chore: bump chart version to 0.1.15

Triggers OCI artifact rebuild so Flux picks up the MCP sidecar changes.

Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>

.mcp.json

@@ -1,29 +1,17 @@
 {
   "mcpServers": {
-    "github": {
-      "command": "github-mcp-server",
-      "args": ["stdio"],
-      "env": {
-        "GITHUB_PERSONAL_ACCESS_TOKEN": "${CLAUDE_GITHUB_TOKEN}"
-      }
+    "kubernetes": {
+      "type": "sse",
+      "url": "http://localhost:8080/sse"
     },
-    "kubernetes (local)": {
-      "command": "npx",
-      "args": [
-        "-y",
-        "kubernetes-mcp-server@latest"
-      ]
-    },
-    "flux (local)":{
-      "command":"flux-operator-mcp",
-      "args":["serve"],
-      "env":{
-        "KUBECONFIG":"/Users/cpfarhood/.kube/config"
-      }
+    "flux": {
+      "type": "sse",
+      "url": "http://localhost:8081/sse"
     },
     "playwright": {
-      "command": "npx",
-      "args": ["-y", "@playwright/mcp@latest"]
-    }
+      "type": "sse",
+      "url": "http://playwright-mcp.playwright.svc.cluster.local:3000/sse"
+    } 
   }
 }
+

Dockerfile

@@ -35,7 +35,25 @@ RUN wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | gpg --dearm
 # Chrome wrapper: adds flags required for running inside a Docker container.
 # xdg-open (used by Claude Code on Linux) respects $BROWSER, so pointing it
 # here ensures the OAuth popup works without manual --no-sandbox invocations.
-RUN printf '#!/bin/bash\nexec /usr/bin/google-chrome-stable \\\n  --no-sandbox \\\n  --disable-dev-shm-usage \\\n  --disable-gpu \\\n  "$@"\n' > /usr/local/bin/google-chrome && \
+# Cleans up crash lock files and suppresses the crash-restore bubble so that
+# sessions/cookies survive unclean pod shutdowns (SIGKILL).
+RUN printf '#!/bin/bash\n\
+CHROME_DIR="/config/userdata/.config/google-chrome"\n\
+mkdir -p "$CHROME_DIR"\n\
+# Remove stale lock files left by unclean container shutdown\n\
+rm -f "$CHROME_DIR/SingletonLock" "$CHROME_DIR/SingletonSocket" "$CHROME_DIR/SingletonCookie"\n\
+# Mark the previous session as clean so Chrome does not clear cookies\n\
+PREFS="$CHROME_DIR/Default/Preferences"\n\
+if [ -f "$PREFS" ]; then\n\
+  sed -i '\''s/"exit_type":"Crashed"/"exit_type":"Normal"/g; s/"exited_cleanly":false/"exited_cleanly":true/g'\'' "$PREFS"\n\
+fi\n\
+exec /usr/bin/google-chrome-stable \\\n\
+  --no-sandbox \\\n\
+  --disable-dev-shm-usage \\\n\
+  --disable-gpu \\\n\
+  --disable-session-crashed-bubble \\\n\
+  --user-data-dir="$CHROME_DIR" \\\n\
+  "$@"\n' > /usr/local/bin/google-chrome && \
     chmod +x /usr/local/bin/google-chrome
 
 # Install Node.js (LTS version for Happy Coder)
@@ -93,7 +111,7 @@ COPY --chmod=755 scripts/cont-init-sshd.sh /etc/cont-init.d/25-start-sshd.sh
 WORKDIR /workspace
 
 # Configure container to run as user user
-ENV HOME=/home/user \
+ENV HOME=/config/userdata \
     USER=user \
     BROWSER=/usr/local/bin/google-chrome
 

chart/Chart.yaml

@@ -2,5 +2,5 @@ apiVersion: v2
 name: devcontainer
 description: Antigravity Dev Container with Happy Coder AI assistant
 type: application
-version: 0.1.12
+version: 0.1.15
 appVersion: "latest"

chart/templates/deployment.yaml

@@ -68,7 +68,7 @@ spec:
             {{- toYaml .Values.resources | nindent 12 }}
           volumeMounts:
             - name: userhome
-              mountPath: /home
+              mountPath: /config
             - name: workspace
               mountPath: /workspace
             - name: shm
@@ -98,6 +98,55 @@ spec:
             initialDelaySeconds: 5
             periodSeconds: 5
           {{- end }}
+        {{- if .Values.mcpSidecars.kubernetes.enabled }}
+        - name: kubernetes-mcp
+          image: "{{ .Values.mcpSidecars.kubernetes.image.repository }}:{{ .Values.mcpSidecars.kubernetes.image.tag }}"
+          args:
+            - --port
+            - {{ .Values.mcpSidecars.kubernetes.port | quote }}
+          ports:
+            - containerPort: {{ .Values.mcpSidecars.kubernetes.port }}
+              name: k8s-mcp
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: {{ .Values.mcpSidecars.kubernetes.port }}
+            initialDelaySeconds: 10
+            periodSeconds: 10
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: {{ .Values.mcpSidecars.kubernetes.port }}
+            initialDelaySeconds: 5
+            periodSeconds: 5
+          resources:
+            {{- toYaml .Values.mcpSidecars.kubernetes.resources | nindent 12 }}
+        {{- end }}
+        {{- if .Values.mcpSidecars.flux.enabled }}
+        - name: flux-mcp
+          image: "{{ .Values.mcpSidecars.flux.image.repository }}:{{ .Values.mcpSidecars.flux.image.tag }}"
+          args:
+            - serve
+            - --transport=sse
+            - --port={{ .Values.mcpSidecars.flux.port }}
+          ports:
+            - containerPort: {{ .Values.mcpSidecars.flux.port }}
+              name: flux-mcp
+              protocol: TCP
+          livenessProbe:
+            tcpSocket:
+              port: {{ .Values.mcpSidecars.flux.port }}
+            initialDelaySeconds: 10
+            periodSeconds: 10
+          readinessProbe:
+            tcpSocket:
+              port: {{ .Values.mcpSidecars.flux.port }}
+            initialDelaySeconds: 5
+            periodSeconds: 5
+          resources:
+            {{- toYaml .Values.mcpSidecars.flux.resources | nindent 12 }}
+        {{- end }}
       volumes:
         - name: workspace
           emptyDir: {}

chart/values.yaml

@@ -23,7 +23,7 @@ ssh: false
 # Happy Coder endpoints
 happyServerUrl: "https://happy.farh.net"
 happyWebappUrl: "https://happy-coder.farh.net"
-happyHomeDir: "/home/user/.happy"
+happyHomeDir: "/config/userdata/.happy"
 happyExperimental: "true"
 
 # VNC display
@@ -66,3 +66,32 @@ clusterAccess: none
 # Name of existing Secret containing env vars (GITHUB_TOKEN, VNC_PASSWORD, etc.)
 # Defaults to: devcontainer-{name}-secrets-env
 envSecretName: ""
+
+# MCP server sidecars — run alongside the devcontainer to inherit pod RBAC.
+mcpSidecars:
+  kubernetes:
+    enabled: true
+    image:
+      repository: quay.io/containers/kubernetes_mcp_server
+      tag: latest
+    port: 8080
+    resources:
+      requests:
+        memory: "64Mi"
+        cpu: "50m"
+      limits:
+        memory: "256Mi"
+        cpu: "500m"
+  flux:
+    enabled: true
+    image:
+      repository: ghcr.io/controlplaneio-fluxcd/flux-operator-mcp
+      tag: latest
+    port: 8081
+    resources:
+      requests:
+        memory: "64Mi"
+        cpu: "50m"
+      limits:
+        memory: "256Mi"
+        cpu: "500m"

scripts/cont-init-sshd.sh

@@ -5,7 +5,7 @@
 
 echo "=== SSH enabled: starting sshd ==="
 
-HOME_DIR="/home/user"
+HOME_DIR="/config/userdata"
 HOST_KEY_STORE="$HOME_DIR/.ssh/host_keys"
 
 # Persist host keys on the home PVC so clients don't see a "host key

scripts/cont-init-user.sh

@@ -3,4 +3,4 @@
 # baseimage-gui sets shell=/sbin/nologin and home=/dev/null, which
 # prevents VSCode from opening terminals.
 usermod -s /bin/bash app
-usermod -d /home/user app
+usermod -d /config/userdata app

scripts/init-repo.sh

@@ -25,8 +25,8 @@ else
         # Configure git to use token if provided
         if [ -n "$GITHUB_TOKEN" ]; then
             git config credential.helper store
-            echo "https://oauth2:${GITHUB_TOKEN}@github.com" > /home/.git-credentials
-            chmod 600 /home/.git-credentials
+            echo "https://oauth2:${GITHUB_TOKEN}@github.com" > /config/userdata/.git-credentials
+            chmod 600 /config/userdata/.git-credentials
         fi
 
         git pull || echo "Pull failed, continuing anyway..."
@@ -42,8 +42,8 @@ else
 
             # Configure credentials for future use
             git config --global credential.helper store
-            echo "https://oauth2:${GITHUB_TOKEN}@github.com" > /home/.git-credentials
-            chmod 600 /home/.git-credentials
+            echo "https://oauth2:${GITHUB_TOKEN}@github.com" > /config/userdata/.git-credentials
+            chmod 600 /config/userdata/.git-credentials
         else
             git clone "$GITHUB_REPO" "$WORKSPACE_DIR"
         fi