fix(operator,runner): mount runner token as volume for dynamic refresh

Long-running sessions were failing due to ServiceAccount token expiration
because tokens were injected as environment variables at pod startup and
never refreshed, even though the operator was refreshing the Secret.

Changes:
- Operator: Mount runner token Secret as volume instead of env var
- Operator: Inject BOT_TOKEN_PATH env var pointing to mounted token file
- Runner: Read token from BOT_TOKEN_PATH file on each connection/reconnection
- Runner: Fall back to BOT_TOKEN env var for backward compatibility
- Runner: Improved error messages for token authentication issues

The operator already refreshes tokens every 45 minutes via ensureFreshRunnerToken().
Now the runner can read the refreshed token from the mounted Secret volume without
requiring pod restart.

Fixes #445

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

Author: Amber Agent

components/operator/internal/handlers/sessions.go

@@ -931,6 +931,17 @@ func handleAgenticSessionEvent(obj *unstructured.Unstructured) error {
 	}
 	log.Printf("Session %s initiated by user: %s (userId: %s)", name, userName, userID)
 
+	// Determine runner token secret name for volume mount
+	runnerTokenSecretName := ""
+	if annotations := currentObj.GetAnnotations(); annotations != nil {
+		if v, ok := annotations["ambient-code.io/runner-token-secret"]; ok && strings.TrimSpace(v) != "" {
+			runnerTokenSecretName = strings.TrimSpace(v)
+		}
+	}
+	if runnerTokenSecretName == "" {
+		runnerTokenSecretName = fmt.Sprintf("ambient-runner-token-%s", name)
+	}
+
 	// Create the Job
 	job := &batchv1.Job{
 		ObjectMeta: v1.ObjectMeta{
@@ -979,6 +990,14 @@ func handleAgenticSessionEvent(obj *unstructured.Unstructured) error {
 								},
 							},
 						},
+						{
+							Name: "runner-token",
+							VolumeSource: corev1.VolumeSource{
+								Secret: &corev1.SecretVolumeSource{
+									SecretName: runnerTokenSecretName,
+								},
+							},
+						},
 					},
 
 					// InitContainer to ensure workspace directory structure exists
@@ -1037,6 +1056,8 @@ func handleAgenticSessionEvent(obj *unstructured.Unstructured) error {
 								// Mount .claude directory for session state persistence
 								// This enables SDK's built-in resume functionality
 								{Name: "workspace", MountPath: "/app/.claude", SubPath: fmt.Sprintf("sessions/%s/.claude", name), ReadOnly: false},
+								// Mount runner token secret as volume for dynamic token refresh
+								{Name: "runner-token", MountPath: "/app/runner-token", ReadOnly: true},
 							},
 
 							Env: func() []corev1.EnvVar {
@@ -1153,26 +1174,12 @@ func handleAgenticSessionEvent(obj *unstructured.Unstructured) error {
 									base = append(base, corev1.EnvVar{Name: "PARENT_SESSION_ID", Value: parentSessionID})
 									log.Printf("Session %s: passing PARENT_SESSION_ID=%s to runner", name, parentSessionID)
 								}
-								// If backend annotated the session with a runner token secret, inject only BOT_TOKEN
-								// Secret contains: 'k8s-token' (for CR updates)
-								// Prefer annotated secret name; fallback to deterministic name
-								secretName := ""
-								if meta, ok := currentObj.Object["metadata"].(map[string]interface{}); ok {
-									if anns, ok := meta["annotations"].(map[string]interface{}); ok {
-										if v, ok := anns["ambient-code.io/runner-token-secret"].(string); ok && strings.TrimSpace(v) != "" {
-											secretName = strings.TrimSpace(v)
-										}
-									}
-								}
-								if secretName == "" {
-									secretName = fmt.Sprintf("ambient-runner-token-%s", name)
-								}
+								// Inject BOT_TOKEN_PATH pointing to mounted secret volume
+								// Token is mounted from runnerTokenSecretName at /app/runner-token
+								// This allows the runner to read refreshed tokens without pod restart
 								base = append(base, corev1.EnvVar{
-									Name: "BOT_TOKEN",
-									ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{
-										LocalObjectReference: corev1.LocalObjectReference{Name: secretName},
-										Key:                  "k8s-token",
-									}},
+									Name:  "BOT_TOKEN_PATH",
+									Value: "/app/runner-token/k8s-token",
 								})
 								// Add CR-provided envs last (override base when same key)
 								if spec, ok := currentObj.Object["spec"].(map[string]interface{}); ok {

components/runners/runner-shell/runner_shell/core/transport_ws.py

@@ -30,8 +30,19 @@ async def connect(self):
         """Connect to WebSocket endpoint."""
         try:
             # Forward Authorization header if BOT_TOKEN (runner SA token) is present
+            # Read from file if BOT_TOKEN_PATH is set (for dynamic token refresh)
+            # Otherwise fall back to BOT_TOKEN env var (backward compatibility)
             headers: Dict[str, str] = {}
-            token = (os.getenv("BOT_TOKEN") or "").strip()
+            token = ""
+            token_path = (os.getenv("BOT_TOKEN_PATH") or "").strip()
+            if token_path:
+                try:
+                    with open(token_path, "r") as f:
+                        token = f.read().strip()
+                except Exception as e:
+                    logger.warning(f"Failed to read token from {token_path}: {e}")
+            if not token:
+                token = (os.getenv("BOT_TOKEN") or "").strip()
             if token:
                 headers["Authorization"] = f"Bearer {token}"
 
@@ -69,10 +80,16 @@ async def connect(self):
             )
             # Surface a clearer hint when auth is likely missing
             if status == 401:
+                token_path = (os.getenv("BOT_TOKEN_PATH") or "").strip()
                 has_token = bool((os.getenv("BOT_TOKEN") or "").strip())
-                if not has_token:
+                has_token_path = bool(token_path)
+                if not has_token and not has_token_path:
                     logger.error(
-                        "No BOT_TOKEN present; backend project routes require Authorization."
+                        "No BOT_TOKEN or BOT_TOKEN_PATH present; backend project routes require Authorization."
+                    )
+                elif has_token_path and not token:
+                    logger.error(
+                        f"BOT_TOKEN_PATH is set to {token_path} but token could not be read."
                     )
             raise
         except Exception as e: