{"slug": "show-hn-sidekick-the-zot-coding-agent-one-click-away-on-macos", "title": "Show HN: Sidekick – The zot coding agent, one click away on macOS", "summary": "A new macOS menu bar app called Sidekick provides one-click access to the zot coding agent from anywhere on the system, featuring a floating panel, global hotkey, and support for image queries. The app bakes the zot binary directly into its bundle and manages its own updates, eliminating the need for a separate zot installation. Sidekick requires macOS 26 or later and an API key from providers like Anthropic or OpenAI, though its use of third-party OAuth client IDs for subscription login may violate those services' terms of use.", "body_md": "A macOS menu bar app that provides quick access to zot from anywhere on your system.\n\n**Let zot sidekick whip up your emails:**\n\n**Let zot sidekick give your code a glow-up:**\n\n**Menu Bar Integration**: Lives in your menu bar for quick access** Global Hotkey**: Long-press the Right Option key to toggle the panel from anywhere** Floating Panel**: Spotlight-style centered floating window that remembers its position and size** Chat Interface**: Clean, dark-themed chat interface with streaming responses** Image Support**: Drag and drop images for vision-based queries** Sessions**: Conversations auto-save and can be browsed, searched, reloaded, and deleted** Working Directory**: Set context for file operations** Inline Settings**: Configure provider, authentication (API key or subscription), and model directly in the panel\n\n- macOS 26 or later\n- A recent Xcode (the project targets the macOS 26 SDK)\n- An Anthropic, OpenAI, etc. API key, or a supported subscription login\n\nNote on subscription login.The OAuth client IDs used are the ones published in Anthropic's Claude Code CLI, OpenAI's Codex CLI, and the Kimi Code CLI device-code flow. Reusing them from a third-party tool may be against their terms of service and may be revoked at any time. Use it at your own risk; the API-key flow is the safe default.\n\nThe `zot`\n\nbinary is **baked into the app bundle**, downloaded from the\n[official GitHub releases](https://github.com/patriceckhart/zot). No separate\nzot install is required, and the app never uses any zot on your system PATH.\n\nOn launch the app checks the\n[zot-sidekick releases](https://github.com/patriceckhart/zot-sidekick/releases)\nand compares the latest tag with its own version (`AppUpdater.swift`\n\n). When a\nnewer release exists, a small primary \"Update\" button appears in the panel top\nbar (after Settings and Sessions) that opens the latest release page.\n\nThe app manages its own copy of the zot binary in Application Support and\nupdates it entirely in Swift (`ZotUpdater.swift`\n\n):\n\n- On launch and on demand it checks the GitHub releases API for the latest version.\n- When a newer version exists, Settings shows a primary \"Update zot\" button that downloads the correct darwin build for your architecture, extracts it, and atomically replaces the installed binary, then restarts the bridge.\n- The bundled in-app copy only seeds the first install; downloaded updates are preferred and are not overwritten unless a newer build ships in the app.\n\nNo shell script is involved at runtime.\n\n`scripts/bundle-zot.sh`\n\nis a pre-release helper to refresh the binary that\nships inside the app bundle. It is not part of the running app and does not\naffect the in-app update path.\n\n- Open\n`zot sidekick.xcodeproj`\n\nin Xcode - Build and run (Cmd+R)\n- Grant Accessibility (for the global hotkey and \"Paste into\") via the menu bar icon's right-click menu (\"Open Accessibility Settings\"); Screen Recording is requested lazily the first time you take a screenshot\n- Open the panel and click the gear (Settings) in the top bar to configure authentication\n\n**Menu Bar Click**: Click the icon in the menu bar to toggle the panel** Global Hotkey**: Long-press the Right Option key (about 0.4s) to toggle it from anywhere** Dismiss**: Press Escape or click the menu bar icon again\n\nThe panel remembers the position and size you drag it to across hide/show. It resets to the default centered position only when you quit and relaunch.\n\n- Type your question in the input field at the bottom\n- Press Enter or click the send button\n- Drag and drop images onto the window to include them in your query\n- Click \"Copy\" on any assistant response to copy it to clipboard\n- Click \"Paste into …\" to paste the response into your previously active application\n\n- Click the folder icon in the input bar to set a working directory\n- zot will use this directory as context for file operations\n\n- Conversations are saved automatically after each reply\n- Click \"Sessions\" in the panel top bar to browse, search, reload, or delete saved sessions\n- Sessions are stored as flat JSON files in\n`~/Library/Application Support/zot sidekick/sessions/`\n\n(no project folders) - Click \"+ New\" to start a fresh conversation\n\n- Click the gear (Settings) in the panel top bar to open settings inline\n- Configure:\n- Provider (Anthropic, OpenAI, ChatGPT Subscription, Kimi, Google, DeepSeek, Ollama)\n- Authentication: either a subscription login or an API key\n- Default Model\n- zot binary version, with a primary \"Check for Updates\" / \"Update zot\" button\n\nProviders that support subscriptions (Anthropic Claude, ChatGPT, Kimi) offer a \"Log in with subscription\" button. This runs the same OAuth flow as the zot CLI:\n\n- Anthropic and ChatGPT open a browser and capture the callback on a local loopback port (PKCE).\n- Kimi uses the OAuth device flow (a code plus a browser page).\n\nTokens are written to the bundled binary's `ZOT_HOME/auth.json`\n\n, so the\nembedded zot uses your subscription with no extra setup. API keys are stored\nthe same way. Use \"Sign Out\" to remove stored credentials for a provider.\n\nThe model picker shows models from every provider you are logged into, grouped\nby provider. The full live model list per provider is fetched via a one-shot\n`zot rpc`\n\nquery (`ZotModelFetcher`\n\n). Choosing a model from a different provider\nswitches the active provider and restarts the bridge with its credentials.\n\n**AppDelegate**: Owns the menu bar icon, the panel, and the global hotkey** HotkeyMonitor**: Long-press Right Option detection (CGEvent tap with an NSEvent fallback)** PanelController**: Controls the floating panel window and remembers its frame** PanelChatView**: SwiftUI chat UI, including the inline settings overlay (`InlineSettingsView`\n\n) and the typing indicator**AppState**: Observable state management with`@Observable`\n\n, plus binary preparation and session/auth orchestration**ZotBridge**: Spawns and communicates with the bundled`zot rpc`\n\nprocess via JSON-RPC**SessionStore**: Flat-file JSON persistence for sessions (no project folders)** ZotAuth / ZotOAuthLogin**: API keys and subscription OAuth, written to`ZOT_HOME/auth.json`\n\n**ZotUpdater**: GitHub release checks and in-Swift download/install of the bundled zot binary** AppUpdater**: Checks zot-sidekick releases and surfaces the in-app \"Update\" button** ZotModelFetcher**: One-shot RPC that fetches the full live model list per authenticated provider** SettingsWindow**: A standalone settings window (legacy fallback; the inline panel settings are the primary path)\n\nThe app uses:\n\n- SwiftUI for the UI\n- Observation framework for state management\n- ScreenCaptureKit for screenshot functionality\n- Process for spawning the bundled zot binary\n- NWListener loopback servers for OAuth callbacks\n- Icon Composer (\n`Icon.icon`\n\n) for the Liquid Glass app icon, with a classic`AppIcon.appiconset`\n\nas the fallback for older macOS\n\nThe app icon is an Icon Composer bundle (`Icon.icon`\n\n). Because the CI runner's\n`actool`\n\ncan crash compiling `.icon`\n\n, the catalog is precompiled on a Mac with\na recent Xcode into `prebuilt-icon/Assets.car`\n\n(plus `Icon.icns`\n\n) via\n`scripts/compile-icon.sh`\n\n, committed, and injected into the built app by the\nworkflow. Re-run that script and commit `prebuilt-icon/`\n\nwhenever the icon or\nasset catalog changes. The classic `AppIcon.appiconset`\n\nremains as a fallback\nfor pre-26 macOS.\n\n`.github/workflows/build-dmg.yml`\n\nbuilds the app on `macos-latest`\n\n(pinned to\nthe latest Xcode) on every push and on manual dispatch. It:\n\n- auto-versions each build from the run number with rollover\n(\n`0.0.1 ... 0.0.99 -> 0.1.0 ... 0.99.99 -> 1.0.0 ...`\n\n), - signs the app (including the embedded zot binary) with a Developer ID certificate and hardened runtime, then notarizes and staples the DMG,\n- packages a\n`zot-sidekick-<version>.dmg`\n\ncontaining the app and an`Applications`\n\nsymlink for drag-and-drop install, - uploads the DMG as a build artifact, and publishes a GitHub Release\n(tag\n`vX.Y.Z`\n\n, marked as latest) on every push to`main`\n\n.\n\nReleases are notarized Developer ID builds, so they launch without Gatekeeper warnings. If the signing secrets are absent, the workflow falls back to an ad-hoc signature; such builds require a right-click \"Open\" on first launch and re-prompt for Accessibility on every launch.\n\nThis app bundles the zot binary and spawns it as a child process that reads\nand writes files anywhere and runs developer tools. That model requires the\nsandbox to be off (`ENABLE_APP_SANDBOX = NO`\n\n) and is therefore distributed as\na notarized, Developer ID-signed build outside the Mac App Store, the same as\nthe zot CLI itself. The Mac App Store requires a sandbox that would prevent\nthe embedded agent from doing its job, so it is not a target for this app.\n\nFor release: archive in Xcode, sign with your Developer ID (deep-signing the\nembedded `zot-bin`\n\n), notarize with `notarytool`\n\n, then staple and ship the\n`.dmg`\n\n.\n\nMIT", "url": "https://wpnews.pro/news/show-hn-sidekick-the-zot-coding-agent-one-click-away-on-macos", "canonical_source": "https://github.com/patriceckhart/zot-sidekick", "published_at": "2026-06-06 07:23:49+00:00", "updated_at": "2026-06-06 07:46:29.281162+00:00", "lang": "en", "topics": ["ai-tools", "ai-products", "ai-agents", "large-language-models", "generative-ai"], "entities": ["Sidekick", "zot", "Anthropic", "OpenAI", "Kimi Code CLI", "Claude Code CLI", "Codex CLI", "macOS"], "alternates": {"html": "https://wpnews.pro/news/show-hn-sidekick-the-zot-coding-agent-one-click-away-on-macos", "markdown": "https://wpnews.pro/news/show-hn-sidekick-the-zot-coding-agent-one-click-away-on-macos.md", "text": "https://wpnews.pro/news/show-hn-sidekick-the-zot-coding-agent-one-click-away-on-macos.txt", "jsonld": "https://wpnews.pro/news/show-hn-sidekick-the-zot-coding-agent-one-click-away-on-macos.jsonld"}}