fix: overhaul release pipeline — 5 issues resolved

1. version input now optional — auto-increment from release_type works
2. replaced deprecated actions/create-release@v1 with gh release create
3. race condition fixed — release commit uses [skip ci], removed fragile
   github.actor guard from build-and-push.yaml
4. simplified gh-pages publishing — uses clean temp dir + shallow clone
   instead of convoluted git worktree fallback
5. version parsing strips pre-release suffixes (e.g., 2.0.0-dev → 2.0.0)

Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>

.claude/settings.json

@@ -0,0 +1,6 @@
+{
+  "enabledPlugins": {
+    "voltagent-dev-exp@voltagent-subagents": true,
+    "voltagent-lang@voltagent-subagents": true
+  }
+}

.claude/settings.local.json

@@ -2,6 +2,15 @@
   "enabledMcpjsonServers": [
     "kubernetes",
     "flux",
-    "playwright"
-  ]
+    "playwright",
+    "github",
+    "pgtuner",
+    "fetch",
+    "sequentialthinking"
+  ],
+  "permissions": {
+    "allow": [
+      "Bash(git add .claude/settings.local.json .claude/settings.json && git commit -m \"$\\(cat <<'EOF'\nchore: update Claude Code settings and enable voltagent plugins\n\nAdd fetch and sequentialthinking MCP servers to allowed list, and enable\nvoltagent dev-exp and lang subagent plugins.\n\nCo-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>\nEOF\n\\)\" && git status)"
+    ]
+  }
 }

.github/workflows/README.md

@@ -15,9 +15,8 @@ Use this for all version releases:
 - ✅ Updates chart version
 - ✅ Creates git tag
 - ✅ Builds Docker image with all proper tags
-- ✅ Publishes Helm chart to GHCR
+- ✅ Publishes Helm chart to GitHub Pages (`https://cpfarhood.github.io/devcontainer`)
 - ✅ Creates GitHub Release with changelog
-- ✅ No more `[skip ci]` blocking builds!
 
 ### 2️⃣ For Quick Fixes → **Quick Fix Build**
 Use this for emergency fixes without version changes:
@@ -30,8 +29,8 @@ Use this for emergency fixes without version changes:
 
 ### 3️⃣ Automatic CI → **Build and Push**
 Runs automatically on:
+- Pushes to `main` (builds and pushes; skipped for release commits via `[skip ci]`)
 - Pull requests (builds but doesn't push)
-- Tags starting with `v*` (builds and pushes)
 - Manual trigger available
 
 ## Workflow Files
@@ -90,5 +89,5 @@ gh run watch
 ### After (Simple! 🎉)
 - **3 total workflows** (down from 6+)
 - **1 button** for complete releases
-- **No more `[skip ci]`** blocking builds
+- Release builds its own Docker image — `[skip ci]` on the version commit prevents duplicate CI builds
 - **Clear separation** of concerns

.github/workflows/build-and-push.yaml

@@ -4,8 +4,6 @@ on:
   push:
     branches:
       - main
-    tags:
-      - 'v*'
   pull_request:
     branches:
       - main
@@ -46,9 +44,6 @@ jobs:
           tags: |
             type=ref,event=branch
             type=ref,event=pr
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}
             type=sha,prefix=sha-
             type=raw,value=latest,enable={{is_default_branch}}
 

.github/workflows/release-unified.yaml

@@ -4,11 +4,11 @@ on:
   workflow_dispatch:
     inputs:
       version:
-        description: 'Version to release (e.g., 0.1.25)'
-        required: true
+        description: 'Explicit version (e.g., 1.2.3). Leave blank to auto-increment.'
+        required: false
         type: string
       release_type:
-        description: 'Release type'
+        description: 'Release type (used when version is blank)'
         required: true
         default: 'patch'
         type: choice
@@ -49,37 +49,34 @@ jobs:
       - name: Determine Version
         id: version
         run: |
-          if [ "${{ github.event.inputs.version }}" != "" ]; then
-            VERSION="${{ github.event.inputs.version }}"
+          INPUT_VERSION="${{ github.event.inputs.version }}"
+          if [ -n "$INPUT_VERSION" ]; then
+            VERSION="$INPUT_VERSION"
           else
-            # Auto-determine next version based on release type
+            # Auto-increment based on release_type
             CURRENT=$(grep '^version:' chart/Chart.yaml | awk '{print $2}')
-            MAJOR=$(echo $CURRENT | cut -d. -f1)
-            MINOR=$(echo $CURRENT | cut -d. -f2)
-            PATCH=$(echo $CURRENT | cut -d. -f3)
+            # Strip any pre-release suffix (e.g., 2.0.0-dev -> 2.0.0)
+            CURRENT=$(echo "$CURRENT" | sed 's/-.*//')
+            MAJOR=$(echo "$CURRENT" | cut -d. -f1)
+            MINOR=$(echo "$CURRENT" | cut -d. -f2)
+            PATCH=$(echo "$CURRENT" | cut -d. -f3)
 
             case "${{ github.event.inputs.release_type }}" in
-              major)
-                VERSION="$((MAJOR + 1)).0.0"
-                ;;
-              minor)
-                VERSION="${MAJOR}.$((MINOR + 1)).0"
-                ;;
-              patch)
-                VERSION="${MAJOR}.${MINOR}.$((PATCH + 1))"
-                ;;
+              major) VERSION="$((MAJOR + 1)).0.0" ;;
+              minor) VERSION="${MAJOR}.$((MINOR + 1)).0" ;;
+              patch) VERSION="${MAJOR}.${MINOR}.$((PATCH + 1))" ;;
             esac
           fi
 
           echo "version=${VERSION}" >> $GITHUB_OUTPUT
           echo "tag=v${VERSION}" >> $GITHUB_OUTPUT
-          echo "🚀 Releasing version ${VERSION}"
+          echo "Releasing version ${VERSION}"
 
       - name: Update Chart Version
         run: |
           sed -i "s/^version: .*/version: ${{ steps.version.outputs.version }}/" chart/Chart.yaml
           git add chart/Chart.yaml
-          git commit -m "chore: release version ${{ steps.version.outputs.version }}"
+          git diff --quiet --staged || git commit -m "chore(release): ${{ steps.version.outputs.version }} [skip ci]"
 
       - name: Create and Push Tag
         run: |
@@ -107,27 +104,69 @@ jobs:
           cache-to: type=gha,mode=max
           platforms: linux/amd64
 
-      - name: Package Helm Chart
+      - name: Publish Helm Chart to GitHub Pages
         run: |
-          helm registry login ghcr.io \
-            --username ${{ github.actor }} \
-            --password ${{ secrets.GITHUB_TOKEN }}
           helm package chart/
-          helm push devcontainer-${{ steps.version.outputs.version }}.tgz oci://ghcr.io/cpfarhood/charts
+          CHART_TGZ="devcontainer-${{ steps.version.outputs.version }}.tgz"
 
-      - name: Generate Release Notes
-        id: notes
+          # Set up gh-pages in a temporary directory
+          PAGES_DIR=$(mktemp -d)
+          if git ls-remote --heads origin gh-pages | grep -q gh-pages; then
+            # gh-pages exists — shallow clone just that branch
+            git clone --single-branch --branch gh-pages \
+              "https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git" \
+              "$PAGES_DIR"
+          else
+            # First time — initialize gh-pages
+            git init "$PAGES_DIR"
+            git -C "$PAGES_DIR" checkout --orphan gh-pages
+            git -C "$PAGES_DIR" remote add origin \
+              "https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git"
+            cat > "$PAGES_DIR/index.html" <<'HTMLEOF'
+          <!DOCTYPE html>
+          <html>
+          <head><title>Dev Container Helm Chart Repository</title></head>
+          <body>
+          <h1>Dev Container Helm Chart Repository</h1>
+          <p>Add this repository to Helm:</p>
+          <pre>helm repo add devcontainer https://cpfarhood.github.io/devcontainer</pre>
+          <p>Install the chart:</p>
+          <pre>helm install mydev devcontainer/devcontainer --set name=mydev</pre>
+          </body>
+          </html>
+          HTMLEOF
+          fi
+
+          git -C "$PAGES_DIR" config user.name "github-actions[bot]"
+          git -C "$PAGES_DIR" config user.email "github-actions[bot]@users.noreply.github.com"
+
+          # Copy chart package and rebuild index
+          cp "$CHART_TGZ" "$PAGES_DIR/"
+          if [ -f "$PAGES_DIR/index.yaml" ]; then
+            helm repo index "$PAGES_DIR" --url https://cpfarhood.github.io/devcontainer --merge "$PAGES_DIR/index.yaml"
+          else
+            helm repo index "$PAGES_DIR" --url https://cpfarhood.github.io/devcontainer
+          fi
+
+          # Commit and push
+          git -C "$PAGES_DIR" add .
+          git -C "$PAGES_DIR" commit -m "Publish chart ${{ steps.version.outputs.version }}"
+          git -C "$PAGES_DIR" push origin gh-pages
+
+      - name: Create GitHub Release
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          # Get commits since last tag
+          # Build release notes
           PREV_TAG=$(git describe --tags --abbrev=0 HEAD^ 2>/dev/null || echo "")
           if [ -z "$PREV_TAG" ]; then
             COMMITS=$(git log --pretty=format:"- %s (%h)" HEAD)
           else
-            COMMITS=$(git log --pretty=format:"- %s (%h)" ${PREV_TAG}..HEAD)
+            COMMITS=$(git log --pretty=format:"- %s (%h)" "${PREV_TAG}..HEAD")
           fi
 
-          cat << EOF > release-notes.md
-          ## 🚀 Release ${{ steps.version.outputs.version }}
+          cat > release-notes.md <<EOF
+          ## Release ${{ steps.version.outputs.version }}
 
           ### Changes
           ${COMMITS}
@@ -139,21 +178,12 @@ jobs:
 
           ### Helm Chart
           \`\`\`bash
-          helm install devcontainer oci://ghcr.io/cpfarhood/charts/devcontainer --version ${{ steps.version.outputs.version }}
+          helm repo add devcontainer https://cpfarhood.github.io/devcontainer
+          helm repo update
+          helm install mydev devcontainer/devcontainer --version ${{ steps.version.outputs.version }} --set name=mydev
           \`\`\`
           EOF
 
-          echo "notes<<EOF" >> $GITHUB_OUTPUT
-          cat release-notes.md >> $GITHUB_OUTPUT
-          echo "EOF" >> $GITHUB_OUTPUT
-
-      - name: Create GitHub Release
-        uses: actions/create-release@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          tag_name: ${{ steps.version.outputs.tag }}
-          release_name: Release ${{ steps.version.outputs.tag }}
-          body: ${{ steps.notes.outputs.notes }}
-          draft: false
-          prerelease: false
+          gh release create "${{ steps.version.outputs.tag }}" \
+            --title "Release ${{ steps.version.outputs.tag }}" \
+            --notes-file release-notes.md

.github/workflows/release.yaml

@@ -1,86 +0,0 @@
-name: Release
-
-on:
-  push:
-    tags:
-      - 'v*'
-
-env:
-  REGISTRY: ghcr.io
-  IMAGE_NAME: ${{ github.repository }}
-
-jobs:
-  release:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      packages: write
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-        with:
-          fetch-depth: 0
-
-      - name: Set up Helm
-        uses: azure/setup-helm@v4
-
-      - name: Extract version from tag
-        id: version
-        run: |
-          TAG=${GITHUB_REF#refs/tags/}
-          VERSION=${TAG#v}
-          echo "tag=${TAG}" >> $GITHUB_OUTPUT
-          echo "version=${VERSION}" >> $GITHUB_OUTPUT
-          echo "🚀 Creating release for ${TAG}"
-
-      - name: Package and Push Helm Chart
-        run: |
-          helm registry login ghcr.io \
-            --username ${{ github.actor }} \
-            --password ${{ secrets.GITHUB_TOKEN }}
-          helm package chart/
-          helm push devcontainer-${{ steps.version.outputs.version }}.tgz oci://ghcr.io/cpfarhood/charts
-
-      - name: Generate Release Notes
-        id: notes
-        run: |
-          # Get commits since last tag
-          PREV_TAG=$(git describe --tags --abbrev=0 ${{ steps.version.outputs.tag }}^ 2>/dev/null || echo "")
-          if [ -z "$PREV_TAG" ]; then
-            COMMITS=$(git log --pretty=format:"- %s (%h)" ${{ steps.version.outputs.tag }})
-          else
-            COMMITS=$(git log --pretty=format:"- %s (%h)" ${PREV_TAG}..${{ steps.version.outputs.tag }})
-          fi
-
-          cat << EOF > release-notes.md
-          ## 🚀 Release ${{ steps.version.outputs.version }}
-
-          ### Changes
-          ${COMMITS}
-
-          ### Docker Image
-          \`\`\`bash
-          docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.tag }}
-          \`\`\`
-
-          ### Helm Chart
-          \`\`\`bash
-          helm install devcontainer oci://ghcr.io/cpfarhood/charts/devcontainer --version ${{ steps.version.outputs.version }}
-          \`\`\`
-          EOF
-
-          echo "notes<<EOF" >> $GITHUB_OUTPUT
-          cat release-notes.md >> $GITHUB_OUTPUT
-          echo "EOF" >> $GITHUB_OUTPUT
-
-      - name: Create GitHub Release
-        uses: actions/create-release@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          tag_name: ${{ steps.version.outputs.tag }}
-          release_name: Release ${{ steps.version.outputs.tag }}
-          body: ${{ steps.notes.outputs.notes }}
-          draft: false
-          prerelease: false

CLAUDE.md

@@ -7,6 +7,7 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co
 The Dev Container is a Docker-based cloud development environment that provides:
 - Web-based GUI IDE (VSCode/Antigravity) via VNC on port 5800
 - Claude Code, Happy Coder, OpenCode, and Crush AI coding agents (terminal-based)
+- Built-in web file manager for uploading/downloading files (optional, via `fileManager.enabled`)
 - Automatic GitHub repository cloning on startup
 - Kubernetes-native deployment with persistent home storage
 - MCP (Model Context Protocol) sidecars for AI assistant integrations
@@ -20,7 +21,7 @@ The stack is primarily **Bash scripts + YAML** — there is no Node.js package,
 ```bash
 make build                              # Build Docker image
 make build REGISTRY=ghcr.io/myuser IMAGE_TAG=v1.0  # Custom registry/tag
-docker build -t ghcr.io/cpfarhood/antigravity:latest .  # Direct build
+docker build -t ghcr.io/cpfarhood/devcontainer:latest .  # Direct build
 ```
 
 ### Running Locally
@@ -68,7 +69,7 @@ Container start
 
 | File | Purpose |
 |------|---------|
-| `Dockerfile` | Image definition — installs Chrome, Node.js, VSCode, Claude Code, Happy Coder, OpenCode, Crush; creates non-root user (UID 1000) |
+| `Dockerfile` | Image definition — installs Chrome, Node.js, VSCode, Helm, Claude Code, Happy Coder, OpenCode, Crush; creates non-root user (UID 1000) |
 | `scripts/init-repo.sh` | Configures git credentials, clones GitHub repo |
 | `scripts/startapp.sh` | Calls init-repo.sh then opens VSCode in the workspace |
 | `chart/` | Helm chart for Kubernetes deployment |
@@ -77,7 +78,7 @@ Container start
 | `chart/templates/pvc.yaml` | PersistentVolumeClaim for user home |
 | `chart/templates/service.yaml` | ClusterIP Service (VNC + optional SSH) |
 | `chart/values.yaml` | Default Helm values |
-| `.mcp.json` | MCP server connection config (Kubernetes, Flux, GitHub, Home Assistant, Playwright) |
+| `.mcp.json` | MCP server connection config (GitHub Copilot, Kubernetes, Flux, Fetch, Sequential Thinking, Playwright, pgtuner) |
 | `Makefile` | Build/deploy automation |
 
 ### MCP Sidecars
@@ -88,15 +89,18 @@ MCP (Model Context Protocol) servers run as sidecar containers in the pod, enabl
 |---------|-------|---------|------|----------|---------|
 | `kubernetes-mcp` | `quay.io/containers/kubernetes_mcp_server` | v0.0.57 | 8080 | `http://localhost:8080/sse` | Enabled |
 | `flux-mcp` | `ghcr.io/controlplaneio-fluxcd/flux-operator-mcp` | v0.41.1 | 8081 | `http://localhost:8081/sse` | Enabled |
-| `github-mcp` | `ghcr.io/modelcontextprotocol/servers/github` | latest | 8088 | `http://localhost:8088/sse` | Disabled |
+| `fetch-mcp` | `mcp/fetch` | latest | 8082 | `http://localhost:8082/sse` | Enabled |
+| `sequentialthinking-mcp` | `mcp/sequentialthinking` | latest | 8083 | `http://localhost:8083/sse` | Enabled |
 | `homeassistant-mcp` | `ghcr.io/homeassistant-ai/ha-mcp` | stable | 8087 | `http://localhost:8087/sse` | Disabled |
 | `pgtuner-mcp` | `dog830228/pgtuner_mcp` | latest | 8085 | `http://localhost:8085/sse` | Disabled |
-| `playwright-mcp` | `microsoft/playwright-mcp` | latest | 8086 | `http://localhost:8086/sse` | Enabled |
+| `playwright-mcp` | `mcr.microsoft.com/playwright/mcp` | latest | 8086 | `http://localhost:8086/sse` | Enabled |
 
 **Note:**
+- GitHub MCP is accessed via the Copilot API (`https://api.githubcopilot.com/mcp/`), not as a sidecar
 - Kubernetes and Flux sidecars require `clusterAccess` != `none` to be deployed (they need RBAC permissions)
 - Kubernetes and Flux sidecars inherit the pod's ServiceAccount RBAC permissions
-- GitHub sidecar uses `GITHUB_TOKEN` from the env secret (same token used for repo cloning)
+- Fetch sidecar provides web content fetching capabilities and HTML to markdown conversion
+- Sequential thinking sidecar enables structured thinking and problem-solving processes
 - Home Assistant sidecar requires `HOMEASSISTANT_URL` and `HOMEASSISTANT_TOKEN` in the env secret
 - PostgreSQL tuner sidecar requires `DATABASE_URI` in the env secret (PostgreSQL connection string)
 - Playwright sidecar provides browser automation and web testing capabilities
@@ -109,34 +113,38 @@ To control MCP sidecars, set the `enabled` flag in your values override:
 # Disable all MCP sidecars
 mcp:
   sidecars:
-  kubernetes:
-    enabled: false
-  flux:
-    enabled: false
-  github:
-    enabled: false
-  homeassistant:
-    enabled: false
-  pgtuner:
-    enabled: false
-  playwright:
-    enabled: false
+    kubernetes:
+      enabled: false
+    flux:
+      enabled: false
+    fetch:
+      enabled: false
+    sequentialthinking:
+      enabled: false
+    homeassistant:
+      enabled: false
+    pgtuner:
+      enabled: false
+    playwright:
+      enabled: false
 
 # Or selectively enable/disable
 mcp:
   sidecars:
-  kubernetes:
-    enabled: true  # Keep Kubernetes MCP enabled
-  flux:
-    enabled: false # Disable Flux MCP
-  github:
-    enabled: true  # Keep GitHub MCP enabled (uses GITHUB_TOKEN)
-  homeassistant:
-    enabled: true  # Enable Home Assistant MCP (requires secrets)
-  pgtuner:
-    enabled: true  # Enable PostgreSQL tuner MCP (requires DATABASE_URI)
-  playwright:
-    enabled: true  # Enable Playwright MCP for browser automation
+    kubernetes:
+      enabled: true  # Keep Kubernetes MCP enabled
+    flux:
+      enabled: false # Disable Flux MCP
+    fetch:
+      enabled: true  # Enable Fetch MCP for web content fetching
+    sequentialthinking:
+      enabled: true  # Enable Sequential Thinking MCP for problem-solving
+    homeassistant:
+      enabled: true  # Enable Home Assistant MCP (requires secrets)
+    pgtuner:
+      enabled: true  # Enable PostgreSQL tuner MCP (requires DATABASE_URI)
+    playwright:
+      enabled: true  # Enable Playwright MCP for browser automation
 ```
 
 When deploying via Helm:
@@ -176,18 +184,22 @@ helm install my-devcontainer ./chart -f custom-values.yaml
 - `USER_ID` / `GROUP_ID` — Override UID/GID (default 1000)
 - `HAPPY_SERVER_URL` / `HAPPY_WEBAPP_URL` — Custom Happy Coder endpoints
 - `HAPPY_HOME_DIR` / `HAPPY_EXPERIMENTAL`
+- `WEB_FILE_MANAGER` — Set to `1` to enable the built-in web file manager (controlled via `fileManager.enabled` in Helm values)
+- `WEB_FILE_MANAGER_ALLOWED_PATHS` — Paths accessible by the file manager (default: `/workspace,/config`)
+- `WEB_FILE_MANAGER_DENIED_PATHS` — Paths to deny access to (takes precedence over allowed)
 
 ### CI/CD
 
 - **`build-and-push.yaml`** — Builds and pushes to GHCR on every push to `main`, version tags (`v*`), and PRs. Tags: `latest` (main), semver, branch name, commit SHA.
-- **`release.yaml`** — Creates a GitHub Release with docker pull instructions when a version tag is pushed.
+- **`release-unified.yaml`** — Manual release workflow: bumps chart version, builds Docker image, publishes Helm chart to GitHub Pages (`https://cpfarhood.github.io/devcontainer`), and creates GitHub Release.
 - **`dependabot.yml`** — Weekly updates for GitHub Actions and Docker base image.
 
 Image registry: `ghcr.io/cpfarhood/devcontainer`
+Helm repo: `https://cpfarhood.github.io/devcontainer`
 
 ## Kubernetes Notes
 
-- Deployed via Helm chart (`chart/`), published as OCI artifact to GHCR, reconciled by Flux
+- Deployed via Helm chart (`chart/`), published to GitHub Pages Helm repo, reconciled by Flux
 - Storage class is `ceph-filesystem` by default — change via `storage.className` in values
 - Resource limits: 1–4 CPU, 2–8Gi memory
 - Health checks (liveness/readiness probes) on port 5800

Dockerfile

@@ -72,9 +72,17 @@ RUN OPENCODE_VERSION=$(curl -sL https://api.github.com/repos/opencode-ai/opencod
 
 # Install Crush AI coding agent (OpenCode successor by Charm)
 RUN CRUSH_VERSION=$(curl -sL https://api.github.com/repos/charmbracelet/crush/releases/latest | jq -r '.tag_name' | sed 's/^v//') && \
-    curl -fsSL "https://github.com/charmbracelet/crush/releases/download/v${CRUSH_VERSION}/crush_${CRUSH_VERSION}_Linux_x86_64.tar.gz" | \
-    tar -xz --strip-components=1 -C /usr/local/bin "crush_${CRUSH_VERSION}_Linux_x86_64/crush" && \
-    chmod +x /usr/local/bin/crush
+    curl -fsSL "https://github.com/charmbracelet/crush/releases/download/v${CRUSH_VERSION}/crush_${CRUSH_VERSION}_Linux_x86_64.tar.gz" -o /tmp/crush.tar.gz && \
+    tar -xzf /tmp/crush.tar.gz -C /tmp && \
+    mv /tmp/crush_${CRUSH_VERSION}_Linux_x86_64/crush /usr/local/bin/crush && \
+    chmod +x /usr/local/bin/crush && \
+    rm -rf /tmp/crush*
+
+# Install Helm CLI for Kubernetes chart management
+ARG HELM_VERSION=3.17.1
+RUN curl -fsSL "https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz" | \
+    tar -xz --strip-components=1 -C /usr/local/bin linux-amd64/helm && \
+    chmod +x /usr/local/bin/helm
 
 # Install VSCode
 RUN wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor -o /usr/share/keyrings/packages.microsoft.gpg && \
@@ -89,10 +97,26 @@ RUN mkdir -p /etc/apt/keyrings && \
       gpg --dearmor --yes -o /etc/apt/keyrings/antigravity-repo-key.gpg && \
     echo "deb [signed-by=/etc/apt/keyrings/antigravity-repo-key.gpg] https://us-central1-apt.pkg.dev/projects/antigravity-auto-updater-dev/ antigravity-debian main" \
       > /etc/apt/sources.list.d/antigravity.list && \
+    # Clear package cache to force fresh repository data
+    rm -rf /var/lib/apt/lists/* && \
     apt-get update && \
-    apt-get install -y antigravity && \
+    # Show available versions for debugging
+    apt-cache policy antigravity && \
+    # Install latest version
+    apt-get install -y --no-install-recommends antigravity && \
+    # Display installed version
+    dpkg -l | grep antigravity && \
     rm -rf /var/lib/apt/lists/*
 
+# Pre-configure Antigravity to skip onboarding/setup on first run
+RUN mkdir -p /etc/skel/.config/antigravity/User/globalStorage && \
+    echo '{"antigravityUnifiedStateSync.seenNuxOneTimeMigration": true, "antigravityUnifiedStateSync.browserOnboarding.completed": true, "antigravityUnifiedStateSync.hasOnboardingCompleted": true, "browserOnboarding.hasSeenWelcome": true, "antigravityUnifiedStateSync.browserPreferences.hasAddedLocalhostToAllowlist": true, "antigravityUnifiedStateSync.oauthToken.hasLegacyMigrated": true, "antigravityUnifiedStateSync.auth.tokenSyncEnabled": true, "antigravityUnifiedStateSync.auth.cloudSyncEnabled": true, "theme": "vs-dark"}' \
+      > /etc/skel/.config/antigravity/User/globalStorage/storage.json && \
+    echo '{"workbench.startupEditor": "none", "workbench.welcomePage.walkthroughs.openOnInstall": false, "workbench.tips.enabled": false, "extensions.ignoreRecommendations": true, "telemetry.telemetryLevel": "off", "update.mode": "none", "extensions.autoUpdate": false, "extensions.autoCheckUpdates": false, "workbench.enableExperiments": true, "workbench.settings.enableNaturalLanguageSearch": true, "antigravity.onboarding.completed": true, "antigravity.browserOnboarding.completed": true, "antigravity.setup.completed": true, "antigravity.ai.enabled": true, "antigravity.ai.autoComplete.enabled": true, "antigravity.ai.chat.enabled": true, "antigravity.ai.codeActions.enabled": true, "antigravity.ai.explainCode.enabled": true, "antigravity.ai.generateCode.enabled": true, "antigravity.ai.optimizeCode.enabled": true, "antigravity.ai.autoSuggest.enabled": true, "antigravity.telemetry.crashReporter": "on", "antigravity.ai.acceptTerms": true, "antigravity.auth.syncState": true, "antigravity.auth.enableTokenSync": true, "antigravity.ai.enableCloudSync": true, "antigravity.settings.sync": true}' \
+      > /etc/skel/.config/antigravity/User/settings.json && \
+    # Validate Antigravity installation
+    /usr/share/antigravity/antigravity --version || echo "WARNING: Antigravity version check failed"
+
 # Install OpenSSH server (for SSH IDE mode)
 RUN apt-get update && \
     apt-get install -y openssh-server && \

Makefile

@@ -2,7 +2,7 @@
 
 # Variables
 REGISTRY ?= ghcr.io/cpfarhood
-IMAGE_NAME ?= antigravity
+IMAGE_NAME ?= devcontainer
 IMAGE_TAG ?= latest
 FULL_IMAGE = $(REGISTRY)/$(IMAGE_NAME):$(IMAGE_TAG)
 
@@ -29,15 +29,15 @@ run:
 		-e HAPPY_EXPERIMENTAL="true" \
 		-v $(PWD)/home:/home \
 		-v $(PWD)/workspace:/workspace \
-		--name antigravity \
+		--name devcontainer \
 		$(FULL_IMAGE)
 	@echo "Access at http://localhost:5800"
 
 # Stop the running container
 stop:
-	@echo "Stopping antigravity container..."
-	docker stop antigravity || true
-	docker rm antigravity || true
+	@echo "Stopping devcontainer..."
+	docker stop devcontainer || true
+	docker rm devcontainer || true
 
 # Clean up local volumes
 clean: stop
@@ -81,7 +81,7 @@ helm-port-forward:
 
 # Show help
 help:
-	@echo "Antigravity Dev Container Makefile"
+	@echo "Dev Container Makefile"
 	@echo ""
 	@echo "Usage: make [target]"
 	@echo ""
@@ -101,7 +101,7 @@ help:
 	@echo ""
 	@echo "Variables:"
 	@echo "  REGISTRY           - Docker registry (default: ghcr.io/cpfarhood)"
-	@echo "  IMAGE_NAME         - Image name (default: antigravity)"
+	@echo "  IMAGE_NAME         - Image name (default: devcontainer)"
 	@echo "  IMAGE_TAG          - Image tag (default: latest)"
 	@echo "  RELEASE_NAME       - Helm release name (default: mydev)"
 	@echo "  NAMESPACE          - Kubernetes namespace (default: default)"

README.md

@@ -6,29 +6,38 @@ A containerized cloud development environment with web-based GUI access, featuri
 - **VSCode or Google Antigravity** via browser-based VNC (port 5800)
 - **SSH access** option (OpenSSH on port 22, additive with any IDE)
 - **Claude Code**, **Happy Coder**, **OpenCode**, and **Crush** AI coding agents (terminal-based)
+- **Built-in web file manager** for uploading/downloading files via the VNC web interface
+- **Helm CLI** included for Kubernetes chart development and deployment
 - **Automatic GitHub repo cloning** on startup
 - **Persistent home directory** via ReadWriteMany PVC
 - **Kubernetes-native** Helm chart deployment
 
 ## Quick Start
 
-### Option A: Quickstart (Recommended)
-
-For 80% of users, use the simplified quickstart values:
+### Option A: Install from Helm Repo (Recommended)
 
 ```bash
-# Copy and customize the quickstart template
+# Add the Helm repository
+helm repo add devcontainer https://cpfarhood.github.io/devcontainer
+helm repo update
+
+# Deploy with one command
+helm install mydev devcontainer/devcontainer \
+  --set name=mydev \
+  --set githubRepo=https://github.com/youruser/yourrepo
+```
+
+### Option B: Install from Source
+
+```bash
+# Clone and customize the quickstart template
 cp chart/values-quickstart.yaml my-values.yaml
+# Edit my-values.yaml to set your name and repository
 
-# Edit my-values.yaml to set your name and repository:
-# name: mydev
-# githubRepo: https://github.com/youruser/yourrepo
-
-# Deploy with minimal configuration
 helm install mydev ./chart -f my-values.yaml
 ```
 
-### Option B: One-Command Deploy
+### Option C: One-Command from Source
 
 ```bash
 helm install mydev ./chart \
@@ -48,9 +57,9 @@ The secret is picked up automatically via `envFrom`. Keys recognised:
 | `VNC_PASSWORD` | Password for the VNC web UI |
 | `ANTHROPIC_API_KEY` | API key — alternative to browser-based Claude login |
 | `SSH_AUTHORIZED_KEYS` | Public key(s) for SSH access (required when `ssh: true`) |
-| `HOMEASSISTANT_URL` | Home Assistant URL (required when `mcpSidecars.homeassistant.enabled: true`) |
-| `HOMEASSISTANT_TOKEN` | Home Assistant long-lived access token (required when `mcpSidecars.homeassistant.enabled: true`) |
-| `DATABASE_URI` | PostgreSQL connection string (required when `mcpSidecars.pgtuner.enabled: true`) |
+| `HOMEASSISTANT_URL` | Home Assistant URL (required when `mcp.sidecars.homeassistant.enabled: true`) |
+| `HOMEASSISTANT_TOKEN` | Home Assistant long-lived access token (required when `mcp.sidecars.homeassistant.enabled: true`) |
+| `DATABASE_URI` | PostgreSQL connection string (required when `mcp.sidecars.pgtuner.enabled: true`) |
 | `PGTUNER_EXCLUDE_USERIDS` | Comma-separated PostgreSQL user OIDs to exclude from monitoring (optional) |
 
 ```bash
@@ -119,14 +128,15 @@ The Helm chart uses a logical organization with these main sections:
 |-------|---------|-------------|
 | `name` | `""` | Instance name — used in all resource names (`devcontainer-{name}`) |
 | `githubRepo` | `""` | Repository to clone into `/workspace` on startup |
-| `ide` | `vscode` | IDE to launch — `vscode`, `antigravity`, or `none` (see below) |
-| `ssh` | `false` | Also start an OpenSSH server on port 22 (additive, any `ide`) |
+| `ide.type` | `vscode` | IDE to launch — `vscode`, `antigravity`, or `none` (see below) |
+| `ssh.enabled` | `false` | Also start an OpenSSH server on port 22 (additive, any IDE) |
+| `fileManager.enabled` | `false` | Enable the built-in web file manager for upload/download |
 | `image.repository` | `ghcr.io/cpfarhood/devcontainer` | Container image |
 | `image.tag` | `latest` | Image tag |
 
 ### IDE choice
 
-`ide` controls what GUI is launched in the VNC session:
+`ide.type` controls what GUI is launched in the VNC session:
 
 | Value | Port | Description |
 |-------|------|-------------|
@@ -136,14 +146,14 @@ The Helm chart uses a logical organization with these main sections:
 
 ### SSH access
 
-`ssh: true` starts OpenSSH on port 22 **in addition to** the IDE. It works with any `ide` value:
+`ssh.enabled: true` starts OpenSSH on port 22 **in addition to** the IDE. It works with any `ide.type` value:
 
 ```bash
 # SSH-only (no VNC)
-helm install mydev ./chart --set name=mydev --set ide=none --set ssh=true
+helm install mydev ./chart --set name=mydev --set ide.type=none --set ssh.enabled=true
 
 # VSCode in VNC + SSH access at the same time
-helm install mydev ./chart --set name=mydev --set ssh=true
+helm install mydev ./chart --set name=mydev --set ssh.enabled=true
 ```
 
 Add your public key to the env secret:
@@ -161,14 +171,32 @@ kubectl port-forward deployment/devcontainer-mydev 2222:22
 ssh -p 2222 user@localhost
 ```
 
+### Web file manager
+
+The base image includes a built-in web file manager for uploading and downloading files through the VNC web interface (port 5800). No additional sidecar is needed.
+
+| Value | Default | Description |
+|-------|---------|-------------|
+| `fileManager.enabled` | `false` | Enable the web file manager |
+| `fileManager.allowedPaths` | `/workspace,/config` | Paths accessible by the file manager (`AUTO`, `ALL`, or comma-separated) |
+| `fileManager.deniedPaths` | `""` | Paths to deny (takes precedence over allowed) |
+
+```bash
+# Enable the file manager
+helm install mydev ./chart \
+  --set name=mydev \
+  --set githubRepo=https://github.com/youruser/yourrepo \
+  --set fileManager.enabled=true
+```
+
 ### Happy Coder
 
 | Value | Default | Description |
 |-------|---------|-------------|
-| `happyServerUrl` | `https://happy.farh.net` | Happy Coder server endpoint |
-| `happyWebappUrl` | `https://happy-coder.farh.net` | Happy Coder webapp URL |
-| `happyHomeDir` | `/home/user/.happy` | Happy runtime state directory (persists on the home PVC) |
-| `happyExperimental` | `true` | Enable experimental Happy features |
+| `happy.serverUrl` | `https://happy.farh.net` | Happy Coder server endpoint |
+| `happy.webappUrl` | `https://happy-coder.farh.net` | Happy Coder webapp URL |
+| `happy.homeDir` | `/config/userdata/.happy` | Happy runtime state directory (persists on the home PVC) |
+| `happy.experimental` | `true` | Enable experimental Happy features |
 
 ### Kubernetes cluster access
 
@@ -200,16 +228,16 @@ The devcontainer includes MCP (Model Context Protocol) servers as sidecar contai
 |---------|---------|---------|
 | `mcp.sidecars.kubernetes.enabled` | `true` | Kubernetes API access via MCP |
 | `mcp.sidecars.flux.enabled` | `true` | Flux GitOps operations via MCP |
-| `mcp.sidecars.github.enabled` | `false` | GitHub API access via MCP (DISABLED: archived image) |
 | `mcp.sidecars.homeassistant.enabled` | `false` | Home Assistant smart home control via MCP |
 | `mcp.sidecars.pgtuner.enabled` | `false` | PostgreSQL performance tuning and analysis via MCP |
 | `mcp.sidecars.playwright.enabled` | `true` | Browser automation and web testing via MCP |
 
 **Notes:**
+- GitHub MCP is accessed via the Copilot API (`https://api.githubcopilot.com/mcp/`), not as a sidecar
 - Kubernetes and Flux sidecars require `clusterAccess` != `none` to be deployed (automatically disabled when no cluster access)
 - Kubernetes and Flux sidecars inherit the pod's ServiceAccount RBAC permissions (controlled by `clusterAccess`)
-- Home Assistant sidecar requires `homeassistant-url` and `homeassistant-token` in the env secret
-- PostgreSQL tuner sidecar requires `database-uri` in the env secret (PostgreSQL connection string)
+- Home Assistant sidecar requires `HOMEASSISTANT_URL` and `HOMEASSISTANT_TOKEN` in the env secret
+- PostgreSQL tuner sidecar requires `DATABASE_URI` in the env secret (PostgreSQL connection string)
 - Playwright sidecar provides browser automation and web testing capabilities
 
 **Disable MCP sidecars:**
@@ -263,62 +291,46 @@ helm install mydev ./chart \
 # values.yaml override
 mcp:
   sidecars:
-  kubernetes:
-    enabled: true
-    image:
-      repository: quay.io/containers/kubernetes_mcp_server
-      tag: v0.0.57
-    port: 8080
-    resources:
-      requests:
-        memory: "64Mi"
-        cpu: "50m"
-      limits:
-        memory: "256Mi"
-        cpu: "500m"
-  flux:
-    enabled: false  # Disabled in this example
-  github:
-    enabled: false  # Disabled by default (archived image)
-  homeassistant:
-    enabled: true
-    image:
-      repository: ghcr.io/homeassistant-ai/ha-mcp
-      tag: stable
-    port: 8087
-    resources:
-      requests:
-        memory: "64Mi"
-        cpu: "50m"
-      limits:
-        memory: "256Mi"
-        cpu: "500m"
-  pgtuner:
-    enabled: true
-    image:
-      repository: dog830228/pgtuner_mcp
-      tag: latest
-    port: 8085
-    resources:
-      requests:
-        memory: "64Mi"
-        cpu: "50m"
-      limits:
-        memory: "256Mi"
-        cpu: "500m"
-  playwright:
-    enabled: true
-    image:
-      repository: microsoft/playwright-mcp
-      tag: latest
-    port: 8086
-    resources:
-      requests:
-        memory: "128Mi"
-        cpu: "100m"
-      limits:
-        memory: "512Mi"
-        cpu: "1000m"
+    kubernetes:
+      enabled: true
+      image:
+        repository: quay.io/containers/kubernetes_mcp_server
+        tag: v0.0.57
+      port: 8080
+      resources:
+        requests:
+          memory: "64Mi"
+          cpu: "50m"
+        limits:
+          memory: "256Mi"
+          cpu: "500m"
+    flux:
+      enabled: false  # Disabled in this example
+    homeassistant:
+      enabled: true
+      image:
+        repository: ghcr.io/homeassistant-ai/ha-mcp
+        tag: stable
+      port: 8087
+    pgtuner:
+      enabled: true
+      image:
+        repository: dog830228/pgtuner_mcp
+        tag: latest
+      port: 8085
+    playwright:
+      enabled: true
+      image:
+        repository: mcr.microsoft.com/playwright/mcp
+        tag: latest
+      port: 8086
+      resources:
+        requests:
+          memory: "128Mi"
+          cpu: "100m"
+        limits:
+          memory: "512Mi"
+          cpu: "1000m"
 ```
 
 ### Display and resources
@@ -327,9 +339,9 @@ mcp:
 |-------|---------|-------------|
 | `display.width` | `1920` | VNC width (px) |
 | `display.height` | `1080` | VNC height (px) |
-| `secureConnection` | `0` | Set to `1` if TLS is not terminated upstream |
-| `userId` | `1000` | UID for the app user |
-| `groupId` | `1000` | GID for the app user |
+| `display.secureConnection` | `0` | Set to `1` if TLS is not terminated upstream |
+| `user.id` | `1000` | UID for the app user |
+| `user.groupId` | `1000` | GID for the app user |
 | `storage.size` | `32Gi` | Home PVC size |
 | `storage.className` | `ceph-filesystem` | StorageClass (must be ReadWriteMany) |
 | `shm.sizeLimit` | `2Gi` | `/dev/shm` size (memory-backed; used by Electron apps) |
@@ -362,10 +374,10 @@ Container start
 
 | Mount | Source | Persistence |
 |-------|--------|-------------|
-| `/home` | ReadWriteMany PVC (`userhome-{name}`) | Survives pod restarts — stores Claude credentials, dotfiles, git config |
+| `/config` | ReadWriteMany PVC (`userhome-{name}`) | Survives pod restarts — stores Claude credentials, dotfiles, git config |
 | `/workspace` | `emptyDir` | Ephemeral — repo is re-cloned on each pod start |
 
-Happy Coder's runtime state (`HAPPY_HOME_DIR`) is kept in `/home/user/.happy` on the persistent home PVC, so auth credentials and settings survive pod restarts when manually started.
+Happy Coder's runtime state (`HAPPY_HOME_DIR`) is kept in `/config/userdata/.happy` on the persistent home PVC, so auth credentials and settings survive pod restarts when manually started.
 
 ---
 

chart/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: devcontainer
-description: Antigravity Dev Container with Happy Coder AI assistant
+description: Dev Container with AI coding agents and MCP sidecars
 type: application
-version: 0.3.0
+version: 1.0.2
 appVersion: "latest"

chart/templates/NOTES.txt

@@ -0,0 +1,31 @@
+Dev Container "{{ .Values.name }}" has been deployed.
+
+{{- if ne (.Values.ide.type | default "vscode") "none" }}
+
+Access the IDE:
+  kubectl port-forward deployment/{{ include "devcontainer.fullname" . }} 5800:5800 -n {{ .Release.Namespace }}
+  Then open: http://localhost:5800
+{{- end }}
+
+{{- if .Values.ssh.enabled }}
+
+SSH access:
+  kubectl port-forward deployment/{{ include "devcontainer.fullname" . }} 2222:22 -n {{ .Release.Namespace }}
+  Then: ssh -p 2222 user@localhost
+{{- end }}
+
+Useful commands:
+  Logs:   kubectl logs -f deployment/{{ include "devcontainer.fullname" . }} -n {{ .Release.Namespace }}
+  Shell:  kubectl exec -it deployment/{{ include "devcontainer.fullname" . }} -n {{ .Release.Namespace }} -- bash
+
+{{- if not (lookup "v1" "Secret" .Release.Namespace (include "devcontainer.envSecretName" .)) }}
+
+Optional: Create a secret for GITHUB_TOKEN, VNC_PASSWORD, etc:
+  kubectl create secret generic {{ include "devcontainer.envSecretName" . }} \
+    --from-literal=GITHUB_TOKEN=ghp_xxx \
+    --from-literal=VNC_PASSWORD=changeme \
+    -n {{ .Release.Namespace }}
+{{- end }}
+
+Note: The PVC "{{ include "devcontainer.pvcName" . }}" is protected from deletion on helm uninstall.
+To remove it manually: kubectl delete pvc {{ include "devcontainer.pvcName" . }} -n {{ .Release.Namespace }}

chart/templates/_helpers.tpl

@@ -1,28 +1,43 @@
 {{/*
 Resource name prefix: devcontainer-{name}
 */}}
-{{- define "antigravity.fullname" -}}
+{{- define "devcontainer.fullname" -}}
+{{- if not .Values.name }}
+{{- fail "values.name is required and must not be empty" }}
+{{- end }}
 {{- printf "devcontainer-%s" .Values.name }}
 {{- end }}
 
 {{/*
 PVC name: userhome-{name}
 */}}
-{{- define "antigravity.pvcName" -}}
+{{- define "devcontainer.pvcName" -}}
 {{- printf "userhome-%s" .Values.name }}
 {{- end }}
 
 {{/*
 Secret name for env vars, default to devcontainer-{name}-secrets-env
 */}}
-{{- define "antigravity.envSecretName" -}}
+{{- define "devcontainer.envSecretName" -}}
 {{- .Values.envSecretName | default (printf "devcontainer-%s-secrets-env" .Values.name) }}
 {{- end }}
 
 {{/*
 Common labels
 */}}
-{{- define "antigravity.labels" -}}
+{{- define "devcontainer.labels" -}}
+app: devcontainer
+instance: {{ .Values.name }}
+app.kubernetes.io/name: devcontainer
+app.kubernetes.io/instance: {{ .Values.name }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+{{- end }}
+
+{{/*
+Selector labels — keep narrow since changing these requires recreating the Deployment
+*/}}
+{{- define "devcontainer.selectorLabels" -}}
 app: devcontainer
 instance: {{ .Values.name }}
 {{- end }}
@@ -30,7 +45,7 @@ instance: {{ .Values.name }}
 {{/*
 Smart resource sizing based on enabled features
 */}}
-{{- define "antigravity.smartResources" -}}
+{{- define "devcontainer.smartResources" -}}
 {{- $baseMemory := "2Gi" }}
 {{- $baseCpu := "1000m" }}
 {{- $limitMemory := "8Gi" }}
@@ -59,7 +74,7 @@ limits:
 {{/*
 Auto-detect environment type and set smart defaults
 */}}
-{{- define "antigravity.smartDefaults" -}}
+{{- define "devcontainer.smartDefaults" -}}
 {{- $isDev := or (contains "dev" .Values.name) (contains "test" .Values.name) (contains "local" .Values.name) }}
 {{- $isProd := or (contains "prod" .Values.name) (contains "production" .Values.name) }}
 {{- $isTeam := or (contains "team" .Values.name) (contains "shared" .Values.name) }}
@@ -79,7 +94,7 @@ team: true
 {{/*
 Smart MCP sidecar selection based on cluster access
 */}}
-{{- define "antigravity.mcpDefaults" -}}
+{{- define "devcontainer.mcpDefaults" -}}
 {{- if eq .Values.clusterAccess "none" }}
   {{/* No cluster access - disable k8s/flux sidecars */}}
   kubernetes:

chart/templates/deployment.yaml

@@ -1,21 +1,21 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "antigravity.fullname" . }}
+  name: {{ include "devcontainer.fullname" . }}
   labels:
-    {{- include "antigravity.labels" . | nindent 4 }}
+    {{- include "devcontainer.labels" . | nindent 4 }}
 spec:
   replicas: 1
   selector:
     matchLabels:
-      {{- include "antigravity.labels" . | nindent 6 }}
+      {{- include "devcontainer.selectorLabels" . | nindent 6 }}
   template:
     metadata:
       labels:
-        {{- include "antigravity.labels" . | nindent 8 }}
+        {{- include "devcontainer.labels" . | nindent 8 }}
     spec:
       {{- if ne (.Values.clusterAccess | default "none") "none" }}
-      serviceAccountName: {{ include "antigravity.fullname" . }}
+      serviceAccountName: {{ include "devcontainer.fullname" . }}
       {{- end }}
       securityContext:
         fsGroup: 1000
@@ -23,7 +23,7 @@ spec:
       {{- if and .Values.ide.type (eq .Values.ide.type "antigravity") }}
       initContainers:
         - name: setup-userdata
-          image: busybox:latest
+          image: busybox:1.37
           command: ['sh', '-c']
           args:
             - |
@@ -69,6 +69,16 @@ spec:
               value: {{ .Values.display.height | quote }}
             - name: SECURE_CONNECTION
               value: {{ .Values.display.secureConnection | quote }}
+            {{- if .Values.fileManager.enabled }}
+            - name: WEB_FILE_MANAGER
+              value: "1"
+            - name: WEB_FILE_MANAGER_ALLOWED_PATHS
+              value: {{ .Values.fileManager.allowedPaths | quote }}
+            {{- if .Values.fileManager.deniedPaths }}
+            - name: WEB_FILE_MANAGER_DENIED_PATHS
+              value: {{ .Values.fileManager.deniedPaths | quote }}
+            {{- end }}
+            {{- end }}
             - name: HAPPY_HOME_DIR
               value: {{ .Values.happy.homeDir | quote }}
             - name: HAPPY_EXPERIMENTAL
@@ -81,7 +91,7 @@ spec:
               value: {{ .Values.githubRepo | quote }}
           envFrom:
             - secretRef:
-                name: {{ include "antigravity.envSecretName" . }}
+                name: {{ include "devcontainer.envSecretName" . }}
                 optional: true
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
@@ -169,7 +179,7 @@ spec:
         {{- if .Values.mcp.sidecars.homeassistant.enabled }}
         - name: homeassistant-mcp
           image: "{{ .Values.mcp.sidecars.homeassistant.image.repository }}:{{ .Values.mcp.sidecars.homeassistant.image.tag }}"
-          imagePullPolicy: Always
+          imagePullPolicy: IfNotPresent
           command: ["fastmcp", "run", "--transport", "sse", "--host", "0.0.0.0", "--port", "{{ .Values.mcp.sidecars.homeassistant.port }}"]
           ports:
             - name: homeassistant
@@ -178,13 +188,13 @@ spec:
             - name: HOMEASSISTANT_URL
               valueFrom:
                 secretKeyRef:
-                  name: {{ include "antigravity.envSecretName" . }}
+                  name: {{ include "devcontainer.envSecretName" . }}
                   key: HOMEASSISTANT_URL
                   optional: true
             - name: HOMEASSISTANT_TOKEN
               valueFrom:
                 secretKeyRef:
-                  name: {{ include "antigravity.envSecretName" . }}
+                  name: {{ include "devcontainer.envSecretName" . }}
                   key: HOMEASSISTANT_TOKEN
                   optional: true
           livenessProbe:
@@ -200,43 +210,11 @@ spec:
           resources:
             {{- toYaml .Values.mcp.sidecars.homeassistant.resources | nindent 12 }}
         {{- end }}
-        {{- if .Values.mcp.sidecars.github.enabled }}
-        - name: github-mcp
-          image: "{{ .Values.mcp.sidecars.github.image.repository }}:{{ .Values.mcp.sidecars.github.image.tag }}"
-          imagePullPolicy: Always
-          args:
-            - --sse
-            - --port={{ .Values.mcp.sidecars.github.port }}
-          ports:
-            - name: github
-              containerPort: {{ .Values.mcp.sidecars.github.port }}
-          env:
-            - name: GITHUB_PERSONAL_ACCESS_TOKEN
-              valueFrom:
-                secretKeyRef:
-                  name: {{ include "antigravity.envSecretName" . }}
-                  key: GITHUB_TOKEN
-                  optional: true
-          livenessProbe:
-            httpGet:
-              path: /health
-              port: {{ .Values.mcp.sidecars.github.port }}
-            initialDelaySeconds: 10
-            periodSeconds: 10
-          readinessProbe:
-            httpGet:
-              path: /health
-              port: {{ .Values.mcp.sidecars.github.port }}
-            initialDelaySeconds: 5
-            periodSeconds: 5
-          resources:
-            {{- toYaml .Values.mcp.sidecars.github.resources | nindent 12 }}
-        {{- end }}
         {{- if .Values.mcp.sidecars.pgtuner.enabled }}
         - name: pgtuner-mcp
           image: "{{ .Values.mcp.sidecars.pgtuner.image.repository }}:{{ .Values.mcp.sidecars.pgtuner.image.tag }}"
-          imagePullPolicy: Always
-          command: ["python", "-m", "pgtuner_mcp", "--transport", "sse", "--port", "{{ .Values.mcp.sidecars.pgtuner.port }}"]
+          imagePullPolicy: Always  # pgtuner uses `latest` tag (no versioned releases available)
+          command: ["python", "-m", "pgtuner_mcp", "--mode", "sse", "--host", "0.0.0.0", "--port", "{{ .Values.mcp.sidecars.pgtuner.port }}"]
           ports:
             - name: pgtuner
               containerPort: {{ .Values.mcp.sidecars.pgtuner.port }}
@@ -244,13 +222,13 @@ spec:
             - name: DATABASE_URI
               valueFrom:
                 secretKeyRef:
-                  name: {{ include "antigravity.envSecretName" . }}
+                  name: {{ include "devcontainer.envSecretName" . }}
                   key: DATABASE_URI
                   optional: true
             - name: PGTUNER_EXCLUDE_USERIDS
               valueFrom:
                 secretKeyRef:
-                  name: {{ include "antigravity.envSecretName" . }}
+                  name: {{ include "devcontainer.envSecretName" . }}
                   key: PGTUNER_EXCLUDE_USERIDS
                   optional: true
           livenessProbe:
@@ -269,10 +247,16 @@ spec:
         {{- if .Values.mcp.sidecars.playwright.enabled }}
         - name: playwright-mcp
           image: "{{ .Values.mcp.sidecars.playwright.image.repository }}:{{ .Values.mcp.sidecars.playwright.image.tag }}"
-          imagePullPolicy: Always
+          imagePullPolicy: IfNotPresent
+          command: ["node"]
           args:
-            - --transport
-            - sse
+            - cli.js
+            - --headless
+            - --browser
+            - chromium
+            - --no-sandbox
+            - --host
+            - 0.0.0.0
             - --port
             - {{ .Values.mcp.sidecars.playwright.port | quote }}
           ports:
@@ -303,4 +287,4 @@ spec:
             sizeLimit: {{ .Values.shm.sizeLimit }}
         - name: userhome
           persistentVolumeClaim:
-            claimName: {{ include "antigravity.pvcName" . }}
+            claimName: {{ include "devcontainer.pvcName" . }}

chart/templates/pvc.yaml

@@ -1,13 +1,17 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: {{ include "antigravity.pvcName" . }}
+  name: {{ include "devcontainer.pvcName" . }}
+  annotations:
+    helm.sh/resource-policy: keep
   labels:
-    {{- include "antigravity.labels" . | nindent 4 }}
+    {{- include "devcontainer.labels" . | nindent 4 }}
 spec:
   accessModes:
     - ReadWriteMany
+  {{- if .Values.storage.className }}
   storageClassName: {{ .Values.storage.className }}
+  {{- end }}
   resources:
     requests:
       storage: {{ .Values.storage.size }}

chart/templates/rbac.yaml

@@ -1,7 +1,7 @@
 {{- $access := .Values.clusterAccess | default "none" }}
-{{- $name   := include "antigravity.fullname" . }}
+{{- $name   := include "devcontainer.fullname" . }}
 {{- $ns     := .Release.Namespace }}
-{{- $labels := include "antigravity.labels" . }}
+{{- $labels := include "devcontainer.labels" . }}
 
 {{- if ne $access "none" }}
 ---

chart/templates/service.yaml

@@ -1,22 +1,22 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ include "antigravity.fullname" . }}
+  name: {{ include "devcontainer.fullname" . }}
   labels:
-    {{- include "antigravity.labels" . | nindent 4 }}
+    {{- include "devcontainer.labels" . | nindent 4 }}
 spec:
   ports:
-    {{- if ne (.Values.ide | default "vscode") "none" }}
+    {{- if ne (.Values.ide.type | default "vscode") "none" }}
     - port: 5800
       name: vnc-web
       protocol: TCP
       targetPort: vnc-web
     {{- end }}
-    {{- if .Values.ssh }}
+    {{- if .Values.ssh.enabled }}
     - port: 22
       name: ssh
       protocol: TCP
       targetPort: ssh
     {{- end }}
   selector:
-    {{- include "antigravity.labels" . | nindent 4 }}
+    {{- include "devcontainer.labels" . | nindent 4 }}

chart/values.schema.json

@@ -4,6 +4,7 @@
   "title": "Dev Container Helm Chart Values Schema",
   "description": "Schema for validating values.yaml in the Dev Container Helm chart",
   "type": "object",
+  "additionalProperties": true,
   "properties": {
     "name": {
       "type": "string",
@@ -34,7 +35,7 @@
     "githubRepo": {
       "type": "string",
       "description": "GitHub repository URL to clone",
-      "pattern": "^https://github\\.com/.+/.+$"
+      "pattern": "^https?://.+/.+/.+$"
     },
     "ide": {
       "type": "object",
@@ -107,7 +108,7 @@
           "description": "Storage class name (must support ReadWriteMany)"
         }
       },
-      "required": ["size", "className"]
+      "required": ["size"]
     },
     "resources": {
       "type": "object",
@@ -142,12 +143,10 @@
       "properties": {
         "serverUrl": {
           "type": "string",
-          "format": "uri",
           "description": "Happy Coder server URL"
         },
         "webappUrl": {
           "type": "string",
-          "format": "uri",
           "description": "Happy Coder webapp URL"
         },
         "homeDir": {
@@ -160,7 +159,7 @@
           "description": "Enable experimental Happy features"
         }
       },
-      "required": ["serverUrl", "webappUrl", "homeDir", "experimental"]
+      "required": ["homeDir", "experimental"]
     },
     "mcp": {
       "type": "object",
@@ -177,9 +176,6 @@
             "homeassistant": {
               "$ref": "#/$defs/mcpSidecar"
             },
-            "github": {
-              "$ref": "#/$defs/mcpSidecar"
-            },
             "pgtuner": {
               "$ref": "#/$defs/mcpSidecar"
             },
@@ -195,6 +191,11 @@
     "envSecretName": {
       "type": "string",
       "description": "Custom environment secret name"
+    },
+    "resourceProfile": {
+      "type": "string",
+      "enum": ["auto", "small", "medium", "large", "xlarge"],
+      "description": "Resource profile preset"
     }
   },
   "required": ["name"],
@@ -256,4 +257,4 @@
       "required": ["enabled", "image", "port", "resources"]
     }
   }
-}
+}

chart/values.yaml

@@ -27,6 +27,16 @@ ide:
 ssh:
   enabled: false
 
+# Web file manager — built-in upload/download via the VNC web interface (port 5800)
+# Uses the base image's WEB_FILE_MANAGER feature (no extra sidecar needed)
+fileManager:
+  enabled: false
+  # Paths the file manager can access (default: AUTO = mapped volumes)
+  # Options: AUTO | ALL | comma-separated list of paths
+  allowedPaths: "/workspace,/config"
+  # Paths to deny (takes precedence over allowedPaths)
+  deniedPaths: ""
+
 # VNC display settings
 display:
   width: "1920"
@@ -45,7 +55,7 @@ user:
 # Storage configuration
 storage:
   size: 32Gi
-  className: ceph-filesystem
+  className: ""  # Empty string uses the cluster's default StorageClass (must support ReadWriteMany)
 
 # Resource allocation
 resources:
@@ -70,8 +80,8 @@ clusterAccess: none
 
 # Happy Coder AI assistant configuration
 happy:
-  serverUrl: "https://happy.farh.net"
-  webappUrl: "https://happy-coder.farh.net"
+  serverUrl: ""
+  webappUrl: ""
   homeDir: "/config/userdata/.happy"
   experimental: "true"
 
@@ -108,12 +118,14 @@ mcp:
           memory: "256Mi"
           cpu: "500m"
 
+
+
     # Home Assistant smart home control
     homeassistant:
       enabled: false  # Requires HOMEASSISTANT_URL and HOMEASSISTANT_TOKEN
       image:
         repository: ghcr.io/homeassistant-ai/ha-mcp
-        tag: stable
+        tag: v6.7.1
       port: 8087
       resources:
         requests:
@@ -123,21 +135,6 @@ mcp:
           memory: "256Mi"
           cpu: "500m"
 
-    # GitHub API access (DISABLED: archived image)
-    github:
-      enabled: false
-      image:
-        repository: ghcr.io/modelcontextprotocol/servers/github
-        tag: latest
-      port: 8088
-      resources:
-        requests:
-          memory: "64Mi"
-          cpu: "50m"
-        limits:
-          memory: "256Mi"
-          cpu: "500m"
-
     # PostgreSQL performance tuning
     pgtuner:
       enabled: false  # Requires DATABASE_URI in secrets
@@ -157,8 +154,8 @@ mcp:
     playwright:
       enabled: true
       image:
-        repository: microsoft/playwright-mcp
-        tag: latest
+        repository: mcr.microsoft.com/playwright/mcp
+        tag: v0.0.68
       port: 8086
       resources:
         requests:

scripts/cont-init-user.sh

@@ -2,5 +2,9 @@
 # Fix the app user (UID 1000) created by baseimage-gui at runtime.
 # baseimage-gui sets shell=/sbin/nologin and home=/dev/null, which
 # prevents VSCode from opening terminals.
-usermod -s /bin/bash app
-usermod -d /config/userdata app
+if id app >/dev/null 2>&1; then
+    usermod -s /bin/bash app
+    usermod -d /config/userdata app
+else
+    echo "WARNING: 'app' user not found, skipping usermod" >&2
+fi

scripts/init-repo.sh

@@ -22,6 +22,7 @@ if [ -n "$GITHUB_TOKEN" ]; then
 
     # Create or update the credentials file
     CREDENTIALS_FILE="/config/userdata/.git-credentials"
+    mkdir -p "$(dirname "$CREDENTIALS_FILE")"
 
     # Support multiple git hosting providers
     # GitHub supports both oauth2 and token as username
@@ -51,6 +52,7 @@ else
 
     # Create an empty credentials file with proper permissions
     CREDENTIALS_FILE="/config/userdata/.git-credentials"
+    mkdir -p "$(dirname "$CREDENTIALS_FILE")"
     touch "$CREDENTIALS_FILE"
     chmod 600 "$CREDENTIALS_FILE"
 

scripts/startapp.sh

@@ -34,6 +34,9 @@ case "$IDE" in
         exec sleep infinity
         ;;
     *)
+        if [ "$IDE" != "vscode" ]; then
+            echo "WARNING: Unknown IDE value '$IDE', defaulting to VSCode"
+        fi
         echo "Opening VSCode in: $WORKSPACE_DIR"
         exec code --new-window --wait "$WORKSPACE_DIR"
         ;;