Skip to content

feat(tools): read-only agent access to Grafana, k8s, GCP logs, Linear#4

Open
mo4islona wants to merge 1 commit into
feat/per-user-tenancyfrom
feat/centaur-access-tools
Open

feat(tools): read-only agent access to Grafana, k8s, GCP logs, Linear#4
mo4islona wants to merge 1 commit into
feat/per-user-tenancyfrom
feat/centaur-access-tools

Conversation

@mo4islona

Copy link
Copy Markdown

What

Gives centaur agents read-only access to five infra systems from the sandbox tool surface. Two ride existing tools (grafana, linear); three are new read-only tools shipped in this fork and layered over upstream paradigmxyz/centaur via overlays.sources.

System Tool Change
Grafana grafana (existing) allow self-hosted host grafana.infra.gc.subsquid.io; inject GRAFANA_URL
Linear linear (existing) secret-only (LINEAR_API_KEY)
GKE main + sqd-compute-cluster k8s (new) read-only kube API client, inject-mode Bearer per cluster, view RBAC, CA bundles shipped in-tool
GCP logs gcp-logs (new) Cloud Logging via iron-proxy's native gcp_auth transform (SA key → token, logging.viewer)

Secrets resolve from 1Password as op://<vault>/<NAME>/credential. No api-rs or console changes.

How it's wired

  • overlays.sources = [paradigmxyz/centaur, subsquid/centaur] — later source shadows upstream on name collision, so the new/overridden tools win.
  • Non-secret tool config (GRAFANA_URL, KUBE_*, GCP_LOGGING_PROJECT) goes through sandbox.extraEnv, which the chart merges into SESSION_SANDBOX_EXTRA_ENV without dropping the overlay skill dirs (verified via helm template).
  • Bearer/SA credentials never enter the sandbox: iron-proxy injects them per host from 1Password. RBAC binds the k8s tokens to view, and the GCP SA carries only logging.viewer, so read-only is enforced at the credential layer.

Follow-up (manual, out of PR) — see contrib/ACCESS_SETUP.md

  1. Push this branch + give repo-cache a GitHub token (private fork) or the overlay silently falls back to upstream.
  2. Create the 1Password items: LINEAR_API_KEY, GRAFANA_API_KEY, K8S_GKE_TOKEN, K8S_SQD_TOKEN, GCP_LOGGING_SA.
  3. Grafana Viewer service-account token; kubectl apply contrib/k8s-readonly/readonly-sa.yaml in both clusters; GCP SA + logging.viewer key.
  4. helm upgrade, then verify from an agent (call tools, call k8s pods gke centaur, call gcp-logs read …).

Verify at deploy time (noted in the doc)

  • GKE master authorized networks may reject the sandbox egress IP.
  • sqd API is on :6443 — confirm the iron-proxy host rule matches host+port; adjust the hosts entry in tools/infra/k8s/pyproject.toml if a CONNECT is denied.

🤖 Generated with Claude Code

… logs, Linear

Wire five infra systems into the sandbox tool surface. Two ride existing tools
(grafana, linear); three are new read-only tools shipped in this fork and layered
over upstream via overlays.sources.

- overlay: add subsquid/centaur as a tool overlay source over paradigmxyz/centaur
- grafana: allow the self-hosted host grafana.infra.gc.subsquid.io; inject
  GRAFANA_URL via sandbox.extraEnv (merged into SESSION_SANDBOX_EXTRA_ENV without
  dropping the overlay skill dirs)
- k8s: new read-only tool for GKE main + sqd-compute-cluster (inject-mode Bearer
  per cluster, view-scoped RBAC, CA bundles shipped in-tool); RBAC manifest under
  contrib/k8s-readonly
- gcp-logs: new read-only tool over Cloud Logging using iron-proxy's native
  gcp_auth transform (SA key -> access token, logging.viewer scope)
- docs: contrib/ACCESS_SETUP.md — 1Password items, tokens, RBAC, GCP SA, rollout

Secrets resolve from 1Password as op://<vault>/<NAME>/credential. No api-rs or
console changes.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant