Skip to content

feat: authenticate via public-api gateway instead of OpenShift API#23

Merged
jeremyeder merged 1 commit intomainfrom
feat/public-api-auth
Feb 11, 2026
Merged

feat: authenticate via public-api gateway instead of OpenShift API#23
jeremyeder merged 1 commit intomainfrom
feat/public-api-auth

Conversation

@jeremyeder
Copy link
Contributor

Summary

  • Replaces direct OpenShift API authentication with HTTP requests to public-api gateway
  • Removes oc CLI dependency entirely
  • Reduces codebase by ~2,300 lines (from complex K8s operations to simple HTTP calls)
  • Aligns with platform security model where public-api is the single entry point

Changes

File Change
client.py Rewrite to use httpx for HTTP requests to /v1/sessions endpoints
settings.py ClusterConfig.server now points to public-api URL (e.g., https://public-api-ambient.apps.cluster.example.com)
server.py Reduce from 20+ tools to 7 supported tools
formatters.py Remove unused formatters
pyproject.toml Replace aiohttp with httpx, update description/keywords

Supported Tools

  1. acp_list_sessions - List/filter sessions
  2. acp_get_session - Get session by ID
  3. acp_delete_session - Delete session (with dry-run)
  4. acp_bulk_delete_sessions - Delete up to 3 sessions
  5. acp_list_clusters - List configured clusters
  6. acp_whoami - Check auth status
  7. acp_switch_cluster - Switch cluster context

Configuration

# ~/.config/acp/clusters.yaml
clusters:
  production:
    server: https://public-api-ambient.apps.cluster.example.com
    default_project: my-workspace
    token: sha256~xxx  # or set ACP_TOKEN env var

default_cluster: production

Test plan

  • Verify acp_list_sessions returns sessions from public-api
  • Verify acp_delete_session with dry_run=true shows preview
  • Verify acp_delete_session actually deletes
  • Verify auth errors propagate correctly

🤖 Generated with Claude Code

Replace direct OpenShift API authentication with HTTP requests to the
public-api gateway service. This simplifies the MCP server by removing
the oc CLI dependency and aligns with the platform's security model
where the public-api is the single entry point for all clients.

Changes:
- client.py: Rewrite to use httpx for HTTP requests to public-api
- settings.py: Update ClusterConfig to point to public-api URL
- server.py: Reduce to 7 supported tools (list, get, delete sessions)
- formatters.py: Remove unused formatters
- pyproject.toml: Replace aiohttp with httpx, update description

The public-api provides:
- GET/POST/DELETE /v1/sessions endpoints
- Bearer token auth via Authorization header
- Project context via X-Ambient-Project header

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@jeremyeder jeremyeder merged commit 5e4ee66 into main Feb 11, 2026
1 check failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant