Skip to content

Sentinel v0.8.8

Choose a tag to compare

@github-actions github-actions released this 15 Jul 19:09
246035a

Features

  • daemon: expose Sentinel's MCP server to Claude Desktop via a stdio bridge
    • new mcp-stdio bridge mode in the daemon binary relays newline-delimited JSON-RPC to the local /mcp endpoint (Claude Desktop only spawns stdio MCP servers and silently drops http entries)
    • enabling desktop routing installs a sentinel entry in claude_desktop_config.json; disabling removes it, preserving every other server and key
    • a startup self-heal keeps the entry current across app updates, port changes, and token rotation
    • desktop Code sessions gain the same compression-retrieval and code-mode tooling as the CLI
  • app: set an organization at add time and edit account name/org later
    • the add-account name step gains an optional Organization field (setup tokens can't derive it from the API)
    • new Edit action on each account card opens a name + organization editor
    • update_account IPC accepts displayName/orgName; edits to the active account are mirrored into ~/.claude.json so refresh can't clobber them back

Bug fixes

  • daemon: never let a stopped sandbox-sync engine's in-flight work write settings
    • pull/push paths capture a generation at entry and bail after each await when stop() has run, so an in-flight debounced pull can no longer race shutdown and write a stale policy
    • fixes the order-dependent sandbox-sync integration flake where a previous test daemon's late write flipped syncToClaudeCode on the next daemon's freshly-seeded settings
    • a fresh manual pull after disabling sync still works (the guard is per-generation, not a kill switch)
  • ci: restore the id-token permission for Windows code signing
    • the Windows release leg's Azure login uses GitHub OIDC for Authenticode signing; removing the workflow-level id-token permission with the S3 job broke the v0.8.7 build
    • the permission is now scoped to the build job only

CI & build

  • release: switch auto-updates from S3 to GitHub Releases
    • the updater endpoint is now the release channel itself (releases/latest/download/latest.json) instead of the unset S3 placeholder, enabling in-app updates for the first time
    • the finalize workflow assembles the corrected cross-platform manifest and replaces tauri-action's stale one on the release; the S3 mirror job and its AWS OIDC permissions are removed
    • release builds no longer stamp the updater endpoint from the UPDATER_PUBLIC_BASE repo variable

Maintenance

  • repo: remove the stale documentation/ planning notes
    • the compression, optimize, security, and screenshots plans all describe features that shipped long ago; the docs site is the living documentation
    • the contributing guide now carries the screenshot-capture instructions inline instead of linking the deleted file
  • repo: fix the README badges and add the MIT LICENSE for the public repo
    • add the LICENSE file (MIT) so GitHub license detection and the license badge resolve
    • run CI on pushes to main and point the CI badge at branch=main so it reflects main, not whichever PR finished last
    • declare the license in package.json
  • site: document Claude Desktop support and the setup-token account flows
    • landing page states Sentinel covers both Claude Code and the Claude Desktop app (hero, feature grid, pillars, meta description)
    • accounts docs rewritten for the setup-token add flow: name/organization fields, Restore for deleted accounts, re-authentication, editing name and org
    • quick start updated for the in-app terminal add flow and Desktop routing step
    • Desktop guide: Windows verified end-to-end, full-quit nuance (Task Manager), credential health lives in Sentinel
    • troubleshooting: replaced stale browser-OAuth sections with setup-token entries, added Desktop credential-rejection and stuck model-picker fixes with Desktop log locations

Full changelog: v0.8.6...v0.8.8