Skip to content

Releases: Intevity/sentinel

Sentinel v0.8.9

Choose a tag to compare

@github-actions github-actions released this 15 Jul 21:43
d7c565e

Bug fixes

  • daemon: show user-scope and Claude Desktop MCP servers in the context inventory
    • the Optimize context-bloat inventory only listed per-project servers from ~/.claude.json, so user-scope entries and everything Claude Desktop spawns from claude_desktop_config.json (including Sentinel's own bridge entry) were invisible
    • both surfaces now appear with scope labels: (user) and (claude desktop)
    • on a Desktop-only machine the inventory is no longer structurally empty

Full changelog: v0.8.8...v0.8.9

Sentinel v0.8.8

Choose a tag to compare

@github-actions github-actions released this 15 Jul 19:09
246035a

Features

  • daemon: expose Sentinel's MCP server to Claude Desktop via a stdio bridge
    • new mcp-stdio bridge mode in the daemon binary relays newline-delimited JSON-RPC to the local /mcp endpoint (Claude Desktop only spawns stdio MCP servers and silently drops http entries)
    • enabling desktop routing installs a sentinel entry in claude_desktop_config.json; disabling removes it, preserving every other server and key
    • a startup self-heal keeps the entry current across app updates, port changes, and token rotation
    • desktop Code sessions gain the same compression-retrieval and code-mode tooling as the CLI
  • app: set an organization at add time and edit account name/org later
    • the add-account name step gains an optional Organization field (setup tokens can't derive it from the API)
    • new Edit action on each account card opens a name + organization editor
    • update_account IPC accepts displayName/orgName; edits to the active account are mirrored into ~/.claude.json so refresh can't clobber them back

Bug fixes

  • daemon: never let a stopped sandbox-sync engine's in-flight work write settings
    • pull/push paths capture a generation at entry and bail after each await when stop() has run, so an in-flight debounced pull can no longer race shutdown and write a stale policy
    • fixes the order-dependent sandbox-sync integration flake where a previous test daemon's late write flipped syncToClaudeCode on the next daemon's freshly-seeded settings
    • a fresh manual pull after disabling sync still works (the guard is per-generation, not a kill switch)
  • ci: restore the id-token permission for Windows code signing
    • the Windows release leg's Azure login uses GitHub OIDC for Authenticode signing; removing the workflow-level id-token permission with the S3 job broke the v0.8.7 build
    • the permission is now scoped to the build job only

CI & build

  • release: switch auto-updates from S3 to GitHub Releases
    • the updater endpoint is now the release channel itself (releases/latest/download/latest.json) instead of the unset S3 placeholder, enabling in-app updates for the first time
    • the finalize workflow assembles the corrected cross-platform manifest and replaces tauri-action's stale one on the release; the S3 mirror job and its AWS OIDC permissions are removed
    • release builds no longer stamp the updater endpoint from the UPDATER_PUBLIC_BASE repo variable

Maintenance

  • repo: remove the stale documentation/ planning notes
    • the compression, optimize, security, and screenshots plans all describe features that shipped long ago; the docs site is the living documentation
    • the contributing guide now carries the screenshot-capture instructions inline instead of linking the deleted file
  • repo: fix the README badges and add the MIT LICENSE for the public repo
    • add the LICENSE file (MIT) so GitHub license detection and the license badge resolve
    • run CI on pushes to main and point the CI badge at branch=main so it reflects main, not whichever PR finished last
    • declare the license in package.json
  • site: document Claude Desktop support and the setup-token account flows
    • landing page states Sentinel covers both Claude Code and the Claude Desktop app (hero, feature grid, pillars, meta description)
    • accounts docs rewritten for the setup-token add flow: name/organization fields, Restore for deleted accounts, re-authentication, editing name and org
    • quick start updated for the in-app terminal add flow and Desktop routing step
    • Desktop guide: Windows verified end-to-end, full-quit nuance (Task Manager), credential health lives in Sentinel
    • troubleshooting: replaced stale browser-OAuth sections with setup-token entries, added Desktop credential-rejection and stuck model-picker fixes with Desktop log locations

Full changelog: v0.8.6...v0.8.8

Sentinel v0.8.6

Choose a tag to compare

@github-actions github-actions released this 15 Jul 03:13
f493b9a

Features

  • app: restore a deleted account from the add-account flow
    • the name-this-account step offers previously deleted accounts as Restore choices
    • restoring attaches the fresh setup-token to the old account, preserving its name, organization, and usage history

Bug fixes

  • daemon: never leave the proxy serving a removed account's token
    • removing or purging the active account now hands the proxy to another live account, or clears the injected token so clients use their own credentials
    • a newly added setup-token account takes over as active when the previous active account was removed or lost its credential
    • re-auth and restore adopt the account as active when the active slot is unusable
    • heal a stale ~/.claude.json active pointer at startup by switching to a live account (fixes Claude Desktop 401s after delete-then-re-add)
    • skip the upstream-401 reauth broadcast for removed accounts

Full changelog: v0.8.5...v0.8.6

Sentinel v0.8.5

Choose a tag to compare

@github-actions github-actions released this 14 Jul 22:01
79cd328

Features

  • app: guide Claude Code installation when the CLI is missing
    • the add-account panel's CLI-not-found error now shows the platform's official install one-liner with a copy button (PowerShell installer on Windows, shell installer on macOS/Linux)
    • add a Retry button that relaunches the setup-token terminal after the user installs the CLI, without closing the panel

Bug fixes

  • app: find the Claude Code CLI on Windows in the add-account flow
    • probe extension-aware Windows install paths (.local\bin\claude.exe native installer, %APPDATA%\npm\claude.cmd npm shim, .bun\bin\claude.exe) instead of extensionless Unix-shaped ones
    • run the where claude fallback with the augmented PATH so a CLI missing from the GUI process environment is still found
    • never resolve Claude Desktop's WindowsApps claude.exe GUI alias as the CLI
    • spawn .cmd/.bat shims through cmd.exe /c (ConPTY cannot exec batch files directly)

Maintenance

  • app: format claudeInstall test per prettier

Full changelog: v0.8.4...v0.8.5

Sentinel v0.8.4

Choose a tag to compare

@github-actions github-actions released this 14 Jul 18:36
9d18c04

Bug fixes

  • daemon: detect Claude Desktop MSIX and legacy installs on Windows
    • recognize the MSIX package dir (%LOCALAPPDATA%\Packages\Claude_pzs8sxrjxfjjc) used by the claude.com installer, Microsoft Store, and WinGet
    • recognize the Squirrel-era %LOCALAPPDATA%\AnthropicClaude app dir
    • recognize the Claude-3p data dir on all platforms as install evidence

Maintenance

  • assets: add Sentinel mascot image

Full changelog: v0.8.3...v0.8.4

Sentinel v0.8.3

Choose a tag to compare

@github-actions github-actions released this 13 Jul 23:23
723752c

Features

  • site: link the footer Intevity mark to the Intevity Labs page
    • the Intevity name in the site footer copyright now links to intevity.com/labs with github-site UTM attribution

Bug fixes

  • app: point the Built by Intevity footer link at the Intevity Labs page
    • footer link now opens intevity.com/labs with desktop-app UTM attribution

Full changelog: v0.8.2...v0.8.3

Sentinel v0.8.2

Choose a tag to compare

@github-actions github-actions released this 13 Jul 14:58
fafce2f

Features

  • usage: track the Fable weekly quota, replacing the retired per-Sonnet window
    • rename every Sonnet-weekly surface (saturation gate, token-rotator overage detour, alert scope, usage bars, demo scenarios) to the Fable weekly quota
    • use the live-verified unified-7d_oi rate-limit window name, captured from real Fable response headers (the convention-implied unified-7d_fable does not exist)
    • parse the Fable weekly window from the usage JSON's limits[] weekly_scoped entry — the schema has no seven_day_fable key
    • migrate account-sonnet alerts to account-fable and purge stale unified-7d_sonnet rows once on upgrade (sonnet_to_fable_v1)
    • honor Retry-After on usage-endpoint 429s (15-min fallback, 60-min clamp) so the 90s poller stops re-arming the shared per-org rate limit
    • refresh the usage fixture and fake-Anthropic default body to the real 2026-07 wire shape

Maintenance

  • app: update usage E2E expectation to the refreshed fake usage body
    • the fake's claude.ai 5h utilization is now the realistic percent-scale 18, so the healthy readout renders 18.0% instead of 0.1%
  • daemon: fix Prettier formatting in token-rotator
  • site: add Optimal settings section to the reduce-token-costs guide
    • recommend installing seven curated subagents (file-explorer, log-analyzer, diff-pre-pass, web-fetcher, dep-tracer, bulk-reader, bash-loop-summarizer) out of the gate
    • recommend Aggressive compression with Reversible retrieval enabled so trimming stays lossless
    • recommend switching MCP servers to code execution and pruning the context-bloat inventory

Full changelog: v0.8.1...v0.8.2

Sentinel v0.8.1

Choose a tag to compare

@github-actions github-actions released this 08 Jul 16:23
35bb8c7

Bug fixes

  • daemon: stop Claude Code prompting for the retrieve MCP tool on every call
    • Add a PreToolUse allow-hook for mcp__sentinel__retrieve so Claude Code auto-approves it without a prompt, in the main thread and subagents alike — working around Claude Code bug #28580, where persisted permissions.allow rules are ignored for lazily-discovered HTTP MCP tools
    • Mark the retrieve tool alwaysLoad (tool _meta + server config) so it loads eagerly instead of deferring via ToolSearch, which removes the bug's trigger
    • Annotate the retrieve tool readOnlyHint:true, since it only reads back content Sentinel already elided
    • Self-heal the hook on daemon startup and upgrade pre-alwaysLoad installs in place so existing users recover on next launch with no action, and remove the hook when the last retrieve install is uninstalled
    • Add ensureClaudeSettingsPreToolUseHook / removeClaudeSettingsPreToolUseHook writers that surgically touch only Sentinel's own hook entry and preserve all other settings

Full changelog: v0.8.0...v0.8.1

Sentinel v0.8.0

Choose a tag to compare

@github-actions github-actions released this 07 Jul 16:28
e9cc423

Features

  • desktop: route the Claude Desktop app through Sentinel alongside the CLI
    • detect the Claude Code CLI and Claude Desktop app independently and broadcast surface state only on change, so a surface installed later is picked up automatically
    • add one-click Enable/Disable for the Claude Desktop app by writing its Claude-3p configLibrary gateway config with atomic temp+rename, preserving any non-Sentinel entries and never leaving appliedId dangling
    • inject the rotating pool token for desktop /v1/messages requests so the desktop app inherits multi-account routing (its dummy gateway key never reaches upstream)
    • watch the desktop configLibrary for drift and offer one-click re-apply, matching the CLI OTEL re-patch behavior
    • track desktop routing health from the claude-desktop-3p proxy user-agent marker (positive-only; desktop emits no OTEL)
    • add a Claude Desktop status card and drift banner to the app UI, rendered only when the desktop app is detected
    • persist the Sentinel-owned desktop config id in settings so update and remove target exactly our entry
    • document both surfaces in the README and site, including a new Connect Claude Desktop guide and troubleshooting entry

Bug fixes

  • daemon: stop subagent prompts for Sentinel's retrieve tool when settings-sync is off
    • write Sentinel's own read-only/loopback allow-rules (mcp__sentinel__retrieve and the code-mode curl endpoint) straight into ~/.claude/settings.json when Claude Code settings-sync is off, so they reach subagents (which do not inherit a project-local grant) instead of only living in the DB and prompting on every call
    • add ensureClaudeSettingsAllow / removeClaudeSettingsAllow: additive, idempotent settings.json writers that preserve every other key
    • re-assert the infra allow-rules on daemon startup so an install from a prior session self-heals into settings.json with no user action
    • add mcp__sentinel__retrieve to every curated subagent's tools allowlist so reversible elision is actually reversible inside restricted-tools agents
    • extend the retrieval-MCP integration test to assert settings.json (not just the DB) carries the allow-rule
  • app: hide the Claude Desktop banner once active and move Disable into Settings
    • hide DesktopSurfaceCard when the desktop app is already routed through Sentinel (active), matching the CLI ActivationBanner's active-state gate, so the banner no longer persists with a Disable button after enabling
    • keep the banner only for the two actionable states: Enable (not routed) and Re-apply (foreign-gateway drift recovery)
    • add a "Route Claude Desktop through Sentinel" toggle to Settings, General tab, wired to the drift hook's activate/deactivate, shown only when the desktop app is installed and disabled while an action is in flight
    • add optional disabled support to the ToggleRow settings primitive
  • daemon: roll over usage windows on an internal timer when their reset elapses
    • add RateLimitStore.expireStaleWindows to zero utilization, clear status, and null the reset on any window whose reset timestamp has already passed
    • add a rate-limit sweeper that runs at daemon startup and every 60s, broadcasting rate_limits_updated for each account it rolls over
    • reset stale pool and per-account usage (and stop the "resets soon" countdown) even when no requests flow through the proxy
    • release a lingering weekly-rate-limit pause off the now-allowed status via a recompute hook, since a nulled reset is skipped by the reset-delta release paths

Maintenance

  • apply Prettier formatting to daemon desktop, sweeper, and claude-sync files
    • reformat files flagged by the CI format:check (whitespace and line-wrapping only, no logic change)
  • site: update Claude Desktop enable/disable flow and note retrieve auto-allow
    • move the Claude Desktop disable instructions from the now auto-hiding banner card to Settings, General tab
    • note that the desktop card disappears once routing is active, in both the connect guide and troubleshooting
    • document that Sentinel auto-allows mcp__sentinel__retrieve in ~/.claude/settings.json so Claude Code never prompts for it, including inside subagents

Full changelog: v0.7.0...v0.8.0

Sentinel v0.7.0

Choose a tag to compare

@github-actions github-actions released this 06 Jul 20:00
56116db

Features

  • site: re-record the Optimize hero clip so the savings climb on camera
    • replace the date-selector pan with a push-in on the Compression savings that counts up live from a low number to the real $15,951.72 / 1.37B tokens
    • keep the steady "content reduced 75%" headline on screen while the dollar and token counters spin up
  • site: open hero carousel demos in a click-to-open lightbox
    • click any hero carousel clip (or press Enter/Space) to open it full size in a centered modal with native playback controls
    • show a hover and focus expand affordance on the active clip, and pause the inline carousel videos while the lightbox is open
    • close the lightbox on backdrop click, the X button, or Escape, with body-scroll lock and focus moved into the dialog
  • site: play 15 feature demo videos in the carousel and pillar lightboxes
    • add the 15 recorded demo clips and first-frame poster images under public/videos and flip every feature and pillar entry to hasVideo
    • stack the carousel clips so a tab switch plays instantly, crossfade between slides, and hydrate the island eagerly so the first click is never lost
    • open pillar demos in a click-to-open lightbox with full playback controls, closable by backdrop, button, or Escape
    • remove the placeholder poster SVGs now that real recordings and JPEG posters exist
  • app: add a demo-clip recording pipeline for the marketing videos
    • add demo-recordings: a mock IPC bridge, a fake macOS desktop stage, a synthetic-cursor Playwright recorder, and per-slug recipes that drive the real React UI and composite branded bookends with ffmpeg
    • add video-bookends: branded HTML intro and outro scenes plus a headless capture script that renders them to 1920x1080 MP4
    • add a record-demo-clip skill documenting the run procedure and the recording gotchas
    • git-ignore rendered clips and scratch harnesses; the shipped clips live under packages/site/public/videos
  • optimize: detect when Claude Code bypasses Sentinel's proxy and explain the empty Optimize tab (#17)
    • add a capture-health tracker that compares OTEL api_request activity against real (non-probe) proxy /v1/messages traffic and flags proxy-bypassed when telemetry flows but no API calls reach the proxy
    • surface a banner on the Optimize tab that explains the bypass and tailors the fix by whether settings.json already points ANTHROPIC_BASE_URL at Sentinel (file correct: look for an OS env or higher-precedence settings override; file wrong: fix the base URL)
    • add a get_capture_health IPC plus a capture_health_changed broadcast that fires only on real state transitions
    • read ANTHROPIC_BASE_URL into the OTEL drift inspector's observed env without changing the metrics drift classification
    • feed the tracker via new onRealMessagesRequest (proxy) and onApiRequestEvent (OTEL receiver) callbacks, excluding probes and count_tokens from the proxy count
  • site: add a pulsating ion-engine plume under the hero mascot
    • Add a thruster beneath the robot head: an outer layer rides the mascot's float so the plume stays glued to the head, while an inner plasma flame swells and flickers, so it looks like the mascot fires a small rocket to sustain its float
    • Honor prefers-reduced-motion by settling the plume into a calm static state
  • site: refresh marketing copy, add pillar sections, and animate the hero
    • Reframe usage and metrics copy away from "limits Claude Code hides" toward the overage status and Team/Enterprise budget Claude Code does not surface
    • Frame multi-account around managing the accounts you own rather than pooling to beat limits
    • Cover the sandbox and all three optimization levers (curated subagents, compression, code execution) in the feature copy
    • Move Optimize to the second slot in the feature carousel
    • Add pillar deep-dive sections for multi-account, security, and optimization with sub-feature cards and demo placeholders
    • Animate the hero with a floating mascot, breathing glow, sonar pulse rings, and a staggered entrance
    • Add a faint hero dot-grid and a soft ambient glow behind the feature and pillar sections
    • Expand the demo shot list and add poster placeholders for the new sub-feature clips
    • Attribute the footer copyright to Intevity
  • accounts: replace round-robin with a single "Auto" account-switching mode
    • Rename the Manual/Round-robin toggle to Manual/Auto and remove the Balance strategy; Auto always uses the earliest-reset engine
    • Auto-migrate persisted settings on load (switchingMode 'round-robin' → 'auto', drop roundRobinStrategy) so beta users keep rotation with no data loss
    • Show the account currently serving requests (email + plan) in the header instead of a round-robin pill, updating live via a new routed_account_changed broadcast
    • Add an "Account Switching" label with an info modal explaining Manual vs Auto, aligned right with a divider next to Refresh/Add Account
    • Remove the rotation-strategy selector from Settings and delete the RoundRobinStrategyMenu component
    • De-brand "round-robin" across Settings, the tour step/illustration, the Usage/Metrics pool views, and the marketing site
  • accounts: add dev-only demo mode to mask account identity in recordings
    • Add demoMode.ts to mask every account's email, name, and organization in the UI (dev builds only) for screen recordings
    • Add a Settings toggle for demo mode and thread masking through the accounts/daemon hooks and the IPC layer
  • security: reorganize Settings into sub-tabs and consolidate all security config under Settings → Security
    • Split the Settings → Security tab into Scanning / Permissions / Isolation / Sync sub-tabs and the Data tab into Retention / Features / Telemetry, persisting the active sub-tab across restarts
    • Move the tool-permission rules editor inline into Settings → Security → Permissions and remove the standalone SecurityRulesOverlay modal
    • Fold the scanning allowlist and sandbox isolation config into the Settings → Security sub-tabs as the single source of truth
    • Reduce the top-level Security dashboard to a live monitor with compact quick-toggles plus a Configure deep-link into the relevant sub-tab
    • Point the header shield icon directly at Settings → Security → Permissions
    • Add a search box to Permission bypasses and a shared SearchInput used consistently across detectors, allowlist, bypasses, and rules
    • Extract reusable AllowlistPanel, PermissionRulesPanel, and FilterChip components from the removed overlay
  • security: surface sandbox isolation on the Security page, setup wizard, and tour
    • add a first-class Isolation card to the Security page with master and leg toggles, live capability status, and a link to configure domains and paths
    • add an opt-in Isolation step to the Security Setup Wizard (off by default; writes the policy only when the user enables it)
    • add a first-run tour step that points at the Isolation card on the Security tab
    • open the Security overlay directly to the Isolation tab from the card's Configure link
  • security: add OS-level sandbox isolation via @anthropic-ai/sandbox-runtime
    • add a canonical IsolationPolicy model (network/filesystem/credentials) with pure mappers onto Claude Code's settings.json sandbox block and the sandbox-runtime config
    • Leg A: bidirectionally sync the policy into ~/.claude/settings.json#/sandbox, mirroring the permissions claude-sync engine (push/pull, merge/import/export, file watcher, first-enable marker)
    • Leg B: wrap code-mode MCP stdio children in the OS sandbox via SandboxManager, with per-platform capability detection and graceful degrade when the host cannot enforce
    • add sandbox IPC (sandbox_sync_pull, get_sandbox_status, get_sandbox_capability) and an Isolation tab in the Security overlay for editing domains, paths, and credentials
    • ship the seccomp/srt-win helper binaries beside the sidecar in build-sidecar and resolve them at runtime; Windows is network-only
    • opt-in and off by default; the daemon starts, stops, and refreshes the sandbox engines on settings changes

Bug fixes

  • optimize: reach bridged MCP servers from subagents and stop repeated retrieve prompts (#35)
    • Inject a managed code-mode block into ~/.claude/CLAUDE.md so bridged MCP servers are reachable from subagents, which get no skill advertisement, in every project including plugin agents
    • Preload the sentinel-code-mode skill into installed Bash-capable curated agents while code mode is active, and strip it when the last server reverts
    • Auto-allow mcp__sentinel__retrieve so Claude Code never prompts for Sentinel's own read-only, loopback-gated retrieval tool (durable, user-global, covers subagents)
    • Auto-allow the code-mode endpoint curl so subagents can call bridged servers without a native Bash prompt
    • Detect CLAUDE.md block drift in get_code_mode_status, self-heal it at daemon startup, and add a Repair action to the Optimize context panel
    • Tear down the block, curated preloads, and allow rules cleanly on revert-to-zero and retrieval uninstall
  • app: center the demo recorder push-in and add a parametrized savings ramp
    • fix the zoompan focal math so the push-in stays centered on the window; the previous scaled-space formula shoved the frame off-center past about 1.6x zoom
    • let __demo_ramp take from and ms so a recipe can spin the savings up from any starting fraction, and add __demo_ramp_set to freeze the totals low before the climb
    • rewrite the optimize recipe to freeze the savings low, push in on the money tiles, then climb to the real total
  • site: replace the clipped Intevity footer logo with a full, padded mark
    • The footer logo PNG was a 12x14 crop with the orange mark flush to every edge (its bottom row clipped), so it read as cut off at any display size; replace it with the full-resolution mark re-cropped from source with transparent padding, rendered via object-contain so it st...
Read more