Changelog
VSRelay’s release history. Each phase represents a focused doctrine pass with its own spec, plan, and shipped commits in the closed-source repo.
Phase 1.23 — Extension Marketplace Release v0.3.0 (DATE TBD)
Closed-source commercial product shipped to VS Code Marketplace + Open VSX. Licensor: Goliath IT Solution (Norway). esbuild —production single-bundle. First-activation privacy consent gate; vsrelay.copyDiagnosticInfo command with platform-path scrub.
Spec: docs/superpowers/specs/2026-05-31-extension-marketplace-release-design.md (rev 6).
Plan: docs/superpowers/plans/2026-06-01-extension-marketplace-phased-rollout.md.
Phase 1.22 — VSRelay rebrand (2026-05-24)
Product renamed AgenticIDEs → VSRelay; extension id maga.agentic-ides → vsrelay.ide; commands agentic-ides.* → vsrelay.* (transitional aliases retained); config namespace agenticIdes → vsrelay; runtime dir ~/.agentic-ides → ~/.vsrelay (copy-first migration); workspace scope @agentic/* → @vsrelay/*. Non-destructive throughout.
Typed Tool Blocks + Chat Liveness v1 (2026-05-25)
Typed projection of agent activity instead of forcing each client to parse Claude Code’s raw JSONL. New ContentBlock protocol shape; tool-projection.ts is the sole owner of JSONL → typed-block mapping. Chat liveness adds server-authoritative turn_status with a 120 s idle backstop, optimistic user echo, and a true interrupt_request that halts the turn server-side. Doctrine win: a Claude Code format change is an extension-update fix now, not an App-Store-gated one.
Trusted Relay Migration + Supabase Validation (2026-05-24)
Production relay moved to wss://relay.vsrelay.dev (Hetzner, systemd, nginx TLS). Room admission validated against Supabase via a secret-gated relay_lookup_room RPC — sha256 hash-compare of the presented token. Fail-closed isTrustedRelay gate added to extension activation.
Phase 1.21 — IDE Instance Routing v1 (2026-05-24)
Recovery actions routed to a stable IDE-instance identity instead of being re-resolved from disk. A user with several live instances sees which one a recovery action targets; a mis-targeted action fails closed. Opaque pathHash (sha256 of canonical install realpath) — no raw install paths on the wire.
Phase 1.20 — @vsrelay/doctor CLI (2026-05-22)
npm-published recovery CLI. npx @vsrelay/doctor repair works from any terminal — no repo, no pnpm. Self-contained npm tarball with bundled manifests. Same single TypeScript apply implementation in @vsrelay/patch-applier as the in-extension applier.
Phase 1.19 — In-extension patch applier (2026-05-22)
End-user one-click Claude Code patch recovery. Phone tap → wire message → extension validates vsrelay.* allowlist → invokes registered command → modal pops on desktop → user clicks Allow → patches apply atomically. No source repo, no pnpm, no shell knowledge required.
Phase 1.18 — RecoveryActions v1 (2026-05-21)
Converted the hardcoded 'pnpm patches:apply' PWA-side string fallback into a declarative recoveryActions: RecoveryAction[] array on both ClaudeIntegrationStatus and ErrorMessage. Native iOS / Android clients can render recovery flows from data alone — no native release required when a Claude Code break needs a new command, URL, or instructions.
Phase 1.17 — Files Plane Controller v0.1 (2026-05-21)
Browse + view + edit + create/rename/delete the workspace file tree from the phone, with optimistic (mtime, sha256) concurrency and a CodeMirror 6 editor in the PWA. Stable VS Code + Node fs APIs only. Atomic writes via temp-file + rename.
Phase 1.16 — Diagnostics Plane Controller v0.1 (2026-05-21)
Observe + Reveal — the phone lists every vscode.Diagnostic the IDE’s language servers + lint extensions emit (TypeScript, ESLint, Pylint, rust-analyzer, etc.) and can open the file at a problem’s line. Strictly metadata-only; no Quick Fix in v0.1.
Phase 1.15 — Terminal Plane Controller v0.2A: Managed Terminals (2026-05-21)
Additive to v0.1. The phone may now spawn, observe, type into, and kill managed terminals — vscode.Pseudoterminal-backed terminals created on the phone’s request and owned by the extension host via node-pty. User-created terminals stay observe + reveal only. Four locked security gates (capability negotiation, desktop confirm once per host lifetime, max 4 managed terminals, per-keystroke audit log with raw bytes redacted).
Phase 1.14 — Terminal Plane Controller v0.1 (2026-05-20)
Observe + Reveal only — the phone lists the user’s real Cursor / VS Code integrated terminals and can bring one to focus on the desktop. Strictly metadata-only; explicit doctrine guardrails against output streaming, input sending, command execution.
Phase 1.11A — SSH Key Setup Core (2026-05-19)
Safe server-side authorized_keys install / list / remove primitive + PWA-only manual wizard. PEM private-key blocks rejected at the server; refuses on bad permissions (0700 / 0600); refuses on symlink. Marker-based revocation; one-time pre-mutation backup.
Phase 1.10 — Open Workspace primitive (2026-05-19)
New open_workspace protocol message with capability gate (workspace_activation), WorkspaceController.validateWorkspaceTarget validator (projectRoots allowlist + system-paths blocklist + symlink resolve), strict ack-before-invoke ordering. Phone can switch the editor’s open workspace from a typed roots list.
Phase 1.8 — Reliability + Observability sweep (2026-05-19)
Five concurrent audit agents reviewed session lifecycle, connection layer, PWA state/persistence, security/file access, and protocol/dispatching. Highest-impact fixes: token never written to diagnostic log; path-traversal via startsWith prefix fixed; messages removed from zustand persist; per-session message cap of 500; transport disposed flag prevents React-StrictMode orphan-reconnect storm; trace-ID correlation across PWA → relay → extension → bridge → JSONL.
Phase 1.7 — PWA Control Loop Completion (2026-05-18)
Permission approve / reject, diff accept / reject, session subscriptions, collapsible tool blocks, reconnect re-watch. The phone can fully control Claude Code’s permission and diff loop.