fix: improve robot account config validation

[qcserestipy]

Description

This PR improves the usability of the robot account config loading capabilities. It makes more robust validation for faulty configurations that include wrong levels or namespaces. It also introduces more clear error messages in case of wrong command usage. Furthermore, it slightly improves efficiency of config loading since inefficient full scan for existing projects is replaced with a simple get request.

• Fixes [bug]: Poor validation/error message when creating robot with incompatible config (system vs project) #769

Type of Change

Please select the relevant type.

• Bug fix
• New feature
• Refactor
• Documentation update
• Chore / maintenance

Changes

• Introduce cross checks for robot config level and executed commnd.
• Introduce schema validation for wildcard namespace in project robot.
• Remove necessisity for system permissions to be present in case of system robots.
• Simplify scan for existing project due to inefficiency.

Evidence

➜  harbor-cli git:(fix/769_robot_validation) # Faulty config due to wildcard namespace in project robot
➜  harbor-cli git:(fix/769_robot_validation) cat examples/config/robot-account/project/robot-config.json 
{
  "name": "ci-pipeline-robot",
  "description": "Robot account for CI/CD pipeline",
  "duration": 90,
  "level": "project",
  "permissions": [
    {
      "access": [
        {
          "resource": "repository",
          "actions": [
            "pull",
            "push"
          ]
        },
        {
          "resources": [
            "artifact",
            "scan"
          ],
          "actions": [
            "read"
          ]
        }
      ],
      "kind": "project",
      "namespace": "*"
    }
  ]
}
➜  harbor-cli git:(fix/769_robot_validation) ./bin/harbor-cli project robot create -r examples/config/robot-account/project/robot-config.json -v
Loading configuration from:  examples/config/robot-account/project/robot-config.json
DEBU[2026-03-25T20:35:41+01:00] Using system keyring                         
Error: failed to load robot config from file: project robots cannot have wildcard namespace in permissions







➜  harbor-cli git:(fix/769_robot_validation) # Faulty run with config for project robot with system robot command           
➜  harbor-cli git:(fix/769_robot_validation) ./bin/harbor-cli robot create -r examples/config/robot-account/project/robot-config.json -v 
Loading configuration from:  examples/config/robot-account/project/robot-config.json
DEBU[2026-03-25T20:37:09+01:00] Using system keyring                         
Error: failed to load robot config from file: project robots cannot have wildcard namespace in permissions







➜  harbor-cli git:(fix/769_robot_validation) # Vice versa                                                         
➜  harbor-cli git:(fix/769_robot_validation) ./bin/harbor-cli project robot create -r examples/config/robot-account/system/robot-config.json -v 
Loading configuration from:  examples/config/robot-account/system/robot-config.json
DEBU[2026-03-25T20:37:44+01:00] Using system keyring                         
INFO[2026-03-25T20:37:44+01:00] Successfully loaded robot configuration      
Error: invalid robot configuration: level must be 'project'. If you try to create a system-level robot, please run the `harbor-cli robot create` command instead.

[codecov]

Codecov Report

❌ Patch coverage is 0% with 16 lines in your changes missing coverage. Please review.
✅ Project coverage is 7.80%. Comparing base (60ad0bd) to head (22ef435).
⚠️ Report is 119 commits behind head on main.

Files with missing lines	Patch %	Lines
cmd/harbor/root/robot/create.go	0.00%	8 Missing ⚠️
pkg/config/robot/robot.go	0.00%	4 Missing ⚠️
cmd/harbor/root/project/robot/create.go	0.00%	2 Missing ⚠️
cmd/harbor/root/robot/update.go	0.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff            @@
##             main    #770      +/-   ##
=========================================
- Coverage   10.99%   7.80%   -3.19%     
=========================================
  Files         173     270      +97     
  Lines        8671   13163    +4492     
=========================================
+ Hits          953    1027      +74     
- Misses       7612   12023    +4411     
- Partials      106     113       +7     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[qcserestipy]

Additionally, it looks like that the harbor api expects system level permissions for system robot accounts:

➜  harbor-cli git:(fix/769_robot_validation) ✗ ./bin/harbor-cli robot create -r examples/config/robot-account/system/robot-config.json -v -v
Loading configuration from:  examples/config/robot-account/system/robot-config.json
DEBU[2026-03-25T20:44:29+01:00] Using system keyring                         
INFO[2026-03-25T20:44:29+01:00] Successfully loaded robot configuration      
INFO[2026-03-25T20:44:29+01:00] Loaded system robot with 0 system permissions and 1 project-specific permissions 
Error: failed to create robot: failed to create robot: bad request empty access

This is something I will further check

EDIT: There was still a bug in the code that was fixed in the next commit

[NucleoFusion]

lgtm