Hacker Sidekick app (desktop)

Hacker Sidekick is a single installable desktop app: a full editor and workbench with an AI assistant built in, aimed at cybersecurity work (blue, purple, and red team, secure development, pentesting).

The app uses your configured model endpoint and your account at portal.hackersidekick.com. Product and downloads: hackersidekick.com.

At a glance

Piece	Role
Workbench	Files, integrated terminal, debugging, tasks, extension host, and the usual editor productivity features.
AI assistant	Modes, providers, tools, MCP, checkpoints, and related settings, integrated in the same app.
Branding and updates	Product name, icons, defaults, and update channels in the shipped build.
APIs	OpenAI-compatible base URL and Authorization (JWT from the portal or an API key) to the hosted model service.

Manage plan, billing, and API keys in the browser at portal.hackersidekick.com.

Public vs private / enterprise

Public sign-in uses a browser flow against the portal origin. Private enterprise setups use Connection settings. There is no separate cloud account tab in the sidebar webview; use sign-in and Connection to match your environment.

What's in the product

Hacker Sidekick ships as one product:

Editor and workbench - Source control, multi-root workspaces, integrated terminal, debugging, tasks, and extensions.
AI assistant - Packaged in the same install so the full workflow is there on a clean machine.

For a security-focused walkthrough (Git, workspaces, linting, terminals, MCP, auto-approve, checkpoints, public account vs enterprise API key, and reset paths), see Editor and assistant (security features).

Assistant behavior typically includes:

Modes - Planning, architecture, debugging, custom modes, long-running work.
Providers - Hacker Sidekick API (OpenAI-compatible) or your own keys and local inference.
Tools and MCP - Tooling and Model Context Protocol integrations.
Auto-approval - Control what runs without confirmation.
Codebase - Indexing and retrieval; the hosted service can provide embeddings for compatible clients.
Customization - Global or repo-scoped settings, slash commands, model options.

Product behavior:

The shipping app is configured to use https://api.hackersidekick.com/v1 and https://portal.hackersidekick.com.
After portal sign-in, the editor opens via a custom URL scheme (e.g. hacker-sidekick-ihe://... with session_token), not an HTTP redirect to localhost.
Updates - Marketing version (hackerSidekickVersion) plus git-commit comparison to a Cloudflare manifest (not semver alone on the client).

Hacker Sidekick needs an OpenAI-compatible base URL for the LLM and a portal origin for browser sign-in.

Production defaults

Role	URL
OpenAI `baseURL` (LLM / provider)	`https://api.hackersidekick.com/v1`
Portal	https://portal.hackersidekick.com
Marketing	https://hackersidekick.com

`baseURL` must end with `/v1`

Client libraries append /chat/completions to baseURL, not /v1/chat/completions again.

OK: https://api.hackersidekick.com/v1 - requests hit .../v1/chat/completions.
Bad: https://api.hackersidekick.com - often 404 on chat.

This is the canonical OpenAI base URL; the app stores it as openAiBaseUrl.

Auth to the model endpoint

Bearer JWT - After sign-in on the portal, the app sends Authorization: Bearer <token> to the model endpoint. If your session token expires quickly, use a portal-issued API key in Connection settings instead, or follow your deployment’s guidance for longer-lived tokens.
API key - sk-hsk_... from the portal, usable in Connection settings. Create keys under account flows on portal.hackersidekick.com.

The app opens the portal on a path like {origin}/sign-in?extension_auth=1&redirect_url=..., where origin is the portal base the app is paired with. After you sign in, the flow returns to the desktop; see Deep links and local dev.

Deep links and local dev

After sign-in, the portal does not HTTP-redirect the editor through a local development web server. It uses a custom URL scheme (for example hacker-sidekick-ihe://...?session_token=...) so the Hacker Sidekick app receives the session on your machine.

If more than one Hacker Sidekick is installed, the same OS URL handler can be shared. Start sign-in from the copy of the app you mean to use. If the browser does not return you to the right window, confirm which app you launched, then try again.

Versioning and updates

Workbench - The editor host version your extensions and the UI run on.
Hacker Sidekick - The product version shown in About and in release notes, used for update checks against the app’s release channel.
Built-in assistant - The integrated AI package has its own version line within the app.

In-app updates - The app checks a published release manifest (for example release.hackersidekick.com). Account and billing stay on the portal.

Hacker Sidekick app (desktop) ​

At a glance ​

Public vs private / enterprise ​

What's in the product ​

Connection and sign-in ​

Production defaults ​

baseURL must end with /v1 ​

Auth to the model endpoint ​

Portal sign-in in the browser ​

Deep links and local dev ​

Versioning and updates ​

See also ​