sidekick
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@sidekickstore the current project status in memory"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Sidekick
Autonomous Agent Platform
A self-hosted AI agent platform with persistent memory, 96 built-in MCP tools, knowledge base, and the ability to extend itself. Runs on your remote machine, keeps explicit project context across sessions, and can grow its own capabilities—no code changes required.
How? A single AGENTS.md file that opencode reads on every session start. No plugins, no hooks — just markdown.

Note: This project was developed using its own remote execution tools — the AI assistant used Sidekick's infrastructure to help build and test the very system it runs on.
Quick Start
What you need: Node.js 22+, a remote Ubuntu/Debian machine with SSH access (VPS, home server, Raspberry Pi), Git, ~15 minutes.
# Clone the repo
git clone https://github.com/geoffmcc/sidekick.git
cd sidekick
# Copy env template and edit
copy .env.example .env
# Edit .env with your API key and settings
# Deploy to your remote machine (Windows)
.\deploy.ps1 -IP "YOUR_REMOTE_IP"
# Or deploy (Linux/Mac)
./deploy.sh -IP YOUR_REMOTE_IPFirst deploy to a fresh VM: The script will automatically:
Prompt for the initial SSH user (e.g., ubuntu, admin, root)
Prompt for the initial user's password (once)
Create the sidekick user and install Node.js 20 LTS
Configure sudo permissions for service management
Install and enable systemd services
Install your SSH key for passwordless access
Open firewall ports (if UFW is active)
Deploy the application and start services
Optional: Install full infrastructure (Docker, databases, media tools, etc.):
# SSH into your remote machine
ssh sidekick@YOUR_REMOTE_IP
# Run the setup script
sudo bash scripts/setup-tools.shThis installs PostgreSQL, Redis, Qdrant, InfluxDB, Grafana, and many other tools. See Optional Infrastructure for details.
Subsequent deploys are fully automated — no password required.
For automation/CI, specify the initial user with -InitialUser:
# Windows
.\deploy.ps1 -IP "YOUR_REMOTE_IP" -InitialUser "ubuntu"
# Linux/Mac
./deploy.sh -IP YOUR_REMOTE_IP -InitialUser ubuntuAirgap/Offline Deploy — If your remote server cannot reach GitHub (firewall, air-gapped network, etc.), use the --scp flag to sync files individually via SSH:
# Windows
.\deploy.ps1 -IP "YOUR_REMOTE_IP" -Scp
# Linux/Mac
./deploy.sh -IP YOUR_REMOTE_IP --scpThis uses the original SCP-based approach, copying files one-by-one from your local machine. No internet access required on the remote server.
Open http://YOUR_REMOTE_IP:4098/ in a browser. That's it — Sidekick is live.
Related MCP server: Universal AI Chat MCP Server
How It Works
Every time you open opencode, it automatically reads ~/.config/opencode/AGENTS.md and loads whatever instructions are in it into the AI's context. Sidekick provides the infrastructure — remote execution tools, persistent memory, and an autonomous agent — that the AI can use.
You open opencode — it reads
AGENTS.mdSidekick's tools and instructions are loaded — the AI now knows about the remote machine, the tools, and how to use them
You work — the AI can call sidekick tools to execute commands on the remote machine, store/retrieve persistent data, or you can submit tasks to the autonomous Agent Bridge via the dashboard
Session ends — but anything stored in Sidekick's KV persists for next time
Sidekick is the infrastructure. The AI (running in opencode) uses that infrastructure to help you work. Without AGENTS.md, the AI doesn't know Sidekick exists. With it, the AI has persistent remote capabilities.
Usage
Direct Tool Calls
Ask the AI to run any Sidekick tool directly:
@sidekick sidekick_knowledge action="search" query="debugging"The AI executes the tool and returns structured results:

Complex Multi-Step Tasks
For tasks that require planning, iteration, or multiple tool calls, use the @sidekick subagent:
@sidekick update the persistence roadmap to reflect what's been doneThe subagent will:
Recall the current plan from KV storage
Check recent commits to see what's shipped
Update the plan with completion status
Store the revised version

The agent can also send Discord notifications at each milestone so you can track progress without watching the terminal:

Conversational Planning
Sidekick works best as a collaborative partner. You can have back-and-forth conversations about plans, architecture, or debugging:

you: "we stored a plan. unfortunately its out of date - what do"
ai: Found it — KV key persistence_roadmap. It's a 9-step plan (structured extraction, lifecycle, conflicts, recall, prompt brief, review UI, import/export, sync, evaluation).
What's out of date? Want me to update it to reflect what's been done (steps 1-3 are largely shipped) and revise the remaining items?
you: "yes"
ai: [updates the roadmap with current status]Debugging
Sidekick can diagnose issues across the full stack — backend APIs, frontend JS, database queries, and service health — then present a structured root-cause analysis:

Dashboard
Open http://YOUR_REMOTE_IP:4098/ for:
System health monitoring
Tool usage analytics
Agent task submission and streaming
Memory inspection and management
What Makes Sidekick Different?
Most MCP servers are just tool wrappers—they give AI access to specific APIs or services. Sidekick is fundamentally different:
🧠 Persistent Memory Across Sessions
Sidekick provides durable project memory through SQLite-backed KV, context, and structured memory tables. Agents can explicitly store decisions, project facts, problems, patterns, and summaries, then retrieve them in later sessions by key, project, or context query. The Agent Bridge also records bounded, redacted structured memories for completed tasks and useful tool calls, then loads relevant remembered context before planning a new task.
📚 Knowledge Base
All documentation, best practices, and project context stored in a searchable database. The AI can query the knowledge base instead of re-reading files, saving tokens and improving accuracy.
📊 Built-in Metrics & Monitoring
Comprehensive metrics collection with Grafana dashboards:
System health (CPU, memory, disk, load)
Tool usage analytics (call counts, success rates, duration)
Service status monitoring
Database performance metrics
Docker container stats
Ollama LLM metrics
🔄 Self-Extending Capabilities
Teach Sidekick new procedures, and it can generate its own tools. The sidekick_teach tool lets you describe a workflow in natural language, and Sidekick creates the implementation. It's not just using tools—it's building them.
🤖 True Autonomous Operation
The Agent Bridge runs independently from your main AI session. Submit a complex task via the dashboard, and Sidekick will plan, execute, and iterate until it's done—without you babysitting each step.
🔒 Security-First Design
Every tool output is automatically scanned and redacted for sensitive data (API keys, tokens, passwords). The dashboard has rate limiting, CSRF protection, and audit logging. The agent bridge is isolated and only accessible through the dashboard.
🛠️ 96 Built-In Specialized Tools
Not just bash and file operations. Sidekick includes tools for:
GitHub integration (PRs, issues, releases)
Service and process management
Scheduled tasks and monitoring
Data transformation and validation
Multi-agent orchestration
Encrypted credential management
Read-only configuration and secret exposure scanning
Network diagnostics and troubleshooting
Incident response and forensics
Operational runbooks and procedures
Dependency analysis and impact assessment
Database operations (query, backup, restore, search, migrations)
Media processing (OCR, transcription, video/audio conversion)
Networking (Cloudflare tunnels, WireGuard, Nginx)
Metrics collection and visualization
Knowledge base management
And much more
The result: Sidekick isn't just a tool server—it's an autonomous platform that learns, adapts, and grows with your workflow.
Self-Debugging in Action
Sidekick used its own tools to help develop itself. Here's the AI agent debugging Sidekick from within opencode:
Testing the debug tool's store/cleanup/recall cycle:

Diagnosing its own hallucination problem with sidekick_fresheyes:

Investigating why the self-improvement tool isn't working:

What You Can Achieve
Capability | How | Why AGENTS.md Matters |
Remote code execution |
| Instructions tell the AI when and how to use it |
Persistent memory across sessions |
| AI knows which keys to store and retrieve |
Knowledge base queries |
| AI queries DB instead of re-reading files |
Metrics & monitoring | Grafana dashboards at | Real-time system health, tool usage, service status |
Autonomous multi-step tasks | Agent bridge at | AI knows to delegate complex work to the agent |
Code review | Ask the AI to review diffs using remote execution tools | Decision tree in AGENTS.md tells the AI when to use sidekick tools for review |
GitHub integration |
| AGENTS.md tells the AI to query current credential procedures |
Database operations |
| Query, backup, restore, search, migrate databases |
Media processing |
| OCR, video/audio conversion, transcription |
Networking |
| Cloudflare tunnels, VPN, reverse proxy |
Web scraping from remote |
| AI knows to use remote machine for fetching when needed |
LLM on demand | Cloud Groq for speed, local Ollama as fallback | AI knows which to use and when |
File content search |
| AI can quickly find code patterns across the codebase |
Git operations |
| AI can check status, diff, log, commit, push, pull safely |
Notifications |
| AI can alert you when tasks complete or errors occur |
Process management |
| AI can troubleshoot high CPU/memory or kill hung processes |
Service management |
| AI can restart services, check status, view logs |
Archive operations |
| AI can backup data, deploy archives, manage backups |
Scheduled tasks |
| AI can set up automated health checks, backups, monitoring |
GitHub automation |
| AI can automate PR workflows, track issues, create releases |
Webhook integration |
| AI can react to GitHub events, CI/CD pipelines, external alerts |
Persistent context |
| AI can recall past context, get suggestions, maintain continuity across sessions |
Self-extension |
| AI can grow its own capabilities without code changes |
Architecture
┌─ Local Machine (source of truth) ─────────────────────┐
│ git push → github.com/geoffmcc/sidekick │
│ ./deploy.ps1 → SSH into remote, git pull, restart │
└────────────────────────────────────────────────────────┘
│
▼
┌─ Remote Machine (YOUR_REMOTE_IP) ─────────────────────────┐
│ │
│ ┌─────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ MCP Server │ │ Dashboard │ │ Agent Bridge │ │
│ │ :4097 │ │ :4098 │ │ :4099 │ │
│ └──────┬───────┘ └──────┬───────┘ └──────┬───────┘ │
│ │ │ │ │
│ └──────────────────┼──────────────────┘ │
│ │ │
│ ┌─────────────────────────▼──────────────────────────┐ │
│ │ Data & Services Layer │ │
│ │ ┌──────────┐ ┌──────────┐ ┌──────────┐ │ │
│ │ │ SQLite │ │ Redis │ │ Qdrant │ │ │
│ │ │ (main DB)│ │ (cache) │ │ (vector) │ │ │
│ │ └──────────┘ └──────────┘ └──────────┘ │ │
│ │ ┌──────────┐ ┌──────────┐ ┌──────────┐ │ │
│ │ │InfluxDB │ │ Grafana │ │ Ollama │ │ │
│ │ │ :8086 │ │ :3000 │ │ :11434 │ │ │
│ │ └──────────┘ └──────────┘ └──────────┘ │ │
│ └────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────┘The agent bridge also supports Groq cloud API — when GROQ_API_KEY is set, it uses Groq instead of Ollama for near-instant LLM responses.
Data Layer
SQLite — Primary database for KV store, tool logs, knowledge base, and metadata
Redis — Session-scoped caching with TTL support
Qdrant — Vector database for semantic search and embeddings
InfluxDB — Time-series metrics collection (system health, tool usage, service status)
Grafana — Metrics visualization with 6 pre-built dashboards
LLM Support
Ollama (local) — Multiple models available:
qwen2.5-coder:7b— Default, optimized for code tasksllama3.1:8b— General purpose reasoningnomic-embed-text— Embedding model for semantic search
Groq (cloud) — Fast inference when
GROQ_API_KEYis set
Services & Tools
Service | Port | Description |
MCP Server | 4097 | 96 built-in tools across 19 categories (see database for authoritative current list) |
Dashboard | 4098 | Web UI: system health, activity log, KV data, agent tasks, tool catalog, metrics |
Agent Bridge | 4099 | AI agent loop — LLM plans and calls MCP tools autonomously |
Ollama | 11434 | Local LLM inference (qwen2.5-coder:7b, llama3.1:8b, nomic-embed-text) |
Redis | 6379 | Session-scoped caching with TTL |
Qdrant | 6333 | Vector database for semantic search |
InfluxDB | 8086 | Time-series metrics (system health, tool usage, service status) |
Grafana | 3000 | Metrics visualization with 6 pre-built dashboards |
All tools are exposed via the MCP server at http://YOUR_REMOTE_IP:4097/mcp.
Tool Categories
Tools are organized into 19 categories:
Core — bash, read, write, list, search, web_fetch, llm, respond
Storage — store, get, list_projects, get_by_project, redis
Database — db_schema, db_query, db_stats, db_backup, db_restore, db_export, db_search, db_migrate, db_diff, analytics
Git & GitHub — git, github
Services — process, service
Scheduling — cron, delay
Communication — notify, webhook
Context & Learning — context, teach, embed, ollama, memory_export, memory_import, memory_manage, sync_identity, sync_export, sync_import, sync_diff, knowledge
Data Pipeline — transform, parse, diff, hash, validate, template, extract, anonymize, diff_files
Monitoring — health, status, watch, baseline, snapshot, timeline, black_box, netdiag, metrics
Workflow — queue, retry, orchestrate, runbook
Meta — evolve, predict, debug_tool, fresheyes
Efficiency — batch, cache, summarize, filter, project, tail, find
Security — secret, security_scan, sandbox
Networking — tunnel, wireguard, nginx
Development — changelog, depend
Reliability — circuit
Archive — archive
Media — ocr, media, transcribe, download
Query the database for the complete tool list:
SELECT t.name, t.description, t.risk, tc.name as category
FROM tools t
LEFT JOIN tool_category_map tcm ON t.name = tcm.tool_name
LEFT JOIN tool_categories tc ON tcm.category_id = tc.id
WHERE t.enabled = 1 AND t.deprecated = 0
ORDER BY tc.sort_order, t.nameUnderstanding the Architecture
To avoid confusion, it's important to understand what each component is:
Sidekick = The autonomous agent platform: remote machine + 96 built-in MCP tools + persistent memory + knowledge base + Dashboard + Agent Bridge + metrics & monitoring + self-extending capabilities
The AI = The assistant running in opencode (e.g., qwen, Claude, etc.) that uses Sidekick's platform
Agent Bridge = Sidekick's autonomous agent that runs tasks independently via the Dashboard
Knowledge Base = Structured documentation stored in SQLite, searchable via
sidekick_knowledgeMetrics System = InfluxDB + Grafana for system health, tool usage, and service monitoring
When you call sidekick tools in opencode, you're executing commands on the remote machine. The AI makes the decisions; Sidekick provides the capabilities.
The Agent Bridge is a separate system that can run tasks autonomously, but it's not integrated into the main AI's workflow. It's accessed via the Dashboard's Agent tab or direct API calls.
The Knowledge Base replaces the need for large markdown files. Instead of re-reading AGENTS.md or CONTEXT.md, the AI queries the database for specific information, saving tokens and improving accuracy.
What Sidekick does NOT do (currently):
It does not provide multi-AI collaboration (the main AI cannot consult the Agent Bridge and get responses back)
It does not make decisions on its own (the AI in opencode makes all decisions)
It is not a separate AI entity (it's infrastructure that the AI uses)
Security
Layer | Measure |
MCP Server | Bearer token auth + IP whitelist ( |
Dashboard | HTTP Basic Auth ( |
Agent Bridge | Binds to |
Sidekick user | Sudo restricted to service management commands only (no wildcard |
Infrastructure | SSH key-only, fail2ban, UFW, unattended-upgrades, |
Data Redaction | All tool outputs automatically redact SSH keys, GitHub tokens, API keys, passwords, database URLs, etc. |
The dashboard auth and IP whitelist are disabled by default (empty env var = no restriction). Set them in .env before exposing to the internet. For shared or public-facing deployments, set SIDEKICK_TOOL_POLICY=restricted and explicitly allow only the high-risk tools your workflow needs.
⚠️ Evolve Tool Warning: The sidekick_evolve tool can automatically implement approved proposals (creating documentation files and teaching procedures). If your tool policy is open, evolve will execute these implementations without additional approval. For shared or public-facing deployments, set SIDEKICK_TOOL_POLICY=restricted to require explicit tool allowlisting before evolve can create or use tools.
Dashboard & Agent Bridge
Dashboard
Open http://YOUR_REMOTE_IP:4098/ in a browser.
System — uptime, CPU, memory, disk, LLM status, service indicators (MCP, Agent, Ollama)
Activity — live tool call log with source badges (mcp/agent/dashboard)
Data — KV store contents with project filtering, age filtering, and expandable previews
Database — schema browser, query editor, full-text search, migration management
Config — environment variables (sensitive values redacted)
Agent — submit tasks for the AI agent to execute autonomously
Approvals — review, approve, or reject queued risky actions when approval mode is enabled
Tools — browsable catalog of all 96 built-in tools with search, category filtering, policy status, risk labels, and detailed argument info
Metrics — embedded Grafana dashboards for system health, tool analytics, database performance, Docker containers, and Ollama metrics
Metrics & Monitoring
Sidekick includes comprehensive metrics collection and visualization:
Metrics Collection (runs every minute via sidekick-metrics.timer):
System health: CPU, memory, disk, load average
Tool usage: call counts, success rates, duration stats per tool
Service status: MCP, Dashboard, Agent health
Grafana Dashboards (6 pre-built):
Sidekick Overview — High-level system metrics and tool usage
Tool Analytics — Per-tool performance metrics with dynamic selectors
System Health — CPU, memory, disk usage over time
Database Performance — Query times, connection counts, cache hit ratios
Docker Containers — Container resource usage and health
Ollama — LLM request counts, response times, token usage
Access Grafana directly at http://YOUR_REMOTE_IP:3000/ using sidekick and the configured SIDEKICK_GRAFANA_ADMIN_PASSWORD.
Knowledge Base
Sidekick includes a structured knowledge base for storing and retrieving project documentation:
34 packaged self-knowledge seed entries across categories: best-practices, architecture, operations, protocols, development
Database-backed live content that can include imported, custom, or migrated entries beyond the packaged seed
Full-text search with semantic similarity
Manual import helper for migrating CONTEXT.md into structured knowledge entries
Tool:
sidekick_knowledgefor search, get, list, add, update, delete
Example queries:
# Search for debugging best practices
sidekick_knowledge action="search" query="debugging"
# List all architecture entries
sidekick_knowledge action="list" category="architecture"
# Get specific entry
sidekick_knowledge action="get" id=18Agent Bridge
The agent at :4099 takes a natural-language goal and runs an autonomous loop:
Sends goal + tool definitions to the LLM (Groq cloud or local Ollama)
LLM responds with a tool call decision
Bridge executes the tool via MCP
Feeds result back to LLM
Repeats until the task is complete
Agent API
# Start a task
curl -X POST http://YOUR_REMOTE_IP:4099/api/agent/run \
-H "Content-Type: application/json" \
-d '{"goal": "check disk usage and store the result"}'
# Stream progress (SSE)
curl http://YOUR_REMOTE_IP:4099/api/agent/stream/{taskId}
# View history
curl http://YOUR_REMOTE_IP:4099/api/agent/historySetting Up AGENTS.md
This is the most important step. Without this file, Sidekick is just a tool server. With it, Sidekick's tools and instructions are loaded into every opencode session.
Sidekick uses a knowledge-base-first architecture. Instead of storing all documentation in large markdown files, AGENTS.md points to the knowledge base where all information is stored.
The AGENTS.md file includes:
Connection info (IP, ports, SSH)
Knowledge base query examples
Tool query examples (SQL to list tools from database)
Basic usage instructions
opencode reads this file automatically on every session start. No plugins, no hooks, no manual loading — just a markdown file in the right place.
For the full AGENTS.md template, see AGENTS.md in this repo.
Knowledge Base Categories
The knowledge base includes entries in these categories:
best-practices — Interaction policies, debugging, tool selection, token efficiency
architecture — Services, DB-first architecture, monitoring, tooling
operations — Deployment, configuration, security, troubleshooting
protocols — Context recall and other protocols
Query the knowledge base:
# List all categories
sidekick_knowledge action="list"
# Search for specific topics
sidekick_knowledge action="search" query="deployment"
# Get entries by category
sidekick_knowledge action="list" category="best-practices"Daily Workflow
# 1. Edit code in src/
# 2. Commit and push
git add -A
git commit -m "what you changed"
git push
# 3. Deploy (Windows)
.\deploy.ps1 -IP "YOUR_REMOTE_IP"
# Or deploy (Linux/Mac)
./deploy.sh YOUR_REMOTE_IPOr SSH directly to pull:
ssh sidekick@YOUR_REMOTE_IP
cd /home/sidekick/sidekick
git pull
sudo systemctl restart sidekick-mcp sidekick-dashboard sidekick-agentOptional Infrastructure
Sidekick can be extended with additional services for enhanced capabilities:
Database Services
PostgreSQL (optional, alongside SQLite):
sudo systemctl start sidekick-postgresFull SQL database for complex queries and relational data
Accessible via
sidekick_db_querywithdatabase="postgres"
Redis (session caching):
sudo systemctl start sidekick-redisSession-scoped caching with TTL
Automatic fallback to in-memory cache if unavailable
Qdrant (vector database):
sudo systemctl start sidekick-qdrantSemantic search for
sidekick_contexttoolEmbedding-based similarity search
Metrics & Monitoring
InfluxDB (time-series database):
sudo systemctl start sidekick-influxdbStores system metrics, tool usage, service status
Metrics collected every minute via
sidekick-metrics.timer
Grafana (visualization):
sudo systemctl start sidekick-grafana6 pre-built dashboards
Accessible at
http://YOUR_REMOTE_IP:3000/usingsidekickand the configuredSIDEKICK_GRAFANA_ADMIN_PASSWORDEmbedded in Dashboard's Metrics tab through the authenticated dashboard Grafana proxy
Install All Services
Run the setup script to install the full tool stack:
sudo bash scripts/setup-tools.shThis installs:
Docker and Docker Compose
PostgreSQL, Redis, Qdrant, InfluxDB, Grafana
Media tools (ffmpeg, ImageMagick, Tesseract OCR)
Development tools (Go, Python packages)
Networking tools (Cloudflare tunnels, WireGuard, Nginx)
And more...
Configuration
To change environment variables (ports, API keys, max iterations, etc.):
# 1. Edit .env locally
notepad .env
# 2. Deploy (syncs .env to remote and restarts services)
.\deploy.ps1 -IP "YOUR_REMOTE_IP"The deploy script automatically syncs .env to the remote machine if it exists locally. No SSH required for config changes.
Deploy Script Options
Option | Description |
| Remote machine IP address (default: |
| Initial SSH user for bootstrap (e.g., ubuntu, admin, root) |
First deploy: The script prompts for the initial SSH user if not provided, then prompts for their password once. It then bootstraps the VM (creates sidekick user, installs Node.js, configures sudoers, installs services, installs SSH key, and opens firewall ports). After that, deploys are fully automated with no password required.
Automation/CI: Specify the initial user with -InitialUser to skip the interactive prompt:
# Windows
.\deploy.ps1 -IP "192.168.1.10" -InitialUser "ubuntu"
# Linux/Mac
./deploy.sh -IP 192.168.1.10 -InitialUser ubuntuSecurity Model
The deploy script follows a two-phase security approach:
First deploy (password required): The script SSHs as the initial user (ubuntu/admin/root) and bootstraps the VM using SSH ControlMaster for connection multiplexing. This creates the sidekick user, installs Node.js, configures sudoers, installs systemd services, installs your SSH key, and opens firewall ports. All privileged operations require the initial user's password (prompted once via SSH ControlMaster).
Subsequent deploys (no password): The script SSHs as the sidekick user using SSH key authentication. Only minimal sudo permissions are used for service management (start/stop/restart/status) and log viewing. The sudoers file restricts the sidekick user to only these specific commands:
systemctl start/stop/restart/status sidekick-*journalctl -u sidekick-*ufw allow 4097/4098/4099
This follows the principle of least privilege: after initial setup, the sidekick user cannot reload systemd, enable/disable services, or modify the system in any way beyond managing the Sidekick services.
Variable | Default | Description |
| — | API key for MCP server auth |
| — | Comma-separated IP whitelist for MCP server (empty = allow all) |
| 4097 | MCP server port |
| 4098 | Dashboard port |
| 4099 | Agent bridge port |
| — | Dashboard basic auth username (empty = disabled) |
| — | Dashboard basic auth password (empty = disabled) |
|
| Data directory for logs, KV, conversations |
|
| Tool policy mode: |
| — | Comma-separated global blocklist of tool names or risk selectors |
| — | Comma-separated global allowlist of tool names or risk selectors |
| — | Source-specific tool policy override for the Agent Bridge |
| — | Source-specific tool policy override for MCP clients |
| — | Source-specific tool policy override for dashboard-originated calls |
|
| Optional dashboard approval mode: |
|
| Maximum age of a pending approval; approval payloads require |
| — | Comma-separated tools or risk selectors that always require approval |
| — | Comma-separated tools or risk selectors exempt from approval |
|
| Ollama API URL (local fallback) |
|
| Default Ollama model |
| — | Groq API key for cloud LLM (empty = use local Ollama) |
|
| Groq model name |
|
| Max agent loop iterations (safety limit) |
|
| Enable bounded automatic memory summaries |
|
| Max retained automatic memory entries |
|
| Enable semantic memory embeddings when Ollama/Qdrant are available |
|
| Ollama embedding model for semantic memory recall |
|
| Ollama URL used by memory embedding helpers |
| auto-detected, preferring | Ollama model used by the Agent Bridge |
|
| HTTPS endpoint used to verify outbound DNS and TLS connectivity |
|
| PostgreSQL connection string |
|
| Redis connection string |
|
| Qdrant vector DB URL |
|
| InfluxDB URL |
| — | InfluxDB authentication token; required for metrics and Grafana provisioning |
| — | Required when starting the bundled PostgreSQL container via |
| — | Required when starting the bundled InfluxDB container via |
| — | Required when starting the bundled Grafana container via |
|
| InfluxDB organization |
|
| InfluxDB bucket for metrics |
Project Structure
├── src/
│ ├── tools.js Shared tool handlers (96 built-in tools)
│ ├── memory.js Automatic memory capture and recall helpers
│ ├── index.js MCP server (session-aware transport management)
│ ├── dashboard.js Dashboard web UI (9 tabs including Memory, Database, and Metrics)
│ ├── agent.js Agent bridge (LLM tool-use loop, direct tool calls)
│ ├── redact.js Sensitive data redaction
│ ├── db.js SQLite database layer
│ ├── pg.js PostgreSQL support
│ ├── redis.js Redis client for caching
│ ├── qdrant.js Qdrant vector DB client for semantic search
│ └── crypto-utils.js Timing-safe comparison helpers
├── scripts/
│ ├── bootstrap.sh VM bootstrap script (creates user, installs Node.js, etc.)
│ ├── setup-tools.sh Server tooling setup (Docker, databases, media tools, etc.)
│ ├── collect-metrics.js Metrics collection script (runs via cron)
│ └── parse-context.js Migrate CONTEXT.md to knowledge base
├── systemd/
│ ├── sidekick-mcp.service MCP server systemd unit
│ ├── sidekick-dashboard.service Dashboard systemd unit
│ ├── sidekick-agent.service Agent bridge systemd unit
│ ├── sidekick-postgres.service PostgreSQL Docker wrapper
│ ├── sidekick-redis.service Redis Docker wrapper
│ ├── sidekick-qdrant.service Qdrant Docker wrapper
│ ├── sidekick-influxdb.service InfluxDB Docker wrapper
│ ├── sidekick-grafana.service Grafana Docker wrapper
│ └── sidekick-sudoers Sudoers config for sidekick user
├── docker/
│ └── docker-compose.yml Docker services (Postgres, Redis, Qdrant, InfluxDB, Grafana)
├── grafana/
│ ├── provisioning/ Grafana auto-provisioning configs
│ └── dashboards/ 6 pre-built Grafana dashboards
├── migrations/
│ ├── 001_initial_schema.sql Initial database schema
│ ├── 002_tool_registry.sql Tool registry and knowledge base tables
│ ├── 003_structured_memory.sql Structured memory table
│ ├── 004_memory_lifecycle.sql Memory confirmation and decay support
│ ├── 005_sync_support.sql Cross-machine memory sync metadata
│ └── 006_memory_deferred.sql Memory state, confirmation, delete/expire fields
├── data/ Runtime data (on remote: logs, KV, conversations, metrics)
├── deploy.ps1 Deploy script (Windows)
├── deploy.sh Deploy script (Linux/Mac)
├── .env.example Environment variable template
├── AGENTS.md Agent bootstrap instructions (points to knowledge base)
└── opencode.json opencode MCP server configTroubleshooting
Deploy script fails with "SSH key not found": The script will automatically generate an SSH key if one doesn't exist at ~/.ssh/sidekick.
Deploy script fails with SSH connection error: On first deploy, you'll need to install the SSH key. The script will prompt you for the sidekick password automatically.
Deploy script fails with "sudoers setup failed": Ensure the sidekick user exists on the remote machine and has sudo access. The script will prompt for the password to configure passwordless sudo for service management.
MCP connection issues: If you see "Server not initialized" errors, restart the MCP service:
sudo systemctl restart sidekick-mcpDashboard won't load: Check that the dashboard service is running:
sudo systemctl status sidekick-dashboardServices not starting: Check the logs:
sudo journalctl -u sidekick-mcp -n 50
sudo journalctl -u sidekick-dashboard -n 50
sudo journalctl -u sidekick-agent -n 50Get Started
Clone the repo
Copy
.env.example→.envand fill in your valuesRun
.\deploy.ps1 -IP "YOUR_REMOTE_IP"(Windows) or./deploy.sh YOUR_REMOTE_IP(Linux/Mac)Enter the sidekick password when prompted (first deploy only)
Open
http://YOUR_REMOTE_IP:4098/and explore your new autonomous agent platform
That's it. Sidekick is live.
License: MIT · See LICENSE for details.
Contributing: PRs welcome.
Issues: Open one if you find a bug or have a feature request.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/geoffmcc/sidekick'
If you have feedback or need assistance with the MCP directory API, please join our Discord server