Skip to content

Refactor CI/CD pipeline and add Coeadapt Launcher desktop app#159

Open
alexander-acker wants to merge 362 commits intokasmtech:developfrom
alexander-acker:claude/vm-progress-tracking-LkwEk
Open

Refactor CI/CD pipeline and add Coeadapt Launcher desktop app#159
alexander-acker wants to merge 362 commits intokasmtech:developfrom
alexander-acker:claude/vm-progress-tracking-LkwEk

Conversation

@alexander-acker
Copy link

@alexander-acker alexander-acker commented Feb 26, 2026

Summary

This PR introduces a major refactor of the CI/CD infrastructure and adds a new cross-platform desktop application (Coeadapt Launcher) for managing the Career-Box workspace. The changes modernize the build system, update base images, and provide users with a native desktop experience.

Key Changes

CI/CD Pipeline Refactor

  • Templated CI configuration: Replaced 1000+ line monolithic .gitlab-ci.yml with a template-based system using ci-scripts/template-vars.yaml and ci-scripts/gitlab-ci.template
  • Dynamic job generation: Introduced Python templating (ci-scripts/template-gitlab.py) to generate CI jobs from YAML configuration
  • Modular build scripts: Extracted build logic into separate shell scripts (build.sh, test.sh, manifest.sh, app-layer.sh, readme.sh)
  • Updated Docker versions: Bumped from docker:dind to docker:24.0.6-dind and docker:28.0.0 in template

Base Image Updates

  • Deprecated old images: Removed Focal, Alpine 3.17, CentOS 7, Oracle 7, Fedora 37, Parrot OS 5, and Remnux Focal
  • Added newer images: Ubuntu Noble, Debian Bookworm/Trixie, Alpine 3.19/3.20/3.21, Fedora 39/40/41, Parrot OS 6, RHEL 9
  • Updated all Dockerfiles: Changed base image references from core-ubuntu-focal to core-ubuntu-jammy across 50+ application images

New Application Images

  • Cyberbro: Firefox-based security browser
  • Forensic OSINT: Ubuntu with Google Chrome and forensic extensions
  • Spiderfoot: OSINT automation framework
  • Nessus: Vulnerability scanner
  • Obsidian: Note-taking application
  • Zorin OS: Desktop environment variants
  • Redroid: Remote Android container
  • KasmOS: Custom desktop environment

Coeadapt Launcher (New Desktop App)

  • Cross-platform desktop application: Built with Tauri v2 + React + TypeScript
  • Docker/Podman detection: Automatically detects container runtime and guides setup
  • Workspace management: Start/stop/pull workspace containers with progress tracking
  • Claude AI integration: MCP server for AI-assisted workspace operations
  • Settings & authentication: Clerk-based auth with device token fallback for offline mode
  • Health monitoring: Real-time container health, disk usage, and progress tracking
  • Native features: System tray integration, SSL certificate management, disk space warnings

MCP Server Tools

  • Computer use: Screen capture and input automation via xdotool
  • Progress tracking: Monitor workspace setup and task completion
  • Filesystem operations: File read/write with sandboxing
  • Screenshot capture: For AI vision capabilities
  • Application launcher: Execute commands within workspace
  • Workspace control: Container lifecycle management

Documentation & Security

  • Updated README: Rebranded to "Career-Box" with comprehensive project overview
  • Security hardening guide: New SECURITY.md documenting vulnerability fixes
  • Contributing guidelines: Added CONTRIBUTING.md for open-source collaboration
  • License update: Clarified licensing terms in LICENSE.md

Configuration & Build

  • Variable consolidation: Renamed CORE_IMAGE_TAGBASE_TAG, CORE_IMAGEBASE_IMAGE
  • Runset organization: Grouped images into build sets (set-a, set-b) for parallel CI execution
  • Change detection: Added per-image change file tracking for efficient rebuilds
  • Chrome policies: Added URL blocklist policy for security hardening

Notable Implementation Details

  • The CI refactor maintains backward compatibility while reducing configuration duplication by ~90%
  • Launcher uses Tauri's native bridge for secure Docker/Podman communication
  • MCP server enables Claude to interact with the workspace environment for automation
  • All deprecated images cleanly removed; migration path documented in

https://claude.ai/code/session_015jp8qNZT6kWZ8TtehTg3Uy

j-travis and others added 30 commits July 1, 2024 22:29
@j-travis
Merge branch 'feature/KASM-6039-noble-dind' into 'develop'
c5df11b 
Resolve KASM-6039 "Feature/ noble dind"

Closes KASM-6039

See merge request kasm-technologies/internal/workspaces-images!185
@rickkoliser
Merge branch 'bugfix/KASM-6098_hunchly_url' into 'develop'
bbeb6ec 
KASM-6098 Update hunchly script to point to offical URL

Closes KASM-6098

See merge request kasm-technologies/internal/workspaces-images!188
@j-travis
KASM-6191 Update slack download location
f668b3c
@j-travis
KASM-6191 Fix typo
94bfef1
@mattmcclaskey
Merge branch 'bugfix/KASM-6191_slack_download_develop' into 'develop'
a41f58c 
KASM-6191 Update slack download location

Closes KASM-6191

See merge request kasm-technologies/internal/workspaces-images!189
@mattmcclaskey
KASM-5955 kasmos readme
6ab1804
@j-travis
Merge branch 'feature/KASM-5955_kasm_os_readme' into 'develop'
926fa3b 
KASM-5955 kasmos readme

Closes KASM-5955

See merge request kasm-technologies/internal/workspaces-images!191
@j-travis
KASM-6265 Add Chrome to telegram image
c647f77
@rickkoliser
Merge branch 'feature/KASM-6265_telegram_chrome' into 'develop'
78e4ce1 
KASM-6265 Add Chrome to telegram image

Closes KASM-6265

See merge request kasm-technologies/internal/workspaces-images!192
@j-travis
KASM-6299 Disable chrome privacy and search engine nags
639934b
@j-travis
KASM-6300 Add Chrome to vscode
adccc9d
@mattmcclaskey
Merge branch 'feature/KASM-6300_add_chrome_to_vscode' into 'develop'
43cfdcd 
KASM-6300 Add Chrome to vscode

Closes KASM-6300

See merge request kasm-technologies/internal/workspaces-images!193
@mattmcclaskey
Merge branch 'feature/KASM-6299_disable_chrome_nags' into 'develop'
62e1947 
KASM-6299 Disable chrome privacy and search engine nags

Closes KASM-6299

See merge request kasm-technologies/internal/workspaces-images!194
@rickkoliser
KASM-6388
5654544 
Remove EOL images
KASM-6444 update pathing for retroarch init
0210b04
install firefox on bookworm from official repos
812ac5e
@j-travis
Merge branch 'feature/KASM-6444-fix-retroarch' into 'develop'
3b082a4 
KASM-6444 update pathing for retroarch init

See merge request kasm-technologies/internal/workspaces-images!195
install firefox-esr on debian for arm64
54cd2f7
install firefox-esr on debian for arm64
dc911c2
@rickkoliser
Merge branch 'fix-bookwoem' into bugfix/KASM_6388_KASM_6390
5be49df
@rickkoliser
Merge branch 'bugfix/KASM_6388_KASM_6390' into 'develop'
649ae6e 
KASM-6388

See merge request kasm-technologies/internal/workspaces-images!197
KASM-6450 rebase retroarch to Jammy and update config
cce4f74
@j-travis
Merge branch 'feature/KASM-6450-retroarch-rebase' into 'develop'
ed53c9d 
KASM-6450 rebase retroarch to Jammy and update config

Closes KASM-6450

See merge request kasm-technologies/internal/workspaces-images!198
@mattmcclaskey
KASM-6504 update demo button
aab7dc7
@rickkoliser
Merge branch 'feature/KASM-6504_kasmos_demo_button' into 'develop'
1681d07 
KASM-6504 update demo button

Closes KASM-6504

See merge request kasm-technologies/internal/workspaces-images!199
@rickkoliser
KASM-6476 update gitlab ci variables
ba1db5b
@j-travis
Merge branch 'feature/KASM-6476_update_variables' into 'develop'
9c5cf16 
KASM-6476 update gitlab ci variables

Closes KASM-6476

See merge request kasm-technologies/internal/workspaces-images!200
@j-travis
Resolve KASM-6543 "Feature/ add chromium alpine"
7498739
@j-travis
Merge branch 'feature/KASM-6543-add-chromium-alpine' into 'develop'
c34825f 
Resolve KASM-6543 "Feature/ add chromium alpine"

Closes KASM-6543

See merge request kasm-technologies/internal/workspaces-images!201
@j-travis @rickkoliser
Resolve KASM-6527 "Dockerhub readme job in workspaces images isnt wor…
8749896 
…king properly for some workspace"
j-travis and others added 30 commits November 20, 2025 10:23
@j-travis
Merge branch 'bugfix/KASM-7939-install_unzip_on_chrome_develop' into …
6ee0da9 
…'develop'

KASM-7939 install unzip on chrome and chromium

Closes KASM-7939

See merge request kasm-technologies/internal/workspaces-images!370
@teja-kasm
KASM-7979 fix dind images
a589c63
@teja-kasm
KASM-7938 fix sublime text installation
81af779
@teja-kasm
KASM-7938 exclude SHA1 crypto policy update for older distros
9815a9e
Merge branch 'bugfix/KASM-7938-fix_sublime_text_installation_develop'…
6ab6d6c 
… into 'develop'

KASM-7938 fix sublime text installation

Closes KASM-7938

See merge request kasm-technologies/internal/workspaces-images!375
Merge branch 'bugfix/KASM-7979-fix_dind_images_develop' into 'develop'
3ea0ba9 
KASM-7979 fix dind images

Closes KASM-7979

See merge request kasm-technologies/internal/workspaces-images!382
@teja-kasm
KASM-8049 fix slack installation on opensuse
8dea519
@teja-kasm
KASM-8051 pin pinta version to 3.0.5
455eee9
Merge branch 'bugfix/KASM-8049-fix_slack_installation_opensuse_15_dev…
2537845 
…elop' into 'develop'

KASM-8049 fix slack installation on opensuse

Closes KASM-8049

See merge request kasm-technologies/internal/workspaces-images!391
Merge branch 'bugfix/KASM-8051-fix_pinta_installation_develop' into '…
2170935 
…develop'

KASM-8051 pin pinta version to 3.0.5

Closes KASM-8051

See merge request kasm-technologies/internal/workspaces-images!395
@alexander-acker
feat: Add numerous Ubuntu application installation and custom startup…
2704c4e 
… scripts, and update Kasm Firefox Dockerfile.
@alexander-acker
feat: Add Tauri state management, include Vite SVG, and install proje…
c7366b2 
…ct dependencies.
@alexander-acker
feat: Introduce MCP server with workspace interaction tools, includin…
26ffacc 
…g application management, command execution, filesystem access, and environment provisioning scripts.
@alexander-acker
feat: Add .claude/settings.local.json to configure local Claude permi…
0ad4e4d 
…ssions.
@alexander-acker
feat: Implement initial Tauri application with container management, …
38d0cc2 
…health checks, and system tray functionality.
@alexander-acker @claude
feat: Prepare Career-Box for open source release
f2ac90b 
Rewrite README with full project narrative — what Career-Box is, how
Kasm Workspaces and OpenClaw combine to create an AI-powered career
workspace, architecture diagrams, 80+ app catalog, and quick start
guide with screenshots.

Security hardening across upstream Kasm scripts: remove gateway auth
bypass, eliminate passwordless sudo, secure VPN credentials, enforce
TLS validation, lock services to localhost, fix CI SSH key permissions,
and harden OpenClaw config directory.

Refine the CoeAdapt Launcher UI: polished components, settings page
with AI/Workspace/General tabs, toggle switches, improved setup wizard,
MCP health monitoring, and branding assets.

Add CONTRIBUTING.md, update LICENSE.md with dual Kasm/CoeAdapt
copyright, clean .gitignore to exclude dev artifacts, and remove
internal spec document.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@alexander-acker @claude
fix: Rename CoeAdapt to Coeadapt across all files
d93b682 
Standardize brand casing from "CoeAdapt" to "Coeadapt" in all
user-facing strings, config files, documentation, Cargo.toml,
tauri.conf.json, and MCP server output.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@alexander-acker @claude
fix: Remove 109MB compiled binary from repo and preserve binaries dir
3adf37c 
The MCP sidecar binary (coeadapt-mcp-x86_64-pc-windows-msvc.exe) was
committed to git history, exceeding GitHub's 100MB file size limit.
Purged from all history with git-filter-repo. Added .gitkeep so the
binaries/ directory exists for local builds while contents stay ignored.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@alexander-acker @claude
docs: Add developer onboarding section to README
d836cf8 
Replace the sparse build instructions with a proper "For developers"
section that orients new contributors — explains the two halves of
the project (launcher vs workspace images), setup steps, where the
MCP sidecar binary goes, and a "where to start" table pointing to
the right directories by interest area.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@alexander-acker @claude
docs: Add mission statement and manifesto to README
ff0e786 
Welcome new contributors with the why behind Career-Box — the
responsibility to ensure no one is unequipped for the age of AI,
the belief that meaningful work is deeply personal and worth
protecting, and the vision of AI as the great equalizer.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@alexander-acker @claude
fix: Polish launcher UI defaults and theme tokens
b21ff69 
Add settings store defaults (memory, password, auto-start flags),
fix toggle switch off-state color, and add missing CSS custom
properties for accent and tertiary text colors.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@alexander-acker
feat: Initialize coeadapt-launcher with core UI, Clerk authentication…
cd72912 
…, chat functionality, and Tauri backend integration.
@alexander-acker
feat: Integrate CareerClaw AI agent and enable standalone operation w…
89bd28d 
…ith optional CoeAdapt platform integration.
@alexander-acker
feat: Integrate CareerClaw AI agent, enable standalone mode, and upda…
3e6ee26 
…te documentation and launcher pages.
@alexander-acker
feat: Implement initial launcher UI with workspace controls, AI conne…
120fc48 
…ction status, and SSL certificate management.
@alexander-acker
feat: Integrate CareerClaw AI assistant, implement a macOS-style them…
70a427d 
…e, and add deluxe application dock items.
@alexander-acker
feat: Add installation script for CareerClaw, including dependencies,…
f36666e 
… build, CLI, gateway, and system integration.
@claude
feat: Add VM progress tracking daemon and full computer-use agent ser…
b587d9a 
…vices

Implement two lightweight Python services that run inside the Kasm workspace
container to enable automatic progress tracking and full computer control
from the AI agent:

VM-side services (src/ubuntu/install/coeadapt-agent/):
- Progress tracker (port 7700): Persistent JSON store for career activities,
  goals, skills, milestones, assessments, and daily streaks. Includes
  optional platform sync and a full REST API.
- Computer-use service (port 7701): X11 automation via xdotool for mouse
  movement, clicks, drags, scrolling, keyboard input, window management,
  and screenshot capture with region support.
- Install script with XFCE autostart, health checks, and respawn loop.

MCP server tools (coeadapt-launcher/mcp-server/):
- 12 new computer-use tools: screenshot, mouse move/click/scroll/drag,
  keyboard type/press, window list/focus/active, screen size, mouse position.
- 8 new progress tools: log_activity, create_goal, update_goal, record_skill,
  update_skill, add_milestone, record_assessment, get_progress_summary.
- Proxy endpoints (/progress-summary, /agent-health) for dashboard access.
- Updated take_screenshot to prefer the computer-use service with fallback.

Launcher frontend (coeadapt-launcher/src/):
- ProgressCard component showing completion %, streak, stats grid, and
  agent service health indicators.
- useProgress hook polling the MCP proxy endpoints.
- Full TypeScript types for progress data model.
- Dashboard integration showing progress when workspace is running.

https://claude.ai/code/session_015jp8qNZT6kWZ8TtehTg3Uy
@claude
fix: Revert CI test script to upstream version to resolve merge confl…
a3569ff 
…icts

Restore ci-scripts/test.sh to the upstream develop version, reverting
the SSH StrictHostKeyChecking and chmod changes introduced in the
open-source preparation commit. These changes conflict with upstream
develop and are not part of this feature branch's scope.

https://claude.ai/code/session_015jp8qNZT6kWZ8TtehTg3Uy
@claude
fix: Revert dind, redroid, and vpn scripts to upstream versions to re…
26f6a90 
…solve merge conflicts

Restore these three files to their original upstream develop versions,
reverting security hardening changes (localhost-only port binding, sudo
lockdown, pipe-to-bash removal, file permission fixes) that were
introduced in earlier commits and conflict with upstream develop.

https://claude.ai/code/session_015jp8qNZT6kWZ8TtehTg3Uy
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.