Changelog

@frontman/bindings

Patch Changes

• #461 746666e Thanks @itayadler! - Enforce pure bindings architecture: extract all business logic from @frontman/bindings to domain packages, delete dead code, rename Sentry modules, and fix circular dependency in frontman-protocol.

@frontman-ai/client

Minor Changes

• #332 995762f Thanks @BlueHotDog! - Replace element picker with annotation system. Users can now pin multiple elements on the page as numbered annotations, add/remove them freely, and reference them in chat. The server interaction schema and prompts are updated to handle annotation-based context instead of single element selections.

• #485 a5530b7 Thanks @BlueHotDog! - Attach annotations to messages instead of task state. Annotations are now stored as serializable snapshots on each Message.User record, rendered as compact chips in the conversation history. This fixes empty purple chat bubbles when sending annotation-only messages and preserves annotation context in the message timeline.

• #492 4e6c80f Thanks @BlueHotDog! - Fix shallow UI edits by giving the agent visual context and structural awareness. Add component name detection (React/Vue/Astro) to get_dom output, add UI & Layout Changes guidance to the system prompt with before/after screenshot workflow, add large-file comprehension strategy to read_file, and require edit summaries with trade-off analysis. Includes a manual test fixture (test/manual/vite-dashboard/) with a 740-line component to reproduce the original issue.

• #496 4641751 Thanks @BlueHotDog! - Show in-browser banner when a newer integration package is available. Integration packages now report their real version (instead of hardcoded "1.0.0"), the server proxies npm registry lookups with a 30-minute cache, and the client displays a dismissible amber banner with an "Update" button that prompts the LLM to perform the upgrade.

• #461 746666e Thanks @itayadler! - Add Vue 3 + Vite support: source location capture in .vue SFCs via a Vite transform plugin, client-side Vue component instance detection for click-to-source, and a Vue E2E test fixture with installer integration.

Patch Changes

• #463 2179444 Thanks @BlueHotDog! - Fix trailing-slash 404 on Frontman API routes behind reverse proxy and mixed-content URL scheme mismatch when running behind TLS-terminating proxy (Caddy). Add containerized worktree infrastructure with Podman pods for parallel isolated development.

• #486 2f979b4 Thanks @BlueHotDog! - Fix framework-specific prompt guidance never being applied in production. The middleware sent display labels like "Next.js" but the server matched on "nextjs", so 120+ lines of Next.js expert guidance were silently skipped. Introduces a Framework module as single source of truth for framework identity, normalizes at the server boundary, and updates client adapters to send normalized IDs.

• #465 fe1e276 Thanks @BlueHotDog! - Fix selection mode cursor reverting to pointer/hand on interactive elements inside iframe. Replaced body-level inline cursor style with an injected <style> tag using * { cursor: crosshair !important; } so that buttons, links, and inputs can't override the crosshair during selection mode.

• #472 0e02a6a Thanks @BlueHotDog! - Migrate direct Console.* calls to structured @frontman/logs logging in client-side packages. Replaces ~40 Console.log/error/warn calls across 11 files with component-tagged, level-filtered Log.info/error/warning/debug calls. Extends LogComponent.t with 10 new component variants for the migrated modules.

• #488 453bcd5 Thanks @BlueHotDog! - Replace manual Dict JSON building with Sury schema types in annotation meta builders for compile-time field name safety.

• #482 604fe62 Thanks @BlueHotDog! - Track all tool execution failures in Sentry. Adds error reporting for backend tool soft errors, MCP tool errors/timeouts, agent execution failures/crashes, and JSON argument parse failures. Normalizes backend tool result status from "error" to "failed" to fix client-side silent drop, and replaces silent catch-all in the client with a warning log for unexpected statuses.

@frontman-ai/astro

Minor Changes

• #496 4641751 Thanks @BlueHotDog! - Show in-browser banner when a newer integration package is available. Integration packages now report their real version (instead of hardcoded "1.0.0"), the server proxies npm registry lookups with a 30-minute cache, and the client displays a dismissible amber banner with an "Update" button that prompts the LLM to perform the upgrade.

Patch Changes

• #463 2179444 Thanks @BlueHotDog! - Fix trailing-slash 404 on Frontman API routes behind reverse proxy and mixed-content URL scheme mismatch when running behind TLS-terminating proxy (Caddy). Add containerized worktree infrastructure with Podman pods for parallel isolated development.

• #438 1648416 Thanks @itayadler! - Add Playwright + Vitest end-to-end test infrastructure with test suites for Next.js, Astro, and Vite. Tests validate the core product loop: open framework dev server, navigate to /frontman, log in, send a prompt, and verify the AI agent modifies source code.

• #486 2f979b4 Thanks @BlueHotDog! - Fix framework-specific prompt guidance never being applied in production. The middleware sent display labels like "Next.js" but the server matched on "nextjs", so 120+ lines of Next.js expert guidance were silently skipped. Introduces a Framework module as single source of truth for framework identity, normalizes at the server boundary, and updates client adapters to send normalized IDs.

• #461 746666e Thanks @itayadler! - Enforce pure bindings architecture: extract all business logic from @frontman/bindings to domain packages, delete dead code, rename Sentry modules, and fix circular dependency in frontman-protocol.

@frontman-ai/frontman-client

Patch Changes

• #455 ed92762 Thanks @BlueHotDog! - Filter third-party errors from Frontman's internal Sentry reporting. Extracts shared Sentry types, config (DSN, internal-dev detection), and a beforeSend filter into @frontman/bindings so all framework integrations share a single source of truth. The filter inspects stacktrace frames and drops events that don't originate from Frontman code, preventing noise from framework internals (e.g. Next.js/Turbopack source-map WASM fetch failures). Both @frontman-ai/nextjs and @frontman-ai/frontman-client now use this shared filter.

• #461 746666e Thanks @itayadler! - Enforce pure bindings architecture: extract all business logic from @frontman/bindings to domain packages, delete dead code, rename Sentry modules, and fix circular dependency in frontman-protocol.

• Updated dependencies [0e02a6a]:

  • @frontman/[email protected]

@frontman-ai/frontman-core

Patch Changes

• #486 2f979b4 Thanks @BlueHotDog! - Fix framework-specific prompt guidance never being applied in production. The middleware sent display labels like "Next.js" but the server matched on "nextjs", so 120+ lines of Next.js expert guidance were silently skipped. Introduces a Framework module as single source of truth for framework identity, normalizes at the server boundary, and updates client adapters to send normalized IDs.

• #489 5599f92 Thanks @BlueHotDog! - Fix ENOTDIR crash in grep tool when LLM passes a file path. Harden all search tools (grep, search_files, list_files, list_tree) to gracefully handle file paths instead of crashing. Catch synchronous spawn() throws in spawnPromise so errors flow through the result type. Rewrite tool descriptions for clarity and remove duplicated tool selection guidance from system prompt.

• #461 746666e Thanks @itayadler! - Enforce pure bindings architecture: extract all business logic from @frontman/bindings to domain packages, delete dead code, rename Sentry modules, and fix circular dependency in frontman-protocol.

• #492 4e6c80f Thanks @BlueHotDog! - Fix shallow UI edits by giving the agent visual context and structural awareness. Add component name detection (React/Vue/Astro) to get_dom output, add UI & Layout Changes guidance to the system prompt with before/after screenshot workflow, add large-file comprehension strategy to read_file, and require edit summaries with trade-off analysis. Includes a manual test fixture (test/manual/vite-dashboard/) with a 740-line component to reproduce the original issue.

• Updated dependencies [746666e]:

  • @frontman/[email protected]
  • @frontman-ai/[email protected]

@frontman-ai/nextjs

Minor Changes

• #496 4641751 Thanks @BlueHotDog! - Show in-browser banner when a newer integration package is available. Integration packages now report their real version (instead of hardcoded "1.0.0"), the server proxies npm registry lookups with a 30-minute cache, and the client displays a dismissible amber banner with an "Update" button that prompts the LLM to perform the upgrade.

Patch Changes

• #457 bbd6900 Thanks @itayadler! - E2E tests now run the Frontman installer CLI on bare fixture projects instead of using pre-wired configs, verifying that the installer produces working integrations for Next.js, Vite, and Astro.

• #438 1648416 Thanks @itayadler! - Add Playwright + Vitest end-to-end test infrastructure with test suites for Next.js, Astro, and Vite. Tests validate the core product loop: open framework dev server, navigate to /frontman, log in, send a prompt, and verify the AI agent modifies source code.

• #455 ed92762 Thanks @BlueHotDog! - Filter third-party errors from Frontman's internal Sentry reporting. Extracts shared Sentry types, config (DSN, internal-dev detection), and a beforeSend filter into @frontman/bindings so all framework integrations share a single source of truth. The filter inspects stacktrace frames and drops events that don't originate from Frontman code, preventing noise from framework internals (e.g. Next.js/Turbopack source-map WASM fetch failures). Both @frontman-ai/nextjs and @frontman-ai/frontman-client now use this shared filter.

• #486 2f979b4 Thanks @BlueHotDog! - Fix framework-specific prompt guidance never being applied in production. The middleware sent display labels like "Next.js" but the server matched on "nextjs", so 120+ lines of Next.js expert guidance were silently skipped. Introduces a Framework module as single source of truth for framework identity, normalizes at the server boundary, and updates client adapters to send normalized IDs.

• #461 746666e Thanks @itayadler! - Enforce pure bindings architecture: extract all business logic from @frontman/bindings to domain packages, delete dead code, rename Sentry modules, and fix circular dependency in frontman-protocol.

@frontman-ai/frontman-protocol

Patch Changes

• #461 746666e Thanks @itayadler! - Enforce pure bindings architecture: extract all business logic from @frontman/bindings to domain packages, delete dead code, rename Sentry modules, and fix circular dependency in frontman-protocol.

@frontman-ai/vite

Minor Changes

• #496 4641751 Thanks @BlueHotDog! - Show in-browser banner when a newer integration package is available. Integration packages now report their real version (instead of hardcoded "1.0.0"), the server proxies npm registry lookups with a 30-minute cache, and the client displays a dismissible amber banner with an "Update" button that prompts the LLM to perform the upgrade.

• #461 746666e Thanks @itayadler! - Add Vue 3 + Vite support: source location capture in .vue SFCs via a Vite transform plugin, client-side Vue component instance detection for click-to-source, and a Vue E2E test fixture with installer integration.

Patch Changes

• #457 bbd6900 Thanks @itayadler! - E2E tests now run the Frontman installer CLI on bare fixture projects instead of using pre-wired configs, verifying that the installer produces working integrations for Next.js, Vite, and Astro.

• #438 1648416 Thanks @itayadler! - Add Playwright + Vitest end-to-end test infrastructure with test suites for Next.js, Astro, and Vite. Tests validate the core product loop: open framework dev server, navigate to /frontman, log in, send a prompt, and verify the AI agent modifies source code.

• #486 2f979b4 Thanks @BlueHotDog! - Fix framework-specific prompt guidance never being applied in production. The middleware sent display labels like "Next.js" but the server matched on "nextjs", so 120+ lines of Next.js expert guidance were silently skipped. Introduces a Framework module as single source of truth for framework identity, normalizes at the server boundary, and updates client adapters to send normalized IDs.

@frontman/logs

Patch Changes

• #472 0e02a6a Thanks @BlueHotDog! - Migrate direct Console.* calls to structured @frontman/logs logging in client-side packages. Replaces ~40 Console.log/error/warn calls across 11 files with component-tagged, level-filtered Log.info/error/warning/debug calls. Extends LogComponent.t with 10 new component variants for the migrated modules.

@frontman/react-statestore

Patch Changes

• #472 0e02a6a Thanks @BlueHotDog! - Migrate direct Console.* calls to structured @frontman/logs logging in client-side packages. Replaces ~40 Console.log/error/warn calls across 11 files with component-tagged, level-filtered Log.info/error/warning/debug calls. Extends LogComponent.t with 10 new component variants for the migrated modules.

• Updated dependencies [0e02a6a]:

  • @frontman/[email protected]

@frontman/client

Patch Changes

• #437 bc43aec Thanks @itayadler! - Fix chatbox rendering jank during streaming by adding React.memo to leaf components, buffering text deltas with requestAnimationFrame, removing unnecessary CSS transitions, and switching scroll resize mode to instant.

@frontman/frontman-client

Patch Changes

• #452 2d87685 Thanks @BlueHotDog! - Fix 8 Dependabot security alerts by upgrading Sentry SDK from v8 to v9, sentry-testkit to v6, and adding yarn resolutions for vulnerable transitive dependencies (rollup, basic-ftp, minimatch, devalue, hono).

@frontman/frontman-core

Minor Changes

• #434 40c3932 Thanks @BlueHotDog! - Add list_tree tool for project structure discovery during MCP initialization. The tool provides a compact, monorepo-aware directory tree view that is injected into the system prompt and available as an on-demand callable tool. Supports workspace detection (package.json workspaces, pnpm, turbo, nx), smart noise filtering, and git-aware file listing.

@frontman-ai/nextjs

Patch Changes

• #452 2d87685 Thanks @BlueHotDog! - Fix 8 Dependabot security alerts by upgrading Sentry SDK from v8 to v9, sentry-testkit to v6, and adding yarn resolutions for vulnerable transitive dependencies (rollup, basic-ftp, minimatch, devalue, hono).

@frontman/client

Minor Changes

• #426 1b6ecec Thanks @BlueHotDog! - URL-addressable preview: persist iframe URL in browser address bar using suffix-based routing. Navigation within the preview iframe is now reflected in the browser URL, enabling shareable deep links and browser back/forward support.

@frontman-ai/astro

Minor Changes

• #426 1b6ecec Thanks @BlueHotDog! - URL-addressable preview: persist iframe URL in browser address bar using suffix-based routing. Navigation within the preview iframe is now reflected in the browser URL, enabling shareable deep links and browser back/forward support.

@frontman/frontman-core

Minor Changes

• #426 1b6ecec Thanks @BlueHotDog! - URL-addressable preview: persist iframe URL in browser address bar using suffix-based routing. Navigation within the preview iframe is now reflected in the browser URL, enabling shareable deep links and browser back/forward support.

@frontman-ai/nextjs

Minor Changes

• #426 1b6ecec Thanks @BlueHotDog! - URL-addressable preview: persist iframe URL in browser address bar using suffix-based routing. Navigation within the preview iframe is now reflected in the browser URL, enabling shareable deep links and browser back/forward support.

@frontman-ai/vite

Minor Changes

• #426 1b6ecec Thanks @BlueHotDog! - URL-addressable preview: persist iframe URL in browser address bar using suffix-based routing. Navigation within the preview iframe is now reflected in the browser URL, enabling shareable deep links and browser back/forward support.

@frontman/bindings

Minor Changes

• #425 3198368 Thanks @BlueHotDog! - Astro dev toolbar icon now navigates to the Frontman UI route instead of logging diagnostics. Expanded Astro bindings with full dev toolbar API coverage.

Patch Changes

• #415 38cff04 Thanks @itayadler! - Add Lighthouse tool for web performance auditing. The lighthouse tool runs Google Lighthouse audits on URLs and returns scores (0-100) for performance, accessibility, best practices, and SEO categories, along with the top 3 issues to fix in each category. In DevPod environments, URLs are automatically rewritten to localhost to avoid TLS/interstitial issues. The Next.js config now falls back to PHX_HOST for automatic host detection in DevPod setups.

Patch Changes

• Updated dependencies [3198368, 38cff04]:
  • @frontman/[email protected]

@frontman-ai/astro

Minor Changes

• #425 3198368 Thanks @BlueHotDog! - Astro dev toolbar icon now navigates to the Frontman UI route instead of logging diagnostics. Expanded Astro bindings with full dev toolbar API coverage.

• #398 8269bb4 Thanks @itayadler! - Add edit_file tool with 9-strategy fuzzy text matching for robust LLM-driven file edits. Framework-specific wrappers (Vite, Astro, Next.js) check dev server logs for compilation errors after edits. Add get_logs tool to Vite and Astro for querying captured console/build output.

• #418 930669c Thanks @itayadler! - Extract shared middleware (CORS, UI shell, request handlers, SSE streaming) into frontman-core, refactor Astro/Next.js/Vite adapters to thin wrappers

@frontman/frontman-core

Minor Changes

• #398 8269bb4 Thanks @itayadler! - Add edit_file tool with 9-strategy fuzzy text matching for robust LLM-driven file edits. Framework-specific wrappers (Vite, Astro, Next.js) check dev server logs for compilation errors after edits. Add get_logs tool to Vite and Astro for querying captured console/build output.

• #418 930669c Thanks @itayadler! - Extract shared middleware (CORS, UI shell, request handlers, SSE streaming) into frontman-core, refactor Astro/Next.js/Vite adapters to thin wrappers

• #415 38cff04 Thanks @itayadler! - Add Lighthouse tool for web performance auditing. The lighthouse tool runs Google Lighthouse audits on URLs and returns scores (0-100) for performance, accessibility, best practices, and SEO categories, along with the top 3 issues to fix in each category. In DevPod environments, URLs are automatically rewritten to localhost to avoid TLS/interstitial issues. The Next.js config now falls back to PHX_HOST for automatic host detection in DevPod setups.

Patch Changes

• #350 0cb1e38 Thanks @BlueHotDog! - Extract Swarm agent execution framework from frontman_server into standalone swarm_ai Hex package. Rename all Swarm._ modules to SwarmAi._ and update telemetry atoms accordingly. frontman_server now depends on swarm_ai via path dep for monorepo development.

• #416 893684e Thanks @BlueHotDog! - Fix swarm_ai documentation: correct broken examples, add missing @doc/@moduledoc annotations, fix inaccurate descriptions, and add README.md for Hex publishing. Bump swarm_ai to 0.1.1.

• Updated dependencies [3198368, 38cff04]:

  • @frontman/[email protected]

@frontman-ai/nextjs

Minor Changes

• #398 8269bb4 Thanks @itayadler! - Add edit_file tool with 9-strategy fuzzy text matching for robust LLM-driven file edits. Framework-specific wrappers (Vite, Astro, Next.js) check dev server logs for compilation errors after edits. Add get_logs tool to Vite and Astro for querying captured console/build output.

• #418 930669c Thanks @itayadler! - Extract shared middleware (CORS, UI shell, request handlers, SSE streaming) into frontman-core, refactor Astro/Next.js/Vite adapters to thin wrappers

• #415 38cff04 Thanks @itayadler! - Add Lighthouse tool for web performance auditing. The lighthouse tool runs Google Lighthouse audits on URLs and returns scores (0-100) for performance, accessibility, best practices, and SEO categories, along with the top 3 issues to fix in each category. In DevPod environments, URLs are automatically rewritten to localhost to avoid TLS/interstitial issues. The Next.js config now falls back to PHX_HOST for automatic host detection in DevPod setups.

@frontman-ai/vite

Minor Changes

• #398 8269bb4 Thanks @itayadler! - Add edit_file tool with 9-strategy fuzzy text matching for robust LLM-driven file edits. Framework-specific wrappers (Vite, Astro, Next.js) check dev server logs for compilation errors after edits. Add get_logs tool to Vite and Astro for querying captured console/build output.

• #418 930669c Thanks @itayadler! - Extract shared middleware (CORS, UI shell, request handlers, SSE streaming) into frontman-core, refactor Astro/Next.js/Vite adapters to thin wrappers

@frontman/bindings

Minor Changes

• #405 8a68462 Thanks @BlueHotDog! - ### Added

  • Image saving via write_file — LLM can now save user-pasted images to disk using a new image_ref parameter referencing attachment URIs (attachment://{id}/{filename}). The browser MCP server intercepts write_file calls containing image_ref, resolves image data from client state, and rewrites to base64 content before forwarding to the dev-server.
  • Astro component props injection — New Vite plugin that captures component display names and prop values during Astro rendering, giving the AI agent richer context when users click elements in the browser.
  • ToolNames module — Centralized all 12 tool name constants (7 server + 5 browser) into a shared ToolNames module in frontman-protocol, eliminating hardcoded string literals across packages.

  Changed

  • write_file tool now accepts optional encoding param ("base64" for binary writes) and validates mutual exclusion between content and image_ref.
  • AstroAnnotations.loc field changed from string to Nullable.t<string> to handle missing data-astro-source-loc attributes.
  • MCP server uses switch pattern matching consistently instead of if/else chains.
  • Task reducer uses Option.getOrThrow consistently for id, mediaType, and filename fields (crash-early philosophy).
  • Vite props injection plugin scoped to dev-only (apply: 'serve') with markHTMLString guard for Astro compatibility.

@frontman/client

Minor Changes

• #401 3f3fd3e Thanks @BlueHotDog! - Add browser element interaction tools: get_interactive_elements for discovering interactive elements via accessibility tree analysis, and interact_with_element for clicking, hovering, or focusing elements by CSS selector, role+name, or text content.

• #405 8a68462 Thanks @BlueHotDog! - ### Added

  • Image saving via write_file — LLM can now save user-pasted images to disk using a new image_ref parameter referencing attachment URIs (attachment://{id}/{filename}). The browser MCP server intercepts write_file calls containing image_ref, resolves image data from client state, and rewrites to base64 content before forwarding to the dev-server.
  • Astro component props injection — New Vite plugin that captures component display names and prop values during Astro rendering, giving the AI agent richer context when users click elements in the browser.
  • ToolNames module — Centralized all 12 tool name constants (7 server + 5 browser) into a shared ToolNames module in frontman-protocol, eliminating hardcoded string literals across packages.

  Changed

  • write_file tool now accepts optional encoding param ("base64" for binary writes) and validates mutual exclusion between content and image_ref.
  • AstroAnnotations.loc field changed from string to Nullable.t<string> to handle missing data-astro-source-loc attributes.
  • MCP server uses switch pattern matching consistently instead of if/else chains.
  • Task reducer uses Option.getOrThrow consistently for id, mediaType, and filename fields (crash-early philosophy).
  • Vite props injection plugin scoped to dev-only (apply: 'serve') with markHTMLString guard for Astro compatibility.

Patch Changes

• Updated dependencies [8a68462]:
  • @frontman/[email protected]

@frontman-ai/astro

Minor Changes

• #405 8a68462 Thanks @BlueHotDog! - ### Added

  • Image saving via write_file — LLM can now save user-pasted images to disk using a new image_ref parameter referencing attachment URIs (attachment://{id}/{filename}). The browser MCP server intercepts write_file calls containing image_ref, resolves image data from client state, and rewrites to base64 content before forwarding to the dev-server.
  • Astro component props injection — New Vite plugin that captures component display names and prop values during Astro rendering, giving the AI agent richer context when users click elements in the browser.
  • ToolNames module — Centralized all 12 tool name constants (7 server + 5 browser) into a shared ToolNames module in frontman-protocol, eliminating hardcoded string literals across packages.

  Changed

  • write_file tool now accepts optional encoding param ("base64" for binary writes) and validates mutual exclusion between content and image_ref.
  • AstroAnnotations.loc field changed from string to Nullable.t<string> to handle missing data-astro-source-loc attributes.
  • MCP server uses switch pattern matching consistently instead of if/else chains.
  • Task reducer uses Option.getOrThrow consistently for id, mediaType, and filename fields (crash-early philosophy).
  • Vite props injection plugin scoped to dev-only (apply: 'serve') with markHTMLString guard for Astro compatibility.

@frontman/frontman-client

Minor Changes

• #405 8a68462 Thanks @BlueHotDog! - ### Added

  • Image saving via write_file — LLM can now save user-pasted images to disk using a new image_ref parameter referencing attachment URIs (attachment://{id}/{filename}). The browser MCP server intercepts write_file calls containing image_ref, resolves image data from client state, and rewrites to base64 content before forwarding to the dev-server.
  • Astro component props injection — New Vite plugin that captures component display names and prop values during Astro rendering, giving the AI agent richer context when users click elements in the browser.
  • ToolNames module — Centralized all 12 tool name constants (7 server + 5 browser) into a shared ToolNames module in frontman-protocol, eliminating hardcoded string literals across packages.

  Changed

  • write_file tool now accepts optional encoding param ("base64" for binary writes) and validates mutual exclusion between content and image_ref.
  • AstroAnnotations.loc field changed from string to Nullable.t<string> to handle missing data-astro-source-loc attributes.
  • MCP server uses switch pattern matching consistently instead of if/else chains.
  • Task reducer uses Option.getOrThrow consistently for id, mediaType, and filename fields (crash-early philosophy).
  • Vite props injection plugin scoped to dev-only (apply: 'serve') with markHTMLString guard for Astro compatibility.

@frontman/frontman-core

Minor Changes

• #405 8a68462 Thanks @BlueHotDog! - ### Added

  • Image saving via write_file — LLM can now save user-pasted images to disk using a new image_ref parameter referencing attachment URIs (attachment://{id}/{filename}). The browser MCP server intercepts write_file calls containing image_ref, resolves image data from client state, and rewrites to base64 content before forwarding to the dev-server.
  • Astro component props injection — New Vite plugin that captures component display names and prop values during Astro rendering, giving the AI agent richer context when users click elements in the browser.
  • ToolNames module — Centralized all 12 tool name constants (7 server + 5 browser) into a shared ToolNames module in frontman-protocol, eliminating hardcoded string literals across packages.

  Changed

  • write_file tool now accepts optional encoding param ("base64" for binary writes) and validates mutual exclusion between content and image_ref.
  • AstroAnnotations.loc field changed from string to Nullable.t<string> to handle missing data-astro-source-loc attributes.
  • MCP server uses switch pattern matching consistently instead of if/else chains.
  • Task reducer uses Option.getOrThrow consistently for id, mediaType, and filename fields (crash-early philosophy).
  • Vite props injection plugin scoped to dev-only (apply: 'serve') with markHTMLString guard for Astro compatibility.

Patch Changes

• Updated dependencies [8a68462]:
  • @frontman/[email protected]
  • @frontman/[email protected]

@frontman/frontman-protocol

Minor Changes

• #405 8a68462 Thanks @BlueHotDog! - ### Added

  • Image saving via write_file — LLM can now save user-pasted images to disk using a new image_ref parameter referencing attachment URIs (attachment://{id}/{filename}). The browser MCP server intercepts write_file calls containing image_ref, resolves image data from client state, and rewrites to base64 content before forwarding to the dev-server.
  • Astro component props injection — New Vite plugin that captures component display names and prop values during Astro rendering, giving the AI agent richer context when users click elements in the browser.
  • ToolNames module — Centralized all 12 tool name constants (7 server + 5 browser) into a shared ToolNames module in frontman-protocol, eliminating hardcoded string literals across packages.

  Changed

  • write_file tool now accepts optional encoding param ("base64" for binary writes) and validates mutual exclusion between content and image_ref.
  • AstroAnnotations.loc field changed from string to Nullable.t<string> to handle missing data-astro-source-loc attributes.
  • MCP server uses switch pattern matching consistently instead of if/else chains.
  • Task reducer uses Option.getOrThrow consistently for id, mediaType, and filename fields (crash-early philosophy).
  • Vite props injection plugin scoped to dev-only (apply: 'serve') with markHTMLString guard for Astro compatibility.

@frontman/bindings

Patch Changes

• #393 d4cd503 Thanks @BlueHotDog! - Fix Astro integration defaulting to dev host instead of production when FRONTMAN_HOST is not set, which broke production deployments. Also add stderr maxBuffer enforcement to spawnPromise to prevent unbounded memory growth from misbehaving child processes.

@frontman/client

Minor Changes

• #391 9bcc19a Thanks @itayadler! - Add Heap Analytics integration with automatic user identification. Heap is initialized in the client bundle with environment-aware env IDs (dev vs production). When a user session connects, the client fetches the user profile and calls heap.identify() and heap.addUserProperties() with the user's ID, email, and name. The server's /api/user/me endpoint now returns id and name in addition to email, and the user profile is stored in global state for reuse across components.

• #368 ef6f38d Thanks @BlueHotDog! - Add device mode / viewport emulation to the web preview. Developers can now simulate specific device viewports (phones, tablets, desktop) with 12 built-in presets, custom dimensions, and orientation toggle. The preview iframe auto-scales to fit the available space with a checkerboard background. Device mode state is per-task, so switching tasks restores that task's viewport. A new set_device_mode MCP tool allows the AI agent to programmatically change viewports with actions for presets, custom sizes, responsive mode, orientation, and listing available devices.

Patch Changes

• #394 40abf99 Thanks @itayadler! - Fix web preview URL bar syncing so iframe link navigations update the displayed URL without forcing iframe reloads. The URL input is now editable and supports Enter-to-navigate while preserving in-iframe navigation state.

Patch Changes

• Updated dependencies [d4cd503]:
  • @frontman/[email protected]

@frontman-ai/astro

Patch Changes

• #393 d4cd503 Thanks @BlueHotDog! - Fix Astro integration defaulting to dev host instead of production when FRONTMAN_HOST is not set, which broke production deployments. Also add stderr maxBuffer enforcement to spawnPromise to prevent unbounded memory growth from misbehaving child processes.

@frontman/frontman-core

Patch Changes

• #388 cf885f6 Thanks @itayadler! - fix: resolve Dependabot security vulnerabilities

  Replace deprecated vscode-ripgrep with @vscode/ripgrep (same API, officially renamed package). Add yarn resolutions for 15 transitive dependencies to patch known CVEs (tar, @modelcontextprotocol/sdk, devalue, node-forge, h3, lodash, js-yaml, and others). Upgrade astro, next, and jsdom to patched versions.

• Updated dependencies [d4cd503]:

  • @frontman/[email protected]

@frontman/client

Patch Changes

• #384 59ee255 Thanks @BlueHotDog! - fix(astro): load client from production CDN instead of localhost

  The Astro integration defaulted clientUrl to http://localhost:5173/src/Main.res.mjs unconditionally, which only works during local frontman development. When installed from npm, users saw requests to localhost:5173 instead of the production client.

  Now infers isDev from the host (matching the Vite plugin pattern): production host loads the client from https://app.frontman.sh/frontman.es.js with CSS from https://app.frontman.sh/frontman.css.

  Also fixes the standalone client bundle crashing with process is not defined in browsers by replacing process.env.NODE_ENV at build time (Vite lib mode doesn't do this automatically).

@frontman-ai/astro

Patch Changes

• #384 59ee255 Thanks @BlueHotDog! - fix(astro): load client from production CDN instead of localhost

  The Astro integration defaulted clientUrl to http://localhost:5173/src/Main.res.mjs unconditionally, which only works during local frontman development. When installed from npm, users saw requests to localhost:5173 instead of the production client.

  Now infers isDev from the host (matching the Vite plugin pattern): production host loads the client from https://app.frontman.sh/frontman.es.js with CSS from https://app.frontman.sh/frontman.css.

  Also fixes the standalone client bundle crashing with process is not defined in browsers by replacing process.env.NODE_ENV at build time (Vite lib mode doesn't do this automatically).

@frontman/client

Minor Changes

• 99f8e90 Thanks @BlueHotDog! - Add file and image attachment support in the chat input. Users can attach images and files via drag & drop, clipboard paste, or a file picker button. Pasted multi-line text (3+ lines or >150 chars) is collapsed into a chip. Attachments are sent as ACP resource content blocks with base64-encoded blob data and rendered as thumbnails in both the input area and message history with a lightbox preview.

• 99f8e90 Thanks @BlueHotDog! - Add cancel/stop generation support. Users can now stop an in-progress AI agent response by clicking a stop button in the prompt input. Implements the ACP session/cancel notification protocol for clean cancellation across client, protocol, and server layers.

• #342 023e9a4 Thanks @itayadler! - Add current page context to agent system prompt. The client now implicitly collects page metadata (URL, viewport dimensions, device pixel ratio, page title, color scheme preference, scroll position) from the preview iframe and sends it as an ACP content block with every prompt. The server extracts this data and appends a [Current Page Context] section to user messages, giving the AI agent awareness of the user's browsing context for better responsive design decisions and route-aware suggestions.

• #372 2fad09d Thanks @itayadler! - Add first-time user experience (FTUE) with welcome modal, confetti celebration, and provider connection nudge. New users see a welcome screen before auth redirect, a confetti celebration after first sign-in, and a gentle nudge to connect an AI provider. Existing users are auto-detected via localStorage and skip all onboarding flows.

Patch Changes

• #379 68b7f53 Thanks @BlueHotDog! - Fix source location detection for selected elements in Astro projects.

  • Refactor Astro integration from Astro middleware to Vite Connect middleware for more reliable request interception
  • Capture data-astro-source-file/data-astro-source-loc annotations on DOMContentLoaded before Astro's dev toolbar strips them
  • Add ancestor walk fallback (up to 20 levels) so clicking child elements resolves to the nearest annotated Astro component
  • Harden integration: ensureConfig guard for no-args usage, duplex: 'half' for POST requests, headersSent guard in error handler, skip duplicate capture on initial astro:page-load
  • Add LLM error chunk propagation so API rejections (e.g., oversized images) surface to the client instead of silently failing
  • Account for devicePixelRatio in screenshot scaling to avoid exceeding API dimension limits on hi-DPI displays

• 99f8e90 Thanks @BlueHotDog! - Fixed click-through on interactive elements (links, buttons) during element selection mode by using event capture with preventDefault/stopPropagation instead of disabling pointer events on anchors

• 99f8e90 Thanks @BlueHotDog! - Remove dead initialization timeout code (StartInitializationTimeout, InitializationTimeoutExpired, ReceivedDiscoveredProjectRule) that was never wired up — sessionInitialized is set via SetAcpSession on connection

• #357 ebec53a Thanks @itayadler! - Redesign authentication UI with dark Frontman branding. The server-side login page now features a dark theme with the Frontman logo and GitHub/Google OAuth buttons only (no email/password forms). Registration routes redirect to login. The root URL redirects to the sign-in page in dev and to frontman.sh in production. The client-side settings modal General tab now shows the logged-in user's email, avatar, and a sign-out button. The sign-out flow preserves a return_to URL so users are redirected back to the client app after re-authenticating.

• #377 15c3c8c Thanks @itayadler! - ### Fixed

  • Stream tool_call_start events to client for immediate UI feedback when the LLM begins generating tool calls (e.g., write_file), eliminating multi-second blank gaps
  • Show "Waiting for file path..." / "Waiting for URL..." shimmer placeholder while tool arguments stream in
  • Display navigate tool URL/action inline instead of hiding it in an expandable body

@frontman-ai/astro

Patch Changes

• #379 68b7f53 Thanks @BlueHotDog! - Fix source location detection for selected elements in Astro projects.

  • Refactor Astro integration from Astro middleware to Vite Connect middleware for more reliable request interception
  • Capture data-astro-source-file/data-astro-source-loc annotations on DOMContentLoaded before Astro's dev toolbar strips them
  • Add ancestor walk fallback (up to 20 levels) so clicking child elements resolves to the nearest annotated Astro component
  • Harden integration: ensureConfig guard for no-args usage, duplex: 'half' for POST requests, headersSent guard in error handler, skip duplicate capture on initial astro:page-load
  • Add LLM error chunk propagation so API rejections (e.g., oversized images) surface to the client instead of silently failing
  • Account for devicePixelRatio in screenshot scaling to avoid exceeding API dimension limits on hi-DPI displays

• 99f8e90 Thanks @BlueHotDog! - Fix missing host param in Astro config that caused the client to crash on boot. Both Astro and Next.js configs now assert at construction time that clientUrl contains the required host query param, using the URL API for proper query-string handling.

@frontman/frontman-client

Minor Changes

• 99f8e90 Thanks @BlueHotDog! - Add file and image attachment support in the chat input. Users can attach images and files via drag & drop, clipboard paste, or a file picker button. Pasted multi-line text (3+ lines or >150 chars) is collapsed into a chip. Attachments are sent as ACP resource content blocks with base64-encoded blob data and rendered as thumbnails in both the input area and message history with a lightbox preview.

• 99f8e90 Thanks @BlueHotDog! - Add cancel/stop generation support. Users can now stop an in-progress AI agent response by clicking a stop button in the prompt input. Implements the ACP session/cancel notification protocol for clean cancellation across client, protocol, and server layers.

Patch Changes

• #336 b98bc4f Thanks @BlueHotDog! - Suppress Sentry error reporting during Frontman internal development via FRONTMAN_INTERNAL_DEV env var

@frontman/frontman-core

Patch Changes

• Updated dependencies [99f8e90]:
  • @frontman/[email protected]

@frontman-ai/nextjs

Minor Changes

• #335 389fff7 Thanks @itayadler! - Add AI-powered auto-edit for existing files during npx @frontman-ai/nextjs install and colorized CLI output with brand purple theme.
  • When existing middleware/proxy/instrumentation files are detected, the installer now offers to automatically merge Frontman using an LLM (OpenCode Zen, free, no API key)
  • Model fallback chain (gpt-5-nano → big-pickle → grok-code) with output validation
  • Privacy disclosure: users are informed before file contents are sent to a public LLM
  • Colorized terminal output: purple banner, green checkmarks, yellow warnings, structured manual instructions
  • Fixed duplicate manual instructions in partial-success output

Patch Changes

• #337 7e4386f Thanks @itayadler! - Move installer to npx-only, remove curl|bash endpoint, make --server optional

  • Remove API server install endpoint (InstallController + /install routes)
  • Make --server optional with default api.frontman.sh
  • Simplify Readline.res: remove /dev/tty hacks, just use process.stdin
  • Add config.matcher to proxy.ts template and auto-edit LLM rules
  • Update marketing site install command from curl to npx @frontman-ai/nextjs install
  • Update README install instructions

• #336 b98bc4f Thanks @BlueHotDog! - Suppress Sentry error reporting during Frontman internal development via FRONTMAN_INTERNAL_DEV env var

• 99f8e90 Thanks @BlueHotDog! - Fix missing host param in Astro config that caused the client to crash on boot. Both Astro and Next.js configs now assert at construction time that clientUrl contains the required host query param, using the URL API for proper query-string handling.

@frontman/frontman-protocol

Minor Changes

• 99f8e90 Thanks @BlueHotDog! - Add protocol versioning, JSON Schema export, and cross-language contract tests. Protocol types are now the single source of truth, with schemas auto-generated from Sury types and validated in both ReScript and Elixir. Includes CI checks for schema drift and breaking changes.

@frontman-ai/vite

Minor Changes

• #355 84b6d9b Thanks @itayadler! - Add @frontman-ai/vite package — a ReScript-first Vite integration with CLI installer (npx @frontman-ai/vite install), replacing the old broken @frontman/vite-plugin.
  • Vite plugin with configureServer hook and Node.js ↔ Web API adapter for SSE streaming
  • Web API middleware serving Frontman UI, tool endpoints, and source location resolution
  • Config with automatic isDev inference from host (production = api.frontman.sh, everything else = dev)
  • CLI installer: auto-detects package manager, analyzes existing vite config, injects frontmanPlugin() call
  • Process shim for production client bundle (Vite doesn't polyfill Node.js globals in browser)

Added

• Logs library (@frontman/logs) with pluggable handlers and log-level filtering
• Console log handler with colored output and component tagging
• Functor-based logger creation per component

Changed

• Standardized package structure across all libraries with Makefiles

Added

• State management architecture with reducer, effects, and selectors
• Chat widget core with streaming message support
• Storybook integration for component development
• ReScript Vitest testing setup across all packages

Fixed

• Floating blob visibility in install section

Added

• Initial release of Frontman
• Core chat widget functionality
• Marketing site with Astro
• Monorepo setup with yarn workspaces
• ReScript 12 toolchain integration