Follow @plannotator on X for updates
Missed recent releases?
| Release | Highlights |
|---|---|
| v0.8.2 | BROWSER env var fix for macOS and WSL devcontainers
|
| v0.8.1 | Devcontainer BROWSER fallback, mermaid clipping fix, annotation toolbar focus guard
|
| v0.8.0 | Open source (MIT/Apache-2.0), annotate command, self-hosted share portal, resizable panels, mermaid controls, auto-close on approval, documentation site |
| v0.7.0 | TOC sidebar, sticky actions, save to notes without approving, import teammate reviews, viewed file tracking |
| v0.6.8 | Mermaid diagram rendering, repo/branch info display |
| v0.6.7 | Quick Comment mode, type-to-comment shortcut, smart agent detection |
| v0.6.6 | OpenCode sub-agent fix, CVE-2026-22812 security update |
| v0.6.5 | Cmd+C shortcut, newline preservation, hook timeout fix |
| v0.6.4 | Cmd+Enter keyboard shortcut |
| v0.6.3 | OpenCode npm package fix, cache path fix |
| v0.6.2 | OpenCode title generation fix, WSL browser detection |
What's New in v0.8.3
Plannotator now supports a third coding agent. Pi users get full plan review, code review, and markdown annotation — the same browser-based workflow available on Claude Code and OpenCode, adapted for Pi's extension API. This release also brings a configurable auto-close countdown and a security hardening fix for the image serving endpoint.
Pi Coding Agent Support
Plannotator's third platform integration. Pi is a coding agent by Mario Zechner that supports extensions via its plugin API, and Plannotator now ships a first-class extension for it.
The Pi extension introduces a file-based plan mode where the agent writes plans to a PLAN.md file on disk — git-trackable and visible in your editor at all times. When the agent calls exit_plan_mode, the browser-based review UI opens for you to annotate, approve, or deny the plan, just like on Claude Code and OpenCode.
What's included:
- Plan review with the full annotation UI — text selection, comments, deletions, replacements, image attachments
- Code review via
/plannotator-review— opens git diffs in the review editor - Markdown annotation via
/plannotator-annotate <file.md>— annotate any markdown file - Bash safety gating — during planning, the agent is restricted to read-only commands. Destructive operations like
rm,mv,git push, andnpm installare blocked until you approve the plan - Progress tracking — a status line widget shows checklist completion as the agent executes (
3/5), with live strikethrough on completed items - State persistence — the current phase (idle, planning, executing) survives session restarts via Pi's entry API
Ctrl+Alt+Pkeyboard shortcut and/plannotatorcommand to toggle plan mode
The extension uses Node.js HTTP servers instead of Bun.serve(), since Pi loads extensions via jiti. Install from npm once published, or from git today:
pi install npm:@plannotator/pi-extension
pi --plan # Start a session in plan mode(#168)
Auto-Close Countdown
The auto-close behavior introduced in v0.8.0 now supports a configurable delay. Instead of a binary on/off toggle, you can choose from four options: Off (default), Immediately, After 3 seconds, or After 5 seconds. When a delay is set, the completion overlay shows a live countdown before the tab closes.
More importantly, the feature is now discoverable. When auto-close is off, the completion overlay surfaces an opt-in checkbox — right at the moment you'd benefit from it most. One click enables it with a 3-second default, and you can fine-tune the delay in Settings whenever you like.
The implementation also handles browser restrictions gracefully. Since window.close() only works on tabs opened by script (and Plannotator opens via OS commands), a failed close now shows a friendly fallback message instead of silently doing nothing.
Under the hood, the duplicated completion overlay code from both the plan editor and review editor has been extracted into a shared CompletionOverlay component with a useAutoClose hook, cleaning up both apps.
- Thanks to @flex-yj-kim for the contribution (#162)
Image Endpoint Security Fix
The /api/image endpoint in all three servers (plan, review, annotate) previously served files from the local filesystem based on a user-provided path query parameter with no validation. Since the HTTP server runs on localhost without authentication, any process or browser tab could read arbitrary files — including SSH keys, AWS credentials, and other sensitive data. The server's 4-day hook timeout made the exposure window particularly wide.
This is now locked down with a shared validation module applied across all three servers:
-
Image extension allowlist — only known image formats are served (
png,jpg,gif,webp,svg, and others) -
Path normalization —
path.resolve()eliminates../traversal sequences -
Upload validation — the
/api/uploadendpoint now enforces the same allowlist -
Thanks to @dor-tzur-lmnd for identifying and fixing this vulnerability (#164)
Install / Update
macOS / Linux:
curl -fsSL https://plannotator.ai/install.sh | bashWindows:
irm https://plannotator.ai/install.ps1 | iexClaude Code Plugin: Run /plugin in Claude Code, find plannotator, and click "Update now".
OpenCode: Clear cache and restart:
rm -rf ~/.bun/install/cache/@plannotatorThen in opencode.json:
{
"plugin": ["@plannotator/opencode@latest"]
}Pi: Install or update the extension:
pi install npm:@plannotator/pi-extensionWhat's Changed
- fix(server): prevent arbitrary file read via /api/image endpoint by @dor-tzur-lmnd in #164
- feat: Add auto-close countdown delay to completion overlay by @flex-yj-kim in #162
- feat: add Pi coding agent extension by @backnotprop in #168
New Contributors
- @dor-tzur-lmnd made their first contribution in #164
Full Changelog: v0.8.2...v0.8.3