Everything that shipped. In reverse chronological order.

Bitcoin Lightning payments via self-hosted BTCPay Server.

→ Annual billing via Lightning Network — pay once yearly, no subscription required

→ Self-hosted BTCPay Server integration — no third-party payment processor in the Lightning flow

→ New /btcpay checkout page for Lightning payments

→ Invoice lifecycle handled end-to-end: settled invoices activate the subscription period automatically

Billing cron hardening and CI runner maintenance.

→ Billing cron now stamps the close time on 14-day refund windows — eligible refunds no longer stay open indefinitely

→ Daily Docker prune job added to the CI runner — prevents disk exhaustion from accumulated build layers

Refund token security hardening.

→ Refund tokens now use HMAC-SHA256 key derivation — tokens are unforgeable without the server secret

→ Replaces the prior UUID-based tokens which offered no cryptographic binding to the account

Database performance and page-level UX audits.

→ SQL indices added to the peers table — peer lookups and teardown queries are significantly faster under load

→ Signup UX audit: flow-level issues resolved for plan selection, error states, and mobile layout

→ Login and dashboard pages audited: session handling clarity, error messaging, and empty-state copy improved

→ Tokens and settings pages audited: copy-to-clipboard reliability, revocation confirmations, and accessibility labels fixed

PSK rotation fix, fingerprint path fix, updater correctness.

→ PSK rotation bug fixed: onion relay-B was silently dropping data after PSK handoff — connections now survive rotation end-to-end

→ Fingerprint UUID path corrected — agent no longer generates a new identity on every restart

→ Auto-updater: HTTP 404 on the update manifest now handled gracefully instead of crashing the update loop

→ Auto-updater: temp file cleanup runs unconditionally after each update attempt

→ Auto-updater: re-exec via argv[0] restored — the updated binary replaces the running process correctly

Frontend fixes: signup UX, real-time latency, conversion.

→ Signup: tier selection now works correctly when switching plans mid-flow

→ Real-time relay latency displayed on the signup page alongside each region

→ 5 high-impact conversion issues fixed across pricing, docs, signup, and dashboard pages

→ Keyboard navigation and focus management improved across all interactive forms

AI discovery signals: OpenAPI spec, llms.txt, JSON-LD.

→ API reference page with 27 endpoints — full OpenAPI 3.0 spec at /api/openapi.json

→ /llms.txt and /llms-full.txt — machine-readable summaries for AI crawlers

→ JSON-LD SoftwareApplication schema on the homepage for structured search results

→ sitemap.xml wired; robots.txt allows all AI crawlers

Docker Desktop support (macOS & Windows).

→ Agent runs inside Docker Desktop's Linux VM (LinuxKit on macOS, WSL2 on Windows)

→ WireGuard present in the VM kernel — public IPs work end-to-end; no host-side firewall changes needed

→ Dedicated install section with docker run command — no systemd required

→ Auto-restart on Desktop reboot via --restart unless-stopped

Billing teardown: disputes immediately revoke peer access.

→ CUSTOMER.DISPUTE.CREATED webhook now triggers immediate peer teardown and token revocation

→ Containers fall back to the Docker host's default network within seconds of a dispute opening

→ Teardown event written to the billing audit log for reconciliation

→ Transactional email sent to account on dispute open with next-steps and resolution path

Docker network plugin ships alongside the agent.

→ ghcr.io/sidecar-network/plugin now published — alternative to the agent for the same labeling flow

→ No daemon required: plugin runs as a docker run container, same label sidecar.enable=true

→ Plugin and agent share the same release pipeline and are cosign-signed together

→ Install instructions added to the docs; ODoH proxy IPv6 bind address fixed (v1.6.1)

Install self-test: connectivity verified before the installer exits.

→ install.sh runs a post-install connectivity self-test — confirms the agent can reach a relay

→ Self-test failure prints a clear diagnostic and exits non-zero; no silent broken installs

→ Auto-update chain fully wired: update.json, release artifacts, and nginx /releases/ location fixed end-to-end

→ releases/current symlink always points to the latest pinned release

HTB shaping on restart + version error clarity.

→ Per-peer HTB bandwidth shaping is now re-applied on relay restart — existing peers no longer lose their rate class

→ WireGuard port-ceiling Prometheus gauge exposed for capacity planning

→ Relays embed have/need versions in the 426 response body: "agent is outdated (have: X, need: Y). Update: …"

→ Agent parses the 426 body and surfaces a structured log event — visible in journalctl without raw HTTP traces

Auto-update, plugin CI, min-version enforcement.

→ Auto-updater: agent checks for new releases every 6 hours via systemd timer

→ Plugin CI: Docker network plugin now ships in the same release pipeline as the agent

→ Min-version enforcement: relays reject agents below the minimum supported version

→ Installer v2: curl -fsSL https://sidecar.network/install | sh now deploys the full auto-updating stack

Privilege reduction, IPv6 DNS DNAT, stale-interface fix.

→ v1.1: dropped NET_RAW capability; agent no longer requires unnecessary privileges

→ v1.1: IPv6 DNS DNAT — containers receive working DNS over the WireGuard interface

→ v1.1: AUP enforcement integrated into provisioning flow

→ v1.0.3: fixed "link set netns pid: file exists" on container re-add (stale wg interface cleanup)

→ v1.0.2: agent now runs as root so NET_ADMIN/SYS_ADMIN capabilities take effect on scratch image

→ v1.0.1: fixed garble GOGARBLE scope and machine fingerprint pepper injection

GA Sidecar Network is generally available.

→ 5 regions live · US-East · US-West · CA-East · EU-West · EU-Central

→ Free plan + paid plans from $4.99/mo

→ Unlimited bandwidth on all tiers — no GB caps, no data overage charges

→ Post-quantum encryption on all connections — non-PQ connections rejected

→ Docker plugin — one label, no --privileged · ~5s container provisioning

→ Enhanced connection security · enhanced connection authentication

→ Privacy-preserving billing · mathematical payment unlinkability

→ Accurate usage metering · per-container billing

→ Traffic analysis resistance on all connections

→ Intrusion detection, threat blocking, and encrypted audit logs deployed across all regions

RAM-only DB hardening.

→ RAM-only database, zero disk persistence

→ Backup replicas encrypted end-to-end before leaving the host

→ /canary endpoint serves PGP-signed warrant canary

Post-quantum encryption is mandatory.

→ Post-quantum hybrid encryption enforced on all connections

→ Provides protection against both classical and quantum adversaries

→ Connections without post-quantum negotiation rejected

Threat detection and enforcement stack.

→ Real-time traffic inspection — blocks known C2 frameworks including CobaltStrike, Sliver, Havoc, Metasploit

→ Port scan detection and egress filtering

→ Per-container network enforcement — containers cannot escape their assigned tunnel

Per-container isolation.

→ Per-container isolation — each container gets a fully isolated network environment

→ Containers can only send traffic from their own assigned address