Story RHOAIENG-45393: Add left panel hide and resize capabilities

Author: Gkrumbach07

.github/workflows/claude-live-test.yml

@@ -216,8 +216,6 @@ jobs:
 
     - name: Run Claude with Playwright MCP
       uses: anthropics/claude-code-action@v1
-      continue-on-error: true
-      id: claude_test
       env:
         TEST_TOKEN: ${{ steps.token.outputs.token }}
         DEBUG: "*"

.github/workflows/components-build-deploy.yml

@@ -10,7 +10,6 @@ on:
       - 'components/operator/**'
       - 'components/backend/**'
       - 'components/frontend/**'
-      - 'components/public-api/**'
   pull_request_target:
     branches: [main]
     paths:
@@ -20,7 +19,6 @@ on:
       - 'components/operator/**'
       - 'components/backend/**'
       - 'components/frontend/**'
-      - 'components/public-api/**'
   workflow_dispatch:
     inputs:
       force_build_all:
@@ -29,7 +27,7 @@ on:
         type: boolean
         default: false
       components:
-        description: 'Components to build (comma-separated: frontend,backend,operator,claude-runner,state-sync,public-api) - leave empty for all'
+        description: 'Components to build (comma-separated: frontend,backend,operator,claude-runner,state-sync) - leave empty for all'
         required: false
         type: string
         default: ''
@@ -47,7 +45,6 @@ jobs:
       operator: ${{ steps.filter.outputs.operator }}
       claude-runner: ${{ steps.filter.outputs.claude-runner }}
       state-sync: ${{ steps.filter.outputs.state-sync }}
-      public-api: ${{ steps.filter.outputs.public-api }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v6
@@ -69,8 +66,6 @@ jobs:
               - 'components/runners/claude-code-runner/**'
             state-sync:
               - 'components/runners/state-sync/**'
-            public-api:
-              - 'components/public-api/**'
 
   build-and-push:
     runs-on: ubuntu-latest
@@ -108,11 +103,6 @@ jobs:
             image: quay.io/ambient_code/vteam_state_sync
             dockerfile: ./components/runners/state-sync/Dockerfile
             changed: ${{ needs.detect-changes.outputs.state-sync }}
-          - name: public-api
-            context: ./components/public-api
-            image: quay.io/ambient_code/vteam_public_api
-            dockerfile: ./components/public-api/Dockerfile
-            changed: ${{ needs.detect-changes.outputs.public-api }}
     steps:
       - name: Checkout code
         if: matrix.component.changed == 'true' || github.event.inputs.force_build_all == 'true' || contains(github.event.inputs.components, matrix.component.name) || (github.event_name == 'workflow_dispatch' && github.event.inputs.components == '' && github.event.inputs.force_build_all != 'true')
@@ -197,7 +187,7 @@ jobs:
   deploy-to-openshift:
     runs-on: ubuntu-latest
     needs: [detect-changes, build-and-push, update-rbac-and-crd]
-    if: github.event_name == 'push' && github.ref == 'refs/heads/main' && (needs.detect-changes.outputs.frontend == 'true' || needs.detect-changes.outputs.backend == 'true' || needs.detect-changes.outputs.operator == 'true' || needs.detect-changes.outputs.claude-runner == 'true' || needs.detect-changes.outputs.state-sync == 'true' || needs.detect-changes.outputs.public-api == 'true')
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main' && (needs.detect-changes.outputs.frontend == 'true' || needs.detect-changes.outputs.backend == 'true' || needs.detect-changes.outputs.operator == 'true' || needs.detect-changes.outputs.claude-runner == 'true' || needs.detect-changes.outputs.state-sync == 'true')
     steps:
       - name: Checkout code
         uses: actions/checkout@v6
@@ -250,12 +240,6 @@ jobs:
             echo "state_sync_tag=stage" >> $GITHUB_OUTPUT
           fi
 
-          if [ "${{ needs.detect-changes.outputs.public-api }}" == "true" ]; then
-            echo "public_api_tag=${{ github.sha }}" >> $GITHUB_OUTPUT
-          else
-            echo "public_api_tag=stage" >> $GITHUB_OUTPUT
-          fi
-
       - name: Update kustomization with image tags
         working-directory: components/manifests/overlays/production
         run: |
@@ -264,7 +248,6 @@ jobs:
           kustomize edit set image quay.io/ambient_code/vteam_operator:latest=quay.io/ambient_code/vteam_operator:${{ steps.image-tags.outputs.operator_tag }}
           kustomize edit set image quay.io/ambient_code/vteam_claude_runner:latest=quay.io/ambient_code/vteam_claude_runner:${{ steps.image-tags.outputs.runner_tag }}
           kustomize edit set image quay.io/ambient_code/vteam_state_sync:latest=quay.io/ambient_code/vteam_state_sync:${{ steps.image-tags.outputs.state_sync_tag }}
-          kustomize edit set image quay.io/ambient_code/vteam_public_api:latest=quay.io/ambient_code/vteam_public_api:${{ steps.image-tags.outputs.public_api_tag }}
 
       - name: Validate kustomization
         working-directory: components/manifests/overlays/production
@@ -282,8 +265,7 @@ jobs:
         run: |
           oc set env deployment/frontend -n ambient-code -c frontend \
             GITHUB_APP_SLUG="ambient-code-stage" \
-            VTEAM_VERSION="${{ github.sha }}" \
-            FEEDBACK_URL="https://forms.gle/7XiWrvo6No922DUz6"
+            VTEAM_VERSION="${{ github.sha }}"
 
       - name: Update backend environment variables
         if: needs.detect-changes.outputs.backend == 'true'
@@ -330,7 +312,6 @@ jobs:
           kustomize edit set image quay.io/ambient_code/vteam_operator:latest=quay.io/ambient_code/vteam_operator:stage
           kustomize edit set image quay.io/ambient_code/vteam_claude_runner:latest=quay.io/ambient_code/vteam_claude_runner:stage
           kustomize edit set image quay.io/ambient_code/vteam_state_sync:latest=quay.io/ambient_code/vteam_state_sync:stage
-          kustomize edit set image quay.io/ambient_code/vteam_public_api:latest=quay.io/ambient_code/vteam_public_api:stage
 
       - name: Validate kustomization
         working-directory: components/manifests/overlays/production
@@ -347,8 +328,7 @@ jobs:
         run: |
           oc set env deployment/frontend -n ambient-code -c frontend \
             GITHUB_APP_SLUG="ambient-code-stage" \
-            VTEAM_VERSION="${{ github.sha }}" \
-            FEEDBACK_URL="https://forms.gle/7XiWrvo6No922DUz6"
+            VTEAM_VERSION="${{ github.sha }}"
 
       - name: Update backend environment variables
         run: |

.github/workflows/prod-release-deploy.yaml

@@ -265,8 +265,7 @@ jobs:
         run: |
           oc set env deployment/frontend -n ambient-code -c frontend \
             GITHUB_APP_SLUG="ambient-code" \
-            VTEAM_VERSION="${{ needs.release.outputs.new_tag }}" \
-            FEEDBACK_URL="https://forms.gle/7XiWrvo6No922DUz6"
+            VTEAM_VERSION="${{ needs.release.outputs.new_tag }}"
 
       - name: Update backend environment variables
         run: |

CLAUDE.md

@@ -461,23 +461,6 @@ Langfuse supports OpenTelemetry as of 2025:
    - FORBIDDEN: `BlockOwnerDeletion` (causes permission issues in multi-tenant environments)
    - Pattern: (operator/internal/handlers/sessions.go:125-134, handlers/sessions.go:470-476)
 
-### Exception: Public API Gateway Service
-
-The `components/public-api/` service is a **stateless HTTP gateway** that does NOT follow the standard backend patterns above. This is intentional:
-
-- **No K8s Clients**: The public-api does NOT use `GetK8sClientsForRequest()` or access Kubernetes directly
-- **No RBAC Permissions**: The ServiceAccount has NO RoleBindings - it cannot access any K8s resources
-- **Token Forwarding Only**: All requests are proxied to the backend with the user's token in the `Authorization` header
-- **Backend Validates**: All K8s operations and RBAC enforcement happen in the backend service
-
-**Why different?** The public-api is a thin shim layer that:
-1. Extracts and validates tokens
-2. Extracts project context (from header or ServiceAccount token)
-3. Validates input parameters (prevents injection attacks)
-4. Forwards requests with proper authorization headers
-
-This separation of concerns improves security by minimizing the attack surface of the externally-exposed service.
-
 ### Package Organization
 
 **Backend Structure** (`components/backend/`):

Makefile

@@ -1,4 +1,4 @@
-.PHONY: help setup build-all build-frontend build-backend build-operator build-runner build-state-sync build-public-api deploy clean check-architecture
+.PHONY: help setup build-all build-frontend build-backend build-operator build-runner build-state-sync deploy clean check-architecture
 .PHONY: local-up local-down local-clean local-status local-rebuild local-reload-backend local-reload-frontend local-reload-operator local-sync-version
 .PHONY: local-dev-token
 .PHONY: local-logs local-logs-backend local-logs-frontend local-logs-operator local-shell local-shell-frontend
@@ -59,7 +59,6 @@ BACKEND_IMAGE ?= vteam_backend:latest
 OPERATOR_IMAGE ?= vteam_operator:latest
 RUNNER_IMAGE ?= vteam_claude_runner:latest
 STATE_SYNC_IMAGE ?= vteam_state_sync:latest
-PUBLIC_API_IMAGE ?= vteam_public_api:latest
 
 # Vertex AI Configuration (for LOCAL_VERTEX=true)
 # These inherit from environment if set, or can be overridden on command line
@@ -115,7 +114,7 @@ help: ## Display this help message
 
 ##@ Building
 
-build-all: build-frontend build-backend build-operator build-runner build-state-sync build-public-api ## Build all container images
+build-all: build-frontend build-backend build-operator build-runner build-state-sync ## Build all container images
 
 build-frontend: ## Build frontend image
 	@echo "$(COLOR_BLUE)▶$(COLOR_RESET) Building frontend with $(CONTAINER_ENGINE)..."
@@ -147,12 +146,6 @@ build-state-sync: ## Build state-sync image for S3 persistence
 		-t vteam_state_sync:latest .
 	@echo "$(COLOR_GREEN)✓$(COLOR_RESET) State-sync built: vteam_state_sync:latest"
 
-build-public-api: ## Build public API gateway image
-	@echo "$(COLOR_BLUE)▶$(COLOR_RESET) Building public-api with $(CONTAINER_ENGINE)..."
-	@cd components/public-api && $(CONTAINER_ENGINE) build $(PLATFORM_FLAG) $(BUILD_FLAGS) \
-		-t $(PUBLIC_API_IMAGE) .
-	@echo "$(COLOR_GREEN)✓$(COLOR_RESET) Public API built: $(PUBLIC_API_IMAGE)"
-
 ##@ Git Hooks
 
 setup-hooks: ## Install git hooks for branch protection

components/backend/handlers/content.go

@@ -663,20 +663,15 @@ func ContentWorkflowMetadata(c *gin.Context) {
 		log.Printf("ContentWorkflowMetadata: agents directory not found or unreadable: %v", err)
 	}
 
-	configResponse := gin.H{
-		"name":         ambientConfig.Name,
-		"description":  ambientConfig.Description,
-		"systemPrompt": ambientConfig.SystemPrompt,
-		"artifactsDir": ambientConfig.ArtifactsDir,
-	}
-	if ambientConfig.Rubric != nil {
-		configResponse["rubric"] = ambientConfig.Rubric
-	}
-
 	c.JSON(http.StatusOK, gin.H{
 		"commands": commands,
 		"agents":   agents,
-		"config":   configResponse,
+		"config": gin.H{
+			"name":         ambientConfig.Name,
+			"description":  ambientConfig.Description,
+			"systemPrompt": ambientConfig.SystemPrompt,
+			"artifactsDir": ambientConfig.ArtifactsDir,
+		},
 	})
 }
 
@@ -718,21 +713,12 @@ func parseFrontmatter(filePath string) map[string]string {
 	return result
 }
 
-// RubricConfig represents the rubric evaluation configuration in ambient.json.
-// Schema is a JSON Schema object that defines the tool's input_schema for
-// additional metadata fields beyond final_score and reasoning.
-type RubricConfig struct {
-	ActivationPrompt string                 `json:"activationPrompt,omitempty"`
-	Schema           map[string]interface{} `json:"schema,omitempty"`
-}
-
 // AmbientConfig represents the ambient.json configuration
 type AmbientConfig struct {
-	Name         string        `json:"name"`
-	Description  string        `json:"description"`
-	SystemPrompt string        `json:"systemPrompt"`
-	ArtifactsDir string        `json:"artifactsDir"`
-	Rubric       *RubricConfig `json:"rubric,omitempty"`
+	Name         string `json:"name"`
+	Description  string `json:"description"`
+	SystemPrompt string `json:"systemPrompt"`
+	ArtifactsDir string `json:"artifactsDir"`
 }
 
 // parseAmbientConfig reads and parses ambient.json from workflow directory

components/backend/handlers/gitlab_auth.go

@@ -102,12 +102,12 @@ func validateGitLabInput(instanceURL, token string) error {
 	}
 
 	// Validate token contains only valid characters (alphanumeric and some special chars)
-	// GitLab tokens use: a-z, A-Z, 0-9, -, _, .
+	// GitLab tokens use: a-z, A-Z, 0-9, -, _
 	for _, char := range token {
 		if (char < 'a' || char > 'z') &&
 			(char < 'A' || char > 'Z') &&
 			(char < '0' || char > '9') &&
-			char != '-' && char != '_' && char != '.' {
+			char != '-' && char != '_' {
 			return fmt.Errorf("token contains invalid characters")
 		}
 	}

components/backend/handlers/gitlab_auth_test.go

@@ -103,7 +103,6 @@ var _ = Describe("GitLab Auth Handler", Label(test_constants.LabelUnit, test_con
 					"token-with-dashes-456",            // with dashes
 					"UPPERCASE_TOKEN_789012",           // uppercase, 20 chars
 					"MixedCase-Token_1234567",          // mixed case, 20 chars
-					"glpat-abc123xyz.01.def456ghi",     // with periods (GitLab token format)
 				}
 
 				for _, token := range validTokens {
@@ -196,6 +195,7 @@ var _ = Describe("GitLab Auth Handler", Label(test_constants.LabelUnit, test_con
 					"token;with;semicolons",
 					"token:with:colons",
 					"token,with,commas",
+					"token.with.dots",
 					"token?with?questions",
 					"token!with!exclamations",
 				}

components/backend/handlers/integrations_status.go

@@ -3,6 +3,7 @@ package handlers
 import (
 	"context"
 	"net/http"
+	"time"
 
 	"github.com/gin-gonic/gin"
 )
@@ -62,13 +63,13 @@ func getGitHubStatusForUser(ctx context.Context, userID string) gin.H {
 	// Check GitHub PAT
 	patCreds, err := GetGitHubPATCredentials(ctx, userID)
 	if err == nil && patCreds != nil {
-		// NOTE: Validation disabled - if credentials are stored, assume they're valid
-		// The integration will fail gracefully if credentials are actually invalid
+		// Validate PAT token
+		valid, _ := ValidateGitHubToken(ctx, patCreds.Token)
 
 		status["pat"] = gin.H{
 			"configured": true,
 			"updatedAt":  patCreds.UpdatedAt.Format("2006-01-02T15:04:05Z07:00"),
-			"valid":      true,
+			"valid":      valid,
 		}
 	}
 
@@ -88,15 +89,19 @@ func getGoogleStatusForUser(ctx context.Context, userID string) gin.H {
 		return gin.H{"connected": false}
 	}
 
-	// NOTE: Validation disabled - if credentials are stored, assume they're valid
-	// The backend auto-refreshes tokens and the integration will fail gracefully if invalid
+	// Check if token is expired
+	isExpired := time.Now().After(creds.ExpiresAt)
+	valid := !isExpired
+
+	// If near expiry, could validate with Google API, but checking expiry is sufficient
+	// since backend auto-refreshes tokens
 
 	return gin.H{
 		"connected": true,
 		"email":     creds.Email,
 		"expiresAt": creds.ExpiresAt.Format("2006-01-02T15:04:05Z07:00"),
 		"updatedAt": creds.UpdatedAt.Format("2006-01-02T15:04:05Z07:00"),
-		"valid":     true,
+		"valid":     valid,
 	}
 }
 
@@ -126,13 +131,13 @@ func getGitLabStatusForUser(ctx context.Context, userID string) gin.H {
 		return gin.H{"connected": false}
 	}
 
-	// NOTE: Validation disabled - if credentials are stored, assume they're valid
-	// The integration will fail gracefully if credentials are actually invalid
+	// Validate token
+	valid, _ := ValidateGitLabToken(ctx, creds.Token, creds.InstanceURL)
 
 	return gin.H{
 		"connected":   true,
 		"instanceUrl": creds.InstanceURL,
 		"updatedAt":   creds.UpdatedAt,
-		"valid":       true,
+		"valid":       valid,
 	}
 }

components/backend/main.go

@@ -94,25 +94,13 @@ func main() {
 	// Initialize git package
 	git.GetProjectSettingsResource = k8s.GetProjectSettingsResource
 	git.GetGitHubInstallation = func(ctx context.Context, userID string) (interface{}, error) {
-		installation, err := github.GetInstallation(ctx, userID)
-		if installation == nil {
-			return nil, err
-		}
-		return installation, err
+		return github.GetInstallation(ctx, userID)
 	}
 	git.GetGitHubPATCredentials = func(ctx context.Context, userID string) (interface{}, error) {
-		creds, err := handlers.GetGitHubPATCredentials(ctx, userID)
-		if creds == nil {
-			return nil, err
-		}
-		return creds, err
+		return handlers.GetGitHubPATCredentials(ctx, userID)
 	}
 	git.GetGitLabCredentials = func(ctx context.Context, userID string) (interface{}, error) {
-		creds, err := handlers.GetGitLabCredentials(ctx, userID)
-		if creds == nil {
-			return nil, err
-		}
-		return creds, err
+		return handlers.GetGitLabCredentials(ctx, userID)
 	}
 	git.GitHubTokenManager = github.Manager
 	git.GetBackendNamespace = func() string {