
Apr 7, 2026
## Summary When the agent creates a PR from an issue (via `ambient-code:auto-fix` label or `@ambient-code` on an issue), it now sends a Slack notification with links to the PR and the session. ## Message format ``` PR created for #1234 PR: https://github.com/ambient-code/platform/pull/5678 Session: https://ambient.ai/projects/my-project/sessions/session-abc123 ``` ## Test plan - [ ] Add `ambient-code:auto-fix` to an issue — verify Slack notification sent after PR created - [ ] `@ambient-code` on an issue — verify same 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Updated workflow logic to require creation of a plan and to prompt for clarification when ambiguous. * Added conditional Slack notifications: one before requesting user clarification and one after PR creation (sent only if configured). * Adjusted workflow step ordering and related guidance to reflect the new notification and clarification flow. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Ambient Code Bot <bot@ambient-code.local> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ver env vars On first run, _setup_platform() already populates credentials and builds MCP servers with correctly expanded env vars. The subsequent clear_runtime_credentials() call in _initialize_run() would needlessly remove env vars like USER_GOOGLE_EMAIL before re-populating them, creating a brief window where workspace-mcp env state is inconsistent. Skip the clear-repopulate cycle on first run since _setup_platform() already handled it. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Gkrumbach07
added a commit
that referenced
this pull request
Apr 7, 2026
## Summary Rewrite the review queue from an LLM-powered session to a deterministic shell script. Now acts as a strict readiness gate — only PRs that are actually mergeable get added to the milestone and notified in Slack. ## Changes ### Review Queue (`pr-merge-review.yml`) - **Hourly** (was daily at 1pm) - **Shell-driven** (was LLM session — cheaper, faster, deterministic) - **Strict readiness check**: CI must pass (not pending), no changes requested, not draft - **Milestone management**: adds ready PRs, removes ones that fell out of readiness - **Slack notification only for NEW additions** — not every run, not every PR - Milestone description auto-updated with ready/not-ready lists ### Amber Handler - **Removed "PR created" Slack notifications** — these were noisy - The review queue now handles the notification when PRs are actually ready ## Slack message format ``` 📋 2 PRs ready for review • #1234 — Fix session timeout handling • #1235 — Add model selector to header Total in Review Queue: 5 ``` ## Test plan - [ ] Manual dispatch review queue — verify milestone updated - [ ] Open a PR with CI passing — verify it gets added and Slack notified - [ ] PR with failing CI — verify NOT added to milestone - [ ] Draft PR — verify skipped 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Removed Slack prompts from PR-creation session flows * Review-queue schedule changed to run hourly on weekdays * Added concurrency controls to review-queue runs * **New Features** * Review queue now evaluates PR readiness (drafts, CI, reviews) and updates a milestone * Slack notifications for PRs newly marked as ready * Batch PR fixer now skips healthy PRs by checking CI, mergeability, and review states * PR comments and bodies now include a session footer/link when relevant <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Ambient Code Bot <bot@ambient-code.local> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
|
@ambient-code tell me a joke |
Contributor
|
@ambient-code reply that joke as a comment |
Contributor
|
@ambient-code do a review |
…dback-endpoint # Conflicts: # components/runners/ambient-runner/tests/test_shared_session_credentials.py
ambient-code
bot
added
ambient-code:needs-human
Contributor
Author
|
🔴 Circuit breaker triggered (retry_count=3). All code changes are complete and pushed. Merge conflict with The PR addresses both sub-issues from #1222:
CI was green before the merge; waiting for new checks to complete. Needs human review and merge. 🤖 Session |
Contributor
Pull Reviews✅ Positive — This PR fixes Google Workspace MCP credential preservation and adds a runner-accessible feedback endpoint. It prevents credential file deletion between turns and introduces diagnostics for MCP authentication issues. Callouts
File-by-file breakdown
Generated by pull-reviews — automated video reviews for PRs |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #1222 — Google Workspace MCP authentication fails in ACP sessions and Amber feedback workflow can't submit feedback.
credentials.jsoninclear_runtime_credentials()between turns. Theworkspace-mcpprocess reads from this file continuously; removing it forces an inaccessible localhost:8000 OAuth flow. Fresh credentials are written at each run start anyway._setup_platform()already populates credentials and builds MCP servers with correctly expanded env vars. The subsequentclear_runtime_credentials()in_initialize_run()was needlessly clearing env vars likeUSER_GOOGLE_EMAILbefore re-populating them.refresh_credentialstool now verifies MCP auth status after refresh and includes diagnostic warnings, preventing false positives where it reports success but MCP servers still can't authenticate..../runner/feedbackoutsideValidateProjectContext()middleware so in-session workflows (Amber) can submit feedback using BOT_TOKEN without user OAuth tokens. Handler retains its own SSAR auth check.Test plan
test_shared_session_credentials.py)test_preserves_google_credentials_fileverifies credentials file is NOT deleted during cleanuptest_includes_mcp_diagnostics_on_auth_warningverifies MCP diagnostics are included in refresh response/runner/feedbackendpoint🤖 Generated with Claude Code