Klimkit

Klimkit v0.1.0 - operator preview

This is Klimkit's first operator-preview release for trusted personal fleets. It is meant for the fork-first workflow: fork the repo, clone your fork on each machine, tune the repo-managed profile and harness pack, then sync machines from your own operator repo.

Install / upgrade

Fork first, then install from your forked checkout:

git clone https://github.com/<you>/klimkit.git ~/klimkit
cd ~/klimkit
./install.sh
kk setup
kk preview
kk apply

On existing machines tracking your fork:

kk pull

install.sh now resolves the local Git checkout and refuses to run when copied outside a Klimkit checkout. It does not download Klimkit or clone upstream for you.

Highlights

• Single local TOML config for machine role, paths, services, code-server, Switchboard, autosync, and notifications.
• kk setup, kk preview, kk apply, and kk pull workflows for previewable, manifest-backed changes.
• Default-on autosync for trusted fleets, with service restarts and concise Telegram summaries when configured.
• Codex home projection for shared AGENTS guidance, config, hooks, subagents, and skills.
• Managed code-server profile sync, including captured settings, keybindings, and extension IDs.
• Switchboard for multi-machine Codex/code-server work: active tabs, archive catalog, browser/PWA support, keyboard shortcuts, completion attention, and Telegram fanout.
• Tailscale Serve integration for private tailnet access, with clearer operator-permission recovery when Serve config is denied.

Recent polish in this release

• Archived Switchboard tabs stay out of the main tab bar while remaining available in the catalog.
• Completed sessions that start with What changed: now render as done/unseen instead of ASK.
• Telegram completion notifications preserve the full final message body.
• Switchboard can keep the active and most-recently-used code-server iframes loaded; default max_loaded_tabs is 5, with config comments noting the approximate RAM tradeoff.
• README documents Chrome/PWA use and Switchboard shortcuts.
• The installer and docs now enforce the fork/clone/./install.sh path.

Safety model

Klimkit assumes a trusted operator machine or VM and a private tailnet. The default Codex profile is intentionally powerful and is not intended for machines carrying unrelated sensitive files, production credentials, or broad cloud access. Review SECURITY.md, run kk preview, and use your fork as the source of truth for your fleet.

If Tailscale Serve reports operator permission denial, run this once on that machine and repeat kk apply or kk pull:

sudo tailscale set --operator=$USER

Verification

Release candidate verification passed with:

• uv run python -m unittest tests.test_klimkit_install -q -> 29 tests OK
• uv run python -m unittest discover -s tests -q -> 136 tests OK, 1 skipped
• bash -n install.sh && git diff --check -> clean
• stale upstream installer search over README, installer, and readiness note -> clean