Releases: smarchetti/agent-sidecar
Release list
v0.8.0
- Canvas composer: a free-text input in the canvas shell — tell your agent something from the browser anytime, no artifact required. Notes arrive as a new
noteinteraction kind, attributed to the user, and are skipped by artifact-filtered waits. - Canvas restyled to the ember/ink brand (system fonts, works offline).
- Artifact quality bar added to the server instructions, so agents produce well-designed artifacts by default (layout, accent discipline, button sizing, confirmation states).
- Releases now publish to npm automatically via GitHub Actions trusted publishing with provenance (tag push → test → publish → GitHub release).
- Site: OpenGraph/Twitter cards with a hero image, styled 404 page. CI runs on macOS and Linux.
v0.7.0 — agent-sidecar rebrand + multi-agent docs
The plugin, MCP server, and canvas are all named agent-sidecar now. Install: /plugin marketplace add smarchetti/agent-sidecar then /plugin install agent-sidecar@agent-sidecar (existing installs of the old sidecar plugin: uninstall and reinstall). Docs now include setup for Cursor, VS Code, Codex CLI, Gemini CLI, and Windsurf — any MCP client can run bunx agent-sidecar. Technical identifiers (.sidecar/, SIDECAR_PORT, X-Sidecar-Token) are unchanged.
v0.6.0 — npm distribution
Now published as agent-sidecar on npm. The plugin manifest launches bunx agent-sidecar@0.6.0; the repo no longer carries a committed bundle. Install is unchanged: /plugin marketplace add smarchetti/agent-sidecar then /plugin install sidecar@agent-sidecar.
v0.5.0 — background watcher endpoint
New GET /api/wait long-poll endpoint: blocks until the next interaction and returns it as JSON (token-gated; artifact_id filter, optional timeout cap). Lets Claude run a background curl watcher and keep working instead of parking on the blocking tool. See CHANGELOG.md.
v0.4.0 — production hardening
0.4.0 — 2026-07-03
Production hardening.
Security
POST /api/webhooknow requires a random per-session token (headerX-Sidecar-Token,?token=, orAuthorization: Bearer), closing a cross-site request forgery hole where any webpage could inject text in front of Claude via localhost POSTs.- Artifact iframes are sandboxed (
allow-scripts allow-forms allow-popups, opaque origin).claude.send()now crosses a postMessage bridge validated and forwarded by the canvas shell, which holds the token; artifact code never sees it.
Reliability
- Multiple sessions coexist: if the preferred port (default 8765) is taken, the server falls back to an ephemeral port instead of crashing. Each session writes
.sidecar/session.json(pid, port, url, token) for discovery by external callers. - Canvas contents persist to
.sidecar/artifacts.jsonand are restored on restart. await_interactionacceptsartifact_idto filter, so stale clicks on other artifacts can't be misread as the answer.claude.send()debounces identical payloads within 1.5s (double-click protection).- Canvas reconnects jump to the newest artifact instead of staying pinned to the URL-hash one.
interactions.jsonlrotates at 5MB.- Browser auto-open works on macOS, Linux, and Windows.
Tooling
- End-to-end test suite in-repo (
bun test), exercising the server over real MCP stdio. - CI workflow: tests plus a check that the committed
dist/sidecar.jsmatches the source. - Landing page deploys to GitHub Pages.