a77fbd0381
Operator: agent-zero must reach the cluster ONLY through gated MCP tools, not a service account with cluster roles for raw kubectl. Removed the read-only ClusterRole/ClusterRoleBinding entirely (SA now has zero cluster perms) and set automountServiceAccountToken: false so no K8s API token is mounted at all. Applied live (SA secrets/exec/pods/namespaces -> all Forbidden); this makes it durable so ArgoCD selfHeal won't re-create any role. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>