Date: 2026-04-01
Tag: v0.0.13
Release 0.0.13 completes Phase 3: Notifications & Pairing Hardening for the mobile companion app, making the v1 mobile rollout production-ready. Users can now receive push notifications, pair via QR code, and benefit from token rotation and improved connection reliability.
-
Push notifications. The mobile companion now fires local notifications when the app is backgrounded and an attention-requiring event arrives: approval requests, user-input requests, turn completions, and session errors. Notification channels are configured for both Android (importance levels) and iOS.
-
QR code pairing. The desktop Settings page includes a new "Mobile Companion" section with a scannable QR code. The code auto-refreshes every 5 minutes and uses short-lived tokens so expired codes cannot be reused. A "Copy pairing link" button is available for clipboard-based pairing.
-
Token rotation and revocation. The server now supports token lifecycle management: generate short-lived pairing tokens, rotate the primary auth token (with a 30-second grace period for in-flight connections), revoke individual tokens, and list all issued tokens. Four new WebSocket methods expose this functionality.
-
Improved mobile pairing UX. The mobile pairing screen now offers a "Paste from clipboard" button that auto-detects and applies valid pairing links. Instructions guide users to the desktop QR code flow.
-
Connection state banner. When running in the mobile shell, a context-aware banner displays connection status: blue for connecting, amber with pulse animation for reconnecting, and red for disconnected. The banner is hidden when connected.
-
Native notification permissions. Android
POST_NOTIFICATIONSandSCHEDULE_EXACT_ALARMpermissions and iOSUIBackgroundModesare now declared in the native project manifests. Capacitor plugin configuration includes notification icon and color defaults.
- None.
server.generatePairingLink— Generate a short-lived pairing URL with configurable TTL.server.rotateToken— Issue a new primary auth token and grace-period revoke the old one.server.revokeToken— Immediately invalidate a specific token by ID.server.listTokens— List all issued tokens (values masked).
GET /api/pairing?ttl=<seconds>— Returns a JSON object withpairingUrl,expiresAt, andserverUrlfor QR code generation. Requires auth to be enabled on the server.
- CLI:
npm install -g okcodes@0.0.13(after the package is published to npm manually). - Desktop: Download from GitHub Releases. Filenames are listed in assets.md.
- QR scanning on mobile is not yet supported natively. Users must copy the pairing link from the desktop QR screen and paste it in the mobile app, or open the link via deep link from another app.
- OK Code remains early work in progress. Expect rough edges around session recovery, streaming edge cases, and platform-specific desktop behavior. Report issues on GitHub.