feat: implement per-repository autoPush configuration

[adalton]

Replace global autoPushOnComplete setting with per-repository autoPush field to enable granular control of git push behavior for agentic sessions. Each repository can now be configured independently with autoPush: true/false.

Changes

• Add autoPush field to SessionRepo type (backend, frontend, CRD)
• Remove deprecated autoPushOnComplete from all components
• Add type validation in runner to handle invalid autoPush values
• Generate Git Push Instructions in system prompt for repos with autoPush=true
• Add comprehensive test coverage (10 backend tests, 19 runner tests)
• Update UI with clear help text explaining autoPush behavior

Testing

• All 351 backend tests pass
• All 19 runner tests pass (including edge case type validation tests)
• Frontend builds with 0 errors, 0 warnings
• Manual testing verified correct behavior

[github-actions]

Claude Code Review

Summary

This PR implements per-repository autoPush configuration, replacing the global autoPushOnComplete setting. The implementation is well-architected with comprehensive test coverage (10 backend tests, 19 runner tests) and follows established patterns. The changes span backend, frontend, CRD, operator, and runner components with consistent type handling.

Issues by Severity

🚫 Blocker Issues

None - this PR is ready to merge.

🔴 Critical Issues

None identified.

🟡 Major Issues

1. Operator cleanup incomplete (components/operator/internal/handlers/sessions.go:419)

• Lines deleted from operator but autoPushOnComplete reference may exist elsewhere in operator
• Recommendation: Verify no references remain in operator codebase

grep -r "autoPushOnComplete" components/operator/

🔵 Minor Issues

1. Type validation edge case (adapter.py:1199-1200)

• Good defensive programming converting invalid autoPush types to False
• However, consider logging when type coercion occurs for debugging

auto_push_raw = it.get('autoPush', False)
auto_push = auto_push_raw if isinstance(auto_push_raw, bool) else False
# SUGGESTION: Add logging when coercion happens
if not isinstance(auto_push_raw, bool) and auto_push_raw is not None:
    logger.warning(f"Invalid autoPush type {type(auto_push_raw)} for repo {url}, defaulting to False")

2. Git push instruction clarity (adapter.py:1312-1321)

• System prompt includes clear git push instructions
• Consider adding error handling guidance (e.g., what to do if push fails)
• Recommendation: Add a note about handling authentication errors

3. Frontend help text could be more specific (add-context-modal.tsx:107-111)

• Help text mentions "Requires git credentials to be configured"
• Recommendation: Link to docs or provide inline guidance on how to configure credentials

Positive Highlights

✅ Excellent test coverage

• 10 backend unit tests covering all edge cases (true/false/missing/multiple repos)
• 19 runner tests including type validation and system prompt generation
• Tests validate both parsing and serialization

✅ Type safety across the stack

• Backend uses *bool pointer for optional autoPush (Go best practice)
• Frontend uses autoPush?: boolean (TypeScript optional)
• CRD defines type: boolean, default: false
• Consistent nil/undefined handling everywhere

✅ Follows established patterns

• Backend: Uses unstructured.NestedFieldNoCopy for type-safe access (CLAUDE.md pattern)
• Frontend: Shadcn UI components (Checkbox, Alert) per design guidelines
• No any types in TypeScript
• Error handling follows error-handling.md patterns

✅ Clean migration path

• Removed deprecated autoPushOnComplete completely
• New autoPush field has sensible default (false)
• Backward compatible (missing field = nil/undefined, treated as false)

✅ User experience improvements

• Clear UI help text explaining behavior
• System prompt generation includes git push instructions only for enabled repos
• Checkbox UI is intuitive and well-labeled

Code Quality Assessment

Backend (Go) ✅

• Follows K8s client usage patterns (no violations)
• No token logging or security issues
• Type-safe unstructured access throughout
• Error handling appropriate

Frontend (TypeScript) ✅

• Zero any types
• Uses Shadcn UI components exclusively
• Type definitions consistent across files
• Component under 200 lines

Runner (Python) ✅

• Defensive type checking for autoPush
• Proper JSON serialization
• Clear logging and error messages
• System prompt generation is well-structured

CRD (YAML) ✅

• Proper OpenAPI schema validation
• Sensible default value (false)
• Clear description field

Recommendations

Immediate (before merge):

1. ✅ Verify no remaining autoPushOnComplete references in operator
2. Consider adding warning log for type coercion in adapter.py:1199

Future improvements (not blocking):

1. Add observability: track how many sessions use autoPush in Langfuse metadata
2. Consider adding UI indicator showing which repos have autoPush enabled in session detail view
3. Document credential setup process in user docs for autoPush feature
4. Consider adding validation that autoPush=true repos have git credentials configured (fail early)

Security Review ✅

✅ No user token misuse
✅ No token logging violations
✅ Input validation present (URL parsing exists in codebase)
✅ No new RBAC issues
✅ No privilege escalation vectors

Architecture Compliance ✅

✅ Follows ADR-0003 (Multi-Repo Support)
✅ Backend package organization maintained
✅ Frontend type definitions in correct location
✅ CRD schema follows v1alpha1 conventions
✅ No breaking changes to existing APIs

Testing Recommendation ✅

All tests passing per PR description:

• ✅ 351 backend tests pass
• ✅ 19 runner tests pass
• ✅ Frontend builds with 0 errors, 0 warnings
• ✅ Manual testing verified

Suggested manual test scenario:

1. Create session with 2 repos: one with autoPush=true, one with autoPush=false
2. Verify system prompt includes git instructions only for autoPush repo
3. Make changes to both repos
4. Verify only autoPush repo gets push instructions

Final Verdict

APPROVE ✅

This is high-quality work that demonstrates:

• Deep understanding of the codebase architecture
• Adherence to established patterns and standards
• Comprehensive testing approach
• Clean migration from deprecated feature
• User-focused design

The per-repository autoPush granularity is a significant improvement over the global setting, enabling mixed-mode workflows where some repos are pushed automatically while others remain local-only.

No blocking issues. Ready to merge after verifying operator cleanup is complete.

---

🔍 View AI decision process (logs available for 90 days)

📋 View memory system files loaded (click to expand)

What Amber Loaded for Code Review

Amber automatically loaded these repository standards from the memory system:

1. CLAUDE.md - Master project instructions, development standards
2. backend-development.md - Go backend, K8s integration patterns
3. frontend-development.md - NextJS, Shadcn UI, React Query patterns
4. security-standards.md - Auth, RBAC, token handling
5. k8s-client-usage.md - User token vs service account patterns
6. error-handling.md - Consistent error patterns
7. react-query-usage.md - Data fetching patterns

Impact: This review used your repository's specific code quality standards, security patterns, and best practices from the memory system (PRs #359, #360) - not just generic code review guidelines.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[Gkrumbach07]

for context this is what cladue code web says

## Git Development Branch Requirements

You are working on the following feature branches:

 **Gkrumbach07/Chores**: Develop on branch `claude/system-prompt-docs-01Eahw2gNvVU8ffDpcM48uea`

### Important Instructions:

1. **DEVELOP** all your changes on the designated branch above
2. **COMMIT** your work with clear, descriptive commit messages
3. **PUSH** to the specified branch when your changes are complete
4. **CREATE** the branch locally if it doesn't exist yet
5. **NEVER** push to a different branch without explicit permission

Remember: All development and final pushes should go to the branches specified above.

## Git Operations

Follow these practices for git:

**For git push:**
- Always use git push -u origin <branch-name>
- CRITICAL: the branch should start with 'claude/' and end with matching session id, otherwise push will fail with 403 http code.
- Only if push fails due to network errors retry up to 4 times with exponential backoff (2s, 4s, 8s, 16s)
- Example retry logic: try push, wait 2s if failed, try again, wait 4s if failed, try again, etc.

**For git fetch/pull:**
- Prefer fetching specific branches: git fetch origin <branch-name>
- If network failures occur, retry up to 4 times with exponential backoff (2s, 4s, 8s, 16s)
- For pulls use: git pull origin <branch-name>

The GitHub CLI (`gh`) is not available in this environment. For GitHub issues ask the user to provide the necessary information directly.


gitStatus: This is the git status at the start of the conversation. Note that this status is a snapshot in time, and will not update during the conversation.
Current branch: claude/system-prompt-docs-01Eahw2gNvVU8ffDpcM48uea

Main branch (you will usually use this for PRs): 

Status:
(clean)

Recent commits:
4bef2c1 Working on making the button turn and stay green
b267637 fixed chore detail view table view color strips and started on making the strip turn green when pressed.
ae1a937 First commit
6f820b8 Initial Commit

we can iterate on this prompt. for now it looks good